Scams target MENA region, pen testers accused of blackmail, DDoS protection faces fresh challenges

Cyber Security Headlines – Episode Summary

Podcast: Cyber Security Headlines
Host: Sarah Lane
Date: December 25, 2025
Episode Title: Scams Target MENA Region, Pen Testers Accused of Blackmail, DDoS Protection Faces Fresh Challenges

Main Theme & Episode Overview

This episode delivers a roundup of major cybersecurity news for December 25, 2025. The show touches on a wave of fraud scams targeting the MENA region, controversy around responsible vulnerability disclosure, record-breaking crypto thefts, new challenges in DDoS mitigation, fresh U.S. drone regulation, Microsoft’s BitLocker upgrade, security initiatives for small water utilities, and sophisticated APT campaigns.

Key Discussion Points & Insights

1. Coordinated Job Scams in the MENA Region

[00:08 – 01:00]

Fraudulent Remote Job Ads:
- Group IB identifies over 1,500 fake job ads in 2025, mainly in Egypt, Gulf states, and North Africa.
- Scammers exploit demand for remote work using authentic-seeming language, local currencies, and familiar company brands.
- Victims are approached on social media, transitioned to WhatsApp or Telegram, and pressured for personal/financial details.
- Common tactic: requesting deposits for higher-paying work, after which scammers disappear.

Notable Quote:
“Victims are lured in via social media, moved to WhatsApp or Telegram, then asked for personal or financial details, and then often pressured to deposit money for higher paying tasks before scammers disappear.” — Sarah Lane ([00:22])

2. Pen Test Partners Accused of Blackmail During AI Chatbot Disclosure

[01:01 – 01:50]

Incident:
- Pen Test Partners reported multiple vulnerabilities in Eurostar’s public AI chatbot: prompt injection, system prompt leakage, and potential XSS.
- During disclosure, Eurostar’s head of security accused Pen Test Partners of blackmail.
- The chatbot’s guardrails only validated the latest chat message, letting attackers tamper with prior interactions.
- It’s unclear if all vulnerabilities have been fixed.

Notable Quote:
“Pen Test Partners… now say they were accused of blackmail by Eurostar’s head of security during the disclosure process.” — Sarah Lane ([01:15])

3. Record $2.7 Billion Stolen in Crypto Thefts

[01:51 – 02:17]

Data:
- Chainalysis, TRM Labs, and DeFi report hackers stole $2.7 billion in crypto during 2025.
- Biggest heist: $1.4 billion Bybit exchange hack, attributed to North Korean state-supported attackers.
- North Korea estimated to have stolen at least $2 billion in 2025 to fund weapons programs.
- Continues the trend from $2.2B in 2024 and $2B in 2023.

4. Evolving DDoS Attack Landscape

[02:18 – 03:20]

Emerging Trends:
- Automated bot traffic now surpasses 50% of web activity, blurring lines for DDoS defenses.
- Attackers mix malicious and legitimate automation.
- Multi-vector attacks escalate, e.g., 6TB Solana DDoS in December (no downtime).
- Traditional perimeter defenses are less effective.
- Advice: Adopt behavior-based detection, layered protections across network, application, and API layers for both “volumetric and cost exhaustion attacks.”

Notable Quote:
“Attackers blend in with legitimate automation. The shift is driving larger multi-vector attacks… traditional perimeter defenses and rate limiting aren’t sufficient anymore.” — Sarah Lane ([02:36])

5. FCC Bans Foreign-Made Drones and Critical Components

[03:21 – 03:58]

New Ban:
- FCC blocks approval, import, or sale of new foreign-made drones/components due to national security risks (2025 NDAA).
- Focuses on Chinese manufacturers like DJI and Autel.
- Existing/previously approved models unaffected; solely impacts future models.

6. Microsoft’s Hardware Accelerated BitLocker for Windows 11

[03:59 – 04:35]

Product Update:
- Hardware-accelerated BitLocker improves performance, cutting CPU usage by up to 70% per I/O.
- Offloads encryption to system-on-chip on NVMe systems.
- Enhanced security: better key protection from memory/CPU attacks.
- Rolling out with Windows 11 24H2 and 25H2, initially for Intel vPro Ultra Series 3.

7. Cybersecurity Initiative for Small Water Utilities

[04:36 – 05:22]

New Model:
- Defcon Franklin proposes a managed security service model for rural/small U.S. water utilities after volunteer-based efforts proved unscalable.
- Co-founder Jake Braun: new program offers national framework for shared threat monitoring and response, in partnership with National Rural Water Association.
- Over 70% of U.S. water systems fail basic cyber standards.
- Funded in part by Craigslist’s Craig Newmark, hiring cybersecurity expert Tara Wheeler for program design and operation.

8. Evasive Panda APT Poisons DNS for Stealthy Malware Delivery

[05:23 – 06:10]

APT Activity:
- Kaspersky: China-linked Evasive Panda group hijacked DNS requests to deliver MGBot malware in targeted campaigns (late 2022 - 2024).
- Used fake updates, adversary-in-the-middle, staged loaders, and per-victim encryption.
- MGBot injected into legit Windows processes for long-term persistence.
- Targeted victims in Turkey, China, and India; some systems compromised over a year.

Memorable Quotes & Moments

“Victims are lured in via social media, moved to WhatsApp or Telegram, then asked for personal or financial details, and then often pressured to deposit money for higher paying tasks before scammers disappear.” — Sarah Lane ([00:22])
“Pen Test Partners… now say they were accused of blackmail by Eurostar’s head of security during the disclosure process.” — Sarah Lane ([01:15])
“Attackers blend in with legitimate automation. The shift is driving larger multi-vector attacks… traditional perimeter defenses and rate limiting aren’t sufficient anymore.” — Sarah Lane ([02:36])

Noteworthy Timestamps

00:08 — Introduction to scams targeting MENA region
01:01 — Pen Test Partners vs Eurostar disclosure controversy
01:51 — Record-breaking cryptocurrency thefts
02:18 — Automated bots’ impact on DDoS protection
03:21 — FCC’s ban on certain foreign drones/components
03:59 — Microsoft’s BitLocker hardware acceleration
04:36 — Cybersecurity push for small water utilities
05:23 — Evasive Panda’s stealth DNS-poisoning campaign

Conclusion

The episode underscores escalating threats from scams and technical attacks across regions and industries, highlights challenges in vulnerability disclosure, and points to evolving defensive strategies. It also surfaces regulatory responses and innovation efforts in cybersecurity for critical infrastructure.

For deeper info on any headline, visit cisoseries.com.

Cyber Security Headlines – Episode Summary

Main Theme & Episode Overview

Key Discussion Points & Insights

1. Coordinated Job Scams in the MENA Region

[00:08 – 01:00]

Fraudulent Remote Job Ads:
- Group IB identifies over 1,500 fake job ads in 2025, mainly in Egypt, Gulf states, and North Africa.
- Scammers exploit demand for remote work using authentic-seeming language, local currencies, and familiar company brands.
- Victims are approached on social media, transitioned to WhatsApp or Telegram, and pressured for personal/financial details.
- Common tactic: requesting deposits for higher-paying work, after which scammers disappear.

2. Pen Test Partners Accused of Blackmail During AI Chatbot Disclosure

[01:01 – 01:50]

Incident:
- Pen Test Partners reported multiple vulnerabilities in Eurostar’s public AI chatbot: prompt injection, system prompt leakage, and potential XSS.
- During disclosure, Eurostar’s head of security accused Pen Test Partners of blackmail.
- The chatbot’s guardrails only validated the latest chat message, letting attackers tamper with prior interactions.
- It’s unclear if all vulnerabilities have been fixed.

Notable Quote:
“Pen Test Partners… now say they were accused of blackmail by Eurostar’s head of security during the disclosure process.” — Sarah Lane ([01:15])

3. Record $2.7 Billion Stolen in Crypto Thefts

[01:51 – 02:17]

Data:
- Chainalysis, TRM Labs, and DeFi report hackers stole $2.7 billion in crypto during 2025.
- Biggest heist: $1.4 billion Bybit exchange hack, attributed to North Korean state-supported attackers.
- North Korea estimated to have stolen at least $2 billion in 2025 to fund weapons programs.
- Continues the trend from $2.2B in 2024 and $2B in 2023.

4. Evolving DDoS Attack Landscape

[02:18 – 03:20]

Emerging Trends:
- Automated bot traffic now surpasses 50% of web activity, blurring lines for DDoS defenses.
- Attackers mix malicious and legitimate automation.
- Multi-vector attacks escalate, e.g., 6TB Solana DDoS in December (no downtime).
- Traditional perimeter defenses are less effective.
- Advice: Adopt behavior-based detection, layered protections across network, application, and API layers for both “volumetric and cost exhaustion attacks.”

5. FCC Bans Foreign-Made Drones and Critical Components

[03:21 – 03:58]

New Ban:
- FCC blocks approval, import, or sale of new foreign-made drones/components due to national security risks (2025 NDAA).
- Focuses on Chinese manufacturers like DJI and Autel.
- Existing/previously approved models unaffected; solely impacts future models.

6. Microsoft’s Hardware Accelerated BitLocker for Windows 11

[03:59 – 04:35]

Product Update:
- Hardware-accelerated BitLocker improves performance, cutting CPU usage by up to 70% per I/O.
- Offloads encryption to system-on-chip on NVMe systems.
- Enhanced security: better key protection from memory/CPU attacks.
- Rolling out with Windows 11 24H2 and 25H2, initially for Intel vPro Ultra Series 3.

7. Cybersecurity Initiative for Small Water Utilities

[04:36 – 05:22]

New Model:
- Defcon Franklin proposes a managed security service model for rural/small U.S. water utilities after volunteer-based efforts proved unscalable.
- Co-founder Jake Braun: new program offers national framework for shared threat monitoring and response, in partnership with National Rural Water Association.
- Over 70% of U.S. water systems fail basic cyber standards.
- Funded in part by Craigslist’s Craig Newmark, hiring cybersecurity expert Tara Wheeler for program design and operation.

8. Evasive Panda APT Poisons DNS for Stealthy Malware Delivery

[05:23 – 06:10]

APT Activity:
- Kaspersky: China-linked Evasive Panda group hijacked DNS requests to deliver MGBot malware in targeted campaigns (late 2022 - 2024).
- Used fake updates, adversary-in-the-middle, staged loaders, and per-victim encryption.
- MGBot injected into legit Windows processes for long-term persistence.
- Targeted victims in Turkey, China, and India; some systems compromised over a year.

Memorable Quotes & Moments

“Victims are lured in via social media, moved to WhatsApp or Telegram, then asked for personal or financial details, and then often pressured to deposit money for higher paying tasks before scammers disappear.” — Sarah Lane ([00:22])
“Pen Test Partners… now say they were accused of blackmail by Eurostar’s head of security during the disclosure process.” — Sarah Lane ([01:15])
“Attackers blend in with legitimate automation. The shift is driving larger multi-vector attacks… traditional perimeter defenses and rate limiting aren’t sufficient anymore.” — Sarah Lane ([02:36])

Noteworthy Timestamps

00:08 — Introduction to scams targeting MENA region
01:01 — Pen Test Partners vs Eurostar disclosure controversy
01:51 — Record-breaking cryptocurrency thefts
02:18 — Automated bots’ impact on DDoS protection
03:21 — FCC’s ban on certain foreign drones/components
03:59 — Microsoft’s BitLocker hardware acceleration
04:36 — Cybersecurity push for small water utilities
05:23 — Evasive Panda’s stealth DNS-poisoning campaign

Conclusion

For deeper info on any headline, visit cisoseries.com.

wavePod

Get Free Podcast Summaries in Your Inbox

Pick Your Shows

Subscribe Free

Get Instant Summaries

Summary

Cyber Security Headlines – Episode Summary

Main Theme & Episode Overview

Key Discussion Points & Insights

1. Coordinated Job Scams in the MENA Region

2. Pen Test Partners Accused of Blackmail During AI Chatbot Disclosure

3. Record $2.7 Billion Stolen in Crypto Thefts

4. Evolving DDoS Attack Landscape

5. FCC Bans Foreign-Made Drones and Critical Components

6. Microsoft’s Hardware Accelerated BitLocker for Windows 11

7. Cybersecurity Initiative for Small Water Utilities

8. Evasive Panda APT Poisons DNS for Stealthy Malware Delivery

Memorable Quotes & Moments

Noteworthy Timestamps

Conclusion

Summary

Cyber Security Headlines – Episode Summary

Main Theme & Episode Overview

Key Discussion Points & Insights

1. Coordinated Job Scams in the MENA Region

2. Pen Test Partners Accused of Blackmail During AI Chatbot Disclosure

3. Record $2.7 Billion Stolen in Crypto Thefts

4. Evolving DDoS Attack Landscape

5. FCC Bans Foreign-Made Drones and Critical Components

6. Microsoft’s Hardware Accelerated BitLocker for Windows 11

7. Cybersecurity Initiative for Small Water Utilities

8. Evasive Panda APT Poisons DNS for Stealthy Malware Delivery

Memorable Quotes & Moments

Noteworthy Timestamps

Conclusion