Cyber Security Headlines – December 10, 2025

Host: Sarah Lane
Podcast: CISO Series – Cyber Security Headlines
Episode Date: December 10, 2025

Episode Overview

This episode delivers concise updates on the most pressing stories in the infosec world, including a major arrest in Spain over stolen records, a shift away from Telegram by cybercriminals, AI search results compromised by scammers, growing ransomware-as-a-service threats, and emergent cybersecurity concerns regarding humanoid robots, among others. The discussion highlights evolving attack techniques and the complexities facing security professionals as technology and threat landscapes rapidly change.

Key Discussion Points and Insights

1. Spain Arrests Teen for Record Data Theft (00:08)

Incident: Spanish authorities arrested a 19-year-old in Barcelona for stealing 64 million personal records from nine companies. The data included names, addresses, emails, phone numbers, DNI numbers, and IBANs.
Details:
- The stolen data was offered for sale online using hacker forums, multiple accounts, and pseudonyms.
- Law enforcement confiscated computers and cryptocurrency wallets tied to the scheme.
Related Story: Ukrainian cyber police also arrested a 22-year-old selling access to hacked social media accounts via custom malware and a bot farm (5,000 accounts). The suspect faces up to 15 years in prison.

“The teen used multiple accounts and pseudonyms on hacker forums, computers and cryptocurrency wallets linked to the sales were confiscated.”
— Sarah Lane (00:17)

2. Cybercrime Moving Away From Telegram (01:05)

Analysis: Kaspersky found a decline in cybercrime activity on Telegram as law enforcement shut down more illicit channels.
Trends:
- Median channel lifespan has increased, but blocking surged from late 2024.
- Telegram’s “lack of default end-to-end encryption, centralized infrastructure, and closed server code make it less attractive to experienced operators.”
Implication: Cybercriminals are seeking alternative, more secure platforms.

“The underground is steadily moving away from the platform due to rising shutdowns.”
— Sarah Lane (01:10)

3. Scammers Poison AI Search Results (01:40)

Issue: Attackers are manipulating websites that AI models use for generating answers, causing AI platforms like Google’s AI Overview and Perplexity’s comment to suggest fraudulent customer support numbers.
Tactics:
- Spammers plant SEO-optimized bait on compromised government, university sites, blogs, YouTube descriptions, and Yelp reviews.
Impact: AI-generated responses appear legitimate but provide users with scam contact numbers.
Proof: Researchers found phony support numbers for Emirates and British Airways in both Google and Perplexity results.

“LLMs then scrape and merge this poison content into answers that look legitimate.”
— Sarah Lane (01:56)

4. React to Shell Attacks Tied to North Korea (02:22)

Discovery: Sysdig researchers identified a new wave of React to Shell attacks that mirror North Korean hacking campaigns.
Mechanism:
- Compromised apps drop Ether Rat (a remote access trojan using Ethereum smart contracts for command-and-control).
- Five mechanisms for persistence are employed.
Significance: Represents a shift from opportunistic cryptocurrency mining to stealthy, blockchain-based long-term access.
Attribution: Likely North Korean operators or shared tactics among state groups.

“Sysdig says Ether Rat reflects a shift from opportunistic crypto mining to stealthy long term access with blockchain based C2 and resilient persistence.”
— Sarah Lane (02:59)

5. Rise of Humanoid Robot Cybersecurity Risks (03:59)

Warning: As AI-powered humanoid robots move toward mainstream adoption, experts warn of new “physical botnet” threats.
Forecast: Billions of robots could be in use by 2060.
Security Flaws: Vulnerabilities in connectivity, AI learning, and embedded sensors could allow for attacks, espionage, or hijacking.
Proof-of-Concept: Bluetooth flaws in Unitree robots demonstrated the feasibility of wormable malware in robots.

“A recent proof of concept exploited Unitree robots’ Bluetooth interface allowing wormable malware.”
— Sarah Lane (04:22)

6. Critical Flaws in Fortinet Products (05:10)

Update: Fortinet patched major vulnerabilities in its FortiOS, FortiWeb, FortiProxy, and FortiSwitch Manager products.
Vulnerability: Attackers could bypass FortiCloud SSO authentication by exploiting weak cryptographic verification of SAML messages.
Advice: Admins should disable SSO until updates are applied.
Other Fixes: Also addressed password change and authentication bypass issues.

“Admins should disable it if it’s active until updating.”
— Sarah Lane (05:23)

7. Khashoggi Case: Widow Files Pegasus Complaint (05:39)

Legal Action: Hanan Alader Khashoggi (widow of Jamal Khashoggi) files a complaint in France, claiming Saudi Arabia infected her devices with Pegasus spyware before his 2018 murder.
Evidence: Citizen Lab analysis found both of her phones were compromised, likely during questioning in the UAE.
Outcome: A French judge will decide if there’s grounds to investigate. Her prior lawsuit in the U.S. was dismissed in 2023.

8. Castle Loader Malware as a Service Expands (06:10)

Threat: Recorded Future’s Insect Group highlights four distinct threat clusters utilizing the Castle Loader malware service, underlining Gray Bravo’s expansion.
Techniques: Includes use of CastleRat and CastleBot to deliver multiple payloads (Deer Stealer, Redline Stealer, NetSupport RATs).
Tactics: Phishing, malicious software updates, malvertising, and “click fix” campaigns, targeting logistics and travel sectors.

“Operations leverage multi-tiered infrastructure including tier 1 C2 servers and VPs backups.”
— Sarah Lane (06:39)

Notable Quotes and Moments

“The attack surface is trust itself.”
— Sponsor ad for Adaptive Security (03:30)
“Experts predict a new sector for humanoid robot cybersecurity will emerge.”
— Sarah Lane (04:37)

Important Timestamps

Spain Arrest & Ukrainian Cybercrime Arrests: 00:08–01:05
Goodbye Dark Telegram: 01:05–01:40
Scammers Poison AI Search Results: 01:40–02:22
React to Shell Tied to North Korea: 02:22–03:18
Humanoid Robots Go Mainstream (Cyber Risks): 03:59–05:10
Fortinet Bypass Flaws: 05:10–05:39
Khashoggi Widow’s Pegasus Complaint: 05:39–06:10
Castle Loader as Gray Bravo Campaign: 06:10–07:08

Episode Tone

Sarah Lane delivers crisp, factual updates with urgency and clarity, emphasizing both the evolving nature of cyber threats and the expanding complexity of safeguarding data, devices, and people.

For more details or to dive into individual stories, visit CISOseries.com.

Cyber Security Headlines – December 10, 2025

Host: Sarah Lane
Podcast: CISO Series – Cyber Security Headlines
Episode Date: December 10, 2025

Episode Overview

Key Discussion Points and Insights

1. Spain Arrests Teen for Record Data Theft (00:08)

Incident: Spanish authorities arrested a 19-year-old in Barcelona for stealing 64 million personal records from nine companies. The data included names, addresses, emails, phone numbers, DNI numbers, and IBANs.
Details:
- The stolen data was offered for sale online using hacker forums, multiple accounts, and pseudonyms.
- Law enforcement confiscated computers and cryptocurrency wallets tied to the scheme.
Related Story: Ukrainian cyber police also arrested a 22-year-old selling access to hacked social media accounts via custom malware and a bot farm (5,000 accounts). The suspect faces up to 15 years in prison.

“The teen used multiple accounts and pseudonyms on hacker forums, computers and cryptocurrency wallets linked to the sales were confiscated.”
— Sarah Lane (00:17)

2. Cybercrime Moving Away From Telegram (01:05)

Analysis: Kaspersky found a decline in cybercrime activity on Telegram as law enforcement shut down more illicit channels.
Trends:
- Median channel lifespan has increased, but blocking surged from late 2024.
- Telegram’s “lack of default end-to-end encryption, centralized infrastructure, and closed server code make it less attractive to experienced operators.”
Implication: Cybercriminals are seeking alternative, more secure platforms.

“The underground is steadily moving away from the platform due to rising shutdowns.”
— Sarah Lane (01:10)

3. Scammers Poison AI Search Results (01:40)

Issue: Attackers are manipulating websites that AI models use for generating answers, causing AI platforms like Google’s AI Overview and Perplexity’s comment to suggest fraudulent customer support numbers.
Tactics:
- Spammers plant SEO-optimized bait on compromised government, university sites, blogs, YouTube descriptions, and Yelp reviews.
Impact: AI-generated responses appear legitimate but provide users with scam contact numbers.
Proof: Researchers found phony support numbers for Emirates and British Airways in both Google and Perplexity results.

“LLMs then scrape and merge this poison content into answers that look legitimate.”
— Sarah Lane (01:56)

4. React to Shell Attacks Tied to North Korea (02:22)

Discovery: Sysdig researchers identified a new wave of React to Shell attacks that mirror North Korean hacking campaigns.
Mechanism:
- Compromised apps drop Ether Rat (a remote access trojan using Ethereum smart contracts for command-and-control).
- Five mechanisms for persistence are employed.
Significance: Represents a shift from opportunistic cryptocurrency mining to stealthy, blockchain-based long-term access.
Attribution: Likely North Korean operators or shared tactics among state groups.

“Sysdig says Ether Rat reflects a shift from opportunistic crypto mining to stealthy long term access with blockchain based C2 and resilient persistence.”
— Sarah Lane (02:59)

5. Rise of Humanoid Robot Cybersecurity Risks (03:59)

Warning: As AI-powered humanoid robots move toward mainstream adoption, experts warn of new “physical botnet” threats.
Forecast: Billions of robots could be in use by 2060.
Security Flaws: Vulnerabilities in connectivity, AI learning, and embedded sensors could allow for attacks, espionage, or hijacking.
Proof-of-Concept: Bluetooth flaws in Unitree robots demonstrated the feasibility of wormable malware in robots.

“A recent proof of concept exploited Unitree robots’ Bluetooth interface allowing wormable malware.”
— Sarah Lane (04:22)

6. Critical Flaws in Fortinet Products (05:10)

Update: Fortinet patched major vulnerabilities in its FortiOS, FortiWeb, FortiProxy, and FortiSwitch Manager products.
Vulnerability: Attackers could bypass FortiCloud SSO authentication by exploiting weak cryptographic verification of SAML messages.
Advice: Admins should disable SSO until updates are applied.
Other Fixes: Also addressed password change and authentication bypass issues.

“Admins should disable it if it’s active until updating.”
— Sarah Lane (05:23)

7. Khashoggi Case: Widow Files Pegasus Complaint (05:39)

Legal Action: Hanan Alader Khashoggi (widow of Jamal Khashoggi) files a complaint in France, claiming Saudi Arabia infected her devices with Pegasus spyware before his 2018 murder.
Evidence: Citizen Lab analysis found both of her phones were compromised, likely during questioning in the UAE.
Outcome: A French judge will decide if there’s grounds to investigate. Her prior lawsuit in the U.S. was dismissed in 2023.

8. Castle Loader Malware as a Service Expands (06:10)

Threat: Recorded Future’s Insect Group highlights four distinct threat clusters utilizing the Castle Loader malware service, underlining Gray Bravo’s expansion.
Techniques: Includes use of CastleRat and CastleBot to deliver multiple payloads (Deer Stealer, Redline Stealer, NetSupport RATs).
Tactics: Phishing, malicious software updates, malvertising, and “click fix” campaigns, targeting logistics and travel sectors.

“Operations leverage multi-tiered infrastructure including tier 1 C2 servers and VPs backups.”
— Sarah Lane (06:39)

Notable Quotes and Moments

“The attack surface is trust itself.”
— Sponsor ad for Adaptive Security (03:30)
“Experts predict a new sector for humanoid robot cybersecurity will emerge.”
— Sarah Lane (04:37)

Important Timestamps

Spain Arrest & Ukrainian Cybercrime Arrests: 00:08–01:05
Goodbye Dark Telegram: 01:05–01:40
Scammers Poison AI Search Results: 01:40–02:22
React to Shell Tied to North Korea: 02:22–03:18
Humanoid Robots Go Mainstream (Cyber Risks): 03:59–05:10
Fortinet Bypass Flaws: 05:10–05:39
Khashoggi Widow’s Pegasus Complaint: 05:39–06:10
Castle Loader as Gray Bravo Campaign: 06:10–07:08

Episode Tone

Sarah Lane delivers crisp, factual updates with urgency and clarity, emphasizing both the evolving nature of cyber threats and the expanding complexity of safeguarding data, devices, and people.

For more details or to dive into individual stories, visit CISOseries.com.

wavePod

Spain arrest over data records, goodbye dark Telegram, scammers poison AI search results

Powered by Wave AI

Summary

Cyber Security Headlines – December 10, 2025

Episode Overview

Key Discussion Points and Insights

1. Spain Arrests Teen for Record Data Theft (00:08)

2. Cybercrime Moving Away From Telegram (01:05)

3. Scammers Poison AI Search Results (01:40)

4. React to Shell Attacks Tied to North Korea (02:22)

5. Rise of Humanoid Robot Cybersecurity Risks (03:59)

6. Critical Flaws in Fortinet Products (05:10)

7. Khashoggi Case: Widow Files Pegasus Complaint (05:39)

8. Castle Loader Malware as a Service Expands (06:10)

Notable Quotes and Moments

Important Timestamps

Episode Tone

Summary

Cyber Security Headlines – December 10, 2025

Episode Overview

Key Discussion Points and Insights

1. Spain Arrests Teen for Record Data Theft (00:08)

2. Cybercrime Moving Away From Telegram (01:05)

3. Scammers Poison AI Search Results (01:40)

4. React to Shell Attacks Tied to North Korea (02:22)

5. Rise of Humanoid Robot Cybersecurity Risks (03:59)

6. Critical Flaws in Fortinet Products (05:10)

7. Khashoggi Case: Widow Files Pegasus Complaint (05:39)

8. Castle Loader Malware as a Service Expands (06:10)

Notable Quotes and Moments

Important Timestamps

Episode Tone