Podcasts
CyberWire Daily
Ep 2346
The CyberWire Daily Podcast 7.10.25
Ep 2346 | 7.10.25

Cybercrime has a hefty price tag.

Show Notes
Transcript

UK police make multiple arrests in the retail cyberattack case. French authorities arrest a Russian basketball player at the request of the U.S. A German court declares open season on Meta’s tracking pixels. The European Union unveils new rules to regulate artificial intelligence. London’s Iran International news confirms cyberattacks from Banished Kitten. Treasury sanctions a North Korean hacker over fake IT worker schemes. Microsoft confirms a widespread issue preventing organizations from deploying the latest Windows updates. Agreements over AI help end a year-long Hollywood strike. Researchers take an in-depth look at ClickFix. I’m joined by Ben Yelin and Ethan Cook for a look at Congress’ recent attempt to limit AI regulation through preemption. Password insecurity with a side of fries. 

Today is Thursday July 10th 2025. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

UK police make multiple arrests in the retail cyberattack case.  

Four people under 21 have been arrested over cyberattacks that hit major UK retailers including Marks & Spencer, Co-op, and Harrods, the National Crime Agency (NCA) said. The April ransomware attack on M&S was the most severe, shutting down online clothing sales for nearly seven weeks and costing about £300 million ($400 million) in operating profit. Those arrested were detained in London and the West Midlands on suspicion of blackmail, money laundering, computer misuse, and organised crime. M&S Chairman Archie Norman said the attackers were “loosely aligned parties” led by DragonForce and noted FBI involvement. He urged laws requiring firms to report serious cyberattacks, revealing two recent major incidents in the UK went unreported.

French authorities arrest a Russian basketball player at the request of the U.S. 

French authorities arrested Russian basketball player Daniil Kasatkin, 26, at Paris’ Charles de Gaulle Airport on June 21 at the request of the U.S., where he is accused of involvement in a ransomware hacking ring. U.S. officials allege Kasatkin negotiated ransom payments for a group that hacked about 900 companies and two federal agencies between 2020 and 2022. Kasatkin denies the charges, claiming he bought a used computer and is “useless with computers,” according to his lawyer. The Paris court denied his bail, meaning he remains in custody facing possible extradition. Kasatkin, who played for Penn State in 2018–2019 and most recently for Moscow’s MBA-MAI, had traveled to France with his fiancée. His lawyer said his physical condition in detention threatens his basketball career.

A German court declares open season on Meta’s tracking pixels. 

A German court has ordered Meta to pay €5,000 ($5,900) to a Facebook user for embedding tracking pixels and SDKs in third-party websites without user consent, violating GDPR. The Leipzig Regional Court ruled Meta’s tracking technology collects personal data even if users aren’t logged into Facebook or Instagram, enabling profiling for profit. This precedent allows other users to sue without proving individual damages. Experts warn the ruling could lead to massive class action lawsuits against Meta and any websites using its tracking tools without consent, potentially resulting in business-breaking fines. Experts called it one of Europe’s most significant rulings this year, noting €5,000 per visitor could multiply rapidly for sites with large user bases.

The European Union unveils new rules to regulate artificial intelligence. 

The European Union has unveiled new rules to regulate artificial intelligence, targeting powerful general-purpose A.I. systems like those from OpenAI, Microsoft, and Google. The guidelines, part of the A.I. Act passed last year, require companies to improve transparency, limit copyright violations, and protect public safety. Tech firms must disclose what data trains their models and conduct risk assessments to prevent misuse, such as creating biological weapons. The voluntary “code of practice” takes effect on August 2, 2025, with penalties enforceable from 2026. While EU officials say the rules promote innovation and safety, critics argue they were weakened to gain industry support. Some fear strict regulation will hamper Europe’s competitiveness against the U.S. and China. Google and OpenAI are reviewing the guidelines; Microsoft declined to comment. The rules follow growing concerns about A.I. misuse, including recent antisemitic comments by Elon Musk’s chatbot Grok. The A.I. Act will take full effect in coming years.

London’s Iran International news confirms cyberattacks from Banished Kitten. 

Iran International, a Persian-language 24/7 television news network based in London, confirmed that materials published from its journalists’ hacked Telegram accounts are linked to two cyberattacks in summer 2024 and January 2025. The news outlet said hackers may have installed malware on journalists’ computers through compromised Telegram accounts. Iranian state media published screenshots from internal chats earlier this week. The attacks were carried out by Banished Kitten (also known as Storm-0842 and Dune), a group operating under Iran’s Ministry of Intelligence. Iran International said the hacks are part of a broader intimidation campaign, including physical threats against staff. The channel stated it has taken measures to protect employees and will continue its mission of delivering independent, uncensored news. Iran International, a Persian-language broadcaster labelled a terrorist organization by Tehran, has faced threats before, including the stabbing of host Pouria Zeraati in London in 2024 and a terrorism conviction against a man filming its premises in 2023.

Treasury sanctions a North Korean hacker over fake IT worker schemes. 

The U.S. Treasury has sanctioned North Korean hacker Song Kum Hyok for his role in the Andariel group, a sub-cluster of Lazarus focused on ransomware and crypto heists. Song facilitated schemes using stolen U.S. identities to help DPRK IT workers get remote jobs at American companies, splitting their income to fund North Korea’s weapons programs. Some workers also installed malware and stole data from employers. Andariel, also known as APT45 or Silent Cholima, operates under North Korea’s Reconnaissance General Bureau.

Microsoft confirms a widespread issue preventing organizations from deploying the latest Windows updates. 

Microsoft has confirmed a widespread issue affecting Windows Server Update Services (WSUS), preventing organizations from syncing with Microsoft Update and deploying the latest Windows updates. The system normally syncs daily, but since last night, admins have reported failed sync attempts with errors such as “A connection attempt failed” and .NET timeouts. Microsoft identified the root cause as a “problematic update revision in the storage layer” that blocks synchronization. The issue began around 12:30 am ET and affects both automatic and manual syncs. Microsoft says there are currently no workarounds and that they are working on a fix. 

Agreements over AI help end a year-long Hollywood strike. 

Hollywood video game voice and motion capture actors have signed a new contract with game studios, ending a nearly year-long strike. The deal includes AI consent and disclosure requirements to protect performers, along with safety measures and medics for high-risk motion capture jobs. Actors will receive a 15.17% pay increase, with additional raises through 2027. SAG-AFTRA highlighted AI protections as the key achievement, with negotiation committee member Sarah Elmaleh calling AI “the centerpiece” of their proposal package.

Researchers take an  in-depth look at ClickFix. 

Palo Alto Networks Unit 42 has published an in-depth analysis of ClickFix, the rising social engineering technique where attackers trick users into running malicious commands disguised as “quick fixes” for computer issues. Campaigns in 2025 include NetSupport RAT, Latrodectus malware, and Lumma Stealer, targeting sectors from finance to healthcare. ClickFix lures often abuse legitimate brands like DocuSign or Okta and exploit clipboard injection, instructing victims to paste harmful PowerShell commands. These attacks bypass standard detection as victims execute malware themselves, enabling credential theft, RAT infections, and ransomware. Hunting tips include reviewing RunMRU registry keys, EDR telemetry, clipboard use, and Event ID 4688 for suspicious process launches. Palo Alto urges organizations to deploy strong detection, educate employees, and remain vigilant as ClickFix evolves rapidly across global attack campaigns.

Password insecurity with a side of fries. 

And finally, if you’re applying to McDonald’s these days, prepare to charm Olivia, the AI chatbot gatekeeper who screens résumés and asks personality-test questions with all the warmth of a soggy french fry. But Olivia had a secret: her platform, run by Paradox.ai, could be breached with the cybersecurity equivalent of leaving the drive-thru cash drawer open, a password of “123456.”

Security researchers Ian Carroll and Sam Curry stumbled upon this password tragedy while wondering why burger-flippers needed to impress a chatbot. Within half an hour of “applying,” they accessed up to 64 million applicant records dating back years, thanks to laughably weak security and basic web vulnerabilities.

Paradox.ai swiftly admitted the oversight, insisting no one else accessed the data and vowing to launch a bug bounty program. McDonald’s, meanwhile, said it was “disappointed” in Paradox.ai. It was never their intent to serve up a potential data leak. Do you want fries with that?

 

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

 

And that’s the CyberWire Daily, brought to you by N2K CyberWire.

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re proud that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K helps cybersecurity professionals and organizations grow, learn, and stay ahead. We’re the nexus for discovering the people, tech, and ideas shaping the industry.  Learn how at n2k.com.

We'd love to hear from you. We're conducting our annual audience survey to learn more about our listeners. We're collecting your insights until August 31, 2025. There's a link in the show notes.

 

N2K’s senior producer is Alice Carruth. Our producer is Liz Stokes. We’re mixed by Elliott Peltzman and Tré Hester, with original music by Elliott Peltzman. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.

CyberWire Daily
Podcast Info
HOST(S):
Dave Bittner
Dave Bittner is a security podcast host and one of the founders at CyberWire. He's a creator, producer, videographer, actor, experimenter, and entrepreneur. He's had a long career in the worlds of television, journalism and media production, and is one of the pioneers of non-linear editing and digital storytelling.
Schedule: Monday-Friday
Creator: CyberWire, Inc.