Summary4 min read

Podcast Summary: Cyber Security Headlines – December 4, 2025

Host: Lauren Verno
Podcast: CISO Series
Episode Theme:
A rapid-fire roundup of the day’s most urgent and impactful cybersecurity stories, including a record-breaking DDoS attack, critical new vulnerabilities, nationwide ransomware crises, and major security measures in government and the tech sector.

Key Stories & Insights

Record-Breaking DDoS Attack by Azuro

[00:16]

Event: Azuro botnet unleashed a historic 29.7 Tbps DDoS attack, shattering previous records.
Technical Details: Botnet consists of almost 4 million hijacked routers and IoT devices—essentially a “rentable army.”
Impact:
- Cloudflare, the target’s defense, reported nearly half of today’s attacks are “hypervolumetric” (extra-large scale).
- Collateral disruption: “One recent wave even disrupted parts of the US Internet despite not being the intended target.” – Lauren Verno, 00:42

Severe React Server Component Vulnerability

[00:59]

Issue: Maximum severity bug in React server components (affecting React apps using Server Function Endpoints, NextJS App Router, and certain libraries like Veit, Parcel, Redwood.js).
Impact: Allows attackers to execute arbitrary code on servers without authentication.
Scale: “Researchers warn nearly 40% of cloud environments may be exposed.” – Lauren Verno, 01:23

RansomHouse Attack Cripples Major Japanese Retailer

[01:36]

Incident: Six weeks offline for A-School (Think “Japanese Staples meets Amazon”) after a ransomware attack.
Repercussions:
- Companies resorted to ordering office supplies by fax.
- Limited online operations are just beginning to return.
- Data exposures confirmed for customer and supplier info, affecting brands like Muji.
Broader impact: “It’s the latest in a wave of major ransomware hits on Japanese companies, including Asahi, which is still recovering months later.” – Lauren Verno, 02:23

UK Proposes Ransomware Payment Ban

[02:26]

Policy: UK government proposes barring ransomware payments in the public sector and critical national infrastructure (CNI), except for rare national security exemptions.
Enforcement: All other organizations required to notify authorities if they intend to pay a ransom.
Rationale:
- Quoting Security Minister Dan Jarvis: “The current system [is] quote not sustainable…” – Lauren Verno, 02:52
- Efforts are underway to consult with US, Five Eyes, and G7 partners for a united approach.

Ongoing Ransomware Campaigns on Higher Ed: University of Phoenix Breached

[04:05]

Breach: University of Phoenix joins Harvard and UPenn as victims in Klopp ransomware campaign, exploiting a zero-day in Oracle E-Business Suite (August 2025).
Impact:
- Theft of sensitive personal and financial info from students, staff, and suppliers.
- “Phoenix detected the breach after being added to Klopp’s data leak site and is currently notifying affected individuals.” – Lauren Verno, 04:39

Enhanced Scam Protection on Android Calls

[04:45]

Development: Google expands its in-call scam protection to major US banking and fintech apps (e.g., Cash App, JPMorgan Chase).
How it works:
- Warns users when suspicious calls request screen sharing or banking info.
- 30-second alert; can only be dismissed by ending the call.
- “Originally piloted in the UK, the system now aims to protect Android 11+ users in the US from social engineering attacks…” – Lauren Verno, 05:10

Critical WordPress Plugin Vulnerability Exploited

[05:29]

Flaw: 'King Add-Ins for Elementor' plugin; affects versions 24.9.2 – 51.1.14.
Exploitation:
- Attackers can escalate privileges to admin.
- Over 48,000 exploit attempts recorded.
- “Since the disclosure, over 48,000 exploit attempts have been observed…” – Lauren Verno, 05:48
Fix: Patched in 51.1.35 (September 25th).

Microsoft Silently Mitigates Windows LNK Zero-Day

[06:16]

Vulnerability: Allows malware like Ghost, RAT, and Trickbot to be delivered via malicious Windows shortcuts.
Response:
- Microsoft’s November update now exposes the ‘target field’ in shortcut properties.
- However, “Windows doesn’t warn users when they click a dangerous shortcut, so it’s not quite a full fix.” – Lauren Verno, 06:53

Notable Quotes

On DDoS disruption reaching beyond target:
- “One recent wave even disrupted parts of the US Internet despite not being the intended target.” (00:42)
On React vulnerability impact:
- “Researchers warn nearly 40% of cloud environments may be exposed.” (01:23)
On Japan’s ongoing ransomware crisis:
- “It’s the latest in a wave of major ransomware hits on Japanese companies, including Asahi, which is still recovering months later.” (02:23)
On UK’s ransomware stance (Security Minister Dan Jarvis):
- “The current system [is] quote not sustainable…” (02:52)
On Android scam protection:
- “Originally piloted in the UK, the system now aims to protect Android 11+ users in the US from social engineering attacks that exploit urgency and panic to steal money or sensitive information.” (05:10)
On Microsoft shortcut vulnerability fix:
- “Windows doesn’t warn users when they click a dangerous shortcut, so it’s not quite a full fix.” (06:53)

Timestamps for Key Stories

DDoS leads & impact: 00:16–00:59
React server vulnerability: 00:59–01:36
Japanese ransomware crisis: 01:36–02:26
UK ransomware payment ban: 02:26–03:14
University of Phoenix breach: 04:05–04:45
Android scam protections: 04:45–05:29
WordPress plugin exploit: 05:29–06:16
Windows LNK zero-day: 06:16–06:59

Overall Tone

Lauren Verno delivers the news briskly and with urgency, reflecting the constant escalation, seriousness, and complexity of the cybersecurity landscape. News is delivered straightforwardly, focusing on tangible implications for organizations, users, and infrastructure.

For Further Details

Visit CISOseries.com for breakdowns of these stories and daily headlines.

Loading summary

Transcript16 lines

[00:00]
A
From the CISO series, it's Cybersecurity Headlines.
[00:07]
These are the cybersecurity headlines for Thursday, December 4, 2025. I'm Lauren Verno.
[00:16]
Record breaking DDoS attack Azuro just broke the DDoS record again, firing off a massive 29.7 terabyte per second attack that Cloudflare had to absorb. This botnet is basically a rentable army of up to 4 million hacked routers and IoT devices, and it's been hammering targets all year. Cloudflare says nearly half of those attacks are now hypervolumetric, and one recent wave even disrupted parts of the US Internet despite not being the intended target.
[00:59]
React bug puts servers at risk A maximum severity vulnerability in React server components could let attackers run arbitrary code on servers without authentication. The flaw affects apps using React server function endpoints and even Next JS with app router as well as libraries bundling RSC like Veit parcel and redwood. JS researchers warn nearly 40% of cloud environments may be exposed.
[01:37]
Ransom House attack cripples retailer Japan's A school is finally getting back online six weeks after a ransomware attack forced companies to to order supplies by fax, the Japanese retailer Think Staples meets Amazon for office goods, has reopened limited online sales for corporate customers and says it'll gradually restore its full catalog. The ransom house attack exposed customer and supplier data and disrupted supply chains for brands like Muji, which later confirmed its own customer data was affected. It's the latest in a wave of major ransomware hits on Japanese companies, including Asahi, which is still recovering months later.
[02:26]
Ransomware payment Denied Unless.
[02:30]
The UK Government is moving forward with a proposed ban on ransomware payments for public sector and critical national infrastructure organizations with national security exemptions to avoid life or death dilemmas. That's from Security Minister Dan Jarvis. The legislation would also require other businesses to notify authorities if they plan to pay a ransom. Jarvis called the current system quote not sustainable and is consulting across government, CNI organizations and allies in the five eyes and G7 to ensure the ban is effective and and workable.
[03:15]
Huge thanks to today's episode sponsor Vanta. This message comes from vanta. What's your 2am Security worry? Is it do I have the right controls in place or are my vendors secure? Enter Vanta Vanta automates manual work so you can stop sweating over spreadsheets, chasing audit evidence and filling out endless questionnaires. Their trust management platform continuously monitors your systems, centralizes your data and simplifies your security at scale. Get started@vanta.com CISO that's V A N T A.com CISO foreign.
[04:05]
It'S not just the Ivies University of Phoenix Hit by Klopp the University of Phoenix has joined the elite ranks of Harvard and UPenn, all targeted in Klopp's ongoing ransomware campaign. Attackers exploited a zero day in Oracle's E business suite in August of 2025, just a few months back, stealing sensitive personal and financial data from students, staff and suppliers. Phoenix detected the breach after being added to Klopp's data leak site and is currently notifying affected individuals.
[04:45]
Android expands In Call Scam Protection Google is expanding its In Call scam protection on Android to cover popular US banking and fintech apps including Cash App and JPMorgan Chase. The feature warns users when an unknown caller tries to manipulate them into sharing their screen or banking info, showing a 30 second alert that can only be dismissed by ending the call. Originally piloted in the UK, the system now aims to protect Android 11 + users in the US from social engineering attacks that exploit urgency and panic to steal money or sensitive information.
[05:30]
Another critical WordPress plugin vulnerability.
[05:35]
A serious flaw in the King add ins for Elementor plugin, is being actively exploited, allowing attackers to grant themselves admin privileges on vulnerable sites. The bug affects versions 24.fet 9.2through51.1.14. Don't worry, I have this all in the show notes and was patched in version 51.1.35 on September 25th. Since the disclosure, over 48,000 exploit attempts have been observed with attackers using the vulnerability to potentially take full control of affected websites.
[06:16]
Microsoft Silently mitigates Zero Day.
[06:21]
Microsoft has quietly addressed a high severity Windows LNK vulnerability. Both state backed hackers and cybercriminal groups are using this flaw to sneak in malware like Ghost, Rat and trickbot. In its November updates, Microsoft quietly made a change. Now when you check a shortcut's properties, you can see the full target field where the hidden command is. Though even with Microsoft's update, the hidden malicious command still exists and Windows doesn't warn users when they click a dangerous shortcut, so it's not quite a full fix.
[06:59]
Remember to subscribe to the CISO Series YouTube channel. We've been posting new shorts every weekday. If you enjoy the daily headlines, make make sure to subscribe to get a little bonus video every day. We're almost at 10,000 subscribers, so we'd love it if you can help us hit that milestone before the end of the year. And if you have some thoughts on the news from today or about the show in general. Be sure to reach out to us@feedbackisoseries.com we'd love to hear from you. I'm Lauren Verno reporting for the CISO series.
[07:38]
Cybersecurity headlines are available every weekday. Head to CISoseries.com for the full stories behind the headlines.