Risky Bulletin: Microsoft Revamps Edge's IE Mode After Zero-Day Attacks

Podcast: Risky Bulletin
Host/Reader: Claire Aird
Date: October 13, 2025
Prepared by: Catalyn Kimpano

Episode Overview

This edition of Risky Bulletin delivers a packed cybersecurity update, focusing on a major security overhaul by Microsoft after zero-day attacks in Edge’s IE Mode. The team also covers major law enforcement actions, company shifts in bug bounty programs, significant arrests related to cybercrime, and new findings about large-scale botnets and data poisoning attacks on AI. All stories are presented in a concise, news-focused style with sharp analysis.

Key Discussion Points and Insights

1. Microsoft Edge's IE Mode Targeted by Zero-Day Attacks

• [00:04] Vulnerability Details:
  • Threat actors exploited a zero-day in Edge’s legacy Internet Explorer Mode.
  • Attackers tricked users to reload malicious sites in IE Mode, leveraging a script engine vulnerability to run arbitrary code.
  • Attacks traced as far back as August.
• Microsoft Response:
  • The “easy button” to relaunch sites in IE Mode has been removed.
  • Users now face extra steps to activate IE Mode, mitigating widespread abuse.
  • Quote: “Microsoft has removed the one easy button that relaunches sites in Explorer mode– users now need to jump through several hoops.” (Claire, 00:24)

2. Glad.dotnet Zero-Day in File-Sharing Servers

• [00:42] Incident Overview:
  • New zero-day file read vulnerability in Center Stack and Trio Fox servers.
  • Used to steal server Net machine keys, enabling unauthorized code execution.
  • Glad.dotnet is working on a patch—this is their second zero-day incident this year.

3. U.S. Cyber Leadership and Government Workforce Developments

• [01:14] Cyber Command/NSA Leadership:
  • Lt. Gen. William Hartman will not be nominated as chief of Cyber Command and NSA.
  • Ongoing debate about “dual hat” arrangement (one head for both agencies).
• [01:31] CISA Layoffs:
  • Over 4,000 government workers fired last week, including 176 from CISA.
  • Some staff reassigned to immigration enforcement; it's the third round of CISA layoffs in 2025.

4. Apple’s Bug Bounty Reward Increase and Security Donation

• [01:54] Program Updates:
  • Apple doubles bug bounty rewards for serious vulnerabilities to a new maximum of $5 million for remote attacks on Lockdown Mode.
  • Expands bounty categories and introduces new rewards starting November.
  • Donates 1,000 security-hardened iPhones to civil society orgs for high-risk users.
  • Quote: “Apple will double its bug bounty rewards for serious vulnerabilities and exploit chains. Rewards will max out at $5 million for remote attacks on Lockdown Mode.” (Claire, 02:02)

5. NSO Group Acquisition by U.S. Investors

• [02:37] Buyout Details:
  • Hollywood producer Robert Symons leads the investment group.
  • Wired reports the deal is valued at “several tens of millions” (was $1 billion in 2019).
  • NSO will remain in Israel, subject to export control; still on the U.S. Treasury’s banned list.

6. FBI Seizes Salesforce Extortion Site

• [03:09] Law Enforcement Action:
  • FBI takes down an extortion site targeting Salesforce, operated by “Scattered Lapsus Hunters.”
  • Seizure occurred just before planned data leak; dark web site still online.
  • Group previously released data from Qantas, Vietnam Airlines, and four other companies.

7. Cybercrime Arrests in Argentina, Cambodia, and Spain

• [04:13] Argentina/Interpol:
  • Arrest of Nigerian man Ikechukwu N. for romance scams; country’s first based on Interpol Red Notice and also linked to the Silver Notice database.
• [04:44] Cambodia:
  • Cambodian police raid Morgan Tower on repeat for crypto scam activity, arresting 81 people.
• [05:04] Spain:
  • Spanish authorities arrest “Google Xcoder,” a Brazilian running the GXC Team phishing service.
  • The service could bypass 2FA and included Android banking malware.

8. Fast Track Online Gambling Data Breach

• [05:38] Incident Details:
  • Hackers target cryptocurrency casinos Shuffle and Rubet via a Fast Track breach.
  • Stolen data includes personal details and betting history.

9. Apple’s Age Verification in Texas

• [06:01] Regulatory Response:
  • To comply with new Texas laws, users under 18 must join a family plan.
  • Apple expands age verification tools to app developers.

10. Aesuru DDoS Botnet Record and Activity

• [06:23] Growth/Impacts:
  • Aesuru botnet infects 300,000+ systems, mostly US-based now.
  • Holds record for largest DDoS attacks; coordinated scanning of 100,000 RDP endpoints since Oct. 8.
  • Identified by Greynoise after anomaly in Brazil.

11. Oracle’s Emergency Security Patch

• [07:15] Update:
  • Out-of-band patch for a critical unauthenticated access vulnerability in Oracle E-Business Suite.
  • Second emergency patch for EBS this month.

12. Google Chrome to Revoke Notification Permissions

• [07:36] User Security Improvement:
  • Chrome to revoke notification permissions for sites not visited recently to cut notification spam.

13. Data Poisoning Attacks on LLMs More Feasible Than Thought

• [07:50] Research Highlight:
  • New academic study shows as few as 250 poisoned documents can significantly affect LLM output.
  • Anthropic AI comments this upends earlier beliefs about required data volume for attacks.
  • Quote: “Researchers say data poisoning attacks on LLMs are more practical than previously thought... as few as 250 malicious documents could poison an LLM’s output.” (Claire, 07:51)

Notable Quotes & Memorable Moments

• “Microsoft has removed the one easy button that relaunches sites in Explorer mode– users now need to jump through several hoops.” (Claire, 00:24)
• “Apple will double its bug bounty rewards for serious vulnerabilities and exploit chains. Rewards will max out at $5 million for remote attacks on Lockdown Mode.” (Claire, 02:02)
• “Researchers say data poisoning attacks on LLMs are more practical than previously thought... as few as 250 malicious documents could poison an LLM’s output.” (Claire, 07:51)

Timestamps for Important Segments

• 00:04 – Microsoft Edge IE Mode zero-day attacks and response
• 00:42 – Glad.dotnet file-sharing zero-day
• 01:14 – Cyber leadership changes and CISA layoffs
• 01:54 – Apple bug bounty upgrades and security donations
• 02:37 – NSO Group acquisition by US investors
• 03:09 – FBI’s seizure of Salesforce extortion site
• 04:13 - 05:04 – Cybercrime arrests in Argentina, Cambodia, Spain
• 05:38 – Fast Track gambling data breach
• 06:01 – Apple age verification for Texas users
• 06:23 – Aesuru DDoS botnet growth and attacks
• 07:15 – Oracle EBS zero-day security patch
• 07:36 – Chrome notification permissions update
• 07:50 – Feasibility of LLM data poisoning attacks

Podcast Tone & Style

Claire maintains a fast-paced, factual tone packed with details, giving listeners succinct updates with minimal editorializing, and focusing on the actionable implications of each story.

This episode is a comprehensive rundown of major cybersecurity events, policy changes, and evolving technical threats, providing listeners with critical insights and direct quotes from the field’s breaking stories.