Ransomware costs billions, cybercrime leads to real violence, three arrested for hacking tools

Cyber Security Headlines – December 9, 2025

Host: Lauren Verno, CISO Series
Main Theme:
A review of the most urgent cyber threats and notable developments, from monumental ransomware payouts and cybercrime fueling physical violence to evolving spyware, major breaches, and shifting privacy in the EU.

Main Themes and Episode Purpose

Escalating Financial Impact of Ransomware: Billions lost in the past year alone—with certain groups and sectors targeted disproportionately.
Cybercrime’s Real-World Violence: How cyber operations are increasingly facilitating or driving physical attacks.
Arrests and Crackdowns: Law enforcement efforts to address hacking tool possession and malware-fueled financial fraud.
Persistent Vulnerabilities and Regulatory Shifts: Both AI and US/EU data privacy regimes highlight the limits of technological and legal controls.
Malware Evolution: New threats in mobile spyware.
Major Data Breaches: A look at how lapses in basic security hygiene can have nationwide impact.

Key Discussion Points and Insights

1. Ransomware Costs Top $4.5 Billion

Timestamps: [00:16]–[01:15]
Details:
- Payments reported to the US Treasury's FinCEN have surpassed $4.5 billion, with 2023 as the costliest year.
- Akira ransomware: most incidents.
- BlackCat: received the largest single group haul (nearly $400M).
- Hardest hit: Financial services, manufacturing, healthcare.
- "Most ransom demands stayed under $250,000." – Lauren Verno [00:55]
Key Quote:

“Ransomware payments reported to the U.S. treasury's Financial Crimes Enforcement Network have now topped $4.5 billion, with 2023 standing out as the most expensive year on record.” – Lauren Verno [00:22]

2. Cybercrime Networks Orchestrating Physical Violence

Timestamps: [01:15]–[02:07]
Details:
- Europol's Operation Grim: Nearly 200 arrests (including minors) tied to “violence as a service” networks.
- Teens groomed to carry out attacks—includes contract killings and a triple shooting in the Netherlands.
- Some groups, e.g. The .Com, known for sim swapping/extortion, now linked to deadly violence.
Key Quote:

“This is one of those stories where I triple checked my sources.” – Lauren Verno [01:15]
“Violence as a service networks groom teens to commit attacks.” – Lauren Verno [01:22]

3. Arrests for Possession of Hacking Tools

Timestamps: [02:07]–[02:55]
Details:
- Polish police arrested three Ukrainian nationals with gear (Flipper Zero, laptops, SIM cards, etc.).
- Crucial: charges are for “potential misuse,” not actual attacks.
- They face counts of fraud, computer fraud, and possession of tools intended for criminal use.
Key Quote:

“Authorities say the men could not explain why they were carrying the tools…” – Lauren Verno [02:29]

4. Russian Crackdown on Malware Stolen Funds

Timestamps: [02:55]–[03:49]
Details:
- Russian police dismantled a gang that used NFC Gate-based malware for ATM and banking fraud (over $2.6M stolen).
- Technique: tricking users into installing fake bank apps, harvesting card data through NFC, draining accounts.
- Russian security firms say up to $18 million stolen via this method to date.
Key Quote:

“Attackers drain ATMs nationwide without the cardholder present.” – Lauren Verno [03:23]

5. Major US Fintech Breach: Marquee Software

Timestamps: [04:39]–[05:31]
Details:
- Hack of Marquee Software Solutions (fintech provider for 700+ institutions).
- Caused by an unpatched SonicWall firewall vulnerability—PII theft for up to 780,000 customers and impact across 74 banks/CUs.
- Mitigation efforts included late patching and password changes, with implied preventability.
Key Quote:

“There were some comments about how this attack could have been avoided…” – Lauren Verno [04:51]

6. AI Models May Never Be Secure – UK NCSC Warning

Timestamps: [05:31]–[06:14]
Details:
- UK’s National Cybersecurity Centre states that prompt injection (where LLMs can’t reliably distinguish data from code) is a fundamental flaw.
- Even with industry efforts, full protection seems unachievable.
Key Quote:

“Large language models like ChatGPT have a fundamental flaw that could let attackers hijack them…” – Lauren Verno [05:37]

7. New Android Spyware Threat: Clayrat

Timestamps: [06:14]–[06:59]
Details:
- Klayrat spyware evolves: now logs PINs, records screens, blocks deletion, fakes overlays.
- Over 700 malicious APKs distributed via phishing and fake apps.
Key Quote:

“Attackers can gain total control of infected devices.” – Lauren Verno [06:46]

8. Meta Allows More Private Data Use for EU Users

Timestamps: [06:59]–[07:39]
Details:
- In response to EU regulatory fines, Meta will soon let Facebook/Instagram users opt to share less data and get less personalized ads.
- First time users choose explicitly how much data is shared.
Key Quote:

“This is the first time the company has offered users a choice over how much data they share.” – Lauren Verno [07:28]

Notable Quotes & Memorable Moments

Host Verification on Real-World Violence:

“This is one of those stories where I triple checked my sources.” – Lauren Verno [01:15]
On AI Security Hand-waving:

“The UK's National Cybersecurity center warned that large language models like ChatGPT have a fundamental flaw that could let attackers hijack them, known as prompt injection. You all know that the issue arises because LLMs treat all input as instructions, making it impossible to fully separate safe data from commands.” – Lauren Verno [05:31]

Timestamps for Key Segments

| Segment | Timestamp | |--------------------------------------------|--------------| | Ransomware costs report | 00:16–01:15 | | Violence-as-a-service networks busted | 01:15–02:07 | | Hacking tools arrests in Poland | 02:07–02:55 | | Russian malware ATM scam crackdown | 02:55–03:49 | | Major Marquee Software data breach | 04:39–05:31 | | UK's warning on AI prompt injection | 05:31–06:14 | | New Klayrat Android spyware | 06:14–06:59 | | Meta EU privacy compliance | 06:59–07:39 |

Conclusion

This episode highlights the sheer scope and evolution of modern cyber threats:

Ransomware payouts are ballooning and targeting key sectors.
Traditional cybercrime is morphing into very real world violence.
Law enforcement and regulators are scrambling to keep up—from seizing hacking tools to reining in tech behemoths like Meta.
The arms race continues as attackers develop more sophisticated malware and exploit fundamental tech flaws, while defenders admit some vulnerabilities may never be fully solved.

Rich in succinct stories and laced with urgency, Lauren Verno ties together the day’s biggest cybersecurity headlines with clarity and a sense of how quickly the landscape is shifting.

Cyber Security Headlines – December 9, 2025

Main Themes and Episode Purpose

Escalating Financial Impact of Ransomware: Billions lost in the past year alone—with certain groups and sectors targeted disproportionately.
Cybercrime’s Real-World Violence: How cyber operations are increasingly facilitating or driving physical attacks.
Arrests and Crackdowns: Law enforcement efforts to address hacking tool possession and malware-fueled financial fraud.
Persistent Vulnerabilities and Regulatory Shifts: Both AI and US/EU data privacy regimes highlight the limits of technological and legal controls.
Malware Evolution: New threats in mobile spyware.
Major Data Breaches: A look at how lapses in basic security hygiene can have nationwide impact.

Key Discussion Points and Insights

1. Ransomware Costs Top $4.5 Billion

Timestamps: [00:16]–[01:15]
Details:
- Payments reported to the US Treasury's FinCEN have surpassed $4.5 billion, with 2023 as the costliest year.
- Akira ransomware: most incidents.
- BlackCat: received the largest single group haul (nearly $400M).
- Hardest hit: Financial services, manufacturing, healthcare.
- "Most ransom demands stayed under $250,000." – Lauren Verno [00:55]
Key Quote:

“Ransomware payments reported to the U.S. treasury's Financial Crimes Enforcement Network have now topped $4.5 billion, with 2023 standing out as the most expensive year on record.” – Lauren Verno [00:22]

2. Cybercrime Networks Orchestrating Physical Violence

Timestamps: [01:15]–[02:07]
Details:
- Europol's Operation Grim: Nearly 200 arrests (including minors) tied to “violence as a service” networks.
- Teens groomed to carry out attacks—includes contract killings and a triple shooting in the Netherlands.
- Some groups, e.g. The .Com, known for sim swapping/extortion, now linked to deadly violence.
Key Quote:

“This is one of those stories where I triple checked my sources.” – Lauren Verno [01:15]
“Violence as a service networks groom teens to commit attacks.” – Lauren Verno [01:22]

3. Arrests for Possession of Hacking Tools

Timestamps: [02:07]–[02:55]
Details:
- Polish police arrested three Ukrainian nationals with gear (Flipper Zero, laptops, SIM cards, etc.).
- Crucial: charges are for “potential misuse,” not actual attacks.
- They face counts of fraud, computer fraud, and possession of tools intended for criminal use.
Key Quote:

“Authorities say the men could not explain why they were carrying the tools…” – Lauren Verno [02:29]

4. Russian Crackdown on Malware Stolen Funds

Timestamps: [02:55]–[03:49]
Details:
- Russian police dismantled a gang that used NFC Gate-based malware for ATM and banking fraud (over $2.6M stolen).
- Technique: tricking users into installing fake bank apps, harvesting card data through NFC, draining accounts.
- Russian security firms say up to $18 million stolen via this method to date.
Key Quote:

“Attackers drain ATMs nationwide without the cardholder present.” – Lauren Verno [03:23]

5. Major US Fintech Breach: Marquee Software

Timestamps: [04:39]–[05:31]
Details:
- Hack of Marquee Software Solutions (fintech provider for 700+ institutions).
- Caused by an unpatched SonicWall firewall vulnerability—PII theft for up to 780,000 customers and impact across 74 banks/CUs.
- Mitigation efforts included late patching and password changes, with implied preventability.
Key Quote:

“There were some comments about how this attack could have been avoided…” – Lauren Verno [04:51]

6. AI Models May Never Be Secure – UK NCSC Warning

Timestamps: [05:31]–[06:14]
Details:
- UK’s National Cybersecurity Centre states that prompt injection (where LLMs can’t reliably distinguish data from code) is a fundamental flaw.
- Even with industry efforts, full protection seems unachievable.
Key Quote:

“Large language models like ChatGPT have a fundamental flaw that could let attackers hijack them…” – Lauren Verno [05:37]

7. New Android Spyware Threat: Clayrat

Timestamps: [06:14]–[06:59]
Details:
- Klayrat spyware evolves: now logs PINs, records screens, blocks deletion, fakes overlays.
- Over 700 malicious APKs distributed via phishing and fake apps.
Key Quote:

“Attackers can gain total control of infected devices.” – Lauren Verno [06:46]

8. Meta Allows More Private Data Use for EU Users

Timestamps: [06:59]–[07:39]
Details:
- In response to EU regulatory fines, Meta will soon let Facebook/Instagram users opt to share less data and get less personalized ads.
- First time users choose explicitly how much data is shared.
Key Quote:

“This is the first time the company has offered users a choice over how much data they share.” – Lauren Verno [07:28]

Notable Quotes & Memorable Moments

Host Verification on Real-World Violence:

“This is one of those stories where I triple checked my sources.” – Lauren Verno [01:15]
On AI Security Hand-waving:

“The UK's National Cybersecurity center warned that large language models like ChatGPT have a fundamental flaw that could let attackers hijack them, known as prompt injection. You all know that the issue arises because LLMs treat all input as instructions, making it impossible to fully separate safe data from commands.” – Lauren Verno [05:31]

Timestamps for Key Segments

Conclusion

This episode highlights the sheer scope and evolution of modern cyber threats:

Ransomware payouts are ballooning and targeting key sectors.
Traditional cybercrime is morphing into very real world violence.
Law enforcement and regulators are scrambling to keep up—from seizing hacking tools to reining in tech behemoths like Meta.
The arms race continues as attackers develop more sophisticated malware and exploit fundamental tech flaws, while defenders admit some vulnerabilities may never be fully solved.

Rich in succinct stories and laced with urgency, Lauren Verno ties together the day’s biggest cybersecurity headlines with clarity and a sense of how quickly the landscape is shifting.

wavePod

Powered by Wave AI

Summary

Cyber Security Headlines – December 9, 2025

Main Themes and Episode Purpose

Key Discussion Points and Insights

1. Ransomware Costs Top $4.5 Billion

2. Cybercrime Networks Orchestrating Physical Violence

3. Arrests for Possession of Hacking Tools

4. Russian Crackdown on Malware Stolen Funds

5. Major US Fintech Breach: Marquee Software

6. AI Models May Never Be Secure – UK NCSC Warning

7. New Android Spyware Threat: Clayrat

8. Meta Allows More Private Data Use for EU Users

Notable Quotes & Memorable Moments

Timestamps for Key Segments

Conclusion

Summary

Cyber Security Headlines – December 9, 2025

Main Themes and Episode Purpose

Key Discussion Points and Insights

1. Ransomware Costs Top $4.5 Billion

2. Cybercrime Networks Orchestrating Physical Violence

3. Arrests for Possession of Hacking Tools

4. Russian Crackdown on Malware Stolen Funds

5. Major US Fintech Breach: Marquee Software

6. AI Models May Never Be Secure – UK NCSC Warning

7. New Android Spyware Threat: Clayrat

8. Meta Allows More Private Data Use for EU Users

Notable Quotes & Memorable Moments

Timestamps for Key Segments

Conclusion