Daily Cyber Threat Brief: Nov 26’s Top Cyber News NOW! - Ep 1014

Host: Dr. Gerald Auger, Ph.D. (Simply Cyber Media Group)
Date: November 26, 2025

Episode Overview

This episode delivers a fast-paced briefing on the most pressing cybersecurity news stories affecting practitioners, business leaders, and aspiring professionals. With Thanksgiving looming, Dr. Gerald Auger mixes expertise, practical advice, and community warmth, tackling topics from attacks on secure messaging apps to the dangers of reusing passwords. The energetic, engaging session spotlights risk management tips, threat trends, and actionable community insights.

Key Discussion Points and Insights

1. CISA Warns of Signal, WhatsApp Account Hijacking

[15:44 – 24:37]

Story: State-backed hackers and cyber mercenaries are targeting Signal and WhatsApp users—especially VIPs—in the US, EU, and Middle East. Attack methods include spoofed apps, phishing with malicious QR codes, and zero-click exploits, especially on Samsung devices.
Analysis:
- Shifting Threat Landscape: As sensitive communications move to secure messaging, attackers pivot to these platforms.
  - “Threat actors are realizing that the messaging apps are where the critical information is…this is a clear indication of a modification of the threat landscape.” — Gerald [16:45]
- Mitigation: Focus on user education—avoiding unofficial app stores, recognizing phishing attempts, and using MFA. Notably, technical exploits are primarily affecting Android.
- Zero-click Exploit: Particularly dangerous since it doesn’t require user interaction. For high-risk users (VIPs), consider using a dedicated device and account for sensitive communications, limiting the impact of compromise.
- Interview Advice: This is a highly relatable example to use in job interviews to demonstrate threat modeling, risk management, and control implementation.
- Quote: “You cannot eliminate all risk…that’s how you become an absolute boss at cybersecurity and GRC.” — Gerald [23:56]

2. Stealsea Infostealer via Weaponized Blender Files

[24:38 – 28:52]

Story: Russian actors spread the Stealsea V2 info-stealer by uploading compromised Blender 3D model files to popular online marketplaces. Files run embedded Python code if Blender's Autorun is enabled—leading to data theft across browsers, crypto wallets, and messaging/VPN clients.
Analysis:
- Targeted Vector: Attack focuses on 3D artists/modelers, exploiting the trust in legitimate platforms (like cgtrader.com).
- Technical Breakdown: Malicious Blender file launches PowerShell, downloads secondary payloads, and evades most antivirus tools.
- Advice: IT/soc teams should warn relevant power users, monitor PowerShell cradle activity, and recognize that seemingly legitimate downloads might harbor threats.
- Notable Quote: “When they take a very specific file type, they’re trying to reinforce and narrow down the victim population… It’s all around python run.” — Gerald [25:34]

3. Russian Cybersecurity Entrepreneur Arrested for Treason after Criticizing State Messaging App

[28:53 – 32:50]

Story: Timur Killeen, founder of several Russian cyber startups, was arrested on treason charges after criticizing "Max," a soon-to-be-mandatory state messaging app, for security flaws.
Analysis & Insight:
- Government Control: Potential risks of government-mandated apps that centralize communications and payments—raising surveillance and censorship concerns.
- No Immediate Action for Pros: Story serves as a lesson on geopolitics and state use of technology for control, rather than technical lessons for most practitioners.
- Quote: “This is a lever of power around citizens. There's nothing for you to do here as an individual… but know this is what it can look like.” — Gerald [32:03]

4. "Hash Jack Attack" — AI Browser Prompt Injection Vulnerability

[32:51 – 35:17]

Story: Researchers identify a vulnerability in browser-based AI assistants (like Copilot, Gemini, Perplexity) where placing commands after a hash in a URL can inject malicious prompts the AI executes, potentially leading to unintended data leakage or phishing.
Analysis:
- Input Validation Failure: The prompt injection is simple—attackers exploit a lack of input sanitization.
- Security Opportunity: AI vulnerabilities are a rapidly growing research niche—“If you’re looking to make a splash from a personal branding perspective right now, AI all the things would be huge.” [34:08]
- Advice: Developers must consider AI as a new attack surface needing robust validation.

5. Account Takeover Fraud Cases Top $262 Million in 2025

[43:40 – 47:52]

Story: The FBI reports more than $262 million lost to account takeover scams this year alone, with threats ranging from fake payment platform logins, phishing texts, SEO-poisoned ads, to holiday-season shopping domains.
Practical Tips:
- Teach End-Users: Use plain language when warning family and staff, especially around holidays and major events.
- Avoid Overwhelm: “Don’t pull out the murder board with the red strings… Just get to the point.” — Gerald [44:41]
- Real Impact: “My good friend’s parents got taken for 5 grand last Christmas…imagine if you will, there’s certainly people who if they lost 5 grand, it would ruin them.” [45:51]

6. Supply Chain Attack on Emergency Alert System (Code Red)

[53:24 – 60:06]

Story: The OnSolve Code Red platform, supplying emergency alerts to state/local governments, was breached. User data (names, emails, phone numbers, and cleartext passwords) was stolen. The "Ink" ransomware gang posted screenshots confirming the breach.
Analysis:
- Cleartext Passwords: Outrage at Crisis24’s cleartext password storage. “You lazy! It’s not hard to not store cleartext passwords!” — Gerald [56:02]
- Action Items: Immediate password resets, audit for password reuse elsewhere, enable MFA.
- Supply Chain Reminder: The reach is broad (10,000+ communities affected), and comms about breaches often don’t reach the right people due to staff turnover or generic inboxes.

7. M&A Cyber Pitfalls: Akira Ransomware via SonicWall Appliances

[60:07 – 60:45]

Story: During mergers and acquisitions, Akira ransomware affiliates exploited inherited, unpatched SonicWall VPN appliances belonging to the acquired company, quickly achieving full network compromise.
Real-World Guidance:
- Due Diligence: Always send a cross-functional “tiger team” (IT, network, cyber, apps) before connecting environments.
- Anecdote: “You do inherit all sorts of tech debt… we’ve connected networks before that were actively infected and we didn’t know it.” — Gerald [61:10]

8. Arctic Wolf Reports Russian Group Targets U.S. Firm with Ukrainian Sister City

[47:53 – 53:24]

Story: Russian group RomCom allegedly targeted a U.S. engineering firm due to its work with a sister city in Ukraine. Gerald expresses skepticism that the connection is meaningful, seeing it as a possible PR stretch.
Hot Take:
- “Nobody is attacking sister cities. The sister city is just a friggin marketing thing, it’s a goodwill gesture… There’s absolutely zero military or geopolitical value.” — Gerald [50:20]

Community Engagement and Memorable Moments

Worldwide Wednesday Community Roll Call

[09:36 – 15:41]
A beloved weekly activity showcasing the global reach and inclusivity of the Simply Cyber community, with listeners checking in from every continent—highlighting cybersecurity’s truly international presence.

Notable Quotes

“You cannot eliminate all risk. The only way to eliminate risk is to stop using cellphones… So you have to accept some. How do you manage that risk? That’s the name of the game.” — Gerald [23:56]
“If you don’t know what a Blender file is, chances are you’re absolutely not going to be exposed to this particular challenge.” — Gerald [25:24]
“You lazy! It’s not hard to not store cleartext passwords!” — Gerald [56:02]
“Threat actors will regularly jump on whatever is the hottest thing right now… The holidays are so hot right now.” — Gerald [46:09]
“If you’re involved with an acquisition, put together a tiger team. We had like one application person, one cyber person, me, one IT person, one networking person… comb through all the crap.” — Gerald [61:10]
“Sister city is just a friggin marketing thing… zero military or geopolitical value. To me, it’s like ‘let's post it’.” — Gerald [50:17]

Listener Q&A (Jawjacking: 61:25+)

Key questions discussed:

Industrial Control System Security (ICS/OT): Gerald recommends the resource library and YouTube content of Mike Holcomb for deep-dive, beginner-friendly lessons.
Cybersecurity M&A Advice: Emphasizes auditing inherited tech, data compatibility, contracts, and user access—plus the importance of a cross-disciplinary assessment team.
Advice for Family Cyber Safety (Holidays): Share simple, memorable warnings; avoid jargon or overwhelming details.
Headphones, Cloud Security, and Pen Testing Career Moves: Recommends Aftershokz for headphones, the Cloud Security Podcast (Ashish Rajan), and highlights web app and AI pen testing as strong growth areas.
Memorable moment: Gerald shares his love for Simply Cyber’s community and value in supporting both personal and professional growth: “For me personally… seeing my wife just makes me smile… That’s what I’m thankful for.” [70:48]

Timestamps – At-A-Glance

[00:01] Show intro, community welcome, Worldwide Wednesday
[15:44] Start of news stories (CISA warns of messaging app attacks)
[24:38] Stealsea infostealer via Blender 3D model files
[28:53] Russian entrepreneur arrested for criticizing state app
[32:51] AI browser prompt injection (“Hash Jack Attack”)
[43:40] FBI highlights $262M in account takeover fraud
[47:53] Arctic Wolf: Sister city attack narrative
[53:24] Code Red Emergency Alert breach
[60:07] Akira ransomware/M&A security pitfalls
[61:25+] Jawjacking: Community Q&A, advice, and news

Tone and Style

Dr. Auger’s approach is highly conversational, candid, and community-driven—offering expert breakdowns with humor, humility, and “real talk” moments. He’s transparent about not over-preparing, prioritizing actionable insights and managing risk over perfection.

Summary

This episode demonstrates why Simply Cyber’s briefings are a must for both new and veteran cybersecurity professionals. You’ll come away with:

Practical tips for securing messaging, handling M&A tech, and educating end users against seasonal fraud
Insights on government overreach, AI-related risks, and the importance of good password hygiene
Salient career advice, encouraging listeners to leverage timely examples in interviews and skill-building pursuits

Community engagement and practical, judgment-free support are the undercurrents throughout, making complex cybersecurity news approachable and actionable.

For more, join Simply Cyber’s daily livestreams or catch the replay on YouTube. Remember: “You cannot eliminate all risk—so how do you manage it?”

Daily Cyber Threat Brief: Nov 26’s Top Cyber News NOW! - Ep 1014

Host: Dr. Gerald Auger, Ph.D. (Simply Cyber Media Group)
Date: November 26, 2025

Episode Overview

Key Discussion Points and Insights

1. CISA Warns of Signal, WhatsApp Account Hijacking

[15:44 – 24:37]

Story: State-backed hackers and cyber mercenaries are targeting Signal and WhatsApp users—especially VIPs—in the US, EU, and Middle East. Attack methods include spoofed apps, phishing with malicious QR codes, and zero-click exploits, especially on Samsung devices.
Analysis:
- Shifting Threat Landscape: As sensitive communications move to secure messaging, attackers pivot to these platforms.
  - “Threat actors are realizing that the messaging apps are where the critical information is…this is a clear indication of a modification of the threat landscape.” — Gerald [16:45]
- Mitigation: Focus on user education—avoiding unofficial app stores, recognizing phishing attempts, and using MFA. Notably, technical exploits are primarily affecting Android.
- Zero-click Exploit: Particularly dangerous since it doesn’t require user interaction. For high-risk users (VIPs), consider using a dedicated device and account for sensitive communications, limiting the impact of compromise.
- Interview Advice: This is a highly relatable example to use in job interviews to demonstrate threat modeling, risk management, and control implementation.
- Quote: “You cannot eliminate all risk…that’s how you become an absolute boss at cybersecurity and GRC.” — Gerald [23:56]

2. Stealsea Infostealer via Weaponized Blender Files

[24:38 – 28:52]

Story: Russian actors spread the Stealsea V2 info-stealer by uploading compromised Blender 3D model files to popular online marketplaces. Files run embedded Python code if Blender's Autorun is enabled—leading to data theft across browsers, crypto wallets, and messaging/VPN clients.
Analysis:
- Targeted Vector: Attack focuses on 3D artists/modelers, exploiting the trust in legitimate platforms (like cgtrader.com).
- Technical Breakdown: Malicious Blender file launches PowerShell, downloads secondary payloads, and evades most antivirus tools.
- Advice: IT/soc teams should warn relevant power users, monitor PowerShell cradle activity, and recognize that seemingly legitimate downloads might harbor threats.
- Notable Quote: “When they take a very specific file type, they’re trying to reinforce and narrow down the victim population… It’s all around python run.” — Gerald [25:34]

3. Russian Cybersecurity Entrepreneur Arrested for Treason after Criticizing State Messaging App

[28:53 – 32:50]

Story: Timur Killeen, founder of several Russian cyber startups, was arrested on treason charges after criticizing "Max," a soon-to-be-mandatory state messaging app, for security flaws.
Analysis & Insight:
- Government Control: Potential risks of government-mandated apps that centralize communications and payments—raising surveillance and censorship concerns.
- No Immediate Action for Pros: Story serves as a lesson on geopolitics and state use of technology for control, rather than technical lessons for most practitioners.
- Quote: “This is a lever of power around citizens. There's nothing for you to do here as an individual… but know this is what it can look like.” — Gerald [32:03]

4. "Hash Jack Attack" — AI Browser Prompt Injection Vulnerability

[32:51 – 35:17]

Story: Researchers identify a vulnerability in browser-based AI assistants (like Copilot, Gemini, Perplexity) where placing commands after a hash in a URL can inject malicious prompts the AI executes, potentially leading to unintended data leakage or phishing.
Analysis:
- Input Validation Failure: The prompt injection is simple—attackers exploit a lack of input sanitization.
- Security Opportunity: AI vulnerabilities are a rapidly growing research niche—“If you’re looking to make a splash from a personal branding perspective right now, AI all the things would be huge.” [34:08]
- Advice: Developers must consider AI as a new attack surface needing robust validation.

5. Account Takeover Fraud Cases Top $262 Million in 2025

[43:40 – 47:52]

Story: The FBI reports more than $262 million lost to account takeover scams this year alone, with threats ranging from fake payment platform logins, phishing texts, SEO-poisoned ads, to holiday-season shopping domains.
Practical Tips:
- Teach End-Users: Use plain language when warning family and staff, especially around holidays and major events.
- Avoid Overwhelm: “Don’t pull out the murder board with the red strings… Just get to the point.” — Gerald [44:41]
- Real Impact: “My good friend’s parents got taken for 5 grand last Christmas…imagine if you will, there’s certainly people who if they lost 5 grand, it would ruin them.” [45:51]

6. Supply Chain Attack on Emergency Alert System (Code Red)

[53:24 – 60:06]

Story: The OnSolve Code Red platform, supplying emergency alerts to state/local governments, was breached. User data (names, emails, phone numbers, and cleartext passwords) was stolen. The "Ink" ransomware gang posted screenshots confirming the breach.
Analysis:
- Cleartext Passwords: Outrage at Crisis24’s cleartext password storage. “You lazy! It’s not hard to not store cleartext passwords!” — Gerald [56:02]
- Action Items: Immediate password resets, audit for password reuse elsewhere, enable MFA.
- Supply Chain Reminder: The reach is broad (10,000+ communities affected), and comms about breaches often don’t reach the right people due to staff turnover or generic inboxes.

7. M&A Cyber Pitfalls: Akira Ransomware via SonicWall Appliances

[60:07 – 60:45]

Story: During mergers and acquisitions, Akira ransomware affiliates exploited inherited, unpatched SonicWall VPN appliances belonging to the acquired company, quickly achieving full network compromise.
Real-World Guidance:
- Due Diligence: Always send a cross-functional “tiger team” (IT, network, cyber, apps) before connecting environments.
- Anecdote: “You do inherit all sorts of tech debt… we’ve connected networks before that were actively infected and we didn’t know it.” — Gerald [61:10]

8. Arctic Wolf Reports Russian Group Targets U.S. Firm with Ukrainian Sister City

[47:53 – 53:24]

Story: Russian group RomCom allegedly targeted a U.S. engineering firm due to its work with a sister city in Ukraine. Gerald expresses skepticism that the connection is meaningful, seeing it as a possible PR stretch.
Hot Take:
- “Nobody is attacking sister cities. The sister city is just a friggin marketing thing, it’s a goodwill gesture… There’s absolutely zero military or geopolitical value.” — Gerald [50:20]

Community Engagement and Memorable Moments

Worldwide Wednesday Community Roll Call

Notable Quotes

“You cannot eliminate all risk. The only way to eliminate risk is to stop using cellphones… So you have to accept some. How do you manage that risk? That’s the name of the game.” — Gerald [23:56]
“If you don’t know what a Blender file is, chances are you’re absolutely not going to be exposed to this particular challenge.” — Gerald [25:24]
“You lazy! It’s not hard to not store cleartext passwords!” — Gerald [56:02]
“Threat actors will regularly jump on whatever is the hottest thing right now… The holidays are so hot right now.” — Gerald [46:09]
“If you’re involved with an acquisition, put together a tiger team. We had like one application person, one cyber person, me, one IT person, one networking person… comb through all the crap.” — Gerald [61:10]
“Sister city is just a friggin marketing thing… zero military or geopolitical value. To me, it’s like ‘let's post it’.” — Gerald [50:17]

Listener Q&A (Jawjacking: 61:25+)

Key questions discussed:

Industrial Control System Security (ICS/OT): Gerald recommends the resource library and YouTube content of Mike Holcomb for deep-dive, beginner-friendly lessons.
Cybersecurity M&A Advice: Emphasizes auditing inherited tech, data compatibility, contracts, and user access—plus the importance of a cross-disciplinary assessment team.
Advice for Family Cyber Safety (Holidays): Share simple, memorable warnings; avoid jargon or overwhelming details.
Headphones, Cloud Security, and Pen Testing Career Moves: Recommends Aftershokz for headphones, the Cloud Security Podcast (Ashish Rajan), and highlights web app and AI pen testing as strong growth areas.
Memorable moment: Gerald shares his love for Simply Cyber’s community and value in supporting both personal and professional growth: “For me personally… seeing my wife just makes me smile… That’s what I’m thankful for.” [70:48]

Timestamps – At-A-Glance

[00:01] Show intro, community welcome, Worldwide Wednesday
[15:44] Start of news stories (CISA warns of messaging app attacks)
[24:38] Stealsea infostealer via Blender 3D model files
[28:53] Russian entrepreneur arrested for criticizing state app
[32:51] AI browser prompt injection (“Hash Jack Attack”)
[43:40] FBI highlights $262M in account takeover fraud
[47:53] Arctic Wolf: Sister city attack narrative
[53:24] Code Red Emergency Alert breach
[60:07] Akira ransomware/M&A security pitfalls
[61:25+] Jawjacking: Community Q&A, advice, and news

Tone and Style

Summary

This episode demonstrates why Simply Cyber’s briefings are a must for both new and veteran cybersecurity professionals. You’ll come away with:

Practical tips for securing messaging, handling M&A tech, and educating end users against seasonal fraud
Insights on government overreach, AI-related risks, and the importance of good password hygiene
Salient career advice, encouraging listeners to leverage timely examples in interviews and skill-building pursuits

Community engagement and practical, judgment-free support are the undercurrents throughout, making complex cybersecurity news approachable and actionable.

For more, join Simply Cyber’s daily livestreams or catch the replay on YouTube. Remember: “You cannot eliminate all risk—so how do you manage it?”

🔴 Nov 26’s Top Cyber News NOW! - Ep 1014

Powered by Wave AI

Summary

Daily Cyber Threat Brief: Nov 26’s Top Cyber News NOW! - Ep 1014

Episode Overview

Key Discussion Points and Insights

1. CISA Warns of Signal, WhatsApp Account Hijacking

2. Stealsea Infostealer via Weaponized Blender Files

3. Russian Cybersecurity Entrepreneur Arrested for Treason after Criticizing State Messaging App

4. "Hash Jack Attack" — AI Browser Prompt Injection Vulnerability

5. Account Takeover Fraud Cases Top $262 Million in 2025

6. Supply Chain Attack on Emergency Alert System (Code Red)

7. M&A Cyber Pitfalls: Akira Ransomware via SonicWall Appliances

8. Arctic Wolf Reports Russian Group Targets U.S. Firm with Ukrainian Sister City

Community Engagement and Memorable Moments

Worldwide Wednesday Community Roll Call

Notable Quotes

Listener Q&A (Jawjacking: 61:25+)

Timestamps – At-A-Glance

Tone and Style

Summary

Summary

Daily Cyber Threat Brief: Nov 26’s Top Cyber News NOW! - Ep 1014

Episode Overview

Key Discussion Points and Insights

1. CISA Warns of Signal, WhatsApp Account Hijacking

2. Stealsea Infostealer via Weaponized Blender Files

3. Russian Cybersecurity Entrepreneur Arrested for Treason after Criticizing State Messaging App

4. "Hash Jack Attack" — AI Browser Prompt Injection Vulnerability

5. Account Takeover Fraud Cases Top $262 Million in 2025

6. Supply Chain Attack on Emergency Alert System (Code Red)

7. M&A Cyber Pitfalls: Akira Ransomware via SonicWall Appliances

8. Arctic Wolf Reports Russian Group Targets U.S. Firm with Ukrainian Sister City

Community Engagement and Memorable Moments

Worldwide Wednesday Community Roll Call

Notable Quotes

Listener Q&A (Jawjacking: 61:25+)

Timestamps – At-A-Glance

Tone and Style

Summary