Beyond Hacklore: Exploits, Insider Threats, and the Agentic AI Risk

Show Notes

Host Mike Housch dives into the latest major breaches, including 146,000 records stolen from Delta Dental of Virginia, and dissects critical zero-day exploitation confirmed by CISA. We also explore the emerging risks of Agentic AI, and hear from CISO experts aiming to retire cybersecurity myths, or "hacklore," that distract organizations from real threats.

Transcript

Mike Housch (Host): Welcome back to Cyber Scoops & Digital Shenanigans, the podcast where we break down the most crucial cybersecurity stories of the week. I’m your host, Mike Housch, and we have a jam-packed episode today, spanning massive data breaches, exploited vulnerabilities confirmed by CISA, and a fascinating new push by top security experts to eliminate outdated security advice.

Let’s start with the headline data breaches, because they hit close to home, involving personal and health information.

Segment 1: Data Breaches and Supply Chain Impact (0:00 - 4:45)

Mike Housch: Our top story involves Delta Dental of Virginia (DDVA), which is notifying roughly 146,000 people that their personal and health information was compromised in a data breach this year.

The incident, according to the notification letter DDVA submitted to the Maine Attorney General’s Office, was the compromise of an email account. The organization, which is a not-for-profit located in Roanoke, Virginia, discovered that a threat actor accessed and may have exfiltrated emails and attachments containing patient data. This occurred over a roughly month-long period, between March 21 and April 23.

The compromised data is highly sensitive, including names, Social Security numbers, government-issued ID numbers, and protected health information. DDVA’s investigation, conducted with independent cybersecurity experts, confirmed that 145,918 individuals had their information stolen. Now, DDVA has stated they have no evidence of misuse or attempted misuse of any potentially impacted information. However, for those individuals whose Social Security numbers or driver’s license information was compromised, the organization is offering 12 months of free identity protection and credit monitoring services.

Moving from health data to the enterprise supply chain, we’re seeing continued fallout from the major Oracle E-Business Suite (EBS) hacking campaign. Over 100 organizations have been named on the Cl0p ransomware website as alleged victims of this campaign.

Canon confirmed that a subsidiary was impacted. Canon told SecurityWeek that their investigation found the incident was limited only to the web server, and they quickly took security measures to resume service. Luckily, no Canon data had been leaked publicly at the time of reporting.

Unfortunately, others weren’t so lucky. Cox Enterprises confirmed that the personal information of roughly 9,500 individuals was compromised in their Oracle EBS hack. Meanwhile, Mazda confirmed impact but reported no evidence of data leakage. It's worth noting that while Cl0p is the public-facing group taking credit, the threat actor cluster tracked as FIN11 is believed to be behind these specific attacks, having conducted similar campaigns targeting other widely used enterprise products in the past.

Finally, in financial services, SitusAMC, a leading real-estate financing services provider, confirmed a data breach affecting customer information. They provide back-office functions like mortgage origination and compliance for major banks like JPMorgan Chase and Citi. SitusAMC discovered the incident on November 12, 2025. Crucially, they noted this was not a ransomware attack, and business operations were not impacted. They are working with federal law enforcement and external experts to investigate and contain the incident.

Segment 2: Vulnerability Deep Dive: Zero-Days and Dangerous Defaults (4:45 - 10:15)

Mike Housch: Next up, let’s talk vulnerabilities. If you run a federal agency, you’re already scrambling to patch an Oracle Identity Manager vulnerability added to CISA’s Known Exploited Vulnerabilities catalog.

CISA confirmed the exploitation in the wild of a recently patched Oracle Identity Manager vulnerability, tracked as CVE-2025-61757. This is a critical flaw in Oracle’s Fusion Middleware that allows an unauthenticated attacker to achieve remote code execution. It was patched back in October 2025. What makes this particularly alarming is that researchers who discovered the issue believed it may have been exploited as a zero-day before Oracle released the patch. When CISA adds a vulnerability to the KEV catalog, it means they have reliable evidence of exploitation in the wild.

Speaking of authentication issues, HashiCorp Vault users need to check their configurations immediately. A critical security flaw, CVE-2025-13357, was found in the HashiCorp Vault Terraform Provider that could allow attackers to bypass authentication and access Vault without valid credentials.

The problem lies with LDAP authentication: the provider had an incorrect default configuration, setting the deny_null_bind parameter to false. When the underlying LDAP server permits unauthenticated connections, this misconfiguration allows threat actors to authenticate to Vault without legitimate credentials, posing significant risks to organizations storing sensitive secrets and encryption keys. HashiCorp has released fixes, updating the provider to version 5.5.0, which sets deny_null_bind to true by default, and organizations using affected versions need to explicitly set this parameter immediately.

But the patching drama doesn’t stop there. We’ve also seen active exploitation of a bug in the file archive utility, 7-Zip. NHS England warned that threat actors are targeting vulnerable installations using CVE-2025-11001. This is a high-severity remote code execution bug described as a file parsing directory traversal issue.

The exploitation requires user interaction and impacts how 7-Zip converts symbolic links from Linux to Windows. If the process is running with administrative privileges—say, via a service account—an attacker can craft a ZIP file to bypass checks and write a malicious binary to a directory of their choosing, enabling arbitrary code execution. This vulnerability was patched back in July in 7-Zip version 25.00.

Finally, a major flaw discovered in Microsoft's Update Health Tools could have allowed remote code execution on vulnerable systems. Researchers found a vulnerability where the tool's older version used predictable naming patterns to connect to Azure Blob storage accounts (like payloadprod0 through payloadprod15). Researchers found that 10 of these 15 accounts were unregistered. By registering these abandoned endpoints, attackers could have served malicious JSON payloads and executed arbitrary code using the tool's "ExecuteTool" action. Microsoft has since addressed this by transferring ownership of the storage accounts and releasing version 1.1, but organizations need to verify they are running the latest version.

Segment 3: The Human Element and Retiring Hacklore (10:15 - 15:45)

Mike Housch: Now, let's pivot to the human side of security, starting with the troubling insider threat at CrowdStrike.

CrowdStrike confirmed they identified and terminated an insider last month who shared internal system screenshots with hackers. The screenshots were leaked by the group Scattered Lapsus$ Hunters on Telegram. CrowdStrike emphasized that no systems were breached, and no customer data was exposed. The company has turned the case over to law enforcement. We also learned that the group ShinyHunters claimed they offered the insider $25,000 for network access and that the insider was cut off before any major access was gained. This incident serves as a stark reminder that sometimes the weakest link is already inside the organization.

This leads us nicely into a major movement launched by dozens of chief security officers and ex-CISA officials to dispel cybersecurity myths—or "hacklore".

This group, spearheaded by former Yahoo CISO Bob Lord, launched Hacklore.org to "separate myth from reality". Their goal is to retire obsolete guidance that distracts users from real dangers. The list of outdated advice they want to bury includes common tropes like avoiding public Wi-Fi, turning off Bluetooth and near-field communication, and regularly changing passwords. They noted that regularly changing passwords often leads to weaker passwords and password reuse. They also stated there are no known in-the-wild "juice jacking" cases where devices are compromised via public USB ports.

Instead of focusing on "hacklore," the security leaders urge organizations to require phishing-resistant MFA, work toward eliminating passwords, and, critically, build resilient systems that don't fail catastrophically when people make mistakes. The advice for software manufacturers is clear: embrace Secure by Design principles, publish roadmaps to achieve flaw-free software, and commit to publishing complete and timely CVE records for vulnerabilities.

And speaking of secure design, we need to discuss the emerging security risks of Agentic AI, highlighted by Microsoft. Microsoft is rolling out an experimental ‘agent workspace’ feature in Windows 11 that allows AI agents to automate tasks. While this sounds helpful, Microsoft warns that enabling it creates risks, and only users who understand the security implications should toggle it on.

The core risk is cross-prompt injection (XPIA). This is where malicious content embedded in documents or UI elements can override the agent’s instructions, potentially leading to unauthorized actions like data exfiltration or malware installation. Microsoft stresses that these agents, just like any software, must operate under the principles of least privilege, should not have higher permissions than the initiating user, and their actions should always be containable and monitored with a tamper-evident audit log. If you deploy AI tools, experts stress the need to balance innovation with accountability, establishing strong governance, upskilling developers, and enforcing rigorous code reviews.

Segment 4: Vendor Battles and Corporate Honesty (15:45 - 20:00)

Mike Housch: To wrap up, we have two stories highlighting vendor decision-making and transparency.

First, a moment of praise for AWS. They are resurrecting a service they previously killed: Amazon CodeCommit. AWS announced the deprecation of this Git repository service in 2024, intending to stop accepting new customers. However, just before re:Invent 2025, AWS reversed course. Why the change? This wasn’t about individual developers; it was about Big-E Enterprise concerns. Customers rely on CodeCommit for deep IAM integration, CloudTrail logging, VPC endpoint support, and keeping their code inside their AWS organization’s boundaries for compliance and reduced audit surface area. What’s notable is that AWS actually apologized to customers for the migration planning they had to undertake, showing they listened to their enterprise base.

Finally, we’ve got some digital shenanigans in the AI browser space: A quarrel between SquareX and Perplexity over an alleged vulnerability in the Comet AI browser.

Browser security firm SquareX claims they found a potentially critical flaw related to the Model Context Protocol (MCP) API and hidden Agentic and Analytics extensions. SquareX warned that if an attacker compromises the extension or gains access to the perplexity.ai domain, they could abuse the MCP API to execute commands on the host device without user permission, potentially leading to ransomware deployment or data exfiltration.

Perplexity, however, strongly disputes these findings, describing the research as "fake security research". Perplexity stated that the scenario is contrived and doesn't represent an actual technology security risk, claiming that any attack would require significant human intervention or a compromised Perplexity employee. They also disputed the lack of consent claim, arguing that users must agree to install local MCPs, and subsequent commands require user confirmation. SquareX countered, arguing that their point was to demonstrate the permissions of the MCP API, and while their demonstration used a technique requiring interaction, other attack vectors like supply chain compromise would require less. Ultimately, Perplexity implemented measures to prevent the attack, which SquareX called "excellent news".

That’s all the time we have for this week’s scoop. Whether you’re defending against critical RCE flaws, managing insider risk, or deciding which "hacklore" to retire, the landscape is always shifting. Remember: adopt phishing-resistant MFA, update your 7-Zip, and always question the defaults, especially when dealing with AI agents.