Cyber Security Headlines – CISO Series Podcast Summary Episode: SonicWall releases patches, The Com warning, Compromised Amazon Q extension
Release Date: July 25, 2025
Host: Steve Prentiss

Introduction

In this episode of Cyber Security Headlines, host Steve Prentiss delves into the latest developments and critical updates in the realm of information security. Covering a range of topics from vulnerability patches to sophisticated cybercriminal organizations, the episode provides listeners with a comprehensive overview of current cybersecurity challenges and responses.

SonicWall Releases Critical Patches for SMA100 Series

Steve Prentiss begins by addressing a significant update from SonicWall. The network security company announced the release of patches for the SMA100 series Secure Access Gateways, addressing a critical vulnerability previously reported.

“This new flaw has a CVE number and a CVSS score of 9.1,” Prentiss notes (00:00), emphasizing the severity of the issue. The vulnerability, identified as an arbitrary file upload weakness in the web management interface, could potentially allow remote code execution by attackers with administrative access. SonicWall urgently recommends that customers apply these patches immediately to mitigate risks posed by recent malware attacks.

FBI Issues Warning About The Com Criminal Organization

The podcast highlights an alarming warning from the FBI regarding The Com, a loosely organized cybercriminal group.

“The com that is T H E C O M is a loosely organized cybercriminal organization that launches cyber attacks to steal money and gain access to sensitive information,” Prentiss shares (00:00). The bureau describes The Com as primarily composed of English-speaking minors, although the group has expanded to include thousands involved in various cybercriminal activities. Over the past four years, The Com has grown in sophistication, employing complex methods to obscure identities, conceal financial transactions, and launder money. The recruitment of minors leverages the fact that younger individuals face less severe penalties, making them attractive to the organization.

Compromised Amazon Q Extension Exploitation

A concerning incident involving Amazon’s Q Extension for Visual Studio Code is discussed next. A hacker successfully compromised the official extension to include a malicious prompt that instructs users to utilize an AI agent to delete their home directories and AWS resources.

“The hacker submitted a pull request to the AWS repository, a random account with no existing access, and was given admin credentials,” explains Prentiss (00:00). Although AWS swiftly removed the unauthorized code and the hacker's credentials, the company has yet to disclose how the breach occurred. This incident underscores the vulnerabilities within widely used development tools and the potential for malicious actors to exploit them.

WordPress MU Plugin Backdoor Discovered

The episode covers a newly discovered backdoor in WordPress Must-Use (MU) plugins. These plugins are automatically activated across all WordPress installations and do not appear in the standard plugins list, making them prime targets for persistent threats.

“A PHP script was discovered by web security company Sucuri,” Prentiss states (00:00). The backdoor allows threat actors to maintain persistent access and perform arbitrary actions on affected WordPress sites. Since MU plugins are stored in the WP-content/mu-plugins directory and can only be disabled by manually removing the plugin files, the presence of such backdoors poses a significant security risk to website administrators.

Brave Blocks Microsoft's Windows Recall Feature

In a move to enhance user privacy, the makers of the Brave browser announced that their software will block Microsoft’s new Windows Recall feature from capturing screenshots of Brave browser windows. This feature will be enabled by default.

“Brave has set the SetInPutScope API to is private for all browser windows,” Prentiss explains (00:00). Despite Microsoft's addition of an opt-out option following widespread criticism, Brave's proactive approach marks a significant step in protecting user privacy by preventing unauthorized screenshotting from the outset.

CISA Updates Known Exploited Vulnerabilities Catalog

The Cybersecurity and Infrastructure Security Agency (CISA) has updated its catalog of known exploited vulnerabilities to include several critical flaws.

“This joint action follows a Crush FTP warning of a zero day with a CVSS score of 9.0 that has been exploited since July 18th,” Prentiss reports (00:00). The updates also encompass six Google Chrome vulnerabilities, one of which is actively exploited in the wild, and three flaws from Sysaid. CISA has mandated that federal agencies remediate these vulnerabilities by August 12th, underscoring the urgency of addressing these high-risk issues.

Mitel Alerts of Critical MyVoice MX1 Authentication Bypass Vulnerability

Mitel Networks has issued a security alert regarding a critical authentication bypass vulnerability in its MyVoice MX1 enterprise communications platform.

“Unauthenticated attackers can exploit it in low complexity attacks that do not require user action to gain unauthorized access to administrator accounts,” Prentiss details (00:00). The flaw, resulting from improper access control in the MyVoice MX1 Provisioning Manager component, has yet to receive a CVE identifier. Organizations using this platform are urged to apply the provided security updates to prevent potential breaches.

Fake Dalai Lama Apps Target Tibetan Community

The podcast highlights cyber espionage activities targeting the Tibetan community in anticipation of the Dalai Lama’s 90th birthday. Two campaigns, dubbed Operation Ghost Chat and Operation Phantom Prayers by Zscaler Threat Labs, were utilized to deploy malicious software.

“These campaigns were standard watering hole operations, redirecting users from a legitimate but compromised website to a fraudulent one,” Prentiss explains (00:00). The replica website prompted users to download a secure chat application, which served as a vector for a remote access Trojan (RAT). This sophisticated attack aimed to spy on Tibetan devotees, revealing the targeted and strategic nature of the espionage efforts.

Upcoming Live Streams and Events

Steve Prentiss concludes the episode by announcing upcoming live streams and events:

• Super Cyber Friday at 1 PM: Focused on "Hacking the Security Poverty Line," this session will explore the concept of minimum viable security.
• Week in Review Show at 3:30 PM Eastern: Featuring Nick Espinoza, host of the Deep Dive Radio show, who will provide expert commentary on the week’s cybersecurity news.

Listeners are encouraged to visit the events page at cisoseries.com to join these live sessions and share their thoughts via feedback@cisoseries.com.

Conclusion This episode of Cyber Security Headlines offers a thorough examination of recent cybersecurity threats, vulnerabilities, and organizational responses. From critical software patches to sophisticated cybercriminal operations, listeners gain valuable insights into the evolving landscape of information security.

For more detailed stories behind these headlines, visit cisoseries.com.