Risky Bulletin: Pentagon has more than 70,000 Cyber Personnel

Podcast: Risky Bulletin
Date: September 19, 2025
Host: Amberly Jackson (prepared by Catalyn Campanu)

Episode Overview

This episode delivers concise yet detailed updates on the latest developments in cybersecurity. Key stories include a major US Government Accountability Office (GAO) review revealing the Pentagon’s vast cyber workforce, critical vulnerabilities and breaches across public and private sectors, surveillance contracts, notable cybercrime arrests, and new regulations. The tone remains factual and analytical, with a focus on the implications for both the industry and the public.

Key Discussion Points & Insights

1. Pentagon’s Massive Cyber Workforce

• The GAO released its first comprehensive review of US cyber personnel and capabilities.
• Key Statistics:
  • 70,000+ cyber personnel across 500 organizations
  • 61,000 are military and civilian staff
  • 9,500 are temporary contractors
• Critical Insight: Multiple organizations provide overlapping services, suggesting potential for cost-cutting and efficiency improvements.
• "The report found that many military organisations provide overlapping services and could allow room for cost cutting." (00:35)

2. Major US Data Leaks and Surveillance Contracts

• DHS Data Leak: Due to a platform misconfiguration, the Department of Homeland Security’s Office of Intelligence and Analysis exposed unclassified investigative leads for two months in 2023. Thousands of unauthorized users accessed the data. (01:00)

• ICE Forensics and Surveillance Contracts:

  • Magnet Forensics: $3 million contract for the Grey Key phone unlocking tool.
  • Clearview AI: $10 million contract for facial recognition.
  • Paragon Solutions: Reactivated contract with Israeli spyware vendor.

3. Global Policy and Regulatory Action

• Brazil: Passed a data protection law akin to the UK Online Safety Act, imposing:
  • Age verification and parental controls
  • Ban on targeted advertising to children
• Moldova: Creating 'Stratcom', a 29-employee agency to counter disinformation; launches post-parliamentary elections. (01:34)

4. Emergent Threats and Research

• DeepSeek AI Bias: Research reveals that DeepSeek AI delivers insecure code to programmers from groups “deemed sensitive by China” (e.g., Tibet and Taiwan), while refusing code for queries linked to groups like Falun Gong or ISIS. (01:54)

  • "DeepSeek AI returns code with security flaws to coders that are working for groups deemed sensitive by China." (01:55)

• SonicWall Firewall Breach: Hackers conducted a brute-force attack, stealing firewall config backups from <5% of SonicWall devices via the MySonicWall cloud. (02:27)

• Survival Flight Breach: Data Extortion Crew leaked information on nearly 11,000 emergency medical transport patients; the firm was compromised twice in under a year. (02:50)

5. Cybercrime and Law Enforcement

• Scattered Spider Arrests: UK police arrested two teenage members, including Thala Joubert (19) and Owen Flowers (18), for hacking London’s transit authority and US companies.

  • Joubert faces US charges for hacking 47 companies and extorting at least $115 million. (03:24)
  • "Joubert has also been charged in the US for the hacks of 47 American companies and extorting ransoms of at least $115m." (03:40)

• Westminster ‘Honey Trap’ Scandal: Ex-councillor Oliver Stedman charged with blackmail after impersonating a woman to target politicians; originally suspected as a foreign operation. (03:55)

6. Supply Chain & Malware Updates

• NPM Worm Supply Chain Attack: Over 500 NPM packages compromised, stealing tokens and uploading them on GitHub. Impact is macOS/Linux-focused, linked to previous Singularity attacks. Upguard identified at least 17 major affected companies. (04:35)

• System BC Botnet: Active again post-Europol takedown, now targeting virtual private servers instead of home users. Access is sold to proxy operators. (05:00)

7. Old and New Vulnerabilities

• Router Vulnerabilities: 10-year-old “Pixie Dust” WiFi attack still affects 20 out of 24 current routers per NetRise. Allows attackers to recover WPS PINs and access networks. (05:25)

• Google Chrome Zero-Day: Actively exploited flaw in V8 JavaScript engine, patched as the sixth Chrome Zero-Day this year. (05:47)

• WordPress Plugin Exploit: Serious vulnerability in "Case Theme User" plugin, bundled with multiple commercial themes; allows account hijacks knowing only a user’s email. Over 12,000 sites at risk. (06:05)

8. Industry and Defensive Moves

• EDR Vendors Withdraw from MITRE ATT&CK Evaluations:
  • SentinelOne, Palo Alto Networks (last week), Microsoft (June) have withdrawn from the evaluations that test detection of real-world threat actor TTPs. (06:32)

Notable Quotes & Memorable Moments

• On Pentagon’s cyber headcount and inefficiencies:
  "The report found that many military organisations provide overlapping services and could allow room for cost cutting." — Amberly Jackson (00:35)

• On DeepSeek AI's selective vulnerabilities:
  "DeepSeek AI returns code with security flaws to coders that are working for groups deemed sensitive by China." — Amberly Jackson (01:55)

• On Scattered Spider charges:
  "Joubert has also been charged in the US for the hacks of 47 American companies and extorting ransoms of at least $115m." — Amberly Jackson (03:40)

Timestamps for Important Segments

• [00:04] — Opening stories & Pentagon workforce
• [01:00] — DHS leak; ICE surveillance contracts
• [01:34] — Brazil’s child protection law; Moldova’s Stratcom
• [01:54] — DeepSeek AI code bias
• [02:27] — SonicWall firewall config breach
• [02:50] — Survival Flight patient breach
• [03:24] — Scattered Spider hacker arrests
• [03:55] — Westminster blackmail scandal
• [04:35] — NPM supply chain attack
• [05:00] — System BC botnet resurgence
• [05:25] — WiFi Pixie Dust router vulnerability
• [05:47] — Google Chrome zero-day exploit
• [06:05] — WordPress plugin vulnerability
• [06:32] — EDR vendors quit MITRE ATT&CK testing

Summary

This episode delivers a dense rundown of cybersecurity news spanning government operations, major hacks, regulatory progress, persistent vulnerabilities, and industry shifts. The Risky Biz team keeps the tone brisk, professional, and insightful, providing listeners with actionable awareness of the key risks and developments in the field.