Daily Cyber Threat Brief – December 16, 2025 (Ep 1027)

Host: Gerald Auger, Ph.D. | Guest Host in Jawjacking: Eric Taylor

Episode Overview

This episode of the Daily Cyber Threat Brief delivers the top cybersecurity news of December 16, 2025, with expert insights and lively community interaction. Gerald breaks down eight critical stories, ranging from US national cyber strategy, new vulnerabilities, major data breaches, to Chrome extension privacy issues and more, all in an hour-long session. Insights are tailored for professionals across the cyber spectrum—offensive, defensive, GRC, and leadership roles. The episode wraps up with the “Jawjacking” Q&A segment, where Eric Taylor dives deep into career, technical, and philosophical cybersecurity questions.

Key Discussion Points and Insights

1. US Cyber Strategy: Private Firms to Join Offensive Operations

• [11:06-19:34]
• Summary: The US is preparing a strategy to involve private companies in offensive cyber operations against both criminal and nation-state adversaries. This raises legal, security, and risk concerns, especially regarding attacking state-backed actors.
• Key Insights:
  • Outsourcing offensive operations could accelerate response time, given that government entities are often too slow.
  • Risks include private companies becoming targets and blurry lines of legal authority.
  • Likelihood leans toward select, highly skilled former government operators—not a “cyber Wild West.”
• Notable Quote:
  “If I was in the conductor seat on a locomotive, I would reach up and grab that handle and go, let it fly dude. Full send this thing.” – Gerald, [11:50]
  • On risks:
    “If I was a private firm, I'd be scared of nation states coming after me. And those firms better have government backup because you don't want a firm going down because, like, basically hung out to dry.” – DJB Sec, via Gerald [13:40]

2. Microsoft Patch Tuesday Breaks Message Queuing

• [19:34-23:51]
• Summary: Microsoft’s latest patches altered NTFS permissions, breaking MSMQ for enterprise apps and IIS sites on Windows 10/Server, forcing admins to choose between rolling back the patch or risking exposure.
• Key Insights:
  • Real-world IT pain point: mandatory patching triggers service outages but neglecting it leaves you vulnerable.
  • Patches should be through change control, but often practicalities override process.
• Notable Quote:
  “Pour a little eggnog out for your IT admins… you’re trying to take the last two weeks of the month off … and then you show up on Tuesday, and they're like, ah, the website's down. And you're like, oh my God.” – Gerald, [20:22]

3. Phishing Campaign Deploys Phantom Stealer via ISO Files

• [23:51-31:12]
• Summary: Russian-linked phishing targets finance staffers with ISO files (bypassing some email security) to deliver info-stealing malware. The technique uses emotional triggers (fake, urgent financial emails), multi-stage payload, and in-memory execution.
• Key Insights:
  • Attack chain: ZIP → ISO → disguised EXE → phantom stealer (credentials, crypto, tokens exfiltrated via Telegram, Discord, FTP).
  • Perpetrators use high-friction but effective methods targeting urgent, finance-specific scenarios.
• Notable Quote:
  “You have to download something, unpack it, mount the ISO, then click the fake payment confirmation. Seems like a lot of steps for a victim to fall for. But...it's clearly working.” – Gerald, [24:36]
• Memorable Moment: AI-generated kill chain graphic requested successfully on the fly [36:45].

4. Jaguar Land Rover: Payroll Data Stolen After £1.5B Breach

• [31:12-36:43]
• Summary: August cyberattack by “ShinyHunters” halted production and resulted in payroll data theft affecting thousands; damages estimated at £1.5 billion and economic repercussions for the UK.
• Key Insights:
  • Complexity of international environments hampers recovery—restore order dependencies a major challenge.
  • Threat actors focus on top earners within stolen payroll data for maximum ROI.
• Notable Quote:
  “If I steal payroll data hypothetically… I'm going to stick it in a spreadsheet and sort by value—highest to lowest. It's just an economy of scale thing.” – Gerald, [31:53]

5. CISA Adds Apple WebKit, Gladdenet TrioFox Flaws to KEV

• [44:24-45:14]
• Summary: New Apple and file transfer software vulnerabilities join CISA’s Known Exploited Vulnerabilities catalog. Both are actively targeted; Apple’s is especially aimed at high-value targets.
• Key Insights:
  • Apple device exploitation is rising; users should not be complacent.
  • Gladdenet and TrioFox vulnerable due to hardcoded cryptographic keys—high priority for patching.
• Notable Quote:
  “A lot of VIPs, business people, non-tech people, politicians put a lot of faith in Apple devices… I feel like there's a common belief that Apple devices are just unhackable. It's not true.” – Gerald, [45:14]

6. Insider Threat: OPEXUS Background Checks Fail

• [48:31-53:13]
• Summary: Contractor OPEXUS/US Government failed to screen twin brothers with prior cybercrime convictions, resulting in mass database deletions upon their termination.
• Key Insights:
  • Major, embarrassing process failure given the sensitivity of government positions.
  • Background check process was insufficient; responsible hiring staff fired, and policies updated.
• Notable Quote:
  “These two guys literally went to jail for felony. Then they get out, and then immediately get clearance and a government job again… Of any place, the US federal government is the one with the most stringent clearances.”—Gerald, [49:31]

7. Chrome Extension ‘Urban VPN’ Intercepts AI Chats

• [53:13-57:10]
• Summary: The “Urban VPN” Chrome extension (6M+ installs) reads and transmits all AI chat content (ChatGPT, Claude, Gemini, Meta AI, etc.) to its parent company, combining this with other browser data collection.
• Key Insights:
  • Free VPNs are often monetized through invasive data harvesting.
  • This extension injects code and exfiltrates both user prompts and chatbot responses—raising risks of extortion, identity theft, and privacy breach.
• Notable Quote:
  “VPNs always continue to be a minefield… They say they protect your identity, but they don't. They steal your information.” – Gerald, [53:53]

8. Google Sunsets Dark Web Report Tool

• [57:10-59:48]
• Summary: Google will end its free email dark web scan notifications, citing unhelpful results; will focus on tools with actionable guidance.
• Key Insights:
  • Knowing your email is breached is only half the battle; response is critical, but end-users (like “Aunt Dorothea”) are typically unable to act effectively.
• Memorable Moment:
  Gerald references a “Commando” (Arnold Schwarzenegger) gear-up montage to illustrate the absurdity of expecting average users to remediate dark web breaches themselves. [59:45-61:50]

Tidbits Tuesday: (Personal & Community Moments)

• [40:34-44:24]
  • Gerald shares his plans for a “do-nothing” holiday break after 16 years; emphasizes the importance of downtime for mental creativity and happiness.
  • Community largely resonates with the sentiment of authentic rest.

Jawjacking Q&A with Eric Taylor (Barricade Cyber)

[63:50–>end]

Highlighted Jawjacking Questions & Answers

• Breaking into Cyber and Earning Side Income

  • Explore YouTube and educational content creation; consider small online course platforms; reach out for joint ventures if you have unique demo/training skills.
  • “You really, really have to stand out… It's literally the million-dollar question. I don't have that answer.” – Eric

• Lab/Hands-On Experience for Certs (Sec+/Net+)

  • Utilize “Hack the Box” and “Try Hack Me”; set up VMs for practice; Azure’s dev environment can provide affordable (sometimes free) virtual labs.

• Learning Active Directory for Audits

  • Recommend spinning up a lab in Azure for hands-on experience; align skill acquisition with job requirements for companies you wish to target.

• VPN Security & Network Logging

  • Question about how to trace user DNS queries accurately; Eric dives into technical details on DHCP, WINS, and DNS logging best practices.

• Best LLMs for Cybersecurity Data

  • Eric uses Mistral 7B and Mistral Large locally for research and data processing; expects movement toward more advanced platforms, but emphasizes building foundational technical familiarity before orchestration.

• Books and Podcast Recommendations

  • “Darknet Diaries” recommended for insight into the psychology of hackers and scammers.
  • On the philosophical side, Eric mentions “The Case for Christmas” by Lee Strobel as personally meaningful this season.

• CISO Career Reality

  • “I can't imagine a world where I would ever want to be a CISO because … they don’t get any of the credit when things go right. They get all the blame when everything goes wrong.” – Eric
  • Suggests asking Gerald for a more positive perspective.

Notable Quotes & Memorable Moments

| Timestamp | Speaker | Quote/Context | |-----------|----------|-------------------------------------------------------------------------------------------| | 11:50 | Gerald | “Full send this thing…This has been going on for years now.” (On US' new offensive strategy)| | 20:22 | Gerald | “Pour a little eggnog out for your IT admins…This sucks. This is just the crap of working in IT.”| | 24:36 | Gerald | “You have to download, unpack, mount, and then open…Seems like a lot of steps, but it works.”| | 31:53 | Gerald | “Sort by value—highest to lowest…Why would you go after the lowest paid?” | | 49:31 | Gerald | “You have one job. Background check people…So gross.” | | 53:53 | Gerald | “VPNs—always a minefield…They lie and say they protect you, but they steal your information.”| | 59:45 | Gerald | “My Aunt Dorothea loading up for the dark web after her info got leaked…” | | 94:34 | Eric | (On DNS): “Your devices literally come to the server, says hey, what is Google? Server says what’s Google? Server comes back, here’s Google.”|

Community Engagement Moments

• Welcome New Listeners: First-timers are enthusiastically welcomed (“release the Kraken that is John McLean!”).
• Nostalgic Tech Humor: Gerald references 1990s Linux hype, the power of enterprise backup dependencies, and “egg nog” debates with the chat.
• Live Graphics: DJ B Sec creates an AI-generated attack chain illustration live, feeding off community feedback.

Practical Takeaways

• Patch Admins: Test and stage patches, even if it feels bureaucratic; December can be a minefield due to complex dependencies.
• Security Leaders: If you work with finance or VIPs, reinforce ultra-targeted security awareness (tailored, not generic).
• Personal Security: Don’t trust “free” VPNs—paid, reputable providers like ProtonVPN are preferable.
• Vulnerability Management: Patch not only “major” devices—third-party tools like Gladdenet matter.
• Job Seekers: Differentiate yourself with niche skills, visibility (content/training), and clarity on required certifications.
• Tooling: Evaluate Chrome extensions and always verify what data they access, especially with AI.

Useful Timestamps

• [11:06] US Cyber Strategy Story Start
• [19:34] Microsoft Patch Madness
• [23:51] Russian Phishing/Phantom Stealer
• [31:12] JLR Payroll Breach
• [44:24] CISA Vulnerabilities Update
• [48:31] OPEXUS Insider Threat
• [53:13] Chrome VPN Data Harvesting
• [57:10] Google’s Dark Web Report Ends
• [63:50] Jawjacking/Community Q&A with Eric Taylor

In the Spirit (Episode Tone & Flavor)

Gerald’s energy is candid, slightly irreverent, and encourages both laughter and career-minded focus. Eric provides deep technical and practical guidance in a welcoming, “ask anything” fashion, closing with community thanks and a brief reflective note on personal growth and faith.

Summary

This episode delivers a dynamic, community-driven roundup of the day’s most critical—and practical—cybersecurity developments, peppered with humor, real-world anecdotes, actionable advice for practitioners, and a strong sense of inclusivity and mentorship.