Risky Bulletin: Android Switches to Risk-Based Security Updates
Podcast: Risky Bulletin | Host: risky.biz
Date: September 16, 2025
Episode Overview
This episode delivers a fast-paced roundup of major cybersecurity news. The primary focus is on Android's shift to prioritize monthly updates only for high-risk vulnerabilities, with a move to quarterly updates for lower-severity issues. Other key stories cover a self-replicating npm attack, a massive customer data breach at Kering (Gucci’s parent company), major sanctions and legal actions in cybercrime, and updates on large-scale DDoS attacks.
Key Discussion Points & Insights
1. Android’s New Risk-Based Update Policy
- [00:04] Android will only issue monthly security updates for high-risk vulnerabilities; all other issues will be addressed in quarterly releases.
- Policy was implemented as of July 2025.
- Quoted Source: Android Authority.
- Implication: Users may experience delayed patches for moderate/low risks, potentially affecting device security for these threat levels.
2. NPM Registry Compromised by Self-Replicating Attack
- [00:30] Malicious code was deployed to over 180 npm packages after an attacker compromised a JavaScript developer’s account.
- The attack included self-replicating code that spread to other libraries.
- Some compromised packages were published by CrowdStrike.
- The malware stole credentials and access tokens.
3. Global Regulation and Budgets in Cybersecurity
- China:
- [01:03] New regulations require critical infrastructure operators to report serious breaches within one hour. Effective from November 2025.
- Poland:
- [01:16] Cybersecurity budget increased to $1B (from $600M last year) due to rising Russian attacks on infrastructure.
4. Major Data Breach: Kering (Gucci's Parent Company)
- [01:37] Hackers stole 43 million Gucci customer records and another 13 million from brands such as Balenciaga, Brioni, and Alexander McQueen.
- Source: Hack of Kering's Salesforce account.
- Hackers claimed to negotiate a $500,000 ransom (not paid).
5. Cryptocurrency Theft and Platform Fallout
- [02:07] $7.7 million in crypto lost from the Yala Defi platform under unclear circumstances.
- Token value crashed 80% after breach disclosure.
6. Geopolitics and Nation-State Cyber Activity
- [02:30] Ukraine claims DDoS attacks on Russia’s central government sites during Russian elections in occupied territories.
- [02:51] Romania sent over 400 takedown requests for Russian propaganda in 2025; X (formerly Twitter) did not cooperate.
7. Technology Industry Updates
- [03:18] Microsoft’s Copilot AI Assistant to be included with Microsoft 365 desktop suites starting October 2025—not auto-installed in the EU due to privacy regulations.
- Admins must opt out if they do not want Copilot rolled out.
8. Cyber Crime and Law Enforcement
- [03:38] Breach Forums admin “Pompompur” re-sentenced to three years in prison after US DOJ appeal.
- [03:54] Enrique Arias Gil, ex-university professor, added to Europol Most Wanted for aiding Russian hackers.
- [04:09] Finnish authorities charge US national Daniel Lee Neward in the Vastamo psychotherapy hack case.
9. International Sanctions and Police Actions
- [04:31] Cambodia arrests 48 suspects (mostly South Koreans) in scam compound raid in Phnom Penh.
- [04:48] New Zealand sanctions Russian GRU unit 29155 (“Ember Bear”, “Cadet Blizzard”) for Ukraine-related cyberattacks.
- This unit was sanctioned by the EU in January 2025.
10. Industrial-Scale Phishing & Fraud
- [05:09] Microsoft seizes 338 domains used for phishing Microsoft 365.
- Domains linked to the “Raccoon O365” phishing kit, used by over 850 users.
- Kit creators reportedly earned $100,000+.
11. Mobile Fraud on Google Play
- [05:32] 220+ Android apps found part of click fraud operation—over 38 million downloads; clicked 2.3 billion ads per day before Google withdrew them.
12. Record-breaking DDoS Attack
- [05:53] Isaru IoT botnet responsible for 11.5 Tbps DDoS attack—notably took down Steam during Black Wukong launch.
- Botnet managed by three people, 300,000 infected devices (mostly routers and cameras).
13. Hardware Security: Rowhammer Evolves
- [06:15] Academics develop new Rowhammer variant targeting DDR5 memory chips.
- Research supported by Google, led to new standard: Per Row Activation Counting added as DDR5 defense.
Notable Quotes & Memorable Moments
-
On Android updates:
"Android will only issue monthly updates for high risk vulnerabilities. All other security issues will be fixed in quarterly updates."
— Claire Aird [00:04] -
On npm attack:
"The attackers compromised a JavaScript developer's account. From there they deployed self-replicating code that spread to other libraries… The code stole credentials and other access tokens."
— Claire Aird [00:30] -
On the Kering breach:
"Attackers stole 43 million customer records from Gucci and another 13 million combined from brands including Balenciaga, Brioni and Alexander McQueen… The hackers claim they negotiated a $500,000 ransom, which was not paid."
— Claire Aird [01:37] -
On click fraud apps:
"More than 220 Android apps in the Google Play Store are part of a click fraud operation."
— Claire Aird [05:32] -
On Rowhammer:
"Academics have developed a variation of the Rowhammer attack that can flip bits in DDR5 memory modules… a new defence mechanism named Per Row activation counting has been added to the DDR5 standard."
— Claire Aird [06:15]
Important Timestamps
- 00:04: Android announces risk-based security update policy
- 00:30: npm registry compromised with self-replicating attack
- 01:37: Kering (Gucci) customer data stolen in Salesforce breach
- 03:38: Breach Forums admin re-sentenced to prison
- 05:32: Discovery of click fraud apps in Google Play Store
- 05:53: Isaru IoT botnet launches record DDoS
- 06:15: New Rowhammer variant disclosed and mitigation added to DDR5
Tone & Style
The episode is succinct, authoritative, and news-focused, maintaining a professional yet urgent tone throughout. Claire Aird presents complex cybersecurity news in a clear and digestible format suitable for business and infosec audiences.
For more episodes and details: airlockdigital.com
