Risky Bulletin: Apple Notifies French Users of Spyware Attacks

Podcast: Risky Bulletin
Host: Claire Aird (Read by), Catalyn Kimparnu (Prepared by)
Date: September 12, 2025

Overview

This episode delivers a brisk rundown of the day's major global cybersecurity news, with a particular focus on spyware threats, government and corporate security incidents, privacy regulation developments, and notable industry updates. Standout stories include Apple’s latest spyware notifications to French users, rising fines for breaches in China, misuse of spyware in Kenya, ongoing ransomware news, and quirky tales like Amsterdam students enjoying free laundry after a hack.

Key Discussion Points & Insights

1. Apple’s Spyware Alerts to French Users

• [00:05] Apple has notified French users about a spyware campaign targeting their devices, marking the fourth such warning this year (after previous alerts in March, May, and June).
  • Quote: "Apple has notified French users of a spyware campaign that targeted their devices. The French cybersecurity agency says this is the fourth time this year." — Claire Aird [00:07]
• The ongoing targeted campaigns highlight persistent threats against Apple device users in France.

2. China Increases Data Breach Penalties

• [00:19] China plans to amend its cybersecurity law, imposing fines up to $1.4 million for critical infrastructure operators and personal fines up to $14,000 for individuals responsible for breaches.
  • Seen as a move to reinforce accountability within organizations.

3. U.S. Now Largest Investor in Spyware Technologies

• [00:32] Report from the Atlantic Council: The U.S. has overtaken Israel, with American investments in spyware tripling in the past year, primarily funding Israeli and U.S. firms.

4. Kenyan Police Spyware Allegations

• [00:42] Two Kenyan filmmakers allege their seized devices were returned infected with Flexispy spyware after their arrest for “publishing false information.” No charges have been filed.
  • Quote: "The filmmakers appeared in court multiple times but have not been charged." — Claire Aird [00:53]

5. Fulton County, Georgia — Lawsuit After Ransomware Incident

• [00:55] Former IT worker Omitade Adeneiyi is suing, claiming he was wrongly blamed and subjected to racial abuse following a ransomware attack. He was dismissed after 14 years along with another Nigerian colleague.

6. QR Code Scams in The Hague

• [01:13] The city warns residents about malicious QR codes overlaid on legitimate parking stickers; these lead to phishing sites, stealing payment and banking info. Similar incidents have occurred in the UK and US.

7. Police Service of Northern Ireland Data Breach Fallout

• [01:30] More than 9,400 staff had their data leaked due to a misconfigured website; compensation sought is approx. 100 million pounds, but “the Police Service…does not have the money to compensate staff impacted.” — Claire Aird [01:32]

8. Amsterdam University Laundry Hack

• [01:45] Hackers disabled smart laundry machine payments, granting students free laundry until the facility was closed for upgrades.
  • Quote: “Students expressed concern that having to pay for laundry would lead to an outbreak of lice.” — Claire Aird [01:52]

9. Australian Healthcare Data Leak

• [01:54] Personal data of 6,000 doctors and staff leaked due to web misconfiguration; information includes passports and medical credentials.

10. Panama’s Ministry of Finance Ransomware Attack

• [02:02] Attack by Inc Ransomware Group. Critical systems unaffected but attackers claim 1.5 TB data theft.

11. Dior Fined in China for Data Law Violation

• [02:10] Dior sent Chinese user data abroad during a hack; fined under China’s Personal Information Protection Law.

12. U.S. Privacy Law Enforcement

• [02:17] California, Colorado, and Connecticut to investigate companies ignoring Global Privacy Control (GPC) protocol, now mandated under state laws.

13. Finnish Hacker Release

• [02:27] Aleksanteri Kivimäki, convicted for the Vastamo psychotherapy data breach, is released on appeal after serving half of a six-year sentence.

14. SonicWall Attacks in Australia

• [02:38] Akira ransomware group exploiting 2024 vulnerability in SonicWall appliances, using compromised credentials.

15. Google Cloud Hackathon: Major Bug Bounties

• [02:45] Google awards $1.6M for discovering 91 cloud platform vulnerabilities at a hackathon, representing two-thirds of its total annual cloud bounty payouts.

16. New Virtualization Side Channel (VMScape)

• [02:51] Researchers introduce VMScape, a new attack targeting AMD Zen and Intel Coffee Lake CPUs; allows virtual machine escape via branch prediction vulnerabilities.

17. Ransomware Insurance Costs Rise

• [03:00] Resilience reports a 53% drop in insurance claims but a 17% increase in costs: “Ransomware has accounted for 91% of all losses.” — Claire Aird [03:05]

18. Microsoft Opens Windows Store to All Developers

• [03:12] Individual developers may now publish apps for free, aiming to lure creators from independent web/GitHub distribution.

19. UK Regulator Pursues Adult Sites Over Age Checks

• [03:22] Ofcom opens probes into 22 more adult sites for failing to implement age verification, following prior enforcement against 34 sites in July.

Memorable Quotes & Moments

• “Apple has notified French users of a spyware campaign that targeted their devices. The French cybersecurity agency says this is the fourth time this year.” – Claire Aird [00:07]
• “The filmmakers appeared in court multiple times but have not been charged.” – Claire Aird [00:53]
• “Students expressed concern that having to pay for laundry would lead to an outbreak of lice.” – Claire Aird [01:52]
• “Ransomware has accounted for 91% of all losses.” – Claire Aird [03:05]
• “The Police Service…does not have the money to compensate staff impacted by a 2023 security breach.” – Claire Aird [01:32]

Timestamps for Important Segments

• [00:05] — Apple notifies French users of spyware campaign
• [00:19] — China proposes stiffer penalties for data breaches
• [00:32] — U.S. investments surge in spyware industry
• [00:42] — Kenyan police install spyware on filmmakers’ devices
• [00:55] — Fulton County IT worker sues after ransomware incident
• [01:13] — Malicious QR codes in The Hague parking lots
• [01:30] — Northern Ireland police data breach compensation woes
• [01:45] — Amsterdam university laundry machines hacked
• [01:54] — NSW Health doctor/staff data breach in Australia
• [02:02] — Ransomware attack on Panama’s Ministry of Finance
• [02:10] — Dior fined by Chinese authorities
• [02:17] — U.S. states enforce data privacy via GPC
• [02:27] — Release of Finnish Vastamo hacker
• [02:38] — Akira ransomware hits SonicWall in Australia
• [02:45] — Google cloud hackathon $1.6M bug bounties
• [02:51] — VMScape: new virtualization escape attack
• [03:00] — Ransomware insurance costs rise despite fewer claims
• [03:12] — Microsoft opens Windows Store to individual developers
• [03:22] — Ofcom investigates more adult sites for age verification

Tone & Style

• Concise, news-focused storytelling delivered with clarity and sparing touches of dry humor (especially on student laundry and lice).
• No-nonsense reporting style, ideal for busy cybersecurity professionals or news enthusiasts.

Conclusion

The episode is an efficient, information-rich briefing on current cybersecurity trends, international regulations, major breaches, and even a glimpse at how cyber incidents can upend daily student life. The show is a reliable go-to for a quick yet deep sweep of global cybersecurity developments.