Cyber Security Headlines – Episode Summary

Podcast: Cyber Security Headlines
Host: CISO Series (Steve Prentiss)
Date: September 26, 2025
Episode Title: Windows 10 extension, teenage Vegas hacker released, Boyd Gaming hacked

Overview

This episode provides a rapid rundown of the day’s most critical cyber security stories, with a focus on major incidents and vulnerabilities affecting corporations, public organizations, and individuals. Stories covered include policy shifts from Microsoft regarding Windows 10 security, casino breaches in Las Vegas, severe vulnerabilities in enterprise hardware and software, and ethically troubling data leaks.

Key Stories and Discussion Points

1. Windows 10 Security Support Extended in Europe

[00:11]
- Microsoft announces free extended security updates for Windows 10 users across the European Economic Area (including Iceland, Liechtenstein, Norway, and all EU member states).
- The move follows advocacy from Euroconsumers, a Luxembourg-based consumer protection organization.
- Euroconsumers has lobbied Microsoft to postpone the Windows 10 end-of-support date (originally set for October 14, 2025).
- Comparison drawn to the long support cycles for previous operating systems (Windows 7, Windows XP).
- Quote: "The company has also asked that Microsoft Postpone the Windows 10 end of support date beyond October 14, 2025, noting that previous versions such as Windows 7 and Windows XP were supported for more than seven years after Windows 8 and Vist were introduced." – Steve Prentiss [00:34]

2. Teenage Vegas Casino Hacker Released to Parents

[01:00]
- Follow-up on the 2023 attack on MGM Resorts and Caesars Entertainment.
- A 17-year-old, believed to be part of the “Scattered Spider” group, has been released to parental custody.
- He is alleged to have deployed Black Cat/Alphv ransomware, causing over $100 million in damages.
- Internet access is now limited to educational purposes; speculation persists over possession of $1.8 million in bitcoin possibly tied to the crimes.
- Quote: "The teen has had his access to the Internet restricted to educational use only, and speculation abounds as to whether he is still in possession of $1.8 million in Bitcoin, which is believed to be related to the attacks." – Steve Prentiss [01:32]

3. Boyd Gaming Hacked – Employee Data Breach

[01:52]
- Boyd Gaming (Las Vegas) disclosed employee information was stolen in a cyber attack, per SEC notification.
- The breach reportedly had no operational impact on casinos or business but did compromise employee and some other personal data.
- Details on the attack method (such as ransomware) remain undisclosed.
- Boyd operates casinos in 11 states.

4. Supermicro BMC Vulnerabilities – Persistent Backdoor Warning

[02:34]
- Firmware security company Binarly details two vulnerabilities in Super Micro baseboard management controller (BMC) products.
- Attackers could craft malicious images that bypass previous patches, gaining persistent control of BMC and the host OS.
- Quote: "They say the issue could allow potential attackers to gain complete and persistent control of both the BMC system and the main server OS." – Steve Prentiss [02:54]

5. Salesforce AI Prompt Injection Vulnerability

[03:36]
- NOMA Security reveals a critical “indirect prompt injection” flaw (dubbed Forced Leak, CVSS 9.4) in Salesforce Agent Force (AI agent platform).
- Exploitable via Web2Lead; attackers could exfiltrate CRM data.
- Problem stems from AI processing malicious data/instructions from external sources, which leads to disclosure or unintended actions.

6. Preschool Network Breach – Kido International Attacked

[04:18]
- Radiant Group leaks highly sensitive data from Kido International, a UK-based preschool/daycare provider.
- Exposed data: images/names of children, home addresses, parents’ contact info, some work details.
- The attack is described on-air as “reprehensible and sinking to the lowest depths possible.”

7. Volvo North America Data Breach

[05:08]
- Disclosure of staff data stemming from a third-party ransomware incident (MEO Data).
- Impacted systems manage HR records, medical certificates, and injury reports for Volvo NA and at least 25 other organizations.
- Ransomware group “Data Carry” claims responsibility.

8. Zendto File Transfer Application Flaw

[06:01]
- Researchers identify a critical path traversal flaw in Zendto (versions 6.15–7).
- Authenticated users can manipulate file paths to retrieve sensitive data by exploiting weak sanitization.
- Quote: "Ultimately, this leads to a method that can enumerate and exfiltrate any user uploaded content or critical system files." – Steve Prentiss [06:20]

Notable Quotes & Moments with Timestamps

Euroconsumers pushing Microsoft:
"[Euroconsumers]...asked that Microsoft Postpone the Windows 10 end of support date beyond October 14, 2025, noting that previous versions such as Windows 7 and Windows XP were supported for more than seven years after Windows 8 and Vist were introduced." – Steve Prentiss [00:34]
Teen hacker speculation:
"The teen has had his access to the Internet restricted to educational use only, and speculation abounds as to whether he is still in possession of $1.8 million in Bitcoin, which is believed to be related to the attacks." – Steve Prentiss [01:32]
Supermicro BMC criticality:
"They say the issue could allow potential attackers to gain complete and persistent control of both the BMC system and the main server OS." – Steve Prentiss [02:54]
Preschool hack condemnation:
"...an attack described by people in the cybersecurity business as reprehensible and sinking to the lowest depths possible..." – Steve Prentiss [04:19]

Important Timestamps for Quick Reference

[00:11] – Microsoft extends Windows 10 updates in Europe
[01:00] – Vegas teen hacker custody outcome
[01:52] – Boyd Gaming employee data breach
[02:34] – Supermicro BMC vulnerabilities detailed
[03:36] – Salesforce AI indirect prompt injection bug disclosed
[04:18] – Kido International preschool network breach
[05:08] – Volvo North America third-party data breach
[06:01] – Zendto path traversal flaw explained

Tone and Style

Steve Prentiss delivers the news in a brisk, authoritative, and factual style, with occasional injected commentary reflecting industry outrage or context (e.g., the preschool attack). The focus is on rapid dissemination of facts with clear attributions and concise technical explanations.

Summary

This September 26, 2025, episode of Cyber Security Headlines condensed a series of impactful stories for security professionals. Key themes included the tension between technology vendors and consumer advocates (Microsoft support cycle), the persistent threat of ransomware and data breaches in both the gaming and education sectors, and fresh vulnerabilities in both hardware (Super Micro) and cloud software (Salesforce, Zendto). The episode used memorable quotes to highlight industry responses, ensuring listeners are up to speed on pressing threats, shifting policies, and the ethical dimensions of recent hacks.

Cyber Security Headlines – Episode Summary

Podcast: Cyber Security Headlines
Host: CISO Series (Steve Prentiss)
Date: September 26, 2025
Episode Title: Windows 10 extension, teenage Vegas hacker released, Boyd Gaming hacked

Overview

Key Stories and Discussion Points

1. Windows 10 Security Support Extended in Europe

[00:11]
- Microsoft announces free extended security updates for Windows 10 users across the European Economic Area (including Iceland, Liechtenstein, Norway, and all EU member states).
- The move follows advocacy from Euroconsumers, a Luxembourg-based consumer protection organization.
- Euroconsumers has lobbied Microsoft to postpone the Windows 10 end-of-support date (originally set for October 14, 2025).
- Comparison drawn to the long support cycles for previous operating systems (Windows 7, Windows XP).
- Quote: "The company has also asked that Microsoft Postpone the Windows 10 end of support date beyond October 14, 2025, noting that previous versions such as Windows 7 and Windows XP were supported for more than seven years after Windows 8 and Vist were introduced." – Steve Prentiss [00:34]

2. Teenage Vegas Casino Hacker Released to Parents

[01:00]
- Follow-up on the 2023 attack on MGM Resorts and Caesars Entertainment.
- A 17-year-old, believed to be part of the “Scattered Spider” group, has been released to parental custody.
- He is alleged to have deployed Black Cat/Alphv ransomware, causing over $100 million in damages.
- Internet access is now limited to educational purposes; speculation persists over possession of $1.8 million in bitcoin possibly tied to the crimes.
- Quote: "The teen has had his access to the Internet restricted to educational use only, and speculation abounds as to whether he is still in possession of $1.8 million in Bitcoin, which is believed to be related to the attacks." – Steve Prentiss [01:32]

3. Boyd Gaming Hacked – Employee Data Breach

[01:52]
- Boyd Gaming (Las Vegas) disclosed employee information was stolen in a cyber attack, per SEC notification.
- The breach reportedly had no operational impact on casinos or business but did compromise employee and some other personal data.
- Details on the attack method (such as ransomware) remain undisclosed.
- Boyd operates casinos in 11 states.

4. Supermicro BMC Vulnerabilities – Persistent Backdoor Warning

[02:34]
- Firmware security company Binarly details two vulnerabilities in Super Micro baseboard management controller (BMC) products.
- Attackers could craft malicious images that bypass previous patches, gaining persistent control of BMC and the host OS.
- Quote: "They say the issue could allow potential attackers to gain complete and persistent control of both the BMC system and the main server OS." – Steve Prentiss [02:54]

5. Salesforce AI Prompt Injection Vulnerability

[03:36]
- NOMA Security reveals a critical “indirect prompt injection” flaw (dubbed Forced Leak, CVSS 9.4) in Salesforce Agent Force (AI agent platform).
- Exploitable via Web2Lead; attackers could exfiltrate CRM data.
- Problem stems from AI processing malicious data/instructions from external sources, which leads to disclosure or unintended actions.

6. Preschool Network Breach – Kido International Attacked

[04:18]
- Radiant Group leaks highly sensitive data from Kido International, a UK-based preschool/daycare provider.
- Exposed data: images/names of children, home addresses, parents’ contact info, some work details.
- The attack is described on-air as “reprehensible and sinking to the lowest depths possible.”

7. Volvo North America Data Breach

[05:08]
- Disclosure of staff data stemming from a third-party ransomware incident (MEO Data).
- Impacted systems manage HR records, medical certificates, and injury reports for Volvo NA and at least 25 other organizations.
- Ransomware group “Data Carry” claims responsibility.

8. Zendto File Transfer Application Flaw

[06:01]
- Researchers identify a critical path traversal flaw in Zendto (versions 6.15–7).
- Authenticated users can manipulate file paths to retrieve sensitive data by exploiting weak sanitization.
- Quote: "Ultimately, this leads to a method that can enumerate and exfiltrate any user uploaded content or critical system files." – Steve Prentiss [06:20]

Notable Quotes & Moments with Timestamps

Euroconsumers pushing Microsoft:
"[Euroconsumers]...asked that Microsoft Postpone the Windows 10 end of support date beyond October 14, 2025, noting that previous versions such as Windows 7 and Windows XP were supported for more than seven years after Windows 8 and Vist were introduced." – Steve Prentiss [00:34]
Teen hacker speculation:
"The teen has had his access to the Internet restricted to educational use only, and speculation abounds as to whether he is still in possession of $1.8 million in Bitcoin, which is believed to be related to the attacks." – Steve Prentiss [01:32]
Supermicro BMC criticality:
"They say the issue could allow potential attackers to gain complete and persistent control of both the BMC system and the main server OS." – Steve Prentiss [02:54]
Preschool hack condemnation:
"...an attack described by people in the cybersecurity business as reprehensible and sinking to the lowest depths possible..." – Steve Prentiss [04:19]

Important Timestamps for Quick Reference

[00:11] – Microsoft extends Windows 10 updates in Europe
[01:00] – Vegas teen hacker custody outcome
[01:52] – Boyd Gaming employee data breach
[02:34] – Supermicro BMC vulnerabilities detailed
[03:36] – Salesforce AI indirect prompt injection bug disclosed
[04:18] – Kido International preschool network breach
[05:08] – Volvo North America third-party data breach
[06:01] – Zendto path traversal flaw explained

wavePod

Windows 10 extension, teenage Vegas hacker released, Boyd Gaming hacked

Powered by Wave AI

Summary

Cyber Security Headlines – Episode Summary

Overview

Key Stories and Discussion Points

1. Windows 10 Security Support Extended in Europe

2. Teenage Vegas Casino Hacker Released to Parents

3. Boyd Gaming Hacked – Employee Data Breach

4. Supermicro BMC Vulnerabilities – Persistent Backdoor Warning

5. Salesforce AI Prompt Injection Vulnerability

6. Preschool Network Breach – Kido International Attacked

7. Volvo North America Data Breach

8. Zendto File Transfer Application Flaw

Notable Quotes & Moments with Timestamps

Important Timestamps for Quick Reference

Tone and Style

Summary

Summary

Cyber Security Headlines – Episode Summary

Overview

Key Stories and Discussion Points

1. Windows 10 Security Support Extended in Europe

2. Teenage Vegas Casino Hacker Released to Parents

3. Boyd Gaming Hacked – Employee Data Breach

4. Supermicro BMC Vulnerabilities – Persistent Backdoor Warning

5. Salesforce AI Prompt Injection Vulnerability

6. Preschool Network Breach – Kido International Attacked

7. Volvo North America Data Breach

8. Zendto File Transfer Application Flaw

Notable Quotes & Moments with Timestamps

Important Timestamps for Quick Reference

Tone and Style

Summary