Cybersecurity Today: Ransomware Insider Threats, AI Vulnerabilities, and Major Security Gaffes
Host: Jim Love
Date: November 5, 2025
Episode Overview
In this episode, host Jim Love delves into the latest cybersecurity threats facing organizations, including a shocking case of insider attacks by ransomware negotiators, new vulnerabilities in AI stacks within Microsoft Windows, creative abuse of OpenAI’s API, a critical hardware flaw affecting AMD processors, and a damning security lapse at the Louvre. The episode is rich with cautionary insights and real-world incidents, highlighting the evolving threat landscape and the enduring importance of cybersecurity fundamentals.
Key Discussion Points & Insights
1. Insider Threat: Ransomware Negotiators Turn Hackers
- Details of the Case (00:30)
- Two employees from Digital Mint, a company specializing in ransomware negotiations, have been charged with actually perpetrating ransomware attacks themselves.
- Kevin Tyler Martin and another unnamed employee allegedly carried out attacks using ALF V (Black Cat) ransomware.
- Ryan Clifford Goldberg, formerly with Signia, was also indicted.
- At least five U.S. companies were targeted, including a Florida medical device maker (losses > $1.2 million), a Virginia drone manufacturer, and a Maryland pharmaceutical firm.
- Digital Mint’s president, Mark Gren, stated:
"Martin acted completely outside the scope of his employment, and we hope so."
- Signia confirmed Goldberg's termination and both firms are fully cooperating with the FBI.
- Two employees from Digital Mint, a company specializing in ransomware negotiations, have been charged with actually perpetrating ransomware attacks themselves.
- Insightful Commentary (01:55)
- Jim Love remarks:
"It's a stunning insider threat. Case professionals hired to stop ransomware accused of joining it."
- Jim Love remarks:
2. Malware Concealed in Windows AI Stack
- Vulnerability Discovery (02:15)
- Researcher HXR1 demonstrated malware embedded in ONNX (Open Neural Network Exchange format) files used in Windows AI features, escaping antivirus detection.
- Attack leverages Microsoft’s local AI processing push, which widens the attack surface.
- Embedding occurs within neural network internal data, reconstructed by trusted components.
- Living-Off-The-Land Attack (03:15)
- ONNX files are typically not signed nor scanned, letting malicious payloads bypass defenses.
- Commentary from Jim Love:
"This turns into what might be a textbook living off the land attack using what's already built into Windows."
- AI Security Culture Critique (03:40)
- Love drives home a key industry lesson:
"The reality is that the run fast and break things culture of AI appears to be deploy first, patch later,"
and cites HXR1’s succinct warning: "These models are not trustworthy. Don't blindly trust any model sitting on the Internet."
- Love drives home a key industry lesson:
3. Abuse of OpenAI Assistance API for Espionage
- Techniques of Attack (04:05)
- Microsoft DART identified the ‘SesameOp’ backdoor using the OpenAI Assistance API as a command-and-control channel.
- API features enable attackers to send/receive encrypted commands masked as legitimate traffic.
- Discovered during a July espionage investigation; provided persistent access by misusing trusted cloud services instead of newly created, more easily flagged infrastructure.
- Clarification and Response (05:00)
- Not a flaw in OpenAI’s systems, but misuse of legitimate features.
- Microsoft and OpenAI disabled the compromised account; the affected API to be deprecated in August 2026.
4. Serious Flaw in AMD Zen 5 Processors Jeopardizes Encryption
- Vulnerability Facts (05:30)
- AMD SB7055 flaw: Zen 5 CPUs’ RDC'ed instruction can yield predictable "random" numbers, undermining cryptographic security.
- Discovery by a Meta engineer in October 2025 prompted Linux to disable RDC'ed on Zen 5 systems.
- Firmware updates begin Nov 25, 2025, for Ryzen 9000 and Threadripper 9000; all patches due by January 2026.
- Key Takeaway (06:45)
- Jim Love underscores:
"Even at the deepest layers of modern processors, the ones we trust for things like randomness, human oversight remains essential."
- Jim Love underscores:
5. Louvre Heist and Shocking Security Lapses
- Incident Recap (07:05)
- Louvre’s surveillance network used default or simplistic passwords like 'Louvre' and 'Thales' (the system name) for over a decade.
- These credentials were still active in 2024—long after security warnings.
- October 20th: Thieves used an automated lift truck to steal €88 million in jewels, exploiting weak surveillance and credentials.
- Seven suspects arrested; four charged with organized robbery and conspiracy.
- Reflection on Failure (08:20)
- Jim Love summarizes:
"Proves the greatest tech in the world is worthless if you neglect the basics like strong passwords and regular audits."
- Jim Love summarizes:
Notable Quotes & Moments
-
On Insider Threats:
"It's a stunning insider threat. Case professionals hired to stop ransomware accused of joining it."
— Jim Love (01:55) -
On AI Security Risks:
"These models are not trustworthy. Don't blindly trust any model sitting on the Internet."
— HXR1, via Jim Love (03:40) -
On Security Culture:
"The reality is that the run fast and break things culture of AI appears to be deploy first, patch later,"
— Jim Love (03:45) -
On Hardware Vulnerabilities:
"Even at the deepest layers of modern processors, the ones we trust for things like randomness, human oversight remains essential."
— Jim Love (06:45) -
On Basics of Security:
"Proves the greatest tech in the world is worthless if you neglect the basics like strong passwords and regular audits."
— Jim Love (08:20)
Timeline of Major Segments
| Timestamp | Segment | Details | |-----------|----------------------------------------------|--------------------------------------------------------------| | 00:30 | Ransomware negotiators indicted | Digital Mint/Signia insider attacks | | 02:15 | Malware in Windows AI Stack | ONNX/AI vulnerabilities | | 04:05 | OpenAI Assistance API abused | 'SesameOp' backdoor discovered | | 05:30 | AMD Zen 5 vulnerability | Hardware RNG flaw, patch responses | | 07:05 | Louvre heist & password failures | Museum’s basic security neglected, major art theft | | 08:20 | Closing insight | Importance of basic cybersecurity hygiene |
Summary Takeaways
This episode spotlights the ever-changing world of cybersecurity: trusted insiders turned threats, AI’s shiny new tools doubling as attack surfaces, trusted hardware riddled with flaws, and old-fashioned human sloppiness undermining even the world's most valuable treasures. Jim Love urges vigilance at both high-tech and basic levels, reminding listeners that securing organizations is as much about culture and oversight as it is about tools and technology.
