fLocked and fLoaded. The IT Privacy and Security Weekly update for the week ending December 30th., 2025.

EP 272

In this last update for 2025, we span the fAce of the globe and find out we’ve gotten fLocked and fLoaded!

Cybersecurity researchers from DARKNAVY have revealed a critical vulnerability allowing commercially available humanoid robots to be hijacked via simple voice commands, with exploits rapidly propagating to nearby machines.

Fraudsters in China are increasingly exploiting AI-generated photos and videos of damaged goods to secure illegitimate refunds on e-commerce platforms, challenging merchant trust and platform policies.

A sophisticated campaign dubbed Zoom Stealer, attributed to Chinese threat actor DarkSpectre, has deployed malicious browser extensions to harvest sensitive corporate meeting data from millions of users.

Western intelligence reports indicate Russia is advancing a novel "zone-effect" anti-satellite weapon designed to release dense pellet clouds in orbit, potentially targeting SpaceX's Starlink constellation.

A 29-year-old Lithuanian national has been extradited to South Korea and charged for distributing trojanized KMSAuto software that infected 2.8 million systems with cryptocurrency clipboard hijacking malware.

A vast network of roadside cameras tracking vehicles across Uzbekistan was inadvertently

Insurance giant afLac is notifying approximately 22.65 million individuals of a major data breach stemming from a June 2025 cyber intrusion that exposed sensitive personal information.

Find the full transcript here.