Podcast Summary: Cybersecurity Today – "Major US Bank Data Linked Through Breach At Ascensus"

Host: Jim Love
Date: November 26, 2025

Episode Overview

This episode delivers crucial updates on several significant cybersecurity incidents affecting businesses and individuals. The main focus is a major data breach at Ascensus, a core vendor for US banks, but the episode also covers ransomware activity targeting major enterprises, a sophisticated Blender-based malware campaign, a widespread npm supply chain attack, and the renewed danger of simple phishing schemes. The emphasis is on both high-tech and low-tech threats—what they mean for organizations, and practical steps for listeners to stay safe.

Key Discussion Points and Insights

1. Ascensus Breach Impacting US Banks

[00:44]

Incident Details:
- ALFV/Black Cat ransomware group claimed theft of 3 terabytes of data from Ascensus, a major financial technology vendor.
- “A census confirmed the incident… the attack involved data theft only, not encryption.” (Jim Love, 01:17)
- Systems taken offline, investigation launched; FBI is actively involved.
Data Exposure Uncertainty:
- Banks using Ascensus are still assessing which information was compromised.
- Attackers posted samples online as evidence, but the full scope is undetermined.
Insights:
- ALFV’s history suggests data was sensitive, likely to justify ransom pressure.
- Industry is “in assessment mode,” awaiting clarity on what and who is affected.

2. Oracle ERP Attacks and Broadcom's Response

[02:21]

Campaign Expansion:
- Clop ransomware group claims to have breached Broadcom, among 30–100 large victims via Oracle E-Business Suite zero-day vulnerabilities.
Broadcom’s Statement:
- Not confirming but also not denying a breach.
- “Broadcom has forensically examined and patched our Oracle system to remediate the vulnerabilities… our core systems remain intact…” (Jim Love quoting Broadcom, 03:21)
- Limited types of data processed; breach not expected to pose “significant risk.”
Industry Trend:
- Attackers sometimes announce victims before organizations can internally verify incidents.
- Oracle has patched the exploited flaw, but fallout continues as new victims may emerge.

3. Blender Malware: Stealsea Information Stealer

[04:19]

Malware Hiding in 3D Models:
- Attackers embed Python scripts in Blender .blend files shared on creative platforms.
- Blender’s autorun feature (enabled by default) executes malicious code automatically.
Capabilities:
- Stealsea targets 23+ browsers, 100 crypto wallet extensions, 15 wallet apps, and messaging tools.
- “Includes an updated UAC bypass and uses an encrypted multi stage delivery chain…”
  (Jim Love, 05:17)
- Evades most anti-malware defenses; recent Stealsea variant undetected by all VirusTotal engines.
Supply Chain Risk:
- “A standard Blender model can quietly deliver a highly capable infosteeler…” (Jim Love, 05:45)

4. NPM Ecosystem Compromised: Shaihalud Worm

[06:09]

Scope of Attack:
- About 500 npm packages compromised by self-replicating malware.
- Attacker gains maintainers’ credentials, backdoors widely used modules.
Mechanism:
- When a tainted package is installed, malware harvests GitHub tokens, npm credentials, and secrets, then pushes them to attacker-controlled repos.
Propagation:
- “With those tokens in hand, the malware can republish itself into even more packages…” (Jim Love, 06:50)
- Trusted dependencies can suddenly become vectors for attack.
Systemic Vulnerability:
- The issue is not one library, but “how much trust we place in an ecosystem…” (Jim Love, 07:18)
- No easy fix—vigilance and validation is now critical for developers.

5. Old Tricks Still Work: Microsoft Phishing via Lookalike Domains

[08:24]

Phishing Tactic:
- Using rnicrosoft.com (“rn” instead of “m”) domains to mimic Microsoft visually.
- Targets Microsoft account holders with fake password resets and security alerts.
Risk:
- Traditional security tools often miss this kind of visual deception.
- Especially effective during busy times (e.g., holidays) when users are flooded with alerts.
Practical Advice:
- Jim shares his strict personal rule:
  
  “I will not, repeat, not enter credentials into anything that’s linked to a site that has been supplied to me in email... If I can’t find what they sent me, I don’t care. It doesn’t exist. But that’s just me. And simple, dumb things like this may be the big thing we can use to help ourselves.”
  (Jim Love, 09:36)
Message:
- While the cybersecurity conversation often focuses on complex, high-tech threats, “the simplest tactics still work because they exploit human attention, not software flaws.” (Jim Love, 10:06)

Notable Quotes and Memorable Moments

On Ascensus Breach:

“That means systems weren’t locked, but information was taken… The industry is in assessment mode.” (Jim Love, 01:17–02:00)
On Oracle/Broadcom Vulnerabilities:

“Like many organizations that use this software, Broadcom has been targeted by cybercriminals who have exploited zero day vulnerabilities in the Oracle product.” (Jim Love quoting Broadcom, 03:04)
On Supply Chain Attacks:

“The weakness isn’t one library. It’s how much trust we place in an ecosystem and where a single bad publish can ripple through thousands of projects.” (Jim Love, 07:18)
On Phishing:

“Simple, dumb things like this may be the big thing we can use to help ourselves… the simplest tactics still work because they exploit human attention and not software flaws.” (Jim Love, 09:46 and 10:06)

Important Segments and Timestamps

Ascensus Breach & US Banks – [00:44]
Oracle ERP/Clop/Broadcom – [02:21]
Blender/Stealsea Malware – [04:19]
NPM/Shaihalud Worm – [06:09]
Phishing with Lookalike Domains – [08:24]
Jim’s Anti-Phishing Rule – [09:36]

Takeaways

The episode highlights that cyber attacks now run the gamut from cutting-edge supply chain compromises to simple, decades-old phishing tricks. The through-line is that technical protections must be matched by strong scrutiny and skepticism at the human level—especially given the ongoing evolution and scale of both technical and social attacks. Developers and users alike must adopt habits (such as never trusting credential prompts from email links) and maintain diligence in software validation to mitigate both emerging and perennial threats.

For more information and daily updates, listen to Cybersecurity Today with Jim Love.

Podcast Summary: Cybersecurity Today – "Major US Bank Data Linked Through Breach At Ascensus"

Host: Jim Love
Date: November 26, 2025

Episode Overview

Key Discussion Points and Insights

1. Ascensus Breach Impacting US Banks

[00:44]

Incident Details:
- ALFV/Black Cat ransomware group claimed theft of 3 terabytes of data from Ascensus, a major financial technology vendor.
- “A census confirmed the incident… the attack involved data theft only, not encryption.” (Jim Love, 01:17)
- Systems taken offline, investigation launched; FBI is actively involved.
Data Exposure Uncertainty:
- Banks using Ascensus are still assessing which information was compromised.
- Attackers posted samples online as evidence, but the full scope is undetermined.
Insights:
- ALFV’s history suggests data was sensitive, likely to justify ransom pressure.
- Industry is “in assessment mode,” awaiting clarity on what and who is affected.

2. Oracle ERP Attacks and Broadcom's Response

[02:21]

Campaign Expansion:
- Clop ransomware group claims to have breached Broadcom, among 30–100 large victims via Oracle E-Business Suite zero-day vulnerabilities.
Broadcom’s Statement:
- Not confirming but also not denying a breach.
- “Broadcom has forensically examined and patched our Oracle system to remediate the vulnerabilities… our core systems remain intact…” (Jim Love quoting Broadcom, 03:21)
- Limited types of data processed; breach not expected to pose “significant risk.”
Industry Trend:
- Attackers sometimes announce victims before organizations can internally verify incidents.
- Oracle has patched the exploited flaw, but fallout continues as new victims may emerge.

3. Blender Malware: Stealsea Information Stealer

[04:19]

Malware Hiding in 3D Models:
- Attackers embed Python scripts in Blender .blend files shared on creative platforms.
- Blender’s autorun feature (enabled by default) executes malicious code automatically.
Capabilities:
- Stealsea targets 23+ browsers, 100 crypto wallet extensions, 15 wallet apps, and messaging tools.
- “Includes an updated UAC bypass and uses an encrypted multi stage delivery chain…”
  (Jim Love, 05:17)
- Evades most anti-malware defenses; recent Stealsea variant undetected by all VirusTotal engines.
Supply Chain Risk:
- “A standard Blender model can quietly deliver a highly capable infosteeler…” (Jim Love, 05:45)

4. NPM Ecosystem Compromised: Shaihalud Worm

[06:09]

Scope of Attack:
- About 500 npm packages compromised by self-replicating malware.
- Attacker gains maintainers’ credentials, backdoors widely used modules.
Mechanism:
- When a tainted package is installed, malware harvests GitHub tokens, npm credentials, and secrets, then pushes them to attacker-controlled repos.
Propagation:
- “With those tokens in hand, the malware can republish itself into even more packages…” (Jim Love, 06:50)
- Trusted dependencies can suddenly become vectors for attack.
Systemic Vulnerability:
- The issue is not one library, but “how much trust we place in an ecosystem…” (Jim Love, 07:18)
- No easy fix—vigilance and validation is now critical for developers.

5. Old Tricks Still Work: Microsoft Phishing via Lookalike Domains

[08:24]

Phishing Tactic:
- Using rnicrosoft.com (“rn” instead of “m”) domains to mimic Microsoft visually.
- Targets Microsoft account holders with fake password resets and security alerts.
Risk:
- Traditional security tools often miss this kind of visual deception.
- Especially effective during busy times (e.g., holidays) when users are flooded with alerts.
Practical Advice:
- Jim shares his strict personal rule:
  
  “I will not, repeat, not enter credentials into anything that’s linked to a site that has been supplied to me in email... If I can’t find what they sent me, I don’t care. It doesn’t exist. But that’s just me. And simple, dumb things like this may be the big thing we can use to help ourselves.”
  (Jim Love, 09:36)
Message:
- While the cybersecurity conversation often focuses on complex, high-tech threats, “the simplest tactics still work because they exploit human attention, not software flaws.” (Jim Love, 10:06)

Notable Quotes and Memorable Moments

On Ascensus Breach:

“That means systems weren’t locked, but information was taken… The industry is in assessment mode.” (Jim Love, 01:17–02:00)
On Oracle/Broadcom Vulnerabilities:

“Like many organizations that use this software, Broadcom has been targeted by cybercriminals who have exploited zero day vulnerabilities in the Oracle product.” (Jim Love quoting Broadcom, 03:04)
On Supply Chain Attacks:

“The weakness isn’t one library. It’s how much trust we place in an ecosystem and where a single bad publish can ripple through thousands of projects.” (Jim Love, 07:18)
On Phishing:

“Simple, dumb things like this may be the big thing we can use to help ourselves… the simplest tactics still work because they exploit human attention and not software flaws.” (Jim Love, 09:46 and 10:06)

Important Segments and Timestamps

Ascensus Breach & US Banks – [00:44]
Oracle ERP/Clop/Broadcom – [02:21]
Blender/Stealsea Malware – [04:19]
NPM/Shaihalud Worm – [06:09]
Phishing with Lookalike Domains – [08:24]
Jim’s Anti-Phishing Rule – [09:36]

Takeaways

For more information and daily updates, listen to Cybersecurity Today with Jim Love.

wavePod

Major US Bank Data Linked Through Breach At Ascensus

Powered by Wave AI

Summary

Podcast Summary: Cybersecurity Today – "Major US Bank Data Linked Through Breach At Ascensus"

Episode Overview

Key Discussion Points and Insights

1. Ascensus Breach Impacting US Banks

2. Oracle ERP Attacks and Broadcom's Response

3. Blender Malware: Stealsea Information Stealer

4. NPM Ecosystem Compromised: Shaihalud Worm

5. Old Tricks Still Work: Microsoft Phishing via Lookalike Domains

Notable Quotes and Memorable Moments

Important Segments and Timestamps

Takeaways

Summary

Podcast Summary: Cybersecurity Today – "Major US Bank Data Linked Through Breach At Ascensus"

Episode Overview

Key Discussion Points and Insights

1. Ascensus Breach Impacting US Banks

2. Oracle ERP Attacks and Broadcom's Response

3. Blender Malware: Stealsea Information Stealer

4. NPM Ecosystem Compromised: Shaihalud Worm

5. Old Tricks Still Work: Microsoft Phishing via Lookalike Domains

Notable Quotes and Memorable Moments

Important Segments and Timestamps

Takeaways