Cyber Security Headlines – Episode Summary

Podcast: Cyber Security Headlines
Host: Steve Prentiss (CISO Series)
Date: September 15, 2025
Episode Theme:
A rapid-fire breakdown of the day’s most critical cyber security events, focusing on global data breaches, the evolution of ransomware, major policy discussions, and notable vulnerability disclosures. The episode delivers headline news with expert context, drawing attention to the intersection of technology gaps, national concerns, and policy debates.

Key Discussion Points & Insights

1. ShinyHunters Breach at Vietnam's National Credit Information Center

• Summary:
  ShinyHunters compromised Vietnam’s National Credit Information Center by exploiting an “End Day” vulnerability in outdated, unsupported software.
• Critical Details:
  • The Center's software, being at the end of its life, had no available security patches.
  • Attack confirmed by the Vietnam Cyber Emergency Response Team; RE Security's Hunter team accessed leaked data, which included information linked to other Vietnamese financial institutions.
  • Notably, ShinyHunters did not demand a ransom but instead listed the stolen data for sale on dark web forums.
• Quote:

  “A known but unpatched flaw in End of Life software used by the Credit Information center. Because the software was no longer supported, no security patches were available, leaving the system especially vulnerable.”
  — Steve Prentiss [00:23]

2. Hybrid PETIA – New Ransomware with UEFI Secure Boot Bypass

• Summary:
  ESET Research identified “Hybrid petia”, a ransomware copycat with advanced UEFI Secure Boot bypass capabilities.
• Critical Details:
  • Hybrid petia exploits a specific CVE flaw to compromise outdated UEFI systems.
  • It targets and encrypts the master file table, crucial metadata for NTFS partitions.
  • Although identified on VirusTotal in February, ESET hasn’t observed active campaigns in the wild; Hybrid petia doesn’t display the same aggressive spreading as the original NotPetya.
• Quote:

  “Hybrid petia, in addition to being a copycat, now adds the capability of compromising UEFI based systems and weaponizing a CVE numbered flaw to bypass UEFI Secure Boot.”
  — Steve Prentiss [01:09]

3. CISA Urges Renewal of Cyber Information Sharing Law

• Summary:
  Nick Anderson (CISA Executive Assistant Director) appeals to Congress to renew the expiring 2015 Cybersecurity Information Sharing Act, crucial for cross-sector threat intelligence exchange.
• Critical Details:
  • The law is set to expire September 30, with House renewal legislation advanced but pending a full vote; the Senate is only beginning discussions.
  • Lawmakers might attach an extension to a short-term funding bill to prevent disruption.
• Quote:

  “He is urging Congress to renew the 2015 Cybersecurity Information Sharing Act before it expires on September 30. The law encourages private companies to voluntarily share threat intelligence with the government.”
  — Steve Prentiss [02:02]

4. Massive Leak from China’s “Great Firewall”

• Summary:
  Over 500 GB of internal documents and technical material related to China's internet surveillance system were leaked.
• Critical Details:
  • Leak includes source code, work logs, and deployment records of Tangzhou—a turnkey censorship and monitoring product used widely in China and now exported.
  • Records show Tangzhou installed in 26 data centers in Myanmar, integrated at national internet exchange points, capable of handling 81 million simultaneous TCP connections.
  • Further reporting connects technology exports to Pakistan, Ethiopia, and Kazakhstan, supporting mass surveillance operations.
• Quote:

  "This leak exposed details of Tangzhou, a commercial censorship platform developed by Chinese firm gege."
  — Steve Prentiss [03:08]

5. Surge in Cyber Attacks Against UK Schools Due to Student Hackers

• Summary:
  The UK’s Information Commissioner’s Office (ICO) reports an increase in school data breaches, with over half caused by students.
• Critical Details:
  • 57% of 215 “insider threat” breaches (Jan 2022–Aug 2024) stem from student activity; motivations include dares, notoriety, financial gain, revenge, and rivalries.
  • Lax data protection practices exacerbated the problem—examples include unattended devices and student access to staff equipment.
  • UK’s National Crime Agency estimates 20% of 10–16-year-olds in Britain have engaged in illegal online activity.
• Quote:

  “…a worrying pattern in the 215 insider threat breach reports from the education sector…with 57% of incidents caused by students who are likely motivated by dares, notoriety, financial gain, revenge and rivalries.”
  — Steve Prentiss [04:02]

6. Critical Vulnerability in Dassault’s Delmia Aprizo Exposed

• Summary:
  CISA issues a warning about an actively exploited remote code execution flaw in Delmia Aprizo, a global manufacturing operations platform by French company Dassault.
• Critical Details:
  • The flaw carries a severity score of 9.0.
  • The platform is widely used for production scheduling, resource allocation, and integration with business systems globally.
• Quote:

  “CISA has issued a warning regarding the ongoing exploitation of a critical remote code execution flaw in Delmia Aprizo…”
  — Steve Prentiss [05:04]

7. FBI Warns of Salesforce-targeting Cybercrime Gangs

• Summary:
  The FBI alerts organizations to increasing attacks by UNC6040 and UNC6395, responsible for recent Salesforce-related data theft and extortion campaigns.
• Critical Details:
  • Recommendations: staff phishing training, enforcement of multi-factor authentication (MFA), and applying least privilege access controls.
  • Organizations should carefully vet indicators before acting (such as blocking detected threats).
• Quote:

  “The FBI advises organizations to strengthen defenses against cybercriminals targeting Salesforce and other systems.”
  — Steve Prentiss [06:05]

8. CISA Seeks More Direct Control Over CVE Administration

• Summary:
  CISA publishes a summary expressing reservations about the CVE program’s proposed transition to a nonprofit model, citing conflicts of interest and the need for federal stewardship.
• Critical Details:
  • Nicholas Anderson voices CISA’s preference for a more centralized, government-led approach, emphasizing transparency and global coordination.
• Quote:

  “This, he says, ‘reinforces the need for CISA to take a more active role in the long term stewardship of the CVE program.’”
  — Steve Prentiss [07:02]

Memorable Moments & Quotes

• On End of Life Vulnerabilities:

  “…Because the software was no longer supported, no security patches were available, leaving the system especially vulnerable.”
  — Steve Prentiss [00:32]

• On Student-Driven School Attacks:

  “…One out of every five children in Britain aged between 10 and 16 has in illegal activity online.”
  — Steve Prentiss [04:47]

Timestamps for Important Segments

• [00:00] Intro & ShinyHunters Vietnam breach
• [01:09] Hybrid PETIA ransomware details
• [02:02] CISA’s push for law renewal
• [03:08] Great Firewall leak explainer
• [04:02] UK school cyber attacks and student motivations
• [05:04] Delmia Aprizo vulnerability warning
• [06:05] FBI Salesforce alert
• [07:02] CISA and the future of CVE management

Tone

The episode maintains a succinct, consequence-oriented tone, blending urgent calls to action for practitioners with concise, accessible descriptions suitable for tech and security professionals as well as informed members of the public. Steve Prentiss’s delivery is factual and direct, prioritizing actionable intelligence over sensationalism.

For full articles and further deep dives, visit CISOseries.com.