Summary5 min read

Risky Bulletin: Another Chinese Security Firm Has Its Data Leaked

Risky Business Podcast • November 11, 2025
Prepared by Catalyn Kimparnu, read by Claire Aird

Episode Overview

This episode of Risky Bulletin, presented by Claire Aird, covers the latest developments in global cybersecurity. Main stories include a major data leak from Chinese security firm Nosec, an ongoing breach at the U.S. Congressional Budget Office, legislative updates to key cybersecurity laws, and broader impacts of recent cyberattacks on corporations and economies around the world. The episode delivers concise, authoritative updates suitable for information security professionals and those interested in high-impact cybersecurity news.

Key Discussion Points and Insights

1. Major Data Leak at Chinese Security Firm Nosec

[00:17]

Nosec, a Chinese cybersecurity firm backed by Tencent, suffered a significant leak of more than 12,000 internal documents.
- Leaked files include: details about contracts with the Chinese government, descriptions of hacking tools, and a list of past targets.
- Nosec is recognized in the West for the Zoom Eye IoT search engine.
The leak echoes last year's breach at another Chinese firm, Isoon.

"The leaked files contain details about contracts with the Chinese government, hacking tools and a list of previous targets." (Claire Aird, 00:27)

2. U.S. Congressional Budget Office Breach Continues

[01:03]

Breach at the Congressional Budget Office (CBO) has not yet been contained.
Guidance issued: Workers at other federal agencies told to avoid digital communication with CBO staff—including email, Zoom, Microsoft Teams.

"Workers at other federal agencies have been told to avoid communicating digitally with CBO staff. This includes email, Zoom and Microsoft Teams." (Claire Aird, 01:12)

3. Extension of the Cybersecurity Information Sharing Act

[01:24]

The Cybersecurity Information Sharing Act of 2015 expired in late September.
Legislation to end the government shutdown includes a provision extending the Act until January 30.
- Passed the Senate on Sunday; expected to clear the House this week.

4. Iranian Hacktivists Leak Australian Military Schematics

[01:40]

Cybertufan Group, an Iranian hacktivist group, leaked confidential schematics for Australia’s Redback Infantry Fighting Vehicles.
- The files were stolen from Maya Technologies, an Israeli firm working on some vehicle components.
- Files published on the group’s Telegram channel.

5. Jaguar Land Rover Ransomware Attack Impacts UK’s GDP

[01:58]

Previous ransomware attack at Jaguar Land Rover disrupted production and affected thousands of suppliers.
The Bank of England confirmed the attack contributed to lower GDP growth in Q3.
- Officials had anticipated economic impact from the disruption.

6. Asahi Brewery Struggles After Cyber Attack

[02:20]

Japanese brewer Asahi operating at only 10% capacity more than a month after a crippling cyber attack.
Lost top market position to rival Kirin.
Delayed financial report to prioritize restoration ahead of winter holidays.

7. Intel Sues Former Employee for Alleged Data Theft

[02:43]

Intel is suing Jinfeng Luo, a former Seattle design engineer, for stealing 18,000+ files just before leaving the company.
- Luo initially blocked from copying data to external drive, but succeeded days later by connecting a NAS to Intel’s network.

"The company says Jinfeng Luo stole more than 18,000 files in July, days before his employment was due to end." (Claire Aird, 02:47)

8. Microsoft Expands Phishing-resistant MFA Adoption

[03:05]

99.6% of Microsoft staff accounts and devices now use phishing-resistant multi-factor authentication (MFA).
These changes are part of the Secure Future Initiative.
- 35,000+ engineers now work on security full-time.
- High-risk employees restricted to locked-down Azure virtual desktops.

9. Security Improvement on Python’s PyPI via Trusted Publishing

[03:30]

Over 25% of all PyPI package updates now use the Trusted Publishing Mechanism.
- Maintainers authorize CI/CD platforms to publish via short-lived tokens, reducing risks associated with long-lived tokens.

10. Massive Growth in UK Cyber Insurance Claims

[03:50]

British insurers paid out £197 million in cyber claims last year, up from £59 million in 2023.
- Over half were ransomware or malware related.

11. Ongoing Attacks on Triofox File Sharing Servers

[04:08]

Threat actor group UNC6485 has been exploiting an authentication bypass vulnerability in Triofox file sharing servers for over two months.
- Vulnerability allows access to configuration files and remote code execution.
- Patches released in July; attackers still targeting unpatched systems.

12. OWASP Top 10: 2025 Update Announced

[04:31]

OWASP Foundation is preparing an updated Top 10 list of web application flaws (last updated 2021).
- New entries: “Software Supply Chain Failures” debuts at #3, “Mishandling of Exceptional Conditions” enters at #10.

Memorable Quotes & Moments

"The leaked files contain details about contracts with the Chinese government, hacking tools and a list of previous targets." — Claire Aird, [00:27]
"Workers at other federal agencies have been told to avoid communicating digitally with CBO staff." — Claire Aird, [01:12]
"Intel is suing a former employee for allegedly stealing confidential data... more than 18,000 files in July, days before his employment was due to end." — Claire Aird, [02:43]
"British insurance companies paid out £197 million in cyber claims last year. The association of British Insurers says it was more than three times the 59 million pounds paid in 2023." — Claire Aird, [03:53]

Timestamps for Important Segments

Nosec Data Leak — [00:17]
CBO Breach — [01:03]
Cybersecurity Information Sharing Act Extension — [01:24]
Australian Military Leak by Iranian Hacktivists — [01:40]
Jaguar Land Rover Ransomware and UK GDP — [01:58]
Asahi Cyber Attack Fallout — [02:20]
Intel Employee Data Theft Lawsuit — [02:43]
Microsoft MFA and Secure Future Initiative — [03:05]
PyPI Trusted Publishing — [03:30]
UK Cyber Insurance Claims — [03:50]
Triofox Attacks — [04:08]
2025 OWASP Top 10 Update — [04:31]

Conclusion

This Risky Bulletin episode delivers a tightly curated update on the ever-evolving global cybersecurity landscape. Recurrent themes include the increasing prevalence and consequences of critical infrastructure breaches, the rapid escalation in cyber insurance payouts, and the industry’s gradual embrace of more robust authentication and supply chain security. The inclusion of fresh insights, pragmatic legislative updates, and forewarning about ongoing threat actor activity makes it an essential listen for cybersecurity professionals and enthusiasts alike.

Loading summary

Transcript1 lines

[00:04]
A
Internal data leaks from another Chinese security firm. A U.S. congressional Budget Office breach has not been contained. The Cyber Info Sharing act likely to be extended until January and we have a new OWASP top 10. This is the Risky bulletin prepared by Catalyn Kimparnu and read by me, Claire aird. Today is the 12th of November and and this podcast episode is brought to you by cloud security company Prowler. In today's top story, more than 12,000 internal documents from a Chinese security firm have been leaked online. The firm, Nosec, is backed by Tencent and is known in the west for its Zoom Eye IoT search engine. The leaked files contain details about contracts with the Chinese government, hacking tools and a list of previous targets. Last year, another Chinese firm, Isoon, also had internal files leaked. In other news, a recent security breach at the U.S. congressional Budget Office has not yet been contained. Workers at other federal agencies have been told to avoid communicating digitally with CBO staff. This includes email, Zoom and Microsoft Teams. The Cybersecurity Information sharing Act of 2015 is set to be extended. It expired in late September, but legislation that aims to end the US government shutdown includes a provision to extend the act until January 30. The bill passed the Senate on Sunday and is expected to clear the House this week. An Iranian hacktivist group has leaked classified schematics for Australia's Redback Infantry Fighting Vehicles. The cybertufan Group has published the files on its Telegram channel. The group stole the files from Maya Technologies, an Israeli defence contractor involved in the production of some components. The ransomware attack on Jaguar Land Rover has impacted the UK's gross domestic product numbers. The bank of England confirmed that the incident earlier this year led to lower GDP growth in the third quarter. The attack disrupted production at Jaguar's factories as well as thousands of smaller suppliers in September. UK officials had speculated the disruption would impact the numbers. Japanese brewer Asahi is still only operating at 10% capacity more than a month after it was crippled by a cyber attack. The company has lost its number one spot in Japan's beer market to rival Kirin. Asahi's third quarter financial report was due this week, but the company postponed it to focus on restoring operations ahead of the winter holidays. Intel is suing a former employee for allegedly stealing confidential data. The company says Jinfeng Luo stole more than 18,000 files in July, days before his employment was due to end. The suit claims Luo initially failed to copy data to an external hard drive after he was blocked by security controls. Days later, he succeeded in stealing the data by connecting a NAS to Intel's network. Luo had been a Seattle based design engineer at intel since 2014. Microsoft says the majority of its employees use Phishing resistant multi factor authentication. 99.6% of state staff accounts and devices have been migrated to stronger mfa. The changes are part of the company's Secure Future Initiative, a project that began two years ago to overhaul the company's security culture. The tech giant says it now has more than 35,000 engineers working on security full time. All high risk employees now also work from locked down Azure virtual desktop environments. More than 25% of all Pypi package updates are now published via the platform's Trusted Publishing Mechanism. The system allows package maintainers to authorise CI CD platforms to publish releases on their behalf using short lived AUTH tokens. This eliminates the need to issue long lived tokens to developer accounts that can be stolen. British insurance Companies paid out £197 million in cyber claims last year. The association of British Insurers says it was more than three times the 59 million pounds paid in 2023. More than half of the claims were for ransomware and other malware related incidents. A threat actor has been hacking Triofox file sharing servers for more than two months. The attacks exploit a vulnerability that can bypass authentication, access configuration files and then run code on the Triofox server. Patches for the bug were released in July. The group responsible is Traktors UNC6485 and is targeting unpatched systems. And finally, the OWASP foundation is preparing a new version of its top 10 categories of web application flaws. Software supply chain failures have debuted on the list in the number three spot. Another new entry, mishandling of Exceptional Conditions, has entered at number 10. The OWASP top 10 is updated every few years. The last version was released in 2021 and that is all for this podcast edition. Today's show was brought to you by our sponsor, Prowler. Buy them@prowler.com thanks to your company.