Cyber Security Headlines – December 23, 2025

Host: Sarah Lane | Podcast: CISO Series
Episode Theme:
A run-through of the day’s top information security news stories, with a focus on a major Spotify data scrape, DDoS attack on French postal services, holiday phishing scams, and developments in global cybercrime.

Main Theme Overview

This episode highlights significant cybersecurity events including the large-scale scraping of Spotify’s music library by data pirates, disruptive DDoS attacks affecting France’s postal and banking services, a surge in holiday-themed phishing attacks, and notable updates about malware campaigns in Uzbekistan, malicious npm packages, international cybercrime arrests, and new identity verification laws in South Korea.

Key Discussion Points and Insights

[00:08] Spotify Music Library Scraped

• Incident: Anna's Archive, a pirate activist collective, scraped Spotify’s entire music database:
  • Stolen Data: 256 million rows of track metadata, 86 million audio files (~300 TB).
  • Stated Purpose: To create a “preservation archive” and “safeguard humanity's musical heritage.”
  • Violations: This act breaches Spotify’s terms and copyright law.
  • Spotify’s Response:
    • Confirmed scraping of public metadata and attempts to bypass DRM for some files.
    • Disabled involved accounts and introduced new safeguards.
    • Stressed that no user account data was compromised.

Quote:
"Anna's Archive describes this as a mission to safeguard humanity's musical heritage, but this violates copyright and Spotify's terms." — Sarah Lane [00:16]

[01:04] CISA’s ASUS Live Update CVE Update

• Clarification: Last week’s CISA advisory about an ASUS Live Update vulnerability actually refers to the Shadow Hammer supply chain attack (2018–2019).
  • The software is end-of-life; fixes issued years ago.
  • No current risk to supported ASUS devices; the listing is retrospective documentation, not about a new threat.

[01:34] DDoS Disrupts France's Postal and Banking Services

• Incident:
  • La Poste (France's national postal service) experienced a significant DDoS (Distributed Denial of Service) attack.
  • Impacts:
    • Disrupted websites and mobile apps.
    • Slowed deliveries, knocked digital services offline.
    • Lebanc Postal's online banking and app affected, but card payments, ATMs, and in-store transactions were unaffected.
    • Some physical post offices worked at reduced capacity.
    • No evidence of customer data compromise.

Quote:
"France's national postal service La Poste says a suspected DDoS attack disposal disrupted its websites and mobile apps, slowing deliveries and knocking some digital services offline." — Sarah Lane [01:36]

[02:04] Fake Delivery Websites Hit Holiday Shoppers

• Trend: Cybercriminals increased fake delivery website campaigns by 86% ahead of the holidays.
  • Common Tactics: Phishing texts/emails purportedly from postal carriers.
  • Impersonated Brands: DHL (#1), spikes in fake USPS sites (+850% month over month).
  • Objective: Exploit shopper urgency about deliveries to steal personal/financial information.
  • Impact:
    • Text message fraud losses for 2024: $470 million (FTC data).

Quote:
"Cybercriminals ramped up fake Delivery websites by 86% in the past month, targeting holiday shoppers with phishing texts and emails posing as postal alerts." — Sarah Lane [02:07]

[02:50] Uzbek Android Users Targeted by SMS Stealers

• Attack:
  • Group-IB analysts found Android malware in Uzbekistan, distributed via Telegram and linked to multiple threat groups.
  • Capabilities:
    • Uses droppers, obfuscation, and social engineering.
    • Steals banking credentials, funds.
    • Persists by hijacking Telegram accounts, spreading further to victim contacts.
  • Note: Campaign seen as a significant leap in attacker sophistication since October.

[03:40] Fake WhatsApp API Package Steals Data

• Threat:
  • Malicious npm package ‘Lotus Bail’ posing as a legit WhatsApp API—downloaded 56,000+ times.
  • What it does:
    • Steals messages, contacts, media, and auth tokens.
    • Silently links attacker’s device to victim’s WhatsApp for persistent access.
    • Mimics the Bailey’s WhatsApp web library, intercepts WebSocket traffic, and even survives package removal unless the victim manually revokes access.

[04:40] Interpol-Led Action Decrypts Ransomware Strains

• Operation Sentinel: International Interpol action:
  • Results:
    • 574 arrests.
    • 6,000+ malicious links taken down.
    • Decryption of six ransomware strains across 19 countries (especially Africa).
    • $3 million recovered (cases tied to $20 million+ in losses).
  • Help From: Private sector (Trend Micro, Shadow Server).
  • Note: Finance and energy cyberattacks are accelerating in Africa.

Quote:
"Interpol says Operation Sentinel led to 574 arrests, the takedown of more than 6,000 malicious links and the decryption of six ransomware strains across 19 countries, mainly in Africa." — Sarah Lane [04:43]

[05:22] South Korea to Require Facial Recognition for Mobile Numbers

• Policy Change:
  • From March 23, facial recognition required when registering new mobile numbers.
  • Goal: Combat identity theft, voice phishing.
  • Scope: Applies to all major carriers and MVNOs.
  • Context:
    • Over 21,000 phishing cases in the year.
    • Recent breach at SK Telecom exposed SIM data for almost 27 million users.
• Broader Implication: Represents a global trend of tightening identity verification in telecom.

Notable Quotes & Memorable Moments

• Spotify scraping motivation:
  "Anna's Archive describes this as a mission to safeguard humanity's musical heritage, but this violates copyright and Spotify's terms." — Sarah Lane [00:16]

• French postal attack impact:
  "La Poste says a suspected DDoS attack ... knocked some digital services offline." — [01:36]

• Concerning text fraud growth:
  "... losses from text message fraud continue to climb, with FTC data showing $470 million lost in 2024." — [02:30]

• On Interpol’s Operation Sentinel:
  "Operation Sentinel led to 574 arrests, the takedown of more than 6,000 malicious links and the decryption of six ransomware strains ..." — [04:43]

Timestamps for Major Segments

• Spotify Data Scraping: [00:08–01:04]
• CISA/ASUS Shadow Hammer Update: [01:04–01:34]
• French Postal DDoS Attack: [01:34–02:04]
• Fake Delivery Websites/Phishing: [02:04–02:50]
• Uzbek Android Malware Campaign: [02:50–03:40]
• Malicious WhatsApp npm Package: [03:40–04:40]
• Interpol’s Ransomware Crackdown: [04:40–05:22]
• South Korea’s Facial Recognition Law: [05:22–06:05]

Summary

This episode delivers fast-paced coverage of global cybersecurity news, marked by escalations in data scrapes, DDoS attacks, and phishing campaigns during the holiday season, along with global law enforcement successes and new legislative responses to cyber threats. Listeners get both headline news and clear implications for digital trust and safety.

For more details or to follow up on any story, visit CISOseries.com.