Podcasts
CyberWire Daily
Ep 2413
The CyberWire Daily Podcast 10.15.25
Ep 2413 | 10.15.25

Prince of fraud loses crown.

Show Notes
Transcript

A record-breaking Bitcoin seizure. Patch Tuesday notes. Capita fined for unlawful access to personal data. Unity site skimmed by malicious script. Vietnam Airlines breached potentially exposing 20 million passengers. An automotive giant experiences a third-party breach. Tim Starks from CyberScoop is discussing how Sen. Peters tries another approach to extend expired cyber threat information-sharing. In our latest Threat Vector, David Moulton⁠ sits down with⁠ Harish Singh about hybrid work. And inside North Korea's blueprints for deception.

Today is October 15th, 2025. I’m Maria Varmazis, host of N2K’s T-Minus Space Daily, taking the mic for Dave Bittner. And this is your CyberWire Intel Briefing.

Record-breaking Bitcoin seizure.

U.S. and U.K. law enforcement have seized approximately 127,271 bitcoins—valued at around $15 billion—linked to the so-called Prince Group scam empire. This marks the largest cryptocurrency seizure in U.S. history. Authorities allege the group, run by Cambodian-based operator Chen Zhi, orchestrated large-scale “pig butchering” scams (also known as romance/investment frauds) and forced labor camps across Southeast Asia. The crackdown also includes sanctions on 146 entities tied to the criminal network, and the freezing of luxury properties in London. While Chen Zhi remains at large, officials say the move targets the financial backbone sustaining one of the most expansive cyberfraud operations ever identified. 

Patch Tuesday notes.

Microsoft yesterday issued patches for 172 vulnerabilities, including six zero-day flaws, BleepingComputer reports. Three of the zero-days are being actively exploited, while the others were publicly disclosed before a patch was available. KrebsOnSecurity notes that this is the last month that Windows 10 will receive security patches unless customers enroll in the Extended Security Updates program. The operating system has officially reached end-of-life. The Register reports that Adobe has fixed 36 vulnerabilities in its products, including several critical remote code execution flaws. SAP has issued 13 new security notes and updated four previous security notes. Three of the flaws are deemed critical. SecurityWeek notes that Fortinet and Ivanti have also fixed high-severity flaws.

Capita fined for unlawful access to personal data. 

Capita, a major UK outsourcing and IT services firm, has been fined £14 million by the UK Information Commissioner’s Office (ICO) for a 2023 data breach affecting over 6.6 million individuals. The breach involved unlawful access to personal data—names, addresses, phone numbers, and sensitive identifiers—stemming from inadequate security measures at a third-party provider. The ICO ruled that Capita failed to take “appropriate technical and organizational measures” to protect the data, particularly during transfers to and from its subcontracted systems. The penalty reflects both the scale of harm and the company’s level of responsibility as data processor and controller. Capita has committed to improving its security posture and embedding stricter oversight over subcontractors.

Unity site skimmed by malicious script.

A malicious script was discovered on Unity’s website that skimmed sensitive information from hundreds of users during checkout for asset packages. The information included names, email addresses, phone numbers, and credit card details. SecurityWeek reports that the injection persisted for at least five days in August. The script targeted Unity’s Store and Asset Store services. Unity confirmed the incident and stated it had removed the code and launched an investigation, though it did not publicly disclose the full extent of the data exposure. The company advised affected customers to monitor financial accounts and consider changing credentials.

Vietnam Airlines breached potentially exposing 20 million passengers.

Personal data of potentially 20 million Vietnam Airlines passengers were exposed  due to a security breach. The threat actor may have accessed "certain customer data," but the airline says the breach did not affect "payment information, passwords, travel itineraries, Lotusmiles balances, [or] passport details." The airline attributed the exposure to unauthorized access within third-party systems that interface with its operations. While the company insists it is investigating, it has not fully disclosed the breach’s scope or whether those affected have been notified. 

The incident reportedly involved the airline's Salesforce instance, and the Scattered LAPSUS$ Hunters group has claimed responsibility for the attack.

Automotive giant Stellantis experiences third-party breach.

Stellantis, the automotive giant behind brands like Jeep and Chrysler, confirmed a data breach via a third-party service provider supporting its North American customer service operations. The exposed data was limited to basic contact details — names, email addresses, phone numbers — and did not include financial or deeply sensitive personal information. While the company has initiated its incident response, notified affected customers, and engaged authorities, it did not specify how many individuals were impacted. The breach arises amid a broader uptick in cyberattacks targeting automakers and their third-party connectors.

 

Coming up after the break, Dave is joined by CyberScoop’s Tim Starks to unpack Senator Peters’ latest push to revive a key cyber threat information-sharing law. Then, in our Threat Vector segment, Wipro’s Harish Singh joins David Moulton to explore how hybrid work, SaaS, and AI are reshaping the cybersecurity game. And, North Korea's blueprints for deception. Stick around.

Today, Dave is joined by CyberScoop’s Tim Starks to unpack Senator Peters’ latest push to revive a key cyber threat information-sharing law. Here is their conversation. 

That was Dave Bittner joined by CyberScoop’s Tim Starks to unpack Senator Peters’ latest push to revive a key cyber threat information-sharing law. 

On our Threat Vector segment, Wipro’s Harish Singh joins David Moulton to explore how hybrid work, SaaS, and AI are reshaping the cybersecurity game. 

That was David Moulton with Wipro’s Harish Singh. If you enjoyed this conversation, be sure to check out more episodes of Threat Vector—available every Thursday wherever you get your podcasts. 

North Korea's blueprints for deception.

In a surprising twist to North Korea’s cyber playbook, researchers say operatives from the DPRK have taken up a new trade — architecture. Cybersecurity firm Kela uncovered evidence showing North Korean workers posing as U.S.-based architects and structural engineers, using fake résumés, forged Social Security numbers, and even counterfeit professional seals to land freelance design jobs online.

Investigators found detailed floor plans, 3D renderings, and construction documents for projects ranging from decks and farmhouses to treehouses and swimming pools — all traced back to accounts linked to the regime’s IT operations. It’s the latest evolution in North Korea’s digital money-making machine. The United Nations estimates that thousands of DPRK tech workers generate up to $600 million a year for the regime, often funneling their earnings back home to fund nuclear programs and evade sanctions.

Experts say the scheme raises new concerns about safety, integrity, and just how deeply these operatives have blended into legitimate industries. So while North Korea’s “builders” might be branching out, it’s a reminder that not every blueprint has an honest foundation.

 

And that’s the CyberWire Daily, brought to you by N2K CyberWire. For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re proud that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K helps cybersecurity professionals and organizations grow, learn, and stay ahead. We’re the nexus for discovering the people, tech, and ideas shaping the industry.  Learn how at n2k.com.

 

N2K’s senior producer is Alice Carruth. Our producer is Liz Stokes. We’re mixed by Elliott Peltzman and Tré Hester, with original music by Elliott Peltzman. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher, and I’m Maria Varmazis in this week for Dave Bittner. Thanks for listening.

CyberWire Daily
Podcast Info
HOST(S):
Dave Bittner
Dave Bittner is a security podcast host and one of the founders at CyberWire. He's a creator, producer, videographer, actor, experimenter, and entrepreneur. He's had a long career in the worlds of television, journalism and media production, and is one of the pioneers of non-linear editing and digital storytelling.
Schedule: Monday-Friday
Creator: CyberWire, Inc.