Cyber Security Headlines — Episode Summary

Podcast: Cyber Security Headlines
Host: Steve Prentiss (CISO Series)
Episode: Rainbow Six Siege breach, backup generators for AI, LastPass reverberations
Date: December 29, 2025

Episode Overview

This episode delivers a packed roundup of the day’s top stories in information security, focusing on a high-profile breach in the gaming world, new infrastructure challenges for AI, long-term impacts from a major password manager breach, and the evolving landscape of digital security threats. The tone is brisk and informative, with a focus on brevity and actionable insight for security professionals.

Key Discussion Points & Insights

1. Rainbow Six Siege Suffers Game-Changing Breach

[00:13]

Ubisoft’s popular game, Rainbow Six Siege, experienced a major breach over the weekend.
Effects:
- “All types of chaos” erupted, with mass unbanning of players and widespread distribution of in-game currency.
- Ubisoft responded swiftly by shutting down both the game and its online marketplace.
Resolution:
- Players won’t be punished for spending the illegitimately obtained credits.
- Every in-game transaction “made since 11 a.m. Paris time” will be rolled back.

Notable Quote: “Ubisoft quickly shut down Rainbow Six Siege and its in-game marketplace… would be rolling back all transactions made since 11 a.m. Paris time.” (Steve Prentiss, 00:22)

2. Diesel Generators, Jet Engines Power the AI Boom

[01:10]

Context: Massive energy requirements for AI model training have created significant power-sourcing challenges.
Response: Data centers increasingly rely on:
- Aero-derivative turbines (adapted jet engines)
- Diesel generators
Reason: Power grid connection delays of up to “seven years” and pushback from consumers over rising utility bills.
Regulatory Actions:
- Local and federal U.S. authorities are loosening restrictions on generator use.
- Discussions around commandeering backup generators from businesses to prop up AI workloads.

Memorable Framing: “Loosen the restrictions on the use of backup generators… floating the idea of commandeering existing backup generators… in order to support the demand.” (Steve Prentiss, 01:28)

3. 2022 LastPass Breach: Crypto Fallout Continues

[02:08]

Blockchain intelligence reveals that vault backups from the 2022 LastPass breach still haunt the crypto sphere.
Method: Attackers crack weak master passwords to drain crypto wallets.
Persistence: These thefts persisted through 2024 and 2025.
Indicators:
- Stolen funds laundered via mixers, funneled into high-risk Russian exchanges.
- Patterns point to ongoing Russian cybercriminal involvement.

Notable Quote: “TRM Labs found repeated use of Russian cybercrime infrastructure and continuity of wallet control, indicating likely Russian criminal involvement in monetizing the breach.” (Steve Prentiss, 02:32)

4. ChatGPT: Sponsored Content To Take Center Stage?

[03:00]

Developments: OpenAI is reportedly planning to prioritize sponsored content in ChatGPT’s answers, perhaps as sidebar inserts.
Background:
- OpenAI was initially resistant, fearing it would affect answer quality—especially amid competition from Google’s Gemini AI.
- Generative AI tools’ deep user insight may reshape web advertising.

Notable Quote: “Generative AI products like ChatGPT know more about users than Google and as such are likely to disrupt the web economy.” (Steve Prentiss, 03:19)

5. NY Governor Approves Social Media Warning Labels

[04:00]

Action:
- Governor Kathy Hochul signs a bill requiring social media platforms to add warning labels for young users before they access features like Autoplay and infinite scroll.
- Warnings to appear similar to tobacco product and flashing-light advisories.
Backstory:
- Bill was passed in June; echoes similar warnings proposed by Surgeon General Vivek Murthy.

Quote: "Social media platforms should add warning labels... resemble those on tobacco products." (Steve Prentiss, 04:22)

6. Windows Activation Scam Delivers PowerShell Malware

[05:00]

Threat:
- A typosquatted domain (nearly identical to legitimate MAS activation scripts) spreads the Cosmali loader via PowerShell.
- Users lured by false warnings and nudged to visit the malicious domain.
- Legitimate MAS helps activate Windows/Office—attackers exploit user trust and common typo patterns.

Highlight: “Numerous reports… about a Cosmali loader infection with a warning popup… instructs them to enter a typo squatted address.” (Steve Prentiss, 05:24)

7. The Hidden Danger of Parked Domains

[06:05]

Insight: Brian Krebs warns about parked/typosquatted domains, a common online hazard.
Dangers:
- Malware posing as antivirus software
- Scams targeted at users from residential IP addresses (while benign for VPN/non-residential visitors)
Takeaway: Cybercriminals exploit both abandoned and mimicked domains for sophisticated phishing/malware campaigns.

Memorable Framing: “Parking pages… often lead to malware disguised as antivirus software and illegal content scams.” (Steve Prentiss, 06:18)

Notable Quotes & Memorable Moments

On Ubisoft’s Response:
“Players would not be punished for spending the granted credits, but that it would be rolling back all transactions made since 11 a.m. Paris time.” (00:26)
On Power for AI:
“Developers of data centers are now using… jet engines, as well as diesel generators, to address a growing need for power to process AI technology.” (01:12)
On Generative AI & Ads:
“Generative AI products like ChatGPT know more about users than Google and as such are likely to disrupt the web economy.” (03:19)
On Social Media Labels:
“The warnings are supposed to resemble those on tobacco products and media with flashing lights.” (04:19)
On Parked Domains:
“Parking pages… often lead to malware disguised as antivirus software and illegal content scams.” (06:18)

Timestamps for Important Segments

Rainbow Six Siege Breach: 00:13 – 01:08
AI Power Infrastructure Crisis: 01:10 – 02:07
LastPass Breach Crypto Fallout: 02:08 – 02:59
ChatGPT Sponsored Content: 03:00 – 03:58
NY Social Media Warning Labels: 04:00 – 04:59
Windows Activation Malware: 05:00 – 06:04
Parked Domains Warning (Brian Krebs): 06:05 – 06:46

Final Thoughts

This episode highlights the ongoing, multifaceted risks in cybersecurity: from high-profile breaches and long-tail vulnerabilities to the unintended consequences of new technologies—like AI’s hunger for energy and the growing pervasiveness of targeted content. The tone throughout remains practical and vigilant, encouraging active engagement and awareness among listeners.

For more details and continuous updates, listeners are directed to visit cisoseries.com.

Transcript

A (0:00)

From the CISO series, it's Cybersecurity Headlines these are the cybersecurity headlines for Monday, December 29, 2025. I'm Steve Prentiss. Rainbow Six Siege Suffers Breach Gamers Go Shopping the Rainbow Six Siege R6 online game, a product of French video game publisher Ubisoft, suffered a breach over the weekend that allowed all types of chaos to ensue, unbanning players and granting players massive amounts of in game currency. Ubisoft quickly shut down Rainbow six Siege and its in game marketplace. It later stated that players would not be punished for spending the granted credits, but that it would be rolling back all Transactions made since 11am Paris time. Diesel generators and aircraft engines in high demand to power AI the developers of data centers are now using Aero derivative turbines based on or made from jet engines, as well as diesel generators to address a growing need for power to process AI technology. This is being done to counter the issue of supply chain shortages and wait times of up to seven years to connect to the grid, as well as a growing backlash over their impact on consumer utility bills. This power is needed for the training and running of artificial intelligence models. As a result, local and federal regulators in the US Are starting to loosen the restrictions on the use of backup generators and are even floating the idea of commandeering existing backup generators, such as those located behind many large stores and businesses, in order to support the demand. LastPass 2022 breach reverberates through the crypto world According to blockchain intelligence firm TRM Labs, encrypted vault backups that were stolen in the 2022 LastPass breach are still used to break weak master passwords, allowing threat actors to access crypto accounts. Wallet drains continued through 2024 and 2025, with stolen funds traced through mixers to high risk Russian exchanges. TRM Labs found repeated use of Russian cybercrime infrastructure and continuity of wallet control, indicating likely Russian criminal involvement in monetizing the breach. End Quote ChatGPT ads will allegedly prioritize Sponsored Content in Answers the ongoing back and forth regarding the inclusion of ads in ChatGPT space has now seen a new concept enter the room, this one called Sponsored content. Despite initial resistance from OpenAI management about adding adverts to ChatGPT, fearing quality issues, especially in light of Gemini's advancement in the space, a new report suggests that OpenAI plans to prioritize sponsored content in AI answers. This might take the form of sponsored information in a sidebar next to the main ChatGPT response window. Although search tools like Google Search have had ads for a long time. Experts point out that generative AI products like ChatGPT know more about users than Google and as such are likely to disrupt the web economy. Huge thanks to our sponsor ThreatLocker. Want real zero trust training? Zero Trust World 2026 delivers hands on labs and workshops that show CISOs exactly how to implement and maintain zero trust in real environments. Join us March 4 through 6 in Orlando, plus a live CISO series episode on March 6. Get $200 off with the code ZTWCISO26@ZTW.com New York governor allows warning labels on social Media Describing social media platforms as addictive New York Governor Kathy Hochul signed a bill this past week that will require social media platforms to show warning labels to younger users before they're exposed to features such as Autoplay and Infinite Scrol, end quote. The bill was actually passed in June and the warnings are supposed to resemble those on tobacco products and media with flashing lights. Surgeon General Vivek Murthy also had suggested last year that social media platforms should add warning labels. End quote. Fake MAS Windows activation domain spreads PowerShell malware according to Bleeping Computer, a typo squatted domain impersonating the Microsoft Activation Scripts tool was used to distribute malicious PowerShell scripts that infect Windows systems with the Cosmali loader. MAS is an open source collection of PowerShell scripts that automate the activation of Microsoft Windows and Microsoft Office using HWI deactivation, KMS emulation and various bypasses. Numerous reports have been showing up on Reddit that inform users about a Cosmali loader infection with a warning popup that chides users for using the correct Win domain to activate windows in PowerShell, the correct address being Get Activate Win. The message then instructs them to enter a typo squatted address that has one additional letter added, which changes the word activate to activated. Most parked domains serve malicious content, says Brian Krebs. Krebs is warning Internet users that means everybody about the dangers of parked domains, those web addresses that are no longer in use or that are intentionally misspelled as typosquatting sites. As with most things, Internet exploitation is rife. Parking pages that show these parked domains as no longer in use often lead to malware disguised as antivirus software and illegal content scams. In his article published this month, which draws on research from Infoblox, he describes how parked websites can remain benign if a visitor arrives at the site using a VPN or a non residential Internet address, but will be redirected to a scam site if coming from a residential IP address. A link to the Krebs article is available in the show notes to this episode. Did you know that you can subscribe to our events calendar? Just head on over to our events page@cisoseries.com and look for the subscribe button. You'll know when all of our Super Cyber Friday and Department of no Live streams start, as well as our live CISO series, podcast recordings, and other meetups. Make sure you are up to date with all the fun events from the CISO series, and if you have some thoughts on the news from today or about this show in general, please be sure to reach out to us@feedbacksoseries.com we would love to hear from you. I'm Steve Prentiss reporting for the CISO series. Cybersecurity headlines are available every weekday. Head to cisoseries.com for the full stories behind the headlines. Sam.