Summary5 min read

Risky Bulletin: Windows 10 Reaches End-of-Life

Podcast: Risky Bulletin by Risky.biz
Host: Clare Aird (news prepared by Catalin Cimpanu)
Date: October 15, 2025

Overview

This episode delivers a concise roundup of the week’s major cybersecurity headlines. Highlights include the official end-of-life for Windows 10, a massive US crypto seizure targeting cyberscammers, ongoing cyber operations linked to geopolitical tension between China and Taiwan, major vulnerabilities in widely used hardware and software, and other impactful incidents across the globe.

Key Discussion Points and Insights

Windows 10 and Microsoft Products Reach End-of-Life

[00:08] Windows 10's mainstream support ended over 10 years after release.
- No further security updates unless enrolled in Extended Security Updates (ESU).
- Free upgrade to Windows 11 available.
- Simultaneous support end for Microsoft Exchange 2016 and 2019.
Quote:
- “Windows 10 reached end of life on Tuesday, more than 10 years after its release.” (Clare Aird, 00:08)

CISA Layoffs Avoided Cyber Personnel

[00:22] Last week’s layoffs at CISA spared cybersecurity teams.
- Staff cuts affected the stakeholder engagement team, chemical security unit, and the round-the-clock watch center.
Quote:
- "Last week's CISA layoffs did not impact the agency's cybersecurity personnel. Some affected employees worked in CISA’s stakeholder engagement division..." (Clare Aird, 00:22)

UK Modernizes Encryption Key Distribution

[00:36] UK replaces legacy punch tape and CD systems with a £2.6B upgrade.

China-Taiwan Cyber Tensions Escalate

[00:43] Taiwan’s intelligence points to over 10,000 social media accounts distributing disinformation, mostly on Facebook, with 1.5M messages.
[00:54] China issues $1,400 bounties for 18 Taiwanese military members accused of psychological warfare.

Major US Crypto Seizure from Cybercrime Group

[01:05] US authorities seize $15B in cryptocurrency from the “Prince Group.”
- The group trafficked people into Cambodia, forcing them into scam operations at casinos and luxury hotels.
- CEO Chen Ji and group now under sanctions and facing criminal charges.
Quote:
- “The US government has seized $15 billion worth of crypto from one of the largest cyberscam compound operators, the Prince Group.” (Clare Aird, 01:05)

Global Law Enforcement Actions

[01:22] German and Bulgarian agencies shut down over 1,400 crypto scam sites, with hundreds of thousands of access attempts recorded post-seizure.

Altamides Phone Tracking Platform Exposed

[01:35] Leaked records detail how Altamides tracked over 14,000 phones, exploiting SS7 protocol weaknesses to target political, business, and media figures.
- Platform founded in Austria, operated by Indonesia’s First Wap, in use over 20 years.

Satellite Communications Vulnerabilities

[01:51] Three-year academic study finds nearly half of satellite comms are unencrypted; intercepted government and military data.
- T-Mobile begins encrypting satellite comms in response.

SonicWall SSL VPN Compromise

[02:04] Over 100 devices hacked in a week using stolen credentials; attackers gained network-wide access in some cases.
- Hacks tied to stolen configuration backups via SonicWall’s cloud.

Exploitation of ICT Broadcast Call Center Software

[02:16] Vulnerability allows unauthenticated remote code execution by modifying one HTTP cookie field.
- Nearly 200 servers currently exposed.

Secure Boot Bypass in Framework Laptops

[02:28] Over 200,000 Framework devices affected.
- Signed UEFI shell abused to bypass secure boot and load malware.
- Framework patched vulnerability after disclosure from Eclipsium researchers.

New Academic Attacks on AMD and Android Devices

[02:40] "RMPOCALYPSE": New research breaks confidentiality of AMD SEV-SNP enclaves (Zen 3, 4, 5 CPUs).
- Exploits a brief window during boot; overwrites RMP table.
[02:53] “Pic Snapping” side-channel attack for Android.
- Malicious app can steal sensitive info—Signal chats, 2FA codes—via graphics rendering exploits.

Click Fix Phishing Tactics Expand

[03:07] 75% of sites using “click fix” techniques also host “attacker-in-the-middle” phishing.
- Lab539 now tracks 13,000+ domains deploying these lures.

Discord Data Breach Source Contested

[03:17] Customer support firm 5ca denies involvement in Discord ID record breach, stating it never handled user records.
- The company claims the breach likely involved human error elsewhere.

Korean Telco KT Under Investigation

[03:27] Korea Telecom allegedly obstructed probe into micropayments platform breach; customers lost ~$170,000.
- KT is South Korea’s second-biggest telco.

Ansell Security Breach Linked to 3rd Party Software

[03:40] Australian glove maker discloses hack; most breached data not sensitive.

4chan Fined for Age Verification Failure

[03:46] UK regulators fine 4chan £20,000 for failing to verify user age on adult content, with daily fines for non-payment.

Jeep Hybrid Telematics Update Bricks Cars

[03:58] Poorly tested firmware update disables electric engines mid-drive in Jeep 4Xe hybrids.
- Rollout halted after power losses reported.

Notable Quotes & Memorable Moments

Windows End of Life:
- “Windows 10 reached end of life on Tuesday, more than 10 years after its release.” (00:08)
US Crypto Seizure:
- “The US government has seized $15 billion worth of crypto from one of the largest cyberscam compound operators, the Prince Group.” (01:05)
SonicWall Attack Escalation:
- “On some devices, the attackers moved laterally across the victims networks and escalated their access.” (02:10)
Jeep Firmware Snafu:
- “Users who installed it reported losing power to their electric engines mid drive. Jeep pulled the update once reports of problems started coming in.” (03:58)

Timestamps for Important Segments

Windows 10 & Exchange End of Life: 00:08
CISA Layoffs Avoid Cyber Personnel: 00:22
UK Encryption Key Modernization: 00:36
China-Taiwan Disinformation: 00:43
US Prince Group Crypto Seizure: 01:05
Altamides Phone Surveillance Exposed: 01:35
Satellite Comms Vulnerabilities: 01:51
SonicWall SSL VPN Attack: 02:04
Framework Secure Boot Bypass: 02:28
RMPOCALYPSE Attack on AMD: 02:40
Pic Snapping Attack on Android: 02:53
Click Fix Phishing Expansion: 03:07
Korea Telecom Investigation: 03:27
Jeep Telematics Blunder: 03:58

Overall Tone:
Factual, fast-paced, and news-driven, emphasizing clarity, impact, and urgency, with a keen focus on actionable details for cybersecurity professionals and enthusiasts.

Loading summary

Transcript1 lines

[00:04]
A
Windows 10 reaches end of life CISA cyber personnel avoided last week's layoffs, the US seizes $15 billion from a cyberscam compound operator and a secure boot bypass impacts 200,000 framework computers. This is the risky bulletin prepared by Catalyn Kimpanu and read by me, Clare Aird. Today is the 15th of October and this podcast episode is brought to you by nebuloc. Windows 10 reached end of life on Tuesday, more than 10 years after its release. The operating system won't receive new security updates unless users enrol in the Extended Security Updates program. Users can also Upgrade to Windows 11 for free. Supporters also ended for Microsoft Exchange 2016 and 2019. In other news, last week's CISA layoffs did not impact the agency's cybersecurity personnel. Some some affected employees worked in CISA's stakeholder engagement division, a team that manages relations with local and international partners. The layoffs also impacted CISA's chemical security unit and the Integrated Operations Division, which runs CISA's around the Clock watch centre. The UK has rolled out a new system to distribute encryption keys. The crypt keys system will replace the Legacy approach, which distributed cryptographic key material via punch tape and CDs. The upgrade has cost the UK 2.6 billion pounds. Taiwan's intelligence agency has identified more than 10,000 social media accounts distributing disinformation. Most of the accounts were on Facebook and distributed a combined 1.5 million messages. Officials said that China is attacking Taiwan's independence and pushing pro Chinese Communist Party views. China has issued bounties for information on 18 Taiwanese military members. Police in China's Fujian province claim the individuals are part of what it describes as Taiwan's psychological warfare unit. China has accused the unit of gathering intelligence and spreading disinformation and propaganda. Rewards of $1,400 per person have been offered for information leading to arrests. The US government has seized $15 billion worth of crypto from one of the largest cyberscam compound operators, the Prince Group. The US has also sanctioned and charges against the group and its CEO, Chen Ji. The organisation operated multiple prison like scam compounds from casinos and luxury hotels in Cambodia. Individuals trafficked into the country were forced to carry out scams under the threat of violence. German and Bulgarian authorities have seized more than 1,400 financial scam websites. The sites lured users to invest in cryptocurrency, collected funds and then disappeared. Officials recorded more than 866,000 attempts to access the sites in the 10 days after they were seized. The Altamides phone tracking and surveillance platform has been used to track the movements of more than 14,000 phones. Leaked records revealed that the platform was used to track political figures, famous executives, journalists and activists. According to a Lighthouse report, it exploited vulnerabilities in the SS7 telecommunications protocol to locate individuals using their phone numbers. The platform has been around for two decades. It was founded by an Austrian and is operated by Indonesian company First wap. A team of academics spent three years surveying satellite communications and found that almost half were unencrypted. Researchers intercepted mobile carrier calls, texts and even military and government communications. One telco T Mobile has begun encrypting its satellite communications following the research team's report. More than 100 SonicWall SSL VPN devices have been hacked in the last week. Security firm Huntress says attackers used valid credentials to authenticate and take over the devices. On some devices, the attackers moved laterally across the victims networks and escalated their access. Huntress believes the attacks are related to a recent breach which where hackers stole device configuration backups from Sonicwall's cloud service Threat actors are exploiting a vulnerability in ICT broadcast call center software. The vulnerability allows remote attackers to inject and run commands. Exploitation doesn't require authentication and only involves modifying the cookie field in an HTTP header. According to Volncheck, there are almost 200 ICT broadcast servers currently exposed on the Internet. More than 200,000 framework computers are vulnerable to a secure boot bypass. The devices shipped with a signed UEFI shell environment that can be abused to bypass the secure boot process and load malicious code. Framework released security updates after the company was notified by researchers from Eclipsium. A team of academics has developed a new attack that breaks the confidentiality of AMD secure enclaves. The RMPOCALYPSE attack targets the reverse map table Secur security feature of the AMD SEV SNP enclave. The attack exploits a short window of time during the boot where the attacker can overwrite the RMP with malicious code. It affects AMD Zen 3, 4 and 5 CPUs. A team of academics has developed a new attack that can recover sensitive information from Android smartphones named Pic Snapping. The. The attack uses a malicious app installed on target devices. It opens other apps and steals the contents of the screen via a side channel in the graphics rendering process. The attack was successfully used to recover signal chats and two FA codes from Google Authenticator. 75% of sites carrying out click fix attacks were already hosting attacker in the middle phishing pages. The overlap suggests that existing threat actors are incorporating the click fix technique in into their operations. Lab539 says it's now tracking more than 13,000 domains carrying click fix lures. 5ca has denied being the source of a recent Discord security breach. The company, which provides customer support services, says it never handled ID records for Discord users despite news reports identifying it as the source. It also said the breach occurred outside of its systems and and may have involved human error. South Korean law enforcement has been asked to investigate Korea Telecom over obstructing an official probe. The government says the telco failed to cooperate with its investigation into the company's micropayments platform. KT customers reported losing almost $170,000 to suspicious transactions that were later linked to a data breach. KT is the country's second largest telco. Australian rubber glove maker Ansell has disclosed a security breach. The company linked the hack to vulnerabilities in a third party software. It said most of the data is not sensitive. 4chan has been fined £20,000 for non compliance with the UK Online Safety Act. The law required 4chan to verify the age of its users before showing adult content. The fine issued by the UK communications watchdog will increase by £100 per per day until it's paid. And finally, a bad firmware update has bricked a hybrid model of Jeep. The update was shipped for the telematics module in the 4Xe variant of the vehicles. Users who installed it reported losing power to their electric engines mid drive. Jeep pulled the update once reports of problems started coming in. And that is all for this podcast edition. Today's show was brought to you by our sponsor Nebuloc. Find them@nebuloc IO thanks to your company.