WavePod Logo

wavePod

← Back to Cyber Security Headlines
Podcast cover

Microsoft & Google lead zero day exploits, Plague Linux malware maintains SSH access, panel to create US Cyber Force

Cyber Security Headlines

Published: Tue Aug 05 2025

Microsoft and Google among most affected as zero day exploits jump 46% Vietnamese hackers use PXA Stealer, hit 4,000 IPs and steal 200,000 passwords globally New Plague Linux malware stealthily maintains SSH access Huge thanks to our sponsor,...

Summary

Detailed Summary of “Cyber Security Headlines” Episode

Podcast Title: Cyber Security Headlines
Host/Author: CISO Series
Release Date: August 5, 2025
Episode Topics:

  • Microsoft & Google lead zero-day exploits
  • Plague Linux malware maintains SSH access
  • Panel to create US Cyber Force

Introduction

From the CISO Series, it's Cybersecurity Headlines. (00:00)

Sarah Lane, the host, opens the episode by presenting the latest cybersecurity news and developments, focusing on significant threats, vulnerabilities, and strategic initiatives affecting the information security landscape.

Zero-Day Exploits Surge: Microsoft & Google at the Forefront

Key Points:

  • Zero-day attacks increased by 46% in the first half of 2025.
  • Microsoft and Google are the most targeted products.
  • Ransomware attacks rose by 36%, targeting unconventional devices such as IP cameras and BSD servers to bypass defenses and facilitate lateral movement within networks.
  • Of 137 tracked threat actors, 40% are state-sponsored, with Iranian-aligned hacktivists targeting critical Operational Technology (OT) infrastructure.

Notable Quote: “Zero-day attacks have surged dramatically, and our top targets are the giants like Microsoft and Google,” Sarah Lane explains. (00:20)

Discussion: Sarah elaborates on the implications of this surge, emphasizing the vulnerability of widely-used platforms and the sophisticated methods employed by attackers to exploit these zero-days. The rise in ransomware targeting unconventional devices underscores a shift in attacker strategies to exploit less guarded entry points within networks.

PXA Stealer: Vietnamese Hackers Launch Global Malware Campaign

Key Points:

  • Vietnamese threat actors are behind the PXA Stealer campaign.
  • Over 4,000 IPs across 62 countries have been compromised.
  • More than 200,000 passwords have been stolen.
  • Targets include browsers, crypto wallets, VPN clients, Discord, and other applications.
  • Data exfiltration occurs via Telegram to underground markets.
  • The latest malware variant uses DLL sideloading and decoy files for evasion.

Notable Quote: “The PXA Stealer has evolved to be more evasive and multi-staged, making detection incredibly challenging,” Sarah notes. (02:45)

Discussion: The host discusses the technical advancements in the PXA Stealer malware, highlighting its multi-layered approach to avoid detection. By targeting a broad range of applications and leveraging legitimate platforms like Telegram for data exfiltration, the attackers have created a robust and difficult-to-trace operation.

Plague Linux Malware: Stealthy SSH Access Maintained

Key Points:

  • Discovery of Plague, a Linux backdoor maintaining persistent SSH access.
  • Embeds as a malicious Pluggable Authentication Module (PAM).
  • Utilizes layered obfuscation, anti-debugging, hard-coded passwords, and environment scrubbing.
  • Samples uploaded to VirusTotal remain undetected.
  • Discovered by Nextron Systems.

Notable Quote: “Plague’s ability to erase forensic traces makes it a formidable threat in maintaining unauthorized access,” Sarah comments. (04:30)

Discussion: Sarah delves into the sophisticated techniques employed by the Plague malware to maintain access and evade detection. The use of a malicious PAM and advanced obfuscation techniques highlights the increasing complexity of Linux-targeted threats.

Nvidia Triton Vulnerabilities: Risks to AI Servers

Key Points:

  • Critical vulnerabilities found in Nvidia’s Triton inference server.
  • Potential for unauthenticated remote code execution and full AI server control.
  • Affects both Windows and Linux deployments.
  • Issues stem from the Python backend, including out-of-bounds rights and memory limit bypasses.
  • Nvidia has patched the vulnerabilities in version 25.07.
  • No known exploitation in the wild yet.

Notable Quote: “While the vulnerabilities are severe, timely patches have mitigated immediate risks, but vigilance is essential,” Sarah advises. (05:50)

Discussion: The conversation focuses on the implications of these vulnerabilities for AI infrastructure. Sarah emphasizes the importance of applying patches promptly and monitoring systems for any unusual activity to prevent potential exploitation.

Northwest Radiologists Data Breach

Key Points:

  • Data breach at Northwest Radiologists exposed personal information of 348,118 Washington residents.
  • Unauthorized access occurred between January 20th and 25th.
  • Compromised data includes names, Social Security numbers, medical details, and more.
  • Indications point towards a ransomware attack, though not confirmed.
  • Law enforcement notified; security upgrades implemented.
  • Affected individuals are offered free credit and ID monitoring.
  • No threat actor has claimed responsibility.

Notable Quote: “This breach underscores the critical need for robust data protection measures in healthcare,” Sarah emphasizes. (06:45)

Discussion: Sarah discusses the fallout from the breach, including potential long-term impacts on affected individuals and the healthcare provider. The possible ransomware angle highlights ongoing trends in targeting sensitive sectors like healthcare.

Formation of the US Cyber Force Panel

Key Points:

  • A new 17-member panel, the Commission on Cyber Force Generation, has been established.
  • Aims to design a roadmap for creating a separate US Cyber Force as a distinct military branch.
  • Backed by CSIS and the Cyberspace Solarium Commission 2.0.
  • Includes former top Pentagon officials and cyber commanders.
  • Recommendations expected before the 2026 National Defense Authorization Act.

Notable Quote: “Establishing a dedicated Cyber Force is a strategic move to enhance national security in an increasingly digital battlefield,” Sarah states. (07:30)

Discussion: The host outlines the objectives of the panel and its significance in the broader context of national defense. The creation of a specialized Cyber Force is portrayed as a necessary evolution in military strategy to address emerging cyber threats effectively.

Ghost in the Zip: Expanding Ecosystem Behind PXA Stealer

Key Points:

  • Sentinel Labs and Beasley Security track the Ghost in the Zip campaign.
  • Utilizes PXA Stealer malware to steal data from victims in over 60 countries.
  • Delivered via archived files disguised as PNG or PDF documents.
  • Leverages legitimate apps like HiHi, soft PDF readers, and older Microsoft Word versions for sideloading.
  • Exfiltrates data, including passwords, cookies, and crypto wallet information, through Telegram and Cloudflare workers.
  • Data resold via Telegram-based cybercriminal marketplaces.

Notable Quote: “Ghost in the Zip represents a highly organized cybercrime ecosystem, facilitating widespread data theft and resale,” Sarah explains. (08:00)

Discussion: Sarah highlights the intricate mechanisms of the Ghost in the Zip campaign, emphasizing the use of legitimate applications for malware delivery and the sophisticated channels for data exfiltration and resale. This underscores the globalization and professionalism of modern cybercriminal operations.

Mozilla Alerts: Phishing Campaign Targeting Firefox Add-ons

Key Points:

  • Mozilla warns add-on developers of a phishing campaign impersonating official Mozilla communications.
  • Attackers trick developers into clicking fake account update links.
  • The goal is to hijack trusted developer accounts to distribute malicious extensions.
  • Over 40 malicious add-ons identified, some posing as legitimate tools from brands like Coinbase and Metamask.
  • Targets crypto users by stealing wallet credentials and seed phrases.

Notable Quote: “Phishing attacks are becoming more targeted, with attackers leveraging trusted identities to distribute malicious software,” Sarah warns. (08:45)

Discussion: The discussion revolves around the evolving tactics of phishing campaigns, particularly how attackers exploit trusted developer relationships to introduce malicious extensions. The focus on crypto users highlights the lucrative targets within the cybersecurity threat landscape.

Ohio Implements New Cybersecurity Rules for Local Governments

Key Points:

  • Ohio enacts cybersecurity regulations requiring local governments to implement formal policies.
  • Mandates public approval for any ransomware payments.
  • Part of the state’s budget, responding to recent cyber attacks on municipalities like Cleveland.
  • Aims to increase transparency and improve defenses against sophisticated cyber attacks.
  • Focus on safeguarding constituent data and local infrastructure.

Notable Quote: “By enforcing public approval for ransomware payments, Ohio is setting a precedent for transparency and responsible cyber incident responses,” Sarah notes. (09:30)

Discussion: Sarah examines the significance of Ohio’s new regulations, discussing how public oversight and formal policies can deter ransomware payments and enhance overall cybersecurity posture within local governments. The legislation is seen as a proactive measure to protect vital community services and data.

Embracing AI: Balancing Security and Utility

Key Points:

  • Organizations are increasingly adopting AI tools.
  • Security teams face the challenge of securing these new tools while leveraging them.
  • The balance between using AI for defensive measures and defending against AI-powered threats is delicate.

Notable Quote: “The integration of AI presents both opportunities and challenges for cybersecurity professionals,” Sarah reflects. (10:15)

Discussion: The episode concludes with a discussion on the dual role of AI in cybersecurity. While AI can enhance defensive capabilities, it also introduces new vulnerabilities and complexities. Sarah hints at exploring this topic further in an upcoming episode titled “They Can’t Hack All Our Tools If We Keep Buying New Ones.”

Conclusion

Sarah invites listeners to share their thoughts and feedback via email, emphasizing community engagement and continuous learning in the cybersecurity field. She signs off by mentioning that full-stream stories behind the headlines are available on the CISO Series website. (08:04)

Key Takeaways

  • Zero-Day Exploits: Significant increase with major targets being Microsoft and Google.
  • Malware Evolution: PXA Stealer and Plague Linux malware demonstrate advanced evasion techniques.
  • Vulnerabilities in AI Infrastructure: Critical patches by Nvidia highlight the importance of timely security updates.
  • Cybersecurity Regulations: Ohio’s new rules set a benchmark for local government cybersecurity policies.
  • AI in Security: Balancing the benefits and risks of adopting AI tools remains a critical challenge for security teams.

For more in-depth stories and updates, visit CISOseries.com.

No transcript available.