Daily Cyber Threat Brief – Dec 9’s Top Cyber News NOW! (Ep 1022)

Podcast: Daily Cyber Threat Brief
Host: Dr. Gerald Auger, Simply Cyber Media Group
Date: December 9, 2025
Guest Host for "Jawjacking": Eric Taylor

Overview

In today’s episode, Dr. Gerald Auger delivers a comprehensive, community-driven rundown of the day’s top cybersecurity news stories with insight and humor, closely engaging with listeners—veterans and newcomers alike. He covers the latest ransom statistics, disturbing developments around cyber-enabled real-world crime, significant breaches, malware news, and evolving threats, all while encouraging proactive cybersecurity practices and practical career advice. The episode also features a Q&A “Jawjacking” segment with Eric Taylor, who brings additional focused expertise and answers community questions.

Key Topics & Insights

1. Ransomware Payments Surpass $4.5 Billion

[10:16–16:55]

Summary:
- U.S. Treasury’s FinCEN reports over $4.5B in ransomware payments, with 2023 marking $1B alone.
- Akira is the most frequently reported group; BlackCat (ALPHV) netted the most ($395M).
Practical Takeaways:
- $250k is the most common demand—use as a planning guide for ransom scenarios, insurance, and internal discussions.
- Real costs far exceed ransom payment: downtime, legal fees, recovery, and identity theft protection are additional burdens.
Notable Quote:
- “This is why you can expect ransomware to continue. There’s... a ton of money and the chances of you getting caught or arrested are not that high.” — Gerald [12:28]
- “Don’t think you’re just cutting a check for $250k, wiping your hands and calling it a day. Now you’ve jumped in pluff mud—you still have to clean that off, and that isn’t free.” — Gerald [15:43]

2. Cybercrime Networks Now Orchestrating Real-World Violence

[16:55–21:09]

Summary:
- Europol’s Operation Grim: nearly 200 arrests (including minors) for “violence as a service”—including murder—coordinated through cybercrime networks like “the Combination”.
- Groups traditionally associated with SIM-swapping/extortion moving into real-world contract crime.
Reflection:
- Shocking intersection of cyber and physical crime—criminal groups are grooming teens, exploiting their vulnerabilities for violence.
Notable Quote:
- "What’s insidious about this is I have children—children are being groomed, like this is dystopian.” — Gerald [20:17]
- “Obviously it’s horrible... parents, be involved in your kids’ lives. Don’t just let them get groomed by friggin’ criminals.” — Gerald [20:36]

3. Arrests in Poland for Possession of Hacking Tools – Slippery Slope?

[21:16–25:29]

Summary:
- Three Ukrainians arrested in Poland: found with laptops, Flipper Zero, SIM cards.
- No actual cyberattack, but “potential” use cited in charges.
Debate:
- Raises civil liberty concerns about prosecuting mere possession over actual misuse—parallels drawn with legal possession of technologies.
Notable Quote:
- “The second we start arresting citizens for the potential of what they might be doing, that’s pretty authoritarian, frankly.” — Gerald [23:40]
- “If your strategy is to just hope you understand how a threat actor operates, that’s... less informed.” — Gerald [24:38]

4. Russia Busts $2.6M NFC-Gate Banking Scam Crew

[26:06–30:52]

Summary:
- Malware built on open-source NFC Gate tricked victims into fake banking apps, harvesting card data and PINs via NFC to clone cards and empty accounts via ATM.
Insights:
- Attack flow: phishing to install app → pressure to enroll card → NFC reading for data/PIN → cashout.
- Attack targets regular users (not organizations).
Notable Quote:
- “The NFC protocol is not hacked... It just gets the card data. But the real trick is duping the user to input their PIN.” — Gerald [28:57]

5. Marquee Software Breach Hits 780,000 Customers

[35:36–44:31]

Summary:
- Texas-based fintech firm serving 700+ banks/credit unions breached via unpatched SonicWall firewall.
- Stolen data: names, SSNs, taxpayer IDs, bank/card details. 74 orgs impacted.
- Company’s remediation? Basic hygiene: password changes, account deletions, MFA/VPN lockouts.
Analysis:
- Fundamental controls absent before breach—company lacked CISO, showed weak infosec posture.
Notable Quote:
- “This is 2010 called, they want their novel approach to cybersecurity back. This is ridiculous, dude.” — Gerald [40:49]

6. Prompt Injection: UK Warns AI Models May Never Be Secure

[44:31–47:53]

Summary:
- UK’s NCSC: Large language models (LLMs) like ChatGPT fundamentally vulnerable to prompt injection. Full mitigation may be impossible.
Context:
- LLMs treat input as instructions; no clear separation of data/commands.
- Active research, but vulnerabilities remain open.
Notable Quote:
- “AI is moving quickly. Prompt injection is a major attack vector—just know, AI isn’t going anywhere, and we’re going to keep grinding on it.” — Gerald [47:18]

7. ClayRat Android Spyware Evolves

[48:08–54:10]

Summary:
- Upgraded Android malware, now abuses accessibility services for full device control: capturing PINS, passwords, keylogging and preventing removal.
- Spread via malicious APKs masquerading as legitimate apps.
Recommendations:
- BYOD/Android-heavy orgs need tight user education, mobile device management, and device posture checks.
- Accessibility features may be a common attack surface because they’re less scrutinized.
Notable Quote:
- “If you let staff bring their own device, you are taking on additional risk, because you can’t fully control the device... Educate users!” — Gerald [53:16]

8. EU Users to See Less Personalized Ads as Meta Complies with Privacy Law

[54:10–56:50]

Summary:
- In response to fines and the Digital Markets Act, Meta (Facebook/Instagram) gives EU users real options to limit data sharing and ad personalization.
Interpretation:
- Move is to comply after mega-fines, not out of user advocacy; Meta will likely introduce subtle friction for less-sharing users.
Notable Quote:
- “If I was fined $1B, I’d treat it like I grabbed a hot pan—I’d immediately pull my hand back. Yet Meta continues to operate, which means they're making more than that.” — Gerald [55:13]
- “Just give me a little taste—give me $50/mo for my data, you can hook me up to everything!” — Gerald [56:50]

Community & Career Segments

Tidbits Tuesday: Riding in a Driverless Waymo Car

[32:52–35:22]

Gerald shares first-hand experience with Waymo (driverless Uber ride) in Austin, Texas, likening initial discomfort to a medical exam that turns out fine. The community discusses future of driverless vehicles, safety measures.

Jawjacking with Eric Taylor

[60:01–87:21]

Q&A Highlights:
- Office Chair Recommendations: X Chair and Secret Lab gaming chairs [62:13]
- Microsoft Licensing Price Increases: E5 going from $57→$60 per user/month [73:45]
- SMB2 Memory Leak Advisory: Watch for Microsoft’s pending fix on network file shares [63:57]
- CastleLoader & GreatBravo Campaigns: Malware-as-a-service targeted at multiple industries. Advice to check endpoints for IOCs/IPs ([67:00+])
  - “Don’t ever assume your EDR will do a backward sweep on new IOCs. Always manually check.” — Eric [68:43]
- Are Medical Apps (e.g., Insulin Pumps) Hackable? Yes. All smart devices are vulnerable, echoing “If man made it, man can break it.” Book rec: If It’s Smart, It’s Hackable [72:12]
- Self-Hosted Malware Sandboxing: Cape project possibly revived, Sysmon trace configs useful, app.any.run as a fast online alternative [77:16]
- Spam Call Traceback: Extremely difficult due to VoIP/SIP spoofing [85:17]
Advice to Practitioners:
“If you let your guard down or assume a tool catches everything, you’ll miss something. Validate, verify, and review — always.” — Eric
“If man made it, man can break it.” — Eric [71:16]
“Stay curious and touch some grass if you can.” — Eric [87:21]

Notable Quotes & Moments

“Every single episode... is worth half a CPE, chef’s kiss!” — Gerald [03:14]
“I literally don’t know what stories are coming up—I find out as you find out. My ability to react is just based on my passion for cybersecurity.” — Gerald [17:57]
“If you don’t know what pluff mud is, Google it.” — Gerald [16:55]
Pop Culture Parallels:
- Beverly Hills Cop 2, Minority Report, Total Recall — frequent references add a light touch.

Actionable Takeaways

Use $250k as a baseline for potential ransomware demands—even if your insurance or risk planning needs updating.
Don’t wait for a breach: patch gear, rotate passwords, prune accounts, enable MFA—these are basics.
Educate employees about modern phishing and social engineering, including new vectors like lookalike mobile apps and NFC scams.
Ensure any AI/LLM deployments are regularly tested for prompt injection and basic adversarial inputs.
Closely monitor device policies if allowing BYOD—implement posture checks, and audit use of accessibility features.
Always independently check EDR/XDR for new threat IOCs.
Take privacy options seriously—if your region offers “ad personalization off,” use it.

Timestamps for Important Segments

[10:16] Ransomware Payments Surpass $4.5 Billion
[16:55] Cybercrime Networks Orchestrate Real-World Violence
[21:16] Polish Arrests for Hacking Tools (Civil Liberties Debate)
[26:06] Russian NFC-Gate Banking Scam
[35:36] Marquee Software Breach Details and Critique
[44:31] AI Prompt Injection Warning from UK NCSC
[48:08] ClayRat Android Spyware Update
[54:10] Meta Enables EU Users to Opt-Out
[32:52] Tidbits Tuesday: Waymo Ride Experience
[60:01] Jawjacking Q&A: EDR IOCs, Hardware Security, Sandboxing, and More

Tone & Community

Warm, inclusive, irreverent, and practical.
Open Q&A and camaraderie fostered between host, guests, and chat participants.
Real-world metaphors and humor (e.g., “chef’s kiss,” “pluff mud,” “Total Recall mannequin”).
Encouragement for ongoing professional development & curiosity.

For more info:

Community and upcoming streams: https://simplycyber.io/socials
Flare Dark Web Panel (Dec 11): [Simply Cyber IO Flare]
Fortify365 free Microsoft 365 Security Webinar: webinars.barricadecyber.com

In summary:
Dr. Gerald Auger packs actionable insights and lively conversation into this daily rundown, serving up the cyber threat landscape with equal parts expertise and entertainment. The episode doubles as both news and mentorship for practitioners at every level.

Daily Cyber Threat Brief – Dec 9’s Top Cyber News NOW! (Ep 1022)

Podcast: Daily Cyber Threat Brief
Host: Dr. Gerald Auger, Simply Cyber Media Group
Date: December 9, 2025
Guest Host for "Jawjacking": Eric Taylor

Overview

Key Topics & Insights

1. Ransomware Payments Surpass $4.5 Billion

[10:16–16:55]

Summary:
- U.S. Treasury’s FinCEN reports over $4.5B in ransomware payments, with 2023 marking $1B alone.
- Akira is the most frequently reported group; BlackCat (ALPHV) netted the most ($395M).
Practical Takeaways:
- $250k is the most common demand—use as a planning guide for ransom scenarios, insurance, and internal discussions.
- Real costs far exceed ransom payment: downtime, legal fees, recovery, and identity theft protection are additional burdens.
Notable Quote:
- “This is why you can expect ransomware to continue. There’s... a ton of money and the chances of you getting caught or arrested are not that high.” — Gerald [12:28]
- “Don’t think you’re just cutting a check for $250k, wiping your hands and calling it a day. Now you’ve jumped in pluff mud—you still have to clean that off, and that isn’t free.” — Gerald [15:43]

2. Cybercrime Networks Now Orchestrating Real-World Violence

[16:55–21:09]

Summary:
- Europol’s Operation Grim: nearly 200 arrests (including minors) for “violence as a service”—including murder—coordinated through cybercrime networks like “the Combination”.
- Groups traditionally associated with SIM-swapping/extortion moving into real-world contract crime.
Reflection:
- Shocking intersection of cyber and physical crime—criminal groups are grooming teens, exploiting their vulnerabilities for violence.
Notable Quote:
- "What’s insidious about this is I have children—children are being groomed, like this is dystopian.” — Gerald [20:17]
- “Obviously it’s horrible... parents, be involved in your kids’ lives. Don’t just let them get groomed by friggin’ criminals.” — Gerald [20:36]

3. Arrests in Poland for Possession of Hacking Tools – Slippery Slope?

[21:16–25:29]

Summary:
- Three Ukrainians arrested in Poland: found with laptops, Flipper Zero, SIM cards.
- No actual cyberattack, but “potential” use cited in charges.
Debate:
- Raises civil liberty concerns about prosecuting mere possession over actual misuse—parallels drawn with legal possession of technologies.
Notable Quote:
- “The second we start arresting citizens for the potential of what they might be doing, that’s pretty authoritarian, frankly.” — Gerald [23:40]
- “If your strategy is to just hope you understand how a threat actor operates, that’s... less informed.” — Gerald [24:38]

4. Russia Busts $2.6M NFC-Gate Banking Scam Crew

[26:06–30:52]

Summary:
- Malware built on open-source NFC Gate tricked victims into fake banking apps, harvesting card data and PINs via NFC to clone cards and empty accounts via ATM.
Insights:
- Attack flow: phishing to install app → pressure to enroll card → NFC reading for data/PIN → cashout.
- Attack targets regular users (not organizations).
Notable Quote:
- “The NFC protocol is not hacked... It just gets the card data. But the real trick is duping the user to input their PIN.” — Gerald [28:57]

5. Marquee Software Breach Hits 780,000 Customers

[35:36–44:31]

Summary:
- Texas-based fintech firm serving 700+ banks/credit unions breached via unpatched SonicWall firewall.
- Stolen data: names, SSNs, taxpayer IDs, bank/card details. 74 orgs impacted.
- Company’s remediation? Basic hygiene: password changes, account deletions, MFA/VPN lockouts.
Analysis:
- Fundamental controls absent before breach—company lacked CISO, showed weak infosec posture.
Notable Quote:
- “This is 2010 called, they want their novel approach to cybersecurity back. This is ridiculous, dude.” — Gerald [40:49]

6. Prompt Injection: UK Warns AI Models May Never Be Secure

[44:31–47:53]

Summary:
- UK’s NCSC: Large language models (LLMs) like ChatGPT fundamentally vulnerable to prompt injection. Full mitigation may be impossible.
Context:
- LLMs treat input as instructions; no clear separation of data/commands.
- Active research, but vulnerabilities remain open.
Notable Quote:
- “AI is moving quickly. Prompt injection is a major attack vector—just know, AI isn’t going anywhere, and we’re going to keep grinding on it.” — Gerald [47:18]

7. ClayRat Android Spyware Evolves

[48:08–54:10]

Summary:
- Upgraded Android malware, now abuses accessibility services for full device control: capturing PINS, passwords, keylogging and preventing removal.
- Spread via malicious APKs masquerading as legitimate apps.
Recommendations:
- BYOD/Android-heavy orgs need tight user education, mobile device management, and device posture checks.
- Accessibility features may be a common attack surface because they’re less scrutinized.
Notable Quote:
- “If you let staff bring their own device, you are taking on additional risk, because you can’t fully control the device... Educate users!” — Gerald [53:16]

8. EU Users to See Less Personalized Ads as Meta Complies with Privacy Law

[54:10–56:50]

Summary:
- In response to fines and the Digital Markets Act, Meta (Facebook/Instagram) gives EU users real options to limit data sharing and ad personalization.
Interpretation:
- Move is to comply after mega-fines, not out of user advocacy; Meta will likely introduce subtle friction for less-sharing users.
Notable Quote:
- “If I was fined $1B, I’d treat it like I grabbed a hot pan—I’d immediately pull my hand back. Yet Meta continues to operate, which means they're making more than that.” — Gerald [55:13]
- “Just give me a little taste—give me $50/mo for my data, you can hook me up to everything!” — Gerald [56:50]

Community & Career Segments

Tidbits Tuesday: Riding in a Driverless Waymo Car

[32:52–35:22]

Gerald shares first-hand experience with Waymo (driverless Uber ride) in Austin, Texas, likening initial discomfort to a medical exam that turns out fine. The community discusses future of driverless vehicles, safety measures.

Jawjacking with Eric Taylor

[60:01–87:21]

Q&A Highlights:
- Office Chair Recommendations: X Chair and Secret Lab gaming chairs [62:13]
- Microsoft Licensing Price Increases: E5 going from $57→$60 per user/month [73:45]
- SMB2 Memory Leak Advisory: Watch for Microsoft’s pending fix on network file shares [63:57]
- CastleLoader & GreatBravo Campaigns: Malware-as-a-service targeted at multiple industries. Advice to check endpoints for IOCs/IPs ([67:00+])
  - “Don’t ever assume your EDR will do a backward sweep on new IOCs. Always manually check.” — Eric [68:43]
- Are Medical Apps (e.g., Insulin Pumps) Hackable? Yes. All smart devices are vulnerable, echoing “If man made it, man can break it.” Book rec: If It’s Smart, It’s Hackable [72:12]
- Self-Hosted Malware Sandboxing: Cape project possibly revived, Sysmon trace configs useful, app.any.run as a fast online alternative [77:16]
- Spam Call Traceback: Extremely difficult due to VoIP/SIP spoofing [85:17]
Advice to Practitioners:
“If you let your guard down or assume a tool catches everything, you’ll miss something. Validate, verify, and review — always.” — Eric
“If man made it, man can break it.” — Eric [71:16]
“Stay curious and touch some grass if you can.” — Eric [87:21]

Notable Quotes & Moments

“Every single episode... is worth half a CPE, chef’s kiss!” — Gerald [03:14]
“I literally don’t know what stories are coming up—I find out as you find out. My ability to react is just based on my passion for cybersecurity.” — Gerald [17:57]
“If you don’t know what pluff mud is, Google it.” — Gerald [16:55]
Pop Culture Parallels:
- Beverly Hills Cop 2, Minority Report, Total Recall — frequent references add a light touch.

Actionable Takeaways

Use $250k as a baseline for potential ransomware demands—even if your insurance or risk planning needs updating.
Don’t wait for a breach: patch gear, rotate passwords, prune accounts, enable MFA—these are basics.
Educate employees about modern phishing and social engineering, including new vectors like lookalike mobile apps and NFC scams.
Ensure any AI/LLM deployments are regularly tested for prompt injection and basic adversarial inputs.
Closely monitor device policies if allowing BYOD—implement posture checks, and audit use of accessibility features.
Always independently check EDR/XDR for new threat IOCs.
Take privacy options seriously—if your region offers “ad personalization off,” use it.

Timestamps for Important Segments

[10:16] Ransomware Payments Surpass $4.5 Billion
[16:55] Cybercrime Networks Orchestrate Real-World Violence
[21:16] Polish Arrests for Hacking Tools (Civil Liberties Debate)
[26:06] Russian NFC-Gate Banking Scam
[35:36] Marquee Software Breach Details and Critique
[44:31] AI Prompt Injection Warning from UK NCSC
[48:08] ClayRat Android Spyware Update
[54:10] Meta Enables EU Users to Opt-Out
[32:52] Tidbits Tuesday: Waymo Ride Experience
[60:01] Jawjacking Q&A: EDR IOCs, Hardware Security, Sandboxing, and More

Tone & Community

Warm, inclusive, irreverent, and practical.
Open Q&A and camaraderie fostered between host, guests, and chat participants.
Real-world metaphors and humor (e.g., “chef’s kiss,” “pluff mud,” “Total Recall mannequin”).
Encouragement for ongoing professional development & curiosity.

For more info:

Community and upcoming streams: https://simplycyber.io/socials
Flare Dark Web Panel (Dec 11): [Simply Cyber IO Flare]
Fortify365 free Microsoft 365 Security Webinar: webinars.barricadecyber.com

🔴 Dec 9’s Top Cyber News NOW! - Ep 1022

Powered by Wave AI

Summary

Daily Cyber Threat Brief – Dec 9’s Top Cyber News NOW! (Ep 1022)

Overview

Key Topics & Insights

1. Ransomware Payments Surpass $4.5 Billion

2. Cybercrime Networks Now Orchestrating Real-World Violence

3. Arrests in Poland for Possession of Hacking Tools – Slippery Slope?

4. Russia Busts $2.6M NFC-Gate Banking Scam Crew

5. Marquee Software Breach Hits 780,000 Customers

6. Prompt Injection: UK Warns AI Models May Never Be Secure

7. ClayRat Android Spyware Evolves

8. EU Users to See Less Personalized Ads as Meta Complies with Privacy Law

Community & Career Segments

Tidbits Tuesday: Riding in a Driverless Waymo Car

Jawjacking with Eric Taylor

Notable Quotes & Moments

Actionable Takeaways

Timestamps for Important Segments

Tone & Community

For more info:

Summary

Daily Cyber Threat Brief – Dec 9’s Top Cyber News NOW! (Ep 1022)

Overview

Key Topics & Insights

1. Ransomware Payments Surpass $4.5 Billion

2. Cybercrime Networks Now Orchestrating Real-World Violence

3. Arrests in Poland for Possession of Hacking Tools – Slippery Slope?

4. Russia Busts $2.6M NFC-Gate Banking Scam Crew

5. Marquee Software Breach Hits 780,000 Customers

6. Prompt Injection: UK Warns AI Models May Never Be Secure

7. ClayRat Android Spyware Evolves

8. EU Users to See Less Personalized Ads as Meta Complies with Privacy Law

Community & Career Segments

Tidbits Tuesday: Riding in a Driverless Waymo Car

Jawjacking with Eric Taylor

Notable Quotes & Moments

Actionable Takeaways

Timestamps for Important Segments

Tone & Community

For more info: