Cybersecurity Today

Episode: Breaking Cybersecurity News: Canada's House of Commons Breached and Windows 10 Support Ending Soon
Date: August 18, 2025
Host: David Shipley (filling in for Jim Love)

Episode Overview

In this episode, David Shipley breaks down urgent cybersecurity events affecting Canada and beyond: a breach at Canada's House of Commons, a cascade of critical Fortinet vulnerabilities, the looming end of Windows 10 support, and a fortuitous malware source code leak offering defenders rare insights. The episode is packed with analysis on how fast threat actors move, what recent exploits tell us, and what organizations (and individuals) should do next.

Key Discussion Points & Insights

1. Canada’s House of Commons Data Breach

Incident Summary:
- On August 8th, an unknown threat actor breached a House of Commons database by exploiting a Microsoft vulnerability, leading to exposure of employee data.
- The hack included names, job titles, office locations, emails, and device technical details.
Nature of the Exploit:
- Incident likely linked to a recently disclosed vulnerability in Microsoft hybrid Exchange and Microsoft 365 environments (CVE-2025-53786).
- The speed at which attackers exploited the vulnerability was “stunning” and mirrored U.S. emergency guidance timelines.
Attribution & Response:
- The Communications Security Establishment (CSE) is assisting but has not attributed the attack.
- The breach highlights Canada as a prime target for “cybercriminals and state-sponsored actors, with China identified as the most sophisticated threat facing the country.”
Potential Impact:
- The stolen data can enable scams or impersonation attacks on Members of Parliament and staff.
- Extent of the breach may be greater than currently disclosed.
Notable Quote:
- “I'd honestly be surprised if the attack took place on August 8th. If this was the SharePoint vulnerability, that would be a pretty stunning failure to mitigate a risk that was well known by that point. It makes way more sense for this to be the hybrid Exchange vulnerability.” — David Shipley [04:10]

2. Fortinet High-Severity Vulnerabilities

New & Ongoing Flaws:
- Two recently confirmed high-severity bugs, with researchers watching for a possible third impacting Fortinet VPN devices.
- Standout vulnerabilities:
  - CVE-2025-25256 (FortiSIEM): 9.8/10 critical rating, enables unauthenticated code execution. Patched in specific versions; users on older branches won’t receive a fix.
  - CVE-2024-26009: 8.1/10, authentication bypass affecting FortiOS, FortiProxy, FortiPAM. Can be exploited if the attacker knows device serial number.
  - Fort Majeure (CVE-2025-52970): Allows forged authentication cookies with an all-zero encryption key.
Defensive Recommendations:
- Immediate patching is essential. Where patching isn’t possible, restrict key network ports.
- Monitor for updates as researchers anticipate more exploit releases.
Notable Moment:
- The episode highlights how attackers rapidly weaponize newly disclosed vulnerabilities—particularly in devices managing sensitive network traffic.

3. Windows 10 End of Support Approaching

Timeline & Costs:
- Windows 10’s official end-of-life is October 14, 2025.
- Post-EOL: No security patches, bug fixes, or tech support unless companies or home users pay for Extended Security Updates (ESU).
  - “In classic Microsoft fashion, end-of-life really means pay us more money for more time…” — David Shipley [13:25]
  - $61 per device per year (enterprise); $30 per device (home).
  - Free ESU available for those enabling Windows Cloud Backup or using reward points.
Current Migration Progress:
- Windows 11 now leads, with 53% adoption overall, led by gamers at nearly 60%.

4. Malware Source Code Leak: Ermac 3.0 Android Trojan

Discovery:
- Researchers found a full source code leak for the advanced Android trojan Ermac 3.0—including backend components and malware builder tools.
Capabilities & Risks:
- Ermac 3.0 targets 700+ apps (banking, shopping, crypto), using sophisticated credential theft methods.
- Linked to the “Duke Eugene” threat actor, with code lineage from Cerberus, BlackRock, and Hook malware.
Leaked Weaknesses:
- Hardcoded secrets, static admin tokens, default root credentials (“ChangeMePleaseSeriously”), and open admin API registration.
- Researchers identified still-active command and control infrastructure, improving defender ability to disrupt.
Strategic Importance:
- The leak offers rare, actionable indicators for threat hunters—improving global defenses against Ermac.
Notable Quote:
- “Sometimes attackers mess up on security, too. Cybersecurity researchers have gained rare insight into the Ermac 3.0 malware… This gives us defenders something rare—real indicators of compromise and infrastructure fingerprints we can act upon.” — David Shipley [18:50]

Notable Quotes & Memorable Moments

On the speed of cyberattacks:
“That’s an example of how fast threat actors can act, especially when they think a door is closing.” — David Shipley [06:52]
On ongoing threats to Canada:
“Canada is a valuable target for cybercriminals and state-sponsored actors, with China identified as the most sophisticated threat facing the country.” — David Shipley [07:37]
On defensive intelligence from criminal mistakes:
“This gives us defenders something rare, real indicators of compromise and infrastructure fingerprints we can act upon and we can use to track, disrupt and dismantle ermac campaigns.” — David Shipley [20:05]

Important Timestamps

00:00 – 06:50: Canada’s House of Commons breach details, timeline and analysis
06:51 – 10:00: Attribution, defenses, and threat assessment for Canada
10:01 – 13:30: Fortinet vulnerabilities – critical patches, affected versions, exploit potential
13:31 – 16:30: Windows 10 end-of-support, ESU pricing, and migration stats
16:31 – 21:00: Ermac 3.0 malware source code leak, threat actor analysis, weaknesses, and implications for defenders

Final Thoughts

The episode shines a light on the ever-accelerating pace of cyber threats, the persistent pressure on major platforms and device vendors, and the unexpected opportunities defenders get when attackers slip up. David Shipley’s analysis balances urgency with practical advice: stay vigilant, prioritize patching, and prepare for the Windows 10 EOL—unless you’re ready to “contribute to Windows 10’s pension.”

“Stay skeptical, stay patched, and be prepared to contribute to Windows 10’s pension if you want to keep it around after October 14th.”
— David Shipley [21:41]

Cybersecurity Today

Episode: Breaking Cybersecurity News: Canada's House of Commons Breached and Windows 10 Support Ending Soon
Date: August 18, 2025
Host: David Shipley (filling in for Jim Love)

Episode Overview

Key Discussion Points & Insights

1. Canada’s House of Commons Data Breach

Incident Summary:
- On August 8th, an unknown threat actor breached a House of Commons database by exploiting a Microsoft vulnerability, leading to exposure of employee data.
- The hack included names, job titles, office locations, emails, and device technical details.
Nature of the Exploit:
- Incident likely linked to a recently disclosed vulnerability in Microsoft hybrid Exchange and Microsoft 365 environments (CVE-2025-53786).
- The speed at which attackers exploited the vulnerability was “stunning” and mirrored U.S. emergency guidance timelines.
Attribution & Response:
- The Communications Security Establishment (CSE) is assisting but has not attributed the attack.
- The breach highlights Canada as a prime target for “cybercriminals and state-sponsored actors, with China identified as the most sophisticated threat facing the country.”
Potential Impact:
- The stolen data can enable scams or impersonation attacks on Members of Parliament and staff.
- Extent of the breach may be greater than currently disclosed.
Notable Quote:
- “I'd honestly be surprised if the attack took place on August 8th. If this was the SharePoint vulnerability, that would be a pretty stunning failure to mitigate a risk that was well known by that point. It makes way more sense for this to be the hybrid Exchange vulnerability.” — David Shipley [04:10]

2. Fortinet High-Severity Vulnerabilities

New & Ongoing Flaws:
- Two recently confirmed high-severity bugs, with researchers watching for a possible third impacting Fortinet VPN devices.
- Standout vulnerabilities:
  - CVE-2025-25256 (FortiSIEM): 9.8/10 critical rating, enables unauthenticated code execution. Patched in specific versions; users on older branches won’t receive a fix.
  - CVE-2024-26009: 8.1/10, authentication bypass affecting FortiOS, FortiProxy, FortiPAM. Can be exploited if the attacker knows device serial number.
  - Fort Majeure (CVE-2025-52970): Allows forged authentication cookies with an all-zero encryption key.
Defensive Recommendations:
- Immediate patching is essential. Where patching isn’t possible, restrict key network ports.
- Monitor for updates as researchers anticipate more exploit releases.
Notable Moment:
- The episode highlights how attackers rapidly weaponize newly disclosed vulnerabilities—particularly in devices managing sensitive network traffic.

3. Windows 10 End of Support Approaching

Timeline & Costs:
- Windows 10’s official end-of-life is October 14, 2025.
- Post-EOL: No security patches, bug fixes, or tech support unless companies or home users pay for Extended Security Updates (ESU).
  - “In classic Microsoft fashion, end-of-life really means pay us more money for more time…” — David Shipley [13:25]
  - $61 per device per year (enterprise); $30 per device (home).
  - Free ESU available for those enabling Windows Cloud Backup or using reward points.
Current Migration Progress:
- Windows 11 now leads, with 53% adoption overall, led by gamers at nearly 60%.

4. Malware Source Code Leak: Ermac 3.0 Android Trojan

Discovery:
- Researchers found a full source code leak for the advanced Android trojan Ermac 3.0—including backend components and malware builder tools.
Capabilities & Risks:
- Ermac 3.0 targets 700+ apps (banking, shopping, crypto), using sophisticated credential theft methods.
- Linked to the “Duke Eugene” threat actor, with code lineage from Cerberus, BlackRock, and Hook malware.
Leaked Weaknesses:
- Hardcoded secrets, static admin tokens, default root credentials (“ChangeMePleaseSeriously”), and open admin API registration.
- Researchers identified still-active command and control infrastructure, improving defender ability to disrupt.
Strategic Importance:
- The leak offers rare, actionable indicators for threat hunters—improving global defenses against Ermac.
Notable Quote:
- “Sometimes attackers mess up on security, too. Cybersecurity researchers have gained rare insight into the Ermac 3.0 malware… This gives us defenders something rare—real indicators of compromise and infrastructure fingerprints we can act upon.” — David Shipley [18:50]

Notable Quotes & Memorable Moments

On the speed of cyberattacks:
“That’s an example of how fast threat actors can act, especially when they think a door is closing.” — David Shipley [06:52]
On ongoing threats to Canada:
“Canada is a valuable target for cybercriminals and state-sponsored actors, with China identified as the most sophisticated threat facing the country.” — David Shipley [07:37]
On defensive intelligence from criminal mistakes:
“This gives us defenders something rare, real indicators of compromise and infrastructure fingerprints we can act upon and we can use to track, disrupt and dismantle ermac campaigns.” — David Shipley [20:05]

Important Timestamps

00:00 – 06:50: Canada’s House of Commons breach details, timeline and analysis
06:51 – 10:00: Attribution, defenses, and threat assessment for Canada
10:01 – 13:30: Fortinet vulnerabilities – critical patches, affected versions, exploit potential
13:31 – 16:30: Windows 10 end-of-support, ESU pricing, and migration stats
16:31 – 21:00: Ermac 3.0 malware source code leak, threat actor analysis, weaknesses, and implications for defenders

Final Thoughts

“Stay skeptical, stay patched, and be prepared to contribute to Windows 10’s pension if you want to keep it around after October 14th.”
— David Shipley [21:41]

wavePod

Breaking Cybersecurity News: Canada's House of Commons Breached and Windows 10 Support Ending Soon

Powered by Wave AI

Summary

Cybersecurity Today

Episode Overview

Key Discussion Points & Insights

1. Canada’s House of Commons Data Breach

2. Fortinet High-Severity Vulnerabilities

3. Windows 10 End of Support Approaching

4. Malware Source Code Leak: Ermac 3.0 Android Trojan

Notable Quotes & Memorable Moments

Important Timestamps

Final Thoughts

Summary

Cybersecurity Today

Episode Overview

Key Discussion Points & Insights

1. Canada’s House of Commons Data Breach

2. Fortinet High-Severity Vulnerabilities

3. Windows 10 End of Support Approaching

4. Malware Source Code Leak: Ermac 3.0 Android Trojan

Notable Quotes & Memorable Moments

Important Timestamps

Final Thoughts