Risky Bulletin: FCC Removes 1,200 Voice Providers from US Phone Network
Podcast: Risky Bulletin
Host: risky.biz (Catalin Kim Panu, read by Claire)
Date: August 27, 2025

Episode Overview

This episode provides a rapid, authoritative rundown of the week’s major cybersecurity stories. The headline: The US FCC disconnects over 1,200 voice providers from the national phone network over anti-robocall compliance failures. Also covered are cyberattacks disrupting state governments, critical breaches at tech and insurance platforms, active global espionage campaigns, threats in spyware and AI, and new Google developer verification mandates.

Key Discussion Points and Insights

1. FCC Boots 1,200 Voice Providers for Robocall Failures

[00:05 – 01:10]

• The US Federal Communications Commission (FCC) has disconnected over 1,200 voice service providers for failing to comply with anti-robocall protocols.
• Providers were ordered in 2024 to implement “STIR/SHAKEN” protocols, maintain updated contact info, and provide clear ownership details.
• Those failing to comply were purged from the “robocall mitigation database,” meaning telcos must block their services.
• Quote:

  “The US Federal Communications Commission has effectively disconnected more than 1,200 voice service providers from the phone network.” – Claire [00:12]

• Purpose: To stem robocalls and fraud by enforcing technical and ownership transparency.

2. Major Disruptive Cyberattacks on US Public Services

[01:10 – 02:10]

Nevada State Government Shutdown

• Nevada temporarily shut down public-facing government services after a cyberattack.
• Websites, in-person services, phone lines, and backend systems were all affected.
• Ransomware is suspected, but not confirmed.
• Quote:

  “The incident has taken out in person services as well as websites, phone lines and several back end systems.” – Claire [01:27]

Maryland Disability Transport Disrupted

• A cyber incident hit Maryland's Transit Administration’s “mobility” program, impacting transport coordination for people with disabilities.
• No attribution yet; core public transport unaffected.

3. SalesLoft and Salesforce Supply Chain Attack

[02:10 – 03:00]

• Hackers breached SalesLoft—an AI-driven sales automation platform—gaining access to customers’ Salesforce accounts.
• Attack vector was OAuth tokens granted to SalesLoft’s AI chat agent.
• Data harvested from Salesforce used to leapfrog to other cloud platforms.
• SalesLoft revoked certain integrations and is urging customers to re-authenticate.
• Google attributes the attack to threat group “UNC6395”.
• Quote:

  “Google said the attackers pivoted into Salesforce using OAuth tokens from the SalesLoft AI chat agent.” – Claire [02:38]

4. Massive Breach at Farmers Insurance

[03:00 – 03:30]

• Farmers Insurance was breached in late May via a Salesforce account, affecting 1.1 million customers.
• Exposed data: Names, addresses, birth dates, driver’s license numbers, last 4 digits of SSNs.
• Disclosure made through official data breach notification.

5. Other Major Cybersecurity Incidents and Vulnerabilities

[03:30 – 06:00+]

- Attack on Israeli ISP (Rimon)

• Iranian group “Promised Revenge” claims credit for disabling internet aimed at Orthodox Jewish community in Israel.
• Services down since August 23.

- Citrix Netscaler Zero-Day

• Active exploitation of Citrix Netscaler pre-auth RCE.
• Exploited for web shell deployment, urgent patching advised.

- TruthSpy Account Takeover Flaw

• Catastrophic bug in TruthSpy lets attackers reset any account’s password.
• Company claims it can’t patch the issue:

  “Truth Spy told TechCrunch it can’t fix the bug because it has misplaced the app’s source code.” – Claire [04:32]

- Chinese Espionage via Edge Devices

• UNC6384 group leverages compromised network edge devices to infiltrate Southeast Asian diplomats, delivering PlugX malware.

- Sustained ScreenConnect Cloud Phishing

• Persistent spear phishing targeting up to 1,000 ScreenConnect Cloud admin accounts per run, prompting ransomware payloads.

- Russian Max App Privacy Fears

• Mandatory app logging all user activity, tracking precise location in real time.
• App to be pre-installed on all mobile devices in Russia from September.
• No encryption, leading to serious privacy concerns.

6. Policy and Regulatory Developments

[06:00+]

- US States Warn AI/Social on Child Safety

• 44 US states issue stern warning to AI/social platforms after news that Meta’s chatbot had inappropriate exchanges with minors.
• Letter sent to multiple companies including Anthropic, Meta, OpenAI.

- AI Browser Security: Perplexity's Comet Patch

• Comet (AI browser) fixed a flaw enabling hidden malicious prompts in website code.
• Discovery by Brave Browser Team; Guardio warns many AI browsers are similarly vulnerable.

- Google Android Developer Verification

• Starting March 2026: All Android app developers must verify their real-world identities.
• Applies even to apps outside Google Play.
• New Android OS versions to block unverified apps.
• Rollout begins in Brazil, Indonesia, Singapore, and Thailand.

Notable Quotes & Memorable Moments

• “The US Federal Communications Commission has effectively disconnected more than 1,200 voice service providers from the phone network.” – Claire [00:12]
• “Truth Spy told TechCrunch it can’t fix the bug because it has misplaced the app’s source code.” – Claire [04:32]
• “Russia’s national Max app is monitoring and logging all user activity... The app does not use encryption and tracks user location in real time with high accuracy.” – Claire [05:12]

Important Timestamps

• 00:05: FCC severs ties with 1,200 voice providers, robocall context
• 01:10: Nevada state government cyberattack coverage
• 02:10: SalesLoft/Salesforce cloud supply-chain breach
• 03:00: Farmers Insurance data breach
• 03:30: Update on Israeli ISP Rimon DDoS
• 04:00: Citrix zero-day patch alert
• 04:32: TruthSpy’s unfixable security hole
• 05:12: Russia's “Max” spyware app revelation
• 06:00+: Child AI chatbot safety warnings, AI browser vulnerabilities, Google developer verification policy

Episode Tone & Style

• Direct, news-driven, technical and matter-of-fact (“just the facts” approach)
• Each story is crisply summarized, heavy on actionable technical and policy detail, light on speculation.

Summary

This Bulletinesque episode is a brisk, information-dense update for cybersecurity professionals, zeroing in on regulatory crackdowns (FCC robocall rules; Google’s identity verification for developers), major breaches (Salesforce, Farmers Insurance), critical vulnerabilities (Citrix, TruthSpy), and ongoing global threat campaigns. It also spotlights the increasing attention to AI, privacy, and app security policy at both national and global scales.

If you need a pulse-check on current cyber threats and defenses, this episode delivers essential, up-to-date intelligence in under ten minutes.