Risky Bulletin: EU Users to Get Free Windows 10 Extended Security Updates

Podcast: Risky Bulletin
Host: Risky.Biz (Read by Claire Aird, prepared by Catalin Cimpanu)
Date: September 26, 2025

Overview

This episode of Risky Bulletin delivers a roundup of the latest global cybersecurity news. Key themes include Microsoft’s decision to provide free Extended Security Updates (ESU) for Windows 10 users across the EU, recent critical vulnerabilities and cyberattacks, government and legislative moves on security, and several landmark legal and regulatory actions in the cybersecurity space.

Key Discussion Points & Insights

1. Free Windows 10 Extended Security Updates for EU Users

• Background: Windows 10 reaches end of life on October 14, 2025.
• Initial Policy: Security updates were only free if users linked PCs to Microsoft accounts; otherwise, there was a $30 fee.
• Change: Following pressure from a Luxembourg consumer protection organization, Microsoft removed these conditions for users in EU member states, Iceland, Norway, and Liechtenstein.
• Significance: Ensures continued free protection for millions of European users post-end-of-life.

"Most European users are set to receive Windows 10 Extended Security Updates for free... Microsoft has removed the conditions for free updates."
— Claire Aird [00:24]

2. Microsoft and Israeli Intel Contract Terminated

• Contract Details: Microsoft had an agreement with Israeli intelligence unit 8200, granting access to Azure servers for processing intercepted communications data from Palestine.
• Public Disclosure: The Guardian broke the story in August.
• Outcome: Microsoft terminated the contract amidst mounting scrutiny over surveillance implications.

"Microsoft has dropped a contract with the Israeli intelligence service unit 8200... The contract was revealed by The Guardian in August."
— Claire Aird [01:04]

3. Predator Gate Spyware Trial in Greece

• Context: Trial set to begin in Greece, involving two Israeli and two Greek employees of Intellexa (the company behind Predator spyware).
• Charges: Misdemeanor charges related to spyware marketing.
• Backstory: The 2022 Predator Gate scandal saw the Greek Mitsotakis government accused of using Predator spyware for political surveillance. Officials were later absolved by the Supreme Court in 2024.

"The Predator Gate scandal broke in 2022 when the ruling conservative Mitsotakis government was accused of using the Predator spyware to spy on judges, senior military officers, journalists and the opposition."
— Claire Aird [01:22]

4. UK Airport Cyberattack Arrest

• Incident: Recent ransomware attack disrupted airports across Europe.
• Arrest: A man in his 40s was arrested in West Sussex, suspected of targeting Collins Aerospace’s self-check-in kiosks.
• Impact: Illustrates continuing threats to aviation infrastructure.

"A man in his 40s was arrested in West Sussex... He's accused of deploying ransomware on the network of Collins Aerospace."
— Claire Aird [02:02]

5. Las Vegas Casino Hack Update

• 17-Year-Old Suspect: Released to parents ahead of a November court date.
• Alleged Group: Believed to be a member of Scattered Spider, a notorious hacking collective.
• Release Conditions: Banned from the internet and mobile devices, cannot exit Clark County.

"A 17 year old who turned himself in over the 2023 Las Vegas casino hacks has been released to his parents... He's believed to be a member of the Scattered Spider hacking group."
— Claire Aird [02:27]

6. Cisco: Three Zero Day Vulnerabilities Patched

• Affected Products: IOS and IOS XE operating systems; ASA firewalls.
• Threats: Privilege escalation via SNMP packets, Chinese espionage group (Storm 1849) exploiting the flaws.
• Urgency: CISA ordered immediate patching in federal agencies.

"Cisco has patched another two zero days in its ASA firewalls... used by a suspected Chinese espionage group to target US organisations."
— Claire Aird [03:05]

7. US 'Cybersecurity in Agriculture' Bill

• Legislation Proposal: Five regional cybersecurity centers to support agriculture.
• Purpose: Develop security tools, offer training, and enhance threat detection for the sector.

"The Cybersecurity in Agriculture act would establish five regional agriculture cybersecurity centres."
— Claire Aird [03:35]

8. Major Ransomware and Data Breaches

• Co-Op UK: Lost £206 million to ransomware incident in April, affecting 6.5 million customers’ data.
• Volvo NA: Breach via third-party HR provider Miladata; connected to disruption of 200+ Swedish municipalities in August.

"British retailer co OP lost 206 million pounds in revenue due to a ransomware attack in April."
— Claire Aird [03:50]

9. Major Privacy and Consumer Protection Actions

• TikTok Investigation in Canada: Accused of collecting data on children under 13 despite policies; responded by barring targeted ads to minors.
• Amazon FTC Fine: $2.5 billion settlement for enrolling customers in Prime without consent; $1.5 billion returned to customers.

"Amazon has been fined $2.5 billion by the FTC for subscribing millions of customers to the company's prime service without their consent... The settlement is the largest civil penalty in the FTC's history."
— Claire Aird [04:40]

10. EU Antitrust Probe Into SAP

• Claims: Blocking third party support and making it difficult to cancel unused licenses.

11. Open Source Sustainability

• Eight Major Orgs: Call for more funding from major tech vendors for software package repository maintenance—noted are PyPI, Maven Central, Crates, OpenVSX.

12. AI Tools and Anti-Fraud Success in the UK

• Impact: UK government recovered over £480 million using anomaly detection across databases; much from COVID-19 loan fraud.

13. Interpol Anti-Cybercrime Operations

• Results: Seized nearly $440 million from over 68,000 bank accounts and 400 crypto wallets.
• Focus: 7 types of crimes, including phishing, business email compromise, investment scams.

14. Mandiant's New Chinese Malware Detection Tool

• Product: Scans for Brickstorm, a Chinese APT backdoor on enterprise networking equipment.
• Target: Legal and technology sectors.

"Google Mandiant has released a tool designed to locate Chinese backdoor malware on networking devices... group often targets companies in the legal and tech sectors."
— Claire Aird [06:10]

Notable Quotes

• On EU Windows 10 Updates:
  “Microsoft has removed the conditions for free updates.” — Claire Aird [00:24]

• On Casino Hack Release Conditions:
  “Conditions of his release include restrictions of cell phone and Internet use and he's unable to leave Las Vegas Clark County.” — Claire Aird [02:39]

• On Amazon’s FTC Settlement:
  “The settlement is the largest civil penalty in the FTC's history.” — Claire Aird [04:53]

Important Segment Timestamps

| Segment Title | Time | |-------------------------------|-----------| | EU Windows 10 Update News | 00:04–01:00 | | Microsoft/Israeli Intel Contract| 01:00–01:18 | | Predator Gate Trial | 01:18–01:46 | | UK Airport Attack Arrest | 02:00–02:18 | | Las Vegas Casino Hack Update | 02:18–02:41 | | Cisco Zero Days | 03:00–03:22 | | Agri-Cybersecurity Bill | 03:35–03:49 | | Major Ransomware/Breaches | 03:49–04:18 | | TikTok/Amazon Fines | 04:19–04:55 | | SAP Antitrust, Open Source | 04:55–05:32 | | UK Anti-Fraud AI Tools | 05:32–05:57 | | Interpol Seizure Operation | 05:57–06:10 | | Mandiant Tool for Brickstorm | 06:10–END |

Tone and Style

The episode is fast-paced, matter-of-fact, and clear—reading like a news bulletin with concise, data-driven reporting and little editorializing.

Summary

This Risky Bulletin provides a comprehensive update on key cybersecurity developments, with significant focus on consumer protection (EU Windows 10 updates, Amazon fine), geopolitical cyber-operations (Predator Gate, Israeli Intel contract), and major security incidents in both public and private sectors. Listeners gain a succinct briefing on the major threats, legislative proposals, and corporate responses that are shaping cybersecurity in late 2025.