Welcome to your daily cybersecurity podcast.

Amazon disclosed the detection of a North Korea-linked infiltration during an IT hiring process. A system administrator claimed to be US-based was identified through persistent keyboard latency exceeding 110 milliseconds to Seattle servers, indicating intercontinental remote operation. The control infrastructure was traced to China. Since April 2024, Amazon reports blocking more than 1,800 fraudulent hiring attempts linked to North Korea, with a 27 percent quarterly increase.

A Russian APT actor is conducting a credential phishing campaign targeting government entities across the Baltics and the Balkans. The attacks rely on HTML attachments masquerading as PDF documents, embedding institutional decoys and fake authentication forms. Credentials are exfiltrated via formcarry.com, with consistent JavaScript and regex reuse observed since at least 2023.

Microsoft confirmed a global Microsoft Teams outage impacting message delivery across all regions and clients. The incident started at 14:30 ET and was fully resolved one hour later. No indicators of malicious activity were reported.

A malware campaign abuses Microsoft Office documents, SVG files, and compressed archives to compromise Windows systems. The attack chain exploits CVE-2017-11882, uses PNG steganography, and process hollowing via RegAsm.exe to deliver RATs and information stealers.

ATM jackpotting attacks in the United States have been attributed to a criminal group deploying the Ploutus malware via physical access to ATMs. The tradecraft involves hard drive replacement or modification to control cash-dispensing modules. Losses are estimated to exceed $40 million since 2020.

Don’t think, patch.

Sources:

• Amazon infiltration:https://www.clubic.com/actualite-592366-amazon-infiltre-par-un-espion-nord-coreen-finalement-repere-a-cause-de-sa-frappe-clavier.html
• Russian APT phishing:https://strikeready.com/blog/russian-apt-actor-phishes-the-baltics-and-the-balkans/
• Microsoft Teams outage:https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-teams-is-down-and-messages-are-delayed/
• SVG and Office malware campaign:https://cybersecuritynews.com/hackers-weaponize-svg-files-and-office-documents/
• ATM jackpotting / Ploutus malware:https://www.theregister.com/2025/12/19/tren_de_aragua_atm/

Your feedback is welcome.
Email: radiocsirt@gmail.com
Website: https://www.radiocsirt.com
Weekly Newsletter: https://radiocsirtintl.substack.com

Welcome to your daily cybersecurity podcast.

French authorities arrested a 22-year-old individual following Interior Ministry system compromise. The intrusion exposed email accounts and confidential documents including judicial records and wanted persons databases. The attack was claimed on BreachForums. The suspect maintained network persistence for several days. Paris Prosecutor charged unauthorized access to state systems as organized group, maximum ten years imprisonment.

WatchGuard published advisory WGSA-2025-00027 addressing CVE-2025-14733, critical Out-of-bounds Write in Fireware OS iked process, CVSS 9.3. Confirmed active exploitation enables remote unauthenticated code execution. Affected versions 11.10.2 through 12.11.5 and 2025.1 through 2025.1.3. WatchGuard provides four threat actor IP addresses. Patched versions available.

Riot Games disclosed four CVEs affecting UEFI in ASUS, Gigabyte, MSI, ASRock motherboards. IOMMU initialization failure enables pre-boot DMA attacks. Malicious PCIe device with physical access can modify system memory before OS load. Carnegie Mellon CERT/CC confirms broad impact. Firmware updates available.

Cyderes documents CountLoader 3.2 via cracked software, establishing Google-mimicking persistence every thirty minutes for ten years. Nine capabilities including USB propagation, deploying ACR Stealer. Check Point reports GachiLoader via YouTube Ghost Network, one hundred videos, 220,000 views. Deploys Kidkadi with Vectored Exception Handling PE injection, Rhadamanthys stealer as final payload.

CNIL issued one million euro penalty against Mobius Solutions for unlawful retention of 46 million Deezer records post-termination. Data leaked to darknet from unsecured test environment. CNIL confirms extraterritorial GDPR application.

Don't overthink it. Patch.

Sources:

• France Arrest: https://therecord.media/france-interior-ministry-hack-arrest
• WatchGuard: https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00027
• UEFI: https://www.bleepingcomputer.com/news/security/new-uefi-flaw-enables-pre-boot-attacks-on-motherboards-from-gigabyte-msi-asus-asrock/
• Loaders: https://thehackernews.com/2025/12/cracked-software-and-youtube-videos.html
• CNIL: https://www.zdnet.fr/actualites/fuite-massive-sur-le-darknet-la-cnil-frappe-fort-contre-un-ancien-sous-traitant-de-deezer-487023.htm

Your feedback is welcome.
Email: radiocsirt@gmail.com
Website: https://www.radiocsirt.com
Weekly Newsletter: https://radiocsirtintl.substack.com