Transcript
Amy Hogan Burney (0:02)
You're listening to the Cyberwire network, powered by N2K.
Advertisement Voice (0:09)
AI agents are now reading sensitive data, executing actions and making decisions across our environments. But are we managing their access safely? Join Dave Bittner and Barak Shalef from Oasis Security on on Wednesday, December 3rd at 1pm Eastern for a live discussion on agentic access management and how to secure non human identities without slowing. Innovation can't make it live. Register now to get on demand access after the event, visit events.thecyberwire.com that's events with an s.thecyberwire.com to save your spot.
Dave Bittner (1:01)
Ever wished you could rebuild your network from scratch to make it more secure, scalable and simple? Meet Meter, the company reimagining enterprise networking from the ground up. Meter builds full stack zero trust networks including hardware, firmware and software, all designed to work seamlessly together. The result? Fast, reliable and secure connectivity without the constant patching, vendor juggling, or hidden costs. From wired and wireless to routing, switching, firewalls, DNS security and vpn, every layer is integrated and continuously protected in one unified platform. And since it's delivered as one predictable monthly service, you skip the heavy capital costs and endless upgrade cycles. Meter even buys back your old infrastructure to make switching effortless, transform complexity into simplicity, and give your team time to focus on what really matters, helping your business and customers thrive. Learn more and book your demo@meter.com cyberwire that's M E T E R.com cyberwire. European authorities take down an illegal crypto mixer An Australian man is sentenced for running an airport Evil Twin WI Fi campaign Researchers unmask a scattered lapsis hunters impresario CISA flags a cross site scripting flaw in open PLC scanning A major South Korean retailer suffers a data breach affecting over 33 million customers. Threat Actors Abuse digital calendar subscription features New York's new hospital cybersecurity mandates may raise the bar Nationwide scammers target Cyber Monday shoppers We got our Monday business brief. Ann Johnson speaks with Microsoft's Amy Hogan Burney on the afternoon Cyber Tea segment and Google gets caught reheating someone else's holiday recipe.
Ann Johnson (3:15)
Foreign.
Dave Bittner (3:23)
It's Monday, December 1st, 2025. I'm Dave Bittner and this is your Cyberwire intel briefing. Happy Monday and welcome back for our U.S. listeners. I hope you had a lovely Thanksgiving break. It's good to be back. Europol and Eurojust working under Operation Olympia seized three servers in Zurich and took control of the cryptomixer IO domain late last month. The site now displays a warning that data tied to the service has been obtained and users may face investigation. Authorities collected more than 12 terabytes of information that could include logs capable of identifying customers. Europol says cryptomixer operated on both the Clear Web and Dark Web and was widely used by ransomware operators and other criminals to hide the flow of illicit funds. Since 2016, it allegedly mixed more than 1.3 billion euros in Bitcoin. The takedown follows a similar 2023 operation against chip Mixer, which resulted in the seizure of servers, data and millions in cryptocurrency. A 44 year old Australian man received a 7 year prison sentence for running evil twin WI Fi networks to steal travelers data on domestic flights and in airports in Perth, Melbourne and Adelaide. Authorities say he used a WI Fi pineapple device to clone legitimate SSIDs, luring users to a phishing page that captured social media credentials. He then accessed women's accounts to monitor messages and steal private images and videos. Forensic analysis found thousands of intimate files, stolen credentials and fraudulent WI fi pages. After his equipment was seized in April 2024, he attempted to delete evidence and access confidential information from his employer's laptop. He later pleaded guilty to multiple cybercrime theft and evidence destruction charges. Australian authorities urged travelers to treat free WI fi with caution and use VPNs. Scattered lapsus hunters the group linked to Scattered Spider, Lapsus and Shiny hunters has spent 2025 extorting major global companies after stealing data, often through social engineering campaigns that tricked victims into connecting malicious apps to Salesforce environments. The group's public face, calling themselves Ray, surfaced this week after Krebs on Security identified him as a 15 year old from Amman, Jordan. Investigators connected multiple online identities through leaked passwords, infostealer data and posts across Telegram and BRE forums where he was an administrator. SLSH recently launched its own ransomware as a service, Shiny Spider, which he helped release. He told Krebs he has been attempting to leave the group and claims to be cooperating with European law enforcement, although those details remain unverified. The revelation follows SLSH's ongoing recruitment of insiders and continued extortion activity targeting dozens of major corporations. CISA has added a cross site scripting flaw in OpenPLC, SCADA, BR on Windows and Linux to its known exploited vulnerabilities. Catalog Forescout reports that pro Russian group twonet recently exploited the bug in an ICS OT honeypot they mistook for a water plant using default credentials, creating a Barlotti account and defacing the HMI login page. Twonet continues to expand from DDOS into industrial targeting and access services. Federal agencies must patch the flaw by December 19, and experts urge private organizations to follow suit. South Korean retailer Coupang confirmed that personal details from 33.7 million customer accounts were compromised, prompting a formal apology and an emergency government meeting. Officials from the Ministry of Science and ICT warned of strict sanctions if safety measure violations are found. Coupang initially detected unauthorized access to 4,500 accounts in November, later revising the figure sharply upward. Exposed data includes names, contact details, addresses and order histories, though payment information and passwords were not affected. Investigators are examining the possibility of an insider threat, with reports pointing to a former Chinese employee, although police have not confirmed this. The breach follows major incidents at SK Telecom and LotteCard and has renewed concerns about structural weaknesses in South Korea's data protection regime. Researchers from BitSight warn that threat actors are abusing digital calendar subscription features to push harmful content directly onto users devices. Calendar subscriptions let third party servers add events and notifications, and attackers are exploiting expired or hijacked domains to deliver deceptive calendar files containing malicious links, attachments or phishing content. BitSite's sinkhole investigation began with a single suspicious German holiday calendar domain receiving 11,000 daily unique IP connections, then expanded to 347 related domains contacted by roughly 4 million unique IPs per day. Many of these requests appear to be background syncs from long established subscriptions, meaning anyone who takes over an expired domain could silently inject new events. BitSight says this highlights a major blind spot in personal and corporate security, as calendar subscriptions lack the protections applied to email and other communication channels. New York's new hospital cybersecurity mandates will likely influence security expectations well beyond the state, according to Chris Stucker, deputy CISO at FroderTheCare Health. The rules, effective October 1, require multi factor authentication, formal risk analysis, incident response planning and a designated qualified CISO. Stucker says the 72 hour incident reporting rule is straightforward, but the CISO requirement will have nationwide effects given the shortage of experienced leaders. He predicts insurers will soon ask hospitals whether they follow New York's model, pushing others to align. Stucker adds that New York facilities may begin recruiting CISOs from other states affecting the broader workforce. He also highlights emerging safe harbor protections elsewhere and says Frodert fedicare is focused on identity modernization and zero trust products. Cloudsec has uncovered a massive holiday season scam involving more than 2,000 fake online stores designed to steal shoppers money and personal information during peak events like Cyber Monday. The firm identified two major clusters one linking over 750 sites, including 170Amazon impersonators using identical banners and urgency timers and another group of more than 1,000 shop domains. Spoofing brands such as Apple, Samsung, Dell and Ray Ban all load resources from shared infrastructure, revealing a coordinated operation. Victims are funneled to shell checkout pages that harvest payment data, often routed through China based hosts. Cloudsec estimates each fake site could net thousands of dollars before takedown. Researchers warn these scams could significantly erode trust in e commerce and urge shoppers to avoid deals that seem unreal, suspicious domains, aggressive urgency tactics and stores with identical templates. Turning to our Monday business brief, cybersecurity investment and MA activity accelerated this past week across sectors spanning consumer protection, offensive security, product security, identity, AI risk and observability. Israeli consumer security firm Guardio raised $80 million, led by Aon Crossover Partners to expand its detection engine, AI era protection layers and global go to market efforts. Offensive security startup 20 emerged from stealth with $38 million and a Pentagon contract, while product security company Clover secured $36 million to double its workforce. Method Security raised $26 million to scale its autonomous cyber platform for government and critical enterprises, and identity startup opti emerged with $20 million for product expansion. AI procurement platform Coverbase collected $20 million, AI agent security firm Vigil raised 17 million and Run Layer secured $11 million. Ma included Palo Alto Network's $3.35 billion acquisition of Chronosphere to pair observability with autonomous AI remediation, plus deals by Red Squid, Zorient, Amplex and Kicard, which acquired Runebook to expand its AI agent ecosystem. Be sure to check out our Cyberwire business brief over on our website TheCyberWire.com, it's part of Cyberwire. Coming up after the break, Ann Johnson speaks with Microsoft's Amy Hogan Bernie on the afternoon Cyber tea segment and Google gets caught reheating someone else's holiday recipe. Stay with us. What's your 2am Security worry? Is it do I have the right controls in place? Maybe? Are my vendors secure? Or the one that really keeps you up at night? How do I get out from under these old tools and manual processes? That's where Vanta comes in. Vanta automates the manual work so you can stop sweating over spreadsheets, chasing audit evidence and filling out endless questions questionnaires. Their trust management platform continuously monitors your systems, centralizes your data and simplifies your security at scale. And it fits right into your workflows. Using AI to streamline evidence collection flag risks and keep your program audit ready all the time. With Vanta, you get everything you need to move faster, scale confidently, and finally get back to sleep. Get started@vanta.com cyber that's V A N T A dot com cyber. AI is transforming every industry, but it's also creating new risks that traditional frameworks can't keep up with. Assessments today are fragmented, overlapping, and often specific to industries, geographies or regulations. That's why Black kite created the BKGA3AI assessment framework to give cybersecurity and risk teams a unified, evolving standard for measuring AI risk across their own organizations and their vendors. AI use it's global, research driven, built to evolve with the threat landscape, and free to use because Black Kite is committed to strengthening the entire cybersecurity community. Learn more@blackkite.com. On today's excerpt from the afternoon CyberTea podcast, Microsoft's Ann Johnson speaks with Amy Hogan Bernie, Corporate Vice President of Customer Trust and Security at Microsoft. They're discussing how Microsoft is redefining global cyber defense.