
Loading summary
A
From the CISO series. It's Cybersecurity Headlines.
B
These are the cybersecurity headlines for Friday, December 5, 2025. I'm Rich Stofalino. Predator spyware spotted across several countries recorded Futures Insect Group reports that while US sanctions against Intel XA's Predator spyware have seemingly slowed its overall use, it's still in use internationally. Researchers found evidence of its use in Iraq, Pakistan, Saudi Arabia, Kazakhstan, Angola and Mongolia. Meanwhile, previous usage in Botswana, Egypt and Trinidad and Tobago have fallen off. The researchers noted that this might not reflect a decline in actual usage. Instead, IntelLexa made significant infrastructure changes to make it harder to detect. Amnesty International revealed this week that Intellexa can remotely access Predator customer logs from, further exposing the company to liability for misuse. Russia blocks FaceTime Russia's communications regulator Roscommnadzor announced it blocked Apple's video calling app as part of its continued crackdown on foreign tech allegedly used for criminal activity. The country has also recently imposed sanctions on YouTube, WhatsApp, Telegram and Roblox without providing any evidence, the state regulator said. According to law enforcement agencies, FaceTime is being used to organize and carry out terrorist attacks in the country, recruit perpetrators and commit fraud, fraud and other crimes against Russian citizens. So far, there's been no word from Apple. On the move draft U.S. cyber strategy set for January release CYBERSCube Sources say the Trump administration plans to release a five page, six part national cybersecurity strategy next month. This could also be followed by an executive order that would spur implementation. The six pillars in the document continue to focus on offensive cyber operations, making cyber regulations more uniform, strengthening the federal cyber workforce, streamlining procurement, protecting critical infrastructure and planning for emerging tech. Currently, the administration is soliciting feedback on the strategy from industry stakeholders, so the final text may change. Brothers arrested for deleting government databases the U.S. department of justice arrested twin brothers Muneeb and Soheb Akhtar on charges related to insider threat activity against several government agencies. Both brothers worked as engineers at the federal contractor Opexus, using their access to allegedly delete up to 96 government databases impacting the IRS and General Services Administration back in February. In an even more bizarre twist, both brothers had previously pled guilty to charges tied to a US State Department data breach back in 2015, with each serving multi year prison sentences. Both brothers denied wrongdoing in an interview with Bloomberg earlier this year.
And now a huge thanks to our sponsor vanta. What's your 2am Security worry? Is it do I have the right controls in place or are my vendors secure? Enter Vanta Vanta automates manual work so you can stop sweating over spreadsheets, chasing audit evidence, and filling up endless questionnaires. Their trust management platform continuously monitors your systems, centralizes your data, and simplifies your security at scale. Get started at Vanta.com's square that's V A N T A dot com CISO.
Arizona sues Temu Arizona Attorney General Chris Mays announced the state filed a suit against the Chinese online retail giant, claiming it collects large amounts of sensitive consumer information without consent. This includes GPS location data and apps installed on mobile devices. The state also alleges that Temu's app code is deliberately designed to obfuscate security reviews. This isn't the first state to take such action. Kentucky, Nebraska and Arkansas also filed similar suits in recent months. All of this data collection comes against the backdrop that Temu is required to hand over data requested by the Chinese government, sparking potential national security concerns. Reporters Without Borders targeted by Star Blizzard Researchers at Sequoia report that the Russian linked apt Star Blizzard carried out a phishing attack against a core member of Reporters Without Borders or RSF using a ProtonMail account that was posing as a trusted contact. This email mentioned an attached document for review, but it was intentionally left off when the contact asked for it. They then sent a malicious PDF hosted on Proton Drive. The attack was only unsuccessful in this case because Proton blocked the user's account. Sequoia found this a familiar pattern for Star Blizzard, seeing the approach used against other nonprofits as well, ultimately trying to inject malicious JavaScript into a victim's ProtonMail sign in page to steal credentials. Ghost A novel phishing framework Iframe abuse is nothing new, but a new report from Barracuda details this new phishing framework built around it. Ghost Frame uses an HTML file to spoof as a landing page with malicious behavior hidden in an iframe. Using the iframe allows attackers to quickly swap out phishing content and evade scanning while keeping its outward facade intact and the same the landing page uses dynamic code to generate a new randomly generated subdomain, and every time a new visitor arrives. This then loads the iframe to harvest credentials. The lures to get users to the pages range from contract notices to HR updates. Researcher flushes Kohler's end to end encryption claims earlier this year, Kohler launched a smart camera for toilets called Decoda, designed to analyze bold contents for Gut Health. In all of its marketing, it claims that images sent for analysis were end to end. Encrypted Security researcher Simon Fronde Telltier recently pointed out that based on Kohler's privacy policy, these were actually transmitted with TLS encryption, so they're encrypted in transit, but Kohler can access the camera images. The researcher also pointed out that this opens the door for Culler to use the images to train AI models. However, Kohler responded that its algorithms are trained on de identified data only.
Have you put in a calendar reminder to join us for the Department of Note on Monday before you move on to your next podcast, take a second Add a weekly reminder to join us Every Monday at 4pm Eastern on the CISO Series YouTube channel. Each week I discuss what news stories actually matter to security professionals with two CISO experts and we talk about how you can use those stories with your teams. Join the livestream, get involved in the chat and kick off your week with a little fun. We hope to see you there. And if you have some thoughts about this show or about the news of the week, see send it to us@feedbacksoseries.com we'd love to hear from you. Reporting for the CISO series, I'm Rich Rafalino reminding you to have a super sparkly day.
A
Cybersecurity headlines are available every weekday. Head to cisoseries.com for the full stories. Behind the headlines.
Main Theme:
This episode of Cyber Security Headlines (December 5, 2025, hosted by Rich Stofalino) offers a rapid-fire roundup of the latest major information security stories. The episode covers the ongoing international threat of Predator spyware, Russia's broad crackdown on foreign tech (including FaceTime), a preview of a new US national cybersecurity strategy, high-profile insider threats, legal action against the e-commerce app Temu, targeted phishing attacks, and concerns over the privacy protections of a smart toilet camera. The tone remains brisk, informative, and focused on practical takeaways for security professionals.
"Intellexa made significant infrastructure changes to make it harder to detect."
Quote (00:48):
"Amnesty International revealed this week that Intellexa can remotely access Predator customer logs...further exposing the company to liability for misuse."
"Russia’s communications regulator announced it blocked Apple’s video calling app as part of its continued crackdown on foreign tech allegedly used for criminal activity...According to law enforcement, FaceTime is being used to organize and carry out terrorist attacks..."
"The six pillars in the document continue to focus on offensive cyber operations, making cyber regulations more uniform...and planning for emerging tech."
"Both brothers worked as engineers at the federal contractor Opexus, using their access to allegedly delete up to 96 government databases..."
"Arizona...filed a suit against the Chinese online retail giant, claiming it collects large amounts of sensitive consumer information without consent..."
"The attack was only unsuccessful in this case because Proton blocked the user's account. Sequoia found this a familiar pattern for Star Blizzard..."
"Ghost Frame uses an HTML file to spoof as a landing page with malicious behavior hidden in an iframe...quickly swap out phishing content and evade scanning..."
"In all of its marketing, it claims that images sent for analysis were end to end encrypted...these were actually transmitted with TLS encryption..." Quote (05:48):
"Kohler responded that its algorithms are trained on de-identified data only."
In a tight, news-packed episode, major global, national, and consumer data security issues are highlighted—from the resilience of state-backed spyware and international surveillance, through shifting national strategies and the persistent dangers of insider threats, to evolving attack techniques (Ghost Frame) and the privacy implications of even the most mundane IoT devices. The show maintains a straightforward tone, designed for infosec practitioners and executives needing quick, actionable, and high-level security briefings.