Episode Overview

Main Theme:
This episode of Cyber Security Headlines (December 5, 2025, hosted by Rich Stofalino) offers a rapid-fire roundup of the latest major information security stories. The episode covers the ongoing international threat of Predator spyware, Russia's broad crackdown on foreign tech (including FaceTime), a preview of a new US national cybersecurity strategy, high-profile insider threats, legal action against the e-commerce app Temu, targeted phishing attacks, and concerns over the privacy protections of a smart toilet camera. The tone remains brisk, informative, and focused on practical takeaways for security professionals.

Key Discussion Points & Insights

1. Predator Spyware Use Remains Widespread Internationally

• Predator spyware, developed by Intellexa, persists as a significant global surveillance threat.
• US sanctions have reportedly slowed its usage, but researchers still found its presence in Iraq, Pakistan, Saudi Arabia, Kazakhstan, Angola, and Mongolia.
  • Declining activity was observed in Botswana, Egypt, and Trinidad & Tobago, but this may reflect improved infrastructure secrecy rather than actual decrease.
• Amnesty International: Intellexa can remotely access customer logs, increasing liability for abuse.
  Quote (00:32):

  "Intellexa made significant infrastructure changes to make it harder to detect."
  Quote (00:48):
  "Amnesty International revealed this week that Intellexa can remotely access Predator customer logs...further exposing the company to liability for misuse."

2. Russia's Crackdown on Foreign Tech - FaceTime Blocked

• Russia’s Roskomnadzor has blocked Apple’s FaceTime citing unsubstantiated claims it’s used for terrorism, fraud, and criminal activity.
  • Follows recent sanctions/blocking of YouTube, WhatsApp, Telegram, and Roblox.
• Apple has not issued a statement.
  Quote (01:03):

  "Russia’s communications regulator announced it blocked Apple’s video calling app as part of its continued crackdown on foreign tech allegedly used for criminal activity...According to law enforcement, FaceTime is being used to organize and carry out terrorist attacks..."

3. Upcoming US National Cybersecurity Strategy Previewed

• A draft national cybersecurity strategy, attributed to the Trump administration, is slated for release in January.
• Document is “five pages, six parts,” with a focus on:
  • Offensive cyber operations
  • Uniform cyber regulation
  • Federal workforce strengthening
  • Streamlining procurement
  • Critical infrastructure protection
  • Planning for emerging technologies
• Industry stakeholders are currently providing feedback.
  Quote (01:32):

  "The six pillars in the document continue to focus on offensive cyber operations, making cyber regulations more uniform...and planning for emerging tech."

4. High-Profile Insider Threat: Brothers Arrested for Deleting Government Databases

• Muneeb and Soheb Akhtar, twin brothers and engineers at Opexus, were arrested after allegedly deleting 96 government databases, impacting the IRS and GSA.
  • Both had previously served sentences for a 2015 State Department data breach.
  • Both deny the new charges.
• Notable for recurrence of insider threat involving the same individuals.
  Quote (02:15):

  "Both brothers worked as engineers at the federal contractor Opexus, using their access to allegedly delete up to 96 government databases..."

5. State Lawsuits Against Temu Over Data Privacy

• Arizona sues Temu (Chinese e-commerce app) for alleged unconsented data harvesting—including GPS location and app inventories.
  • Code intentionally obfuscates security reviews.
  • Kentucky, Nebraska, and Arkansas have filed similar suits.
  • Temu is legally obliged to comply with Chinese government data requests, spurring national security worries.
    Quote (03:35):

  "Arizona...filed a suit against the Chinese online retail giant, claiming it collects large amounts of sensitive consumer information without consent..."

6. Russian APT Star Blizzard Targets Reporters Without Borders

• Russian-linked group Star Blizzard used targeted phishing against RSF.
  • Tactics: phishing via ProtonMail, social engineering, weaponized PDFs.
  • Attack was mitigated by Proton disabling the malicious account.
  • Consistent with the group’s pattern against other NGOs.
• Goal: steal credentials via injected JavaScript in ProtonMail sign-in.
  Quote (04:10):

  "The attack was only unsuccessful in this case because Proton blocked the user's account. Sequoia found this a familiar pattern for Star Blizzard..."

7. "Ghost" Phishing Framework Abuses Iframes

• New report from Barracuda details Ghost Frame, a phishing toolkit using HTML with malicious iframes.
  • Enables quick content swaps, dynamic subdomains, and persistent lures (contract notices, HR updates).
• Efficient at credential harvesting while evading scans.
  Quote (04:45):

  "Ghost Frame uses an HTML file to spoof as a landing page with malicious behavior hidden in an iframe...quickly swap out phishing content and evade scanning..."

8. Privacy Issues with Kohler’s Smart Toilet Camera

• Kohler’s Decoda smart toilet camera, marketed as having "end-to-end encryption," actually only uses TLS—leaving data accessible to Kohler.
  • Researcher raised that images could be used to train AI.
  • Kohler claims model training is on de-identified data only.
    Quote (05:30):

  "In all of its marketing, it claims that images sent for analysis were end to end encrypted...these were actually transmitted with TLS encryption..." Quote (05:48):
  "Kohler responded that its algorithms are trained on de-identified data only."

Notable Quotes & Memorable Moments

• On Predator Spyware's Evasion:
  "Intellexa made significant infrastructure changes to make it harder to detect." (B, 00:32)
• Russia’s Justification for Blocking FaceTime:
  "FaceTime is being used to organize and carry out terrorist attacks in the country..." (B, 01:10)
• On US Cyber Strategy’s Offensive Stance:
  "The six pillars in the document continue to focus on offensive cyber operations..." (B, 01:32)
• On Insider Threat & Repeat Offenders:
  "Both brothers had previously pled guilty to charges tied to a US State Department data breach..." (B, 02:30)
• On Temu’s Security Evasion:
  "App code is deliberately designed to obfuscate security reviews." (B, 03:41)
• On Ghost Frame Flexibility:
  "Using the iframe allows attackers to quickly swap out phishing content and evade scanning..." (B, 04:48)
• Researcher Calling Out Weak Privacy Protections:
  "Based on Kohler’s privacy policy, these were actually transmitted with TLS encryption..." (B, 05:30)

Timestamps for Important Segments

• Predator spyware findings: 00:08–00:52
• Russia blocks FaceTime: 00:53–01:18
• US cybersecurity strategy draft details: 01:19–01:48
• Arrested brothers/insider threat: 01:50–02:47
• Arizona sues Temu: 03:25–03:57
• Star Blizzard phishing campaign: 03:58–04:36
• Ghost Frame phishing toolkit: 04:37–05:13
• Kohler smart camera privacy: 05:14–06:05

Conclusion

In a tight, news-packed episode, major global, national, and consumer data security issues are highlighted—from the resilience of state-backed spyware and international surveillance, through shifting national strategies and the persistent dangers of insider threats, to evolving attack techniques (Ghost Frame) and the privacy implications of even the most mundane IoT devices. The show maintains a straightforward tone, designed for infosec practitioners and executives needing quick, actionable, and high-level security briefings.