June 27, 2025 • 11 mins
In this episode of 'Cybersecurity Today,' host Jim Love discusses urgent cybersecurity threats and concerns.
Cisco has issued emergency patches for two maximum severity vulnerabilities in its Identity Services Engine (ISE) that could allow complete network takeover; organizations are urged to update immediately.
A popular WordPress theme, Motors, has a critical vulnerability leading to mass exploitation and unauthorized admin account creation. A new ransomware group,
Dire Wolf, has emerged, targeting manufacturing and technology sectors with sophisticated double extortion tactics.
Lastly, an Accenture report reveals a dangerous gap between executive confidence and actual AI security preparedness, suggesting most major companies are not ready to handle AI-driven threats. The episode emphasizes the urgent need for immediate action and heightened awareness in the cybersecurity landscape.
00:00 Introduction and Headlines
00:26 Cisco's Critical Security Flaws
03:06 WordPress Theme Vulnerability Exploitation
05:57 Dire Wolf Ransomware Group Emerges
08:27 Accenture Report on AI Security Overconfidence
11:00 Conclusion and Upcoming Schedule
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
(00:00):
Cisco issues, emergency patchesfor maximum severity flaws that
allow complete network takeover.
A popular WordPress theme leads to amass attack, A new ransomware group.
Dyer Wolf is vicious and targeted.
And a new Accenture report suggeststhat companies are far too confident
about their ability to safeguard ai.
(00:22):
This is cybersecurity today.
I'm your host, Jim Love.
Cisco has released critical patches fortwo maximum severity vulnerabilities
in its identity services engine thatcould allow unauthenticated attackers
to completely compromise enterprisenetworks without any user interaction.
The flaws tracked as CVE 2025, 22 81 and CVE 20 25 22 82.
(00:48):
Both carry the maximum CVSSseverity score of 10.0.
They affect Cisco's identityservice engine ISE, and
passive identity connector.
Core network security tools used by largeenterprises, government organizations,
and universities to control networkaccess and enforce security policies.
(01:08):
CVE 2025.
2281 stems from insufficientvalidation of user supplied input
in a specific exposed API, allowingattackers to send crafted API requests
that execute arbitrary operatingsystem commands as the root user.
The vulnerability effectsISE versions 3.3 and 3.4.
(01:31):
The second flaw, CVE 20 25 22 82involves poor file validation in an
internal API, allowing files to bewritten to privilege directories.
Attackers can upload arbitraryfiles to target systems and
execute them with root privileges.
This vulnerabilityaffects only version 3.4.
(01:53):
Both vulnerabilities require noauthentication and no user interaction,
making them exceptionally dangerous.
For the network infrastructure components,they target the two flaws impacting it
could enable complete compromise and fullremote takeover of the target device.
Cisco reported it's not aware of anycases of active exploitation for the two
(02:14):
flaws, but emphasized that installingupdates should be prioritized immediately.
The company provided no workaroundsmaking patching the only defense.
Organizations should upgrade to ISE3.3, patch six, or 3.4 patch two.
Immediately the vulnerabilities werediscovered by security researchers, Bobby
(02:35):
Gould of Trend Micro Zero Day Initiative,and Kentaro Kwani of GMO Cybersecurity.
These flaws add to growing concernsabout Cisco ISE security following.
Multiple critical vulnerabilitiespatched throughout 2025, including
cloud deployment, credential sharingissues and authentication bypass flaws.
(02:55):
For organizations using ISE as theirnetwork access control backbone, these
vulnerabilities represent an existentialthreat requiring immediate action.
A critical vulnerability in one ofWordPress's most popular premium themes
has triggered a mass exploitationcampaign with attackers successfully
hijacking administrator accounts acrossthousands of automotive websites.
(03:19):
The motors theme developed bystyle mix themes with nearly
22,500 sales contains a privilegeescalation flaw tracked as CVE 2025.
4322. That allows unauthenticatedattackers to reset any user's
password, including administrators.
(03:41):
Wordfence explained this is due to thetheme, not properly validating a user's
identity prior to updating their password.
This makes it possible for unauthenticatedattackers to change arbitrary
user passwords, including those ofadministrators, and leverage that.
To gain access to their account.
The vulnerability was discoveredon May 2nd and Patched in version,
(04:03):
5.6 0.68 on May 14th, but manysite owners have failed to update.
By June 7th, researchers observed thestart of widespread attacks with Word
Fence blocking over 23,000 exploitationattempts since mass attacks began.
The attacks follow a predictable pattern.
(04:23):
Hackers reset.
Administrator passwords,log into WordPress.
Dashboards create new adminaccounts for persistence.
And then site owners might find themselveslocked out of their own websites
when their passwords no longer work.
One obvious sign of infection isif a site administrator is unable
to log in with the correct passwordas it may have been changed.
(04:44):
As a result of this vulnerability,researchers have warranted.
the campaign highlights, a fundamentalWordPress security challenge.
Themes are central to websitefunctionality and cannot be
easily disabled during attacks.
Unlike plugins that can betemporarily deactivated,
compromised themes require immediatepatching to stop ongoing attacks.
(05:08):
Wordfence has identified multipleIP addresses, launching thousands of
attack attempts with attackers targetingcommon URL paths like slash reset,
password slash account, and slash signin across vulnerable installations.
The timing of attacks beginningjust days after public disclosure
demonstrates how quickly cyber criminalscapitalize on disclosed vulnerabilities.
(05:32):
Despite the patch being availablefor weeks, the mass exploitation
suggests many WordPress site ownersremain unaware of the critical update.
Site owners using motors themes, versionsup to 5.6 0.67 should immediately update
to version 5.6 0.68, and check forunauthorized admin accounts that attackers
(05:53):
may have created for persistent access.
A newly discovered ransomware group calledDire Wolf has rapidly claimed 16 victims
across 11 countries in just one month.
Targeting manufacturingand technology sectors with
sophisticated double extortiontactics and custom built attacks.
(06:14):
Trustwave Spider Labs researchersrevealed that Dire Wolf emerged in
May, 2025 and has already establisheda menacing presence with the highest
attack concentrations hitting theUnited States, Thailand, and Taiwan.
The group operates with a calculated onemonth timeline for ransomware payments
before releasing stolen data Trust waves.
(06:36):
Nathaniel Morales explained.
We observed that the threat actorsinitially publish sample data and
a list of exfiltrated files, thengive the victims one month to pay
before releasing all the stolen data.
one victim so far has faced a ransomdemand of approximately $500,000.
Five of the 16 victims listed on DireWolf's leak site have already deed a
(07:00):
scheduled for release by the end of June,presumably because they've refused to pay.
The group's ransomware demonstratessophisticated technical capabilities
written in Golang for cross-platformportability and antivirus evasion.
Dire Wolf first checks to see ifsystems are already encrypted before
proceeding with their attacks.
(07:22):
once activated the malwaresystematically disabled windows event
logging and terminates processesthat could hinder its execution.
It then destroys system recovery optionsthrough Windows commands before encrypting
files using Curve 25, 5 1 9, and Chacha 20algorithms appending dire wolf extensions.
(07:43):
What sets Dire Wolf apart is itshighly personalized approach.
Each ransom note contains a hardcodedroom ID with login access, unique
to the targeted organization,along with credentials for direct
negotiation through live chat rooms.
The group also provides gofi.iolinks as proof of data exfiltration.
This strongly suggests that DireWolf conducts targeted attacks
(08:05):
utilizing tailored encrypts andpersonalized negotiation channels
specific to their victims.
despite recent disruptions to majorgroups like Lock Bit and Ghost Dire
Wolf's, rapid Success demonstrates thatno matter how fast you get rid of groups,
there are always new threat actorswaiting in the wings to take their place.
(08:27):
A stark disconnect between executiveconfidence and actual cybersecurity
preparedness has emerged in a newresearch report revealing that nine
out of 10 major companies lack thesecurity standards needed to defend
the AI driven threats they're about toface, but many are far too confident.
That they can meet those threats.
(08:48):
Accenture surveyed 2,286 security andtechnology executives at companies
with more than 1 billion in annualrevenue, and then they analyzed the
company's actual security practices.
The results expose a dangerousgap between perception and
reality in corporate AI security.
Only 36% of executives admitted that AIis outpacing their security capabilities.
(09:13):
These numbers suggest some degreeof confidence by most leaders in
their handling of AI security.
But Accenture's independentanalysis tells a different story.
The firm estimates that 90% of thosesame companies actually lack the
security standards they need to defendagainst present day AI driven threats.
(09:36):
The results of this study should bedisappointing for anyone who's trying
to have a reasoned discussion in theircompany about the crisis in AI security.
AI powered attacks are acceleratingrapidly, and listeners to this
program will have heard numerous,credible reports of weaknesses in
inherent and current AI models.
And the findings suggests that whileexecutives are focusing on deploying
(09:58):
AI for business advantages, which isa good thing, we know that they're
underestimating the sophisticatedsecurity infrastructure required to
protect against AI enhanced attacks.
This gap between confidence andcapability could leave organizations
vulnerable to threats theydon't realize they can't handle.
(10:19):
For companies rushing to implementAI solutions, the message is clear.
Perception isn't protection,
And most organizations needto dramatically upgrade their
security standards to matchthe AI driven threat landscape.
there's a link to the Accenturestudy in the show notes on our
site@technewsday.ca or.com.
(10:39):
coincidentally this weekend we havea guest from Accenture, Canada, the
head of their data and AI practice.
While the subject isn't cybersecurity,it's an interesting background because
if this report is right on what I'llcall the false confidence of executives,
we're gonna need to have some frankand knowledgeable discussions.
and the more we knowthe better off we are.
(11:00):
David Shipley will be back on Monday.
We'll be taking the holiday this week,and I'll be traveling, so we won't
have a show on Wednesday for sure,but possibly not on Friday either.
we'll be back the week after that.
Enjoy your holidays.
I'm your host, Jim Love.
Thanks for listening.
Cisco issues, emergency patchesfor maximum severity flaws that
allow complete network takeover.
A popular WordPress theme leads to amass attack, A new ransomware group.
Dyer Wolf is vicious and targeted.
And a new Accenture report suggeststhat companies are far too confident
about their ability to safeguard ai.
(00:22):
This is cybersecurity today.
I'm your host, Jim Love.
Cisco has released critical patches fortwo maximum severity vulnerabilities
in its identity services engine thatcould allow unauthenticated attackers
to completely compromise enterprisenetworks without any user interaction.
The flaws tracked as CVE 2025, 22 81 and CVE 20 25 22 82.
(00:48):
Both carry the maximum CVSSseverity score of 10.0.
They affect Cisco's identityservice engine ISE, and
passive identity connector.
Core network security tools used by largeenterprises, government organizations,
and universities to control networkaccess and enforce security policies.
(01:08):
CVE 2025.
2281 stems from insufficientvalidation of user supplied input
in a specific exposed API, allowingattackers to send crafted API requests
that execute arbitrary operatingsystem commands as the root user.
The vulnerability effectsISE versions 3.3 and 3.4.
(01:31):
The second flaw, CVE 20 25 22 82involves poor file validation in an
internal API, allowing files to bewritten to privilege directories.
Attackers can upload arbitraryfiles to target systems and
execute them with root privileges.
This vulnerabilityaffects only version 3.4.
(01:53):
Both vulnerabilities require noauthentication and no user interaction,
making them exceptionally dangerous.
For the network infrastructure components,they target the two flaws impacting it
could enable complete compromise and fullremote takeover of the target device.
Cisco reported it's not aware of anycases of active exploitation for the two
(02:14):
flaws, but emphasized that installingupdates should be prioritized immediately.
The company provided no workaroundsmaking patching the only defense.
Organizations should upgrade to ISE3.3, patch six, or 3.4 patch two.
Immediately the vulnerabilities werediscovered by security researchers, Bobby
(02:35):
Gould of Trend Micro Zero Day Initiative,and Kentaro Kwani of GMO Cybersecurity.
These flaws add to growing concernsabout Cisco ISE security following.
Multiple critical vulnerabilitiespatched throughout 2025, including
cloud deployment, credential sharingissues and authentication bypass flaws.
(02:55):
For organizations using ISE as theirnetwork access control backbone, these
vulnerabilities represent an existentialthreat requiring immediate action.
A critical vulnerability in one ofWordPress's most popular premium themes
has triggered a mass exploitationcampaign with attackers successfully
hijacking administrator accounts acrossthousands of automotive websites.
(03:19):
The motors theme developed bystyle mix themes with nearly
22,500 sales contains a privilegeescalation flaw tracked as CVE 2025.
4322. That allows unauthenticatedattackers to reset any user's
password, including administrators.
(03:41):
Wordfence explained this is due to thetheme, not properly validating a user's
identity prior to updating their password.
This makes it possible for unauthenticatedattackers to change arbitrary
user passwords, including those ofadministrators, and leverage that.
To gain access to their account.
The vulnerability was discoveredon May 2nd and Patched in version,
(04:03):
5.6 0.68 on May 14th, but manysite owners have failed to update.
By June 7th, researchers observed thestart of widespread attacks with Word
Fence blocking over 23,000 exploitationattempts since mass attacks began.
The attacks follow a predictable pattern.
(04:23):
Hackers reset.
Administrator passwords,log into WordPress.
Dashboards create new adminaccounts for persistence.
And then site owners might find themselveslocked out of their own websites
when their passwords no longer work.
One obvious sign of infection isif a site administrator is unable
to log in with the correct passwordas it may have been changed.
(04:44):
As a result of this vulnerability,researchers have warranted.
the campaign highlights, a fundamentalWordPress security challenge.
Themes are central to websitefunctionality and cannot be
easily disabled during attacks.
Unlike plugins that can betemporarily deactivated,
compromised themes require immediatepatching to stop ongoing attacks.
(05:08):
Wordfence has identified multipleIP addresses, launching thousands of
attack attempts with attackers targetingcommon URL paths like slash reset,
password slash account, and slash signin across vulnerable installations.
The timing of attacks beginningjust days after public disclosure
demonstrates how quickly cyber criminalscapitalize on disclosed vulnerabilities.
(05:32):
Despite the patch being availablefor weeks, the mass exploitation
suggests many WordPress site ownersremain unaware of the critical update.
Site owners using motors themes, versionsup to 5.6 0.67 should immediately update
to version 5.6 0.68, and check forunauthorized admin accounts that attackers
(05:53):
may have created for persistent access.
A newly discovered ransomware group calledDire Wolf has rapidly claimed 16 victims
across 11 countries in just one month.
Targeting manufacturingand technology sectors with
sophisticated double extortiontactics and custom built attacks.
(06:14):
Trustwave Spider Labs researchersrevealed that Dire Wolf emerged in
May, 2025 and has already establisheda menacing presence with the highest
attack concentrations hitting theUnited States, Thailand, and Taiwan.
The group operates with a calculated onemonth timeline for ransomware payments
before releasing stolen data Trust waves.
(06:36):
Nathaniel Morales explained.
We observed that the threat actorsinitially publish sample data and
a list of exfiltrated files, thengive the victims one month to pay
before releasing all the stolen data.
one victim so far has faced a ransomdemand of approximately $500,000.
Five of the 16 victims listed on DireWolf's leak site have already deed a
(07:00):
scheduled for release by the end of June,presumably because they've refused to pay.
The group's ransomware demonstratessophisticated technical capabilities
written in Golang for cross-platformportability and antivirus evasion.
Dire Wolf first checks to see ifsystems are already encrypted before
proceeding with their attacks.
(07:22):
once activated the malwaresystematically disabled windows event
logging and terminates processesthat could hinder its execution.
It then destroys system recovery optionsthrough Windows commands before encrypting
files using Curve 25, 5 1 9, and Chacha 20algorithms appending dire wolf extensions.
(07:43):
What sets Dire Wolf apart is itshighly personalized approach.
Each ransom note contains a hardcodedroom ID with login access, unique
to the targeted organization,along with credentials for direct
negotiation through live chat rooms.
The group also provides gofi.iolinks as proof of data exfiltration.
This strongly suggests that DireWolf conducts targeted attacks
(08:05):
utilizing tailored encrypts andpersonalized negotiation channels
specific to their victims.
despite recent disruptions to majorgroups like Lock Bit and Ghost Dire
Wolf's, rapid Success demonstrates thatno matter how fast you get rid of groups,
there are always new threat actorswaiting in the wings to take their place.
(08:27):
A stark disconnect between executiveconfidence and actual cybersecurity
preparedness has emerged in a newresearch report revealing that nine
out of 10 major companies lack thesecurity standards needed to defend
the AI driven threats they're about toface, but many are far too confident.
That they can meet those threats.
(08:48):
Accenture surveyed 2,286 security andtechnology executives at companies
with more than 1 billion in annualrevenue, and then they analyzed the
company's actual security practices.
The results expose a dangerousgap between perception and
reality in corporate AI security.
Only 36% of executives admitted that AIis outpacing their security capabilities.
(09:13):
These numbers suggest some degreeof confidence by most leaders in
their handling of AI security.
But Accenture's independentanalysis tells a different story.
The firm estimates that 90% of thosesame companies actually lack the
security standards they need to defendagainst present day AI driven threats.
(09:36):
The results of this study should bedisappointing for anyone who's trying
to have a reasoned discussion in theircompany about the crisis in AI security.
AI powered attacks are acceleratingrapidly, and listeners to this
program will have heard numerous,credible reports of weaknesses in
inherent and current AI models.
And the findings suggests that whileexecutives are focusing on deploying
(09:58):
AI for business advantages, which isa good thing, we know that they're
underestimating the sophisticatedsecurity infrastructure required to
protect against AI enhanced attacks.
This gap between confidence andcapability could leave organizations
vulnerable to threats theydon't realize they can't handle.
(10:19):
For companies rushing to implementAI solutions, the message is clear.
Perception isn't protection,
And most organizations needto dramatically upgrade their
security standards to matchthe AI driven threat landscape.
there's a link to the Accenturestudy in the show notes on our
site@technewsday.ca or.com.
(10:39):
coincidentally this weekend we havea guest from Accenture, Canada, the
head of their data and AI practice.
While the subject isn't cybersecurity,it's an interesting background because
if this report is right on what I'llcall the false confidence of executives,
we're gonna need to have some frankand knowledgeable discussions.
and the more we knowthe better off we are.
(11:00):
David Shipley will be back on Monday.
We'll be taking the holiday this week,and I'll be traveling, so we won't
have a show on Wednesday for sure,but possibly not on Friday either.
we'll be back the week after that.
Enjoy your holidays.
I'm your host, Jim Love.
Thanks for listening.
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
The Joe Rogan Experience
The official podcast of comedian Joe Rogan.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Special Summer Offer: Exclusively on Apple Podcasts, try our Dateline Premium subscription completely free for one month! With Dateline Premium, you get every episode ad-free plus exclusive bonus content.