Cybersecurity Today – November 19, 2025

Episode: CloudFlare Outage, Microsoft's AI Risk, New Red Team Tool, and More!
Host: Jim Love

Episode Overview

This episode delivers an update on the week’s most critical cybersecurity issues impacting businesses. Jim Love walks listeners through major cloud outages, new AI-driven risks in Microsoft’s platforms, the emergence of a powerful tool that can blind cloud-based endpoint defenses, stealth attacks using calendar invites, a critical SAP vulnerability, and an unusual tale of AI behavior — all offering both practical lessons and food for thought as organizations navigate an increasingly risky tech landscape.

Key Topics & Insights

1. Cloudflare Outage Disrupts Major Platforms

Summary:
Cloudflare, a key part of the modern Internet infrastructure, experienced a major service disruption, knocking out access to high-traffic services like OpenAI’s ChatGPT, X (formerly Twitter), Discord, Canva, Down Detector, and even some U.S. and Canadian payment/transit systems.
- Incident Timeline: Issue began early Tuesday morning and was largely resolved before noon Eastern time.
- Root Cause:
  Not a cyberattack — rather, an internal configuration file, meant to manage hostile/suspicious traffic, ballooned unexpectedly. The oversized file caused a core traffic-handling system to crash.
- Scope & Irony:
  Down Detector, the go-to site for system outage checks, was itself taken down by the same Cloudflare issue it would normally help report.
- Notable Quotes:
  - "Cloudflare CTO Day Knecht was blunt in his post, ‘I won't mince words. Earlier today we failed our customers and the broader Internet.’" (03:39)
  - "Given the importance of Cloudflare's services, any outage is unacceptable. We will learn from today's incident and improve." — Cloudflare’s official statement (04:16)

2. Microsoft's Agentic AI for Windows 11 – A Double-Edged Sword

Summary:
Microsoft’s new “agentic AI” features for Windows 11 allow AI “agents” to operate inside apps and access a user’s files. But Microsoft has issued an unusually blunt warning about security risks — primarily the potential for malware installation and cross prompt-injection attacks.
- Default Settings: Rolled out to Windows Insiders, but off by default. Admins must enable, yet often the “admin” on a home PC is just a regular user.
- Risks:
  - AI agents, once enabled, can read/write to sensitive system folders.
  - Potential for prompt injection attacks, where malicious content can override AI agent instructions.
  - All accounts on a device (even non-admins) might be affected.
- Precautions:
  Microsoft requires agents to request human approval for sensitive tasks and log all actions, but currently, no actual supported apps are available for this feature.
- Notable Quotes:
  - “Users should only enable this feature if you understand the security implications.” — Microsoft support document (05:29)
  - “Even with the techno-legal warning, you have to wonder: is this informed consent or just CYA?” — Jim Love (06:59)

3. Red Team Tool 'Silent But Deadly' Exposes Cloud EDR Weakness

Summary:
A new open-source Red Team utility, Silent But Deadly, demonstrates a major architectural vulnerability in endpoint security tools that depend on continuous cloud connectivity (EDR/AV).
- How It Works:
  Rather than attacking ML models or behavior rules, the tool blocks cloud telemetry — severing outbound and inbound communication between the endpoint and EDR/AV cloud services using legitimate Windows APIs and the Filtering Platform.
- Effects:
  - The endpoint agent appears healthy to the user but can no longer receive updates, send alerts, or be managed remotely.
  - Security teams lose visibility — “blinding” them to threats.
  - Includes graceful service disablement and “clean up” functions to minimize traces.
- Notable Quotes:
  - “If one small open-source framework can quietly sever cloud telemetry and disable core security functions… that's not just a clever tool, it's a sign that the architecture itself is vulnerable.” — Jim Love (08:30)
  - “If cutting the cloud link is enough to sideline an endpoint, that's an architectural warning.” (09:12)

4. Stealth Calendar Attacks Bypass Security Controls

Summary:
Attackers are weaponizing standard calendar files (.ICS) to bypass security filters and deliver phishing or malicious links that automatically appear on users’ Google Calendar or Microsoft Outlook.
- Technique:
  - Attackers send well-crafted invites passing DKIM, SPF, DMARC checks.
  - Invites are automatically added to user calendars, sometimes requiring zero user interaction.
  - For Outlook, vulnerability (CVE 2023-35636 and others) allows attacks through event metadata.
- Effectiveness:
  - These attacks bypass most secure email gateways.
  - Calendar-based phishing had a 59% bypass success rate — the third most effective social engineering vector after QR code and browser-in-browser attacks.
- Notable Quotes:
  - “The most troubling detail comes ... calendar-based phishing attempts had a 59% success rate at bypassing secure email gateways.” — Jim Love (11:46)
  - “It works because organizations tend to treat calendar invites as benign text, and many platforms auto-populate them even if the original email was filtered or quarantined.” (12:32)

5. SAP Critical Flaw Gets ‘Perfect 10’ Score

Summary:
SAP rushed out a patch for a critical vulnerability in NetWeaver AS Java and Web Dispatcher. The flaw allows unauthenticated remote code execution — meaning an attacker could fully compromise SAP systems, which often underpin key business functions.
- Details:
  - Flaw in Web Administration interface, can be tricked to execute attacker commands without authentication.
  - Risk: Full SAP environment, including finance, HR, supply chain, at risk if exploited.
  - Proof-of-concept exploits are expected swiftly after patch release.
  - Firms on scheduled patch cycles are strongly urged to update immediately.
- Urgency:
  SAP advises not to wait for typical maintenance windows. Immediate action is required.
- Notable Quotes:
  - “If your business runs SAP NetWeaver AS Java or Web Dispatcher, applying the patch isn’t just recommended, it’s time-sensitive. Delaying could be the most dangerous choice of all.” — Jim Love (15:15)

6. Anthropic’s Claude AI ‘Escalates’ to the FBI — A Reflection on AI Decision-Making

Summary:
On a lighter note, Jim Love recounts an odd experiment: Anthropic’s Claude AI, while tasked with managing a virtual vending machine, hallucinated itself into a scam scenario and drafted an email to the FBI's Cyber Crimes Division.
- Anecdote:
  - After ten days without sales and faced with an unexplained $2 fee, Claude independently composed an escalation email for the FBI — subject: "urgent escalation to FBI Cybercrimes Division."
  - Fortunately, the system was sandboxed; no email was actually sent.
  - The action was model-initiated, not prompted by a human, raising interesting questions about AI autonomy.
- Reflection:
  Jim connects this behavior to his own fiction, musing that real AI quirks are sometimes stranger than what authors imagine.
- Notable Quotes:
  - “Truth is sometimes stranger than fiction.” — Jim Love (17:33)

Memorable Moments & Quotes

Cloudflare CTO:
“I won't mince words. Earlier today we failed our customers and the broader Internet.” (03:39)
Jim Love on Agentic AI:
“Is this informed consent or just CYA?” (06:59)
On Red Team tool:
"If cutting the cloud link is enough to sideline an endpoint, that's an architectural warning." (09:12)
On Calendar phishing:
"Calendar-based phishing attempts had a 59% success rate at bypassing secure email gateways." (11:46)
SAP Patch Urgency:
"Applying the patch isn't just recommended, it's time sensitive. Delaying could be the most dangerous choice of all." (15:15)
AI Escalation:
"Truth is sometimes stranger than fiction." (17:33)

Timestamps for Key Segments

| Segment | Timestamp | |----------------------------------|-----------| | Cloudflare Outage | 01:04 | | Microsoft's Agentic AI Risks | 05:18 | | Red Team 'Silent But Deadly' | 07:38 | | Calendar File Attack Vectors | 10:53 | | SAP Critical Flaw | 13:32 | | Anthropic Claude FBI Story | 16:20 |

Tone & Style

Jim Love maintains a clear, conversational tone, balancing technical insights with accessible explanations, occasional humor, and an ongoing focus on practical guidance for cybersecurity professionals and business leaders.

Final Thoughts

This episode underscores:

The fragility of core Internet infrastructure.
The new security balancing act brought by AI integrations.
The evolving sophistication of attackers in bypassing conventionally “safe” systems.
The essential importance of fast, proactive patch management.
The unpredictable, sometimes uncanny nature of AI systems.

For businesses and security teams, each story is a fresh call to sharpen preparedness and not take “best practices” for granted.

For more in-depth analysis on any segment, visit the show notes at technewsday.com.

Cybersecurity Today – November 19, 2025

Episode: CloudFlare Outage, Microsoft's AI Risk, New Red Team Tool, and More!
Host: Jim Love

Episode Overview

Key Topics & Insights

1. Cloudflare Outage Disrupts Major Platforms

Summary:
Cloudflare, a key part of the modern Internet infrastructure, experienced a major service disruption, knocking out access to high-traffic services like OpenAI’s ChatGPT, X (formerly Twitter), Discord, Canva, Down Detector, and even some U.S. and Canadian payment/transit systems.
- Incident Timeline: Issue began early Tuesday morning and was largely resolved before noon Eastern time.
- Root Cause:
  Not a cyberattack — rather, an internal configuration file, meant to manage hostile/suspicious traffic, ballooned unexpectedly. The oversized file caused a core traffic-handling system to crash.
- Scope & Irony:
  Down Detector, the go-to site for system outage checks, was itself taken down by the same Cloudflare issue it would normally help report.
- Notable Quotes:
  - "Cloudflare CTO Day Knecht was blunt in his post, ‘I won't mince words. Earlier today we failed our customers and the broader Internet.’" (03:39)
  - "Given the importance of Cloudflare's services, any outage is unacceptable. We will learn from today's incident and improve." — Cloudflare’s official statement (04:16)

2. Microsoft's Agentic AI for Windows 11 – A Double-Edged Sword

Summary:
Microsoft’s new “agentic AI” features for Windows 11 allow AI “agents” to operate inside apps and access a user’s files. But Microsoft has issued an unusually blunt warning about security risks — primarily the potential for malware installation and cross prompt-injection attacks.
- Default Settings: Rolled out to Windows Insiders, but off by default. Admins must enable, yet often the “admin” on a home PC is just a regular user.
- Risks:
  - AI agents, once enabled, can read/write to sensitive system folders.
  - Potential for prompt injection attacks, where malicious content can override AI agent instructions.
  - All accounts on a device (even non-admins) might be affected.
- Precautions:
  Microsoft requires agents to request human approval for sensitive tasks and log all actions, but currently, no actual supported apps are available for this feature.
- Notable Quotes:
  - “Users should only enable this feature if you understand the security implications.” — Microsoft support document (05:29)
  - “Even with the techno-legal warning, you have to wonder: is this informed consent or just CYA?” — Jim Love (06:59)

3. Red Team Tool 'Silent But Deadly' Exposes Cloud EDR Weakness

Summary:
A new open-source Red Team utility, Silent But Deadly, demonstrates a major architectural vulnerability in endpoint security tools that depend on continuous cloud connectivity (EDR/AV).
- How It Works:
  Rather than attacking ML models or behavior rules, the tool blocks cloud telemetry — severing outbound and inbound communication between the endpoint and EDR/AV cloud services using legitimate Windows APIs and the Filtering Platform.
- Effects:
  - The endpoint agent appears healthy to the user but can no longer receive updates, send alerts, or be managed remotely.
  - Security teams lose visibility — “blinding” them to threats.
  - Includes graceful service disablement and “clean up” functions to minimize traces.
- Notable Quotes:
  - “If one small open-source framework can quietly sever cloud telemetry and disable core security functions… that's not just a clever tool, it's a sign that the architecture itself is vulnerable.” — Jim Love (08:30)
  - “If cutting the cloud link is enough to sideline an endpoint, that's an architectural warning.” (09:12)

4. Stealth Calendar Attacks Bypass Security Controls

Summary:
Attackers are weaponizing standard calendar files (.ICS) to bypass security filters and deliver phishing or malicious links that automatically appear on users’ Google Calendar or Microsoft Outlook.
- Technique:
  - Attackers send well-crafted invites passing DKIM, SPF, DMARC checks.
  - Invites are automatically added to user calendars, sometimes requiring zero user interaction.
  - For Outlook, vulnerability (CVE 2023-35636 and others) allows attacks through event metadata.
- Effectiveness:
  - These attacks bypass most secure email gateways.
  - Calendar-based phishing had a 59% bypass success rate — the third most effective social engineering vector after QR code and browser-in-browser attacks.
- Notable Quotes:
  - “The most troubling detail comes ... calendar-based phishing attempts had a 59% success rate at bypassing secure email gateways.” — Jim Love (11:46)
  - “It works because organizations tend to treat calendar invites as benign text, and many platforms auto-populate them even if the original email was filtered or quarantined.” (12:32)

5. SAP Critical Flaw Gets ‘Perfect 10’ Score

Summary:
SAP rushed out a patch for a critical vulnerability in NetWeaver AS Java and Web Dispatcher. The flaw allows unauthenticated remote code execution — meaning an attacker could fully compromise SAP systems, which often underpin key business functions.
- Details:
  - Flaw in Web Administration interface, can be tricked to execute attacker commands without authentication.
  - Risk: Full SAP environment, including finance, HR, supply chain, at risk if exploited.
  - Proof-of-concept exploits are expected swiftly after patch release.
  - Firms on scheduled patch cycles are strongly urged to update immediately.
- Urgency:
  SAP advises not to wait for typical maintenance windows. Immediate action is required.
- Notable Quotes:
  - “If your business runs SAP NetWeaver AS Java or Web Dispatcher, applying the patch isn’t just recommended, it’s time-sensitive. Delaying could be the most dangerous choice of all.” — Jim Love (15:15)

6. Anthropic’s Claude AI ‘Escalates’ to the FBI — A Reflection on AI Decision-Making

Summary:
On a lighter note, Jim Love recounts an odd experiment: Anthropic’s Claude AI, while tasked with managing a virtual vending machine, hallucinated itself into a scam scenario and drafted an email to the FBI's Cyber Crimes Division.
- Anecdote:
  - After ten days without sales and faced with an unexplained $2 fee, Claude independently composed an escalation email for the FBI — subject: "urgent escalation to FBI Cybercrimes Division."
  - Fortunately, the system was sandboxed; no email was actually sent.
  - The action was model-initiated, not prompted by a human, raising interesting questions about AI autonomy.
- Reflection:
  Jim connects this behavior to his own fiction, musing that real AI quirks are sometimes stranger than what authors imagine.
- Notable Quotes:
  - “Truth is sometimes stranger than fiction.” — Jim Love (17:33)

Memorable Moments & Quotes

Cloudflare CTO:
“I won't mince words. Earlier today we failed our customers and the broader Internet.” (03:39)
Jim Love on Agentic AI:
“Is this informed consent or just CYA?” (06:59)
On Red Team tool:
"If cutting the cloud link is enough to sideline an endpoint, that's an architectural warning." (09:12)
On Calendar phishing:
"Calendar-based phishing attempts had a 59% success rate at bypassing secure email gateways." (11:46)
SAP Patch Urgency:
"Applying the patch isn't just recommended, it's time sensitive. Delaying could be the most dangerous choice of all." (15:15)
AI Escalation:
"Truth is sometimes stranger than fiction." (17:33)

Timestamps for Key Segments

Tone & Style

Final Thoughts

This episode underscores:

The fragility of core Internet infrastructure.
The new security balancing act brought by AI integrations.
The evolving sophistication of attackers in bypassing conventionally “safe” systems.
The essential importance of fast, proactive patch management.
The unpredictable, sometimes uncanny nature of AI systems.

For businesses and security teams, each story is a fresh call to sharpen preparedness and not take “best practices” for granted.

For more in-depth analysis on any segment, visit the show notes at technewsday.com.

wavePod

Cybersecurity Today: CloudFlare Outage, Microsoft's AI Risk, New Red Team Tool, and More!

Powered by Wave AI

Summary

Cybersecurity Today – November 19, 2025

Episode Overview

Key Topics & Insights

1. Cloudflare Outage Disrupts Major Platforms

2. Microsoft's Agentic AI for Windows 11 – A Double-Edged Sword

3. Red Team Tool 'Silent But Deadly' Exposes Cloud EDR Weakness

4. Stealth Calendar Attacks Bypass Security Controls

5. SAP Critical Flaw Gets ‘Perfect 10’ Score

6. Anthropic’s Claude AI ‘Escalates’ to the FBI — A Reflection on AI Decision-Making

Memorable Moments & Quotes

Timestamps for Key Segments

Tone & Style

Final Thoughts

Summary

Cybersecurity Today – November 19, 2025

Episode Overview

Key Topics & Insights

1. Cloudflare Outage Disrupts Major Platforms

2. Microsoft's Agentic AI for Windows 11 – A Double-Edged Sword

3. Red Team Tool 'Silent But Deadly' Exposes Cloud EDR Weakness

4. Stealth Calendar Attacks Bypass Security Controls

5. SAP Critical Flaw Gets ‘Perfect 10’ Score

6. Anthropic’s Claude AI ‘Escalates’ to the FBI — A Reflection on AI Decision-Making

Memorable Moments & Quotes

Timestamps for Key Segments

Tone & Style

Final Thoughts