Risky Bulletin: EU Has a Problem Attracting and Retaining Cyber Talent

Podcast: Risky Bulletin
Host: Risky Biz
Episode Date: December 12, 2025
Summary Prepared By: Catalyn Kim Panu, read by Clare Aird

Episode Overview

This episode delivers a fast-paced update on key cybersecurity incidents and policy changes as of December 10, 2025. The main focus is the ongoing difficulty within the European Union in attracting and retaining skilled cybersecurity talent, with wide-ranging causes and implications for European organizations. Other stories cover major breaches, government actions against hackers and companies, zero-day exploits in important software, and policy updates from tech giants and governments.

Key Discussion Points & Insights

1. EU’s Cybersecurity Talent Problem

• Central Issue: European organizations are “struggling to attract and retain cybersecurity talent.”
• Findings from EU Cybersecurity Agency Survey:
  • Many job applicants lack necessary skills.
  • Employers often lack proper training programs.
  • High turnover: Burnout, excessive workload, and lack of competitive compensation are driving experts away.
  • European organizations spend about 9% of IT budgets on cybersecurity, suggesting possible underinvestment.
• Implication: Weakness in the cyber workforce undermines the EU’s cyber resilience.

2. Global Policy and Regulatory Moves

• US Visa Rule:
  • All foreign travelers must now provide five years of social media history, phone numbers, and email addresses.
  • Applies even to nations in the visa waiver program like Japan, EU countries, and Australia.
• UK & US Sanctions:
  • Two Chinese cybersecurity contractors, Isoon and Integrity Tech, were sanctioned for links to Chinese espionage.
    • “Integrity Tech has been linked to a Chinese cyber espionage group known as Flax Typhoon.” [01:03]
  • Both firms are accused of contracting for Chinese intelligence.

3. Major Cybersecurity Incidents & Breaches

• Coupang CEO Resignation:
  • CEO Park Dae Jun resigned after a massive breach affecting “two thirds of the country’s population.”
  • Authorities raided headquarters seeking evidence; the hacker is a Chinese national who formerly worked for Coupang’s security team.
  • Third major South Korean firm hit this year, following SK Telecom and Korea Telecom CEO resignations.
• Petco Flaw:
  • Petco closed part of its site exposing veterinary customer data, including pet medical details.
• LastPass Fine:
  • UK’s ICO fined the password manager £1.2 million over the 2022 breach affecting 1.6 million UK customers; strong criticism for lacking security measures.
• US Indictments:
  • Ukrainian woman charged for attacks on US infrastructure, causing “an ammonia leak at a US meat processing factory.”
• Dutch DDoS Attacker:
  • Dutch prosecutors seek an eight-month sentence for DDoS attacks on the country’s 112 emergency number, motivated by a business dispute.

4. Cybercrime Cases and Law Enforcement

• Accenture Fraud Indictment:
  • Product manager Danielle Hilmer charged with misleading auditors about compliance and hiding platform deficiencies.
• Training Malware Use:
  • Qiu Haibeng, Malaysian national, jailed for five years for creating educational videos for cybercriminals on Android RATs.
• Ukrainian Botmaster:
  • 22-year-old arrested for selling hacked social accounts and running a 5,000-account bot farm.
• Crypto Exchange Paxful:
  • Paxful plead guilty to laundering, fined $4 million; accused of facilitating fraud, romance scams, extortion, and prostitution via lax controls.

5. Major Patches, Threats, & Vulnerabilities

• Chrome and Gogs Zero-Days:
  • Chrome zero day actively exploited—8th this year—but sparse details disclosed.
  • Gogs (Git server) zero day allows remote code execution; more than 700 servers already compromised.
• .NET Sopone Flaw:
  • Discovered by Watchtower Labs, enables RCE in various apps (Umbraco, Barracuda Service, Ivanti Endpoint Manager); Microsoft left patching to vendors.
• Notepad Supply Chain Patch:
  • Security fix for the Notepad code editor now ensures signatures and certificates in update system.
• Traefik TLS Blunder:
  • Misconfigured security setting disabled—rather than enabled—TLS verification.
• Microsoft Bug Bounty Expansion:
  • Now pays bounties for vulnerabilities in its services even when the root cause is third-party code.

6. New Attack Techniques

• ClickFix OAuth Leak Variant:
  • Attackers trick users into copying OAuth secrets to attacker-controlled sites.
  • “The technique is a variation of an attack used by Russian state sponsored hackers earlier this year.” [05:10]

7. Industry and Platform Policy Updates

• TLS Certificate Changes:
  • CA/Browser Forum to phase out 11 domain validation methods, including email and phone, by March 2028.
• Android Emergency Video:
  • New feature allows Android users to share live video with emergency services in select regions.
• PowerShell Security Feature:
  • PowerShell 5.1 will now warn users before executing web content with Invoke-WebRequest.

Notable Quotes & Memorable Moments

• On EU cybersecurity:
  • “Employers also don’t have proper training programs. Cyber experts who leave cite excessive workloads, burnout and the lack of competitive salaries and bonuses.” [00:22]
• On sanctions:
  • “Sanctions were levied against Isoon and Integrity Tech. Both are contractors that have provided hacking services to Chinese intelligence agencies.” [00:50]
• On Coupang breach:
  • “The police sought evidence related to a recent hack that exposed the personal data of two thirds of the country’s population.” [01:16]
• On Patch priorities:
  • “Microsoft elected not to patch Net itself, instead leaving it to individual applications to fix.” [03:52]
• On bug bounties:
  • “The company will now pay bounties for vulnerability that impact its systems, even if the root cause is in third party code.” [04:35]

Timeline of Important Segments (Timestamps)

• [00:04] – Main story: EU’s cyber talent woes
• [00:40] – US visa requirement for five years of social media
• [00:50] – UK & US sanctions on Chinese cyber contractors
• [01:12] – Coupang CEO steps down post-breach
• [01:48] – Petco exposes customer data
• [02:00] – LastPass fined over breach
• [02:25] – Ukrainian indicted for US infrastructure attacks
• [02:43] – Dutch man prosecuted for DDoS on emergency services
• [02:50] – Accenture manager indicted for fraud
• [03:00] – Qiu Haibeng sentenced for cybercrime training
• [03:12] – Ukrainian botmaster arrested
• [03:20] – Paxful guilty plea
• [03:31] – Chrome zero day and Gogs zero day
• [03:52] – .NET Sopone flaw
• [04:12] – Notepad update fix
• [04:18] – Traefik proxy TLS bug
• [04:23] – Microsoft expands bug bounty
• [04:35] – Clickfix OAuth attack
• [05:44] – CA/Browser Forum sunsetting outdated TLS validation
• [05:54] – Android live video to emergency services
• [06:03] – PowerShell adds security warning

Tone & Style

The reporting is concise, factual, and brisk; the host delivers technical details clearly but without unnecessary jargon, making the episode accessible to infosec professionals and the general public alike. The tone is matter-of-fact, occasionally bordering on dry, but with enough color in the delivery to hold attention during rapid news segments.

Conclusion

This episode of Risky Bulletin is a comprehensive roundup of key developments, with a central spotlight on the EU’s critical shortage of cybersecurity professionals—a problem exacerbated by burnout, insufficient pay, and lack of training. The show also reviews major hacks, policy changes, new attack methods, and vendor fixes, painting a vivid picture of the cybersecurity landscape as 2025 draws to a close.