Cybersecurity Headlines – September 5, 2025

Host: Steve Prentiss
Main Theme:
A fast-paced roundup of major cybersecurity news stories, ranging from regulatory fines in the EU to technology sector data breaches and M&A developments. Each item highlights evolving risks, new enforcement actions, industry trends, and corporate responses in the global security landscape.

Key Stories and Insights

1. Major Cookie Fines in France: Google and Shein Penalized

• Summary:
  The French data protection regulator (CNIL) has fined Google $379 million and online retailer Shein $175 million for violating cookie rules and setting advertising cookies without user consent.
  • Google was further cited for email-based advertisements in Gmail's "Promotions" and "Social" tabs, a practice requiring explicit user opt-in under French law.
  • Shein, based in China, was noted as a repeat offender in data privacy news.
• Notable Quote:

  “Set advertising cookies on users' browsers without securing their consent.”
  —CNIL, cited by Steve Prentiss (00:24)

• Timestamps:
  • CNIL fines and context: 00:06–01:07

2. CISA Expands List of TP-Link Vulnerabilities

• Summary:
  The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two more TP-Link router vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog due to evidence of exploitation.
  • The vulnerabilities affect out-of-support routers, underscoring the risk of outdated hardware.
  • TP-Link issued firmware updates as far back as November of the previous year.
• Timestamps:
  • CISA bulletin explained: 01:08–01:41

3. Historic Takedown of Stream East, the Largest Sports Piracy Site

• Summary:
  Global policing efforts, led by the Alliance for Creativity and Entertainment, shut down Stream East—cited as the world’s largest source of illegal live sports streams, visited 1.6 billion times over the past year.
  • Egyptian police arrested two individuals, seized laptops, and uncovered money laundering connections through a UAE shell company involving £4 million in advertising revenue and £150,000 in cryptocurrency.
• Timestamps:
  • Site takedown details: 01:42–02:31

4. SAP's 20 Billion Euro Bet on Sovereign Cloud Infrastructure

• Summary:
  SAP announced a decade-long €20 billion investment to expand sovereign cloud in Europe, aiming to provide compliant, secure alternatives to U.S. cloud providers—particularly for public sector and regulated customers.
  • Reports of internal disagreement surfaced, with CEO Christian Klein favoring AI investments over cloud infrastructure expansion.
• Timestamps:
  • Investment news and debate: 02:32–03:12

5. US Cyber Programs: House Panel Pushes for Extension

• Summary:
  The House Homeland Security Committee overwhelmingly approved extensions for two vital cybersecurity programs:
  • 10-year reauthorization of CISA’s Information Sharing Act.
  • Ongoing funding of the State and Local Cybersecurity Grant program.
  • These programs strengthen threat intelligence sharing and bolster local cyber defenses.
  • Lawmakers face a looming September 30 expiration deadline.
• Timestamps:
  • Legislative votes and implications: 03:55–04:50

6. FTC Action: Toymaker Apitor Punished for Child Data Mishandling

• Summary:
  U.S. DOJ, prompted by FTC findings, filed a complaint against Chinese toymaker Apitor for allowing a third party to collect children’s geolocation data via their toy companion app, violating COPPA laws.
  • Apitor misrepresented compliance in its privacy policy and required Android users to enable location sharing.
• Timestamps:
  • Case details and consumer impact: 04:51–05:38

7. Atlassian Acquires The Browser Company

• Summary:
  Atlassian is acquiring The Browser Company—the maker of Arc and the AI-powered DIa browsers—for $610 million in cash.
  • CEO Mike Cannon-Brookes described plans for an "AI-powered browser optimized for the many SaaS applications living in tabs."
  • The acquired company will operate independently but gain from increased resources.
• Notable Quote:

  "[An] AI-powered browser optimized for the many SaaS applications living in tabs, one that knowledge workers will love to use every day."
  —Mike Cannon-Brookes, Atlassian CEO (05:52)

• Timestamps:
  • Acquisition announcement and product vision: 05:39–06:26

8. Workiva Data Breach Linked to Salesforce, Shiny Hunters

• Summary:
  SaaS provider Workiva disclosed a data breach stemming from compromise of a third-party CRM (Salesforce), with threat actors stealing business contact information from high-profile corporate customers.
  • The breach is linked to the Shiny Hunters group and is part of a broader wave targeting Salesforce customers.
• Notable Quote:

  “Bleeping Computer has learnt that this incident was part of the recent wave of Salesforce data breaches linked to the Shiny Hunters extortion group.”
  —Steve Prentiss (06:59)

• Timestamps:
  • Breach facts: 06:27–07:26

Memorable Moments & Tone

• The episode maintained a focused, brisk, matter-of-fact delivery.
• Stories were concise, but rich in regulatory, technical, and threat context.
• The Atlassian soundbite and the description of the international sports piracy takedown stood out for their detail and narrative flair.

Segment Timestamps Overview

• [00:06] - Headlines and Host Introduction
• [00:07] - France fines Google and Shein
• [01:08] - CISA TP-Link router vulnerabilities
• [01:42] - Stream East piracy site takedown
• [02:32] - SAP cloud investment
• [03:55] - US cyber security legislation votes
• [04:51] - Apitor/FTC privacy violation
• [05:39] - Atlassian acquires The Browser Company
• [06:27] - Workiva/Salesforce data breach

For Further Info

• Full text stories available at cisoseries.com for more depth on each topic.
• Announcements of interactive livestreams for deeper discussions on AI security and the week's cybersecurity headlines.