Cyber Security Headlines – Week in Review: Celebrating 5 Years of Cyber Security Headlines

Podcast: Cyber Security Headlines
Host: CISO Series
Episode: August 22, 2025
Theme: Celebrating Five Years of Delivering Timely Cybersecurity News

Episode Overview

This special 5th anniversary episode of Cyber Security Headlines marks five years since the podcast's inception, reflecting on key cybersecurity topics and notable stories both from the past week and the past half-decade. Host Rich Stroffolino is joined by team members Hadas Kasorla (reporter), Steve Prentice (producer/reporter), with appearances from reporters Lauren Verno and Sarah Lane (via pre-recorded messages). The team shares their commentary on recent notable security news, enduring industry challenges, and personal highlights from their years reporting on cybersecurity for the CISO Series.

Key Discussion Points & Insights

1. CISA and the Ongoing Struggle for Infrastructure Security

[02:54]

• Topic: CISA (Cybersecurity and Infrastructure Security Agency) urges organizations operating OT (Operational Technology) to improve security postures amid a reported 87% year-over-year increase in attacks.
  • Insight: CISA advises starting with asset inventories and foundational cybersecurity.
  • Quote:

    "I also think that CISA...maybe lost attention because they weren't as focused. I do think however...most of my peers and I actually do pay quite a bit of attention to what CISA is doing, the things that it puts out, the recommendations it has." — Hadas Kasorla [03:25]

  • Tools and guidance from CISA are especially useful to professionals seeking to influence non-security stakeholders.
  • The team agrees—CISA's relevance increases when its mission is focused and guidance practical.

2. The Rise of Social Engineering: ‘Podcast Trap’ Scam

[06:08]

• Topic: New phishing method targets executives with fake podcast invitations—leveraging AI-generated hosts to socially engineer access and data compromise.
  • Insight: The attack thrives because executive-level victims are accustomed to legitimate media requests.
  • Quote:

    "No matter how much work we put into defense in depth and fortifying the networks, it's always the humans...who are the weakest links." — Steve Prentice [06:29]

  • Steve recommends the "gap it" technique—always pausing to evaluate a request before responding or clicking.
  • The scam highlights the need for vigilance and out-of-band verification, even at the highest corporate levels.

3. Password Manager Browser Extensions Face Clickjacking Threats

[10:26]

• Topic: Security researcher Marek Toth reveals a vulnerability in major password manager extensions (including 1Password, Bitwarden, LastPass, etc.), where clickjacking can force autofill exposure if an attacker controls a trusted subdomain.
  • Insight: The flaw is serious but requires attacker access to an already trusted domain/subdomain.
  • Quote:

    "On the list of all the things to be concerned about, keep using your password manager." — Hadas Kasorla [11:23]

  • Both password manager and browser vendors are presumably working on fixes, but users should remain aware yet continue using these tools due to their net benefit.

4. Workday Data Breach and Corporate Transparency

[12:44]

• Topic: HR tech giant Workday suffered a breach via a third-party CRM; controversially, they hid their disclosure blog post from search engines with a noindex tag.
  • Insight: The response raises questions about corporate transparency.
  • Quote:

    "The sheer action of trying to hide the truth has never worked...don't hide your mistakes. Stand up, admit them, and tell people you're going to fix this." — Steve Prentice [14:51]

  • The panel debates whether breaches through third parties diminish the organization’s responsibility (consensus: they don’t).
  • The normalization of breaches is noted, but panelists stress that open disclosure builds more trust than downplaying incidents.

5. Reflecting on Five Years of Cyber Security Headlines

[19:50]

• Origins: The podcast launched on August 19, 2020, and has rarely missed a weekday since.
• First Headlines Covered: Oracle wanting to acquire TikTok, ransomware at Jack Daniels, healthcare data leaks, Apple vs. Epic, AI and cultural bias, and early mention of VR/Oculus—illustrating both continuity and evolution in security storylines.
  • Quote:

    "The more things change, the more they stay the same." — Hadas Kasorla [20:37]

Notable Quotes & Memorable Moments

On the Persistence of Social Engineering

"Always, always. Every single message that you get that wants you to do something, go back around another way to connect."
— Steve Prentice on guarding against phishing and social engineering [07:38]

On the Replit AI Deletion Incident

"An entire company basically fell apart with the reliance on AI...I'm a little leery of our reliance on it so swiftly and lack of controls in its use."
— Hadas Kasorla on her favorite story as a cybersecurity reporter [23:30]

On the Value of Company Transparency Post-Breach

"Every single breach...paragraph number three is them saying, 'we take your data seriously.' Well, horse bolted, you know."
— Steve Prentice on formulaic PR responses [12:44]

On What Makes Favorite News Stories

"My favorite stories are not so much 'this breach happened,' but what companies or individuals do next...how it affects us and what we can do to keep ourselves safer."
— Sarah Lane, on her favorite stories [26:16]

On the Human Factor in Security Failures

"It's the psychology of change and the psychology of adoption of technology in the workplace...Why this constant notion of keeping our head in the sand, that it won't happen to us?"
— Steve Prentice on the Florida water plant story [36:00]

Team Reflections: Favorite Stories from Five Years

Hadas Kasorla:

• Loves unusual stories, but most impactful was the Replit AI incident ([23:30]). Concerns about rapid AI adoption without controls and the cruciality of going “back to basics” (asset management, backups).

Sarah Lane:

• Enjoys reporting on evolving stories—updates and what actionable lessons come out for end-users ([26:16]).

Lauren Verno:

• Favors quirky, ironic headlines (e.g., ransomware gang recruiting pen testers) and strives for a diverse news rundown ([31:41]).

Steve Prentice:

• Chose the Florida water plant hack ([35:23]) as most emblematic: exposed dangers of poor security hygiene (e.g., shared passwords), social engineering, and "it can't happen here" mindset.

Rich Stroffolino (Host):

• Highlighted the Conti ransomware group infighting during the Russia-Ukraine war. Fascinated by the window into threat actor "businesses" and their culture, finding overlap in human foibles, politics, and operational dynamics ([37:33]).

Additional Topics & Community Notes

• Repeated callouts and gratitude to the CISO Series team and community, including former host Sean Kelly and founder David Spark ([29:03], [43:21]).
• The team encourages listeners to provide feedback via feedbackisoseries.com and to join the live broadcast for direct interaction.
• Careers and interests: All reporters are active on LinkedIn, with Hadas teasing an "AI website" launch ([41:12]).

Timestamps for Key Segments

• CISA on OT Security: 02:54–05:08
• Social Engineering: Podcast Trap: 06:08–08:25
• Password Manager Clickjacking: 10:26–11:38
• Workday Data Breach & Transparency: 12:44–17:46
• 5-Year Retrospective & Favorite Stories: 19:50–40:26
• Panel Reflections & Closing: 40:26–43:46

Conclusion

This landmark episode touches on persistent industry challenges—social engineering, supply-chain risk, password security, and the human element—while celebrating the unique voice and camaraderie of the Cyber Security Headlines team. Reflecting on five years, the show underscores the importance of clear communication, transparency, and foundational security principles amid ever-changing threats.

Join the community and stay informed via CISOseries.com, and look forward to another five (and more) years of cybersecurity headlines and insights!