Daily Cyber Threat Brief – Dec 5, 2025: Episode 1018

Podcast: Daily Cyber Threat Brief
Host: Dr. Gerald Auger (Simply Cyber Media Group)
Date: December 5, 2025

Episode Overview

This episode dives into the top cyber news stories of the day, delivering actionable insights and practical advice for cybersecurity professionals, from practitioners to executives. Dr. Gerald Auger, with over 20 years of GRC expertise, offers his trademark “beyond the headlines” takes, empowering listeners to make informed career and operational decisions.

Eight news stories were covered, plus listener Q&A and professional development discussion. The tone is practical, witty, and community-focused, blending technical insight with mentorship.

Key Discussion Points & Insights

1. Predator Spyware Still Active Despite Sanctions

[11:09 - 17:30]

• Summary: Recorded Future's Insect Group reports that “Predator,” an elite spyware tool (akin to Pegasus), remains in use internationally despite U.S. sanctions. Predator’s infrastructure has become harder to detect, yet is still present across multiple countries.
• Key Insights:
  • Zero-click exploits remain a critical risk for executives.
  • Sanctions have prompted vendors to become stealthier, not cease operations.
  • Understanding both the technical and macro (business/political) context of cyber threats is essential for effective cybersecurity.
• Memorable Quotes:
  • “If you’re so focused on the microscopic transactional details and you’re not paying attention to the macro level goings on… you’re gonna miss the forest for the trees.” – Gerald [14:53]
• Actionable Advice:
  • “If you have high ranking executives... just make them aware. This is a whole thing.” [16:18]

2. Russian Government Blocks FaceTime

[17:30 - 20:51]

• Summary: Russia’s regulator claims FaceTime is used for coordinating criminal acts, resulting in a ban. This aligns with an ongoing crackdown on foreign tech apps.
• Key Insights:
  • Blocking apps may have more to do with control and surveillance than actual security risk.
  • Censorship of communication platforms is a growing global trend.
• Memorable Quotes:
  • “If terrorists are using FaceTime…they’re just gonna switch to Signal… or Telegram. This shell game here seems a little silly.” – Gerald [18:21]
  • “This is like an, I don't want to say a nothing story, but like there’s nothing for us to do here.” [20:35]

3. U.S. National Cybersecurity Strategy Imminent

[21:07 - 26:26]

• Summary: The upcoming U.S. national cybersecurity strategy reportedly has six pillars, focusing on offense, regulatory alignment, workforce, procurement, critical infrastructure, and emerging tech (read: AI, possibly quantum computing).
• Key Insights:
  • Federal strategies sometimes overpromise (e.g., rapid zero trust adoption).
  • Actual operational impact may be limited and slow.
  • Practitioners should skim final documents for directional cues, but not expect immediate workplace change.
• Actionable Advice:
  • “I like to read these executive orders, see what the focus is… and keep it in the back of my mind.” [26:26]

4. Twin Brothers Arrested—Insider Threat to Gov Databases

[27:55 - 32:28]

• Summary: Twins previously convicted of wire fraud and computer crimes were rehired as federal contractors—then promptly deleted up to 96 government databases.
• Key Insights:
  • Insider threat is real, especially with privileged access.
  • Shocking lapses in federal hiring procedures: “These guys went…to jail for felonies. And somehow they got jobs as federal contractors accessing sensitive…databases.” – Gerald [30:18]
  • Defensive measures: Principle of least privilege, auditing, and backups are critical.
• Memorable Quotes:
  • “Can we like throw the book at him harder maybe? I’m so confused.” – Gerald [30:58]
  • “You only should have access to what you need access to. And you should absolutely have backups.” [31:18]

5. TEMU App Sued for Privacy Violations in Arizona

[38:36 - 43:05]

• Summary: Arizona sues Chinese retailer TEMU, alleging intrusive data harvesting and code obfuscation, potentially exposing U.S. user data to China’s government.
• Key Insights:
  • Data harvesting is rampant, but the issue is politicized due to international ties.
  • App permissions: On iOS, apps need explicit consent; may be more aggressive on Android.
  • Obfuscation isn’t illegal but raises red flags.
• Memorable Quotes:
  • “Every company is harvesting the crap out of your data. This is how you make tons of money in 2025.” – Gerald [40:28]
  • “If my TEMU app is asking for my contact list and my geolocation… that is problematic.” [41:50]

6. Reporters Without Borders Targeted by Russian APT “Star Blizzard”

[43:36 - 48:23]

• Summary: A sophisticated phishing campaign targeted RSF, leveraging missed-attachment psychology and ProtonMail/Proton Drive for delivery.
• Key Insights:
  • Psychological tricks (e.g., “forgotten” attachment) prime victims to click malicious payloads.
  • NGOs supporting Ukraine are priority targets, but technique is broadly applicable.
• Actionable Advice:
  • “Educate your end users…If you don’t recognize who it is, have your guard up.” [47:32]

7. ‘GhostFrame’ Phishing as a Service Platform

[48:23 - 51:49]

• Summary: New phishing service “GhostFrame” uses HTML/iframe abuse and dynamic subdomains to evade detection. Used for credential harvesting.
• Key Insights:
  • Each phishing incident gets its own unique subdomain, making traditional web filtering less effective.
  • Iframe cloaking helps bypass scanning.
  • Anti-analysis features aim to slow incident response.
• Actionable Advice:
  • “Educate your end users… EDR solutions, multi-factor auth, and conditional access are key controls.” [51:22]

8. Kohler Smart Toilet Camera—Encryption Misleading

[52:11 - 56:46]

• Summary: Kohler’s smart toilet camera ("Decoda") claims end-to-end encryption, but research finds only TLS in transit, not true E2E. Raises concern about privacy and AI training with user "waste" images.
• Key Insights:
  • IoT security and privacy diligence is essential—scrutinize manufacturer claims.
  • Precise use of technical terminology (e.g., “end-to-end encryption”) matters for risk and trust.
• Memorable Quotes:
  • “This story stinks. Am I right? This story just really going down the drain…” [53:18]
  • “Words do matter because…you do open yourself up to liability.” [56:01]

Professional Development & Listener Q&A

[59:11 - End]

Notable Quotes, Advice, & Moments

• The Power of Home Labs

  • “Making a home lab is just one side. The N part is you actually showing that you’ve done it… This is what makes you marketable.” – Daniel Lowry [86:27]
  • Key: Document your work and share it (LinkedIn, Medium, GitHub).

• Certifications & Career Entry

  • SEC+ remains valuable for HR screen; Microsoft 365 skills are in high demand.
  • Cloud: Focus on M365 for enterprise/cloud admin paths; AWS for tech platforms.
  • “It’s tough right now. You need to network and develop a personal brand.” – Gerald [64:35]

• Burnout & Career Pathing

  • “Cybersecurity is a lifestyle... Even after you do all this and get the job, you still have to keep learning.” – Gerald [77:46]

• Insider Threat Lesson

  • Always enforce least privilege, backups, and monitoring—insiders are not immune.

• On Vendor Conferences vs. Community Cons

  • Community-driven conferences provide better networking and long-term value than vendor/sales-oriented summits.

Notable Lighthearted/Dad Joke Segment

[36:48 - 38:08]

• James McQuiggin’s Friday Dad Jokes:
  1. Why is a coffin the worst gift? "It's literally the last thing they'll ever need."
  2. Why is the fridge the best gift? "Because you can watch their face light up when they open it."
  3. Why a broken drum? "Because they just can't beat it!"
• [36:48]

Timestamps of Important Segments

• 00:00 – Show intro, community shout-outs, CPE reminder
• 11:09 – Predator Spyware (Story 1)
• 17:30 – Russia Facetime Ban (Story 2)
• 21:07 – US Cyber Strategy (Story 3)
• 27:55 – Insider Threat Arrest (Story 4)
• 38:36 – Temu App Privacy Lawsuit (Story 5)
• 43:36 – Star Blizzard Targets NGOs (Story 6)
• 48:23 – GhostFrame Phishing Platform (Story 7)
• 52:11 – Kohler Toilet Camera Encryption (Story 8)
• 59:11 – Jawjacking Panel (Listener Q&A)
• 86:27 – Home labs and skills discussion

Closing & Extra Value

• Mid-show & closing: AMAs, Live community Discord, daily CPE value.
• Call to Action: “If you’re not subscribed, consider subscribing. It helps the community reach more people.” – Gerald [57:53]
• Final Note: “Cybersecurity is a life learning thing. You gotta have passion.” – FedEx (panel guest) [91:59]

Takeaways for Listeners

• Technical vigilance is crucial, but understanding the broader political and business landscape elevates your cyber effectiveness.
• User education, layered defenses, and least-privilege remain core controls–regardless of threat sophistication.
• Credentials and labs help but must be paired with public sharing and networking for career advancement.
• Stay skeptical of vendor claims—specifically around privacy, encryption, and data use.
• The community is a powerful resource—engage, share, and help one another.

For full show details, resources, and to engage with the Simply Cyber community, visit simplycyber.io. Up next: Friday Jawjacking AMA and more lively cyber career discussion!