High-Severity Zero-Days, Cache Poisoning, and the AI Code Judgment Crisis Artwork

Daily Cyber Briefing

The Daily Cyber Briefing delivers concise, no-fluff updates on the latest cybersecurity threats, breaches, and regulatory changes. Each episode equips listeners with actionable insights to stay ahead of emerging risks in today’s fast-moving digital landscape.

All Episodes

Daily Cyber Briefing

High-Severity Zero-Days, Cache Poisoning, and the AI Code Judgment Crisis

October 23, 2025 • Mike Housch • Season 1 • Episode 36

Today we dive into critical updates for BIND against high-severity cache poisoning flaws, the zero-day exploitation of Lanscope Endpoint Manager that requires immediate federal attention, and the serious governance concerns raised by "vibe coding" and AI-generated code's lack of judgment. We also examine Verizon’s latest Mobile Security Index, highlighting soaring mobile device attacks and the alarming rise of AI-powered threats like deepfakes and SMS phishing.

Welcome back to Cyber Scoops & Digital Shenanigans, the podcast where we break down the most critical, confusing, and sometimes hilarious moments happening in the digital security world. I’m your host, Mike Housch, and today is October 23, 2025, and we have a packed slate of high-priority vulnerabilities and a serious discussion on the risks of AI-generated code.

Segment 1: Critical BIND Cache Poisoning Flaws (Approx. 2:00)

First up, if you run DNS resolvers, listen closely. The Internet Systems Consortium, or ISC, has announced critical BIND 9 updates addressing high-severity vulnerabilities, notably focusing on cache poisoning flaws. This is crucial stuff because these flaws allow attackers to inject forged records into the cache, potentially impacting the resolution of future queries.

One of the main issues is tracked as CVE-2025-40780, carrying a CVSS score of 8.6. This weakness resides in the Pseudo Random Number Generator, or PRNG, used by the DNS server software. In certain scenarios, an attacker could predict the source port and query ID that BIND will use. By predicting these identifiers, attackers could launch spoofing attacks that result in BIND caching attacker responses, according to the ISC.

Then we have CVE-2025-40778, also rated high-severity with a CVSS score of 8.6. This bug stems from BIND being "too lenient when accepting records from answers" under specific circumstances. The outcome is the ability for attackers to inject those forged records directly into the cache.

Now, for those worried about their primary DNS infrastructure, ISC notes that all three identified flaws—which also include a denial-of-service issue tracked as CVE-2025-8677—affect resolvers but are believed to have no impact on authoritative servers. However, there is no workaround available for any of these issues, meaning you must update. ISC recommends updating as soon as possible to versions like BIND 9.18.41, 9.20.15, and 9.21.14. If you’re using a discontinued iteration, you absolutely must transition to a supported version. This is foundational security, folks. Patch your BIND resolvers immediately.

Segment 2: Lanscope Zero-Day Exploitation (Approx. 1:45)

Moving from DNS to endpoint management, we have a critical zero-day being exploited in the wild. Kyocera Communications subsidiary Motex released urgent patches for a critical-severity vulnerability in Lanscope Endpoint Manager.

This vulnerability, tracked as CVE-2025-61932, clocks in with a near-perfect CVSS score of 9.8. The issue is described as "an improper verification of source of a communication channel," allowing remote attackers to send specially crafted packets to achieve arbitrary code execution.

Motex, which is based in Japan, warned that they received reports of "unauthorized packets... from outside" in a customer environment, strongly hinting at exploitation attempts. While public details on the attacks are limited, the product is primarily used in Asia, particularly in Japan.

But this isn't just an international problem—the US cybersecurity agency CISA added CVE-2025-61932 to its Known Exploited Vulnerabilities, or KEV, list, confirming its in-the-wild abuse. CISA issued a warning that this type of vulnerability is a "frequent attack vector for malicious cyber actors" and poses significant risks. Federal agencies operating under BOD 22-01 are mandated to identify and patch vulnerable Lanscope deployments within three weeks, setting a deadline of November 12. Even if you aren't a federal agency, CISA advises all organizations to review the KEV list and apply patches or mitigations swiftly. The affected on-premises versions are 9.4.7.1 and earlier, and patched versions include several 9.3 and 9.4 releases, such as 9.4.7.3.

Segment 3: The TARmageddon RCE Flaw (Approx. 1:45)

Speaking of major flaws, let’s talk supply chain risks. Researchers have dubbed a high-severity vulnerability in the popular Rust library Async-tar as TARmageddon. This defect, CVE-2025-62518, has a CVSS score of 8.1, and it could enable attackers to achieve remote code execution (RCE).

TARmageddon is a desynchronization issue that happens during the processing of nested TAR files when there is a mismatch between the PAX and ustar headers. Essentially, if the ustar header incorrectly lists a file size of zero, the parser advances its stream position by zero bytes, failing to skip the actual file data, which could be a nested TAR archive. This allows the attacker to incorrectly interpret the inner archive’s headers as legitimate entries belonging to the outer archive.

The result is potentially devastating: successful exploitation can lead to file overwrites, allowing attackers to replace configuration files, and it can be used in supply chain attacks to hijack build backends.

Edera, the company that reported this, pointed out a massive issue: the vulnerable library, Async-tar, and its most popular fork, Tokio-tar, have been abandoned. This complicated the patching process. Tokio-tar alone has over 5 million downloads on crates.io. The story here, as Edera notes, is a common open-source tale: popular code, even in modern secure languages like Rust, can become unmaintained, exposing millions of downstream users to risk. Downstream users need to switch to patched libraries like Astral-tokio-tar version 0.5.6 or modify their TAR parsers to prioritize PAX headers and implement strict boundary checking.

Segment 4: Mobile Security and AI-Powered Threats (Approx. 2:00)

Let’s shift gears to the enterprise perimeter—or lack thereof—in the mobile world. Verizon just released their 2025 Mobile Security Index, based on a survey of nearly 800 professionals. The findings are pretty stark: 85% of organizations report seeing a surge in mobile device attacks.

But the real alarm bell is AI. More than three-quarters of organizations believe AI-assisted threats, specifically SMS phishing and deepfakes, are likely to succeed. A substantial 34% of organizations are concerned that the growing sophistication of these AI-powered attacks will significantly increase their exposure.

Yet, adoption of countermeasures is lagging. Only 17% of organizations have implemented specific security controls against AI-assisted attacks, and a minuscule 12% have deployed protections specifically against deepfake attacks.

Compounding this risk is employee behavior. Nearly all surveyed organizations said their employees are regularly using generative AI tools on mobile devices. Two-thirds of organizations are rightly concerned that employees could inadvertently provide sensitive data to these AI chatbots.

While most organizations are confident they can quickly detect misuse and recover from mobile attacks, those that did suffer incidents reported painful consequences, including downtime (47%), data loss (45%), financial penalties (40%), and reputational damage (28%). Downtime repercussions, specifically, increased to 63% from 47% the previous year.

The advice from the report is clear: boost your mobile security posture. This means implementing mobile device management (MDM) solutions, evaluating current protections against industry standards, using zero-touch mobile security solutions, and deploying continuous training and testing to combat phishing.

Segment 5: Vibe Coding and Judgment (Approx. 0:50)

Finally, let’s wrap up with the latest thinking on AI and software development, a practice now sometimes called "vibe coding". OX Research found that the primary problem with AI-generated code isn't an excessive number of bugs—the density of vulnerabilities is similar to human-written code. The real crisis, according to researchers, is a fundamental lack of good judgment.

AI turns anyone into a programmer, but without the years of experience that instill good practices, the code generated is often ineffective or counterproductive—what we call "anti-patterns". These anti-patterns include excessive commenting, a lack of the "human urge for perfection" leading to non-scalable solutions, and re-implementing things from scratch instead of using established, secure libraries. Crucially, if an anti-pattern appears once, the AI system is likely to repeat it in many other outputs.

Furthermore, vulnerabilities in vibe-produced code are reaching production at an "unprecedented speed," too fast for accepted code review processes to catch everything. The suggested solution is to stop hoping to catch issues later in review and instead embed security guidelines directly into AI workflows. Developers must shift their role from coder to architect to guide the AI correctly.

That’s it for this edition of Cyber Scoops & Digital Shenanigans. Stay safe, stay patched, and think twice before you trust that perfectly commented, AI-generated block of code. We’ll catch you next time.