Cyber Security Headlines – December 18, 2025

Host: Lauren Verno (CISO Series)
Episode Theme:
A rapid-fire overview of the day’s most significant developments in cybersecurity, covering new regulatory actions against crypto, a critical exploit targeting React, a major fraud ring bust in Ukraine, high-profile breaches, and tech policy changes affecting cybersecurity and privacy.

Main Topics and Key Insights

1. FTC Orders Crypto Company Nomad to Repay Users

Summary:
The US Federal Trade Commission (FTC) has ordered Nomad, a crypto bridge operator, to repay users for a major 2022 breach that resulted in the loss of roughly $186 million.

• Cause: Unvetted and inadequately tested code introduced a vulnerability, despite the company’s public claims of being “security first.”
• Outcome:
  • Customers lost nearly $100 million after partial recoveries.
  • Under a proposed settlement, Nomad must repay $37.5 million, establish a comprehensive security program, and stop misrepresenting the security of its products.

Notable Quote:

“According to the FTC, the company pushed inadequately tested code that introduced a critical vulnerability despite marketing the platform as security first, leaving customers out nearly 100 million after partial recoveries.” (Lauren Verno, 00:18)

2. New React2Shell Exploit – Rapid Ransomware Deployment

Summary:
A ransomware gang is now exploiting the React2Shell vulnerability to deploy ransomware in under a minute—a shift from prior espionage and cryptomining activity.

• Attack Method:
  • Remote code execution via a vulnerable React server component endpoint.
  • Steps: Drops “wexer” ransomware, disables Windows Defender, deploys Cobalt Strike, encrypts files, wipes shadow copies, clears logs, all without lateral movement.
• Warning: Simply patching may not be enough to stop sophisticated attacks.

Notable Quote:

“Attackers used the bug to remotely execute JavaScript on a vulnerable React server components Endpoint before dropping the wexer ransomware stream… all without moving laterally.” (Lauren Verno, 01:00)

3. Ukraine-Based Fraud Ring Dismantled

Summary:
European law enforcement took down a network of fraudulent call centers in Ukraine that scammed victims out of more than $11.7 million.

• Modus Operandi:
  • Impersonated police/bank employees to pressure victims into transferring funds or installing remote banking access software.
• Scope:
  • Around 100 people involved.
  • The full financial damage is likely much higher.

Notable Quote:

“The group posed as police officers and bank employees, pressuring victims into transferring funds to so called safe accounts or installing remote access software to take over their banking apps.” (Lauren Verno, 02:16)

4. French Interior Ministry Confirms Cyber Intrusion

Summary:
A cyberattack compromised several internal ministry email accounts and dozens of confidential files, including judicial records and data on wanted individuals.

• Timeline: The attacker was inside for several days.
• Impact: No ransom demand, no clear risk to lives so far.

Notable Quote:

“The intruder remained in the network for several days, though officials say no ransom demand was made and there's no indication the breach put lives at risk.” (Lauren Verno, 02:59)

5. Malicious Firefox Extensions Spread Malware

Summary:
Researchers uncovered a campaign (“Ghost Poster”) using malicious logo images in Firefox extensions (masquerading as VPNs, ad blockers, translators, weather apps) to distribute delayed, multi-stage malware.

• Impact:
  • Over 50,000 installs.
  • Capabilities: user tracking, security bypass, remote code execution, affiliate hijacking, code injection.
• Resolution: Mozilla has removed the extensions.

Notable Quote:

“Researchers have uncovered a malicious Firefox campaign dubbed Ghost Poster, where malware was hidden inside the browser extensions logo images. … Mozilla has since removed the affected add ons from its Marketplace.” (Lauren Verno, 04:13)

6. Microsoft Update Breaks MSMQ on Older Systems

Summary:
December 2025 security updates are causing Microsoft Message Queuing (MSMQ) to fail on older Windows 10 and server versions.

• Symptoms: Apps can’t write messages, IIS throws errors, queue failures.
• Workaround: Uninstalling the update fixes the issue but removes security patches.

Notable Quote:

“Uninstalling the update can fix it, but at the cost of losing security patches. The choice is up to you.” (Lauren Verno, 04:58)

7. ISACA Appointed Exclusive CMMC Credentialer

Summary:
ISACA is now the sole organization authorized to train and certify professionals for the US DoD’s Cybersecurity Maturity Model Certification program, replacing Cyber AB.

• Implications:
  • All DoD contractors handling sensitive data need CMMC compliance.
  • Over 200,000 organizations, including European suppliers, will require certification by 2028.

8. Meta AI’s New Policy Raises Privacy Concerns

Summary:
Meta (Facebook/Instagram/WhatsApp/Messenger) now uses your AI chat interactions for ad targeting, with no opt-out.

• Privacy Risks:
  • Many chats include sensitive info: health, finances, religion, mental health.
  • Even filtered, such data can enable profiling and scam targeting.
• Expert Concerns: Sharing sensitive data—even indirectly—could facilitate new vectors for exploitation.

Notable Quote:

“So what's this all got to do with cybersecurity? Well, AI chats often include sensitive personal information…feeding that into ad targeting could expose users to profiling, scams or other exploitation.” (Lauren Verno, 06:03)

Notable Quotes & Memorable Moments

• On Nomad Breach:
  “Leaving customers out nearly 100 million after partial recoveries.” (Lauren Verno, 00:20)

• On React2Shell Exploit:
  “Attackers quickly disabled Windows Defender, deployed Cobalt Strike for command and control, encrypted files, wiped shadow copies, and cleared logs, all without moving laterally.” (01:12)

• On Ukraine Fraud Ring:
  “Authorities believe roughly 100 people were involved and the true financial impact is likely far higher than currently known.” (02:38)

• On Meta AI Privacy:
  “There's no opt out option… feeding that into ad targeting could expose users to profiling, scams, or other exploitation.” (Lauren Verno, 06:08)

Timestamps for Key Segments

• 00:18 — FTC Orders Nomad to Repay Customers
• 01:00 — React2Shell Exploited for Rapid Ransomware
• 02:16 — Ukraine-Based Fraud Ring Dismantled
• 02:59 — French Interior Ministry Email Breach
• 04:13 — Firefox Extensions Malware Campaign
• 04:58 — Microsoft Update Breaks MSMQ
• 05:20 — ISACA Takes Over CMMC Credentialing
• 06:03 — Meta AI Policy and Privacy Concerns

Tone and Style

Lauren Verno’s reporting is succinct and fact-driven, with an urgency suited to the rapidly evolving security landscape. The tone is both informative and pragmatic—actionable for professionals in the field but clear enough for a broader audience.

Conclusion

This episode delivered a concise but information-rich update on critical issues in cybersecurity: regulatory enforcement, emerging exploits, international law enforcement successes, persistent software vulnerabilities, credentialing changes, and shifting privacy norms in big tech. Whether you monitor compliance, build defenses, or just want to stay up-to-date, these stories underscore the importance of vigilance and adaptation in the cybersecurity world.