Summary5 min read

Podcast Summary: Cybersecurity Today

Episode: “Massive Data Exposures, Insider Threats, and State-Sponsored Cyber Attacks”

Host: Jim Love
Date: October 31, 2025

Episode Overview

In this episode, host Jim Love dives into the latest wave of cybersecurity incidents affecting major companies and governments. Topics include a massive data exposure at a global consulting firm, insider threats at a defense contractor, a zero-day exploit targeting Chrome, and a nation-state breach at a critical telecommunications provider. The episode emphasizes how cybersecurity threats are evolving and the key lessons for organizations seeking to protect sensitive information in an increasingly risky environment.

Key Discussion Points & Insights

1. Ernst & Young’s Four Terabyte Data Exposure

[00:01 – 03:05]

Incident Summary: Dutch researchers discovered that Ernst and Young (EY), the giant accounting and consulting firm, left a four terabyte SQL Server backup unprotected and unencrypted on the open internet.
- Exposed data included: API keys, authentication tokens, passwords, and user credentials—effectively master keys to EY’s systems.
Discovery Details: The leak was discovered by Neo Security. The exposure lasted “less than five minutes,” but automated bots retrieved the data almost instantly.
Root Cause: Human error—someone left a cloud storage bucket public to save time, forgetting to secure it.
Immediate Fix: EY responded quickly after notification and secured the database.
Key Lesson:

“You can’t leave unencrypted data on the Internet even for a few minutes. It’s a hard lesson to learn, but one that we can all take away from this.” — Jim Love, [02:38]
Memorable Analogy:

“[It was] like finding the blueprint and the physical keys to a vault with a note saying ‘free to a good home.’” — Neo Security, as relayed by Jim Love, [01:30]

2. Insider Threat at L3Harris: Selling Zero-Days to Russia

[03:06 – 05:21]

Incident Summary: Peter Williams, former head of cyber operations at US defense contractor L3Harris, pleaded guilty to selling US national security exploits to a Russian broker.
- Williams, an Australian national, ran the Trenchant division and sold at least eight zero-day exploits for “millions in cryptocurrency.”
- He even agreed to provide ongoing support and had a formal contract for these “services.”
Irony & Backstory: Williams previously fired a developer, falsely accusing him of leaking Chrome zero-days. The developer was later vindicated.

“I was a scapegoat, I wasn’t guilty and I guess that developer’s finally been vindicated now that Williams is under house arrest...” — Jim Love, [04:56]
Key Takeaway: Insider threats can appear anywhere, even at the “very top of a company.” Vigilance and checks are essential at all levels.

3. Chrome Zero-Day Spyware Campaign

[05:22 – 08:00]

Incident Summary:
- Researchers identified a zero-day (CVE-2025-2783) in Chrome’s Mojo component, allowing attackers to escape the browser’s sandbox and gain deep operating system access.
- Attackers exploited this flaw as part of global espionage campaigns. Sometimes, merely clicking a link was enough to trigger the exploit.
Vendor Response: Google has since patched the vulnerability; users are urged to update Chrome.
Broader Implications:
- Browsers as Primary Attack Surface: Threats increasingly target browsers, with new AI-powered browsers (e.g., OpenAI’s Atlas, Perplexity’s Comet) built on similar foundations.
- Risks in rushed-to-market AI browsers: Potentially vulnerable to “prompt injection” and other new attack vectors.
- Advice for Organizations:
  
  “Until we see some real independent security validation of these browsers, it might be smart to be cautious or even to keep those AI browsers off your corporate network.” — Jim Love, [07:51]
Invitation to Experts:

“If somebody out there in the audience has some way we can talk about this at a deeper level, get in contact with me.” — Jim Love, [08:01]

4. State-Sponsored Telecom Breach at Ribbon Communications

[08:01 – 10:00]

Incident Summary:
- Nation-state hackers breached networks at Ribbon Communications, a US telecom with major clients (Verizon, BT, Deutsche Telekom).
- The attack went undetected for nearly a year (since Dec 2024); so far, three smaller customers were affected with no evidence of government or core systems being breached.
Espionage Campaign Patterns: Attacks targeting telecom infrastructure aim to establish “long-term persistence” for global espionage operations.

“Attackers target these firms to establish long term persistence within their networks to enable global espionage.” — Pete Renas, Palo Alto Networks, as referenced by Jim Love, [09:13]
Broader Implications:
- Service providers are often the weakest link—not always the end users—since they connect and service the majority.
  
  “Sometimes it’s the service provider that connects to everyone else.” — Jim Love, [09:55]
- Increasing targeting from state-aligned actors, especially from China and Russia.

Notable Quotes

“One tiny move that made the database public. They left it that way for less than five minutes. But automated bots scooped up the data like this within minutes...” — Jim Love, [01:52]
“Insider threats can come from anywhere, even the very top of a company.” — Jim Love, [05:12]
“Browsers are now an extremely popular attack surface in cybersecurity... They may only be at the beginning of what some researchers call a vulnerability harvest.” — Jim Love, [07:18]

Timestamps for Key Segments

| Topic | Timestamp | |---------------------------------------------------|-------------| | EY 4 TB Exposure | 00:01–03:05 | | L3Harris Exec Sells Zero-Days to Russia | 03:06–05:21 | | Chrome Zero-Day Spyware Campaign | 05:22–08:00 | | State-Sponsored Breach at Ribbon Communications | 08:01–10:00 |

Episode Takeaways

Even the most prominent organizations are vulnerable to basic human error—strict protocols and automation are critical for data security.
Insider threats remain a grave risk; culture, checks, and monitoring must start at the top.
Browsers are evolving into the central battlefield for cyber attackers, underlining the need for constant patching and skepticism towards new tech until thoroughly vetted.
Telecom and infrastructure providers are high-value targets for nation states; their compromise enables wide-reaching espionage and persistent threats.

This summary captures the content, tone, and key messages of the episode, with select quotes for emphasis. Ideal for listeners who want a comprehensive review without having to listen to the full show.

Loading summary

Transcript1 lines

[00:01]
A
Ercht and young exposes a 4 terabyte database to the open Internet. A former L3Harris executive pleads guilty to selling zero days to a Russian broker. Chrome is hit by a sophisticated zero day spyware campaign and nation state hackers breach US Telecom provider Ribbon communication. This is cybersecurity today. I'm your host, Jim Love. Even the world's biggest consulting firms can make the simplest mistakes. Dutch researchers revealed that Ernst and Young, or ey, one of the big four accounting giants, accidentally let four terabytes of SQL Server backup exposed to the open Internet, unencrypted and filled with sensitive data. The backup contained API keys, authentication tokens, passwords and user credentials, essentially the master keys to EY's systems. Neo Security, the firm that discovered the exposure, said it was like finding the blueprint and the physical keys to a vault with a note saying free to a good home. According to the reports, the leak happened because someone trying to save a little time left a cloud bucket unprotected. One tiny move that made the database public. They left it that way for less than five minutes. But automated bots scooped up the data like this within minutes of exposure. What they didn't realize is that any data left unencrypted on the Internet for even a few minutes is going to be detected and stolen. Once notified. Ey's team acted quickly and fixed the issue. But the message here is simple. You can't leave unencrypted data on the Internet even for a few minutes. It's a hard lesson to learn, but one that we can all take away from this. Because given the right set of circumstances, almost any one of us could have made the same mistake. The former head of a US defense contractor cyber division has pleaded guilty to selling classified hacking tools to a Russian broker, one that openly advertises exploits to government clients in Moscow. Peter Williams, a 39 year old Australian who ran Trenchant, the cyber operations unit of L3Harris, admitted to stealing and selling national security focused software that included at least eight zero day exploits meant only for the US and its allies. The Justice Department said that Williams sold these tools for millions in cryptocurrency and even agreed to provide ongoing support. The scary part about this, if I read it right, was that Williams even had a contract for the payment of these quote unquote services. And ironically or criminally, earlier this year, Williams had fired a developer he falsely accused of leaking Chrome zero days. That developer later told one publication, I was a scapegoat, I wasn't guilty and I Guess that developer's finally been vindicated now that Williams is under house arrest in Washington, D.C. awaiting sentencing in January 2026. And it's a reminder that insider threats can come from anywhere, even the very top of a company. Researchers have confirmed a vulnerability that let attackers break out of Chrome's built in sandbox and gain deep access to the operating system. It's listed as CVE2025 2783, described in the US National Vulnerability Database as an incorrect handle in Chrome's MOJO component on Windows. Attackers exploited it in espionage campaigns earlier this year. How dangerous was it? Well, in some cases, simply visiting a link in Chrome was enough to trigger the exploit. It is now patched, so if you're running the latest version, you're safe. But this is part of a much bigger story. Browsers are now an extremely popular attack surface in cybersecurity, and with the new AI browsers like OpenAI's Atlas and Perplexity's Comet, both are built on the same Chromium foundation. So it's fair to ask whether they'll be next. And if Chrome, after years of testing, still has holes. What about brand new AI browsers rushed to market and already having prompt injection risks? They may only be at the beginning of what some researchers call a vulnerability harvest. I'm a big believer in AI and believe we have to experiment with it, but until we see some real independent security validation of these browsers, it might be smart to be cautious or even to keep those AI browsers off your corporate network. I confess this is not my big area of expertise, and if somebody out there in the audience has some way we can talk about this at a deeper level, get in contact with me. And finally, hackers working for a nation state breached networks at Ribbon Communications, a US Telecom services provider that connects many of the world's biggest carriers, including Verizon, BT and Deutsche Telekom. According to filings with the US securities and Exchange Commission, the breach began in December 2024 and went undetected for nearly a year so far. Three smaller customers were reportedly affected, although there's no sign that government clients or core systems were compromised. Cybersecurity experts say this fits a growing pattern of espionage campaigns aimed at the teleco and network infrastructure providers, the companies that sit at the very heart of global communications. Pete Renas of Palo Alto Networks told Reuters that attackers target these firms to establish long term persistence within their networks to enable global espionage. Ribbon's customers include major carriers and government agencies, making it a prime target for for these state aligned hackers, especially from China and Russia. It's a stark reminder that the weakest points in the system isn't always the end user. Sometimes it's the service provider that connects to everyone else. And that's our show for today. You can reach me with tips, comments, or even some constructive criticism. Check us out@technewsday.com or ca use the contact Us page. If you're watching this on YouTube, just leave a note under the video. I'm your host, Jim Love. I'm your host, Jim Love. Thanks for listening.