Cyber Security Headlines: October 17, 2025
Host: Steve Prentice, CISO Series
Episode Theme:
A fast-paced roundup of the latest cybersecurity incidents, vulnerabilities, and research, covering major breaches, critical patches, attack trends, and misinformation in the security industry.
Key Stories and Insights
Sotheby’s Suffers Major Data Breach
[00:13]
- Incident: World-renowned auction house Sotheby’s was breached on July 24, resulting in the theft of sensitive data, including Social Security numbers and financial information. The exact amount of data stolen remains unspecified.
- Sotheby’s Statement: Despite “layered defenses, strict access controls, secure connections and advanced threat protections…regularly patched systems, testing of internal incident response plans, backups, critical services, vetted vendors and a security trained workforce,” the attackers succeeded.
- Attribution: The group or individuals responsible remain unidentified.
- Tone: Emphasis on the sophistication of both defenses and attack.
Notable Quote
- “The attackers broke in despite the company having layered defenses, strict access controls, secure connections and advanced threat protections, along with regularly patched systems…”
— Steve Prentice [00:28]
Cisco “Zero Disco” Attacks: SNMP Flaw Exploited
[01:04]
- Campaign: Researchers at Trend Micro identified “Operation Zero Disco,” exploiting a stack overflow vulnerability (CVSS 7.7) in Cisco iOS and iOS XE Simple Network Management Protocol (SNMP).
- Impact: Attackers deployed Linux rootkits on older, unprotected systems, highlighting systemic risks from delayed patching.
- Patch Status: Cisco addressed the flaw last month.
- Attribution: No known threat actor or group attributed.
Microsoft Revokes Ransomware-Signing Certificates
[01:36]
- Threat Actor: Vanilla Tempest (also known as Vice Spider/Vice Society), noted for attacking education and healthcare sectors with Ryseda ransomware.
- Mitigation: In early October, Microsoft revoked 200+ certificates used by attackers to sign malicious payloads, disrupting ongoing campaigns.
- Attack Vector: Victims lured via SEO-poisoned installer websites.
Notable Quote
- “Microsoft says it disrupted the group's campaign in early October by revoking more than 200 certificates...”
— Steve Prentice [01:51]
LastPass Email Phishing Scam
[02:09]
- Incident: A phishing campaign posed as LastPass, using alarming email subjects like “we have been hacked. Update your LastPass desktop app to maintain vault security.”
- Phishing Details: Fake update links led to credential-stealing sites; domains mimicked LastPass branding.
- Responses: LastPass working on domain takedown; Cloudflare placed warning pages in front of phishing sites.
Windows 11 Updates Break Localhost HTTP/2
[04:02]
- Impact: The latest Windows 11 update disrupted localhost connections over HTTP/2, affecting developer workflows and applications relying on 127.0.0.1—for instance, Visual Studio, database management (SSMSentra), security posture tools like Duo desktop app.
- Community: Significant problems for developers and security teams dependent on local service communication.
Dairy Farmers of America Ransomware Breach
[05:07]
- Attack: The Play Ransomware group breached multiple manufacturing plants in June, exposing the personal and banking data (including driver’s licenses, IDs, and account numbers) of over 4,500 employees and members.
- Tactics: Attackers used “a sophisticated social engineering campaign” to gain foothold.
Microsoft Digital Defense Report: 32% Surge in Identity Hacks
[06:02]
- Report Highlights:
- Surge: 32% increase in identity attacks involving stolen passwords.
- 97% of identity attacks are via password compromises.
- Attackers rely on credential leaks to fuel brute-force and password-guessing attempts.
- Expert Insight: Amy Hogan-Burney (Microsoft Corporate VP) stressed scale and automation in malicious sign-in attempts.
Notable Quote
- “The vast majority of malicious sign in attempts an organization might receive are via large scale password guessing attempts... by and large from credential leaks.”
— Amy Hogan-Burney (quoted by Steve Prentice) [06:35]
Adobe Experience Manager Forms Vulnerability
[07:01]
- Alert: CISA added a CVSS 10.0 flaw in Adobe Experience Manager Forms to its Known Exploited Vulnerabilities (KEV) catalog.
- Systems Affected: Platforms managing digital forms in banking, insurance, government, and healthcare.
- Risk: Attackers could bypass core security mechanisms and execute arbitrary code.
- Patch: Issue was fixed by Adobe in August.
Memorable Moments and Tone
- The episode highlighted how even well-protected organizations (Sotheby’s) can fall victim, spurring discussion on defense-in-depth and attacker sophistication.
- The Windows 11 breakage segment resonated with a wide swath of listeners in the development and security ops community.
- The episode closed with a reminder about their podcast transition, maintaining a conversational and encouraging tone for audience engagement.
Timestamps for Key Segments
- Sotheby’s Breach: 00:13–01:04
- Cisco Zero Disco Attacks: 01:04–01:36
- Microsoft Revokes Ransomware Certificates: 01:36–02:09
- LastPass Phishing Scam: 02:09–04:02
- Windows 11 Update Issue: 04:02–05:07
- Dairy Farmers of America Breach: 05:07–06:02
- Microsoft Identity Attack Surge: 06:02–07:01
- Adobe Experience Manager Flaw: 07:01–08:00
Conclusion
Cyber Security Headlines delivers rapid-fire updates on headline-grabbing cyber incidents, emphasizing both technical detail and practical implications. With a tone that’s both urgent and informative, the podcast underscores the ongoing escalation of breach sophistication and the critical importance of patching, phishing defense, and robust identity protection.