Daily Cyber Threat Brief – Dec 19, 2025 (Ep 1030)
Host: Dr. Gerald Auger, Simply Cyber Media Group
Panelists (Jawjacking Segment): Daniel Lowry, Fleetus Poston III
Special Guest Mentions: James McQuiggan, DJ B Sec, Jessica Hyde
Episode Overview
This lively Friday edition of Daily Cyber Threat Brief navigates through technical hiccups, career celebrations, and, most importantly, the top cybersecurity news stories shaping December 19, 2025. Dr. Gerald Auger (“Jerry”) delivers unscripted, no-nonsense analysis and mentorship, bolstered by contributions from community members and a jawjacking panel. The episode covers everything from breaking vulnerabilities and international cybercrime to nuanced conversations about cyber policy, AI in underground markets, and industry career advice.
Key Discussion Points and Insights
1. Technical Glitches & Community Spirit
- Jerry kicks off the episode amid unplanned technical challenges, troubleshooting live—highlighting the “chaotic” but collaborative spirit of cybersecurity work.
- Community engagement is celebrated, notably job wins, certifications (e.g., Security+), and personal milestones.
- Notable Quote:
- “We work in cyber. Everything we walk into is typically a hot mess. We're either there to fix it, we're there to build it anew, or we're there to un-f it. Welcome to cybersecurity.” — Gerald Auger (06:36)
2. Microsoft Windows Update Breaks Remote App Connections
- Story Summary: A Microsoft patch has broken remote app connections (affecting Windows 11 24H2/25H2 and Windows Server 2025 devices in Azure Virtual Desktop).
- Jerry’s Analysis:
- This exemplifies a common conflict: security vs. usability. Sysadmins often feel security updates “break things.”
- Architectural trade-offs are key: moving to cloud-based desktops centralizes governance but can raise the stakes when access is disrupted.
- Advice: Always evaluate downside risks of architectural decisions and be pragmatic about pros and cons.
- Notable Quote:
- “It doesn't matter what you choose, you always need to evaluate the consequences or the impact of the downside of those options.” (19:40)
3. Arrest on Italian Ferry: Insider Threat & OT Security
- Story Summary: Two crew members of an Italian ferry, docked in France, are arrested for planting malware capable of remotely controlling the ship.
- Takeaways:
- Insider threats remain potent, even for large-scale OT systems.
- The real concern isn’t just data compromise but the potential for physical control & catastrophic outcomes (referencing the Baltimore bridge incident).
- Praise given to the ferry company (GNV) for detecting and responding swiftly—a rare but important demonstration of operational security vigilance.
- Notable Quote:
- “They buried the headline. The malware could control the boat. Are you kidding me?” (22:54)
4. US Senate Warning: Open Source, Supply Chain, and ‘McCarthyism’
- Story Summary: Senate Intel Chair Tom Cotton warns against foreign actors in open-source projects, citing Russian maintainers in DoD software as a risk.
- Auger’s Take:
- Warns against blanket bans based on contributor nationality—a difficult, potentially discriminatory, and ultimately unenforceable approach.
- True supply chain defense requires continuous vigilance and behavioral analysis, not just country-of-origin checks.
- Notable Quote:
- “Carte blanche saying you’re not allowed to use it is kind of a lame, lazy answer.” (34:46)
5. Chinese Threat Actors Exploiting Cisco Email Security Zero-Day
- Story Summary: Cisco secure email gateways face active exploitation (CVE severity: 10), traced to Chinese threat actors since Nov 2025.
- Actionable Insight:
- If you run Cisco email gateways: PATCH NOW.
- Apply robust access controls, disable default creds, and audit for indicators of compromise (IOCs).
- General warning: Security tools (like firewalls, IAM, email gateways) must be protected; their compromise is especially dangerous.
- Notable Quote:
- “If you're running Cisco email security gateway, you have a 4% chance of getting hit in the next 30 days. If you get hit, it's bad.” (37:23)
- Practical Remediation:
- Patch promptly.
- Restrict management interfaces behind firewalls.
- Check for IOCs within any exposure windows.
6. DXS International Breach: NHS Provider Hit (Internal Server Compromise)
- Story Summary: DXS International, a major NHS software supplier, reports an internal server breach.
- Discussion:
- Rapid disclosure commended, but public statements frame impact in financial (“material”) terms—not patient impact.
- Suggests either insider compromise or external attackers gaining internal foothold.
- Notable Quote:
- “It always kills me… The update is, we've been hacked, this will not result in a material [financial] statement… It's not so much, ‘we're sorry victims,’ it's, ‘don't worry, investors.’” (51:16)
7. Darknet AI Assistant (‘DIG AI’) Used by Cybercriminals
- Story Summary: AI-powered tool on the darknet, DIG AI, is fueling illicit activity, from explosive device info to generating illegal content.
- Risks:
- Ease of access and commercialization ("criminal SaaS").
- AI’s dual-use nature: can be harnessed for rapid, wide-ranging cybercrime.
- Notable Quotes:
- “Whoever stood this website up is probably charging for it...They want to make money, which means they want everybody to know about it, and they can't determine if you're law enforcement or just a criminal.” (56:18)
- “AI art or graphic generation… you can have it generate very… sexualized imagery of men, women… It’s not that far a stretch to something gross and illegal, unfortunately.” (57:43)
8. ASUS Live Update Supply Chain Flaw Added to CISA KEV Catalog
- Story Summary: A supply chain compromise led to malicious code in ASUS’s “Live Update” tool (CVSS 9.3).
- Implications:
- Highlights persistent dangers of “trusted” update channels.
- Ongoing challenge: detection, validation, and patching.
9. VPNs Under Fire: Password Spray Attacks on Cisco & Palo Alto
- Story Summary: Automated campaigns targeting multiple enterprise VPN solutions, using common passwords and credential spraying.
- Advice:
- PUT MFA (Multi-Factor Authentication) ON EVERYTHING EXTERNALLY FACING.
- Notable Quote:
- “If it's Internet facing, put MFA on it. Thank you for coming to my TED Talk.” (60:47)
- “If someone says, ‘I don't like MFA, it's too much work,’ just shut up.” (61:10)
Panel Discussion (Jawjacking) Highlights
Careers, Community, and Life in Cyber
- Panelists: Daniel Lowry & Fleetus Poston III join Jerry for a career-centric Q&A.
- Key Celebrations:
- Victory laps for community members landing new jobs and passing certifications.
- Recognizing persistence in job hunts and celebrating pre-holiday successes.
Career & Skills Advice
- “Lots of people doom-scroll cyber content and don’t apply it. Application matters: build labs, blog, teach. Don’t mistake passive consumption for true progress.” — Fleetus Poston III (73:27)
- “Ideas are easy; execution is difficult... Do an 80/20 split—learn, but make sure you apply and share some of what you learn.” — Jerry (76:27)
- To break into senior leadership: “Do the role before the role finds you… sometimes, you just have to leave a company to get promoted.” — Fleetus (113:42)
Technical Insight
- Why is a WiFi Pineapple dangerous?
- “Lets you do rogue AP/evil twin attacks… Once they're on your network, you can sniff all their traffic.” — Daniel Lowry (82:15)
- Attackers can fly a drone with a WiFi Pineapple onto a corporate roof and lure execs onto a rogue WiFi—“Guess what? I own all your stuff.” — Jerry (85:29)
- On OT/ICS Pen Testing:
- “Most of the time you give testers a diode or PLC off-network. Don’t let them touch production.” — Fleetus (79:27)
CISO Role & Reporting Structure
- “I always wanted to be a CISO, then I got there and was like ‘oh, gross.’ You think you’ll have the authority to reduce risk, but you often end up in budget battles and Game of Thrones politics.” — Jerry (102:53)
- Should CISO report to the CIO?
- Ideally not—conflicts of interest on uptime vs. security. But budget battles can make the hierarchy complicated.
- “As CISO, get a clause: If critical, I report straight to the board or CEO, bypassing the CIO if needed.” — Fleetus (109:21)
- Certification advice for GRC:
- ISACA CISM if you qualify; otherwise, technify GRC skills with automation, policy-as-code.
Holiday Traditions & Lightning Round
- Oatmeal raisin cookies: A panel favorite for the holidays.
- Christmas Movie Debate: Die Hard wins as a Christmas movie, with side arguments for “First Blood.”
- Advice for Cyber Holidays: Enjoy the unique quiet, and family time, and avoid working while “playing with your WiFi Pineapple.”
Notable Quotes & Moments (with Timestamps)
- 06:36 — “We work in cyber. Everything we walk into is typically a hot mess… welcome to cybersecurity. Today's your first day.”
- 19:40 — “You always need to evaluate the consequences or the downside of those options.”
- 22:54 — "They buried the headline. The malware could control the boat. Are you kidding me?"
- 37:23 — “If you're running Cisco email security gateway, you have a 4% chance of getting hit in the next 30 days. If you get hit, it's bad.”
- 51:16 — "We've been hacked. This will not result in a material [financial] statement... It's not so much we're sorry victims, like don't worry. It's don't worry, investors."
- 60:47 — "If it's Internet facing, put MFA on it. Thank you for coming to my TED Talk."
- 102:53 — “I always wanted to be a CISO, then I got there and I was like ‘oh, gross.’”
- 76:27 — “Ideas are easy. Execution is difficult. Do an 80/20 rule: spend 80% learning, but 20% must be application.”
- 79:27 — “Most of it is, you give them a diode or PLC that's similar enough and say, ‘hey, do hardware hacking off my network,’ and then tell me if my config is correct.”
Important Timestamps
- Tech Troubleshooting & Show Open: 00:01–09:26
- Community Wins & Sponsor Reads: 09:26–13:48
- News Stories Begin (Windows Update): 13:54
- Ferry Malware Arrest Analysis: 21:10
- US Senate Open Source Risk: 27:01
- Cisco Email Gateway Zero-Day: 36:09
- Breach: DXS/NHS: 50:12
- Darknet AI Assistant: 55:30
- ASUS Supply Chain Flaw: 59:05
- VPN Attacks: 59:52
- Jawjacking Panel Discussion: 62:34
- Rapid-Fire Q&A, Career, Tools, CISO Discussions: 73:27–116:35
- Closing Reflections & Vacation Farewell: 116:35-end
Episode Tone and Energy
The stream is playful yet practical—deep technical and policy analysis interspersed with humor, empathy, and lots of community encouragement. Jerry and his guests balance hard truths (“Being CISO gets political and stressful fast”) with mentorship (“Apply what you learn!”) and a dash of personal connection (cookie debates, family traditions).
Final Takeaways
- Always think through both technical and organizational trade-offs.
- Patch critical infra fast, prioritize MFA everywhere.
- Supply-chain, insider, and OT attacks are top-of-mind as threat landscapes evolve.
- Don’t just learn—APPLY your cybersecurity knowledge.
- The community thrives on sharing wins and helping each other up.
- Protect your family, your identity, and... keep some oatmeal raisin cookies on hand for the holidays!
Next up: DJ B Sec and Daniel Lowry will host The Daily Cyber Threat Brief until 2026.
Don’t miss: “State of Simply Cyber” event (Dec 19, 12p ET) + more community webinars in January!
— Stay Secure. Happy Holidays from Simply Cyber!