CyberWire Daily - From small charges to big busts.
Episode Date: November 5, 2025Operation “Chargeback” takes down global fraud networks. An investigation reveals the dangers of ADINT. M&S profits plunge after a cyberattack. Google patches a critical Android flaw. Asian prosec...utors seize millions from an accused Cambodian scam kingpin. Ohio residents are still guessing water bills months after a cyberattack. Houston firefighters deny blame in city data breach. Nikkei reports a slack breach exposing 17,000 records.The Google–Wiz deal clears DOJ review. Ann Johnson welcomes her Microsoft colleague Frank X. Shaw to Afternoon Cyber Tea. Norway parks its Chinese Bus in a cave, just in case. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Afternoon Cyber Tea On this month's segment from Afternoon Cyber Tea, host Ann Johnson welcomes Frank X. Shaw, Chief Communications Officer at Microsoft, to explore the critical role of communication in cybersecurity. They discuss how transparency and trust shape effective response to cyber incidents, the importance of breaking down silos across teams, and how AI is transforming communication strategies. You can listen to Ann and Frank's full conversation here, and catch new episodes of Afternoon Cyber Tea every other Tuesday on your favorite podcast app. Selected Reading Operation Chargeback: 4.3 million cardholders affected, EUR 300 million in damages - Three criminal networks suspected of misusing credit card data from cardholders across 193 countries; 18 suspects arrested (Europol) Databroker Files: Targeting the EU (Netzpolitik) M&S profits almost wiped out after cyber hack left shelves empty (BBC News) Google releases November 2025 Android patch, fixes critical zero-click flaw (Beyond Machines) Prosecutors seize yachts, luxury cars from man accused of running Cambodia cyberscams (NPR) Cyberattack that crippled Middletown's systems shows how hackers target smaller cities (Cincinnati.com) Houston data breach exposes firefighters’ personal info, union says they’re being blamed (Click2Houston) Japanese publishing company Nikkei suffers Slack compromise exposing data of over 17,000 people (Beyond Machines) Google Clears DOJ Antitrust Hurdle for $32 Billion Wiz Deal (Bloomberg) Dybt i et norsk fjeld blev en kinesisk bybus splittet ad. En status på vores frygt (Zetland) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyberwire Network, powered by N2K.
At TALIS, they know cybersecurity can be tough and you can't protect everything,
but with TALIS, you can secure what matters most.
With TALIS's industry-leading platforms, you can protect critical applications,
data and identities, anywhere and at scale with the highest RR.
That's why the most trusted brands and largest banks, retailers, and health care companies in the world rely on TALIS to protect what matters most.
Applications, data, and identity.
That's TALIS.
T-H-A-L-E-S.
Learn more at talusgroup.com slash cyber.
Operation Chargeback takes down global fraud networks.
An investigation reveals the dangers of ad-int.
M&S profits plunge after a cyber attack.
Google patches a critical android flaw.
Asian prosecutors seize millions from an accused Cambodian scam kingpin.
Ohio residents are still guessing water bills months after a cyber attack.
Houston firefighters deny blame in a city data breach.
P.K. reports a slack breach exposing 17,000 records. The Google Whiz deal clears DOJ review.
Anne Johnson welcomes her Microsoft colleague Frank X. Shaw to afternoon CyberT. And Norway parks its China bus in a cave. Just in case.
It's Wednesday, November 5th, 2025.
I'm Dave Bittner, and this is your Cyberwire Intel briefing.
Thanks for joining us here today.
Great to have you with us, as always.
An international law enforcement operation dubbed Chargeback,
has dismantled three major fraud and money laundering networks
accused of stealing credit card data for more than 4.3 million people worldwide.
Coordinated by prosecutors in Koblenz, Germany,
and supported by Europol and Eurojust,
the November 4th action spanned nine countries
and led to 18 arrests and over 60 searches.
Between 2016 and 2021,
suspects allegedly use stolen card data
to create fake online subscription,
mostly for adult and streaming sites, charging small recurring amounts to evade detection.
The scheme funneled transactions through four German payment providers,
aided by complicit executives and shell companies registered in the UK and Cyprus.
Authorities estimate losses exceeding over 300 million euros,
with over 35 million euros already seized.
Europol praised the operation as a model of international cooperation,
and a warning to cybercriminals hiding behind digital borders.
An investigation from Germany's Netspolitik called the Data Broker Files
shows how ad tech location data can unmask where EU officials live, work, and commute,
even inside the commission's Berlimant and NATO headquarters.
Analysts reviewed two datasets with 278 million Belgian location records
and using mobile advertising IDs linked pings to identifiable individuals and routes.
Preview samples alone surfaced thousands of signals from EU institutions,
including roughly 2,000 pings at the Commission and 5,800 at Parliament.
NATO sites saw 9,600 pings from 543 devices.
The Commission issued new staff guidance on ad tracking.
Members of the European Parliament now urged tighter curtail.
herbs, up to bans on tracking and large-scale profiling, citing espionage risks.
Advertising-based intelligence or ad-int turns routine app data into operational targeting,
outpacing GDPR's consent model and inconsistent enforcement. The result is a security and privacy
gap at the heart of Europe's institutions.
Marx and Spencer's profits plunged 99% in the first half of the year, after
a cyber attack crippled online orders for months and disrupted store operations.
Statutory pre-tax profit fell from 392 million pounds to 3.4 million pounds,
though the retailer has received 100 million pounds in insurance payouts,
roughly matching costs so far.
M&S expects further expenses as recovery continues.
Despite the turmoil, underlying profit reached 184 million pounds,
and food sales rose 7.8% signaling resilience.
Analysts called the performance outstanding,
given the extended outage,
while rival Next enjoyed a temporary sales boost.
Executive said profits should rebound in the second half
as operations stabilize and shoppers return for Christmas.
M&S still estimates the full impact of the hack
at around 300 million pounds.
Google's November 2025, Android,
update fixes a critical flaw allowing remote code execution in the system component without
user interaction. The bug affects Android 13 through 16. A second issue rated high severity could let
attackers block security updates on Android 16 devices. Google has released fixes to the Android
open source project with manufacturers rolling out updates to users. Authorities in Taiwan, Hong Kong,
have seized hundreds of millions in assets linked to Chen Ji, the Cambodian businessman
accused by the U.S. of running a vast global scam network through his Prince Holding group.
U.S. prosecutors charged Chen in October with wire fraud and money laundering conspiracies
alongside a $14 billion cryptocurrency seizure.
Recent raids uncovered luxury cars, high-end departments, and yachts across Asia with Taiwan.
Seizing $150 million, Hong Kong, $353 million, and Singapore over $114 million.
The U.K. also froze properties worth nearly $145 million.
Prosecutors say Chen's network defrauded victims worldwide through pig-butchering and investment
scams generating up to $30 million a day.
Chen, a naturalized Cambodian citizen and former advisor to Prime Minister Hun Menei,
has not commented publicly.
More than two months after a cyber attack crippled Middleton Ohio's systems,
residents are still paying estimated water bills because the city can't calculate actual usage.
The August hack also halted background checks and disrupted city email,
forcing residents to visit City Hall to pay in person.
Officials haven't confirmed that personal data was compromised,
but suspect ransomware.
the city has upgraded servers and pledged a grace period once billing resumes experts say smaller municipalities like middleton are increasingly targeted by state-backed or criminal gangs exploiting weak IT defenses a new ohio law now requires cities to adopt cybersecurity programs report incidents and prohibits ransom payments without counsel approval residents meanwhile keep receipts and hope billing returns to normal by
bring. Houston firefighters say they're being wrongly blamed for a data breach that exposed over
7,500 social security numbers. The city of Houston emailed a link meant for promotion exam information,
but it led to unsecured folders containing personal data. A firefighter reported the issue
immediately, prompting the fire chief to block access. Union President Patrick Lankton
called city claims that firefighters downloaded sensitive files false, arguing the city failed to
secure its own data. City officials say the access was inadvertent.
Japanese media giant Niki, owner of the Financial Times, disclosed a data breach affecting
over 17,000 employees and partners after attackers accessed its Slack workspace using
stolen credentials. The compromise began when an employee's malware and
computer exposed authentication data, allowing unauthorized entry into Niki's internal communications.
Exposed information includes names, emails, and full chat histories. The company has reset passwords,
notified affected users, and reported the breach to Japan's Data Protection Authority, though not
legally required to do so. Alphabet's Google and cybersecurity firm WIS have cleared a major hurdle
in their $32 billion merger after the U.S. Department of Justice ended its antitrust review.
The FTC notice, dated October 24, confirms early termination of the investigation, signaling no
objection to closing the deal.
Whiz CEO Asaf Rappaport confirmed the development, though other regulators continue to review
the merger.
The decision offers rare good news for Google, which remains under global antitrust support.
scrutiny following multiple U.S. court rulings.
Coming up after the break, Ann Johnson welcomes her Microsoft colleague Frank Shaw to afternoon
CyberT, and Norway parks its Chinese bus in a cave, just in case. Stick around.
What happens when cybercrime becomes as easy as shopping online?
SpyCloud's Trevor Hiligas joined Dave Bittner on the CyberWire Daily
to explain how a wave of cybercrime enablement services
are lowering the barrier to entry and making sophisticated attacks available to anyone.
I think it's a pretty good general term.
that describes kind of an umbrella of tools and services that I would kind of tag as criminal or criminal adjacent.
Instead of having, you know, sort of the smaller pool of high sophistication actors that are able to kind of carry out these really vast and costly cyber attacks,
you know, we see that being given to much lower sophistication, lower tech folks that are, you know, a much lower barrier to entry to get into this.
feel the person that's buying access to this, they basically need a phone and a Bitcoin
wallet. Make sure you hear this full conversation and learn how the underground economy is
reshaping cyber risk. Visit explore.thecyberwire.com slash spy cloud. That's explore.
dot the cyberwire.com slash spy cloud.
What's your 2 a.m. security worry?
Is it, do I have the right controls in place?
Maybe are my vendors secure?
Or the one that really keeps you up at night?
How do I get out from under these old tools
and manual processes.
That's where Vanta comes in.
Vanta automates the manual work,
so you can stop sweating over spreadsheets,
chasing audit evidence,
and filling out endless questionnaires.
Their trust management platform
continuously monitors your systems,
centralizes your data,
and simplifies your security at scale.
And it fits right into your workflows,
using AI to streamline evidence collection,
flag risks, and keep your program audit ready
all the time.
With Vanta, you get everything you need to move faster, scale confidently, and finally, get back to sleep.
Get started at Vanta.com slash cyber.
That's V-A-N-T-A dot com slash cyber.
That's annoying.
What?
You're a muffler.
You don't hear it?
Oh, I don't even notice it.
I usually drown it out with the radio.
How's this?
Oh, yeah.
Way better.
Save on insurance by switching to Bell Air Direct and use the money to fix your car.
Bel Air Direct, Insurance Simplified.
Conditions apply.
On today's segment from Afternoon CyberT, Microsoft's Ann Johnson,
welcomes Frank Shaw, Chief Communications Officer at Microsoft
to explore the critical role of communication in cybersecurity.
Today I'm excited to be joined by Frank Shaw,
chief communications officer at Microsoft.
Welcome to Afternoon CyberT, Frank.
It's so great to be here.
It's always nice to spend time with you, and?
Cybersecurity is not just a technical conversation.
It's about how people understand risk
and ultimately how trust is built.
And communication is the key to that bridge
to connect the technical reality
and also connect human perception.
When I think about all the different topics
that we have to deal with,
security and cybersecurity
sort of tests us the most
because they're inherently complicated
topics. They come with an enormous amount of risk and they're easily misunderstood. We give
people their information they need to take action without scaring them into taking the wrong
actions, which can easily happen. One of the things that we struggle with, because you and I have
had a lot of conversations, is at the beginning of any event, we're in the fog of war. So we want to
get the information out there so people can protect themselves. We want to be as accurate and as transparent
as fast as possible, but these facts are changing also.
Transparency is absolutely the key.
And our ability to, as an industry, to talk about what has happened and what we have
experienced in a way that allows others to learn from it is absolutely critical.
The year is 2025, so we're going to talk about artificial intelligence.
And you've spoken often about how AI is transforming.
communications, how do you see AI changing the way organizations handle communications, including
cybersecurity communications, and the crisis response to how we shape trust?
Effective use of AI allows us to move more rapidly in moments of crisis, because we have
better access to information, and we have better access to then insights about what we might be
able to do. Perception can become reality very quickly. A breach doesn't just unfold in technical
terms. It trends. It's debated on social media, and sometimes misinformation will outpace the
facts. The big challenge we've got from a communication standpoint is this absolute fragmentation of
influence. In order to reach the people you want to reach, you have to really be crystal clear
on the most important audience for you and then understand who reaches that audience.
Security awareness of Microsoft depends on how well we engage our employees. We can patch all day
long, but at the end of the day, we need over 200,000 people to take fishing seriously.
From the top on down, we've established security as a high order priority.
And one of the ways that I know it's successful is because people complain about it.
And they complain about it because they're having to do something differently.
So I do look at that little friction in the system, that sense that I have to do something
differently is a good sign that we're landing our messages internally, and that behavior has
shifted.
You have to have strategic patience because it's going to operate at its schedule, not yours.
Trying to fix it at the last minute is also, you know, a little bit of a fool's errand.
On the proactive work, we have to think super hard about what is the story we want to tell
and to whom and what can we say and when can we say it.
and be looking for things all the time.
Exactly.
So we've also had fun along with.
Sometimes a creative campaign or a great story can really land and stick with people.
I would love if you'd walk me through one of your favorite cybersecurity campaigns or stories that you and your team helped bring to life and what it made it successful in cutting through the noise.
Some of the best ones are where we get permission to look back at a big problem and a challenge and then take a reporter through what happened there.
This is the transparent part as well.
So we detailed all of this in a report for the audiences like
the ordinary deal with customers and industry analysts.
And they all want the technical details, and we provided it to them.
But we also know that this is something that consumers care about.
AI is still relatively new for consumers.
It can be seen as scary when they hear about things like cyber criminals,
targeting them with AI.
That's scary.
So we wanted to land this in a mainstream way.
as well. You could say something in one market and have it be effective and then you say the
exact same thing in another market without considering some of the cultural differences and just
get a lot of negativity. We rely deeply on the local sensibilities to make sure that it makes
sense for them. I consider myself a cyber optimist because I do know for everything you see in the
news. As an industry, we've blocked thousands of events. So despite the challenges, there's always
something to look forward to in this field, whether it's new talent, new innovation.
I truly believe AI will be innovative here, the spirit of collaboration, how we improve
communications and are more effective.
A lot of my optimism is grounded in the fact that I get to work with these incredibly
smart people from across the company in the security space.
And anytime I'm dealing with an incident or an outage or a new program we're putting in place
to prevent these things.
And you just get to talk to people here at Microsoft
and I'm sure across the entire security industry
who are such bright, committed people
doing amazing work to stay ahead
of what is just this relentless onslaught.
And every day I feel like,
wow, I'm so glad that I have these people on the team here
and everybody should feel great about that.
That's Ann Johnson, along with
our Microsoft colleague Frank X. Shaw,
be sure to check out the full afternoon CyberT podcast right here on the N2K CyberWire Network.
It's the most powerful iPhone ever, plus more peace of mind with your bill over five years.
This is big.
Get the new iPhone 17 Pro at tellus.com slash iPhone 17 Pro on select plans.
Conditions and exclusions apply.
And finally, deep inside a cold Norwegian mountain, a city bus waits quietly in an abandoned
lime mine. It's not lost, it's a test subject. Investigators, armed with spectrum analyzers
and mild suspicion, are dissecting a Chinese-made electric bus to see whether it's phoning home to
Beijing. What they didn't find is espionage, just a computer, SIM card, and a quiet reminder that
modern vehicles are more data center than diesel engine. Theoretically, a single software update could
freeze every bus in Oslo mid-commute. The risk is small, but not imaginary, so Norway is
pulling the Sims, better safe than CyberSari. The tail from the tunnel captures our uneasy age.
We love smart machines right up until they get a little too smart. Somewhere between paranoia and
prudence, we're all deciding how much control we're willing to surrender for convenience on wheels
or in our pockets.
And that's the Cyberwire.
For links to all of today's stories,
check out our daily briefing at the Cyberwire.com.
We'd love to know what you think of this podcast.
Your feedback ensures we deliver the insights
that keep you a step ahead in the rapidly changing world.
of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app.
Please also fill out the survey in the show notes or send an email to Cyberwire at N2K.com.
N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by
Trey Hester with original music by Elliot Peltzman. Our executive producer is Jennifer Ibin.
Peter Kilby is our publisher, and I'm Dave Bittner. Thanks for listening. We'll see you back here
tomorrow.
Thank you.
I'm going to be.