A

You're listening to the Cyberwire network, powered by N2K.

B

At Talas, they know cybersecurity can be tough and you can't protect everything. But with Thales, you can secure what matters most. With Thales industry leading platforms, you can protect critical applications, data and identities anywhere and at scale with the highest roi. That's why the most trusted brands and largest banks, retailers and healthcare companies in the world rely on Talas to protect what matters most applications, data and identity. That's Talas. T H A L E S learn more@talasgroup.com cyber operation chargeback takes down global fraud networks an investigation reveals the dangers of ad int mns profits plunge after a cyber attack Google patches a critical Android flaw Asian prosecutors seize millions from an accused Cambodian scam kingpin Ohio residents are still guessing water bills months after a cyber attack. Houston firefighters deny blame in a city data breach. Nikkei reports a slack breach exposing 17,000 records the Google whiz deal clears DOJ review Ann Johnson welcomes her Microsoft colleague Frank X. Shaw to afternoon cyber tea and Norway parks its China bus in a cave just in case. Foreign November 5, 2025 I'm Dave Bittner and this is your Cyberwire Intel Briefing. Thanks for joining us here today. Great to have you with us as always. An international law enforcement operation dubbed Chargeback has dismantled three major fraud and money laundering networks accused of stealing credit card data from more than 4.3 million people worldwide. Coordinated by prosecutors in Koblenz, Germany, and supported by Europol and Eurojust, the November 4 action spanned nine countries and led to 18 arrests and over 60 searches between 2016 and 2021. Suspects allegedly used stolen card data to create fake online subscriptions, mostly for adult and streaming sites, charging small recurring amounts to evade detection. The scheme funneled transactions through four German payment providers, aided by complicit executives and shell companies registered in the UK and Cyprus, authorities estimate losses exceeding over 300 million euros, with over 35 million euros already seized. Europol praised the operation as a model of international cooperation and a warning to cybercriminals hiding behind digital borders. An investigation from Germany's Netzpolitik, called the Data Broker Files, shows how adtech location data can unmask where EU officials live, work and commute. Even inside the Commission's Berlamont and NATO headquarters, analysts reviewed two data sets with 278 million Belgian location records and, using mobile advertising IDs, linked pings to identifiable individuals and routes. Preview samples alone surfaced thousands of signals from EU institutions, including roughly 2,000 pings at the Commission and 5,800 at Parliament. NATO sites saw 9,600 pings from 543 devices. The Commission issued new staff guidance on ad tracking. Members of the European Parliament now urge tighter curbs up to bans on tracking and large scale profiling, citing espionage risks. Advertising based intelligence or ad int turns routine app data into operational targeting, outpacing GDPR's consent model and inconsistent enforcement. The result is a security and privacy gap at the heart of Europe's institutions. Marks and Spencer's profits plunged 99% in the first half of the year after a cyber attack crippled online orders for months and disrupted store operations. Statutory pre tax profit fell from 392 million pounds to to 3.4 million pounds, though the retailer has received 100 million pounds in insurance payouts, roughly matching costs so far. M and S expects further expenses as recovery continues. Despite the turmoil, underlying profit reached 184 million pounds and food sales rose 7.8%, signaling resilience. Analysts called the performance outstanding given the extended outage. While while RivalNext enjoyed a temporary sales boost, executives said profits should rebound in the second half as operations stabilize and shoppers return for Christmas. Ms. Still estimates the full impact of the hack at around 300 million pounds. Google's November 2025 Android update fixes a critical flaw allowing remote code execution in the system component without user interaction. The bug affects Android 13 through 16. A second issue rated high severity could let attackers block security updates on Android 16 devices. Google has released fixes to the Android open source project, with manufacturers rolling out updates to users. Authorities in Taiwan, Hong Kong and Singapore have seized hundreds of millions in assets linked to Chen Xi, the Cambodian businessman accused by the US of running a vast global scam network through his Prince holding group. US prosecutors charged Chen in October with wire fraud and money laundering conspiracies alongside a $14 billion cryptocurrency seizure. Recent raids uncovered luxury cars, high end apartments and yachts across Asia, with Taiwan seizing $150 million, Hong Kong $353 million and Singapore over $114 million. The UK also froze properties worth nearly 145 million. Prosecutors say Chen's network defrauded victims worldwide through pig butchering and investment scams, generating up to $30 million a day. Chen, a naturalized Cambodian citizen and former adviser to Prime Minister Hun Manae, has not commented publicly. More than two months after a cyberattack crippled Middleton, Ohio's systems, residents are still paying estimated water bills because the city can't calculate actual usage. The August hack also halted background checks and disrupted city email, forcing residents to visit City hall to pay in person. Officials haven't confirmed if personal data was compromised but suspect ransomware. The city has upgraded servers and pledged a grace period once billing resumes. Experts say smaller municipalities like Middleton are increasingly targeted by state backed or criminal gangs exploiting weak IT defenses. A new Ohio law now requires cities to adopt cybersecurity programs, report incidents and prohibits ransom payments without council approval. Residents, meanwhile, keep receipts and hope billing returns to normal by spring. Houston firefighters say they're being wrongly blamed for a data breach that exposed over 7,500 Social Security numbers. The city of Houston emailed a link meant for promotion exam information, but it led to unsecured folders containing personal data. A firefighter reported the issue immediately, prompting the fire chief to block access. Union President Patrick Langton called city claims that firefighters downloaded sensitive files false, arguing the city failed to secure its own data. City officials say the access was inadvertent. Japanese media giant Nikkei, owner of the Financial Times, disclosed a data breach affecting over 17,000 employees and partners after attackers accessed its Slack workspace using stolen credentials. The compromise began when an employee's malware infected computer exposed authentication data, allowing unauthorized entry into Nikkei's internal communications. Exposed information includes names, emails and full chat histories. The company has reset passwords, notified affected users and reported the breach to Japan's data protection Authority. Though not legally required to do so. Alphabet's Google and cybersecurity firm Wiz have cleared a major hurdle in their $32 billion merger after the U.S. department of justice ended its antitrust review. The FTC notice dated October 24th confirms early termination of the investigation, signaling no objection to closing the deal. Wiz CEO Asaf Rapoport confirmed the development, though other regulators continue to review the merger. The decision offers rare good news for Google, which remains under global antitrust scrutiny following multiple US Court rulings. Coming up after the break, Ann Johnson welcomes her Microsoft colleague Frank Shaw to afternoon cyber tea and Norway parks its Chinese bus in a cave just in case. Stick around.

A

What happens when cybercrime becomes as easy as shopping online? Spy Cloud's Trevor Hilligoss joined Dave Bittner on the Cyberwire Daily to explain how a wave of cybercrime enablement services are lowering the barrier to entry and making sophisticated attacks available to anyone.

C

I think it's a pretty good general term that describes kind of an umbrella of tools and services that I would kind of tag as criminal or criminal adjacent instead of Having, you know, sort of the smaller pool of high sophistication actors that are able to kind of carry out these really vast and costly cyber attacks. You know, we see that being given to much lower sophistication, lower tech folks that are, you know, a much lower barrier to entry. To get into this field, the person that's buying access to this, they basically need a phone and a bitcoin wallet.

A

Make sure you hear this full conversation and learn how the underground economy is reshaping Cyber risk. Visit explore.thecyberwire.com spycloud that's explore.thecyberwire.Com spycloud.

B

What'S your 2am Security worry? Is it do I have the right controls in place? Maybe are my vendors secure? Or the one that really keeps you up at night? How do I get out from under these old tools and manual processes? That's where Vanta comes in. Vanta automates the manual work so you can stop sweating over spreadsheets, chasing audit evidence, and filling out endless questionnaires. Their trust management platform continuously monitors your systems, centralizes your data, and simplifies your security at scale. And it fits right into your workflows. Using AI to streamline evidence collection, flag risks, and keep your program audit ready all the time. With Vanta, you get everything you need to move faster, scale confidently, and finally get back to sleep. Get started@vanta.com cyber that's V A N T A dot com cyber on today's segment from Afternoon Cybertea, Microsoft's Ann Johnson welcomes Frank Shaw, chief communications Officer at Microsoft, to explore the critical role of communication in cybersecurity.

A

Today, I'm excited to be joined by Frank Shaw, Chief Communications Officer at Microsoft. Welcome to Afternoon cybertea.

D

Frank it's so great to be here. It's always nice to spend time with you. Ann.

A

Cybersecurity is not just a technical conversation. It's about how people understand risk and ultimately how trust is built. And communication is the key to that bridge, to connect the technical reality and also connect human perception.

D

When I think about all the different topics that we have to deal with, security and cybersecurity sort of tests us the most because they're inherently complicated topics. They come with an enormous amount of risk and they're easily misunderstood. We give people the information they need to take action without scaring them into taking the wrong actions, which can easily happen.

A

One of the things that we struggle with because you and I have had a lot of conversations, is at the beginning of any event, we're in the Fog of war. So we want to get the information out there so people can protect themselves. We want to be as accurate and as transparent as fast as possible. But these facts are changing also.

D

Transparency is absolutely the key and our ability to as an industry to talk about what has happened and what we have experienced in a way that allows others to learn from it is absolutely critical.

A

The year is 2025, so we're going to talk about artificial intelligence. You've spoken often about how AI is transforming communications. How do you see AI changing the way organizations handle communications, including cybersecurity communications and the crisis response to how we shape trust.

D

Effective use of AI allows us to move more rapidly in moments of crisis because we have better access to information and we have better access to then insights about what we might be able to do.

A

Perception can become reality very quickly. A breach doesn't just unfold in technical terms, it trends. It's debated on social media and sometimes misinform will outpace the facts.

D

The big challenge we've got from a communication standpoint is this absolute fragmentation of influence. In order to reach the people you want to reach, you have to really be crystal clear on the most important audience for you and then understand who reaches that audience.

A

Security awareness at Microsoft depends on how well we engage our employees. We can patch all day long, but at the end of the day we need over 200,000 people to take phishing.

D

Seriously from the top on down. We've established security as a high order priority. And one of the ways that I know it's successful is because people complain about it and they complain about it because they're having to do something differently. So I do look at that little friction in the system. That sense that I have to do something differently is a good sign that we're landing our messages internally and that behavior has shifted. You have to have strategic patience because it's going to operate at its schedule, not yours. Trying to fix it at the last minute is also, you know, a little bit of a fool's errand. On the proactive work, we have to think super hard about what is the story we want to tell and to whom and what can we say and when can we say it and be looking for things all the time.

A

Exactly. So we've also had fun along the way. Sometimes a creative campaign or a great story can really land and stick with people. I would love if you'd walk me through one of your favorite cybersecurity campaigns or stories that you and your team helped bring to life and what it made it successful in cutting through the noise.

D

Some of the best ones are where we get permission to look back at a big problem, a challenge, and then take a reporter through what happened there. This is the transparent part as well. So we detailed all of this in a report for the audience. It's like we ordinarily do with customers and industry analysts, and they all want the technical details and we provided it to them. But we also know that this is something that consumers care about. AI is still relatively new for consumers. It can be seen as scary when they hear about things like cyber criminals targeting them with AI, that's scary. So we wanted to land this in a, in a mainstream way as well. You could say something in one market and have it be effective and then you say the exact same thing in another market without considering some of the cultural differences and just get a lot of negativity. We rely deeply on the local sensibilities to make sure that it makes sense for them.

A

I consider myself a cyber optimist because I do know for everything you see in the news, we've as an industry, we've blocked thousands of events. So despite the challenges, there's always something to look forward to in this field. Whether it's new talent, new innovation. I truly believe AI will be innovative here. The spirit of collaboration, how we improve communications that are more effective.

D

A lot of my optimism is grounded in the fact that I get to work with these incredibly smart people from across the company in the security space. And anytime I'm dealing with an incident or an outage or a new program we're putting in place to prevent these things, and you just get to talk to people here at Microsoft and I'm sure across the entire security industry who are such bright, committed people doing amazing work to stay ahead of what is just this relentless onslaught. And every day I feel like, wow, I'm so glad that I have these people on the team here and everybody should feel great about that.

B

That's Anne Johnson along with her Microsoft colleague, Frank X Shaw. Be sure to check out the full afternoon CyberTea podcast right here on the N2K CyberWire. Foreign.

E

It'S okay not to be perfect with finances. Experian is your big financial friend and here to help. Did you know you can get matched with credit cards on the app? Some cards are labeled no Ding decline, which means if you're not approved, they won't hurt your credit scores. Download the Experian app for free today. Applying for no Ding decline cards won't hurt your credit scores. If you aren't initially approved. Initial approval will result in a hard inquiry which may impact your credit scores.

A

Experian.

B

And finally, deep inside a cold Norwegian mountain, a city bus waits quietly in an abandoned lime mine. It's not lost, it's a test subject. Investigators armed with spectrum analyzers and mild suspicion are are dissecting a Chinese made electric bus to see whether it's phoning home to Beijing. What they didn't find is espionage. Just a computer SIM card and a quiet reminder that modern vehicles are more data center than diesel engine. Theoretically, a single software update could freeze every bus in Oslo mid commute. The risk is small but not imaginary. So Norway is pulling the sims. Better safe than cyber Sorry. The tale from the tunnel captures our uneasy age. We love smart machines right up until they get a little too smart. Somewhere between paranoia and prudence, we're all deciding how much control we're willing to surrender for convenience, on wheels or in our pockets. And that's the Cyberwire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast. Apparently, please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music by Elliot Peltzman. Our executive producer is Jennifer Ibin. Peter Kilby is our publisher, and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. Sam.