Risky Bulletin: Most smart devices run outdated web browsers

Podcast: Risky Bulletin (Risky.biz)
Host/Reader: Claire Aird
Date: December 17, 2025
Episode Theme: The episode offers a rapid-fire summary of the week’s most pressing cybersecurity news, spotlighting the widespread use of outdated web browsers in smart devices, major international cyber incidents, legal actions, and notable software vulnerabilities.

Episode Overview

This episode centers on the alarming finding that a vast majority of smart devices—including TVs, e-readers, and consoles—are using outdated and vulnerable web browsers. The Risky Business team, led by Claire Aird, also covers high-profile cyberattacks, data breaches, international legal actions, and software security developments that define the current security landscape.

Key Stories & Insights

1. Most Smart Devices Run Outdated Web Browsers

[00:10]

An academic review found embedded browsers in devices like smart TVs, e-readers, and gaming consoles are often years out of date—even at launch.
- Some browsers lag by as much as three years on security.
- Firmware updates rarely update the browser component, leaving devices exposed.
- Quote: "Some of the devices had old vulnerable browsers even when they were brand new." — Claire Aird [00:20]

2. Cybersecurity Leadership & Government News

US Cyber Command/NSA Nomination:
- The White House is preparing to nominate Army Lieutenant General Joshua Rudd as the new head of US Cyber Command and the NSA.
- The agencies have lacked leadership since April.
- Previous nominee Army Lieutenant General William Hartman failed confirmation in October.
Texas Files Lawsuits Against Smart TV Makers:
- The Texas Attorney General is suing Sony, Samsung, LG, Hisense, and TCL for data-collection practices using automated content recognition.
- Quote: "Smart TVs from the five companies use automated content recognition to spy on users' viewing habits." — Claire Aird [02:45]

3. Major Breaches and Sabotage Incidents

Ukrainian Hacktivists vs. Russian Defense (ASCON)
- Ukrainian group Khaybar claims to have wiped systems and backups at ASCON, Russian defense software provider.
- 10+ terabytes of internal data and CCTV systems were allegedly destroyed.
- Significance: ASCON software is used in Russian missiles, tanks, nuclear weapons, and radars. [01:04]
Ransomware Cripples Venezuela’s State Oil Company
- Hackers shut down Petroleos de Venezuela's production, refining, and shipping.
- The company claims US involvement, but details suggest ransomware was the real cause. [01:16]
Pornhub Data Extortion Attempt
- Shiny Hunters claim they stole 94GB from a Pornhub analytics vendor.
- Threatening to release ‘viewing and search history’ of premium users unless ransomed.
- Data was sourced from Mixpanel; OpenAI’s data was also exposed in the same breach.
- Quote: "Hackers are threatening to release the viewing and search history of Pornhub premium users." — Claire Aird [01:27]
Prosper (Peer-to-Peer Lending) Data Breach
- Attackers accessed data of 17 million customers between June and August.
- Leaked info: names, addresses, driver’s licenses, Social Security numbers. [01:41]

4. Hacktivism & Espionage

Iranian Hacktivists Target Israeli Engineers
- Handala offers $30,000 bounties for info on engineers behind Israel’s air defense systems.
- Recently published personal data to intimidate defense workers. [01:56]

5. New Vulnerabilities and Patch News

Microsoft Disables RC4 in Kerberos Authentication [02:59]
- RC4’s weakness leads to attacks (e.g., Kerberoasting).
- Microsoft responds after Senator Ron Wyden’s push.
Google’s Dark Web Report Discontinued
- Users will lose dark web exposure notification services in January, shutting down in February. [03:14]
Serious Vulnerabilities:
- Gladinet CentreStack/TrioFox: Attackers exploit a cryptographic key vulnerability to run code (at least 9 companies hacked). [05:05]
- Fortinet: Two SSO-bypass flaws are being exploited, though SSO is off by default. [05:22]
- Magento MGT Extension: Benign backdoor removed, intended for debugging; security firm Sans downplays threat. [05:32]
- Amazon Kindle: Vulnerability allowed root access via malicious audiobooks; $20,000 bug bounty awarded to discoverer. [05:47]
WhatsApp “Ghost Pairing” Social Engineering Attack
- Malicious QR codes link attacker’s device to victim’s WhatsApp account.
- Tactic is based on previously used methods to intercept Signal messages by Russian threat actors. [04:28]

6. Other Briefs and Law Enforcement Actions

DraftKings Hacking Case
- 20-year-old Nathan Ostad pleaded guilty to credential stuffing attack that compromised 60,000+ accounts.
- All three perpetrators pleaded guilty; one sentenced to 18 months prison. [03:36]
SMS Phishing in Serbia
- Two Chinese nationals detained for distributing phishing links via SMS impersonations of local services. [03:56]
Ukraine Fraud Call Centers
- Call centers scammed over €10 million from European victims, posing as government and police. 12 arrested, 45 suspects identified. [04:10]

Notable Quotes & Moments

"Most smart devices run outdated web browsers...some by as much as three years." — Claire Aird [00:10]
"Hackers are threatening to release the viewing and search history of Pornhub premium users." — Claire Aird [01:27]
"Smart TVs from the five companies use automated content recognition to spy on users' viewing habits." — Claire Aird [02:45]

Timestamps for Major Segments

[00:04] – Episode intro and main theme
[00:10] – Outdated browsers in smart devices
[01:04] – Ukrainian hacktivists breach Russian defense
[01:16] – Venezuela oil company ransomware attack
[01:27] – Pornhub data extortion and Mixpanel breach
[01:41] – Prosper data breach
[01:56] – Iranian hacker bounties on Israeli engineers
[02:45] – Texas lawsuits against smart TV makers
[02:59] – Microsoft RC4 cipher update
[03:14] – Google Dark Web Report shutdown
[03:36] – DraftKings hacking case
[03:56] – SMS phishing arrests in Serbia
[04:10] – Ukrainian call center scam busts
[04:28] – WhatsApp QR code “Ghost Pairing” attack
[05:05] – Gladinet CentreStack/TrioFox zero-day
[05:22] – Fortinet vulnerabilities exploited
[05:32] – Magento MGT extension backdoor patch
[05:47] – Amazon Kindle root exploit and bug bounty

Conclusion

Risky Bulletin delivers a sharp, detail-rich summary of the week's cyber news, highlighting the widespread vulnerability of smart devices due to outdated browsers, ongoing nation-state hacktivism, extortion and data privacy fiascos, and breaking threat intelligence. The episode is brisk, technical, and unfiltered, providing actionable situational awareness for cybersecurity professionals and keen observers alike.

Risky Bulletin: Most smart devices run outdated web browsers

Episode Overview

Key Stories & Insights

1. Most Smart Devices Run Outdated Web Browsers

[00:10]

An academic review found embedded browsers in devices like smart TVs, e-readers, and gaming consoles are often years out of date—even at launch.
- Some browsers lag by as much as three years on security.
- Firmware updates rarely update the browser component, leaving devices exposed.
- Quote: "Some of the devices had old vulnerable browsers even when they were brand new." — Claire Aird [00:20]

2. Cybersecurity Leadership & Government News

US Cyber Command/NSA Nomination:
- The White House is preparing to nominate Army Lieutenant General Joshua Rudd as the new head of US Cyber Command and the NSA.
- The agencies have lacked leadership since April.
- Previous nominee Army Lieutenant General William Hartman failed confirmation in October.
Texas Files Lawsuits Against Smart TV Makers:
- The Texas Attorney General is suing Sony, Samsung, LG, Hisense, and TCL for data-collection practices using automated content recognition.
- Quote: "Smart TVs from the five companies use automated content recognition to spy on users' viewing habits." — Claire Aird [02:45]

3. Major Breaches and Sabotage Incidents

Ukrainian Hacktivists vs. Russian Defense (ASCON)
- Ukrainian group Khaybar claims to have wiped systems and backups at ASCON, Russian defense software provider.
- 10+ terabytes of internal data and CCTV systems were allegedly destroyed.
- Significance: ASCON software is used in Russian missiles, tanks, nuclear weapons, and radars. [01:04]
Ransomware Cripples Venezuela’s State Oil Company
- Hackers shut down Petroleos de Venezuela's production, refining, and shipping.
- The company claims US involvement, but details suggest ransomware was the real cause. [01:16]
Pornhub Data Extortion Attempt
- Shiny Hunters claim they stole 94GB from a Pornhub analytics vendor.
- Threatening to release ‘viewing and search history’ of premium users unless ransomed.
- Data was sourced from Mixpanel; OpenAI’s data was also exposed in the same breach.
- Quote: "Hackers are threatening to release the viewing and search history of Pornhub premium users." — Claire Aird [01:27]
Prosper (Peer-to-Peer Lending) Data Breach
- Attackers accessed data of 17 million customers between June and August.
- Leaked info: names, addresses, driver’s licenses, Social Security numbers. [01:41]

4. Hacktivism & Espionage

Iranian Hacktivists Target Israeli Engineers
- Handala offers $30,000 bounties for info on engineers behind Israel’s air defense systems.
- Recently published personal data to intimidate defense workers. [01:56]

5. New Vulnerabilities and Patch News

Microsoft Disables RC4 in Kerberos Authentication [02:59]
- RC4’s weakness leads to attacks (e.g., Kerberoasting).
- Microsoft responds after Senator Ron Wyden’s push.
Google’s Dark Web Report Discontinued
- Users will lose dark web exposure notification services in January, shutting down in February. [03:14]
Serious Vulnerabilities:
- Gladinet CentreStack/TrioFox: Attackers exploit a cryptographic key vulnerability to run code (at least 9 companies hacked). [05:05]
- Fortinet: Two SSO-bypass flaws are being exploited, though SSO is off by default. [05:22]
- Magento MGT Extension: Benign backdoor removed, intended for debugging; security firm Sans downplays threat. [05:32]
- Amazon Kindle: Vulnerability allowed root access via malicious audiobooks; $20,000 bug bounty awarded to discoverer. [05:47]
WhatsApp “Ghost Pairing” Social Engineering Attack
- Malicious QR codes link attacker’s device to victim’s WhatsApp account.
- Tactic is based on previously used methods to intercept Signal messages by Russian threat actors. [04:28]

6. Other Briefs and Law Enforcement Actions

DraftKings Hacking Case
- 20-year-old Nathan Ostad pleaded guilty to credential stuffing attack that compromised 60,000+ accounts.
- All three perpetrators pleaded guilty; one sentenced to 18 months prison. [03:36]
SMS Phishing in Serbia
- Two Chinese nationals detained for distributing phishing links via SMS impersonations of local services. [03:56]
Ukraine Fraud Call Centers
- Call centers scammed over €10 million from European victims, posing as government and police. 12 arrested, 45 suspects identified. [04:10]

Notable Quotes & Moments

"Most smart devices run outdated web browsers...some by as much as three years." — Claire Aird [00:10]
"Hackers are threatening to release the viewing and search history of Pornhub premium users." — Claire Aird [01:27]
"Smart TVs from the five companies use automated content recognition to spy on users' viewing habits." — Claire Aird [02:45]

Timestamps for Major Segments

[00:04] – Episode intro and main theme
[00:10] – Outdated browsers in smart devices
[01:04] – Ukrainian hacktivists breach Russian defense
[01:16] – Venezuela oil company ransomware attack
[01:27] – Pornhub data extortion and Mixpanel breach
[01:41] – Prosper data breach
[01:56] – Iranian hacker bounties on Israeli engineers
[02:45] – Texas lawsuits against smart TV makers
[02:59] – Microsoft RC4 cipher update
[03:14] – Google Dark Web Report shutdown
[03:36] – DraftKings hacking case
[03:56] – SMS phishing arrests in Serbia
[04:10] – Ukrainian call center scam busts
[04:28] – WhatsApp QR code “Ghost Pairing” attack
[05:05] – Gladinet CentreStack/TrioFox zero-day
[05:22] – Fortinet vulnerabilities exploited
[05:32] – Magento MGT extension backdoor patch
[05:47] – Amazon Kindle root exploit and bug bounty

wavePod

Risky Bulletin: Most smart devices run outdated web browsers

Powered by Wave AI

Summary

Risky Bulletin: Most smart devices run outdated web browsers

Episode Overview

Key Stories & Insights

1. Most Smart Devices Run Outdated Web Browsers

2. Cybersecurity Leadership & Government News

3. Major Breaches and Sabotage Incidents

4. Hacktivism & Espionage

5. New Vulnerabilities and Patch News

6. Other Briefs and Law Enforcement Actions

Notable Quotes & Moments

Timestamps for Major Segments

Conclusion

Summary

Risky Bulletin: Most smart devices run outdated web browsers

Episode Overview

Key Stories & Insights

1. Most Smart Devices Run Outdated Web Browsers

2. Cybersecurity Leadership & Government News

3. Major Breaches and Sabotage Incidents

4. Hacktivism & Espionage

5. New Vulnerabilities and Patch News

6. Other Briefs and Law Enforcement Actions

Notable Quotes & Moments

Timestamps for Major Segments

Conclusion