Summary4 min read

Cyber Security Headlines – Episode Summary

Host: Steve Prentiss
Date: November 17, 2025
Theme: Top cybersecurity news, incident reports, and emerging trends impacting organizations globally

Episode Overview

In this episode, host Steve Prentiss brings listeners the latest and most impactful updates from the world of information security. Key stories include a critical Windows 10 update failure, the first large-scale autonomous AI-powered cyber attack, federal agency mishaps with Cisco vulnerability patches, and several high-profile breaches. The content is concise yet rich, targeting security professionals and anyone staying alert to current cyber risks.

Key Discussion Points and Insights

1. Windows 10 Update Failure

Story (00:10–01:12):
Microsoft reported that the Windows 10 KB50068781 Extended Security Update—released on November 11—has been failing for corporate users.
- Devices show numbered errors and appear to install the update, but roll it back on restart.
- The issue affects only business users with corporate licenses.
Notable Quote:

"It is instead showing numbered errors on devices with corporate licenses... it appears to install successfully, but after a restart fails to apply and rolls back."
— Steve Prentiss (00:16)

2. Autonomous AI Cyber Attack by China-backed Hackers

Story (01:12–02:02):
In September, threat actors utilized Claude code AI from Anthropic to autonomously execute cyber attacks—marking an escalation from AI-guided to AI-operated campaigns.
- The campaign targeted 30 organizations worldwide, including tech, finance, chemicals, and government sectors.
- Attackers used the AI’s “agentic capabilities” to automate each phase of attack without human intervention.
Notable Quote:

"Experts describe this as an unprecedented shift from AI as advisor to AI as operator."
— Steve Prentiss (01:46)

3. US Feds Fumble Cisco Patch Requirements

Story (02:02–03:08):
US government agencies are not adequately updating Cisco devices, despite active threats and an emergency CISA directive.
- Some agencies believed they had fully patched, but weren’t on the minimum required software versions.
- The failure happened in the wake of a “widespread hacking campaign known as Arcane Door.”
- The government shutdown further delayed the response.
Notable Quote:

"The government shutdown exacerbated the threat landscape by slowing down response and coordination efforts."
— Steve Prentiss (03:00)

4. Guilty Pleas in North Korean Sanctions Evasion Scheme

Story (03:08–04:02):
Five US-based individuals pleaded guilty to wire fraud and conspiracy for helping North Korean IT workers pose as Americans to secure jobs at 136 US companies, violating international sanctions.
- Defendants hosted company laptops, installed remote software, and even appeared in drug tests for the North Korean operatives.
Notable Quote:

"The defendants also helped with passing employer vetting procedures, including appearing for drug testing on behalf of their North Korean clients."
— Steve Prentiss (03:50)

5. Cyber Attack on Russian Port Operator

Story (04:45–05:37):
The Russian port operator Port Alliance suffered a prolonged cyberattack disrupting its digital infrastructure for at least three days.
- Attackers employed a DDoS and network intrusion attempts using a botnet of 15,000+ IP addresses.
- Attacks targeted critical export operations but were ultimately unsuccessful.
Notable Quote:

"The unidentified hackers used a botnet of more than 15,000 unique IP addresses from around the world and continuously changed tactics to evade security defenses, but were not successful in their mission."
— Steve Prentiss (05:28)

6. DoorDash Data Breach

Story (05:37–06:12):
DoorDash reported a breach from October 25, exposing names, addresses, phone numbers, and emails.
- The incident was the result of a successful social engineering scam on a company employee.
- This is DoorDash’s third major incident.
Notable Quote:

"The incident has been traced to, quote, a DoorDash employee falling victim to a social engineering scam, end quote."
— Steve Prentiss (05:54)

7. North Korean Hackers Using JSON Services for Malware

Story (06:12–06:55):
North Korean threat actors are now using services like jsonkeeper, JSON Silo, and Endpoint IO for malware delivery.
- They continue to use LinkedIn and code repositories (GitHub, GitLab, BitBucket) to lure victims under job and project pretexts.

8. Jaguar Land Rover Cyberattack Cost

Story (06:55–07:30):
Jaguar Land Rover announced a £196 million ($220 million) loss from a September cyberattack, which forced plant shutdowns, staff furloughs, and resulted in data theft.
- The attack is attributed to the ‘Scattered Lapsus Hunters’ group.

Memorable Moments & Quotes

On AI-driven attacks:
"An unprecedented shift from AI as advisor to AI as operator." (01:46, Steve Prentiss)
On the failure of federal patching:
"The government shutdown exacerbated the threat landscape..." (03:00, Steve Prentiss)
On insider threat & compliance fraud:
"The defendants also helped with passing employer vetting procedures, including appearing for drug testing..." (03:50, Steve Prentiss)

Timestamps for Key Segments

00:10 – Windows 10 update failure
01:12 – First large-scale autonomous AI cyber attack
02:02 – Federal agencies mishandle Cisco device patches
03:08 – US facilitators of North Korean IT worker infiltration plead guilty
04:45 – Cyberattack on Russian port operator
05:37 – DoorDash data breach
06:12 – North Korean malware via JSON storage
06:55 – Jaguar Land Rover attack cost update

Tone and Language

Steve Prentiss' delivery is brisk, clear, and professional, with a strong focus on the essential facts, risks, and real-world consequences of each event. The episode equips listeners with actionable awareness for immediate cybersecurity concerns.

For full stories and daily updates, visit CISOseries.com.

Loading summary

Transcript3 lines

[00:00]
A
From the CISO series. It's Cybersecurity Headlines.
[00:07]
B
These are the cybersecurity headlines for Monday, November 17, 2025. I'm Steve Prentiss. Microsoft warns of potential Windows 10 update failure the company has confirmed it is investigating an issue in which a bug causing the Windows 10 KB50068781 Extended Security Update to fail install. It is instead showing numbered errors on devices with corporate licenses. The security update was released on November 11th as part of Patch Tuesday. Some business Windows 10 users have since reported on its failure to install, and more precisely, it appears to install successfully, but after a restart fails to apply and rolls back China backed Hackers launch first large scale autonomous AI cyber Attack In September, the threat actors used Claude code AI from anthropic to automate and execute cyber attacks in a sophisticated espionage campaign. They made use of its advanced agentic capabilities rather than using AI only for guidance, and so allowed the attack to execute itself autonomously. Experts describe this as an unprecedented shift from AI as advisor to AI as operator. The attack targeted 30 global tech, finance, chemicals and government organizations and succeeded in a few cases. Feds fumbled Cisco patches requirements, says CISA According to a new report from cisa, US Government agencies are failing to adequately patch critical vulnerabilities in Cisco devices despite the presence of hackers who pose significant risk. This report was published Wednesday after the agency had become aware of multiple organizations that believed they had applied the necessary updates but had not in fact updated to the minimum software version. This follows an emergency directive from the agency after uncovering a widespread hacking campaign known as Arcane Door, targeting Cisco adaptive security appliances and firewalls. Current and former federal cyber officials did say that the government shutdown exacerbated the threat landscape by slowing down response and coordination efforts. Five U S based individuals plead guilty to helping North Korean IT workers infiltrate 136 companies. The U.S. department of justice announced on Friday that these five individuals had pleaded guilty in violation of international sanctions. The counts were off wire fraud and conspiracy for knowingly allowing IT workers located outside of the US to use their US identities to secure jobs at American firms between September 2019 and November 2022. Three of these defendants had also served as facilitators, hosting the company issued laptops at their residences and installing remote desktop software so that the IT workers could give the impression that they were working remotely within the U.S. the defendants also helped with passing employer vetting procedures, including appearing for drug testing on behalf of their North Korean clients. Huge thanks to our sponsor knowbe4 your email gateway isn't catching everything, and cybercriminals know it. That's why there's KnowBe4's Cloud Email Security platform. It's not just another filter, it's a dynamic AI powered layer of defense that detects and stops advanced advanced threats before they reach your user's inbox. Request a demo of KnowBe4's cloud email security@knowbefore.com that is kn o w b e and the number4.com or visit them this week at Microsoft Ignite booth 5523 cyber attack on Russian port operator aimed to disrupt coal and fertilizer shipments the Russian port operator Port alliance stated on Thursday it was in its third day of disruptions resulting from a cyberattack that was targeting key parts of its digital infrastructure. The attacks took the forms of a DDoS attack and attempts to breach its networks. Port alliance claims the goal of the attacks was to destabilize operations and disrupt business processes tied to exports of coal and mineral fertilizers through its numerous seaports in the Baltic and Black Sea, Far Eastern and Arctic regions. The unidentified hackers used a botnet of more than 15,000 unique IP addresses from around the world and continuously changed tactics to evade security defenses, but were not successful in their mission. DoorDash suffers new data breach this attack occurred on October 25th. In an announcement sent to customers this past week, the company says the information stolen may have included first and last name, physical address, phone number and email address, end quote. The incident has been traced to, quote, a DoorDash employee falling victim to a social engineering scam, end quote. The notification does not specify how many users were affected, but they did say it impacts consumers, dashers and merchants in the US And Canada. This is the third notable security incident suffered by the company. North Korean hackers turn JSON services into malware delivery channels Building on their extensive experience in using job offers to distribute malware. These threat actors are now using JSON storage services like jsonkeeper, JSON, Silo and Endpoint IO to host and deliver malware from Trojanized code projects. As is often the case, they approach victims through networking sites such as LinkedIn, either under the pretext of conducting a job assessment or collaborating on a project, as part of which they are instructed to download a demo project hosted on platforms like GitHub, GitLab or BitBucket. Jaguar Land Rover cyberattack cost the company over $220 million following up on a story we have been covering since September, the Jaguar Land Rover car manufacturer has published its financial results for July 1 through September 30 and has warned that the cost of the September cyber attack totaled 196 million pounds, equivalent to 220 million dollars in that quarter. The attack forced the British carmaker to shut down production at its major plants and send its staff home. Data was stolen during the attack, which was allegedly deployed by the Scattered Lapsus Hunters group. Remember to join us later today on the CISO Series YouTube channel for the Department of no. If you've ever brought some of the news from our show to your security team, then you need to join us. We'll be digging into the stories that matter most to your security day to day and help you frame them for the rest of your organization. It starts at 4pm Eastern time. Come and watch the live stream, get involved in the chat and please say hi. And if you have some thoughts on the news from today or about this show in general, please be sure to reach out to us@feedbackisoseries.com we would love to hear from you. Steve I'm Steve Prentice reporting for the CISO series.
[07:51]
A
Cybersecurity headlines are available every weekday. Head to CISoseries.com for the full stories behind the headlines.