Podcast Summary: Cybersecurity Today

Episode: Spiderman and Cybersecurity
Host: Jim Love
Date: December 12, 2025

Episode Overview

This episode of Cybersecurity Today delves into the latest cybersecurity threats affecting businesses, ranging from advanced phishing campaigns targeting financial institutions to newly discovered software vulnerabilities and the emergent risks posed by AI-integrated platforms. Host Jim Love highlights actionable defenses and underscores the evolving tactics of cybercriminals, all with a focus on preparing firms for an increasingly complex security landscape.

Key Discussion Points & Insights

1. The "Spiderman" Phishing Kit: A Sophisticated Threat

[01:00 – 03:20]

• Description:
  A newly discovered phishing kit, dubbed "Spiderman," is targeting customers of major European banks and crypto services using highly convincing replicas of legitimate web portals.

• Notable Targets:

  • Banks: Deutsche Bank, ING, O2, Caixa Bank, Volksbank, Commerzbank
  • Fintech and Crypto: Klarna, PayPal, Ledger, Metamask, Exodus

• Technical Details:

  • Spiderman’s modular design allows attackers to quickly add new banks and authentication methods.
  • The toolkit includes a dashboard for real-time monitoring, the ability to intercept 2FA codes (including Phototan and one-time passcodes), and the capability to export stolen data at the click of a button.
  • A criminal group using this tool on Signal reportedly counts around 750 members.

• Defense Advice:

  • Phishing still necessitates user interaction, typically via malicious links.
  • Credo:
    • Always check the domain before logging in.
    • Be wary of “browser-in-the-browser” login prompts.
    • Treat unexpected 2FA prompts as red flags.

• Memorable Quote:

  “The best defense might be paying attention to that nagging feeling that this might not be the right thing to click on. In other words, the best defense might be Spidey Sense.”
  — Jim Love [03:17]

2. Gogs Zero-Day: Active Exploitation of Self-Hosted Git Servers

[03:21 – 06:27]

• The Vulnerability:

  • A zero-day in Gogs (CVE-2025-8110), a self-hosted Git service, allows authenticated users to execute arbitrary code by bypassing recent security patches related to symbolic links.

• Scope:

  • Approx. 1,400 Gogs servers exposed to the internet, with 700+ showing signs of compromise.
  • The vulnerability is being actively exploited with no official patch available at the time of recording.

• Attack Chain Summary:

  • An attacker creates a repository with a symbolic link pointing outside the repo, then overwrites sensitive files using the API, possibly hijacking the server by changing git config and the SSH command.

• Defense Recommendations:

  • Disable open registration.
  • Restrict server access (VPN or IP allow-list).
  • Monitor for suspicious repositories with random names.
  • Update to the latest guidance from Wiz and Gogs advisories if running version 0.13.3 or earlier.

• Quote from Research:

  “During our analysis of the exploitation attempts, we identified that the threat actor was leveraging a previously unknown flaw to compromise instances.”
  — Wiz Threat Research [04:55]

3. Windows PowerShell Zero-Day: Command Injection Flaw

[06:28 – 08:38]

• Vulnerability:

  • CVE-2025-54100: Improper neutralization of special elements in PowerShell allows local attackers to execute arbitrary code if they trick the user into running a malicious script.
  • CVSS Score: 7.8 (High)
  • The flaw is not network wormable but can enable stealthy code execution.

• Microsoft’s Response:

  • Patch released in December 2025 Patch Tuesday (updates KB 5071546, KB 5071544, KB 5072033, KB 5074204).
  • PowerShell now issues warnings for risky script behaviors.

• Why It Matters:

  • PowerShell underpins automation and admin workflows in Windows environments.
  • Rapid patching is critical, especially for organizations reliant on scripted deployment or incident response.

• Practical Note:

  • "A reboot is required before the fix is fully in place." [08:15]

• Host Advice:

  “It’s easy to overlook a PowerShell bug compared to a browser or a VPN flaw, but PowerShell is deeply embedded in automation and admin workflows... this is one of those updates you really do need to schedule, test and roll out as quickly as you reasonably can.”
  — Jim Love [08:23]

4. Google Gemini “Jack” Vulnerability: Silent AI Prompt Injection

[08:39 – 12:15]

• Nature of the Flaw:

  • Named "Gemini Jack", the vulnerability allowed attackers to embed prompt injection payloads in Google Workspace files (Docs, Calendar, Emails).
  • Gemini Enterprise AI could execute these hidden instructions without user clicks, leading to covert data exfiltration via external URLs.

• Broader AI Security Implications:

  • The flaw stems from how AI agents interpret and act on data embedded in shared collaborative content.
  • Once triggered, Gemini could search across all accessible workspace data and leak sensitive findings.

• Google’s Response:

  • Collaborated with Noma Labs to validate and patch the issue, changing Gemini’s internal retrieval and indexing behavior.
  • No evidence of large-scale exploitation so far.
  • Long-term solution: robust architectural changes as outlined in Google's new security blueprint for AI.

• Takeaways for Admins:

  • Train users to understand AI tool data processing.
  • Make risk-based decisions about AI feature enablement.
  • Review Workspace and Gemini Enterprise security guidance.
  • Deploy sandboxed pilot environments for further testing and user education.

• Host Commentary:

  "Any agentic AI that reads across email, documents and calendars, no matter who supplies it, can turn shared content into an instruction channel if it's not carefully constrained."
  — Jim Love [11:04]

  “This is the point where I'd be looking at sandboxing, creating safe, limited environments where people can experiment with these tools and get some training while we all get a better handle on how autonomous AI is going to behave under real world circumstances.”
  — Jim Love [11:56]

Notable Quotes

• On phishing awareness:

  "The best defense might be Spidey Sense."
  — Jim Love [03:17]

• On Gogs vulnerability impact:

  “We identified that the threat actor was leveraging a previously unknown flaw to compromise instances.”
  — Wiz Threat Research [04:55]

• On PowerShell patch urgency:

  "This is one of those updates you really do need to schedule, test and roll out as quickly as you reasonably can."
  — Jim Love [08:23]

• On AI-enabled security threats:

  "Any agentic AI that reads across email, documents and calendars... can turn shared content into an instruction channel."
  — Jim Love [11:04]

Timestamps for Key Segments

• 01:00 — Introduction to Spiderman phishing kit
• 03:17 — “Spidey Sense” as a key defense
• 03:21 — Gogs zero-day exploit explanation
• 04:55 — Wiz Threat Research on active exploitation
• 06:28 — Overview of Windows PowerShell zero-day
• 08:23 — Host’s call to action for PowerShell patching
• 08:39 — Gemini Jack: Silent AI prompt injection attack
• 11:04 — Commentary on AI systems and risks
• 11:56 — Advice to sandbox AI tooling

Tone & Style

Jim Love maintains an informative, pragmatic, and slightly conversational tone, offering practical advice while emphasizing the urgency and complexity of today’s cybersecurity threats. The episode balances technical explanation with user-focused defensive tips—always with an eye toward actionable security posture improvements.