Ransomware Insider Threats, AI Vulnerabilities, and Major Security Gaffes

Cybersecurity Today: Ransomware Insider Threats, AI Vulnerabilities, and Major Security Gaffes

Host: Jim Love
Date: November 5, 2025

Episode Overview

In this episode, host Jim Love delves into the latest cybersecurity threats facing organizations, including a shocking case of insider attacks by ransomware negotiators, new vulnerabilities in AI stacks within Microsoft Windows, creative abuse of OpenAI’s API, a critical hardware flaw affecting AMD processors, and a damning security lapse at the Louvre. The episode is rich with cautionary insights and real-world incidents, highlighting the evolving threat landscape and the enduring importance of cybersecurity fundamentals.

Key Discussion Points & Insights

1. Insider Threat: Ransomware Negotiators Turn Hackers

Details of the Case (00:30)
- Two employees from Digital Mint, a company specializing in ransomware negotiations, have been charged with actually perpetrating ransomware attacks themselves.
  - Kevin Tyler Martin and another unnamed employee allegedly carried out attacks using ALF V (Black Cat) ransomware.
  - Ryan Clifford Goldberg, formerly with Signia, was also indicted.
  - At least five U.S. companies were targeted, including a Florida medical device maker (losses > $1.2 million), a Virginia drone manufacturer, and a Maryland pharmaceutical firm.
- Digital Mint’s president, Mark Gren, stated:
  
  "Martin acted completely outside the scope of his employment, and we hope so."
- Signia confirmed Goldberg's termination and both firms are fully cooperating with the FBI.
Insightful Commentary (01:55)
- Jim Love remarks:
  
  "It's a stunning insider threat. Case professionals hired to stop ransomware accused of joining it."

2. Malware Concealed in Windows AI Stack

Vulnerability Discovery (02:15)
- Researcher HXR1 demonstrated malware embedded in ONNX (Open Neural Network Exchange format) files used in Windows AI features, escaping antivirus detection.
- Attack leverages Microsoft’s local AI processing push, which widens the attack surface.
- Embedding occurs within neural network internal data, reconstructed by trusted components.
Living-Off-The-Land Attack (03:15)
- ONNX files are typically not signed nor scanned, letting malicious payloads bypass defenses.
- Commentary from Jim Love:
  
  "This turns into what might be a textbook living off the land attack using what's already built into Windows."
AI Security Culture Critique (03:40)
- Love drives home a key industry lesson:
  
  "The reality is that the run fast and break things culture of AI appears to be deploy first, patch later,"
  and cites HXR1’s succinct warning: "These models are not trustworthy. Don't blindly trust any model sitting on the Internet."

3. Abuse of OpenAI Assistance API for Espionage

Techniques of Attack (04:05)
- Microsoft DART identified the ‘SesameOp’ backdoor using the OpenAI Assistance API as a command-and-control channel.
- API features enable attackers to send/receive encrypted commands masked as legitimate traffic.
- Discovered during a July espionage investigation; provided persistent access by misusing trusted cloud services instead of newly created, more easily flagged infrastructure.
Clarification and Response (05:00)
- Not a flaw in OpenAI’s systems, but misuse of legitimate features.
- Microsoft and OpenAI disabled the compromised account; the affected API to be deprecated in August 2026.

4. Serious Flaw in AMD Zen 5 Processors Jeopardizes Encryption

Vulnerability Facts (05:30)
- AMD SB7055 flaw: Zen 5 CPUs’ RDC'ed instruction can yield predictable "random" numbers, undermining cryptographic security.
- Discovery by a Meta engineer in October 2025 prompted Linux to disable RDC'ed on Zen 5 systems.
- Firmware updates begin Nov 25, 2025, for Ryzen 9000 and Threadripper 9000; all patches due by January 2026.
Key Takeaway (06:45)
- Jim Love underscores:
  
  "Even at the deepest layers of modern processors, the ones we trust for things like randomness, human oversight remains essential."

5. Louvre Heist and Shocking Security Lapses

Incident Recap (07:05)
- Louvre’s surveillance network used default or simplistic passwords like 'Louvre' and 'Thales' (the system name) for over a decade.
- These credentials were still active in 2024—long after security warnings.
- October 20th: Thieves used an automated lift truck to steal €88 million in jewels, exploiting weak surveillance and credentials.
- Seven suspects arrested; four charged with organized robbery and conspiracy.
Reflection on Failure (08:20)
- Jim Love summarizes:
  
  "Proves the greatest tech in the world is worthless if you neglect the basics like strong passwords and regular audits."

Notable Quotes & Moments

On Insider Threats:

"It's a stunning insider threat. Case professionals hired to stop ransomware accused of joining it."
— Jim Love (01:55)
On AI Security Risks:

"These models are not trustworthy. Don't blindly trust any model sitting on the Internet."
— HXR1, via Jim Love (03:40)
On Security Culture:

"The reality is that the run fast and break things culture of AI appears to be deploy first, patch later,"
— Jim Love (03:45)
On Hardware Vulnerabilities:

"Even at the deepest layers of modern processors, the ones we trust for things like randomness, human oversight remains essential."
— Jim Love (06:45)
On Basics of Security:

"Proves the greatest tech in the world is worthless if you neglect the basics like strong passwords and regular audits."
— Jim Love (08:20)

Timeline of Major Segments

| Timestamp | Segment | Details | |-----------|----------------------------------------------|--------------------------------------------------------------| | 00:30 | Ransomware negotiators indicted | Digital Mint/Signia insider attacks | | 02:15 | Malware in Windows AI Stack | ONNX/AI vulnerabilities | | 04:05 | OpenAI Assistance API abused | 'SesameOp' backdoor discovered | | 05:30 | AMD Zen 5 vulnerability | Hardware RNG flaw, patch responses | | 07:05 | Louvre heist & password failures | Museum’s basic security neglected, major art theft | | 08:20 | Closing insight | Importance of basic cybersecurity hygiene |

Summary Takeaways

This episode spotlights the ever-changing world of cybersecurity: trusted insiders turned threats, AI’s shiny new tools doubling as attack surfaces, trusted hardware riddled with flaws, and old-fashioned human sloppiness undermining even the world's most valuable treasures. Jim Love urges vigilance at both high-tech and basic levels, reminding listeners that securing organizations is as much about culture and oversight as it is about tools and technology.

Cybersecurity Today: Ransomware Insider Threats, AI Vulnerabilities, and Major Security Gaffes

Host: Jim Love
Date: November 5, 2025

Episode Overview

Key Discussion Points & Insights

1. Insider Threat: Ransomware Negotiators Turn Hackers

Details of the Case (00:30)
- Two employees from Digital Mint, a company specializing in ransomware negotiations, have been charged with actually perpetrating ransomware attacks themselves.
  - Kevin Tyler Martin and another unnamed employee allegedly carried out attacks using ALF V (Black Cat) ransomware.
  - Ryan Clifford Goldberg, formerly with Signia, was also indicted.
  - At least five U.S. companies were targeted, including a Florida medical device maker (losses > $1.2 million), a Virginia drone manufacturer, and a Maryland pharmaceutical firm.
- Digital Mint’s president, Mark Gren, stated:
  
  "Martin acted completely outside the scope of his employment, and we hope so."
- Signia confirmed Goldberg's termination and both firms are fully cooperating with the FBI.
Insightful Commentary (01:55)
- Jim Love remarks:
  
  "It's a stunning insider threat. Case professionals hired to stop ransomware accused of joining it."

2. Malware Concealed in Windows AI Stack

Vulnerability Discovery (02:15)
- Researcher HXR1 demonstrated malware embedded in ONNX (Open Neural Network Exchange format) files used in Windows AI features, escaping antivirus detection.
- Attack leverages Microsoft’s local AI processing push, which widens the attack surface.
- Embedding occurs within neural network internal data, reconstructed by trusted components.
Living-Off-The-Land Attack (03:15)
- ONNX files are typically not signed nor scanned, letting malicious payloads bypass defenses.
- Commentary from Jim Love:
  
  "This turns into what might be a textbook living off the land attack using what's already built into Windows."
AI Security Culture Critique (03:40)
- Love drives home a key industry lesson:
  
  "The reality is that the run fast and break things culture of AI appears to be deploy first, patch later,"
  and cites HXR1’s succinct warning: "These models are not trustworthy. Don't blindly trust any model sitting on the Internet."

3. Abuse of OpenAI Assistance API for Espionage

Techniques of Attack (04:05)
- Microsoft DART identified the ‘SesameOp’ backdoor using the OpenAI Assistance API as a command-and-control channel.
- API features enable attackers to send/receive encrypted commands masked as legitimate traffic.
- Discovered during a July espionage investigation; provided persistent access by misusing trusted cloud services instead of newly created, more easily flagged infrastructure.
Clarification and Response (05:00)
- Not a flaw in OpenAI’s systems, but misuse of legitimate features.
- Microsoft and OpenAI disabled the compromised account; the affected API to be deprecated in August 2026.

4. Serious Flaw in AMD Zen 5 Processors Jeopardizes Encryption

Vulnerability Facts (05:30)
- AMD SB7055 flaw: Zen 5 CPUs’ RDC'ed instruction can yield predictable "random" numbers, undermining cryptographic security.
- Discovery by a Meta engineer in October 2025 prompted Linux to disable RDC'ed on Zen 5 systems.
- Firmware updates begin Nov 25, 2025, for Ryzen 9000 and Threadripper 9000; all patches due by January 2026.
Key Takeaway (06:45)
- Jim Love underscores:
  
  "Even at the deepest layers of modern processors, the ones we trust for things like randomness, human oversight remains essential."

5. Louvre Heist and Shocking Security Lapses

Incident Recap (07:05)
- Louvre’s surveillance network used default or simplistic passwords like 'Louvre' and 'Thales' (the system name) for over a decade.
- These credentials were still active in 2024—long after security warnings.
- October 20th: Thieves used an automated lift truck to steal €88 million in jewels, exploiting weak surveillance and credentials.
- Seven suspects arrested; four charged with organized robbery and conspiracy.
Reflection on Failure (08:20)
- Jim Love summarizes:
  
  "Proves the greatest tech in the world is worthless if you neglect the basics like strong passwords and regular audits."

Notable Quotes & Moments

On Insider Threats:

"It's a stunning insider threat. Case professionals hired to stop ransomware accused of joining it."
— Jim Love (01:55)
On AI Security Risks:

"These models are not trustworthy. Don't blindly trust any model sitting on the Internet."
— HXR1, via Jim Love (03:40)
On Security Culture:

"The reality is that the run fast and break things culture of AI appears to be deploy first, patch later,"
— Jim Love (03:45)
On Hardware Vulnerabilities:

"Even at the deepest layers of modern processors, the ones we trust for things like randomness, human oversight remains essential."
— Jim Love (06:45)
On Basics of Security:

"Proves the greatest tech in the world is worthless if you neglect the basics like strong passwords and regular audits."
— Jim Love (08:20)

wavePod

Powered by Wave AI

Summary

Cybersecurity Today: Ransomware Insider Threats, AI Vulnerabilities, and Major Security Gaffes

Episode Overview

Key Discussion Points & Insights

1. Insider Threat: Ransomware Negotiators Turn Hackers

2. Malware Concealed in Windows AI Stack

3. Abuse of OpenAI Assistance API for Espionage

4. Serious Flaw in AMD Zen 5 Processors Jeopardizes Encryption

5. Louvre Heist and Shocking Security Lapses

Notable Quotes & Moments

Timeline of Major Segments

Summary Takeaways

Summary

Cybersecurity Today: Ransomware Insider Threats, AI Vulnerabilities, and Major Security Gaffes

Episode Overview

Key Discussion Points & Insights

1. Insider Threat: Ransomware Negotiators Turn Hackers

2. Malware Concealed in Windows AI Stack

3. Abuse of OpenAI Assistance API for Espionage

4. Serious Flaw in AMD Zen 5 Processors Jeopardizes Encryption

5. Louvre Heist and Shocking Security Lapses

Notable Quotes & Moments

Timeline of Major Segments

Summary Takeaways