Risky Bulletin: EU Scraps Chat Control Vote – October 10, 2025

Overview

This episode of Risky Bulletin, delivered by Claire Aird and prepared by Catalyn Kimparnu, provides a fast-paced rundown of the latest major stories in cybersecurity and tech policy as of October 10, 2025. The focal point is the EU’s abandoned “chat control” vote, alongside headline updates ranging from Ukrainian cyber force mobilization to ransom cases, legal developments, and global legislative moves. The team also shares notable breaches, regulatory shifts, and incidents of cyber-extortion.

Key Discussion Points and Insights

1. EU Scraps Chat Control Vote [00:10]

• Summary:
  The EU has called off a crucial vote on proposed “chat control” legislation that would have mandated tech companies to scan user content client-side for child sexual abuse material. Failure to secure enough support, notably from Denmark and Germany, was decisive.
• Political Dynamics:
  • Only 12 of 27 member states supported the bill, 9 opposed, the remainder undecided.
  • Quote:

    “German officials criticised the proposal and said private communication should not be under blanket suspicion.” [00:27]

2. CISA Workers Reassigned to Trump Administration’s Deportation Campaign [00:47]

• Summary:
  CISA cyber specialists have been redirected from their regular cybersecurity roles to assist agencies under the Department of Homeland Security (ICE, Customs and Border Protection, Federal Protective Service). Reassignment was mandatory, with just a week to accept or resign.
• Source: Bloomberg

3. FCC Telecom Data Breach Reporting Rules Halted [01:09]

• Summary:
  Regulatory rules introduced during the Biden administration, requiring telecoms to notify victims within 30 days of breaches, have been paused for re-evaluation. The halt follows industry legal action and a court abeyance requested by current FCC leadership.

4. California’s New Opt-Out Law for Browser Makers [01:32]

• Summary:
  A fresh state law demands browser vendors implement a mechanism for users to opt out of data sales. Opt-out notification must be browser-based, not via pop-ups.
• Notable Detail:
  • This advances privacy protections at the state level and places clear engineering requirements on browser developers.

5. Ukraine Establishes National Cyber Force [01:49]

• Summary:
  A new Cyber Forces Command will report directly to Ukraine’s commander in chief and comprise both regular and reserve members. Notably, civilians can join the reserves for temporary assignments without committing to military careers.

6. Salesforce Ransom Situation [02:09]

• Summary:
  Salesforce refuses ransom demands after the “Scattered Lapses Hunters” group claims to have stolen nearly a billion records from 40 clients. Data originated from a breach earlier this year involving Salesloft and a unit offering AI chat agents.

7. Williams & Connolly Law Firm Breach [02:39]

• Summary:
  Chinese-government-linked attackers accessed attorney email accounts at the US law firm Williams & Connolly, which serves influential politicians. The incident follows recent warnings from Google about targeted campaigns against US law firms.

8. SonicWall Cloud Backup Breach [03:01]

• Summary:
  An update from SonicWall reveals their recent cloud backup breach affected all users of the service, with prior claims of a smaller impact being revised. Affected customers are urged to reset firewall credentials.

9. Telenor Sued Over Data Sharing in Myanmar [03:19]

• Summary:
  Norwegian telco Telenor faces lawsuits after its subsidiary is accused of sharing customer data with Myanmar’s military junta, with the data allegedly used to imprison dissidents.
• Context:
  Myanmar fell under military rule following a coup in 2021.

10. Teens Arrested for UK Nursery Hack [03:44]

• Summary:
  Two 17-year-olds from Hertfordshire (the “Radiant Group”) were arrested after hacking London’s Kedo nursery chain, exfiltrating and leaking data and photos of children for extortion.
• Memorable Moment:

  “The attackers sought ransom after publishing photos and data of 10 young children on the Dark Web." [03:51]

11. Russian Basketball Player and Conti Negotiations Case [04:06]

• Summary:
  Daniil Kasatkin, accused of being a Conti group ransom negotiator, contests charges in France; defense claims he bought a hacked secondhand computer and didn’t own the relevant Gmail account. US pursues extradition.

12. Red Hat Hack Linked to AWS Attacks by Crimson Collective [04:27]

• Summary:
  September’s Red Hat breach is part of a coordinated campaign by the “Crimson Collective” targeting AWS environments via compromised IM accounts to prepare for further extortion.

13. Oracle E-Business Suite Zero-Day [04:47]

• Summary:
  The Clop extortion group exploited an Oracle E Biz zero-day in the wild since July, with Mandiant reporting multiple successful corporate breaches.

14. AI Agents Vulnerable to ASCII Smuggling Attacks [05:07]

• Summary:
  AI agents Rock, Gemini, and Deepseek are susceptible to prompt manipulation through the injection of ASCII control characters—an attack not yet addressed by Google.
  • Quote:

    “Google declined to address the attack vector.” [05:18]

15. China’s Campaign Against Negative Online Speech [05:24]

• Summary:
  China orders social media platforms to scrub content expressing “negative or pessimistic emotions” within two months amid widespread youth dissatisfaction with employment prospects.
  • Host’s Tongue-in-Cheek:

    “So this sounds like a great solution to the problem to us.” [05:44] (dry, sardonic tone)

Notable Quotes & Memorable Moments

• On privacy pushback:

  “German officials criticised the proposal and said private communication should not be under blanket suspicion.” [00:27]

• On Chinese internet censorship:

  “Chinese social media platforms will be required to remove all negative content within two months. Many Chinese youths have complained online about bleak futures and the lack of jobs. So this sounds like a great solution to the problem to us.” [05:24–05:44]

Timeline of Major Segments

| Timestamp | Segment | |---------------|-----------------------------------------------------------| | 00:10 | EU Chat Control vote scrapped | | 00:47 | CISA workers reassigned | | 01:09 | FCC data breach reporting rules halted | | 01:32 | California browser data sale opt-out law | | 01:49 | Ukraine national cyber force established | | 02:09 | Salesforce refuses ransomware payment | | 02:39 | Williams & Connolly breach | | 03:01 | SonicWall breach update | | 03:19 | Telenor sued over Myanmar data-abuse | | 03:44 | UK teens arrested in nursery hacking/extortion case | | 04:06 | Russian basketballer in Conti ransom case | | 04:27 | Red Hat/AWS attacks (“Crimson Collective”) | | 04:47 | Oracle E Biz zero-day extortion campaign | | 05:07 | AI agents vulnerable to ASCII smuggling | | 05:24 | China orders purge of negative social media posts |

Conclusion

This episode provides a rapid-fire update on pressing issues in cybersecurity and policy, handling wide-ranging geographic and topical ground while maintaining a clear-eyed, sometimes wry point of view. From stalled legislation in Brussels to cyber force innovation in Ukraine, ransomware responses, legal wrangling, and internet freedom crackdowns in China, the coverage is essential for stakeholders following adversarial activity, legislative trends, and shifting cyber risk landscapes.