September 2, 2025 • 10 mins
Cybersecurity Today: Major Attacks on NX Build System, Sitecore, and Salesforce
In this episode, David Shipley covers a string of significant cybersecurity breaches and vulnerabilities. Highlights include a compromise of the NX build system affecting over 1000 developers, remote code execution flaws in Sitecore's experience platform, and escalating Salesforce data theft attacks. The episode underscores the amplified risk introduced by AI in development, emphasizes the need for stringent security practices, and highlights sophisticated attacks by nation-state actors and criminal groups. Practical advice given includes the importance of patching systems, securing integrations, and educating teams on evolving threats.
00:00 Introduction and Headlines
00:28 NX Build System Compromise
01:54 AI-Driven Development Risks
04:25 Sitecore Vulnerabilities
05:36 Nation-State Threats
07:00 Salesforce Data Theft Campaign
09:51 Conclusion and Sign-Off
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
(00:00):
Nearly half of employeeshide their AI use.
According to a study, AI bots maybe killing the internet, and if
Microsoft's update didn't killSSDs, what did finally Meta may be
quietly scanning all your pictures.
Even the ones you didn't share withit, Welcome to Hashtag Trending.
(00:22):
I'm your host, Jim Love.
Let's get into it.
nearly half of employees, 48% saidthey hide their use of artificial
intelligence at work to avoid judgment.
According to the 2025 AI and the WorkplaceSurvey by WalkMe an SAP company, the
research highlights a growing culturaland training gap around AI adoption
(00:45):
and what some are calling AI Shame.
The survey found that 62% of workersadmitted to using AI but passing the
results off as their own executivesand Gen Z employees were among the
most likely groups to bring AI intotheir daily work, but they were
also among the least supported byformal training or company guidance.
(01:09):
Gen Z in particular showedcontradictory attitudes.
while the group reports some of thehighest adoption rates, many also
display resistance and discomfort.
Over half, 55% said they had pretendedto understand AI in meetings, and 65%
reported that using AI actually slowedthem down compared to manual work.
(01:35):
Other findings pointto broader challenges.
Although 80% of respondents say AI hasthe potential to improve productivity,
59% reported that it actually takeslonger to use than doing tasks manually.
Anxiety levels were also high,particularly among younger
workers with many saying they feltincreased pressure to produce more.
(02:00):
Once AI tools were introducedacross all groups, nearly 90%
said they wanted more training tofeel confident using AI at work.
But according to that same report, only7.5% receive any in-depth training.
cloudFlare says about 30% of globalweb traffic now comes from bots.
(02:24):
That's not news.
For some time now, bot traffichas been growing on the internet.
In fact, many think that Cloudflare'sestimate is quite conservative and
is just the number of bots they canprecisely identify Other sources
like Stata and Imperva report thatbot traffic could be as much as 50%.
(02:46):
All of them agree that in manycases, bots outnumber humans.
A new report from Fastly Q2 2025 ThreatInsights shows that an increasing
number of these bots are coming fromAI systems for training and for search.
And of that AI crawlers for training AIaccount for nearly 80% of AI bot traffic.
(03:13):
Meta's bots, were generating 52% ofcrawler activity ahead of Google,
which is 23%, and open AI at 20%.
When it comes to real time fetcherrequests, the ones that pull page
content to answer user prompts, open AIaccounts for about 98% of the traffic.
(03:35):
Now, a lot of people are calling theseAI crawlers strip miners because they
make tens of thousands of requestsfor information for every one actual
referral back to a source publisher.
In other words, they use a lot ofresources, but return very little user
traffic or value in return for themost popular sites, particularly those
(03:57):
that contain a great deal of factualinformation, this can be a virtual
assault on the systems forcing them toupgrade in order to keep their site's
performance at an acceptable level.
It's well known in website design thatusers will abandon a site if it takes
more than three seconds to load withthe numbers of abandonments increasing
rapidly with every second of delay.
(04:20):
As a result, some sites are tryingto find strategies to keep the
bots from scraping their sites.
They routinely ignore robots, text,and other directives resulting in the
need for new ways to block access.
You can see some of theseas you browse the internet.
They range from simply blocking whatmight be traffic to paywalls requirements
(04:41):
to sign in before reading and otherstrategies, all of which creates friction.
And reduces the user experience.
CloudFlare has rolled out permission-basedcontrols, including pay per crawl options
to let sites block AI bots by defaultor charge for access, but no matter what
(05:02):
barrier sites put up, these AI bots getbetter and better at defeating them.
so for the near future, look for anincreasing arms race in the newest area of
conflict between publishers and AI firms.
Recently a number of new sites andpodcasts including ours, reported
(05:22):
that a recent Microsoft update hadcaused issues including lost data,
and even the failure of SSD drives.
Microsoft is now stating that they'veconducted an internal review and
found no link between their AugustWindows 11 update and these SSD
failures, their telemetry data,didn't identify any increase in disc
(05:45):
failures or corruption rates despiteonline reports suggesting otherwise.
The biggest SSD controller MakerFon reached a similar conclusion.
The company conducted an exhaustedinvestigation, logging more than 4,500
hours of testing at over 2200 testcycles across a wide range of drives.
(06:08):
In these tests, engineers wereunable to reproduce the failures
and noted no problems reported bytheir OEM partners or customers.
Fon also confirmed that a documentcirculating online listings of
affected models was fabricated,that leaves the reports themselves.
Users claimed drives disappearedunder heavy workloads, particularly
(06:31):
when writing or extracting largefiles, or nearly full SSDs.
In some cases, drives would reappearafter a reboot, while in others
they were permanently bricked.
Failures were noted across differentbrands and controller types suggesting no
single vendor or update is responsible.
So the result is now officially a mystery.
(06:54):
Both Microsoft and Fon have cleared theirtechnology according to their testing,
yet scattered user accounts still persist.
So it's possible the cause may lie inedge cases of firmware bugs, coincidental
hardware failures, or stress conditions onolder drives until more evidence emerges.
(07:14):
Experts are recommending caution withlarge right loads, keeping firmware
and operating systems current, and ofcourse maintaining regular backups.
Meta has introduced a feature in theFacebook mobile app that it claims
can personalize your experienceusing pictures from your camera roll.
(07:35):
While they don't explicitly say they'redoing it, reports have emerged that
Meta might be doing this by scanningyour phone's Camera roll, including
photos you've never posted to generatealbums, collages, or story recaps.
Meta says the tool is designed topersonalize your experience, but
surprisingly many users, includingyours, truly report they've never
(07:57):
enabled it, which raises some concernsabout transparency and consent.
The option we're talking about appearsunder camera roll, sharing suggestions in
the Facebook app setting with two toggles.
One for custom sharing suggestions fromyour camera roll, and another for get
(08:18):
camera roll suggestions while you'rebrowsing Facebook, apparently if either
toggle is active, it would appear thatMeta can analyze your photos, dates,
and metadata to surface content.
Importantly, this is onlycontrolled on your phone.
It's not available from the desktop site.
(08:40):
Meta insists that the feature isn't usedfor advertising, but critics point out
that scanning private photos withoutclear opt-in is already crossing the line
between convenience and surveillance.
And users once again, including yours,truly have reported that this is
automatically switched on, or at leastthey never remember activating it.
(09:02):
In my particular case, I'mnot really a Facebook person.
I know I didn't activate this.
So if you want to turn it off, openthe Facebook app on your phone, go to
settings and privacy settings, camera rollsuggestions, and toggle off both options.
It took me a bit of time to figure out,I confess that I'm not much of a Facebook
(09:25):
guy, but I found a short YouTube tutorial,and I'll post that in the show notes.
You can find them@technewsday.com or.caunder podcasts, and that's our show
word is getting out about our podcast.
Thanks for your support.
Please keep it up, share itwith people, post reviews.
(09:45):
All this helps, and we'd love tohear from you on ways we can make
the show better or more relevant.
In particular, we did a longer showthis weekend that walked through a lot
of new developments in AI software.
Let us know if this type ofshow is of interest or what
you wanna see more or less of.
And in this day after Labor Day, whichis really the start of Back to School
(10:10):
and the working year, welcome back.
I'm your host, Jim Lovewishing you a terrific Tuesday.
Nearly half of employeeshide their AI use.
According to a study, AI bots maybe killing the internet, and if
Microsoft's update didn't killSSDs, what did finally Meta may be
quietly scanning all your pictures.
Even the ones you didn't share withit, Welcome to Hashtag Trending.
(00:22):
I'm your host, Jim Love.
Let's get into it.
nearly half of employees, 48% saidthey hide their use of artificial
intelligence at work to avoid judgment.
According to the 2025 AI and the WorkplaceSurvey by WalkMe an SAP company, the
research highlights a growing culturaland training gap around AI adoption
(00:45):
and what some are calling AI Shame.
The survey found that 62% of workersadmitted to using AI but passing the
results off as their own executivesand Gen Z employees were among the
most likely groups to bring AI intotheir daily work, but they were
also among the least supported byformal training or company guidance.
(01:09):
Gen Z in particular showedcontradictory attitudes.
while the group reports some of thehighest adoption rates, many also
display resistance and discomfort.
Over half, 55% said they had pretendedto understand AI in meetings, and 65%
reported that using AI actually slowedthem down compared to manual work.
(01:35):
Other findings pointto broader challenges.
Although 80% of respondents say AI hasthe potential to improve productivity,
59% reported that it actually takeslonger to use than doing tasks manually.
Anxiety levels were also high,particularly among younger
workers with many saying they feltincreased pressure to produce more.
(02:00):
Once AI tools were introducedacross all groups, nearly 90%
said they wanted more training tofeel confident using AI at work.
But according to that same report, only7.5% receive any in-depth training.
cloudFlare says about 30% of globalweb traffic now comes from bots.
(02:24):
That's not news.
For some time now, bot traffichas been growing on the internet.
In fact, many think that Cloudflare'sestimate is quite conservative and
is just the number of bots they canprecisely identify Other sources
like Stata and Imperva report thatbot traffic could be as much as 50%.
(02:46):
All of them agree that in manycases, bots outnumber humans.
A new report from Fastly Q2 2025 ThreatInsights shows that an increasing
number of these bots are coming fromAI systems for training and for search.
And of that AI crawlers for training AIaccount for nearly 80% of AI bot traffic.
(03:13):
Meta's bots, were generating 52% ofcrawler activity ahead of Google,
which is 23%, and open AI at 20%.
When it comes to real time fetcherrequests, the ones that pull page
content to answer user prompts, open AIaccounts for about 98% of the traffic.
(03:35):
Now, a lot of people are calling theseAI crawlers strip miners because they
make tens of thousands of requestsfor information for every one actual
referral back to a source publisher.
In other words, they use a lot ofresources, but return very little user
traffic or value in return for themost popular sites, particularly those
(03:57):
that contain a great deal of factualinformation, this can be a virtual
assault on the systems forcing them toupgrade in order to keep their site's
performance at an acceptable level.
It's well known in website design thatusers will abandon a site if it takes
more than three seconds to load withthe numbers of abandonments increasing
rapidly with every second of delay.
(04:20):
As a result, some sites are tryingto find strategies to keep the
bots from scraping their sites.
They routinely ignore robots, text,and other directives resulting in the
need for new ways to block access.
You can see some of theseas you browse the internet.
They range from simply blocking whatmight be traffic to paywalls requirements
(04:41):
to sign in before reading and otherstrategies, all of which creates friction.
And reduces the user experience.
CloudFlare has rolled out permission-basedcontrols, including pay per crawl options
to let sites block AI bots by defaultor charge for access, but no matter what
(05:02):
barrier sites put up, these AI bots getbetter and better at defeating them.
so for the near future, look for anincreasing arms race in the newest area of
conflict between publishers and AI firms.
Recently a number of new sites andpodcasts including ours, reported
(05:22):
that a recent Microsoft update hadcaused issues including lost data,
and even the failure of SSD drives.
Microsoft is now stating that they'veconducted an internal review and
found no link between their AugustWindows 11 update and these SSD
failures, their telemetry data,didn't identify any increase in disc
(05:45):
failures or corruption rates despiteonline reports suggesting otherwise.
The biggest SSD controller MakerFon reached a similar conclusion.
The company conducted an exhaustedinvestigation, logging more than 4,500
hours of testing at over 2200 testcycles across a wide range of drives.
(06:08):
In these tests, engineers wereunable to reproduce the failures
and noted no problems reported bytheir OEM partners or customers.
Fon also confirmed that a documentcirculating online listings of
affected models was fabricated,that leaves the reports themselves.
Users claimed drives disappearedunder heavy workloads, particularly
(06:31):
when writing or extracting largefiles, or nearly full SSDs.
In some cases, drives would reappearafter a reboot, while in others
they were permanently bricked.
Failures were noted across differentbrands and controller types suggesting no
single vendor or update is responsible.
So the result is now officially a mystery.
(06:54):
Both Microsoft and Fon have cleared theirtechnology according to their testing,
yet scattered user accounts still persist.
So it's possible the cause may lie inedge cases of firmware bugs, coincidental
hardware failures, or stress conditions onolder drives until more evidence emerges.
(07:14):
Experts are recommending caution withlarge right loads, keeping firmware
and operating systems current, and ofcourse maintaining regular backups.
Meta has introduced a feature in theFacebook mobile app that it claims
can personalize your experienceusing pictures from your camera roll.
(07:35):
While they don't explicitly say they'redoing it, reports have emerged that
Meta might be doing this by scanningyour phone's Camera roll, including
photos you've never posted to generatealbums, collages, or story recaps.
Meta says the tool is designed topersonalize your experience, but
surprisingly many users, includingyours, truly report they've never
(07:57):
enabled it, which raises some concernsabout transparency and consent.
The option we're talking about appearsunder camera roll, sharing suggestions in
the Facebook app setting with two toggles.
One for custom sharing suggestions fromyour camera roll, and another for get
(08:18):
camera roll suggestions while you'rebrowsing Facebook, apparently if either
toggle is active, it would appear thatMeta can analyze your photos, dates,
and metadata to surface content.
Importantly, this is onlycontrolled on your phone.
It's not available from the desktop site.
(08:40):
Meta insists that the feature isn't usedfor advertising, but critics point out
that scanning private photos withoutclear opt-in is already crossing the line
between convenience and surveillance.
And users once again, including yours,truly have reported that this is
automatically switched on, or at leastthey never remember activating it.
(09:02):
In my particular case, I'mnot really a Facebook person.
I know I didn't activate this.
So if you want to turn it off, openthe Facebook app on your phone, go to
settings and privacy settings, camera rollsuggestions, and toggle off both options.
It took me a bit of time to figure out,I confess that I'm not much of a Facebook
(09:25):
guy, but I found a short YouTube tutorial,and I'll post that in the show notes.
You can find them@technewsday.com or.caunder podcasts, and that's our show
word is getting out about our podcast.
Thanks for your support.
Please keep it up, share itwith people, post reviews.
(09:45):
All this helps, and we'd love tohear from you on ways we can make
the show better or more relevant.
In particular, we did a longer showthis weekend that walked through a lot
of new developments in AI software.
Let us know if this type ofshow is of interest or what
you wanna see more or less of.
And in this day after Labor Day, whichis really the start of Back to School
(10:10):
and the working year, welcome back.
I'm your host, Jim Lovewishing you a terrific Tuesday.
Popular Podcasts
24/7 News: The Latest
The latest news in 4 minutes updated every hour, every day.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
The Clay Travis and Buck Sexton Show
The Clay Travis and Buck Sexton Show. Clay Travis and Buck Sexton tackle the biggest stories in news, politics and current events with intelligence and humor. From the border crisis, to the madness of cancel culture and far-left missteps, Clay and Buck guide listeners through the latest headlines and hot topics with fun and entertaining conversations and opinions.