Summary5 min read

Risky Bulletin: Norway Skittish of its Chinese Electric Buses

Podcast: Risky Bulletin (Risky.biz)
Date: November 3, 2025
Host: Claire Aird (prepared by Catalyn Kim Panu)

Episode Overview

This episode covers the latest cybersecurity news headlines, with a primary focus on concerns in Norway over Chinese-made electric buses featuring remote control capabilities. Additionally, the episode explores developments in cybersecurity workforce training in the U.S., regulatory moves in Europe on telecom security, ongoing scam crackdowns in Asia, cybercrime cases, and notable software security updates.

Key Discussion Points and Insights

1. Norway's Concerns Over Chinese Electric Buses

[00:04–01:10]

Main Story: Oslo public transportation agency discovered that their Chinese-manufactured Utong electric buses have embedded remote control features, highlighted during a recent audit.
Technical Findings: The capabilities were found in the software diagnostics module and battery systems of the buses.
Scope: Over 300 Utong buses are deployed in Oslo, with 550 more across Norway.
Comparison: No remote control features were detected in Dutch-made buses.
Implication: Raises questions about transportation infrastructure security and dependencies on foreign manufacturers.

2. U.S. Cyber Corps Program Could Saddle Students with Debt

[01:11–01:58]

Challenge: The program, meant to train cybersecurity experts for government roles in exchange for tuition, faces trouble as hiring freezes and budget cuts have led to job offers being rescinded.
Debt Risk: Without placements, students may be forced to repay their training costs.
Reference: “Many participants…have had job offers rescinded this year following federal budget cuts and hiring freezes.” (01:30)

3. Russia Blocks 2FA Calls and SMS

[01:59–02:25]

Russian telecoms are blocking two-factor authentication mechanisms—calls and SMS—for apps like Telegram and WhatsApp.
Impact: Hinders logins and new-user signups for messaging services.
Context: Follows Russia’s ongoing attempts to restrict and control internet communications.

4. Germany Considers Paying to Replace Huawei Gear

[02:26–02:48]

The German government is weighing whether to use public funds to help Deutsche Telekom replace Huawei telecommunications equipment.
Cost Estimate: Could exceed 2 billion euros.
Backdrop: Most NATO allies have already prohibited Huawei from core networks.

5. Iranian Hackers Expose Sensitive Israeli Defense Data

[02:49–03:17]

Attack: Iranian Cybertufan Group claims breach of Maya Defence (an Israeli contractor), leaking employee names, photos, internal documents, and factory CCTV footage.
Significance: Maya Defence supplies drones, missiles, and launch systems to the Israeli government.

6. Cryptocurrency Hack – Garden Defi Platform

[03:18–03:32]

Hackers stole approximately $10.8 million from the DeFi platform “Garden.”
The company proposed a 10% bounty for return of the funds.
More than a quarter of the platform's activity is tied to criminal transactions.

7. AI-Driven Scareware Blocking in Edge and Chrome

[03:33–04:08]

Microsoft Edge: Rolled out a scareware blocker using a local computer vision model to detect/block fake warnings and popup scams (Edge v142).
Chrome: Similar blockers using large language models (LLMs) for scam detection added last week.

8. Conti Ransomware Member Extradited to U.S.

[04:09–04:27]

Case: Ukrainian Alexi Alexeyevich Litvin Nenko extradited for his role in the Conti ransomware group between 2020-2022.
Detail: Arrested in Ireland in 2023; accused as a key operative.

9. Southeast Asian Crackdowns on Scam Compounds

[04:28–05:11]

Thailand: Arrested 24 alleged scammers near Bangkok; many are Filipino nationals fleeing Myanmar enforcement.
Cambodia: Authorities raided a scam compound, detaining 111 mostly Indonesian suspects; part of broader anti-scam operations.
Singapore: Seized $115 million in assets linked to Chen Ji Was, operator of notorious Cambodian scam compounds—sanctioned by the U.S. Treasury.

10. Major U.S. and Australian Cybercrime Cases

[05:12–05:44]

U.S.: Arizona man Baron Kane Martin faces charges over the 764 online terror network, accused of child exploitation, murder-for-hire, and animal torture.
Australia: Federal police launches Task Force Pompolid (child exploitation & extremism) and Task Force Thunder (Pacific cybercrime).

11. Canadian Tech Support Scam

[05:45–06:10]

An elderly Canadian couple lost $1 million to scammers after months of fake tech support calls, manipulation, and coerced gold and Bitcoin transfers.

12. Cisco IOS XE Routers Malware Infections

[06:11–06:34]

Over 400 routers in Australia infected due to unpatched vulnerabilities in Cisco devices.
Threat Actor: Chinese cyber espionage group “Salt Typhoon.”

13. New Linux Privilege Escalation Exploited by Ransomware

[06:35–end]

Ransomware group exploits a 2024 Linux nftables kernel vulnerability for root access.
Confirmation: CISA has validated the exploit is active, but responsible group remains unidentified.

Notable Quotes & Memorable Moments

On Norway’s transport audit:

“During an audit, Oslo's public transportation agency found that its buses from Chinese carmaker Utong had remote control capabilities.” (Claire Aird, 00:15)
On US Cyber Corps risk:

“If students do not get a government job, they’re required to repay the costs.” (Claire Aird, 01:47)
On advanced browser protection:

“The scareware Blocker uses a local computer vision model to block full screen pop ups and fake warnings.” (Claire Aird, 03:43)
On Southeast Asian crackdown:

“Singaporean authorities have seized $115 million in assets belonging to a Cambodian scam compound operator… The group ran scam compounds in Cambodia, where it used kidnappings and threats of violence.” (Claire Aird, 05:06–05:11)

Important Segment Timestamps

Norway Electric Bus Remote Controls: 00:04–01:10
U.S. Cyber Corps Debt Issues: 01:11–01:58
Russia Blocks 2FA: 01:59–02:25
Germany and Huawei: 02:26–02:48
Israeli Defense Hack: 02:49–03:17
DeFi Crypto Theft: 03:18–03:32
Edge/Chrome AI Scam Blockers: 03:33–04:08
Conti Ransomware Extradition: 04:09–04:27
Asian Scam Crackdowns: 04:28–05:11
U.S. and Australian Cybercrime: 05:12–05:44
Canadian Fraud: 05:45–06:10
Cisco Router Hacking: 06:11–06:34
Linux Kernel Vulnerability: 06:35–End

Summary

This episode of Risky Bulletin delivers a rapid rundown of global cybersecurity stories, led by Norway’s scrutiny of Chinese bus technology, challenges in cybersecurity workforce pipelines, international moves against telecommunications risks, expanding criminal crackdowns in Asia, software security upgrades, and ongoing cybercrime investigations. The reporting remains concise, factual, and focused on risk implications, making it a highly informative briefing for security professionals and public observers alike.

Loading summary

Transcript1 lines

[00:04]
A
Norway finds remote control features in its Chinese electric buses the U.S. cyber Corps program may saddle students with debt. Edge and Chrome get AI based scareware blockers and a Conti member has been extradited to the us. This is the risky bulletin prepared by Catalyn Kim Panu and read by me, Claire aird. Today is the 3rd of November 18th and this podcast episode is brought to you by Sublime Security, an email security platform that's not a black box in today's top story, Norway is concerned its Chinese made electric buses could be remotely disabled. During an audit, Oslo's public transportation agency found that its buses from Chinese carmaker Utong had remote control capabilities. The features were identified in the software diagnostics, module and battery systems. Similar features were not found in electric buses that were made in the Netherlands. Oslo's public transportation agency operates more than 300 Utong buses. Another 550 are used elsewhere in Norway. Participants in a US program that trains cybersecurity experts may be faced with debt due to a lack of government jobs. The U.S. cyber Corps program was established 25 years ago. It provides free cybersecurity training on the condition that students work for the government for a set period of time once completed. Cyberscoop reported that many participants Governments have had job offers rescinded this year following federal budget cuts and hiring freezes. If students do not get a government job, they're required to repay the costs. Russian telecom operators are blocking calls and SMS messages used for two factor authentication. The block is affecting logins and new user sign ups to Telegram and WhatsApp. In August, Russia started blocking voice calls in the apps it's also attempting to control in app messaging. Germany is considering using public funds to pay Deutsche Telekom to replace Huawei gear. The costs could exceed 2 billion euros. Most NATO allies have blocked Huawei from their telecommunications networks. Iranian hackers have leaked the names of employees at a major Israeli defence contractor, the Cybertufan Group said it breached Maya Defence in early 2024. As well as employee names and photos, the group also released internal docum and CCTV footage from inside factories. Maya Defence makes drones, missiles and launch systems for the Israeli government. Hackers have stolen $10.8 million worth of crypto assets from the Garden Defi platform. The hack occurred on Friday. The company has offered the attacker a 10% bounty to return the stolen assets. More than a quarter of Garden's activity has been linked to crime, such as laundering funds hacked from other platforms. Microsoft has added a new security feature to its Edge web browser. The scareware Blocker uses a local computer vision model to block full screen pop ups and fake warnings. The feature was added in Edge version 142. It will only run on systems with more than 2 gigabytes of RAM and 4 CPU cores. A similar system that uses an LLM to detect scams was added to Chrome last week. A Ukrainian man has been extradited to the US to face hacking charges related to the Conti ransomware. Alexi Alexeyevich Litvin Nenko was arrested in Ireland in 2023. The 43 year old was allegedly a member of the gang for two years. From 2020, Thai authorities have arrested 24 individuals accused of online scamming. 21 of the suspects are Filipino nationals. Officials say the scammers were operating near Bangkok. They fled from Myanmar following a crackdown on compounds last month. Meantime, Cambodian Authorities have arrested 111 people following a raid at a scam compound in the country's capital. Most of the suspects were Indonesian nationals, officials said. The raid is part of a larger crackdown on cyber scam operations. Singaporean authorities have seized $115 million in assets belonging to a Cambodian scam compound operator, the Prince Holding Group and its founder, Chen Ji Was was sanctioned last month by the US Treasury. The group ran scam compounds in Cambodia, where it used kidnappings and threats of violence. Seized assets included bank accounts, 11 cars, six properties and one yacht. An Arizona man faces multiple charges for leading the 764 online terror network. Baron Kane Martin has been accused of extorting children for sexual content, running a murder for hire operation and animal torture. He was arrested in December last year. The 764 community is an officer offshoot of the. Com online crime community. Australia's federal police has created two new cyber task forces. Task Force Pompolid will target online networks that exploit young children to produce violent or extremist materials. Task Force Thunder will focus on cybercrime across the Pacific region. An elderly Canadian couple has lost $1 million to online scammers. The couple, in their 70s, fell victim to a tech support scam that showed error messages on their laptop. The scammers called the couple daily for five months, posing as Canadian authorities. The scammers convinced the victims to purchase gold from a fake investment portal and transfer Bitcoin via ATMs. More than 400 Cisco iOS XE routers across Australia have been infected with malware. Owners of the hacked routers had failed to deploy a 2023 security update. The update patched a zero day that was abused by the Chinese cyber Espion Group. Salt Typhoon, Australia's cybersecurity agency, says exploitation was still ongoing last month. And finally, a recent Linux privilege escalation vulnerability is being exploited in the wild by a ransomware group. The attacks leverage a 2024 vulnerability in the nftable's kernel component to gain root access. Attacks have been confirmed by cisa. It's not known which group is using the bug. And that is all for this podcast edition. Today's show was brought to you by our sponsor, Sublime Security. Find them at subl.security thanks to your company.