Risky Bulletin: Cyberattack Cripples Cars Across Russia

Podcast: Risky Bulletin (Risky Biz)
Date: January 27, 2026
Host: Amberly Jack
Prepared by: Catalyn Campanu

Episode Overview

This episode delivers a brisk, information-packed roundup of the week’s major cybersecurity news, with a headline focus on a cyberattack that left thousands of cars in Russia immobile by targeting an internet-connected car alarm system. Amberly Jack also highlights global legal, political, and technical developments in cybersecurity, ranging from legal actions over stolen data, new regulatory moves in Israel and France, tech company settlements, to vulnerabilities in major software platforms.

Key Discussion Points & Insights

1. Headline Story: Russian Cars Crippled by Cyberattack

[00:04–01:10]

• Incident: A cyberattack targeted the Delta smart automotive alarm system in Russia, disabling the ability of owners to unlock, start, or silence alarms on their vehicles.
• Company Response: Delta acknowledged the attack but withheld technical details.
• Impact: Many Russian car owners were rendered immobile; broader implications for IoT and automotive cybersecurity.

Amberly Jack:
“Car owners reported not being able to open doors, silence alarms or start cars. The company has confirmed the incident but has not provided further details.”
[00:17]

2. Major Data Leak Severs U.S. Treasury Contract

[01:11–01:51]

• The US Treasury canceled contracts with Booz Allen Hamilton following revelations that a firm employee leaked IRS records from 2018–2020.
• Over 400,000 Americans’ tax details, including those of President Donald Trump, Elon Musk, and Jeff Bezos, were exposed.
• The data was sent to ProPublica and the New York Times.

3. New Israeli Cybersecurity Law

[01:52–02:19]

• Israel is poised to pass a law requiring all organizations to notify the National Cyber Directorate of cyberattacks.
• Immediate reporting is mandatory for attacks on critical infrastructure.

4. EU Investigation into X Over Explicit AI Content

[02:20–02:40]

• The European Commission is investigating X (formerly Twitter) and its Grok AI feature for generating explicit images of women and children.
• X and its XAI division face potential fines up to 6% of global revenue.
• More than a dozen countries are pursuing similar probes.

5. Chinese Cyber Espionage on UK Officials

[02:41–03:12]

• Chinese hackers targeted phones of aides to UK prime ministers Boris Johnson, Liz Truss, and Rishi Sunak between 2021 and 2024.
• Unclear how much access was obtained or if the prime ministers themselves were compromised.

6. France Mandates Sovereign Video Conferencing

[03:13–03:36]

• French government directs all agencies to replace Zoom and Teams with a domestic platform, Visio, by 2027.
• Part of a national initiative for digital sovereignty.

7. Mass ATM Jackpotting Scheme in the U.S.

[03:37–03:56]

• The US indicted 31 Venezuelan and Colombian nationals for a coordinated ATM jackpotting campaign using the Plautus malware.
• The group is linked to the Aragua cartel; DOJ has now charged 87 people.

8. Spyware Lawsuit Win Against Saudi Arabia

[03:57–04:24]

• Saudi critic Ghanem Al Masaray won £3 million in damages after Pegasus spyware was found on his phone.
• The Saudi government did not participate in the UK lawsuit, citing immunity.
• The suit included lost revenue and severe depression after Al Masaray had to shut down his YouTube channel.

9. Doxxing and Swatting Arrests in Eastern Europe

[04:25–04:45]

• Four suspects arrested in Hungary and Romania for targeted harassment, threats, and bomb hoaxes directed at various organizations.

10. Tow Truck Fraud in Spain

[04:46–05:10]

• Rogue tow operators are abusing Spain’s new mandatory V16 emergency beacons by intercepting location signals to scam car owners before legitimate help arrives.

11. Scattered Lapsus Hunters: Okta and SSO Phishing

[05:11–05:37]

• The group has targeted SSO accounts at over 100 companies using phishing panels and real-time attack methods.
• Notable targets include Atlassian, Zillow, HubSpot, Epic Games, and Telstra.

12. Security Updates and Vulnerabilities

[05:38–06:50]

• Microsoft: Emergency patch for an Office zero-day in object embedding; newer Office versions are less susceptible.
• OpenSSL: Patch for a critical bug allowing remote code execution via malformed CMS packets; one of 12 vulnerabilities addressed.
• Kubernetes: API WebSocket auth bypass vulnerability will be addressed in a new system launching in April.

Amberly Jack:
“Microsoft has released an out of band security update to patch an actively exploited Office Zero day.”
[05:38]

13. WhatsApp Rolls Out Lockdown Feature

[06:51–07:19]

• Inspired by Apple’s and Android’s advanced security modes, WhatsApp’s new lockdown feature:
  • Enables two-factor authentication
  • Turns on security notifications
  • Prompts encrypted backups
  • Disables link previews, blocks unsolicited attachments/media

14. Major Tech Companies Settle Privacy Suits

[07:20–07:40]

• Google agrees to a $68 million settlement over allegations its voice assistant illegally recorded users for ad targeting.
• Apple settled a similar case for $95 million over Siri recordings last year.

15. Chrome Extensions Stealing ChatGPT Tokens

[07:41–08:00]

• Fifteen Chrome extensions and one Edge extension stole OpenAI ChatGPT tokens.
• Distribution was limited (900 downloads total), but the threat highlights persistent privacy issues in browser extensions.

Notable Quotes & Memorable Moments

• On the Russia Car Attack:

  “Car owners reported not being able to open doors, silence alarms or start cars.”
  — Amberly Jack, [00:17]

• On the IRS Leak:

  “A Booz Allen employee leaked tax records of more than 400,000 Americans to ProPublica and the New York Times.”
  — Amberly Jack, [01:28]

• On WhatsApp’s Security Feature:

  “The strict account settings feature is inspired by Apple’s lockdown mode and Android’s advanced protection mode.”
  — Amberly Jack, [06:53]

Timestamps for Important Segments

• Russian Car Cyberattack: 00:04–01:10
• IRS Leak/Booz Allen: 01:11–01:51
• Israeli Cybersecurity Law: 01:52–02:19
• EU Investigation of X: 02:20–02:40
• Chinese Hackers Target UK Officials: 02:41–03:12
• French Video Conferencing Mandate: 03:13–03:36
• ATM Jackpotting Indictments: 03:37–03:56
• Spyware Lawsuit Win: 03:57–04:24
• Eastern European Doxxing/Swatting Arrests: 04:25–04:45
• Spanish Tow Truck Fraud: 04:46–05:10
• SSO/Okta Phishing Campaign: 05:11–05:37
• Security Vulnerability Updates: 05:38–06:50
• WhatsApp Lockdown Feature: 06:51–07:19
• Voice Assistant Settlements: 07:20–07:40
• Malicious Chrome Extensions: 07:41–08:00

Tone and Language

Amberly Jack maintains a brisk, neutral, and factual tone, moving quickly through each headline with minimal commentary, focusing on the impact and key facts of each cybersecurity development.

Summary

This episode offers a jam-packed roundup of major stories at the intersection of technology, law, and global security. The wide-ranging updates—from car immobilizations in Russia to privacy law settlements—underscore increasing digital threats and regulatory scrutiny, while also providing practical alerts about patches and emerging risks relevant to cybersecurity professionals and the general public.