France cookie fines, CISA TP-Link KEV, sports piracy takedown - Cybersecurity Headlines

Summary4 min read

Cybersecurity Headlines – September 5, 2025

Host: Steve Prentiss
Main Theme:
A fast-paced roundup of major cybersecurity news stories, ranging from regulatory fines in the EU to technology sector data breaches and M&A developments. Each item highlights evolving risks, new enforcement actions, industry trends, and corporate responses in the global security landscape.

Key Stories and Insights

1. Major Cookie Fines in France: Google and Shein Penalized

Summary:
The French data protection regulator (CNIL) has fined Google $379 million and online retailer Shein $175 million for violating cookie rules and setting advertising cookies without user consent.
- Google was further cited for email-based advertisements in Gmail's "Promotions" and "Social" tabs, a practice requiring explicit user opt-in under French law.
- Shein, based in China, was noted as a repeat offender in data privacy news.
Notable Quote:

“Set advertising cookies on users' browsers without securing their consent.”
—CNIL, cited by Steve Prentiss (00:24)
Timestamps:
- CNIL fines and context: 00:06–01:07

2. CISA Expands List of TP-Link Vulnerabilities

Summary:
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two more TP-Link router vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog due to evidence of exploitation.
- The vulnerabilities affect out-of-support routers, underscoring the risk of outdated hardware.
- TP-Link issued firmware updates as far back as November of the previous year.
Timestamps:
- CISA bulletin explained: 01:08–01:41

3. Historic Takedown of Stream East, the Largest Sports Piracy Site

Summary:
Global policing efforts, led by the Alliance for Creativity and Entertainment, shut down Stream East—cited as the world’s largest source of illegal live sports streams, visited 1.6 billion times over the past year.
- Egyptian police arrested two individuals, seized laptops, and uncovered money laundering connections through a UAE shell company involving £4 million in advertising revenue and £150,000 in cryptocurrency.
Timestamps:
- Site takedown details: 01:42–02:31

4. SAP's 20 Billion Euro Bet on Sovereign Cloud Infrastructure

Summary:
SAP announced a decade-long €20 billion investment to expand sovereign cloud in Europe, aiming to provide compliant, secure alternatives to U.S. cloud providers—particularly for public sector and regulated customers.
- Reports of internal disagreement surfaced, with CEO Christian Klein favoring AI investments over cloud infrastructure expansion.
Timestamps:
- Investment news and debate: 02:32–03:12

5. US Cyber Programs: House Panel Pushes for Extension

Summary:
The House Homeland Security Committee overwhelmingly approved extensions for two vital cybersecurity programs:
- 10-year reauthorization of CISA’s Information Sharing Act.
- Ongoing funding of the State and Local Cybersecurity Grant program.
- These programs strengthen threat intelligence sharing and bolster local cyber defenses.
- Lawmakers face a looming September 30 expiration deadline.
Timestamps:
- Legislative votes and implications: 03:55–04:50

6. FTC Action: Toymaker Apitor Punished for Child Data Mishandling

Summary:
U.S. DOJ, prompted by FTC findings, filed a complaint against Chinese toymaker Apitor for allowing a third party to collect children’s geolocation data via their toy companion app, violating COPPA laws.
- Apitor misrepresented compliance in its privacy policy and required Android users to enable location sharing.
Timestamps:
- Case details and consumer impact: 04:51–05:38

7. Atlassian Acquires The Browser Company

Summary:
Atlassian is acquiring The Browser Company—the maker of Arc and the AI-powered DIa browsers—for $610 million in cash.
- CEO Mike Cannon-Brookes described plans for an "AI-powered browser optimized for the many SaaS applications living in tabs."
- The acquired company will operate independently but gain from increased resources.
Notable Quote:

"[An] AI-powered browser optimized for the many SaaS applications living in tabs, one that knowledge workers will love to use every day."
—Mike Cannon-Brookes, Atlassian CEO (05:52)
Timestamps:
- Acquisition announcement and product vision: 05:39–06:26

8. Workiva Data Breach Linked to Salesforce, Shiny Hunters

Summary:
SaaS provider Workiva disclosed a data breach stemming from compromise of a third-party CRM (Salesforce), with threat actors stealing business contact information from high-profile corporate customers.
- The breach is linked to the Shiny Hunters group and is part of a broader wave targeting Salesforce customers.
Notable Quote:

“Bleeping Computer has learnt that this incident was part of the recent wave of Salesforce data breaches linked to the Shiny Hunters extortion group.”
—Steve Prentiss (06:59)
Timestamps:
- Breach facts: 06:27–07:26

Memorable Moments & Tone

The episode maintained a focused, brisk, matter-of-fact delivery.
Stories were concise, but rich in regulatory, technical, and threat context.
The Atlassian soundbite and the description of the international sports piracy takedown stood out for their detail and narrative flair.

Segment Timestamps Overview

[00:06] - Headlines and Host Introduction
[00:07] - France fines Google and Shein
[01:08] - CISA TP-Link router vulnerabilities
[01:42] - Stream East piracy site takedown
[02:32] - SAP cloud investment
[03:55] - US cyber security legislation votes
[04:51] - Apitor/FTC privacy violation
[05:39] - Atlassian acquires The Browser Company
[06:27] - Workiva/Salesforce data breach

For Further Info

Full text stories available at cisoseries.com for more depth on each topic.
Announcements of interactive livestreams for deeper discussions on AI security and the week's cybersecurity headlines.

Loading summary

Transcript3 lines

[00:00]
A
From the CISO series, it's Cybersecurity Headlines.
[00:07]
B
These are the cybersecurity headlines for Friday, September 5, 2025. I'm Steve Prentiss. France Fines Google and Sheen over cookie Misconduct the French Data Protection Authority has levied fines against the two companies of $379 million and 175 million dol million respectively for violating cookie rules. The CNIL said the companies quote set advertising cookies on users browsers without securing their consent. End quote. Shein is a China based online retailer. Google is also in trouble with the French authorities for quote placing advertisements in the form of emails, among other emails in the promotions and social tabs of Gmail. The CNIL further says that displaying ads in this way required users explicit consent in accordance with the French Postal and Electronic Communications Code. CISA adds more TP Link routers flaws to its KEV catalog On Wednesday, CISA added two more TP Link wireless router security flaws to its Known Exploited Vulnerabilities catalog, citing evidence of them being exploited in the wild. These flaws are different from the ones we reported on in June, although a couple of router models are listed in each. TP Link had released firmware updates for the two vulnerabilities in November of last year, but they reiterate the affected products have reached their end of service and are no longer receiving active support. The vulnerabilities and their CVE numbers are available in the show Notes to this episode World's largest Sports Piracy site shut down the alliance for Creativity and Entertainment, working with police in Egypt, have closed down Stream east, the world's largest destination for illegal streams of live sports events. The site had been visited more than 1.6 billion times in the last year and offered access to pirated streams of events such as professional soccer, Formula One races and Major League Baseball. Two men were arrested in a town outside Cairo, along with laptops believed to operate the sites. Police also found links to a shell company in the United Arab Emirates, which had allegedly been used to launder £4 million worth of advertising revenue since 2010, as well as £150,000 in cryptocurrency. SAP invests in sovereign cloud infrastructure in Europe the global enterprise software giant headquartered in Germany says it will invest 20 billion euros into expanding SOFTW sovereign cloud infrastructure in Europe over the next 10 years, pitching itself as a secure and compliant alternative to American cloud giants. This move is intended to help provide sovereign infrastructure for the public sector and regulated environments. However, some within the organization, including CEO Christian Klein, disagree with the initiative favoring a focus on using AI to improve manufacturing and other processes for its customers. Huge thanks to our sponsor, ThreatLocker. ThreatLocker is a global leader in zero Trust Endpoint security, offering cybersecurity controls to protect businesses from zero day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and to start your free trial, visit threatlocker.com CISO I.e. t H R E A T L O C K-E-R.com CISO House panel votes to Extend Cyber Programs the House Homeland Security Committee voted 250 to approve the Widespread Information Management for the Welfare of Infrastructure and Government act, which is a 10 year extension of the 2015 Cybersecurity Information Sharing Act. This act provides incentives for private entities to voluntarily share digital threat intelligence with the federal government. In addition, the panel voted 21:1 to reauthorize the State and Local Cybersecurity Grant program, which gives money to local governments to improve their posture against cyber threats. It remains unclear if lawmakers will be able to pass both bills before an end of the month deadline. Both statutes are slated to expire on September 30th without congressional action. FTC fines toy manufacturer for Allowing data Collection this past Tuesday, the Justice Department filed a complaint against China based toy manufacturer Apitor, that is a P I T O r alleging that the maker of robot toys allowed a third party in China to collect children's geolocation data without the consent of their parents. This follows a complaint from the Federal Trade Commission stating that Apitor's privacy policy said that it complied with the Children's Online Privacy Protection Rule. That's the COPPA rule, when in reality it did not. The company's product includes a mobile app that kids can use to control the robot toys. Apitor requires users with Android devices to allow location sharing in order to use the toys companion app Atlassian to Buy the Browser Company to Reshape Browsers Australian productivity software maker Atlassian, best known for its JIRA software, has agreed to acquire the browser company, which manufactures two browsers, Arc, Spelled A R C and a new AI enhanced browser named DIA spelled DIA. The acquisition is for $610 million in cash. Mike Cannon, Brooks, Atlassian's CEO and co founder, described in a statement Atlassian's intention to create an AI powered browser optimized for the many SaaS applications living in tabs, one that knowledge workers will love to use every day. The browser company will continue to work independently but the acquisition will allow for the browser to ship features faster and support multiple platforms. SaaS company Workiva discloses data breach Representatives of the company spelt W O R K I V a state that attackers gained access to a third party customer relationship management system and stole some of their data. Workiva's customer list contains some of the biggest names including Google T Mobile, Delta, Wayfair, Hershey, Slack, Santander, Nokia, Kraft Heinz, Wendy's, Paramount, Air France, klm, Mercedes Benz and more. According to Bleeping Computer, threat actors exfiltrated a limited set of business contact information including names, email addresses, phone numbers and support ticket content. Bleeping Computer has learnt that this incident was part of the recent wave of Salesforce data breaches linked to the Shiny Hunters extortion group that impacted many high profile companies. End quote as usual, we've got a busy Friday of live streams today. It starts at 1pm Eastern with Super Cyber Friday, where the topic will be hacking AI in meetings, an hour of critical thinking about how to avoid liability while getting value from your recordings. Then at 3:30pm Eastern we have our Week in Review Show. Ray Espinoza, VP of Information Security at Elite Technology, will be our guest, providing his expert commentary on the news of the week. To join us for both, head on over to the events page@cisoseries.com and if you have some thoughts on the news from today or about this show in general, please be sure to reach out to us@feedbackisoseries.com we would love to hear from you. I'm Steve Prentiss reporting for the CISO series.
[08:27]
A
Cybersecurity headlines are available every weekday. Head to CISoseries.com for the full stories behind the headlines.