Cybersecurity Today – Summary

Episode: Fortinet Zero Day In Active Exploitation, North Korean Infiltration Grows And More
Host: David Shipley (standing in for Jim Love)
Release Date: November 17, 2025

Episode Overview

This episode delivers a fast-paced roundup of the latest, sobering cybersecurity threats impacting businesses and governments alike. Highlights include Fortinet's critical zero-day vulnerability under active exploitation, a high-profile North Korean scheme using IT workers to infiltrate US companies, the massive financial shock from a cyberattack on Jaguar Land Rover, and a cascade of copy-pasted systemic flaws threatening AI software across major platforms. Shipley not only breaks down technical specifics but ties each cyber event to its broader business and national security consequences.

Episode Segments & Key Insights

1. Fortinet 0-Day Under Active Exploitation

[00:20 – 05:08]

• Critical vulnerability in FortiWeb WAF quietly fixed by Fortinet after active exploitation began.
• Timeline:
  • Early October: Path traversal bug discovered; attackers create new admin accounts via crafted HTTP POST requests.
  • October 6: DEFUSE firm issues a proof of concept.
  • Watchtower Labs produces a defender tool to identify vulnerable systems.
  • Rapid7 confirms versions affected (8.0.1 and earlier); exploit ceases after 8.0.2 update.
  • October 28: Patch finally released, weeks after in-the-wild exploitation.
  • November 14: Vulnerability officially acknowledged as CVE-2025-6444, CVSS score 9.8/10.
• Attackers can bypass authentication and run admin commands remotely via crafted requests.
• The flaw is “a common starting point for attackers and poses a significant risk to government systems.”
• Action Required:
  • Patch immediately.
  • Disable HTTP/HTTPS on internet-facing management if patching is delayed.
  • Check for unauthorized admin accounts in config and logs.

Notable Quote:

"If you rely on Fortinet, you need to patch immediately. Attackers are already ahead of the game on this one, and the window for defensive action? Well, it's been shattered..." — David Shipley [05:04]

2. North Korean IT Worker Infiltration

[05:09 – 09:27]

• Major DOJ case: Five plead guilty for facilitating North Korea's long-running infiltration of US companies by posing as remote IT workers.
• Scope:
  • Over 136 US organizations compromised.
  • Millions of dollars funneled to North Korea, funding the regime’s nuclear and missile programs.
  • Tactics: Use of stolen US identities, “laptop farms,” remote access, passing backgrounds/tests on behalf of NK operatives, selling US IDs.
  • $2.2 million in revenue directly to DPRK; hundreds of stolen identities, at least three “laptop farms.”
  • US government seizing over $15M in crypto tied to APT38/Blue Nora for high-profile exchange hacks.
• National security risk: Remote work opens new loopholes for sanctioned states to embed operatives in Western companies.
• Mitigation Suggestion:
  • Shipley’s own company now requires all remote hires to spend the first week in person to definitively verify identity and onboard.

Notable Quote:

"Remote work environments have opened new opportunities for sanctioned states like North Korea to slip past corporate controls... you're not only sending money to a hostile regime but opening the door to data theft, sabotage or espionage." — David Shipley [08:40]

3. Jaguar Land Rover Cyberattack Hits UK GDP

[09:28 – 11:34]

• Historic first: The September cyberattack on Jaguar Land Rover cost the company $220M in one quarter and directly impacted UK GDP — the first such measurable incident.
• Ripple effects:
  • Production halted, plants shut, 220,000 supply chain workers affected.
  • Bank of England specifically cites the attack in its GDP report.
  • Negative EBIT and massive losses reported.
  • The British government issued a £1.5B loan guarantee to keep JLR and supply chain afloat.
• Broader lesson: Major cyberattacks now have macroeconomic consequences, not just disrupting businesses but threatening national economies as supply chains get more interconnected.

Notable Quote:

"Cyber attacks aren't just corporate problems anymore. They can hit national economies at the worst possible time." — David Shipley [11:09]

4. AI Platforms Hit By Copy-Pasted Vulnerability

[11:35 – 13:33]

• AI frameworks from Meta, Nvidia, Microsoft, and open source projects affected by copy-pasted remote code execution bug (“shadow MQ pattern”), discovered by Oligo Security.
• Technical details:
  • Insecure use of ZeroMQ (network messaging) and Python Pickle (unsafe object serialization).
  • Developers copied risky patterns from project to project, exposing inference servers to code execution.
  • Thousands of exposed endpoints online.
  • Attackers could gain deep corporate access: steal data, hijack GPU clusters, install miners, or pivot further.
• Root cause:
  • Rushed code adoption, AI assistants generating insecure code, unskilled review.
• Lesson:
  • AI code assistants can help but don’t replace security-knowledgeable developers.
  • Patches are out; admins must update and audit servers.

Notable Quote:

“Any experienced Python developer knows never to use Pickle with untrusted network data. Hell, even a novice who bothers to read the documentation would know this.” — David Shipley [12:48]
"AI tools can absolutely accelerate productivity... But they cannot replace skilled humans who understand secure coding practices..." — David Shipley [13:13]

5. Cyber Policy & Community Advocacy

[13:34 – 14:41]

• Shipley promotes the upcoming B-Sides Ottawa Policy Village, comments on the sad state of Canadian cyber legislation (“TLDR: not good”), and commends cross-border initiatives like “Hackers on the Hill.”
• Call to foster connection between policymakers and security experts to make nations more resilient.

Memorable Quotes & Moments

• “You gotta give it for the North Koreans on this one. They really thought it through.” — David Shipley [07:21]
• “The window for defensive action? Well, it's been shattered...” — David Shipley [05:04]
• “Garbage copied everywhere... This is exactly why AI coding assistants should only be used by trained professional software developers.” — David Shipley [12:00]
• “Cyber attacks aren't just corporate problems anymore. They can hit national economies at the worst possible time.” — David Shipley [11:09]

Timestamps for Major Segments

• Fortinet 0-Day: 00:20 – 05:08
• North Korean Infiltration: 05:09 – 09:27
• JLR Cyberattack Economic Impact: 09:28 – 11:34
• AI Platforms Copy-Paste Flaw: 11:35 – 13:33
• Cybersecurity Policy Advocacy: 13:34 – 14:41

Tone & Style

David Shipley delivers briefing-style reporting in a candid, sometimes wry tone — technical yet accessible, with pointed recommendations and a deep sense of urgency. He balances facts, technical details, and business context, offering concrete next steps for defenders and policy-makers alike.

Summary Takeaways

• Patch immediately: Fortinet users are at urgent risk.
• Beware remote IT impersonation: North Korean infiltration is a real, ongoing threat requiring new onboarding and monitoring strategies.
• Cyberattacks are economic issues: Major incidents can disrupt national economies, not just single companies.
• AI code security is systemic risk: Rushed, AI-aided code proliferation can produce large-scale vulnerabilities.
• Policy engagement is lagging: Cybersecurity legislation and awareness need to catch up to threats.

This episode is a must-listen for cybersecurity leaders, IT administrators, policy-makers, and anyone responsible for organizational risk in an era where cyberattacks have tangible, multi-level impacts.