Cyber Security Headlines – Episode Summary

Podcast: CISO Series – Cyber Security Headlines
Date: October 22, 2025
Host: Sarah Lane

Overview

This episode delivers a rapid-fire briefing on the latest cybersecurity developments from around the globe. Topics include Russian state hackers debuting new malware, critical issues caused by Windows updates, sophisticated attacks on high-profile servers, newly cataloged exploited vulnerabilities, hardware-level defenses against laser cyberattacks, major zero-day discoveries at PWN2Own, a widespread VS Code supply chain compromise, and the evolution of a router-targeting botnet.

Key Discussion Points & Insights

1. Russian State Hackers Debut New Malware

[00:13 – 01:03]

Actor: Cold River (aka Star Blizzard, Callisto)
What's New: Three new malware families: No Robot, Yes Robot, and Maybe Robot, replacing the compromised Lost Keys tool.
Targets: High-value victims, focusing on deeper intelligence collection from previously phished individuals.
Technique: More aggressive campaigns, custom malware to evade detection and steal sensitive data.
Quote:

"The new tools are said to be deployed more aggressively than any previous campaigns, designed to evade detection and steal data from high value targets."
— Sarah Lane [00:18]

2. Windows Updates Cause Login Issues

[01:04 – 01:41]

Problem: Updates since August 29, 2025, are breaking logins on PCs with duplicate SIDs, affecting authentication processes (Kerberos and NTLM).
Affected Versions: Windows 11 24H2, 25H2, and Windows Server 2025.
Cause: New security checks that reject devices sharing SIDs, often a result of improper system cloning.
Mitigation: Microsoft recommends rebuilding affected systems or contacting support for Group Policy workarounds.
Quote:

"Microsoft says that Windows updates released since August 29th are breaking logins on systems with duplicate security identifiers...causing Kerberos and NTLM authentication failures..."
— Sarah Lane [01:10]

3. Passive Neuron Campaign Targets High-Profile Servers

[01:42 – 02:18]

Culprit: Likely a Chinese-speaking threat actor.
Victims: Government, financial, and industrial servers across Asia, Africa, and Latin America.
Tools: Custom implants (“Nersight” and “Neural Executor”), Cobalt Strike beacons, disguised DLLs.
Persistence: Exploits SQL servers with tactics consistent with Chinese APTs (attribution “low confidence”).
Quote:

"Kaspersky researchers say that a Chinese speaking threat actor is likely behind the Passive Neuron campaign..."
— Sarah Lane [01:42]

4. CISA Adds Major Flaws to Exploited Vulnerabilities Catalog

[02:19 – 02:44]

Products Affected: Oracle E-Business Suite, Microsoft Windows SMB Client, Conteco Experience CMS, Apple JavaScript Core.
Risks: Data theft, privilege escalation, and remote code execution.
Deadlines: Federal agencies must patch by November 10, 2025.
Quote:

"Federal agencies have to patch them by November 10th and private organizations are advised to update affected systems."
— Sarah Lane [02:37]

5. Laser Autofault Cyberattacks and Defense in Automotive Sector

[02:45 – 03:31]

Innovation: New "Fully Depleted Silicon on Insulator" chip architecture limits laser fault injection attacks.
Developed By: France’s CEA and Soetech.
Security Impact: Prevents bit-flipping and authentication bypass via lasers, supports cost efficiency, and regulatory compliance for automakers.
Quote:

"The design adds an insulating oxide layer that makes it harder to manipulate circuits with focused laser beams, including attacks that can flip bits or bypass authentication."
— Sarah Lane [03:12]

6. PWN2Own Ireland Sees 34 Zero-Days Disclosed

[03:32 – 04:21]

Event: PWN2Own Ireland 2025.
Highlights: 34 zero days exploited on NAS devices, printers, smart home gadgets, routers.
Payouts: Over $522,500 awarded on first day (Team DDoS: $100k for QNAP; Summoning Team: $102,500).
Disclosure Policy: Vendors receive 90 days to patch before exploits go public.
Quote:

"Researchers exploited 34 zero days across devices including QNAP and Synology, NAS printers, smart home gadgets and networking equipment, earning $522,500 for the effort."
— Sarah Lane [03:39]

7. "Glass Worm" Supply Chain Attack on VS Code

[04:22 – 04:54]

Threat: Glass Worm, self-propagating malware, infected 36,000+ developer systems via malicious VS Code extensions.
Method: Hides with invisible Unicode, steals GitHub/npm/OpenVSX credentials, installs RATs, leverages Solana blockchain & Google Calendar for C2.
Mitigation: Microsoft has removed the affected extensions.
Quote:

"The worm uses invisible Unicode characters to hide its code, steals credentials from GitHub, npm and OpenVSX, installs remote access tools and turns developer machines into criminal proxy nodes."
— Sarah Lane [04:36]

8. Polaredge Botnet Campaign Expands

[04:55 – 05:37]

Targets: Cisco, Asus, QNAP, Synology routers.
Discovery: Active since June 2023; detected February 2025.
Features: TLS-based backdoor, anti-analysis, process masquerading, versatile control (connect-back or debug modes).
Goal: Build a large-scale network of proxies ("SoC S5 proxies" comparison).
Quote:

"Polaredge can operate in connect back or debug modes and its purpose seems to be linked to building a large network of compromised devices not unlike Go SoC’s use of infected systems as SoC S5 proxies."
— Sarah Lane [05:24]

Notable Quotes & Memorable Moments

On Russian hackers’ evolution:

"Google believes that Cold river is now using custom malware to gather deeper intelligence from already phished victims."
— Sarah Lane [00:33]
On Windows login chaos:

"...rejects authentication between devices sharing SIDs, often created when systems are cloned without using Sysprep."
— Sarah Lane [01:19]
On PWN2Own's value:

"The contest...awards zero day exploits and promotes responsible disclosure with vendors given 90 days to patch vulnerabilities before public disclosure."
— Sarah Lane [04:07]

Episode Timeline (Timestamps for Key Segments)

00:13 – Cold River’s New Malware Campaigns
01:04 – Windows SID Login Issues
01:42 – Passive Neuron High-Profile Server Attacks
02:19 – CISA Catalog Update & Patch Deadlines
02:45 – Automotive Chip Defenses Against Laser Attacks
03:32 – PWN2Own Ireland Zero-Days & Payouts
04:22 – Glass Worm VS Code Supply Chain Attack
04:55 – Polaredge Botnet Expands

This concise, news-driven episode offers a vital summary of emerging threats and critical vulnerabilities, bridging the technical and the practical for security professionals needing fast, actionable intelligence.

Cyber Security Headlines – Episode Summary

Podcast: CISO Series – Cyber Security Headlines
Date: October 22, 2025
Host: Sarah Lane

Overview

Key Discussion Points & Insights

1. Russian State Hackers Debut New Malware

[00:13 – 01:03]

Actor: Cold River (aka Star Blizzard, Callisto)
What's New: Three new malware families: No Robot, Yes Robot, and Maybe Robot, replacing the compromised Lost Keys tool.
Targets: High-value victims, focusing on deeper intelligence collection from previously phished individuals.
Technique: More aggressive campaigns, custom malware to evade detection and steal sensitive data.
Quote:

"The new tools are said to be deployed more aggressively than any previous campaigns, designed to evade detection and steal data from high value targets."
— Sarah Lane [00:18]

2. Windows Updates Cause Login Issues

[01:04 – 01:41]

Problem: Updates since August 29, 2025, are breaking logins on PCs with duplicate SIDs, affecting authentication processes (Kerberos and NTLM).
Affected Versions: Windows 11 24H2, 25H2, and Windows Server 2025.
Cause: New security checks that reject devices sharing SIDs, often a result of improper system cloning.
Mitigation: Microsoft recommends rebuilding affected systems or contacting support for Group Policy workarounds.
Quote:

"Microsoft says that Windows updates released since August 29th are breaking logins on systems with duplicate security identifiers...causing Kerberos and NTLM authentication failures..."
— Sarah Lane [01:10]

3. Passive Neuron Campaign Targets High-Profile Servers

[01:42 – 02:18]

Culprit: Likely a Chinese-speaking threat actor.
Victims: Government, financial, and industrial servers across Asia, Africa, and Latin America.
Tools: Custom implants (“Nersight” and “Neural Executor”), Cobalt Strike beacons, disguised DLLs.
Persistence: Exploits SQL servers with tactics consistent with Chinese APTs (attribution “low confidence”).
Quote:

"Kaspersky researchers say that a Chinese speaking threat actor is likely behind the Passive Neuron campaign..."
— Sarah Lane [01:42]

4. CISA Adds Major Flaws to Exploited Vulnerabilities Catalog

[02:19 – 02:44]

Products Affected: Oracle E-Business Suite, Microsoft Windows SMB Client, Conteco Experience CMS, Apple JavaScript Core.
Risks: Data theft, privilege escalation, and remote code execution.
Deadlines: Federal agencies must patch by November 10, 2025.
Quote:

"Federal agencies have to patch them by November 10th and private organizations are advised to update affected systems."
— Sarah Lane [02:37]

5. Laser Autofault Cyberattacks and Defense in Automotive Sector

[02:45 – 03:31]

Innovation: New "Fully Depleted Silicon on Insulator" chip architecture limits laser fault injection attacks.
Developed By: France’s CEA and Soetech.
Security Impact: Prevents bit-flipping and authentication bypass via lasers, supports cost efficiency, and regulatory compliance for automakers.
Quote:

"The design adds an insulating oxide layer that makes it harder to manipulate circuits with focused laser beams, including attacks that can flip bits or bypass authentication."
— Sarah Lane [03:12]

6. PWN2Own Ireland Sees 34 Zero-Days Disclosed

[03:32 – 04:21]

Event: PWN2Own Ireland 2025.
Highlights: 34 zero days exploited on NAS devices, printers, smart home gadgets, routers.
Payouts: Over $522,500 awarded on first day (Team DDoS: $100k for QNAP; Summoning Team: $102,500).
Disclosure Policy: Vendors receive 90 days to patch before exploits go public.
Quote:

"Researchers exploited 34 zero days across devices including QNAP and Synology, NAS printers, smart home gadgets and networking equipment, earning $522,500 for the effort."
— Sarah Lane [03:39]

7. "Glass Worm" Supply Chain Attack on VS Code

[04:22 – 04:54]

Threat: Glass Worm, self-propagating malware, infected 36,000+ developer systems via malicious VS Code extensions.
Method: Hides with invisible Unicode, steals GitHub/npm/OpenVSX credentials, installs RATs, leverages Solana blockchain & Google Calendar for C2.
Mitigation: Microsoft has removed the affected extensions.
Quote:

"The worm uses invisible Unicode characters to hide its code, steals credentials from GitHub, npm and OpenVSX, installs remote access tools and turns developer machines into criminal proxy nodes."
— Sarah Lane [04:36]

8. Polaredge Botnet Campaign Expands

[04:55 – 05:37]

Targets: Cisco, Asus, QNAP, Synology routers.
Discovery: Active since June 2023; detected February 2025.
Features: TLS-based backdoor, anti-analysis, process masquerading, versatile control (connect-back or debug modes).
Goal: Build a large-scale network of proxies ("SoC S5 proxies" comparison).
Quote:

"Polaredge can operate in connect back or debug modes and its purpose seems to be linked to building a large network of compromised devices not unlike Go SoC’s use of infected systems as SoC S5 proxies."
— Sarah Lane [05:24]

Notable Quotes & Memorable Moments

On Russian hackers’ evolution:

"Google believes that Cold river is now using custom malware to gather deeper intelligence from already phished victims."
— Sarah Lane [00:33]
On Windows login chaos:

"...rejects authentication between devices sharing SIDs, often created when systems are cloned without using Sysprep."
— Sarah Lane [01:19]
On PWN2Own's value:

"The contest...awards zero day exploits and promotes responsible disclosure with vendors given 90 days to patch vulnerabilities before public disclosure."
— Sarah Lane [04:07]

Episode Timeline (Timestamps for Key Segments)

00:13 – Cold River’s New Malware Campaigns
01:04 – Windows SID Login Issues
01:42 – Passive Neuron High-Profile Server Attacks
02:19 – CISA Catalog Update & Patch Deadlines
02:45 – Automotive Chip Defenses Against Laser Attacks
03:32 – PWN2Own Ireland Zero-Days & Payouts
04:22 – Glass Worm VS Code Supply Chain Attack
04:55 – Polaredge Botnet Expands

wavePod

Russian hackers replace malware with new tools, Windows updates cause login issues, campaign targets high-profile servers

Powered by Wave AI

Summary

Cyber Security Headlines – Episode Summary

Overview

Key Discussion Points & Insights

1. Russian State Hackers Debut New Malware

2. Windows Updates Cause Login Issues

3. Passive Neuron Campaign Targets High-Profile Servers

4. CISA Adds Major Flaws to Exploited Vulnerabilities Catalog

5. Laser Autofault Cyberattacks and Defense in Automotive Sector

6. PWN2Own Ireland Sees 34 Zero-Days Disclosed

7. "Glass Worm" Supply Chain Attack on VS Code

8. Polaredge Botnet Campaign Expands

Notable Quotes & Memorable Moments

Episode Timeline (Timestamps for Key Segments)

Summary

Cyber Security Headlines – Episode Summary

Overview

Key Discussion Points & Insights

1. Russian State Hackers Debut New Malware

2. Windows Updates Cause Login Issues

3. Passive Neuron Campaign Targets High-Profile Servers

4. CISA Adds Major Flaws to Exploited Vulnerabilities Catalog

5. Laser Autofault Cyberattacks and Defense in Automotive Sector

6. PWN2Own Ireland Sees 34 Zero-Days Disclosed

7. "Glass Worm" Supply Chain Attack on VS Code

8. Polaredge Botnet Campaign Expands

Notable Quotes & Memorable Moments

Episode Timeline (Timestamps for Key Segments)