Cyber Security Headlines – Detailed Episode Summary

Podcast: Cyber Security Headlines
Host: Steve Prentiss (CISO Series)
Episode Title: MongoDB records exposed, Apple WebKit patches, Coupang culprit identified
Date: December 15, 2025

Episode Overview

This episode covers top stories from the world of cybersecurity, including a massive MongoDB data leak affecting billions of professional records, Apple and Google’s response to serious WebKit vulnerabilities, attribution of the high-profile Coupang breach, the release of MITRE’s Top 25 software weaknesses for 2025, geopolitical cyber incidents in Germany and the Middle East, privacy concerns over Canadian face-scanning billboards, and a legal move against a former Accenture manager accused of misleading the US government regarding cloud security compliance.

Key Discussion Points & Insights

1. Massive MongoDB Data Leak

• Story: Nexus AI researchers discovered a publicly exposed 16 TB MongoDB database containing 4.3 billion professional records, mainly LinkedIn-style data.
• Details:
  • Discovered November 23, secured two days later ([00:25])
  • Most records collected/updated in 2025; some date back to earlier LinkedIn scraping incidents (possibly from the major 2021 leak)
  • Potential for large-scale AI-driven social engineering attacks due to breadth and recency of data
• Notable Quote:

  “Researchers suggest it would be useful in enabling large scale AI driven social engineering attacks.” ([00:30])

2. Apple and Google Respond to WebKit Vulnerabilities

• Story: Apple pushed updates across its OS platforms and Safari browser following the identification of two WebKit vulnerabilities.
• Details:
  • Patches for iOS, iPadOS, MacOS, tvOS, watchOS, VisionOS, and Safari ([01:04])
  • One vulnerability previously patched by Google in Chrome—a sign of widespread concern
  • Vulnerabilities likely exploited in highly targeted mercenary spyware attacks
  • Affected users: “Specific targeted individuals on versions of iOS before iOS 26” ([01:19])
• Notable Quote:

  “Teams at Apple and Google have deduced that the vulnerabilities were likely weaponized in highly targeted mercenary spyware attacks.” ([01:23])

3. Coupang Data Breach Traced to Ex-Employee

• Story: The massive data breach impacting 33.7 million Coupang customers in South Korea has been attributed to a former employee.
• Details:
  • Ex-employee retained system access after departure ([01:54])
  • CEO Park Dae Jun resigned and publicly apologized ([01:58])
  • Suspect: 43-year-old Chinese national, joined Coupang Nov 2022, left in 2024, now believed to have left South Korea ([02:05])
  • Labeled as South Korea’s worst cybersecurity breach
• Notable Quote:

  “The company’s CEO, Park Dae Jun, announced his resignation and apologized to the public for failing to stop what is the country’s worst cybersecurity breach in its history.” ([02:03])

4. MITRE’s Top 25 Most Dangerous Software Weaknesses for 2025

• Story: MITRE released its annual list of critical software weaknesses, with input from DHS and CISA.
• Details:
  • List covers vulnerabilities affecting 39,000 disclosures from June 2024–June 2025 ([02:43])
  • Top weaknesses: Cross-Site Scripting (XSS), SQL Injection, Cross-Site Request Forgery, Missing Authorization, Out-of-Bounds Rights; new: variations on buffer overflows ([02:49])
  • Full list linked in episode notes
• Notable Quote:

  “Topping the list is Cross Site Scripting followed by SQL Injection, Cross Site request, forgery, missing authorization and out of bounds rights, with new entries this year being variations on buffer overflows.” ([02:49])

5. Germany Accuses Russia of Air Traffic Control Cyber Attacks

• Story: Germany summons Russia’s ambassador after attributing cyberattacks on its air traffic control and an election disinformation campaign to Russian threat actors.
• Details:
  • Air traffic control attack occurred in August, followed by an alleged disinformation campaign ahead of the February election ([04:01])
  • Clear evidence tied to Russian Nexus Group APT28 (Fancy Bear) and Storm 1516 ([04:03])
  • Group accused of divisive campaigns across Europe
• Notable Quote:

  “The German government stated it has clear evidence linking the air traffic control attack to the Russian Nexus Group APT28, also known as Fancy Bear…” ([04:03])

6. Middle East APT: Hamas-Linked Attacks in Oman, Morocco, Palestinian Authority

• Story: Palo Alto Networks’ Unit 42 identified Ashen Lepus, a Hamas-affiliated group using malware-laden documents to breach regional government and diplomatic entities.
• Details:
  • Targeted Oman, Morocco, Palestinian Authority ([04:38])
  • Utilized new info-stealing malware “Ashtag” ([05:01])
• Memorable Moment:

  “A group called Ashen Lepus… is allegedly using a new strain of information stealing malware called Ashtag.” ([05:01])

7. Canada Probes Face Scanning Billboards for Privacy Violations

• Story: Canada’s privacy regulator investigates billboards near Toronto’s Union Station, which use cameras and AI for demographic analysis.
• Details:
  • Owned by Cineplex Digital Media; analyze passersby age and gender ([05:22])
  • Company claims no personal data/images are retained, processing occurs within milliseconds ([05:26])
• Notable Quote:

  “They use cameras, large databases and in some cases artificial intelligence to survey people in public.” ([05:26])

8. US Sues Ex-Accenture Manager for Army Cloud Platform Misrepresentation

• Story: US government brings action against Daniel Hilmer, former Accenture manager, alleging he misled officials about the security posture of a cloud platform for the Army.
• Details:
  • Allegations: obstructing federal auditors, making false statements about platform’s FedRAMP/DoD security controls ([06:18])
  • Platform served payroll, pension, and benefits for DoD and other federal clients ([06:29])
  • Hilmer’s LinkedIn profile now deleted ([06:25])
• Notable Quote:

  “[The] platform in question is described as a non appropriated fund integrated financial management system… efforts to represent the NIFMS platform as having enabled security controls that met the Fed ramp high basis baseline and the Department of defense’s impact levels 4 and 5…” ([06:29])

Notable Quotes & Memorable Moments (with Timestamps)

• “Researchers suggest it would be useful in enabling large scale AI driven social engineering attacks.” – Steve Prentiss ([00:30])
• “Teams at Apple and Google have deduced that the vulnerabilities were likely weaponized in highly targeted mercenary spyware attacks.” – Steve Prentiss ([01:23])
• “The company’s CEO, Park Dae Jun, announced his resignation and apologized to the public for failing to stop what is the country’s worst cybersecurity breach in its history.” – Steve Prentiss ([02:03])
• “Topping the list is Cross Site Scripting followed by SQL Injection, Cross Site request, forgery, missing authorization and out of bounds rights, with new entries this year being variations on buffer overflows.” – Steve Prentiss ([02:49])
• “The German government stated it has clear evidence linking the air traffic control attack to the Russian Nexus Group APT28, also known as Fancy Bear…” – Steve Prentiss ([04:03])
• “They use cameras, large databases and in some cases artificial intelligence to survey people in public.” – Steve Prentiss ([05:26])

Timestamps for Major Segments

• MongoDB Leak: 00:16–00:49
• Apple WebKit Updates: 00:49–01:31
• Coupang Breach Attribution: 01:35–02:20
• MITRE Top 25 Weaknesses: 02:25–03:05
• Germany–Russia Cyber Tensions: 03:55–04:30
• Middle East APT, Ashen Lepus: 04:30–05:01
• Face Scanning Billboard Probe: 05:01–05:26
• US vs. Daniel Hilmer/Accenture: 05:26–06:54

Conclusion

This episode delivers a brisk, fact-driven look at major cybersecurity incidents and regulatory actions from around the globe. The breadth of stories—from data leaks to government espionage and privacy regulation—underscores the complex and fast-changing landscape CISOs and security professionals must navigate.

For deeper dives on any story, listeners are directed to CISOseries.com.