From small charges to big busts.

Operation “Chargeback” takes down global fraud networks. An investigation reveals the dangers of ADINT. M&S profits plunge after a cyberattack. Google patches a critical Android flaw. Asian prosecutors seize millions from an accused Cambodian scam kingpin. Ohio residents are still guessing water bills months after a cyberattack. Houston firefighters deny blame in city data breach. Nikkei reports a slack breach exposing 17,000 records.The Google–Wiz deal clears DOJ review. Ann Johnson welcomes her Microsoft colleague Frank X. Shaw⁠ to Afternoon Cyber Tea. Norway parks its Chinese Bus in a cave, just in case.

Today is Wednesday November 5th 2025. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

Operation “Chargeback” takes down global fraud networks.

An international law enforcement operation dubbed “Chargeback” has dismantled three major fraud and money laundering networks accused of stealing credit card data from more than 4.3 million people worldwide. Coordinated by prosecutors in Koblenz, Germany, and supported by Europol and Eurojust, the November 4th action spanned nine countries and led to 18 arrests and over 60 searches.

Between 2016 and 2021, suspects allegedly used stolen card data to create fake online subscriptions, mostly for adult and streaming sites, charging small, recurring amounts to evade detection. The scheme funneled transactions through four German payment providers, aided by complicit executives and shell companies registered in the UK and Cyprus.

Authorities estimate losses exceeding EUR 300 million, with over EUR 35 million already seized. Europol praised the operation as a model of international cooperation and a warning to cybercriminals hiding behind digital borders.

An investigation reveals the dangers of ADINT. 

An investigation from Germany’s netzpolitik.org called the  “Databroker Files” shows how ad-tech location data can unmask where EU officials live, work, and commute, even inside the Commission’s Berlaymont and NATO headquarters. Analysts reviewed two datasets with 278 million Belgian location records and, using mobile advertising IDs, linked pings to identifiable individuals and routes.

Preview samples alone surfaced thousands of signals from EU institutions, including roughly 2,000 pings at the Commission and 5,800 at Parliament. NATO sites saw 9,600 pings from 543 devices. The Commission issued new staff guidance on ad tracking. Members of the European Parliament now urge tighter curbs, up to bans on tracking and large-scale profiling, citing espionage risks.

“Advertising-based intelligence,” or ADINT, turns routine app data into operational targeting, outpacing GDPR’s consent model and inconsistent enforcement. The result is a security and privacy gap at the heart of Europe’s institutions.

M&S profits plunge after a cyberattack. 

Marks & Spencer’s profits plunged 99% in the first half of the year after a cyber-attack crippled online orders for months and disrupted store operations. Statutory pre-tax profit fell from £392 million to £3.4 million, though the retailer has received £100 million in insurance payouts, roughly matching costs so far. M&S expects further expenses as recovery continues.

Despite the turmoil, underlying profit reached £184 million, and food sales rose 7.8%, signaling resilience. Analysts called the performance “outstanding” given the extended outage, while rival Next enjoyed a temporary sales boost. Executives said profits should rebound in the second half as operations stabilize and shoppers return for Christmas. M&S still estimates the full impact of the hack at around £300 million.

Google patches a critical Android flaw. 

Google’s November 2025 Android update fixes a critical flaw (CVE-2025-48593) allowing remote code execution in the System component without user interaction. The bug affects Android 13 through 16. A second issue (CVE-2025-48581), rated high severity, could let attackers block security updates on Android 16 devices. Both vulnerabilities are patched in devices updated to security level 2025-11-01 or later. Google has released fixes to the Android Open Source Project, with manufacturers rolling out updates to users.

Asian prosecutors seize millions from an accused Cambodian scam kingpin.

Authorities in Taiwan, Hong Kong, and Singapore have seized hundreds of millions in assets linked to Chen Zhi, the Cambodian businessman accused by the U.S. of running a vast global scam network through his Prince Holding Group. U.S. prosecutors charged Chen in October with wire fraud and money laundering conspiracies, alongside a $14 billion cryptocurrency seizure.

Recent raids uncovered luxury cars, high-end apartments, and yachts across Asia, with Taiwan seizing $150 million, Hong Kong $353 million, and Singapore over $114 million. The U.K. also froze properties worth nearly $145 million. Prosecutors say Chen’s network defrauded victims worldwide through “pig butchering” and investment scams generating up to $30 million a day.

Chen, a naturalized Cambodian citizen and former adviser to Prime Minister Hun Manet, has not commented publicly.

Ohio residents are still guessing water bills months after a cyberattack. 

More than two months after a cyberattack crippled Middletown, Ohio’s systems, residents are still paying estimated water bills because the city can’t calculate actual usage. The August hack also halted background checks and disrupted city email, forcing residents to visit city hall to pay in person. Officials haven’t confirmed if personal data was compromised but suspect ransomware.

The city has upgraded servers and pledged a grace period once billing resumes. Cyber experts say smaller municipalities like Middletown are increasingly targeted by state-backed or criminal gangs exploiting weak IT defenses. A new Ohio law now requires cities to adopt cybersecurity programs, report incidents, and prohibits ransom payments without council approval.

Residents, meanwhile, keep receipts and hope billing returns to normal by spring.

Houston firefighters deny blame in city data breach. 

Houston firefighters say they’re being wrongly blamed for a data breach that exposed 7,525 Social Security numbers. The City of Houston emailed a link meant for promotion exam info, but it led to unsecured folders containing personal data. A firefighter reported the issue immediately, prompting the Fire Chief to block access. Union president Patrick Lancton called city claims that firefighters “downloaded” sensitive files false, arguing the city failed to secure its own data. City officials say the access was inadvertent.

Nikkei reports a slack breach exposing 17,000 records.

Japanese media giant Nikkei Inc., owner of The Financial Times, disclosed a data breach affecting 17,368 employees and partners after attackers accessed its Slack workspace using stolen credentials. The compromise began when an employee’s malware-infected computer exposed authentication data, allowing unauthorized entry into Nikkei’s internal communications. Exposed information includes names, emails, and full chat histories. The company has reset passwords, notified affected users, and reported the breach to Japan’s data protection authority, though not legally required to do so.

The Google–Wiz deal clears DOJ review. 

Alphabet’s Google and cybersecurity firm Wiz have cleared a major hurdle in their $32 billion merger after the U.S. Department of Justice ended its antitrust review. The FTC notice, dated October 24, confirms early termination of the investigation, signaling no objection to closing the deal. Wiz CEO Assaf Rappaport confirmed the development, though other regulators continue to review the merger. The decision offers rare good news for Google, which remains under global antitrust scrutiny following multiple U.S. court rulings.

Norway parks its Chinese Bus in a cave, just in case. 

Deep inside a cold Norwegian mountain, a city bus waits quietly in an abandoned lime mine. It’s not lost, it’s a test subject. Investigators, armed with spectrum analyzers and mild suspicion, are dissecting a Chinese-made electric bus to see whether it’s phoning home to Beijing.

What they find isn’t espionage, just a computer, a SIM card, and a quiet reminder that modern vehicles are more data center than diesel engine. Theoretically, a single software update could freeze every bus in Oslo mid-commute. The risk is small, but not imaginary, so Norway is pulling the SIMs, better safe than cyber-sorry.

The tale from the tunnel captures our uneasy age: we love smart machines, right up until they get too smart. Somewhere between paranoia and prudence, we’re all deciding how much control we’re willing to surrender for convenience on wheels, or in our pockets.

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

 

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re proud that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K helps cybersecurity professionals and organizations grow, learn, and stay ahead. We’re the nexus for discovering the people, tech, and ideas shaping the industry.  Learn how at n2k.com.

 

N2K’s senior producer is Alice Carruth. Our producer is Liz Stokes. We’re mixed by Elliott Peltzman and Tré Hester, with original music by Elliott Peltzman. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.