Cyber Security Headlines – December 24, 2025

Host: Sarah Lane
Episode Theme:
A rapid-fire update on key incidents and trends in cybersecurity, including major corporate acquisitions, newly discovered threats, significant breaches, and law enforcement actions.

Main Topics and Key Insights

1. ServiceNow Acquires Armis for $7.75 Billion

[00:13]

Summary:
- ServiceNow, a leader in digital workflow solutions, is set to acquire cybersecurity firm Armis in a deal valued at $7.75 billion—the largest in ServiceNow's history.
- Armis is renowned for cyber exposure management, specifically protecting IT systems, operational technology, medical devices, and various connected endpoints.
- Around 950 Armis employees will transition to ServiceNow post-acquisition.
Insight:
- This acquisition signals ServiceNow’s intention to expand its security footprint deeper into the realm of connected devices and enterprise operational infrastructure.
Notable Moment:
- “Armis specializes in cyber exposure management and cybersecurity for IT systems, operational technology, medical devices and other connected assets.” (Sarah Lane, 00:18)

2. MacSync Stealer Malware Goes Stealthier

[00:48]

Summary:
- JAMF Threat Labs identified a new variant of the MacSync stealer for macOS.
- The malware now masquerades as an Apple-signed Swift app, utilizing a mostly automatic, low-interaction installation to evade detection.
- Delivered via a disk image pretending to be a chat app, the installer executes a payload directly in memory, minimizing forensic evidence.
- JAMF reported the fraudulent developer certificate to Apple, which has since revoked it.
Notable Moment:
- “Installer silently downloads and executes an encoded second stage payload in memory, then leaves minimal forensic traces.” (Sarah Lane, 01:02)

3. SEC Sues Crypto Firms Over Deepfake-Driven Fraud

[01:25]

Summary:
- The SEC filed lawsuits against seven crypto-related firms accused of defrauding investors through WhatsApp groups.
- The scams used deepfake videos, fictitious professors, and AI-generated trading tips to swindle retail investors out of more than $14 million.
- Victims were lured to fake platforms, blocked from withdrawing funds without paying extra fees, with money funneled to Southeast Asian bank accounts and wallets.
Contextual Insight:
- This suit reflects a growing regulatory crackdown on high-tech, large-scale scam operations in the crypto space.
Quote:
- “The Securities and Exchange Commission sued seven crypto related firms, accusing each of running WhatsApp based investment clubs that used deepfake videos, fake professors and AI generated trading tips to defraud retail investors...” (Sarah Lane, 01:29)

4. Nissan Data Breach Exposes Japanese Customer Info

[02:10]

Summary:
- Nissan reported the breach of a Red Hat-managed GitLab server, leading to the exposure of data for roughly 21,000 customers in Japan.
- Compromised data included names, addresses, phone numbers, and partial emails, but not payment information.
- Red Hat detected the breach in September, alerted Nissan in October. This marks Nissan's third major breach in three years.
Security Consequence:
- Highlights the ongoing challenges automotive firms face in managing third-party and auxiliary cloud tools securely.
Memorable Moment:
- “The incident is Nissan's third major breach in three years.” (Sarah Lane, 02:30)

5. N8N Workflow Platform Vulnerability

[03:02]

Summary:
- A critical flaw was disclosed in the N8N automation platform, allowing authenticated attackers to execute arbitrary code, exposing both data flows and systems.
- Over 100,000 internet-facing instances could be vulnerable; immediate upgrades urged.
Security Threat:
- The issue lies within N8N’s expression evaluation system, underlining the risks associated with workflow and automation tools.
Key Line:
- “With more than 100,000 Internet facing instances potentially vulnerable as of December 22, users are urged to upgrade immediately.” (Sarah Lane, 03:13)

6. Web RAT Distributed via Malicious GitHub Repos

[03:30]

Summary:
- Web RAT malware is being circulated through fake GitHub repos, which pose as proof-of-concept exploits for new vulnerabilities.
- At least 15 repositories used AI-generated vulnerability write-ups to deceive users into installing malware.
- The malware disables Windows Defender, installs a backdoor, and can steal credentials, crypto wallet data, and spy via webcams.
- All discovered repositories have been removed.
Cautionary Takeaway:
- Researchers and hobbyists are cautioned to vet code samples and POCs carefully, as attackers exploit the current trends of rapid exploit sharing.
Notable Moment:
- “Researchers who found at least 15 repositories using AI generated vulnerability descriptions to trick users...” (Sarah Lane, 03:48)

7. DOJ Disrupts Major Bank Account Takeover Operation

[04:05]

Summary:
- The U.S. Justice Department seized web3adspanels[.]org, used to control a bank account takeover operation.
- The operation stole millions from Americans through fraudulent search ads mimicking major banks.
- At least 19 identified victims, with an estimated $14.6 million in confirmed losses (attempted losses at $28 million). The total reported losses linked to such fraud this year: $262 million.
Notable Quote:
- “Bank takeover fraud has generated more than $262 million in reported losses this year.” (Sarah Lane, 04:44)

8. Malicious Chrome Extensions Steal Credentials

[05:02]

Summary:
- Two Chrome extensions, posing as network speed tests and VPN services, secretly intercepted traffic and harvested credentials from over 170 websites for several years.
- They funneled selected traffic through attacker proxies, exfiltrating emails, passwords, payment data, and developer secrets; apparent origin is China.
- The operation maintained persistent command-and-control connections for ongoing data theft.
Security Reminder:
- Even browser extensions can be potent attack vectors, especially when granted broad permissions.

Notable Quotes & Memorable Moments

“ServiceNow agreed to acquire cybersecurity company Armis for $7.75 billion, marking the largest acquisition in ServiceNow's history.” (Sarah Lane, 00:13)
“Installer silently downloads and executes an encoded second stage payload in memory, then leaves minimal forensic traces.” (Sarah Lane, 01:02)
“The incident is Nissan's third major breach in three years.” (Sarah Lane, 02:30)
“Bank takeover fraud has generated more than $262 million in reported losses this year.” (Sarah Lane, 04:44)

Timestamps for Key Segments

ServiceNow/Armis acquisition – 00:13
MacSync Stealer update – 00:48
SEC crypto fraud lawsuits – 01:25
Nissan data breach – 02:10
N8N vulnerability – 03:02
Web RAT via GitHub – 03:30
DOJ bank account takeovers – 04:05
Malicious Chrome extensions – 05:02

Tone & Closing Remarks

The episode maintains a concise, urgent, and matter-of-fact tone, providing security professionals with actionable information. Sarah Lane ends with a shoutout to practitioners working through the holiday, underscoring the non-stop nature of cybersecurity work:

“...here is a quick shout out to all those cybersecurity professionals that are going to be on call and working through the holidays. You're appreciated and we hope Santa is extra kind to you this year.” (Sarah Lane, 05:38)

For more: Check out CISOseries.com

Cyber Security Headlines – December 24, 2025

Main Topics and Key Insights

1. ServiceNow Acquires Armis for $7.75 Billion

[00:13]

Summary:
- ServiceNow, a leader in digital workflow solutions, is set to acquire cybersecurity firm Armis in a deal valued at $7.75 billion—the largest in ServiceNow's history.
- Armis is renowned for cyber exposure management, specifically protecting IT systems, operational technology, medical devices, and various connected endpoints.
- Around 950 Armis employees will transition to ServiceNow post-acquisition.
Insight:
- This acquisition signals ServiceNow’s intention to expand its security footprint deeper into the realm of connected devices and enterprise operational infrastructure.
Notable Moment:
- “Armis specializes in cyber exposure management and cybersecurity for IT systems, operational technology, medical devices and other connected assets.” (Sarah Lane, 00:18)

2. MacSync Stealer Malware Goes Stealthier

[00:48]

Summary:
- JAMF Threat Labs identified a new variant of the MacSync stealer for macOS.
- The malware now masquerades as an Apple-signed Swift app, utilizing a mostly automatic, low-interaction installation to evade detection.
- Delivered via a disk image pretending to be a chat app, the installer executes a payload directly in memory, minimizing forensic evidence.
- JAMF reported the fraudulent developer certificate to Apple, which has since revoked it.
Notable Moment:
- “Installer silently downloads and executes an encoded second stage payload in memory, then leaves minimal forensic traces.” (Sarah Lane, 01:02)

3. SEC Sues Crypto Firms Over Deepfake-Driven Fraud

[01:25]

Summary:
- The SEC filed lawsuits against seven crypto-related firms accused of defrauding investors through WhatsApp groups.
- The scams used deepfake videos, fictitious professors, and AI-generated trading tips to swindle retail investors out of more than $14 million.
- Victims were lured to fake platforms, blocked from withdrawing funds without paying extra fees, with money funneled to Southeast Asian bank accounts and wallets.
Contextual Insight:
- This suit reflects a growing regulatory crackdown on high-tech, large-scale scam operations in the crypto space.
Quote:
- “The Securities and Exchange Commission sued seven crypto related firms, accusing each of running WhatsApp based investment clubs that used deepfake videos, fake professors and AI generated trading tips to defraud retail investors...” (Sarah Lane, 01:29)

4. Nissan Data Breach Exposes Japanese Customer Info

[02:10]

Summary:
- Nissan reported the breach of a Red Hat-managed GitLab server, leading to the exposure of data for roughly 21,000 customers in Japan.
- Compromised data included names, addresses, phone numbers, and partial emails, but not payment information.
- Red Hat detected the breach in September, alerted Nissan in October. This marks Nissan's third major breach in three years.
Security Consequence:
- Highlights the ongoing challenges automotive firms face in managing third-party and auxiliary cloud tools securely.
Memorable Moment:
- “The incident is Nissan's third major breach in three years.” (Sarah Lane, 02:30)

5. N8N Workflow Platform Vulnerability

[03:02]

Summary:
- A critical flaw was disclosed in the N8N automation platform, allowing authenticated attackers to execute arbitrary code, exposing both data flows and systems.
- Over 100,000 internet-facing instances could be vulnerable; immediate upgrades urged.
Security Threat:
- The issue lies within N8N’s expression evaluation system, underlining the risks associated with workflow and automation tools.
Key Line:
- “With more than 100,000 Internet facing instances potentially vulnerable as of December 22, users are urged to upgrade immediately.” (Sarah Lane, 03:13)

6. Web RAT Distributed via Malicious GitHub Repos

[03:30]

Summary:
- Web RAT malware is being circulated through fake GitHub repos, which pose as proof-of-concept exploits for new vulnerabilities.
- At least 15 repositories used AI-generated vulnerability write-ups to deceive users into installing malware.
- The malware disables Windows Defender, installs a backdoor, and can steal credentials, crypto wallet data, and spy via webcams.
- All discovered repositories have been removed.
Cautionary Takeaway:
- Researchers and hobbyists are cautioned to vet code samples and POCs carefully, as attackers exploit the current trends of rapid exploit sharing.
Notable Moment:
- “Researchers who found at least 15 repositories using AI generated vulnerability descriptions to trick users...” (Sarah Lane, 03:48)

7. DOJ Disrupts Major Bank Account Takeover Operation

[04:05]

Summary:
- The U.S. Justice Department seized web3adspanels[.]org, used to control a bank account takeover operation.
- The operation stole millions from Americans through fraudulent search ads mimicking major banks.
- At least 19 identified victims, with an estimated $14.6 million in confirmed losses (attempted losses at $28 million). The total reported losses linked to such fraud this year: $262 million.
Notable Quote:
- “Bank takeover fraud has generated more than $262 million in reported losses this year.” (Sarah Lane, 04:44)

8. Malicious Chrome Extensions Steal Credentials

[05:02]

Summary:
- Two Chrome extensions, posing as network speed tests and VPN services, secretly intercepted traffic and harvested credentials from over 170 websites for several years.
- They funneled selected traffic through attacker proxies, exfiltrating emails, passwords, payment data, and developer secrets; apparent origin is China.
- The operation maintained persistent command-and-control connections for ongoing data theft.
Security Reminder:
- Even browser extensions can be potent attack vectors, especially when granted broad permissions.

Notable Quotes & Memorable Moments

“ServiceNow agreed to acquire cybersecurity company Armis for $7.75 billion, marking the largest acquisition in ServiceNow's history.” (Sarah Lane, 00:13)
“Installer silently downloads and executes an encoded second stage payload in memory, then leaves minimal forensic traces.” (Sarah Lane, 01:02)
“The incident is Nissan's third major breach in three years.” (Sarah Lane, 02:30)
“Bank takeover fraud has generated more than $262 million in reported losses this year.” (Sarah Lane, 04:44)

Timestamps for Key Segments

ServiceNow/Armis acquisition – 00:13
MacSync Stealer update – 00:48
SEC crypto fraud lawsuits – 01:25
Nissan data breach – 02:10
N8N vulnerability – 03:02
Web RAT via GitHub – 03:30
DOJ bank account takeovers – 04:05
Malicious Chrome extensions – 05:02

Tone & Closing Remarks

“...here is a quick shout out to all those cybersecurity professionals that are going to be on call and working through the holidays. You're appreciated and we hope Santa is extra kind to you this year.” (Sarah Lane, 05:38)

For more: Check out CISOseries.com

wavePod

ServiceNow to acquire cybersecurity startup Armis, MacSync Stealer adopts quieter installation, Nissan customer data stolen in Red Hat raid

Powered by Wave AI

Summary

Cyber Security Headlines – December 24, 2025

Main Topics and Key Insights

1. ServiceNow Acquires Armis for $7.75 Billion

2. MacSync Stealer Malware Goes Stealthier

3. SEC Sues Crypto Firms Over Deepfake-Driven Fraud

4. Nissan Data Breach Exposes Japanese Customer Info

5. N8N Workflow Platform Vulnerability

6. Web RAT Distributed via Malicious GitHub Repos

7. DOJ Disrupts Major Bank Account Takeover Operation

8. Malicious Chrome Extensions Steal Credentials

Notable Quotes & Memorable Moments

Timestamps for Key Segments

Tone & Closing Remarks

Summary

Cyber Security Headlines – December 24, 2025

Main Topics and Key Insights

1. ServiceNow Acquires Armis for $7.75 Billion

2. MacSync Stealer Malware Goes Stealthier

3. SEC Sues Crypto Firms Over Deepfake-Driven Fraud

4. Nissan Data Breach Exposes Japanese Customer Info

5. N8N Workflow Platform Vulnerability

6. Web RAT Distributed via Malicious GitHub Repos

7. DOJ Disrupts Major Bank Account Takeover Operation

8. Malicious Chrome Extensions Steal Credentials

Notable Quotes & Memorable Moments

Timestamps for Key Segments

Tone & Closing Remarks