PBS confirms data breach, TSMC fires engineers over theft, Cloudflare: Perplexity is web scraping - Cybersecurity Headlines

Summary6 min read

Cyber Security Headlines - Episode Summary Hosted by CISO Series | Release Date: August 6, 2025

In the latest episode of Cyber Security Headlines by the CISO Series, host Sarah Lane delves into a range of significant events shaping the information security landscape. From high-profile data breaches to advancements in cyber defense, this episode provides a comprehensive overview of the current state of cybersecurity. Below is a detailed summary of the key topics discussed.

1. PBS Confirms Data Breach

Timestamp: [00:07]

Sarah Lane reports that PBS has confirmed a data breach resulting in the leakage of employee information on Discord servers associated with PBS Kids fan communities. The compromised data includes:

Details Leaked: Names, job titles, emails, departments, and supervisors of nearly 4,000 employees and affiliates.
Source of Breach: The internal platform mypbs.org.
Impact: PBS assures that only the specified platform was affected, with no other systems compromised.

"PBS confirmed a data breach after a file containing contact information for nearly 4,000 employees and affiliates was leaked on Discord servers tied to PBS Kids fan communities," says Sarah.

2. TSMC Fires Engineers Over Semiconductor Secrets Theft

Timestamp: [00:07]

Taiwan Semiconductor Manufacturing Company (TSMC) has terminated two engineers suspected of stealing proprietary information related to their 2-nanometer chip technology. Key points include:

Nature of Theft: Suspected theft of advanced semiconductor trade secrets.
Legal Action: The case marks the first under Taiwan's National Security Act.
Company's Defense: TSMC asserts that their technology is too complex for any small group to fully replicate, citing their production of over 90% of the world’s sub-5 nanometer chips.
Detection: The breach was identified through internal monitoring systems, leading to immediate notification of prosecutors.

"TSMC makes more than 90% of the world's sub 5 nanometer chips and says its advanced tech is too complex for any small group to fully steal," explains Sarah.

3. Cloudflare Allegations Against Perplexity

Timestamp: [00:07]

Cloudflare has accused Perplexity of deploying sophisticated web scraping techniques to bypass website restrictions. Highlights include:

Methodology: Use of stealth crawlers that disregard robots.txt files and rotate IP addresses.
User Agents: Perplexity's crawlers imitate legitimate Chrome browsers, making detection challenging.
Response: Cloudflare has delisted Perplexity as a verified bot and updated its managed rules to prevent future occurrences.

"Cloudflare alleges that Perplexity has been bypassing website restrictions by using stealth crawlers that ignore or evade robots txt files and declared IPs," Sarah reports.

4. Security Flaw in Broadcom Chips Used in Dell Laptops

Timestamp: [00:07]

A significant vulnerability has been identified in Broadcom chips integrated into over 100 Dell laptop models. Critical information includes:

Vulnerability Details: Linked to Dell's Control Vault firmware, the flaw could allow attackers to steal sensitive data and maintain access post-OS installation.
Affected Environments: Commonly used in cybersecurity and government sectors.
Mitigation: Dell released a patch earlier this year and issued an advisory in June addressing the issue.

"Cisco Talos researchers say that a security flaw in Broadcom chips used in more than 100 Dell laptop models could have let attackers steal sensitive data and maintain access even after a clean OS install," Sarah elaborates.

5. Cybersecurity Budget Growth at a Five-Year Low

Timestamp: [00:07]

A recent study by IANS and Article Report reveals troubling trends in cybersecurity funding:

Budget Growth: Increased by only 4% in 2025, a decline from 8% in 2024.
CISO Perspectives: Only 47% of Chief Information Security Officers (CISOs) observed budget hikes.
Team Expansion: Growth in cybersecurity teams has plummeted to a four-year low of 7%.
Staffing Challenges: Approximately 90% of CISOs report understaffed teams due to hiring and budget constraints.

"According to a new IANS and article report, cybersecurity budgets grew 4% in 2025. That's down from 8% in 2024," states Sarah, highlighting the pressing issues faced by cybersecurity professionals.

6. Google’s Big Sleep Uncovers 20 Flaws in Open Source Projects

Timestamp: [00:07]

Google has deployed its AI-powered tool, Big Sleep, developed in collaboration with DeepMind and Project Zero, to identify vulnerabilities in open-source software:

Findings: 20 security flaws discovered in widely-used projects like FFmpeg and ImageMagick.
Discovery Process: Each vulnerability was autonomously identified and reproduced by the AI, followed by human review before reporting.
Current Status: Detailed information on the vulnerabilities remains undisclosed pending the release of fixes.

"Google says each bug was autonomously discovered and reproduced by the AI with Human Review before reporting," Sarah shares insights from the developments.

7. Cisco.com User Accounts Breached via Voice Phishing

Timestamp: [00:07]

Cisco has reported a breach of user accounts attributed to a sophisticated voice phishing attack:

Attack Mechanism: Phishing tricked an employee into granting access to a third-party Customer Relationship Management (CRM) system.
Compromised Data: Names, email addresses, phone numbers, and account metadata were accessed, though no passwords or confidential customer data were affected.
Attribution: The breach may be linked to the Shiny Hunters group, known for targeting major brands like Adidas, Chanel, and LVMH via Salesforce-related attacks.

"Cisco disclosed a data breach after a voice phishing attack tricked an employee, letting a threat actor access a third party CRM system and steal user data from Cisco.com accounts," reports Sarah.

8. Cyber Attacks on Dutch Caribbean Islands' Government Services

Timestamp: [00:07]

Multiple islands in the Dutch Caribbean, including Curacao, Aruba, and St. Martin, are grappling with cyber attacks targeting government infrastructure:

Incidents:
- Curacao: The tax office endured a ransomware attack on July 24, severely disrupting operations for weeks.
- Joint Court of Justice: Lost email access and faced potential shutdowns across multiple islands.
- Aruba: The Parliament experienced a separate email breach linked to phishing attempts.
Potential Cause: Experts suspect these attacks may exploit a known Citrix vulnerability highlighted by Dutch authorities.

"Experts warn these incidents may be linked to a Citrix vulnerability flagged by Dutch authorities," Sarah warns, emphasizing the regional cyber security challenges.

9. SonicWall Urges Disabling SSL VPN Amid Rising Attacks

Timestamp: [00:07]

SonicWall is advising administrators to deactivate SSL VPN services on Gen 7 firewalls in response to escalating cyber threats:

Threat Landscape: Ransomware gangs like Akira are reportedly exploiting a likely zero-day vulnerability.
Attack Techniques: Researchers from Arctic, Wolf, and Huntress have identified that attackers are bypassing Multi-Factor Authentication (MFA) and achieving domain controller access within hours of infiltration.
Additional Warnings: This alert follows previous advisories to patch SMA 100 appliances against a critical Remote Code Execution (RCE) vulnerability.

"Sonicwall is urging customers to disable SSL VPN services on Gen 7 firewalls amid reports that ransomware gangs like Akira are exploiting a likely zero day vulnerability," Sarah highlights the urgent recommendations for cybersecurity professionals.

10. Upcoming Events and Closing Remarks

While the episode also mentions upcoming events such as David Spark’s annual roundup at Black Hat and offers avenues for listener feedback, these segments were brief and thus are not detailed in this summary.

Conclusion

Today's episode of Cyber Security Headlines provided a thorough examination of critical security incidents and trends impacting organizations worldwide. From data breaches and insider threats to advanced cyber-attacks targeting government services, the discussions underscore the evolving challenges in the cybersecurity domain. Additionally, the insights into budget constraints and emerging vulnerabilities emphasize the need for robust and adaptive security strategies.

For more in-depth analysis and daily updates on cybersecurity, listeners are encouraged to visit cisoseries.com.

Loading summary

Transcript3 lines

[00:00]
A
From the CISO series. It's Cybersecurity Headlines.
[00:07]
B
These are the cybersecurity headlines for Wednesday, August 6, 2025. I'm Sarah Lane. PBS confirms data breach after employee info leaked on Discord servers PBS confirmed a data breach after a file containing contact information for nearly 4,000 employees and affiliates with was leaked on Discord servers tied to PBS Kids fan communities. The data included names, job titles, emails, departments and supervisors. PBS says the breach came from its internal mypbs. Org platform and that no other systems were affected. TSMC fires engineers over suspected semiconductor secrets Theft TSMC fired two engineers suspected of stealing 2 nanometer chip trade secrets and and the first ever case under Taiwan's National Security Act. The company detected the breach via internal monitoring and alerted prosecutors. TSMC makes more than 90% of the world's sub 5 nanometer chips and says its advanced tech is too complex for any small group to fully steal. Cloudflare on Perplexity Web scraping techniques to avoid robot Txt and network blocks Cloudflare alleges that Perplexity has been bypassing website restrictions by using stealth crawlers that ignore or evade robots txt files and declared IPs. Tests show that Perplexity accesses restricted content using user agents that mimic Chrome browsers and rotate IP addresses, making it difficult for site owners to block them. Cloudflare has delisted Perplexity as a verified bot and updated its managed rules to block this type of behavior going forward. Flaw in Broadcom chip used in Dell laptop security firmware Cisco Talos researchers say that a security flaw in Broadcom chips used in more than 100 Dell laptop models could have let attackers steal sensitive data and maintain access even after a clean OS install. The vulnerability is tied to Dell's Control Vault firmware and and affected machines common in cybersecurity and government environments. Dell patched the issue earlier this year and published an advisory in June. Huge thanks to our sponsor, ThreatLocker. ThreatLocker is a global leader in zero trust Endpoint security, offering cybersecurity controls to protect businesses from zero day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerability vulnerabilities. To learn more and start your free trial, visit threatlocker.com CISO that's threatlocker.com CISO IAN A study finds lowest cybersecurity budget growth in five years According to a new IANS and article report, cybersecurity budgets grew 4% in 2025. That's down from 8% in 2024. Only 47% of CISOs saw budget increases and team growth dropped to a four year low of 7%. Nearly 90% of CISOs say their teams are understaffed due to hiring and budget constraints. Google's Big Sleep finds 20 flaws in open source projects Google's A bug hunter called Big Sleep was developed by DeepMind and Project Zero and identified 20 security flaws in popular open source software, including FFmpeg and ImageMagick. Details on the vulnerabilities are still undisclosed, pending fixes, but Google says each bug was autonomously discovered and reproduced by the AI with Human Review before reporting Cisco.com user accounts breached Cisco disclosed a data breach after a voice phishing attack tricked an employee, letting a threat actor access a third party CRM system and steal user data from Cisco.com accounts. Exposed information includes names, email addresses, phone numbers and account metadata, but no passwords. Confidential customer data or product systems appear to be affected. The breach may be linked to the Shiny Hunters group behind recent Salesforce related attacks on major brands like Adidas, Chanel and lvmh. Dutch Caribbean islands respond to cyber attacks on Quartz tax departments Multiple Dutch Caribbean islands including Curacao, Aruba and St Martin are recovering from a wave of cyber attacks targeting government services. Curacao's tax office suffered a ransomware attack on July 24, disrupting operations for weeks. The Joint Court of Justice, serving multiple islands was also hit, losing email access and facing shutdowns. Aruba's Parliament confirmed a separate email breach tied to phishing. Experts warn these incidents may be linked to a Citrix vulnerability flagged by Dutch authorities. Sonicwall urges admins to disable SSL VPN amid rising attacks Sonicwall is urging customers to disable SSL VPN services on Gen 7 firewalls amid reports that ransomware gangs like Akira are exploiting a likely zero day vulnerability. Researchers from Arctic, Wolf and Huntress say that attackers are bypassing MFA and gaining domain controller access within hours of intrusion. Sonicwall hasn't officially confirmed the flaw, but this follows a separate recent warning to patch SMA 100 appliances against a critical RCE vulnerability. David Spark is at Black Hat all week and will share his annual roundup on DTNS Live this coming Friday. Check it out wherever you get your podcasts and find out more@dailytechnewshow.com if you can join us live. Even better, that happens Friday at 4pm Eastern Time. More information on that at dailytechnewshow.com live. If you have thoughts on today's news or about the show in general. Be sure to reach out to us@feedbackisoseries.com we would love to hear your thoughts. I'm Sarah Lane reporting for the CISO series. Thank you so much for listening and we'll talk to you tomorrow.
[06:49]
A
Cybersecurity headlines are available every weekday. Head to cisoseries.com for the full stories behind the headlines.

Cyber Security Headlines - Episode Summary Hosted by CISO Series | Release Date: August 6, 2025

1. PBS Confirms Data Breach

Timestamp: [00:07]

Details Leaked: Names, job titles, emails, departments, and supervisors of nearly 4,000 employees and affiliates.
Source of Breach: The internal platform mypbs.org.
Impact: PBS assures that only the specified platform was affected, with no other systems compromised.

"PBS confirmed a data breach after a file containing contact information for nearly 4,000 employees and affiliates was leaked on Discord servers tied to PBS Kids fan communities," says Sarah.

2. TSMC Fires Engineers Over Semiconductor Secrets Theft

Timestamp: [00:07]

Taiwan Semiconductor Manufacturing Company (TSMC) has terminated two engineers suspected of stealing proprietary information related to their 2-nanometer chip technology. Key points include:

Nature of Theft: Suspected theft of advanced semiconductor trade secrets.
Legal Action: The case marks the first under Taiwan's National Security Act.
Company's Defense: TSMC asserts that their technology is too complex for any small group to fully replicate, citing their production of over 90% of the world’s sub-5 nanometer chips.
Detection: The breach was identified through internal monitoring systems, leading to immediate notification of prosecutors.

"TSMC makes more than 90% of the world's sub 5 nanometer chips and says its advanced tech is too complex for any small group to fully steal," explains Sarah.

3. Cloudflare Allegations Against Perplexity

Timestamp: [00:07]

Cloudflare has accused Perplexity of deploying sophisticated web scraping techniques to bypass website restrictions. Highlights include:

Methodology: Use of stealth crawlers that disregard robots.txt files and rotate IP addresses.
User Agents: Perplexity's crawlers imitate legitimate Chrome browsers, making detection challenging.
Response: Cloudflare has delisted Perplexity as a verified bot and updated its managed rules to prevent future occurrences.

"Cloudflare alleges that Perplexity has been bypassing website restrictions by using stealth crawlers that ignore or evade robots txt files and declared IPs," Sarah reports.

4. Security Flaw in Broadcom Chips Used in Dell Laptops

Timestamp: [00:07]

A significant vulnerability has been identified in Broadcom chips integrated into over 100 Dell laptop models. Critical information includes:

Vulnerability Details: Linked to Dell's Control Vault firmware, the flaw could allow attackers to steal sensitive data and maintain access post-OS installation.
Affected Environments: Commonly used in cybersecurity and government sectors.
Mitigation: Dell released a patch earlier this year and issued an advisory in June addressing the issue.

5. Cybersecurity Budget Growth at a Five-Year Low

Timestamp: [00:07]

A recent study by IANS and Article Report reveals troubling trends in cybersecurity funding:

Budget Growth: Increased by only 4% in 2025, a decline from 8% in 2024.
CISO Perspectives: Only 47% of Chief Information Security Officers (CISOs) observed budget hikes.
Team Expansion: Growth in cybersecurity teams has plummeted to a four-year low of 7%.
Staffing Challenges: Approximately 90% of CISOs report understaffed teams due to hiring and budget constraints.

6. Google’s Big Sleep Uncovers 20 Flaws in Open Source Projects

Timestamp: [00:07]

Google has deployed its AI-powered tool, Big Sleep, developed in collaboration with DeepMind and Project Zero, to identify vulnerabilities in open-source software:

Findings: 20 security flaws discovered in widely-used projects like FFmpeg and ImageMagick.
Discovery Process: Each vulnerability was autonomously identified and reproduced by the AI, followed by human review before reporting.
Current Status: Detailed information on the vulnerabilities remains undisclosed pending the release of fixes.

"Google says each bug was autonomously discovered and reproduced by the AI with Human Review before reporting," Sarah shares insights from the developments.

7. Cisco.com User Accounts Breached via Voice Phishing

Timestamp: [00:07]

Cisco has reported a breach of user accounts attributed to a sophisticated voice phishing attack:

Attack Mechanism: Phishing tricked an employee into granting access to a third-party Customer Relationship Management (CRM) system.
Compromised Data: Names, email addresses, phone numbers, and account metadata were accessed, though no passwords or confidential customer data were affected.
Attribution: The breach may be linked to the Shiny Hunters group, known for targeting major brands like Adidas, Chanel, and LVMH via Salesforce-related attacks.

"Cisco disclosed a data breach after a voice phishing attack tricked an employee, letting a threat actor access a third party CRM system and steal user data from Cisco.com accounts," reports Sarah.

8. Cyber Attacks on Dutch Caribbean Islands' Government Services

Timestamp: [00:07]

Multiple islands in the Dutch Caribbean, including Curacao, Aruba, and St. Martin, are grappling with cyber attacks targeting government infrastructure:

Incidents:
- Curacao: The tax office endured a ransomware attack on July 24, severely disrupting operations for weeks.
- Joint Court of Justice: Lost email access and faced potential shutdowns across multiple islands.
- Aruba: The Parliament experienced a separate email breach linked to phishing attempts.
Potential Cause: Experts suspect these attacks may exploit a known Citrix vulnerability highlighted by Dutch authorities.

"Experts warn these incidents may be linked to a Citrix vulnerability flagged by Dutch authorities," Sarah warns, emphasizing the regional cyber security challenges.

9. SonicWall Urges Disabling SSL VPN Amid Rising Attacks

Timestamp: [00:07]

SonicWall is advising administrators to deactivate SSL VPN services on Gen 7 firewalls in response to escalating cyber threats:

Threat Landscape: Ransomware gangs like Akira are reportedly exploiting a likely zero-day vulnerability.
Attack Techniques: Researchers from Arctic, Wolf, and Huntress have identified that attackers are bypassing Multi-Factor Authentication (MFA) and achieving domain controller access within hours of infiltration.
Additional Warnings: This alert follows previous advisories to patch SMA 100 appliances against a critical Remote Code Execution (RCE) vulnerability.

10. Upcoming Events and Closing Remarks

Conclusion

For more in-depth analysis and daily updates on cybersecurity, listeners are encouraged to visit cisoseries.com.