Podcasts
CyberWire Daily
Ep 2450
The CyberWire Daily Podcast 12.10.25
Ep 2450 | 12.10.25

When preview pane becomes preview pain.

Show Notes
Transcript

Patch Tuesday. Federal prosecutors charge a Houston man with smuggling Nvidia chips to China, a Ukrainian woman for targeting critical infrastructure, and an Atlanta activist for wiping his phone. The power sector sees cyber threats doubling. The new Spiderman phishing kit slings its way across the dark web. Our guest is Dick O'Brien, Principal Intelligence Analyst from Symantec and Carbon Black Threat Hunter Team, discussing “Unwanted Gifts: Major Campaign Lures Targets with Fake Party Invites.” The Pentagon unveils a killer chatbot.

Today is Wednesday December 10th 2025. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

Patch Tuesday

Microsoft’s December Patch Tuesday rolls out fixes for 57 vulnerabilities, including three zero days. Only one is under active exploitation: CVE-2025-62221, a use-after-free flaw in the Windows Cloud Files Mini Filter Driver that allows privilege escalation to System. Microsoft says it has seen in-the-wild activity but has not shared attack details. A second Mini Filter Driver bug, CVE-2025-62454, carries the same severity and is likely to be exploited. Publicly disclosed command injection issues in Copilot for JetBrains and PowerShell also received patches, along with 13 Office vulnerabilities that include two high-severity remote code execution flaws triggered through the Preview Pane.

Adobe issued nearly 140 fixes across ColdFusion and Experience Manager, addressing critical remote code execution, widespread cross-site scripting, and vulnerable components. Major industrial vendors published advisories covering code execution, denial of service, and unauthorized access across Siemens, Schneider Electric, Rockwell Automation, and Phoenix Contact products. Google closed the GeminiJack prompt-injection weakness in Gemini Enterprise, which allowed hidden instructions in documents or emails to drive automated data exfiltration. Fortinet patched 18 vulnerabilities, including two authentication bypass flaws in FortiCloud SSO login and several high-severity issues across FortiWeb, FortiSandbox, and FortiVoice.

Federal prosecutors charge a Houston man with smuggling Nvidia chips to China, a Ukrainian woman for targeting critical infrastructure, and an Atlanta activist with wiping his phone. 

Federal prosecutors say a Houston business owner illegally moved at least 160 million dollars in restricted Nvidia AI chips to China. The Justice Department says Alan Hao Hsu pleaded guilty to smuggling H100 and H200 GPUs by falsifying shipping documents and routing more than 50 million dollars in payments from China to fund the operation.

Authorities tied Hsu and his company to Operation Gatekeeper, a broader crackdown that also led to arrests of two additional suspects accused of using straw buyers, fake labels, and misclassified paperwork to secretly ship GPUs to China and Hong Kong.

U.S. prosecutors have charged Ukrainian national Victoria Dubranova for allegedly supporting Russian state-backed hacktivist groups behind cyberattacks on critical infrastructure, including U.S. water systems, election systems, and nuclear entities. She faces separate indictments tied to NoName057(16) and CyberArmyofRussia_Reborn, and has pleaded not guilty in both cases.

The indictments say NoName operated a state-sanctioned DDoS effort using its DDoSia tool, while CARR, founded and directed by Russia’s GRU, claimed hundreds of attacks worldwide. Prosecutors say CARR damaged U.S. drinking water systems, triggered an ammonia leak at a Los Angeles facility, and targeted nuclear and election systems.

Federal prosecutors have charged Atlanta activist Samuel Tunick for allegedly deleting data from a Google Pixel phone before a Customs and Border Protection officer could search it. Court records say Tunick intentionally wiped the device on January 24 to prevent the government from taking it into custody. The indictment was filed in November, and he was arrested earlier this month.

The search was to be carried out by a CBP Tactical Terrorism Response Team officer, a unit civil liberties groups describe as secretive and aggressive in targeting and detaining travelers. Tunick has since been released with travel restrictions as the case continues.

Charges tied specifically to wiping a phone are uncommon, raising questions about device searches at U.S. ports of entry.

The power sector sees cyber threats doubling. 

The power sector’s rapid digital transformation is boosting efficiency, yet cyberattacks are growing faster than utilities can respond. Schneider Electric’s Shubbhronil Roy says grid threats have more than doubled in two years, creating real risk of large-scale disruption. A GlobalData survey shows uneven readiness: only 36 percent of respondents fully implement and regularly test cybersecurity measures, while others report partial adoption, stalled plans, or no plans at all.

Professionals cite supply chain exposure as the sector’s weakest point, followed by risks across smart meters, IT and OT systems, and human error. Experts warn that software dependencies, IT/OT convergence, and emerging AI-driven attacks are widening the attack surface.

The new Spiderman phishing kit slings its way across the dark web. 

Researchers say a new phishing kit called Spiderman is spreading on the dark web and making it simple for low-skill attackers to mimic European banks and crypto platforms. Varonis reports that the full-stack kit lets operators clone login pages for dozens of institutions and launch broad, cross-country campaigns.

Targets include Deutsche Bank, Commerzbank, ING, and CaixaBank, along with crypto wallets. The seller’s community has about 750 members, suggesting active use. The kit collects victims’ credentials in real time and can request more data, such as credit card numbers and one-time security codes, enabling full account takeover. Built-in geo-blocking and filters help the phishing pages evade detection. Researchers expect real-time code interception to accelerate financial fraud across Europe.

A pair of U.S. healthcare organizations suffer data breaches. 

Two U.S. healthcare organizations are notifying about 520,000 people that their sensitive information was exposed in separate hacking incidents. VITAS Hospice Services reported that an unauthorized party compromised a vendor account and accessed its systems between late September and late October, affecting more than 319,000 individuals. Exposed data may include personal details, medical information, and insurance records.

Tri Century Eye Care reported a separate intrusion impacting 200,000 people after an unknown actor accessed its network and obtained files containing personal and health information. Both organizations say they strengthened security and informed regulators and law enforcement.

These breaches show how vendor access and network intrusions continue to expose large volumes of protected health information.

 

The Pentagon unveils a killer chatbot. 

Secretary of War Pete Hegseth introduced GenAI.mil with the solemn gravitas usually reserved for unveiling a new missile system, though the platform appears to be a glorified Google Gemini chatbot that mostly rearranges spreadsheets. In classic second-Trump-administration fashion, Hegseth framed office automation as an existential race for global dominance, assuring the public that formatting documents at “unprecedented speed” will somehow make the U.S. military “more lethal than ever.”

Under Secretary Emil Michael followed up with his own sermon on Manifest Destiny, suggesting God Himself wants federal workers to have AI autocomplete. The Pentagon insists the system is reliable because it’s grounded in Google Search, which is bold given Google’s recent habit of confidently ingesting and regurgitating nonsense.

Officials promise three million users will soon have access, though the site immediately went down, perhaps the first recorded instance of a battlefield AI retreating before it ever deployed.

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

 

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re proud that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K helps cybersecurity professionals and organizations grow, learn, and stay ahead. We’re the nexus for discovering the people, tech, and ideas shaping the industry.  Learn how at n2k.com.

 

N2K’s senior producer is Alice Carruth. Our producer is Liz Stokes. We’re mixed by Elliott Peltzman and Tré Hester, with original music by Elliott Peltzman. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.

CyberWire Daily
Podcast Info
HOST(S):
Dave Bittner
Dave Bittner is a security podcast host and one of the founders at CyberWire. He's a creator, producer, videographer, actor, experimenter, and entrepreneur. He's had a long career in the worlds of television, journalism and media production, and is one of the pioneers of non-linear editing and digital storytelling.
Schedule: Monday-Friday
Creator: N2K Networks, Inc.