Cyber Security Headlines – Episode Summary

Podcast: Cyber Security Headlines
Host: Steve Prentiss
Episode: Palo Alto VPN attacks, NATO cyberdefense exercise, Chinese exploit React2Shell
Date: December 8, 2025

Episode Overview

This episode covers the latest and most pressing topics in cybersecurity, focusing on a new wave of VPN-based attacks targeting Palo Alto’s Global Protect portals, NATO’s largest-ever cyber defense drill, exploits by Chinese threat actors targeting a critical open-source vulnerability ("React2Shell"), and several notable cyber incidents. The discussion also examines strategic security leadership choices and emerging scam tactics. Host Steve Prentiss delivers concise, rapid-fire analysis suitable for security professionals and IT decision-makers.

Key Topics and Insights

1. Surge in VPN Attacks Targeting Palo Alto Portals

[00:06 – 00:59]

Details:
A significant brute-force campaign began on December 2, targeting Palo Alto Global Protect Portals from over 7,000 IP addresses, traced to the German hosting provider 3xk.
Tactics Observed:
The attackers are pivoting to scan SonicWall API endpoints after brute-forcing, indicating a multi-pronged approach.
Impact:
Palo Alto’s Global Protect VPN is widely used by enterprises and governments, raising industry concern.
Quote:
"The activity has taken the form of brute force and login attempts pivoting to scanning Sonicwall API endpoints,"
— Steve Prentiss [00:23]

2. NATO’s Record-Breaking Cyber Defense Exercise

[00:59 – 01:58]

Event:
NATO’s Cyber Coalition exercise involved 1,300 participants from 29 allies and 7 partner nations.
Objectives:
Simulated defense against attacks on critical infrastructure: power plants, satellites, fuel depots, and military networks.
Execution:
Most participants joined remotely ("from their own desks"), reflecting modern distributed operations.
Leadership:
Directed by U.S. Navy Commander Brian Kaplan.
Significance:
Demonstrates unprecedented international cyber cooperation and preparedness for complex attacks.

3. Chinese State Actors Exploit “React2Shell” Vulnerability

[01:58 – 02:55]

Incident:
React2Shell (severity 10/10 CVSS) in a popular open-source tool is being actively exploited.
Actors:
State-sponsored Chinese hackers operationalized public exploits rapidly.
Attribution Challenges:
Use of anonymization infrastructure by Chinese threat groups complicates attribution.
Quote:
"The speed at which the Chinese groups were able to operationalize public proof of concept exploits underscores a critical reality of how quickly sophisticated threat actors can weaponize them."
— Steve Prentiss [02:38]
Context:
Vulnerability added to CISA’s Known Exploited Vulnerabilities (KEV) catalog.

4. UK NHS Bart's Health Data Breach via Oracle Zero-Day

[02:55 – 03:25]

Details:
CLOP ransomware actors stole invoice data from London’s Bart’s Health NHS, exploiting a zero-day in Oracle’s E-Business Suite.
Data Compromised:
Names, addresses, payment info, and supplier data; data for a neighboring trust also involved.
Timeline:
Breach occurred in August but was discovered in November.
Mitigation:
Clinical systems unaffected; patients advised to review invoices for suspicious activity.
Quote:
"Although the theft occurred in August, BARTS only became aware in November."
— Steve Prentiss [03:16]

5. Rise in Virtual Kidnapping Scams

[04:07 – 04:52]

Threat:
Scammers are faking kidnappings, using altered social media images and AI-generated videos for extortion.
FBI Alert:
The tactics include manipulating genuine missing persons alerts and targeting ordinary individuals in “emergency scams.”
Quote:
"Some of the threat actors use AI to alter photos into short videos, threatening violence if payment is not forthcoming."
— Steve Prentiss [04:36]

6. Inotiv Pharmaceuticals Ransomware Breach Update

[04:52 – 05:15]

Update:
Inotiv confirms ransomware data theft affecting employees, their families, and others associated with acquired firms.
Transparency Gaps:
Details on the specific data and attackers remain undisclosed.

7. Porsche Outage in Russia Leaves Cars Inoperable

[05:15 – 06:10]

Incident:
Factory-installed satellite security (VTS) failed, causing engine shutdowns and car locks across hundreds of vehicles.
User Response:
Workarounds involve rebooting/disconnecting batteries; some models more affected (LE).
Implications:
Highlights risks of IoT and remote connectivity in critical consumer products.

8. Choosing the Right CISO: Engineering vs. Holistic

[06:10 – 07:31]

Industry Insight:
Global demand for CISOs is up, especially in AI, crypto, and finance sectors.
Key Message:
Organizations must wisely choose between an engineering-focused CISO (technical, prevention-oriented) and a holistic CISO (systemic, resilient, people/process-aware).
Quote:
"Choosing an engineering-focused CISO over a holistic CISO can be risky... A holistic CISO, by contrast, understands security as a broader system involving people, process and technology, and designs for resilience, not just prevention."
— Steve Prentiss paraphrasing David Schwed [06:32]
Resource:
Link to the Dark Reading article by David Schwed provided in show notes.

Notable Quotes & Moments

On rapid threat actor adaptation:
"The speed at which the Chinese groups were able to operationalize public proof of concept exploits underscores a critical reality..."
— Steve Prentiss [02:38]
On technical vs. holistic CISOs:
"...an engineering-focused CISO... can build clean architecture and preventative controls. But this approach often just moves the risk."
— Steve Prentiss paraphrasing David Schwed [06:22]
On the emotional impact of virtual kidnapping scams:
"...a new and rather heinous twist on cyber extortion is the virtual kidnapping scam..."
— Steve Prentiss [04:08]

Timestamps for Key Segments

Palo Alto VPN Campaign: [00:06–00:59]
NATO Exercise: [00:59–01:58]
React2Shell/Chinese Exploits: [01:58–02:55]
NHS Bart's Health Breach: [02:55–03:25]
Virtual Kidnapping Scams: [04:07–04:52]
Inotiv Data Breach: [04:52–05:15]
Porsche Security System Outage: [05:15–06:10]
CISO Hiring and Strategy Advice: [06:10–07:31]

Episode Tone & Style

Steve Prentiss delivers updates with clarity and urgency, providing actionable intelligence for the cybersecurity community. The language is professional, concise, and sometimes peppered with industry jargon, but always makes practical implications clear.

For more details or to dive deeper on any story, visit CISOseries.com.

Cyber Security Headlines – Episode Summary

Podcast: Cyber Security Headlines
Host: Steve Prentiss
Episode: Palo Alto VPN attacks, NATO cyberdefense exercise, Chinese exploit React2Shell
Date: December 8, 2025

Episode Overview

Key Topics and Insights

1. Surge in VPN Attacks Targeting Palo Alto Portals

[00:06 – 00:59]

Details:
A significant brute-force campaign began on December 2, targeting Palo Alto Global Protect Portals from over 7,000 IP addresses, traced to the German hosting provider 3xk.
Tactics Observed:
The attackers are pivoting to scan SonicWall API endpoints after brute-forcing, indicating a multi-pronged approach.
Impact:
Palo Alto’s Global Protect VPN is widely used by enterprises and governments, raising industry concern.
Quote:
"The activity has taken the form of brute force and login attempts pivoting to scanning Sonicwall API endpoints,"
— Steve Prentiss [00:23]

2. NATO’s Record-Breaking Cyber Defense Exercise

[00:59 – 01:58]

Event:
NATO’s Cyber Coalition exercise involved 1,300 participants from 29 allies and 7 partner nations.
Objectives:
Simulated defense against attacks on critical infrastructure: power plants, satellites, fuel depots, and military networks.
Execution:
Most participants joined remotely ("from their own desks"), reflecting modern distributed operations.
Leadership:
Directed by U.S. Navy Commander Brian Kaplan.
Significance:
Demonstrates unprecedented international cyber cooperation and preparedness for complex attacks.

3. Chinese State Actors Exploit “React2Shell” Vulnerability

[01:58 – 02:55]

Incident:
React2Shell (severity 10/10 CVSS) in a popular open-source tool is being actively exploited.
Actors:
State-sponsored Chinese hackers operationalized public exploits rapidly.
Attribution Challenges:
Use of anonymization infrastructure by Chinese threat groups complicates attribution.
Quote:
"The speed at which the Chinese groups were able to operationalize public proof of concept exploits underscores a critical reality of how quickly sophisticated threat actors can weaponize them."
— Steve Prentiss [02:38]
Context:
Vulnerability added to CISA’s Known Exploited Vulnerabilities (KEV) catalog.

4. UK NHS Bart's Health Data Breach via Oracle Zero-Day

[02:55 – 03:25]

Details:
CLOP ransomware actors stole invoice data from London’s Bart’s Health NHS, exploiting a zero-day in Oracle’s E-Business Suite.
Data Compromised:
Names, addresses, payment info, and supplier data; data for a neighboring trust also involved.
Timeline:
Breach occurred in August but was discovered in November.
Mitigation:
Clinical systems unaffected; patients advised to review invoices for suspicious activity.
Quote:
"Although the theft occurred in August, BARTS only became aware in November."
— Steve Prentiss [03:16]

5. Rise in Virtual Kidnapping Scams

[04:07 – 04:52]

Threat:
Scammers are faking kidnappings, using altered social media images and AI-generated videos for extortion.
FBI Alert:
The tactics include manipulating genuine missing persons alerts and targeting ordinary individuals in “emergency scams.”
Quote:
"Some of the threat actors use AI to alter photos into short videos, threatening violence if payment is not forthcoming."
— Steve Prentiss [04:36]

6. Inotiv Pharmaceuticals Ransomware Breach Update

[04:52 – 05:15]

Update:
Inotiv confirms ransomware data theft affecting employees, their families, and others associated with acquired firms.
Transparency Gaps:
Details on the specific data and attackers remain undisclosed.

7. Porsche Outage in Russia Leaves Cars Inoperable

[05:15 – 06:10]

Incident:
Factory-installed satellite security (VTS) failed, causing engine shutdowns and car locks across hundreds of vehicles.
User Response:
Workarounds involve rebooting/disconnecting batteries; some models more affected (LE).
Implications:
Highlights risks of IoT and remote connectivity in critical consumer products.

8. Choosing the Right CISO: Engineering vs. Holistic

[06:10 – 07:31]

Industry Insight:
Global demand for CISOs is up, especially in AI, crypto, and finance sectors.
Key Message:
Organizations must wisely choose between an engineering-focused CISO (technical, prevention-oriented) and a holistic CISO (systemic, resilient, people/process-aware).
Quote:
"Choosing an engineering-focused CISO over a holistic CISO can be risky... A holistic CISO, by contrast, understands security as a broader system involving people, process and technology, and designs for resilience, not just prevention."
— Steve Prentiss paraphrasing David Schwed [06:32]
Resource:
Link to the Dark Reading article by David Schwed provided in show notes.

Notable Quotes & Moments

On rapid threat actor adaptation:
"The speed at which the Chinese groups were able to operationalize public proof of concept exploits underscores a critical reality..."
— Steve Prentiss [02:38]
On technical vs. holistic CISOs:
"...an engineering-focused CISO... can build clean architecture and preventative controls. But this approach often just moves the risk."
— Steve Prentiss paraphrasing David Schwed [06:22]
On the emotional impact of virtual kidnapping scams:
"...a new and rather heinous twist on cyber extortion is the virtual kidnapping scam..."
— Steve Prentiss [04:08]

Timestamps for Key Segments

Palo Alto VPN Campaign: [00:06–00:59]
NATO Exercise: [00:59–01:58]
React2Shell/Chinese Exploits: [01:58–02:55]
NHS Bart's Health Breach: [02:55–03:25]
Virtual Kidnapping Scams: [04:07–04:52]
Inotiv Data Breach: [04:52–05:15]
Porsche Security System Outage: [05:15–06:10]
CISO Hiring and Strategy Advice: [06:10–07:31]

Episode Tone & Style

For more details or to dive deeper on any story, visit CISOseries.com.

wavePod

Palo Alto VPN attacks, NATO cyberdefense exercise, Chinese exploit React2Shell

Powered by Wave AI

Summary

Cyber Security Headlines – Episode Summary

Episode Overview

Key Topics and Insights

1. Surge in VPN Attacks Targeting Palo Alto Portals

2. NATO’s Record-Breaking Cyber Defense Exercise

3. Chinese State Actors Exploit “React2Shell” Vulnerability

4. UK NHS Bart's Health Data Breach via Oracle Zero-Day

5. Rise in Virtual Kidnapping Scams

6. Inotiv Pharmaceuticals Ransomware Breach Update

7. Porsche Outage in Russia Leaves Cars Inoperable

8. Choosing the Right CISO: Engineering vs. Holistic

Notable Quotes & Moments

Timestamps for Key Segments

Episode Tone & Style

Summary

Cyber Security Headlines – Episode Summary

Episode Overview

Key Topics and Insights

1. Surge in VPN Attacks Targeting Palo Alto Portals

2. NATO’s Record-Breaking Cyber Defense Exercise

3. Chinese State Actors Exploit “React2Shell” Vulnerability

4. UK NHS Bart's Health Data Breach via Oracle Zero-Day

5. Rise in Virtual Kidnapping Scams

6. Inotiv Pharmaceuticals Ransomware Breach Update

7. Porsche Outage in Russia Leaves Cars Inoperable

8. Choosing the Right CISO: Engineering vs. Holistic

Notable Quotes & Moments

Timestamps for Key Segments

Episode Tone & Style