CyberWire Daily – “From small charges to big busts”

Date: November 5, 2025
Host: Dave Bittner, N2K Networks

Episode Overview

This edition of CyberWire Daily delivers high-impact cybersecurity news, including a major international fraud takedown (Operation Chargeback), an exposé on adtech surveillance risks targeting EU officials, significant breaches and incidents affecting global companies and local governments, and a special interview segment on the “Afternoon Cyber Tea” podcast about the complexities of cybersecurity communication. The episode balances technical detail with strategic insight, capturing both the scope of current cyber threats and the importance of human factors in defending against them.

Key News Segments

Operation Chargeback: Dismantling Fraud Networks

[00:30 – 02:30]

Summary: An international law enforcement partnership, coordinated by prosecutors in Koblenz, Germany and supported by Europol and Eurojust, took down three major fraud and money-laundering networks. The suspects stole credit card data from over 4.3 million people worldwide, using the data to create fake online subscriptions—mostly for adult and streaming sites—and charging victims small, recurring amounts to avoid detection.
- This scheme operated from 2016–2021 and funneled transactions through German payment providers with the help of complicit executives and UK/Cyprus shell companies.
- Losses are estimated at more than €300 million, with over €35 million already seized.
- Europol called the operation “a model of international cooperation and a warning to cybercriminals hiding behind digital borders.”

Adtech Surveillance & EU Security Risks

[02:31 – 04:00]

Summary: An investigation by Germany's Netzpolitik (the "Data Broker Files") reveals how location data from mobile adtech can unmask where EU and NATO officials live, work, and travel—even inside sensitive buildings.
- Researchers analyzed two datasets containing 278 million Belgian location records, linking ad IDs to individuals and tracking movement patterns in and out of EU and NATO institutions.
- Lawmakers are calling for stricter limits or even bans on tracking and large-scale profiling.
Insight: “Advertising based intelligence or ad int turns routine app data into operational targeting, outpacing GDPR's consent model and inconsistent enforcement. The result is a security and privacy gap at the heart of Europe’s institutions.” [03:41]

Major Cyberattacks & Business Impacts

[04:01 – 07:00]

Marks and Spencer (M&S): Suffered a 99% plunge in pre-tax profit (from £392M to £3.4M) in H1 2025 due to a cyber attack that crippled online orders and disrupted store operations.
- Insurance payouts so far have matched direct costs (~£100M); the full impact estimated at £300M.
- Despite setbacks, analysts call M&S's operational performance “outstanding given the extended outage.”
Google Android Patch: November update fixes a critical flaw (affecting Android 13-16) that allows remote code execution without user interaction.

International Crime & “Pig Butchering” Scams

[07:01 – 08:30]

Chen Xi Investigation: Authorities across Taiwan, Hong Kong, Singapore, and the UK have seized hundreds of millions from Chen Xi, accused of running global scams via Prince Holding Group.
- US prosecutors tie him to wire fraud, money laundering, and a $14B crypto seizure.
- Scams generated ~$30M/day, exploiting global victims through “pig butchering” (social engineering investment fraud).

Local Government & Infrastructure Attacks

[08:31 – 10:00]

Middleton, Ohio: Ongoing fallout from an August attack. Residents are paying estimated water bills due to system failures; background checks and city email were also affected. Suspected ransomware; city improving defenses. New state law prohibits ransom payments without council approval.
Houston Firefighters Data Breach: Over 7,500 Social Security numbers exposed due to a misdirected internal email. Firefighters’ union disputes claims of wrongdoing, blaming city IT procedures instead.
- “The city failed to secure its own data.” – Patrick Langton, Firefighters’ Union President [09:40]

High-Profile Corporate Breaches

[10:01 – 11:00]

Nikkei Data Breach: Japanese media giant Nikkei (owner of the Financial Times) suffered a breach of 17,000 employee/partner records via compromised Slack credentials exposed by a malware infection.
Google–Wiz Merger: The $32B merger cleared by US Department of Justice after antitrust review. Still under regulatory review elsewhere.

Special Segments

[Interview] How Cybercrime Became Accessible to Everyone

Guest: Trevor Hilligoss, SpyCloud
[11:01 – 12:00]

Main Point: The cybercrime ecosystem has evolved to provide sophisticated, turnkey “enablement services” to low-skilled criminals.
- “You basically need a phone and a bitcoin wallet.” – Trevor Hilligoss [11:41]
Implication: The barrier to launching large-scale, damaging attacks is lower than ever.

[Afternoon Cyber Tea] The Art (and Challenge) of Cybersecurity Communication

Guests: Ann Johnson (Microsoft) & Frank Shaw (Microsoft Chief Communications Officer)
[13:51 – 19:43]

Importance of Clear, Transparent Communication

"Cybersecurity is not just a technical conversation. It's about how people understand risk and ultimately how trust is built. And communication is the key to that bridge." — Ann Johnson [14:02]
Frank Shaw emphasizes the challenge: "They're inherently complicated topics... We give people the information they need to take action without scaring them into taking the wrong actions." [14:17]

Crisis Response & AI’s Role

Shaw on AI: "Effective use of AI allows us to move more rapidly in moments of crisis because we have better access to information and... insights." [15:39]
Johnson: "Perception can become reality very quickly. A breach doesn't just unfold in technical terms, it trends." [15:52]
Fragmentation of influence online makes it crucial to target and understand core audiences [16:02].

Internal Security Culture & Behavioral Change

“We’ve established security as a high order priority. One of the ways I know it’s successful is because people complain about it…that friction is a good sign that we're landing our messages.” — Frank Shaw [16:28]

Notable Campaigns & Lessons Learned

Shaw reflects: "Some of the best [campaigns] are where we get permission to look back at a big problem, a challenge, and then take a reporter through what happened there. This is the transparent part as well." [17:39]
Success depends on tailoring communications to local cultures and sensibilities [17:50].

Optimism and Collaboration

“I consider myself a cyber optimist because...we've blocked thousands of events. There's always something to look forward to.” — Ann Johnson [18:38]
Shaw’s optimism comes from “incredibly smart people... doing amazing work to stay ahead of what is just this relentless onslaught.” [18:59]

Memorable Quotes

“Advertising based intelligence... outpaces GDPR’s consent model and inconsistent enforcement. The result is a security and privacy gap at the heart of Europe’s institutions.” [03:41]
“You basically need a phone and a bitcoin wallet.” — Trevor Hilligoss, on the low barrier to cybercrime [11:41]
"Perception can become reality very quickly. A breach doesn't just unfold in technical terms, it trends.” — Ann Johnson [15:52]
“Some of the best campaigns are...where we get permission to look back at a big problem, a challenge, and... take a reporter through what happened there. This is the transparent part as well.” — Frank Shaw [17:39]

Timestamps for Major Sections

International bust (Chargeback): 00:30 – 02:30
Adtech surveillance investigation: 02:31 – 04:00
Major business impacts: 04:01 – 07:00
Global scam assets seized: 07:01 – 08:30
Middleton, OH & local breach: 08:31 – 10:00
Nikkei, Google–Wiz deal: 10:01 – 11:00
SpyCloud interview: 11:01 – 12:00
Afternoon Cyber Tea: Microsoft on comms: 13:51 – 19:43
Norwegian bus espionage fears: 20:42 – End

Conclusion

This episode encapsulates the global scope and increasing complexity of cybersecurity: from international cybercrime and commercial fallout to the evolution of threats via adtech and the critical need for skilled, transparent communication. Despite relentless new risks, industry experts share optimism—grounded in collaboration and adaptive strategies—for staying ahead and keeping digital society secure.

CyberWire Daily – “From small charges to big busts”

Date: November 5, 2025
Host: Dave Bittner, N2K Networks

Episode Overview

Key News Segments

Operation Chargeback: Dismantling Fraud Networks

[00:30 – 02:30]

Summary: An international law enforcement partnership, coordinated by prosecutors in Koblenz, Germany and supported by Europol and Eurojust, took down three major fraud and money-laundering networks. The suspects stole credit card data from over 4.3 million people worldwide, using the data to create fake online subscriptions—mostly for adult and streaming sites—and charging victims small, recurring amounts to avoid detection.
- This scheme operated from 2016–2021 and funneled transactions through German payment providers with the help of complicit executives and UK/Cyprus shell companies.
- Losses are estimated at more than €300 million, with over €35 million already seized.
- Europol called the operation “a model of international cooperation and a warning to cybercriminals hiding behind digital borders.”

Adtech Surveillance & EU Security Risks

[02:31 – 04:00]

Summary: An investigation by Germany's Netzpolitik (the "Data Broker Files") reveals how location data from mobile adtech can unmask where EU and NATO officials live, work, and travel—even inside sensitive buildings.
- Researchers analyzed two datasets containing 278 million Belgian location records, linking ad IDs to individuals and tracking movement patterns in and out of EU and NATO institutions.
- Lawmakers are calling for stricter limits or even bans on tracking and large-scale profiling.
Insight: “Advertising based intelligence or ad int turns routine app data into operational targeting, outpacing GDPR's consent model and inconsistent enforcement. The result is a security and privacy gap at the heart of Europe’s institutions.” [03:41]

Major Cyberattacks & Business Impacts

[04:01 – 07:00]

Marks and Spencer (M&S): Suffered a 99% plunge in pre-tax profit (from £392M to £3.4M) in H1 2025 due to a cyber attack that crippled online orders and disrupted store operations.
- Insurance payouts so far have matched direct costs (~£100M); the full impact estimated at £300M.
- Despite setbacks, analysts call M&S's operational performance “outstanding given the extended outage.”
Google Android Patch: November update fixes a critical flaw (affecting Android 13-16) that allows remote code execution without user interaction.

International Crime & “Pig Butchering” Scams

[07:01 – 08:30]

Chen Xi Investigation: Authorities across Taiwan, Hong Kong, Singapore, and the UK have seized hundreds of millions from Chen Xi, accused of running global scams via Prince Holding Group.
- US prosecutors tie him to wire fraud, money laundering, and a $14B crypto seizure.
- Scams generated ~$30M/day, exploiting global victims through “pig butchering” (social engineering investment fraud).

Local Government & Infrastructure Attacks

[08:31 – 10:00]

Middleton, Ohio: Ongoing fallout from an August attack. Residents are paying estimated water bills due to system failures; background checks and city email were also affected. Suspected ransomware; city improving defenses. New state law prohibits ransom payments without council approval.
Houston Firefighters Data Breach: Over 7,500 Social Security numbers exposed due to a misdirected internal email. Firefighters’ union disputes claims of wrongdoing, blaming city IT procedures instead.
- “The city failed to secure its own data.” – Patrick Langton, Firefighters’ Union President [09:40]

High-Profile Corporate Breaches

[10:01 – 11:00]

Nikkei Data Breach: Japanese media giant Nikkei (owner of the Financial Times) suffered a breach of 17,000 employee/partner records via compromised Slack credentials exposed by a malware infection.
Google–Wiz Merger: The $32B merger cleared by US Department of Justice after antitrust review. Still under regulatory review elsewhere.

Special Segments

[Interview] How Cybercrime Became Accessible to Everyone

Guest: Trevor Hilligoss, SpyCloud
[11:01 – 12:00]

Main Point: The cybercrime ecosystem has evolved to provide sophisticated, turnkey “enablement services” to low-skilled criminals.
- “You basically need a phone and a bitcoin wallet.” – Trevor Hilligoss [11:41]
Implication: The barrier to launching large-scale, damaging attacks is lower than ever.

[Afternoon Cyber Tea] The Art (and Challenge) of Cybersecurity Communication

Guests: Ann Johnson (Microsoft) & Frank Shaw (Microsoft Chief Communications Officer)
[13:51 – 19:43]

Importance of Clear, Transparent Communication

"Cybersecurity is not just a technical conversation. It's about how people understand risk and ultimately how trust is built. And communication is the key to that bridge." — Ann Johnson [14:02]
Frank Shaw emphasizes the challenge: "They're inherently complicated topics... We give people the information they need to take action without scaring them into taking the wrong actions." [14:17]

Crisis Response & AI’s Role

Shaw on AI: "Effective use of AI allows us to move more rapidly in moments of crisis because we have better access to information and... insights." [15:39]
Johnson: "Perception can become reality very quickly. A breach doesn't just unfold in technical terms, it trends." [15:52]
Fragmentation of influence online makes it crucial to target and understand core audiences [16:02].

Internal Security Culture & Behavioral Change

“We’ve established security as a high order priority. One of the ways I know it’s successful is because people complain about it…that friction is a good sign that we're landing our messages.” — Frank Shaw [16:28]

Notable Campaigns & Lessons Learned

Shaw reflects: "Some of the best [campaigns] are where we get permission to look back at a big problem, a challenge, and then take a reporter through what happened there. This is the transparent part as well." [17:39]
Success depends on tailoring communications to local cultures and sensibilities [17:50].

Optimism and Collaboration

“I consider myself a cyber optimist because...we've blocked thousands of events. There's always something to look forward to.” — Ann Johnson [18:38]
Shaw’s optimism comes from “incredibly smart people... doing amazing work to stay ahead of what is just this relentless onslaught.” [18:59]

Memorable Quotes

“Advertising based intelligence... outpaces GDPR’s consent model and inconsistent enforcement. The result is a security and privacy gap at the heart of Europe’s institutions.” [03:41]
“You basically need a phone and a bitcoin wallet.” — Trevor Hilligoss, on the low barrier to cybercrime [11:41]
"Perception can become reality very quickly. A breach doesn't just unfold in technical terms, it trends.” — Ann Johnson [15:52]
“Some of the best campaigns are...where we get permission to look back at a big problem, a challenge, and... take a reporter through what happened there. This is the transparent part as well.” — Frank Shaw [17:39]

Timestamps for Major Sections

International bust (Chargeback): 00:30 – 02:30
Adtech surveillance investigation: 02:31 – 04:00
Major business impacts: 04:01 – 07:00
Global scam assets seized: 07:01 – 08:30
Middleton, OH & local breach: 08:31 – 10:00
Nikkei, Google–Wiz deal: 10:01 – 11:00
SpyCloud interview: 11:01 – 12:00
Afternoon Cyber Tea: Microsoft on comms: 13:51 – 19:43
Norwegian bus espionage fears: 20:42 – End

From small charges to big busts.

Powered by Wave AI

Summary

CyberWire Daily – “From small charges to big busts”

Episode Overview

Key News Segments

Operation Chargeback: Dismantling Fraud Networks

Adtech Surveillance & EU Security Risks

Major Cyberattacks & Business Impacts

International Crime & “Pig Butchering” Scams

Local Government & Infrastructure Attacks

High-Profile Corporate Breaches

Special Segments

[Interview] How Cybercrime Became Accessible to Everyone

[Afternoon Cyber Tea] The Art (and Challenge) of Cybersecurity Communication

Importance of Clear, Transparent Communication

Crisis Response & AI’s Role

Internal Security Culture & Behavioral Change

Notable Campaigns & Lessons Learned

Optimism and Collaboration

Memorable Quotes

Other Noteworthy Stories

Norway’s Bus in a Cave: Testing for Espionage

Timestamps for Major Sections

Conclusion

Summary

CyberWire Daily – “From small charges to big busts”

Episode Overview

Key News Segments

Operation Chargeback: Dismantling Fraud Networks

Adtech Surveillance & EU Security Risks

Major Cyberattacks & Business Impacts

International Crime & “Pig Butchering” Scams

Local Government & Infrastructure Attacks

High-Profile Corporate Breaches

Special Segments

[Interview] How Cybercrime Became Accessible to Everyone

[Afternoon Cyber Tea] The Art (and Challenge) of Cybersecurity Communication

Importance of Clear, Transparent Communication

Crisis Response & AI’s Role

Internal Security Culture & Behavioral Change

Notable Campaigns & Lessons Learned

Optimism and Collaboration

Memorable Quotes

Other Noteworthy Stories

Norway’s Bus in a Cave: Testing for Espionage

Timestamps for Major Sections

Conclusion