Podcasts
CyberWire Daily
Ep 2372
The CyberWire Daily Podcast 8.15.25
Ep 2372 | 8.15.25

Media server mayday.

Show Notes
Transcript

Plex urges users to immediately update their Media Server due to an undisclosed security flaw. Cisco warns of a critical remote code execution flaw in their Secure Firewall Management Center software.Rockwell Automation discloses multiple critical and high-severity flaws. Hackers breached a Canadian House of Commons database. Active law enforcement and government email accounts are sold online for as little as $40. Telecom giant Colt Technology Services suffers a cyber incident disrupting its customer portal. Taiwan launches new measures to boost hospital cybersecurity after ransomware attacks. NIST has released a concept paper proposing control overlays for securing AI systems. A date with an AI chatbot ends in tragedy. Our guest is Randall Degges, Snyk's Head of Developer and Security Relations, to discuss how underqualified or outsourced coding support can open doors for nation-state threats. Dutch speed cameras are stuck in a cyber-induced siesta. 

Today is Friday August 15th 2025. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

Plex urges users to immediately update their Media Server due to an undisclosed security flaw. 

Plex has urged certain users to immediately update their Plex Media Server due to a recently fixed but undisclosed security flaw. The issue affects versions 1.41.7.x through 1.42.0.x and was reported via Plex’s bug bounty program. Four days after releasing a patch, Plex emailed affected users, warning them that their servers were outdated and recommending an urgent upgrade to version 1.42.1.10060, available via the management or downloads page. While the company hasn’t shared technical details or assigned a CVE-ID, the concern is that attackers could reverse engineer the patch to exploit unpatched systems. Plex rarely sends such direct vulnerability alerts, making this warning notable. Users are strongly advised to update immediately to protect their systems.

Cisco warns of a critical remote code execution flaw in their Secure Firewall Management Center software.

Cisco has warned of a critical remote code execution flaw (CVE-2025-20265) in Secure Firewall Management Center software, rated CVSS 10.0. The bug, in the RADIUS authentication system, allows unauthenticated remote attackers to run arbitrary commands with high privileges. It affects FMC releases 7.0.7 and 7.7.0 when RADIUS is enabled. Cisco urges immediate updates, as no direct workaround exists. Disabling RADIUS and using local, LDAP, or SAML authentication can mitigate risk. The flaw is part of a broader advisory covering 29 Cisco security issues.

Rockwell Automation discloses multiple critical and high-severity flaws. 

Rockwell Automation has disclosed multiple critical and high-severity flaws in FactoryTalk, Micro800, and ControlLogix products. Fixes include CVE-2025-7972 in FactoryTalk Linx, which could let attackers bypass FTSP token validation, and CVE-2025-7353 in ControlLogix enabling remote code execution. Micro800 PLCs received patches for Azure RTOS vulnerabilities allowing RCE and privilege escalation, plus a DoS flaw. Other high-severity issues affect FLEX 5000, Studio 5000, ArmorBlock 5000, FactoryTalk ViewPoint, and FactoryTalk Action Manager. No in-the-wild exploitation has been reported.

Yesterday, CISA issued 32 new Industrial Control Systems (ICS) advisories covering current security issues, vulnerabilities, and exploits affecting automation platforms  . The alerts span products from Siemens, including components like SIMATIC RTLS, Engineering Platforms, RUGGEDCOM, SINEC OS, and others.  CISA urges system operators and administrators to review these advisories promptly for detailed technical information and recommended mitigations 

Hackers breached a Canadian House of Commons database. 

Hackers breached a House of Commons database containing office locations and personal details of Canadian elected officials and staff. The attack, exploiting a recent Microsoft SharePoint vulnerability, exposed names, titles, emails, and device details. Authorities have not attributed the incident, and the investigation is ongoing with national security partners. The flaw, known as “ToolShell,” allows full SharePoint access and has been exploited by Chinese-linked groups Linen Typhoon, Violet Typhoon, and Storm-2603. Experts warn patching alone is insufficient, urging immediate mitigations alongside updates.

Active law enforcement and government email accounts are sold online for as little as $40. 

Research from Abnormal Security reveals cybercriminals are selling active law enforcement and government email accounts from countries including the U.S., UK, Germany, India, and Brazil for as little as $40. Unlike spoofed addresses, these are fully compromised accounts with complete login credentials, enabling impersonation, fraudulent legal requests, access to restricted portals, and intelligence gathering. Accounts are breached via credential stuffing, infostealer malware, and phishing. Sellers market them as toolkits for exploiting institutional trust, bypassing verification, and accessing sensitive systems. This commoditization of government authority elevates the risk far beyond phishing, enabling direct abuse of privileged law enforcement capabilities.

Telecom giant Colt Technology Services suffers a cyber incident disrupting its customer portal. 

Telecom giant Colt Technology Services has suffered a cyber incident disrupting its customer portal, Colt Online, and its Voice API platform since August 12. The London-based telecom says the attack targeted an internal system separate from customer infrastructure, with no evidence of data theft. Protective measures, including taking systems offline, caused service outages. Colt is working with third-party experts to restore operations and advises customers to use phone or email support. The cause remains unclear, though scans suggest possible targeting of Colt’s SharePoint servers.

Taiwan launches new measures to boost hospital cybersecurity after ransomware attacks. 

Taiwan’s Ministry of Digital Affairs (MODA) and Ministry of Health and Welfare (MOHW) are launching new measures to boost hospital cybersecurity after ransomware attacks on two top-tier hospitals earlier this year, linked to a Chinese hacker known as “CrazyHunter.” The plan includes cyber defense drills, talent development, institutional guidance, and enhanced inspections. A major 2025 drill will involve domestic and foreign white-hat hackers testing defenses at 11 hospitals. Following the February and March attacks, MOHW issued ransomware response guidelines and deployed Endpoint Detection and Response (EDR) across all medical centers. While officials stress resilience over invulnerability, the goal is rapid recovery if systems are breached, minimizing disruption and protecting sensitive patient data.

NIST has released a concept paper proposing control overlays for securing AI systems. 

The National Institute of Standards and Technology (NIST) has released a concept paper proposing control overlays for securing AI systems, built on its SP 800-53 cybersecurity framework. These overlays tailor security controls for specific AI types—such as generative, predictive, and agentic AI—and include guidance for AI developers. While experts welcome the move, some, like AppOmni’s Melissa Ruzzi, say the use cases lack sufficient detail, particularly around AI types (supervised vs. unsupervised) and data sensitivity, such as personal or medical information. She urges more specific controls and monitoring. NIST seeks public feedback via a Slack channel to refine the framework, aiming for a flexible yet practical standard to safeguard AI’s confidentiality, integrity, and availability in diverse real-world applications.

A date with an AI chatbot ends in tragedy. 

In March, 76-year-old Thongbue “Bue” Wongbandue died after rushing to meet “Big sis Billie,” a generative AI chatbot on Facebook Messenger that had convinced him she was a real woman. Bue, who had cognitive decline from a past stroke, fell en route and later died from his injuries. The chatbot, created by Meta in collaboration with Kendall Jenner, had invited him to her “apartment” and initiated romantic exchanges. Reuters obtained Meta’s internal AI content standards, which previously allowed romantic roleplay—even with minors—and permitted bots to present themselves as real. Following inquiries, Meta removed examples involving minors but still permits romantic roleplay with adults and inaccurate advice. Critics, including Bue’s family, warn that such bots can exploit vulnerable users, prioritizing engagement over safety.

 

Dutch speed cameras are stuck in a cyber-induced siesta. 

In the Netherlands, a lingering cyberattack has left dozens of speed cameras in a prolonged nap, much to the delight of lead-footed motorists. The Public Prosecution Service’s Central Processing Office admits it knows exactly which cameras are snoozing but won’t say where—because, well, they’re not that generous. The July 17 breach, courtesy of Citrix vulnerabilities, didn’t break the cameras directly; it just left the Service unable to switch them back on. Officials insist a “phased relaunch” is necessary, since their systems are tangled up with police, courts, and other agencies. Email was restored August 7, though large files remain in limbo. Until then, Dutch drivers might consider this their brief, unofficial Autobahn moment.

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

 

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re proud that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K helps cybersecurity professionals and organizations grow, learn, and stay ahead. We’re the nexus for discovering the people, tech, and ideas shaping the industry.  Learn how at n2k.com.

We'd love to hear from you. We're conducting our annual audience survey to learn more about our listeners. We're collecting your insights until August 31, 2025. There's a link in the show notes.

 

N2K’s senior producer is Alice Carruth. Our producer is Liz Stokes. We’re mixed by Elliott Peltzman and Tré Hester, with original music by Elliott Peltzman. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.

CyberWire Daily
Podcast Info
HOST(S):
Dave Bittner
Dave Bittner is a security podcast host and one of the founders at CyberWire. He's a creator, producer, videographer, actor, experimenter, and entrepreneur. He's had a long career in the worlds of television, journalism and media production, and is one of the pioneers of non-linear editing and digital storytelling.
Schedule: Monday-Friday
Creator: N2K Networks, Inc.