Summary5 min read

Risky Bulletin: Most smart devices run outdated web browsers

Podcast: Risky Bulletin (Risky.biz)
Host/Reader: Claire Aird
Date: December 17, 2025
Episode Theme: The episode offers a rapid-fire summary of the week’s most pressing cybersecurity news, spotlighting the widespread use of outdated web browsers in smart devices, major international cyber incidents, legal actions, and notable software vulnerabilities.

Episode Overview

This episode centers on the alarming finding that a vast majority of smart devices—including TVs, e-readers, and consoles—are using outdated and vulnerable web browsers. The Risky Business team, led by Claire Aird, also covers high-profile cyberattacks, data breaches, international legal actions, and software security developments that define the current security landscape.

Key Stories & Insights

1. Most Smart Devices Run Outdated Web Browsers

[00:10]

An academic review found embedded browsers in devices like smart TVs, e-readers, and gaming consoles are often years out of date—even at launch.
- Some browsers lag by as much as three years on security.
- Firmware updates rarely update the browser component, leaving devices exposed.
- Quote: "Some of the devices had old vulnerable browsers even when they were brand new." — Claire Aird [00:20]

2. Cybersecurity Leadership & Government News

US Cyber Command/NSA Nomination:
- The White House is preparing to nominate Army Lieutenant General Joshua Rudd as the new head of US Cyber Command and the NSA.
- The agencies have lacked leadership since April.
- Previous nominee Army Lieutenant General William Hartman failed confirmation in October.
Texas Files Lawsuits Against Smart TV Makers:
- The Texas Attorney General is suing Sony, Samsung, LG, Hisense, and TCL for data-collection practices using automated content recognition.
- Quote: "Smart TVs from the five companies use automated content recognition to spy on users' viewing habits." — Claire Aird [02:45]

3. Major Breaches and Sabotage Incidents

Ukrainian Hacktivists vs. Russian Defense (ASCON)
- Ukrainian group Khaybar claims to have wiped systems and backups at ASCON, Russian defense software provider.
- 10+ terabytes of internal data and CCTV systems were allegedly destroyed.
- Significance: ASCON software is used in Russian missiles, tanks, nuclear weapons, and radars. [01:04]
Ransomware Cripples Venezuela’s State Oil Company
- Hackers shut down Petroleos de Venezuela's production, refining, and shipping.
- The company claims US involvement, but details suggest ransomware was the real cause. [01:16]
Pornhub Data Extortion Attempt
- Shiny Hunters claim they stole 94GB from a Pornhub analytics vendor.
- Threatening to release ‘viewing and search history’ of premium users unless ransomed.
- Data was sourced from Mixpanel; OpenAI’s data was also exposed in the same breach.
- Quote: "Hackers are threatening to release the viewing and search history of Pornhub premium users." — Claire Aird [01:27]
Prosper (Peer-to-Peer Lending) Data Breach
- Attackers accessed data of 17 million customers between June and August.
- Leaked info: names, addresses, driver’s licenses, Social Security numbers. [01:41]

4. Hacktivism & Espionage

Iranian Hacktivists Target Israeli Engineers
- Handala offers $30,000 bounties for info on engineers behind Israel’s air defense systems.
- Recently published personal data to intimidate defense workers. [01:56]

5. New Vulnerabilities and Patch News

Microsoft Disables RC4 in Kerberos Authentication [02:59]
- RC4’s weakness leads to attacks (e.g., Kerberoasting).
- Microsoft responds after Senator Ron Wyden’s push.
Google’s Dark Web Report Discontinued
- Users will lose dark web exposure notification services in January, shutting down in February. [03:14]
Serious Vulnerabilities:
- Gladinet CentreStack/TrioFox: Attackers exploit a cryptographic key vulnerability to run code (at least 9 companies hacked). [05:05]
- Fortinet: Two SSO-bypass flaws are being exploited, though SSO is off by default. [05:22]
- Magento MGT Extension: Benign backdoor removed, intended for debugging; security firm Sans downplays threat. [05:32]
- Amazon Kindle: Vulnerability allowed root access via malicious audiobooks; $20,000 bug bounty awarded to discoverer. [05:47]
WhatsApp “Ghost Pairing” Social Engineering Attack
- Malicious QR codes link attacker’s device to victim’s WhatsApp account.
- Tactic is based on previously used methods to intercept Signal messages by Russian threat actors. [04:28]

6. Other Briefs and Law Enforcement Actions

DraftKings Hacking Case
- 20-year-old Nathan Ostad pleaded guilty to credential stuffing attack that compromised 60,000+ accounts.
- All three perpetrators pleaded guilty; one sentenced to 18 months prison. [03:36]
SMS Phishing in Serbia
- Two Chinese nationals detained for distributing phishing links via SMS impersonations of local services. [03:56]
Ukraine Fraud Call Centers
- Call centers scammed over €10 million from European victims, posing as government and police. 12 arrested, 45 suspects identified. [04:10]

Notable Quotes & Moments

"Most smart devices run outdated web browsers...some by as much as three years." — Claire Aird [00:10]
"Hackers are threatening to release the viewing and search history of Pornhub premium users." — Claire Aird [01:27]
"Smart TVs from the five companies use automated content recognition to spy on users' viewing habits." — Claire Aird [02:45]

Timestamps for Major Segments

[00:04] – Episode intro and main theme
[00:10] – Outdated browsers in smart devices
[01:04] – Ukrainian hacktivists breach Russian defense
[01:16] – Venezuela oil company ransomware attack
[01:27] – Pornhub data extortion and Mixpanel breach
[01:41] – Prosper data breach
[01:56] – Iranian hacker bounties on Israeli engineers
[02:45] – Texas lawsuits against smart TV makers
[02:59] – Microsoft RC4 cipher update
[03:14] – Google Dark Web Report shutdown
[03:36] – DraftKings hacking case
[03:56] – SMS phishing arrests in Serbia
[04:10] – Ukrainian call center scam busts
[04:28] – WhatsApp QR code “Ghost Pairing” attack
[05:05] – Gladinet CentreStack/TrioFox zero-day
[05:22] – Fortinet vulnerabilities exploited
[05:32] – Magento MGT extension backdoor patch
[05:47] – Amazon Kindle root exploit and bug bounty

Conclusion

Risky Bulletin delivers a sharp, detail-rich summary of the week's cyber news, highlighting the widespread vulnerability of smart devices due to outdated browsers, ongoing nation-state hacktivism, extortion and data privacy fiascos, and breaking threat intelligence. The episode is brisk, technical, and unfiltered, providing actionable situational awareness for cybersecurity professionals and keen observers alike.

Loading summary

Transcript1 lines

[00:04]
A
Most smart devices run outdated web browsers. Ukrainian hacktivists breach a major Russian defence contractor, ransomware hits Venezuela's state owned oil company and hackers are trying to extort pornhub with stolen user data. This is the risky bulletin prepared by Catalyn Kimpanu and read by me, Claire Aird today. Today is the 17th of December and this podcast episode is brought to you by Push Security. In today's top story, the web browsers in many smart devices are out of date, some by as much as three years. An academic study analysed the browsers that shipped with smart TVs, E readers, gaming consoles and other modern hardware. Some of the devices had old vulnerable browsers even when they were brand new. Other manufacturers offer firmware updates but fail to update the embedded browsers. In other news, the White House is preparing to nominate Army Lieutenant General Joshua Rudd as the next head of Cyber Command and the U.S. national Security Agency. General Rudd is currently serving as Deputy Chief of the U.S. indo Pacific Command. Both CyberCom and the NSA have been without a leader since Trump dismissed Air Force General Timothy Hawg in April. The nomination of Army Lieutenant General William Hartman for the same position fell through in October. Ukrainian hacktivists have sabotaged a major Russian defence contractor. The Khyber Group claims it wiped systems at ascon, a software developer for the Russian defence industry. The hackers claim to have stolen more than 10 terabytes of internal data and wiped backups and CCTV systems. ASCON developed software for Russian missiles, tanks, nuclear weapons and radars. A cyberattack has crippled the activity of Venezuelan's state owned oil and gas company Petroleos de Venezuela. The attack shut down systems for production, refining and shipping oil products in the country's north. The intrusion has been reported as a ransomware attack, although the company has blamed the United States. Hackers are threatening to release the viewing and search history of pornhub premium users. The Shiny Hunters claim to have stolen more than 94 gigabytes of data from one of Pornhub's analytics providers. The group is now demanding a ransom to stop it releasing the data. Porn pornhub says the information was taken from analytics company Mixpanel. The same breach at Mixpanel also exposed data from OpenAI peer to peer lending platform Prosper has disclosed a security breach. The incident took place between June and August and involved data about more than 17 million customers. The hackers stole personal information such as names, home addresses, driver's licenses and Social Security numbers. An Iranian hacktivist Group is offering $30,000 bounties for information about Israeli engineers working in the defence sector. The Handala hacker group is seeking information about workers on Israel's Patriot Arrow and David's Sling Air defence systems. The group doxxed multiple Israeli engineers last week in an attempt to intimidate them. Handala has previously offered bounties for information about personnel at Israel's intelligence agencies and and military. The Texas attorney general has sued five smart TV makers over their data collection practices. Lawsuits have been filed against Sony, Samsung, LG, Hisense and TCL. The lawsuits claim smart TVs from the five companies use automated content recognition to spy on users watching habits. The ACR technology uploads images of the screen to the manufacturer's servers for analysis. Microsoft is finally disabling the RC4 cipher used in Windows Kerberos authentication. The cipher's weakness is a part of Kerberosting, an attack that allows threat actors to retrieve account credentials from active directory. Microsoft's decision comes after US Senator Ron Wyden called on the FTC to investigate the company over its use of the antiquated cipher. Google will shut down its Dark Web Report feature next year. The feature notified users when their Google account data appeared on the Dark Web and prompted users to reset the their passwords. The feature will stop scanning the dark web on January 15th and shut down for good a month later. A 20 year old from Minnesota has pleaded guilty to hacking sports betting website DraftKings. Nathan Ostad admitted to launching a credential stuffing attack against the platform in November 2022. Ostad used the hacker pseudonym Snoopy and worked with two other co conspirators. The trio hacked and then sold access to more than 60,000 DraftKings accounts. All all three were arrested last year and have now pleaded guilty. One of his co conspirators has been sentenced to 18 months in prison. Serbian police have detained two Chinese nationals for driving an SMS blaster around. The duo allegedly sent SMS messages that lured locals to phishing sites. The sites posed as mobile operators and government portals and attempted to collect payment card details. Ukrainian authorities have dismantled fraud call centres in three cities. The call centres collected more than 10 million euros from from victims across Europe. The operators posed as local governments and law enforcement to trick victims into wiring them money. Authorities identified 45 suspects and arrested 12 threat actors are using a new social engineering technique to hijack WhatsApp accounts. The new Ghost pairing attack lures victims to pages with malicious QR codes. Scanning the codes will link an attacker's device to the victim's WhatsApp account. The attack is a variation of a technique used by Russian state sponsored hackers to intercept signal messages earlier this year. Threat actors are exploiting a new vulnerability in Gladinet CentreStack and TrioFox file sharing service. Attackers use the vulnerability to retrieve a cryptographic key which they then leverage to run malicious code. The vulnerability has been abused in the wild as a zero day since last month. According to security firm Huntress, at least nine companies have been hacked so far. Threat actors are exploiting two Fortinet vulnerabilities that were patched last week. The flaws allow attackers to bypass single sign on authentication on Fortinet devices. The attacks aren't widespread because forticloud SSO login is disabled by default. MGT Commerce has released a security update to remove a backdoor mechanism from one of its Magento extensions. The system could have allowed remote attackers to run code on servers that use the MGT varnish caching component. Security firm Sans believes the backdoor was benign and intended for debugging and remote upgrades. And finally, Amazon has patched a vulnerability in the Kindle ebook reader. The security flaw could have allowed threat actors to gain root access to the device and take over a user's Amazon account. The vulnerability was delivered via a malicious Audible ebook and exploited the media parsing process. The issue was discovered by Thales security researcher Valentino Ricotta, who received a $20,000 bounty for his work. And that is all for this PODC Cast edition. Today's show was brought to you by our sponsor Push Security. Find them at pushsecurity. Com thanks to your company.