Daily Cyber Threat Brief Podcast – Ep 1019

Date: December 8, 2025
Host: Dr. Gerald Auger (Gerald, Simply Cyber)
Podcast: Daily Cyber Threat Brief by Simply Cyber Media Group

Overview

Main Theme:
Gerald Auger delivers actionable insights into the day’s top cybersecurity news stories, exploring threats, breaches, and industry trends relevant to practitioners, analysts, and business leaders. This episode covers eight major stories from the weekend, with discussions ranging from critical vulnerabilities (like React to Shell) being actively exploited to evolving social engineering scams, and strategic advice for cybersecurity professionals.

Tone & Style:
Conversational, energetic, and unfiltered, Gerald blends expertise, humor, and real talk, aiming not only to inform but to build an inclusive, supportive cyber community. Community engagement and practical career advice are consistent highlights.

Key Discussion Points & Insights

1. Palo Alto GlobalProtect VPNs Under Brute-Force Attack

[10:53] Steve Prentiss reports: Since December 2, over 7,000 IPs (mainly from German firm 3xk infrastructure) are brute-forcing login attempts on Palo Alto GlobalProtect portals, pivoting to SonicWall API scanning.
[11:45]–[13:42] Gerald’s Insight:
- Emphasizes that this is brute-force (credential guessing) rather than a technical exploit.
- Key Advice: Ensure MFA is enabled. “This is an opportunity to remind people why multi-factor authentication is vitally important.” (Gerald, [12:55])
- Recommends users check for unusual logins, audit logs, and encourages use of passphrases over standard passwords.
[15:55] Shout-out to Eric Capuano, who recommends VPN device certificates for added security.

2. NATO’s Largest Ever Cyber Defense Exercise

[16:33] Reported by Steve Prentiss: NATO ran a cyber exercise with 1,300 remote participants from 29 Allied and 7 partner nations, testing responses to critical infrastructure attacks.
[17:02]–[18:59] Gerald’s Take:
- This is “basically a massive tabletop exercise.”
- Applauds use of scenario “injects” to steer participants into real decision-making, comparing to a D&D Dungeon Master approach.
- Encourages listeners to use scenario injects in their own tabletop exercises: “Don't be shy to inject and basically control the narrative.” (Gerald, [20:07])
Contextual Reflection: Surprising to see exercises amid active global conflicts (Russia/Ukraine), but stresses the value of preparation.

3. React to Shell Vulnerability – Active State-Backed Exploitation

[22:00] Steve Prentiss shares: Chinese state-backed hackers exploit “React to Shell” (CVSS 10/10), a critical bug in React server components now seen in thousands of products, with POCs public.
[22:51]–[25:35] Gerald’s Response:
- “This is not good…this vulnerability is being actively exploited.”
- Threat is severe because 50M+ websites use React server components, often for storing access secrets.
- Action Alert: Urges defenders to immediately assess/report if their environment is vulnerable.
- Community Call: “If anyone in chat…can share publicly about this situation, please do it in chat to help your fellow people.” (Gerald, [22:51])
- Exploits are actively being attempted; one example: “One threat actor tried to exploit the bug 116 times in an hour.” (Gerald, [24:33])
- Consider third-party risk and gently probe partner security, without crossing legal boundaries.

4. Barts Health NHS Oracle-Related Data Breach

[26:46] London’s Barts Health NHS discloses data theft by Cl0p ransomware group via Oracle E-Business Suite zero-day.
[27:36]–[28:46] Gerald’s Commentary:
- Highlights Cl0p’s targeted approach: “They select their victims deliberately and then… maximize value on it.”
- Data accessed: invoices of patients, some staff and supplier info—not as critical as clinical or patient health data, but risk for fraud or business email compromise.
- Likely breach occurred months before discovery—“Bet this breach happened August or September and Barts Health is just figuring it out.” ([29:08])
- Urges vigilance: Such data leaks fuel BEC and future phishing.

5. Virtual Kidnapping Scams Using Deepfakes

[35:56] FBI warns of rise in “virtual kidnapping” scams: criminals use altered social media images or AI-generated videos to convince families their loved ones are kidnapped.
[36:51]–[39:56] Gerald’s Human Take:
- Serious, personal warning: “Scumbags are doing this thing right now where they’re using deepfakes and social media content to simulate it.”
- Mentions a security professional keynote victimized at BSides Charleston.
- Stresses need for family “code words” and open conversations about social engineering.
- Notes risks amplified due to previous school data breaches, fueling attackers’ reconnaissance.

6. Inotiv Pharmaceutical Data Breach Disclosed

[40:27] Follow-up: Pharmaceutical firm Inotiv notifies employees and partners of data exposure after August ransomware attack.
[41:07]–[43:59] Gerald’s Business Angle:
- Points out the business impact: “I have a very good friend who’s in charge of cyber for a pharmaceutical company. I would absolutely send this to him.”
- Notes stock dropped 73% in six months, but company’s financial woes predated breach.
- Key Quote: “Looks like Inotiv has bigger problems than just a data breach.” ([43:59])

7. Porsche Russia Outage Nails Owners in Place

[44:06] Hundreds of Porsche cars in Russia disabled after satellite alarm module (VTS) fails, causing sudden engine shutdowns and locking doors.
[44:50]–[48:36] Gerald’s Reflection:
- “If I spent a ton of money on a Porsche and then I had to get out and disconnect the battery, I’d be ultra pissed, dude!”
- Notes the danger of embedded security systems failing “closed.”
- Reminds listeners to assess what happens to security controls in failure modes: “When you develop a system … you should confirm what happens if it fails.” ([46:05])
- Invites car hacking community to explore the issue.

8. The Engineering vs. Holistic CISO Debate

[48:48] Dark Reading article distinguishes “engineering-focused” vs. “holistic” CISOs; holistic = people, processes, technology, vs. solely technical focus.
[49:57]–[53:53] Gerald’s Professional Pushback:
- Disagrees with the dichotomy: “I patently push back on this concept that you have these two archetype of CISOs and that’s it. I feel like there are other ones out there that could be a blend.”
- Business-focused CISOs may lack technical understanding; technical CISOs need communication skills: “The business-focused … lawyer that is CISO … isn’t necessarily the best equipped for running information security.”

Notable Quotes & Memorable Moments

Credential Hygiene Reminder:
“I’m a huge fan of passphrases. They’re easier to remember, longer, have all the complexity, and it’s not a pain in the A.” — [13:42], Gerald
Community Call to Action:
“I promise you, we go beyond the headlines in order to give you additional value that you wouldn’t normally get.” — [19:51], Gerald
Deepfake Kidnapping Reality:
“Don't think you're too smart for it. This is a very, very intense thing and it's only going to increase.” — [38:16], Gerald
About Becoming a CISO:
“I got in the seat [CISO]… more business than it is cyber. It’s like spreadsheets and people management… like one quarter cyber.” — [59:10], Gerald (Jawjacking)
Porsche Outage:
“You know, get a complicated system and... the more complexity you introduce... [the] more potential is for faults. The fact that this failed closed is interesting.” — [45:54], Gerald
Job Market Advice:
“If you’re looking for a job, now could be the time to get one… AI is exploding … there are tons of CISO jobs out there right now.”—[52:04], Gerald

Community & Career Advice Segments

Community Member of the Week

[33:17]

Shout-out to Eric Capuano for tireless education and community leadership: “He’s just an absolute stud…one of the real ones.”
Key resource: Eric’s “So You Want To Be a SOC Analyst?” free blog + course ([56:08] link shared in jawjacking).

Jawjacking (Post-Podcast AMA, [55:10]–End)

Addresses wide-ranging questions:
- How to field questions about “no CISO aspirations” (“Just be frank—focus on where you offer most value”).
- Hardware for cyber/home lab: “As much RAM as you can get…16 GB minimum, but really depends on intended workloads.”
- GRC conference recommendations (Layer 8, CISO Summit at Black Hat).
- Upcoming Simply Cyber video series (interview prep for GRC/pen testing/SOC roles).
- VPN recommendation: Proton VPN (personal favorite, [91:25]).

Timestamps for Major Segments

| Story/Segment | Timestamp (MM:SS) | |--------------------------------------------------|--------------------------| | Introduction/CPEs/Austin Studio | 00:17 – 10:24 | | Story 1: Palo Alto VPN Brute Force | 10:53 – 15:27 | | Story 2: NATO Cyber Defense Exercise | 16:33 – 22:00 | | Story 3: React to Shell Exploitation | 22:00 – 26:42 | | Story 4: Barts Health NHS Breach (Oracle/Clop) | 26:46 – 30:35 | | Story 5: Virtual Kidnapping Deepfakes | 35:56 – 39:56 | | Story 6: Inotiv Pharma Data Breach | 40:27 – 43:59 | | Story 7: Porsche Remote-Lock Outage | 44:06 – 48:36 | | Story 8: CISO Hiring — Engineering vs Holistic | 48:48 – 53:53 | | Community Member of the Week | 33:17 – 35:21 | | Jawjacking AMA | 55:10 – End |

Additional Insights & Resources

Tabletop Exercise Tips ([19:51]–[22:00]):
- Use “injects” to adapt scenarios and keep participants thinking deeply.
- Don't just “play it safe”; simulate consequences, media queries, or unexpected events.
Career Progression Guidance ([56:08], [59:10]):
- Honest reflections on “going beyond cyber” in leadership; not everyone needs to want the CISO spot.
- Shout-out to Simply Cyber’s upcoming GRC/SOC video series for interview prep, with community experts breaking down best answers ([65:21]–[68:13]).
Fun Fact:
- Gerald almost hosted a Red Bull F1 podcast ([84:11]).

Final Thoughts

Gerald reiterates the importance of continual learning, community engagement, and practical vigilance. He provides personal advice and real-world context to every story, empowering listeners to act proactively.
Above all, Simply Cyber stands as a collaborative space—“helping individuals go further, faster in their cybersecurity careers”—where humor, support, and technical rigor go hand in hand.

“Stay secure!” – Gerald Auger, Simply Cyber

Daily Cyber Threat Brief Podcast – Ep 1019

Date: December 8, 2025
Host: Dr. Gerald Auger (Gerald, Simply Cyber)
Podcast: Daily Cyber Threat Brief by Simply Cyber Media Group

Overview

Key Discussion Points & Insights

1. Palo Alto GlobalProtect VPNs Under Brute-Force Attack

[10:53] Steve Prentiss reports: Since December 2, over 7,000 IPs (mainly from German firm 3xk infrastructure) are brute-forcing login attempts on Palo Alto GlobalProtect portals, pivoting to SonicWall API scanning.
[11:45]–[13:42] Gerald’s Insight:
- Emphasizes that this is brute-force (credential guessing) rather than a technical exploit.
- Key Advice: Ensure MFA is enabled. “This is an opportunity to remind people why multi-factor authentication is vitally important.” (Gerald, [12:55])
- Recommends users check for unusual logins, audit logs, and encourages use of passphrases over standard passwords.
[15:55] Shout-out to Eric Capuano, who recommends VPN device certificates for added security.

2. NATO’s Largest Ever Cyber Defense Exercise

[16:33] Reported by Steve Prentiss: NATO ran a cyber exercise with 1,300 remote participants from 29 Allied and 7 partner nations, testing responses to critical infrastructure attacks.
[17:02]–[18:59] Gerald’s Take:
- This is “basically a massive tabletop exercise.”
- Applauds use of scenario “injects” to steer participants into real decision-making, comparing to a D&D Dungeon Master approach.
- Encourages listeners to use scenario injects in their own tabletop exercises: “Don't be shy to inject and basically control the narrative.” (Gerald, [20:07])
Contextual Reflection: Surprising to see exercises amid active global conflicts (Russia/Ukraine), but stresses the value of preparation.

3. React to Shell Vulnerability – Active State-Backed Exploitation

[22:00] Steve Prentiss shares: Chinese state-backed hackers exploit “React to Shell” (CVSS 10/10), a critical bug in React server components now seen in thousands of products, with POCs public.
[22:51]–[25:35] Gerald’s Response:
- “This is not good…this vulnerability is being actively exploited.”
- Threat is severe because 50M+ websites use React server components, often for storing access secrets.
- Action Alert: Urges defenders to immediately assess/report if their environment is vulnerable.
- Community Call: “If anyone in chat…can share publicly about this situation, please do it in chat to help your fellow people.” (Gerald, [22:51])
- Exploits are actively being attempted; one example: “One threat actor tried to exploit the bug 116 times in an hour.” (Gerald, [24:33])
- Consider third-party risk and gently probe partner security, without crossing legal boundaries.

4. Barts Health NHS Oracle-Related Data Breach

[26:46] London’s Barts Health NHS discloses data theft by Cl0p ransomware group via Oracle E-Business Suite zero-day.
[27:36]–[28:46] Gerald’s Commentary:
- Highlights Cl0p’s targeted approach: “They select their victims deliberately and then… maximize value on it.”
- Data accessed: invoices of patients, some staff and supplier info—not as critical as clinical or patient health data, but risk for fraud or business email compromise.
- Likely breach occurred months before discovery—“Bet this breach happened August or September and Barts Health is just figuring it out.” ([29:08])
- Urges vigilance: Such data leaks fuel BEC and future phishing.

5. Virtual Kidnapping Scams Using Deepfakes

[35:56] FBI warns of rise in “virtual kidnapping” scams: criminals use altered social media images or AI-generated videos to convince families their loved ones are kidnapped.
[36:51]–[39:56] Gerald’s Human Take:
- Serious, personal warning: “Scumbags are doing this thing right now where they’re using deepfakes and social media content to simulate it.”
- Mentions a security professional keynote victimized at BSides Charleston.
- Stresses need for family “code words” and open conversations about social engineering.
- Notes risks amplified due to previous school data breaches, fueling attackers’ reconnaissance.

6. Inotiv Pharmaceutical Data Breach Disclosed

[40:27] Follow-up: Pharmaceutical firm Inotiv notifies employees and partners of data exposure after August ransomware attack.
[41:07]–[43:59] Gerald’s Business Angle:
- Points out the business impact: “I have a very good friend who’s in charge of cyber for a pharmaceutical company. I would absolutely send this to him.”
- Notes stock dropped 73% in six months, but company’s financial woes predated breach.
- Key Quote: “Looks like Inotiv has bigger problems than just a data breach.” ([43:59])

7. Porsche Russia Outage Nails Owners in Place

[44:06] Hundreds of Porsche cars in Russia disabled after satellite alarm module (VTS) fails, causing sudden engine shutdowns and locking doors.
[44:50]–[48:36] Gerald’s Reflection:
- “If I spent a ton of money on a Porsche and then I had to get out and disconnect the battery, I’d be ultra pissed, dude!”
- Notes the danger of embedded security systems failing “closed.”
- Reminds listeners to assess what happens to security controls in failure modes: “When you develop a system … you should confirm what happens if it fails.” ([46:05])
- Invites car hacking community to explore the issue.

8. The Engineering vs. Holistic CISO Debate

[48:48] Dark Reading article distinguishes “engineering-focused” vs. “holistic” CISOs; holistic = people, processes, technology, vs. solely technical focus.
[49:57]–[53:53] Gerald’s Professional Pushback:
- Disagrees with the dichotomy: “I patently push back on this concept that you have these two archetype of CISOs and that’s it. I feel like there are other ones out there that could be a blend.”
- Business-focused CISOs may lack technical understanding; technical CISOs need communication skills: “The business-focused … lawyer that is CISO … isn’t necessarily the best equipped for running information security.”

Notable Quotes & Memorable Moments

Credential Hygiene Reminder:
“I’m a huge fan of passphrases. They’re easier to remember, longer, have all the complexity, and it’s not a pain in the A.” — [13:42], Gerald
Community Call to Action:
“I promise you, we go beyond the headlines in order to give you additional value that you wouldn’t normally get.” — [19:51], Gerald
Deepfake Kidnapping Reality:
“Don't think you're too smart for it. This is a very, very intense thing and it's only going to increase.” — [38:16], Gerald
About Becoming a CISO:
“I got in the seat [CISO]… more business than it is cyber. It’s like spreadsheets and people management… like one quarter cyber.” — [59:10], Gerald (Jawjacking)
Porsche Outage:
“You know, get a complicated system and... the more complexity you introduce... [the] more potential is for faults. The fact that this failed closed is interesting.” — [45:54], Gerald
Job Market Advice:
“If you’re looking for a job, now could be the time to get one… AI is exploding … there are tons of CISO jobs out there right now.”—[52:04], Gerald

Community & Career Advice Segments

Community Member of the Week

[33:17]

Shout-out to Eric Capuano for tireless education and community leadership: “He’s just an absolute stud…one of the real ones.”
Key resource: Eric’s “So You Want To Be a SOC Analyst?” free blog + course ([56:08] link shared in jawjacking).

Jawjacking (Post-Podcast AMA, [55:10]–End)

Addresses wide-ranging questions:
- How to field questions about “no CISO aspirations” (“Just be frank—focus on where you offer most value”).
- Hardware for cyber/home lab: “As much RAM as you can get…16 GB minimum, but really depends on intended workloads.”
- GRC conference recommendations (Layer 8, CISO Summit at Black Hat).
- Upcoming Simply Cyber video series (interview prep for GRC/pen testing/SOC roles).
- VPN recommendation: Proton VPN (personal favorite, [91:25]).

Timestamps for Major Segments

Additional Insights & Resources

Tabletop Exercise Tips ([19:51]–[22:00]):
- Use “injects” to adapt scenarios and keep participants thinking deeply.
- Don't just “play it safe”; simulate consequences, media queries, or unexpected events.
Career Progression Guidance ([56:08], [59:10]):
- Honest reflections on “going beyond cyber” in leadership; not everyone needs to want the CISO spot.
- Shout-out to Simply Cyber’s upcoming GRC/SOC video series for interview prep, with community experts breaking down best answers ([65:21]–[68:13]).
Fun Fact:
- Gerald almost hosted a Red Bull F1 podcast ([84:11]).

Final Thoughts

“Stay secure!” – Gerald Auger, Simply Cyber

🔴 Dec 8’s Top Cyber News NOW! - Ep 1021

Powered by Wave AI

Summary

Daily Cyber Threat Brief Podcast – Ep 1019

Overview

Key Discussion Points & Insights

1. Palo Alto GlobalProtect VPNs Under Brute-Force Attack

2. NATO’s Largest Ever Cyber Defense Exercise

3. React to Shell Vulnerability – Active State-Backed Exploitation

4. Barts Health NHS Oracle-Related Data Breach

5. Virtual Kidnapping Scams Using Deepfakes

6. Inotiv Pharmaceutical Data Breach Disclosed

7. Porsche Russia Outage Nails Owners in Place

8. The Engineering vs. Holistic CISO Debate

Notable Quotes & Memorable Moments

Community & Career Advice Segments

Community Member of the Week

Jawjacking (Post-Podcast AMA, [55:10]–End)

Timestamps for Major Segments

Additional Insights & Resources

Final Thoughts

Summary

Daily Cyber Threat Brief Podcast – Ep 1019

Overview

Key Discussion Points & Insights

1. Palo Alto GlobalProtect VPNs Under Brute-Force Attack

2. NATO’s Largest Ever Cyber Defense Exercise

3. React to Shell Vulnerability – Active State-Backed Exploitation

4. Barts Health NHS Oracle-Related Data Breach

5. Virtual Kidnapping Scams Using Deepfakes

6. Inotiv Pharmaceutical Data Breach Disclosed

7. Porsche Russia Outage Nails Owners in Place

8. The Engineering vs. Holistic CISO Debate

Notable Quotes & Memorable Moments

Community & Career Advice Segments

Community Member of the Week

Jawjacking (Post-Podcast AMA, [55:10]–End)

Timestamps for Major Segments

Additional Insights & Resources

Final Thoughts