This is today’s cyber news for December 1st, 2025. The briefing opens on the holiday crush, where industrial-scale fake shopping sites and cloned Cyber Monday stores quietly skim cards and personal details while banks and brands eat the fallout. From there it moves into the developer stack, with tens of thousands of live secrets sitting in public GitLab projects, sensitive data leaking through paste tools, and North Korean-linked and legacy Python supply chain traps turning open source and old build scripts into compromise paths. Together these stories show how fraud, code leaks, and inherited technical debt now collide directly with revenue, trust, and regulatory risk.

Listeners will also hear how cross-tenant Teams guests can slip past familiar defenses, industrial control dashboards and Android phones face targeted attacks, fake Google Meet pages push remote access tools, and doxxing and council outages turn geopolitical and criminal pressure into very local pain. The episode covers new research on hidden artificial intelligence browser prompts and poetic jailbreaks for nuclear topics, along with breaches at sports, manufacturing, and telecom organizations, a Mirai-style botnet test during a cloud outage, tightened Microsoft Entra sign-ins, and a high-profile arrest in Poland. It is built for leaders, defenders, and builders who need fast, plain-English context, and the daily audio feed is available at DailyCyber.news.