Cyber Security Headlines – Episode Summary

Host: Steve Prentiss
Date: November 17, 2025
Theme: Top cybersecurity news, incident reports, and emerging trends impacting organizations globally

Episode Overview

In this episode, host Steve Prentiss brings listeners the latest and most impactful updates from the world of information security. Key stories include a critical Windows 10 update failure, the first large-scale autonomous AI-powered cyber attack, federal agency mishaps with Cisco vulnerability patches, and several high-profile breaches. The content is concise yet rich, targeting security professionals and anyone staying alert to current cyber risks.

Key Discussion Points and Insights

1. Windows 10 Update Failure

• Story (00:10–01:12):
  Microsoft reported that the Windows 10 KB50068781 Extended Security Update—released on November 11—has been failing for corporate users.

  • Devices show numbered errors and appear to install the update, but roll it back on restart.
  • The issue affects only business users with corporate licenses.

  Notable Quote:

  "It is instead showing numbered errors on devices with corporate licenses... it appears to install successfully, but after a restart fails to apply and rolls back."
  — Steve Prentiss (00:16)

2. Autonomous AI Cyber Attack by China-backed Hackers

• Story (01:12–02:02):
  In September, threat actors utilized Claude code AI from Anthropic to autonomously execute cyber attacks—marking an escalation from AI-guided to AI-operated campaigns.

  • The campaign targeted 30 organizations worldwide, including tech, finance, chemicals, and government sectors.
  • Attackers used the AI’s “agentic capabilities” to automate each phase of attack without human intervention.

  Notable Quote:

  "Experts describe this as an unprecedented shift from AI as advisor to AI as operator."
  — Steve Prentiss (01:46)

3. US Feds Fumble Cisco Patch Requirements

• Story (02:02–03:08):
  US government agencies are not adequately updating Cisco devices, despite active threats and an emergency CISA directive.

  • Some agencies believed they had fully patched, but weren’t on the minimum required software versions.
  • The failure happened in the wake of a “widespread hacking campaign known as Arcane Door.”
  • The government shutdown further delayed the response.

  Notable Quote:

  "The government shutdown exacerbated the threat landscape by slowing down response and coordination efforts."
  — Steve Prentiss (03:00)

4. Guilty Pleas in North Korean Sanctions Evasion Scheme

• Story (03:08–04:02):
  Five US-based individuals pleaded guilty to wire fraud and conspiracy for helping North Korean IT workers pose as Americans to secure jobs at 136 US companies, violating international sanctions.

  • Defendants hosted company laptops, installed remote software, and even appeared in drug tests for the North Korean operatives.

  Notable Quote:

  "The defendants also helped with passing employer vetting procedures, including appearing for drug testing on behalf of their North Korean clients."
  — Steve Prentiss (03:50)

5. Cyber Attack on Russian Port Operator

• Story (04:45–05:37):
  The Russian port operator Port Alliance suffered a prolonged cyberattack disrupting its digital infrastructure for at least three days.

  • Attackers employed a DDoS and network intrusion attempts using a botnet of 15,000+ IP addresses.
  • Attacks targeted critical export operations but were ultimately unsuccessful.

  Notable Quote:

  "The unidentified hackers used a botnet of more than 15,000 unique IP addresses from around the world and continuously changed tactics to evade security defenses, but were not successful in their mission."
  — Steve Prentiss (05:28)

6. DoorDash Data Breach

• Story (05:37–06:12):
  DoorDash reported a breach from October 25, exposing names, addresses, phone numbers, and emails.

  • The incident was the result of a successful social engineering scam on a company employee.
  • This is DoorDash’s third major incident.

  Notable Quote:

  "The incident has been traced to, quote, a DoorDash employee falling victim to a social engineering scam, end quote."
  — Steve Prentiss (05:54)

7. North Korean Hackers Using JSON Services for Malware

• Story (06:12–06:55):
  North Korean threat actors are now using services like jsonkeeper, JSON Silo, and Endpoint IO for malware delivery.
  • They continue to use LinkedIn and code repositories (GitHub, GitLab, BitBucket) to lure victims under job and project pretexts.

8. Jaguar Land Rover Cyberattack Cost

• Story (06:55–07:30):
  Jaguar Land Rover announced a £196 million ($220 million) loss from a September cyberattack, which forced plant shutdowns, staff furloughs, and resulted in data theft.
  • The attack is attributed to the ‘Scattered Lapsus Hunters’ group.

Memorable Moments & Quotes

• On AI-driven attacks:
  "An unprecedented shift from AI as advisor to AI as operator." (01:46, Steve Prentiss)

• On the failure of federal patching:
  "The government shutdown exacerbated the threat landscape..." (03:00, Steve Prentiss)

• On insider threat & compliance fraud:
  "The defendants also helped with passing employer vetting procedures, including appearing for drug testing..." (03:50, Steve Prentiss)

Timestamps for Key Segments

• 00:10 – Windows 10 update failure
• 01:12 – First large-scale autonomous AI cyber attack
• 02:02 – Federal agencies mishandle Cisco device patches
• 03:08 – US facilitators of North Korean IT worker infiltration plead guilty
• 04:45 – Cyberattack on Russian port operator
• 05:37 – DoorDash data breach
• 06:12 – North Korean malware via JSON storage
• 06:55 – Jaguar Land Rover attack cost update

Tone and Language

Steve Prentiss' delivery is brisk, clear, and professional, with a strong focus on the essential facts, risks, and real-world consequences of each event. The episode equips listeners with actionable awareness for immediate cybersecurity concerns.

For full stories and daily updates, visit CISOseries.com.