Podcasts
CyberWire Daily
Ep 2445
The CyberWire Daily Podcast 12.3.25
Ep 2445 | 12.3.25

Just another day of scamming and jamming.

Show Notes
Transcript

The DOJ shuts down another scam center in Myanmar. OpenAI confirms a Mixpanel data breach. A new phishing campaign targets company executives. A bipartisan bill looks to preserve the State and Local Cybersecurity Grant Program. Universities suffer Oracle EBS data breaches. India reports GPS jamming at eight major airports. Kaiser Permanente settles a class action suit over tracking pixels. The FTC plans to require a cloud provider to delete unnecessary student data. An international initiative is developing guidelines for commercial spyware. Our N2K Producer Liz Stokes speaks with Kristiina Omri, Director of Special Programs for CybExer Technologies about the cyber ranges for NATO and ESA. Iranian hackers give malware a retro reboot.

Today is Wednesday December 3rd 2025. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

The DOJ shuts down another scam center in Myanmar. 

The Department of Justice has seized a fraudulent website, tickmilleas.com, that was used by a Myanmar-based scam center to steal thousands of dollars from multiple victims. According to an affidavit, the domain spoofed legitimate trading platform TickMill and was traced by the Scam Center Strike Force to the Tai Chang scam compound in Kyaukhat, Myanmar, which authorities raided three weeks ago. Victims were tricked into depositing funds after scammers showed fabricated investment returns and fake account deposits. The FBI says several victims sent cryptocurrency to the site in the past month. The domain also pushed fraudulent mobile apps that have since been removed by Google and Apple. U.S. officials have placed a law enforcement notice on the site as part of broader efforts targeting Southeast Asian scam compounds.

OpenAI confirms a Mixpanel data breach. 

Analytics firm Mixpanel quietly disclosed a security incident in a brief Thanksgiving-eve blog post that offered almost no specifics. CEO Jen Taylor said only that something occurred on November 8 and that it affected some customers. She did not respond to follow-up questions. OpenAI, however, confirmed two days later that customer data was stolen, since it uses Mixpanel to analyze developer-facing website traffic. Exposed information included names, emails, approximate locations from IP addresses, and device details. OpenAI said regular ChatGPT users were not affected and ended its use of Mixpanel. The incident highlights how analytics companies collect extensive user data and have become valuable targets. Mixpanel has not explained the breach’s cause or scope, leaving open how many people may be affected.

A new phishing campaign targets company executives. 

A new phishing campaign is targeting company executives with a coordinated attack that steals credentials and installs malware. Identified by Trustwave MailMarshal researchers, the “Executive Award” scam begins with a phishing email posing as a Cartier recognition notice. Victims receive a password-protected ZIP file containing a personalized lure that leads to a fake webmail login page, where stolen credentials are sent to a Telegram channel. A second stage uses a deceptive ClickFix technique delivered through a malicious SVG file that displays a fake Chrome error and urges users to run a PowerShell “fix.” This executes a multi-stage chain that installs the Stealerium infostealer, which can harvest browser data, wallets, and system information. Researchers linked the infrastructure to IP address 31.57.147.77 and two Telegram bots used for exfiltration.

A bipartisan bill looks to preserve the State and Local Cybersecurity Grant Program. 

A bipartisan group of senators has introduced legislation to reauthorize the State and Local Cybersecurity Grant Program, which has supplied $1 billion over four years to help state, local, and tribal governments defend against cyberattacks. The State and Local Cybersecurity Grant Program Reauthorization Act, led by Senators Maggie Hassan and John Cornyn, is intended to ensure continued support for ongoing cybersecurity projects. Hassan said the program helps protect essential services such as schools, utilities, and emergency response systems. Cornyn noted that Texas has received nearly $40 million and said communities need sustained resources as digital threats grow. Hassan has also backed efforts to create state-level Cybersecurity Coordinator roles. Last month’s temporary funding bill included short-term extensions of this grant program and the Cybersecurity Information Sharing Act of 2015, giving lawmakers more time to pursue long-term reauthorizations.

Universities suffer Oracle EBS data breaches. 

The University of Pennsylvania is notifying individuals of a data breach involving its Oracle EBS system, which supports supplier payments and other business functions. Nearly 1,500 Maine residents were affected, though the total number remains undisclosed. The University of Phoenix also reported an Oracle-related intrusion, discovered after it appeared on the Cl0p leak site. Exposed data includes names, contact details, dates of birth, Social Security numbers, and bank account information. The broader Oracle EBS campaign has impacted more than 100 organizations, including multiple universities and major companies.

India reports GPS jamming at eight major airports. 

India’s Civil Aviation Minister has reported GPS spoofing and jamming at eight major airports, noting recent incidents in Delhi and ongoing activity since 2023 in Kolkata, Amritsar, Mumbai, Hyderabad, Bangalore, and Chennai. GPS interference can overwhelm or mimic satellite signals, preventing pilots from relying on navigation systems. A 2025 jamming incident forced pilots carrying European Commission president Ursula von der Leyen to switch to manual navigation, though the minister offered no attribution for India’s events and said no harm occurred. The Airports Authority of India has asked the Wireless Monitoring Organization to identify the source of interference. The minister added that the AAI is deploying advanced cybersecurity measures and continually upgrading protections as aviation cyber threats evolve.

Kaiser Permanente settles a class action suit over tracking pixels. 

Kaiser Permanente has agreed to pay up to $47.5 million to settle consolidated class action claims over its use of tracking code on websites, patient portals, and mobile apps, which allegedly shared patient data with third parties such as Google, Microsoft, and X. Kaiser reported the incident in April 2024 as a HIPAA breach affecting 13.4 million people, the year’s second-largest health data breach. The settlement covers members in nine states and D.C., with pro rata payments for approved claimants. Kaiser denies wrongdoing and says it has removed the tracking tools.

The FTC plans to require a cloud provider to delete unnecessary student data. 

The Federal Trade Commission plans to require Illuminate Education to delete unnecessary student data and strengthen its security as part of a proposed settlement over a 2021 incident that exposed information on about 10 million students. The move follows a separate $5.1 million settlement with California, Connecticut, and New York. Illuminate, a cloud provider for K-12 schools, collected extensive academic and demographic data but, according to the FTC, lacked access controls, monitoring, patching, and encryption. A hacker used credentials from a former employee to access databases hosted by a third-party cloud provider and exfiltrate student records, health information, and other personal details. The FTC says the company ignored prior warnings and misrepresented its security practices, and waited two years to notify schools. The order will require security improvements, data deletion, and accurate future disclosures.

An international initiative is developing guidelines for commercial spyware. 

An international initiative is developing guidelines for commercial spyware and related cyber-intrusion providers to curb “irresponsible” behavior. The Pall Mall Process, launched in 2024 by the UK and France, now includes 27 governments and major tech companies such as Google, Microsoft, Apple, and Meta. Its second phase seeks input from the offensive-cyber industry to define responsible conduct for private-sector firms. The UK’s National Cyber Security Centre says commercial cyber intrusion capabilities, including exploit development, malware creation, C2 services, and hacking-as-a-service, can support law enforcement and national security but pose risks without safeguards. The effort aims to set expectations across the broader ecosystem of developers, brokers, and operators while addressing misuse as demand for zero-day exploits grows. The consultation closes December 22.

 

Coming up next, we have a conversation our N2K Producer Liz Stokes and Kristiina Omri. Kristiina is the Director of Special Programs for CybExer Technologies. She and Liz caught up during Liz’s  visit to Tallinn, Estonia about the cyber ranges for NATO and ESA. We’ll be right back.

Welcome back.

Iranian hackers give malware a retro reboot. 

Security researchers say Iranian nation-state hackers have taken creative inspiration from a simpler era, disguising malware as the classic Snake game. Eset found MuddyWater, the group tied by U.S. intelligence to Iran’s Ministry of Intelligence and Security, using Snake’s signature lag as a feature: inserting execution delays to dodge antivirus tools that dislike anything too quick on the trigger. The group targeted telecom, government, and energy organizations in Israel and Egypt, leaning as always on phishing emails that deliver remote-monitoring tools through free file-sharing sites. Their Snake-themed “Fooder” loader deployed a new backdoor dubbed MuddyViper, which lives only in memory and settles in through startup folders or scheduled tasks. Additional credential stealers and a reverse SOCKS5 tunnel rounded out the toolkit, suggesting growing sophistication, if not quite maturity.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

 

And that’s the CyberWire Daily, brought to you by N2K CyberWire.

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re proud that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K helps cybersecurity professionals and organizations grow, learn, and stay ahead. We’re the nexus for discovering the people, tech, and ideas shaping the industry.  Learn how at n2k.com.

N2K’s senior producer is Alice Carruth. Our producer is Liz Stokes. We’re mixed by Elliott Peltzman and Tré Hester, with original music by Elliott Peltzman. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.

 

CyberWire Daily
Podcast Info
HOST(S):
Dave Bittner
Dave Bittner is a security podcast host and one of the founders at CyberWire. He's a creator, producer, videographer, actor, experimenter, and entrepreneur. He's had a long career in the worlds of television, journalism and media production, and is one of the pioneers of non-linear editing and digital storytelling.
Schedule: Monday-Friday
Creator: CyberWire, Inc.