Risky Bulletin: Windows 10 Reaches End-of-Life

Podcast: Risky Bulletin by Risky.biz
Host: Clare Aird (news prepared by Catalin Cimpanu)
Date: October 15, 2025

Overview

This episode delivers a concise roundup of the week’s major cybersecurity headlines. Highlights include the official end-of-life for Windows 10, a massive US crypto seizure targeting cyberscammers, ongoing cyber operations linked to geopolitical tension between China and Taiwan, major vulnerabilities in widely used hardware and software, and other impactful incidents across the globe.

Key Discussion Points and Insights

Windows 10 and Microsoft Products Reach End-of-Life

[00:08] Windows 10's mainstream support ended over 10 years after release.
- No further security updates unless enrolled in Extended Security Updates (ESU).
- Free upgrade to Windows 11 available.
- Simultaneous support end for Microsoft Exchange 2016 and 2019.
Quote:
- “Windows 10 reached end of life on Tuesday, more than 10 years after its release.” (Clare Aird, 00:08)

CISA Layoffs Avoided Cyber Personnel

[00:22] Last week’s layoffs at CISA spared cybersecurity teams.
- Staff cuts affected the stakeholder engagement team, chemical security unit, and the round-the-clock watch center.
Quote:
- "Last week's CISA layoffs did not impact the agency's cybersecurity personnel. Some affected employees worked in CISA’s stakeholder engagement division..." (Clare Aird, 00:22)

UK Modernizes Encryption Key Distribution

[00:36] UK replaces legacy punch tape and CD systems with a £2.6B upgrade.

China-Taiwan Cyber Tensions Escalate

[00:43] Taiwan’s intelligence points to over 10,000 social media accounts distributing disinformation, mostly on Facebook, with 1.5M messages.
[00:54] China issues $1,400 bounties for 18 Taiwanese military members accused of psychological warfare.

Major US Crypto Seizure from Cybercrime Group

[01:05] US authorities seize $15B in cryptocurrency from the “Prince Group.”
- The group trafficked people into Cambodia, forcing them into scam operations at casinos and luxury hotels.
- CEO Chen Ji and group now under sanctions and facing criminal charges.
Quote:
- “The US government has seized $15 billion worth of crypto from one of the largest cyberscam compound operators, the Prince Group.” (Clare Aird, 01:05)

Global Law Enforcement Actions

[01:22] German and Bulgarian agencies shut down over 1,400 crypto scam sites, with hundreds of thousands of access attempts recorded post-seizure.

Altamides Phone Tracking Platform Exposed

[01:35] Leaked records detail how Altamides tracked over 14,000 phones, exploiting SS7 protocol weaknesses to target political, business, and media figures.
- Platform founded in Austria, operated by Indonesia’s First Wap, in use over 20 years.

Satellite Communications Vulnerabilities

[01:51] Three-year academic study finds nearly half of satellite comms are unencrypted; intercepted government and military data.
- T-Mobile begins encrypting satellite comms in response.

SonicWall SSL VPN Compromise

[02:04] Over 100 devices hacked in a week using stolen credentials; attackers gained network-wide access in some cases.
- Hacks tied to stolen configuration backups via SonicWall’s cloud.

Exploitation of ICT Broadcast Call Center Software

[02:16] Vulnerability allows unauthenticated remote code execution by modifying one HTTP cookie field.
- Nearly 200 servers currently exposed.

Secure Boot Bypass in Framework Laptops

[02:28] Over 200,000 Framework devices affected.
- Signed UEFI shell abused to bypass secure boot and load malware.
- Framework patched vulnerability after disclosure from Eclipsium researchers.

New Academic Attacks on AMD and Android Devices

[02:40] "RMPOCALYPSE": New research breaks confidentiality of AMD SEV-SNP enclaves (Zen 3, 4, 5 CPUs).
- Exploits a brief window during boot; overwrites RMP table.
[02:53] “Pic Snapping” side-channel attack for Android.
- Malicious app can steal sensitive info—Signal chats, 2FA codes—via graphics rendering exploits.

Click Fix Phishing Tactics Expand

[03:07] 75% of sites using “click fix” techniques also host “attacker-in-the-middle” phishing.
- Lab539 now tracks 13,000+ domains deploying these lures.

Discord Data Breach Source Contested

[03:17] Customer support firm 5ca denies involvement in Discord ID record breach, stating it never handled user records.
- The company claims the breach likely involved human error elsewhere.

Korean Telco KT Under Investigation

[03:27] Korea Telecom allegedly obstructed probe into micropayments platform breach; customers lost ~$170,000.
- KT is South Korea’s second-biggest telco.

Ansell Security Breach Linked to 3rd Party Software

[03:40] Australian glove maker discloses hack; most breached data not sensitive.

4chan Fined for Age Verification Failure

[03:46] UK regulators fine 4chan £20,000 for failing to verify user age on adult content, with daily fines for non-payment.

Jeep Hybrid Telematics Update Bricks Cars

[03:58] Poorly tested firmware update disables electric engines mid-drive in Jeep 4Xe hybrids.
- Rollout halted after power losses reported.

Notable Quotes & Memorable Moments

Windows End of Life:
- “Windows 10 reached end of life on Tuesday, more than 10 years after its release.” (00:08)
US Crypto Seizure:
- “The US government has seized $15 billion worth of crypto from one of the largest cyberscam compound operators, the Prince Group.” (01:05)
SonicWall Attack Escalation:
- “On some devices, the attackers moved laterally across the victims networks and escalated their access.” (02:10)
Jeep Firmware Snafu:
- “Users who installed it reported losing power to their electric engines mid drive. Jeep pulled the update once reports of problems started coming in.” (03:58)

Timestamps for Important Segments

Windows 10 & Exchange End of Life: 00:08
CISA Layoffs Avoid Cyber Personnel: 00:22
UK Encryption Key Modernization: 00:36
China-Taiwan Disinformation: 00:43
US Prince Group Crypto Seizure: 01:05
Altamides Phone Surveillance Exposed: 01:35
Satellite Comms Vulnerabilities: 01:51
SonicWall SSL VPN Attack: 02:04
Framework Secure Boot Bypass: 02:28
RMPOCALYPSE Attack on AMD: 02:40
Pic Snapping Attack on Android: 02:53
Click Fix Phishing Expansion: 03:07
Korea Telecom Investigation: 03:27
Jeep Telematics Blunder: 03:58

Overall Tone:
Factual, fast-paced, and news-driven, emphasizing clarity, impact, and urgency, with a keen focus on actionable details for cybersecurity professionals and enthusiasts.

Risky Bulletin: Windows 10 Reaches End-of-Life

Podcast: Risky Bulletin by Risky.biz
Host: Clare Aird (news prepared by Catalin Cimpanu)
Date: October 15, 2025

Overview

Key Discussion Points and Insights

Windows 10 and Microsoft Products Reach End-of-Life

[00:08] Windows 10's mainstream support ended over 10 years after release.
- No further security updates unless enrolled in Extended Security Updates (ESU).
- Free upgrade to Windows 11 available.
- Simultaneous support end for Microsoft Exchange 2016 and 2019.
Quote:
- “Windows 10 reached end of life on Tuesday, more than 10 years after its release.” (Clare Aird, 00:08)

CISA Layoffs Avoided Cyber Personnel

[00:22] Last week’s layoffs at CISA spared cybersecurity teams.
- Staff cuts affected the stakeholder engagement team, chemical security unit, and the round-the-clock watch center.
Quote:
- "Last week's CISA layoffs did not impact the agency's cybersecurity personnel. Some affected employees worked in CISA’s stakeholder engagement division..." (Clare Aird, 00:22)

UK Modernizes Encryption Key Distribution

[00:36] UK replaces legacy punch tape and CD systems with a £2.6B upgrade.

China-Taiwan Cyber Tensions Escalate

[00:43] Taiwan’s intelligence points to over 10,000 social media accounts distributing disinformation, mostly on Facebook, with 1.5M messages.
[00:54] China issues $1,400 bounties for 18 Taiwanese military members accused of psychological warfare.

Major US Crypto Seizure from Cybercrime Group

[01:05] US authorities seize $15B in cryptocurrency from the “Prince Group.”
- The group trafficked people into Cambodia, forcing them into scam operations at casinos and luxury hotels.
- CEO Chen Ji and group now under sanctions and facing criminal charges.
Quote:
- “The US government has seized $15 billion worth of crypto from one of the largest cyberscam compound operators, the Prince Group.” (Clare Aird, 01:05)

Global Law Enforcement Actions

[01:22] German and Bulgarian agencies shut down over 1,400 crypto scam sites, with hundreds of thousands of access attempts recorded post-seizure.

Altamides Phone Tracking Platform Exposed

[01:35] Leaked records detail how Altamides tracked over 14,000 phones, exploiting SS7 protocol weaknesses to target political, business, and media figures.
- Platform founded in Austria, operated by Indonesia’s First Wap, in use over 20 years.

Satellite Communications Vulnerabilities

[01:51] Three-year academic study finds nearly half of satellite comms are unencrypted; intercepted government and military data.
- T-Mobile begins encrypting satellite comms in response.

SonicWall SSL VPN Compromise

[02:04] Over 100 devices hacked in a week using stolen credentials; attackers gained network-wide access in some cases.
- Hacks tied to stolen configuration backups via SonicWall’s cloud.

Exploitation of ICT Broadcast Call Center Software

[02:16] Vulnerability allows unauthenticated remote code execution by modifying one HTTP cookie field.
- Nearly 200 servers currently exposed.

Secure Boot Bypass in Framework Laptops

[02:28] Over 200,000 Framework devices affected.
- Signed UEFI shell abused to bypass secure boot and load malware.
- Framework patched vulnerability after disclosure from Eclipsium researchers.

New Academic Attacks on AMD and Android Devices

[02:40] "RMPOCALYPSE": New research breaks confidentiality of AMD SEV-SNP enclaves (Zen 3, 4, 5 CPUs).
- Exploits a brief window during boot; overwrites RMP table.
[02:53] “Pic Snapping” side-channel attack for Android.
- Malicious app can steal sensitive info—Signal chats, 2FA codes—via graphics rendering exploits.

Click Fix Phishing Tactics Expand

[03:07] 75% of sites using “click fix” techniques also host “attacker-in-the-middle” phishing.
- Lab539 now tracks 13,000+ domains deploying these lures.

Discord Data Breach Source Contested

[03:17] Customer support firm 5ca denies involvement in Discord ID record breach, stating it never handled user records.
- The company claims the breach likely involved human error elsewhere.

Korean Telco KT Under Investigation

[03:27] Korea Telecom allegedly obstructed probe into micropayments platform breach; customers lost ~$170,000.
- KT is South Korea’s second-biggest telco.

Ansell Security Breach Linked to 3rd Party Software

[03:40] Australian glove maker discloses hack; most breached data not sensitive.

4chan Fined for Age Verification Failure

[03:46] UK regulators fine 4chan £20,000 for failing to verify user age on adult content, with daily fines for non-payment.

Jeep Hybrid Telematics Update Bricks Cars

[03:58] Poorly tested firmware update disables electric engines mid-drive in Jeep 4Xe hybrids.
- Rollout halted after power losses reported.

Notable Quotes & Memorable Moments

Windows End of Life:
- “Windows 10 reached end of life on Tuesday, more than 10 years after its release.” (00:08)
US Crypto Seizure:
- “The US government has seized $15 billion worth of crypto from one of the largest cyberscam compound operators, the Prince Group.” (01:05)
SonicWall Attack Escalation:
- “On some devices, the attackers moved laterally across the victims networks and escalated their access.” (02:10)
Jeep Firmware Snafu:
- “Users who installed it reported losing power to their electric engines mid drive. Jeep pulled the update once reports of problems started coming in.” (03:58)

Timestamps for Important Segments

Windows 10 & Exchange End of Life: 00:08
CISA Layoffs Avoid Cyber Personnel: 00:22
UK Encryption Key Modernization: 00:36
China-Taiwan Disinformation: 00:43
US Prince Group Crypto Seizure: 01:05
Altamides Phone Surveillance Exposed: 01:35
Satellite Comms Vulnerabilities: 01:51
SonicWall SSL VPN Attack: 02:04
Framework Secure Boot Bypass: 02:28
RMPOCALYPSE Attack on AMD: 02:40
Pic Snapping Attack on Android: 02:53
Click Fix Phishing Expansion: 03:07
Korea Telecom Investigation: 03:27
Jeep Telematics Blunder: 03:58

Overall Tone:
Factual, fast-paced, and news-driven, emphasizing clarity, impact, and urgency, with a keen focus on actionable details for cybersecurity professionals and enthusiasts.

Risky Bulletin: Windows 10 reaches End-of-Life

Powered by Wave AI

Summary

Risky Bulletin: Windows 10 Reaches End-of-Life

Overview

Key Discussion Points and Insights

Windows 10 and Microsoft Products Reach End-of-Life

CISA Layoffs Avoided Cyber Personnel

UK Modernizes Encryption Key Distribution

China-Taiwan Cyber Tensions Escalate

Major US Crypto Seizure from Cybercrime Group

Global Law Enforcement Actions

Altamides Phone Tracking Platform Exposed

Satellite Communications Vulnerabilities

SonicWall SSL VPN Compromise

Exploitation of ICT Broadcast Call Center Software

Secure Boot Bypass in Framework Laptops

New Academic Attacks on AMD and Android Devices

Click Fix Phishing Tactics Expand

Discord Data Breach Source Contested

Korean Telco KT Under Investigation

Ansell Security Breach Linked to 3rd Party Software

4chan Fined for Age Verification Failure

Jeep Hybrid Telematics Update Bricks Cars

Notable Quotes & Memorable Moments

Timestamps for Important Segments

Summary

Risky Bulletin: Windows 10 Reaches End-of-Life

Overview

Key Discussion Points and Insights

Windows 10 and Microsoft Products Reach End-of-Life

CISA Layoffs Avoided Cyber Personnel

UK Modernizes Encryption Key Distribution

China-Taiwan Cyber Tensions Escalate

Major US Crypto Seizure from Cybercrime Group

Global Law Enforcement Actions

Altamides Phone Tracking Platform Exposed

Satellite Communications Vulnerabilities

SonicWall SSL VPN Compromise

Exploitation of ICT Broadcast Call Center Software

Secure Boot Bypass in Framework Laptops

New Academic Attacks on AMD and Android Devices

Click Fix Phishing Tactics Expand

Discord Data Breach Source Contested

Korean Telco KT Under Investigation

Ansell Security Breach Linked to 3rd Party Software

4chan Fined for Age Verification Failure

Jeep Hybrid Telematics Update Bricks Cars

Notable Quotes & Memorable Moments

Timestamps for Important Segments