Risky Bulletin: Microsoft Restricts Chinese Firms’ Access to MAPP

Podcast: Risky Bulletin (Risky.biz)
Date: August 21, 2025
Host/Reader: Claire Aird
Prepared by: Catalyn Kim Panu

Episode Overview

This episode delivers a rapid-fire rundown of the latest events and emerging stories in cybersecurity. Major headlines include Microsoft's new restrictions on Chinese firms in its MAPP program, notable zero-day exploits, an unprecedented market for mobile vulnerabilities, high-profile cybercrime convictions, and ongoing government actions in tech and security worldwide.

Key Discussion Points and Insights

Microsoft Restricts Chinese Firms’ Access to MAPP

[00:04]

• Change: Chinese cybersecurity firms now face restricted access to Microsoft’s Active Protections Program (MAPP).

• Reason: According to Bloomberg, the restriction applies in countries requiring firms to report vulnerabilities to their governments. Leaks, such as the recent SharePoint zero-day, are suspected to have originated from this program.

• Impact: Chinese firms are the only ones affected so far. All MAPP participants will now receive only general descriptions of upcoming patches, not proof-of-concept code.

  “Microsoft will also no longer provide proof of concept code for flaws. Participants in the program will only receive a general description of upcoming patches.”
  — Claire Aird, [00:23]

Apple Patches Active Zero-Day

[01:14]

• Vulnerability: Found in Apple’s Image IO framework and exploited via malicious media files.

• Attack: Used in sophisticated, targeted operations against specific individuals.

• Action: Apple has rolled out patches for iOS and macOS.

  “Apple says the Zero day was used in a sophisticated attack against specific targeted individuals.”
  — Claire Aird, [01:39]

Record-Setting Mobile Exploit Broker Emerges

[01:47]

• New Player: Advanced Security Solutions, a broker based in the UAE, launches this month.
• Bounty: Offering up to $20 million for mobile OS exploit chains ($15M for Android/iOS zero-click, $10M for Linux/Windows, $7M for macOS).
• Trend: Represents the highest known open-market payouts for zero-day exploits so far.

Major Layoffs in US Intelligence

[02:18]

• Scale: The Office of the Director of National Intelligence will cut 40% of its workforce to save over $700 million annually.

• Critique: Director Tulsi Gabbard calls the office "inefficient" and "politicised".

  “Director of National Intelligence Tulsi Gabbard claimed the office was inefficient and it politicised intelligence.”
  — Claire Aird, [02:29]

Key Personnel Changes in US National Security Agencies

[02:41]

• NSA: Joe Francescan selected as Deputy Director, replacing Wendy Noble (dismissed in April at the White House’s request).

Anti-Disinformation Agency Shifts in Europe

[03:04]

• Move: Urwe Le Tuque leaves France's Viginum for Finnish company CheckFirst, where he’ll continue anti-disinformation work.

Major Chinese Internet Disruption

[03:24]

• Incident: China’s “Great Firewall” blocked all HTTPS traffic for an hour, causing widespread disruption.
• Unclear Motive: Possibly a test or accidental technical fault.

FTC Warns US Tech Companies on Encryption Weakening

[03:36]

• Context: FTC responds to foreign pressures, especially from the EU and UK, to undermine encryption.
• Companies Notified: Apple, Meta, Signal, Google.

Europol Denies Killin Ransomware Bounty

[03:52]

• Fake Post: Reports surfaced of a $50,000 Europol bounty; confirmed to be an unofficial Telegram hoax.

  “The agency told Security Week it does not have an official presence on Telegram.”
  — Claire Aird, [03:59]

Telecom Data Breaches Continue

[04:09]

• Orange Belgium Breach: 850,000 customers affected (names, numbers, SIM and PUK codes, subscription data stolen).
• Context: Follows breaches at Orange Romania and Orange France earlier this year.

Botnet Operator Charged in Oregon

[04:31]

• Suspect: Ethan Foultz, DDoS botnet (WrapperBot) operator, worked with another hacker as “Slaykings”.
• Impact: Botnet infected up to 95,000 devices and targeted Pentagon networks multiple times.

Scattered Spider Member Sentenced

[04:59]

• Defendant: Noah Michael Urban (“Sosa”, “King Bob”) gets 10 years in prison.

• Crimes: Hacked major platforms, stole data, and used it for SIM-swapping attacks.

• Restitution: Ordered to pay $13 million to victims.

  “Urban used the hacker name Sosa and King Bob.”
  — Claire Aird, [05:09]

Dutch Hacker Sentenced for Elderly Scams

[05:29]

• Sentence: 4 years in prison for impersonation and theft campaigns targeting the elderly (€277,000 stolen since 2019).

Arrests in Southeast Asian SMS Spam Operations

[05:46]

• Details: Two men (South Korean and Vietnamese) arrested in Bangkok and Ho Chi Minh City for “driving SMS blasters”—vehicles equipped to send mass spam.

Malicious Google Chrome Extension Exposed

[06:03]

• Extension: VPN1, installed by over 100,000.
• Action: Secretly took screenshots of every visited webpage and sent them, along with device/geolocation data, to remote servers.
• Status: Still available in Chrome Web Store, despite the July 17 update introducing malicious activity.

Russian Cyber-Espionage Continues Targeting Cisco

[06:38]

• Attackers: Russian FSB-linked group still exploiting a bug patched in Cisco routers in 2018.
• Tool: Sinful Knock firmware backdoor deployed; FBI and Cisco urge immediate patching.

Threat Actor Hijacking GeoServer Bandwidth

[07:07]

• Tactic: Hackers compromise outdated GeoServer instances and conscript them into proxy networks.
• Timeline: Ongoing since March, per Palo Alto Networks.

Silent Patch for Microsoft Copilot AI Vulnerability

[07:25]

• Flaw: Allowed attackers to make Copilot access files without logging activity.
• Response: Security firm Pistachio reports Microsoft quietly patched the issue this week without public CVE or notice.

Microsoft’s Quantum-Safe Encryption Timeline

[07:45]

• Plan: Quantum-resistant encryption to be the default in all Microsoft products by 2029.
• Migration: Starts with core services next year and completes by 2033.

Mozilla Launching Hosted Email in Germany

[08:00]

• Service: Thunderbird “Thundermail” webmail, hosted in Germany, launching as a paid subscription later in 2025.

Notable Quotes and Memorable Moments

• “Only Chinese companies have been restricted so far. Microsoft will also no longer provide proof of concept code for flaws.” ([00:18])
• “Apple says the Zero day was used in a sophisticated attack against specific targeted individuals.” ([01:39])
• “Director of National Intelligence Tulsi Gabbard claimed the office was inefficient and it politicised intelligence.” ([02:29])
• “Urban used the hacker name Sosa and King Bob.” ([05:09])
• “The extension is still live on the Chrome Web Store, where it was once featured as a recommended extension.” ([06:23])

Important Timestamps

• [00:04] – Microsoft MAPP restrictions for China
• [01:14] – Apple patches in-the-wild zero-day
• [01:47] – UAE zero-day exploit broker offers record bounties
• [02:18] – Major US intelligence layoffs and NSA personnel changes
• [03:24] – China’s Great Firewall blocks HTTPS
• [03:36] – FTC encryption warning to tech sector
• [03:52] – Europol telegram scam
• [04:09] – Orange Belgium breach
• [04:31] – WrapperBot botnet indictment
• [04:59] – Scattered Spider sentencing
• [05:29] – Dutch elderly scammer sentenced
• [06:03] – Malicious Chrome extension exposed
• [06:38] – Russian cyber-espionage, Cisco routers
• [07:25] – Copilot AI vulnerability quietly patched
• [07:45] – Microsoft quantum-safe encryption plans
• [08:00] – Mozilla launching webmail

Summary:
This Risky Bulletin episode is a whirlwind tour through today’s most pressing and unusual cybersecurity news. From policy shifts at tech giants and alarming vulnerabilities, to lucrative exploit marketplaces and aggressive cybercrime crackdowns, the episode delivers crucial updates for security professionals and policy watchers alike—always in Risky.biz’s factual, punchy tone.