CyberWire Daily

Adam Marrè: Learning to be a leader. [CISO] [Career Notes]

Sun, 26 Apr 2026 07:00:00 -0000

Please enjoy this encore of Career Notes.

Adam Marrè, CISO from Arctic Wolf, sits down to share his story of rising through the ranks. After 9/11 he decided he wanted to make a difference in the world, and so he chose to go into the FBI. There he learned the skills that got him to where he is today. In his time at the FBI, he was able to do what he loved, which was working with computers while gaining more knowledge on cybersecurity, and he became computer forensic certified. Ultimately, he needed a change in the end and decided to leave the FBI. He was able to learn the leadership skills he needed to move past that career path and follow a new dream. He is now able to share his passion with the world and help people understand security to help protect themselves as well as helping people finding success in their careers and in their lives. We thank Adam for sharing his story.

Learn more about your ad choices. Visit megaphone.fm/adchoices

A QRazy clever scam. [Research Saturday]

Sat, 25 Apr 2026 07:00:00 -0000

This week, we are joined by Juliana Testa, Senior Security Engineer from 7AI, sharing their work on "Quish Splash - When the QR Code Is the Weapon: A Multi-Wave Phishing Campaign That Slipped Past Every Filter." A large-scale “quishing” campaign used QR codes embedded in image attachments to hide phishing URLs, allowing 28 out of 33 emails to bypass SPF, DKIM, DMARC, and Microsoft Defender and land directly in inboxes.

Each recipient received a unique QR code and tracking ID, defeating traditional detection methods and enabling attackers to scale the campaign to over 1.6 million emails across multiple organizations while shifting execution to less-secure mobile devices. The attack was ultimately uncovered through AI-driven alerting combined with human analysis and threat hunting, highlighting a major blind spot in email security and the need for QR code inspection, mobile protections, and tighter auto-reply controls.

The research and executive brief can be found here:

Quish Splash - When the QR Code Is the Weapon: A Multi-Wave Phishing Campaign That Slipped Past Every Filter.

Learn more about your ad choices. Visit megaphone.fm/adchoices

A digital battlefield in practice.

Fri, 24 Apr 2026 20:30:00 -0000

Locked Shields wraps another year. Open models challenge Mythos. CISA tracks FIRESTARTER inside a federal agency. The White House targets foreign AI model extraction. Microsoft lets admins remove Copilot. Treasury sanctions a Cambodian scam-compound senator. Breeze Cache rushes a patch. Researchers downplay OT malware hype, while NIST pushes for better OT visibility. Our guest is Eric Russo, Director, SOC Defensive Security at Barracuda, discussing the risks posed by employees downloading pirated software. Con artists charge crypto for counterfeit clearance.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Our guest is Eric Russo, Director, SOC Defensive Security at Barracuda, discussing the risks posed by employees downloading pirated or cracked software onto corporate devices. You can learn more here.

Selected Reading

Locked Shields 2026: 41 Nations Strengthen Cyber Resilience in World's Biggest Exercise (SecurityWeek)

Open source models can find bugs as well as Mythos (The Register)

CISA: US agency breached through Cisco vulnerability, FIRESTARTER backdoor allowed access through March (The Record)

Trump Administration Vows Crackdown on Chinese Companies 'Exploiting' AI Models Made in US (SecurityWeek)

Microsoft now lets admins uninstall Copilot on enterprise devices (Bleeping Computer)

US sanctions Cambodian senator for millions earned through scam compounds (The Record)

Cloudways Patches Actively Exploited File Upload Flaw in Breeze Cache Plugin (Beyond Machines)

Dragos: Despite AI use, new malware targeting water plants is ‘hype’ (CyberScoop)

NIST cyber center to launch OT ‘visibility’ project (Federal News Network)

Crypto scam lures ships into Strait of Hormuz, falsely promising safe passage (Ars Technica)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Your signal is showing.

Thu, 23 Apr 2026 20:30:00 -0000

Researchers expose covert telecom surveillance campaigns. Lawmakers push new national privacy rules. China-linked actors hide inside compromised device networks. A ransomware forum leak reveals a criminal marketplace. GopherWhisper blends into cloud services for espionage. Attackers poison AI with hidden web prompts. Apple patches lingering notification data. macOS admin tools become attacker pathways. CISA orders urgent fixes for a Microsoft Defender zero-day, and their Director nominee withdraws. Our guests today are Johnny Hand and Dustin Childs, hosts of TrendAI's AI Security Brief podcast. A meteorological mystery meets market manipulation.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

Introducing the AI Security Brief podcast.

Our guests today are Johnny Hand and Dustin Childs, hosts of TrendAI's AI Security Brief podcast. They join Dave to introduce their new show on the N2K CyberWire Network. You can find their first episode here and catch new episodes every other Thursday on your favorite podcast app.

Selected Reading

Surveillance vendors caught abusing access to telcos to track people's phone locations, researchers say (TechCrunch)

Committees on Energy and Commerce and Financial Services Introduce Pair of Privacy Bills to Establish Comprehensive Data Protections for All Americans (Energy Commerce)

International cyber agencies share fresh advice to defend against China-linked covert networks (NCSC)

RAMP Uncovered: Anatomy of Russia’s Ransomware Marketplace (Security Affairs)

New GopherWhisper APT group abuses Outlook, Slack, Discord for comms (Bleeping Computer)

Hackers Use Hidden Website Instructions in New Attacks on AI Assistants (Hackread)

Apple fixes iPhone bug that let FBI retrieve deleted Signal messages(CVE-2026-28950) (Help Net Security)

Bad Apples: Weaponizing native macOS primitives for movement and execution (Talos Intelligence)

CISA orders feds to patch BlueHammer flaw exploited as zero-day (Bleeping Computer)

Trump’s pick to lead CISA withdraws nomination after months of political impasse (POLITICO)

A Hair Dryer May Have Gamed a Paris Weather Sensor for $34,000 on Polymarket (Bitcoin News)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

The leak was only a matter of time.

Wed, 22 Apr 2026 20:30:00 -0000

Mythos leaks. The DOD preps a more aggressive cyber strategy. A former FBI cyber official urges homicide charges for hospital ransomware deaths. Lotus Wiper targeted the Venezuelan energy and utilities sector. Over 1,300 SharePoint servers remain unpatched against a spoofing vulnerability. The Harvester APT group deploys a new Linux version of its GoGra backdoor. A new LOTUSLITE backdoor targets India’s banking sector. The Mirai botnet exploits discontinued routers. Our guest is Brian Vecci, Field CTO at Varonis, discussing how organizations can safely adopt AI and autonomous agents. A satirical startup sells clean-room clones.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On today’s Industry Voices, Brian Vecci, Field CTO at Varonis, discusses how organizations can safely adopt AI and autonomous agents by securing data, managing risk, and focusing on measurable outcomes. If you enjoyed this conversation, tune into the full interview here.

Selected Reading

Anthropic’s Mythos Model Is Being Accessed by Unauthorized Users (Bloomberg)

Claude Mythos Finds 271 Firefox Vulnerabilities (SecurityWeek)

New Defense Department cyber strategy imminent, official says (The Record)

Pentagon Cyber Leaders Back $1.5T Budget Request (GovInfo Security)

Ex-FBI lead urges homicide charges against ransomware scum (The Register)

New Wiper Malware Targeted Venezuelan Energy Sector Prior to US Intervention (SecurityWeek)

Over 1,300 Microsoft SharePoint servers vulnerable to spoofing attacks (Bleeping Computer)

Harvester: APT Group Expands Toolset With New GoGra Linux Backdoor (SecurityWeek)

Same packet, different magic: Mustang Panda hits India's banking sector and Korea geopolitics (Acronis)

Mirai Botnet Targets Flaw in Discontinued D-Link Routers (SecurityWeek)

This AI Tool Rips Off Open Source Software Without Violating Copyright (404 Media)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Trust lags behind technology.

Tue, 21 Apr 2026 20:30:00 -0000

Anthropic’s Mythos proves irresistible despite claimed supply chain risks.Iran claims U.S. backdoors hit its networks. New Coast Guard rules target maritime OT security. A fresh NGate Android malware variant emerges. Thousands of ActiveMQ servers face active exploitation risk. CISA adds eight flaws to its KEV list. Progress patches MOVEit and LoadMaster bugs. Attackers impersonate IT staff over Microsoft Teams. A ransomware negotiator admits working with BlackCat. Google Gemini asks, “May we see your photos please?”

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On today’s Industry Voices Elad Koren, Vice President, Product Management, Cortex Cloud at Palo Alto Networks, discusses building AI natively into platforms, managing complexity and trust, and taking a measured, experimental approach during the industry’s “messy middle” phase. If you enjoyed this conversation, tune into the full interview here.

Selected Reading

The US NSA is using Anthropic's Claude Mythos despite supply chain risk (Security Affairs)

Anthropic secretly installs spyware when you install Claude Desktop (That Privacy Guy)

Iran claims US used backdoors in networking equipment (The Register)

Maritime Cybersecurity Rules Make Waves (GovInfoSecurity)

New NGate variant hides in a trojanized NFC payment app (We Live Security)

Actively exploited Apache ActiveMQ flaw impacts 6,400 servers (Bleeping Computer)

CISA flags another Cisco Catalyst SD-WAN Manager bug as exploited (CVE-2026-20133) (Help Net Security)

Progress Patches Multiple Vulnerabilities in MOVEit WAF, LoadMaster (SecurityWeek)

Microsoft: Teams increasingly abused in helpdesk impersonation attacks (Bleeping Computer)

Florida Man Working as a Ransomware Negotiator Pleads Guilty to Conspiracy to Deploy Ransomware and Extort U.S. Victims (United States Department of Justice)

Google Starts Scanning All Your Photos As New Update Goes Live (Forbes)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

When one weak link is enough.

Mon, 20 Apr 2026 20:30:00 -0000

Cloud platform Vercel confirms a data breach. Microsoft releases emergency updates to fix Windows Server restart loops. Bluesky gets DDoSed. Insurers keep close watch on an AI hiring discrimination suit. Cybersecurity workforce turnover rises. Scammers abuse Apple’s email notification system. A Scattered Spider member pleads guilty to SMS phishing and cryptocurrency theft. Monday business brief. Our guest is Melissa K. Smith, SVP, Global Strategic Partnerships and Initiatives at SentinelOne, discussing building a unified defense through strategic partnerships. A budget beacon briefly betrays a boat’s bearing.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today on our Industry Voices segment, we are joined by Melissa K. Smith, SVP, Global Strategic Partnerships and Initiatives at SentinelOne discussing building a unified defense through strategic partnerships. If you enjoyed this conversation, be sure to check out the full interview here.

Selected Reading

Vercel confirms breach as hackers claim to be selling stolen data (Bleeping Computer)

Microsoft releases emergency updates to fix Windows Server issues (Bleeping Computer)

Bluesky Disrupted by Sophisticated DDoS Attack (SecurityWeek)

Who is liable when artificial intelligence makes mistakes? (Financial Times)

Insurance carriers quietly back away from covering AI outputs (CSO Online)

Compensation vs. Burnout: The New Retention Calculus for Cybersecurity Leaders (Security Boulevard)

Watch out, hackers are abusing Apple account notifications to distribute malware, steal money and data (TechRadar)

British Scattered Spider Hacker Pleads Guilty in the US (SecurityWeek)

Business Briefing for 04.15.26 (CyberWire Pro)

Dutch navy frigate tracked by mailing it a Bluetooth tracker (The Register)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Jaya Baloo: Don't be afraid to bounce ideas off your teammates. [CISO] [Career Notes]

Sun, 19 Apr 2026 07:00:00 -0000

Please enjoy this encore of Career Notes.

Jaya Baloo, a Chief Information Security Officer from Avast sits down to share her story, sharing how she got into the technology field at a younger age with being introduced to computers and games on her PS 24. She started off going to college for political science and after not knowing what to do after that, she got her first start in cybersecurity. After falling in love with cybersecurity she kept moving up the ranks in different organizations before finding herself at Avast. She shares that at Avast she leans on her team quite a bit and you should never be afraid to bounce ideas off of your teammates. She says "The best ideas come from like bouncing ideas off of each other, sharing within the group and then if I can't figure it out myself, that's why I hire these amazing individuals it's to help me figure it out." We thank Jaya for sharing her story.

Learn more about your ad choices. Visit megaphone.fm/adchoices

A new breed of RAT. [Research Saturday]

Sat, 18 Apr 2026 07:00:00 -0000

Today we are joined by Dr. Darren Williams, Founder and CEO of BlackFog, to discuss his team's work on "Steaelite RAT Enables Double Extortion Attacks from a Single Panel." A new remote access trojan, Steaelite, is being marketed on underground forums as an all-in-one platform that combines remote access, credential theft, surveillance, and ransomware deployment through a single browser-based dashboard.

Unlike traditional cybercrime toolchains, it merges data exfiltration and ransomware capabilities into one interface, with automated credential harvesting beginning as soon as a victim is infected. The tool signals a growing shift toward streamlined “double extortion” attacks, where data theft and encryption happen within the same system—raising the stakes for defenders to stop threats before data is exfiltrated.

The research and executive brief can be found here:

Steaelite RAT Enables Double Extortion Attacks from a Single Panel

Learn more about your ad choices. Visit megaphone.fm/adchoices

Temporary fix for Section 702.

Fri, 17 Apr 2026 20:30:00 -0000

The House extends Section 702, for now. Mythos raises fresh cyber risk concerns. CISA warns of reduced capacity. ZionSiphon targets Israeli water systems. Operation PowerOFF hits DDoS-for-hire networks. CISA flags an actively exploited ActiveMQ flaw. WordPress plugin supply chain attacks spread. China tests deep-sea cable-cutting tech. Our guest is Arvind Nithrakashyap, CTO and Co-Founder of Rubrik, discussing AI as the next frontier. Tim Starks from CyberScoop takes us Inside the FBI’s recent router takedown. A DraftKings data dealer meets his downfall.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, ⁠Daily Briefing⁠, and you’ll never miss a beat. And be sure to follow CyberWire Daily on ⁠LinkedIn⁠.

Industry Voices

On today’s Industry Voices segment, we are joined by ⁠Arvind Nithrakashyap⁠, CTO and Co-Founder of ⁠Rubrik⁠, discussing AI as the next frontier. If you enjoyed this conversation, check out the full interview here.

CyberWire Guest

Today we have ⁠Tim Starks⁠ from ⁠CyberScoop⁠ discussing Inside the FBI’s router takedown that cut off APT28’s ‘tremendous access’.

Selected Reading

⁠House extends surveillance powers for 10 days⁠ (NPR)

⁠White House Works to Give US Agencies Anthropic Mythos AI⁠ (Bloomberg)

⁠Lawmakers Gathered Quietly to Talk About AI. Angst and Fears of ‘Destruction’ Followed⁠ (SecurityWeek)

⁠How Anthropic Discovered Mythos AI Was Too Dangerous For Release⁠ (Bloomberg)

⁠CISA Warns of 'Detrimental Capacity Impacts' Amid Shutdown⁠ (BankInfo Security)

⁠New ZionSiphon Malware Discovered Targeting Israeli Water Systems⁠ (Hackread)

⁠Europol-supported global operation targets over 75 000 users engaged in DDoS attacks⁠ (Europol)

⁠CISA flags Apache ActiveMQ flaw as actively exploited in attacks⁠ (Bleeping Computer)

⁠30+ WordPress plugins bought on Flippa and backdoored in supply chain attack⁠ (TNW)

⁠New undersea cable cutter risks Internet’s backbone⁠ (Ars Technica)

⁠Man gets 30 months for selling thousands of hacked DraftKings accounts⁠ (Bleeping Computer)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our ⁠brief listener survey⁠. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Too many flaws, not enough time.

Thu, 16 Apr 2026 20:30:00 -0000

NIST struggles with an NVD backlog. Cisco and Splunk ship critical patches. Researchers flag a systemic flaw in Anthropic’s MCP. ShinyHunters leak 13.5 million McGraw Hill accounts. Cargo theft goes cyber. A Tennessee hospital breach hits 337,000 patients. Two Americans are sentenced in a North Korean fake-IT-worker scheme. Our guest is Rob Allen, Chief Product Officer at ThreatLocker, describing security gaps addressed by zero trust. OpenAI lets security teams take off the training wheels.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On today’s Industry Voices segment we are joined by Rob Allen, Chief Product Officer at ThreatLocker, security gaps addressed by zero trust. If you enjoyed this conversation check out the full interview here.

Selected Reading

NIST Drops NVD Enrichment for Pre-March 2026 Vulnerabilities (Infosecurity Magazine)

Cisco says critical Webex Services flaw requires customer action (Bleeping Computer)

Splunk Enterprise Update Patches Code Execution Vulnerability (SecurityWeek)

Systemic Flaw in MCP Protocol Could Expose 150 Million Downloads (Infosecurity Magazine)

Data breach at edtech giant McGraw Hill affects 13.5 million accounts (Bleeping Computer)

Freight Hacker Wields Code-Signing Service to Evade Defenses (GovInfo Security)

Data Breach at Tennessee Hospital Affects 337,000 (SecurityWeek)

US nationals behind DPRK IT worker 'laptop farm' sent to prison (Bleeping Computer)

OpenAI Launches GPT-5.4 Cyber And It's Built Specifically for Defenders (TechGlow)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

A heavy patch Tuesday lands.

Wed, 15 Apr 2026 20:30:00 -0000

Patch Tuesday. CISA directs furloughed employees back to work. Experts warn Anthropic’s Glasswing signals a new era of AI-driven vulnerability discovery. Federal prosecutors crack down on chip smuggling. Sweden says a pro-Russian cyber group attempted to disrupt power plant operations. A fake app in Apple’s App Store drains crypto wallets. Virginia bans the sale of precise geolocation data. Our guest is Johnny Hand, VP for AI Excellence at TrendAI, discussing AI operational discipline. Do you need to buy a separate seat for your AI agent?

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today on our Industry Voices segment, we are joined by ⁠Johnny Hand⁠, VP for AI Excellence at ⁠TrendAI⁠, discussing AI operational discipline and real-world cyber impact. If you enjoyed this conversation, check out the full interview here.

Selected Reading

Microsoft Patch Tuesday for April 2026 fixed actively exploited SharePoint zero-day (Security Affairs)

ICS Patch Tuesday: 8 Industrial Giants Publish New Security Advisories (SecurityWeek)

Adobe Patches 55 Vulnerabilities Across 11 Products (SecurityWeek)

CISA Workers Recalled Despite Shutdown (GovInfoSecurity)

CISA cancels summer internships for cyber scholarship students amid DHS funding lapse (CyberScoop)

Anthropic’s Mythos signals a structural cybersecurity shift (CSO Online)

We’re only seeing the tip of the chip-smuggling iceberg (CyberScoop)

Swedish power plant targeted by pro-Russian group in 2025, government says (Reuters)

Exclusive: Russia-linked hackers compromised scores of Ukrainian prosecutors’ email accounts, data shows (Reuters)

Users lose $9.5 million to fake Ledger wallet app on the Apple App Store (web3isgoinggreat)

Virginia enacts ban on precise geolocation data sales as momentum for similar prohibitions builds (The Record)

Microsoft exec suggests AI agents will need to buy software licenses, just like employees (Business Insider)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

France builds its own digital future.

Tue, 14 Apr 2026 20:30:00 -0000

France pushes digital sovereignty. Adobe rushes an Acrobat Reader patch. Booking.com confirms a targeted breach. SAP fixes a critical SQL injection bug. A sanctions-dodging fraud network resurfaces. ViperTunnel infiltrates U.S. and U.K. firms. GlassWorm spreads across developer tools. Researchers dissect Predator spyware’s kernel engine. A lawsuit challenges AI transcription in hospitals. Ted Shorter from Keyfactor unpacks quantum computing at scale. On our Threat Vector segment, David Moulton and ⁠Elad Koren⁠ pull back the curtain on agentic-first security. Preparing for post-quantum perils.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Ted Shorter, CTO and Co-Founder of Keyfactor, discussing the advent of quantum computing at scale, known as "Q-Day".

Threat Vector

Host David Moulton speaks with returning guest ⁠Elad Koren⁠, Vice President of Product Management for Cortex Cloud at ⁠Palo Alto Networks⁠ on this Threat Vector segment. Together they pull back the curtain on what an agentic-first security experience actually looks like in practice. This isn't a vision deck. The agents are already running. To listen to the full conversation, check it out here. Catch new episodes of Threat Vector every Thursday on your favorite podcast app.

Selected Reading

France Tees Up Big Public Sector Move Away From US Tech (BankInfo Security)

Adobe rolls out emergency fix for Acrobat, Reader zero-day flaw (Bleeping Computer)

Booking.com Confirms Data Breach as Hackers Access Customer Details (Hackread)

SAP Patches Critical ABAP Vulnerability (SecurityWeek)

Triad Nexus Evades Sanctions to Fuel Cybercrime (SecurityWeek)

Ransomware-Linked ViperTunnel Malware Hits UK and US Businesses (Hackread)

GlassWorm evolves with Zig dropper to infect multiple developer tools (Security Affairs)

Predator Spyware's iOS Kernel Exploitation Engine: PAC Bypass, NEON R/W & More (Jamf Threat Labs)

Lawsuit: AI Illegally Recorded Doctor-Patient Encounters (BankInfo Security)

World Quantum Day (WorldQuantimDay)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

W3LL runs dry.

Mon, 13 Apr 2026 20:30:00 -0000

The FBI disrupts a multi-million-dollar phishing ring. A North Korea-linked supply chain attack hits OpenAI. Developers face a Slack phishing campaign. A critical Python notebook flaw is exploited in hours. ShinyHunters target Rockstar Games. A Japanese shipping firm reports a breach. Tracking the cybersecurity winners and losers in Trump’s 2027 budget, plus a claimed cyberattack on UAE infrastructure. Business breakdown. Our guest is Justin Kohler, Chief Product Officer at SpecterOps, discussing Identity Attack Path Management. Crackdowns at home push scam networks abroad.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On today’s Industry Voices, we are joined by Justin Kohler, Chief Product Officer at SpecterOps, discussing Identity Attack Path Management. If you enjoyed this conversation, tune into the full interview here.

Selected Reading

FBI Dismantles $20m Phishing Operation W3LL (Infosecurity Magazine)

The cyber winners and losers in Trump’s 2027 budget (CSO Online)

Handala carries out unprecedented cyberattack against critical UAE Infrastructure (PressTV)

OpenSSF Flags Malware Campaign on Slack Posing as Linux Foundation Figures (HackRead)

OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack (SecurityWeek)

Critical Marimo pre-auth RCE flaw now under active exploitation (Bleeping Computer)

GTA-maker Rockstar Games hacked again but downplays impact (BBC)

NYK alerts on data breach in bunker fuel procurement system (Manifold Times)

Business Briefing for 04.08.26 (The CyberWire)

China Is Cracking Down on Scams. Just Not the Ones Hitting Americans (WIRED)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Mark Logan: March towards your goals. [CEO] [Career Notes]

Sun, 12 Apr 2026 07:00:00 -0000

Please enjoy this encore of Career Notes.

Mark Logan, CEO of One Identity, sits down to share his story, explaining how he fit into different roles growing up in different companies. Mark has nearly two decades of C-Suite experience at an array of different organizations, finally landing on his current position as the CEO at One Identity. Sharing his different roles, he also gives a quote from Steve Jobs, saying "it's not what I say yes to, it's what I say no to." He believes that's a key area for his workers because when he is able to make up his mind, his team and his customers have someone they can rely on. Mark says that as a CEO he wants to share the advice of always marching towards your goals, and identifying that different people have different goals because they work in different fields, but that's what makes a company work best. He says "I've found that the more you can delegate, provided you've got the right folks in place the better." We thank Mark for sharing his story.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Walking through the anatomy of a cyberattack. [CyberWire-X]

Sun, 12 Apr 2026 05:00:00 -0000

What does a modern cyberattack really look like from the inside? In this CyberWire-X episode, Dave Bittner speaks with John Anthony Smith, Founder and Chief Security Officer of Fenix24. This conversation takes us step by step as an attacker breaks into a target environment – probing for weaknesses, exploiting entry points, escalating privileges, and moving laterally until they reach their objective. While the attack unfolds, listeners are privy to a behind-the-scenes commentary that reveals the tradecraft: the scripts, misconfigurations, overlooked alerts, and the moments defenders could have stopped the intrusion and, most importantly, prepared for the day through a defense that locks down data and enables a quick and full recovery. This is not a theoretical review or a highlight reel. It's a candid, technical, and eye-opening journey through the full kill chain that will reshape listeners think about detection, incident readiness, and resilience.

Learn more about your ad choices. Visit megaphone.fm/adchoices

A wolf in admin clothing. [Research Saturday]

Sat, 11 Apr 2026 07:00:00 -0000

Today we are joined by Selena Larson, Threat Researcher from Proofpoint research team and co-host of Only Malware in the Building, talking about their work on "(Don't) TrustConnect: It's a RAT in an RMM hat." Proofpoint uncovered TrustConnect, a malware-as-a-service platform posing as a legitimate remote monitoring and management (RMM) tool, but actually functioning as a remote access trojan (RAT) sold to cybercriminals for $300/month.

The operation used a fake business website, legitimate-looking certificates, and branded installers (like fake Microsoft Teams or Zoom apps) to trick victims, while providing attackers with full remote control, file transfer, and surveillance capabilities. Although parts of its infrastructure were disrupted, the threat actor quickly rebounded with new variants, highlighting both the resilience of the operation and its deep ties to the broader cybercriminal ecosystem abusing RMM tools.

The research and executive brief can be found here:

(Don't) TrustConnect: It's a RAT in an RMM hat

Learn more about your ad choices. Visit megaphone.fm/adchoices

The AI arms race hits finance.

Fri, 10 Apr 2026 20:30:00 -0000

The Treasury Secretary and Fed Chair summon bankers over AI concerns. A hacker claims more than 10 petabytes stolen from China’s National Supercomputing Center. Recalibrating the quantum timeline. Researchers demo prompt injection against Apple Intelligence. Payroll Pirates target Canadians. Gmail gets end-to-end encryption on mobile devices. A Chrome update fixes critical vulnerabilities. A Pennsylvania cop admits creating more than 3,000 AI-generated pornographic deepfakes. Our guest is Henry Comfort, Co-Founder and CEO of Geordie AI, winner of this year’s RSAC Innovation Sandbox. FCC floats firmer filters for fraudulent phone calls.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today, Dave shares coverage of the RSAC 2026 Innovation Sandbox and his conversation with Henry Comfort, Co-Founder and CEO from the winner of “Most Innovative Startup” Geordie AI. We tip our hats to this year’s finalists.

Selected Reading

Bessent and Powell’s A.I. Anxiety (The New York Times)

Court Backs Pentagon Anthropic Ban - But the Fight Continues (GovInfo Security)

A hacker has allegedly breached one of China’s supercomputers and is attempting to sell a trove of stolen data (CNN)

Why is the timeline to quantum-proof everything constantly shrinking? (CyberScoop)

Microsoft: Canadian employees targeted in payroll pirate attacks (Bleeping Computer)

Google rolls out Gmail end-to-end encryption on mobile devices (Bleeping Computer)

Chrome 147 Patches 60 Vulnerabilities, Including Two Critical Flaws Worth $86,000 (SecurityWeek)

Police corporal created AI porn from driver's license pics (Ars Technica)

FCC proposes new rule to further crackdown on illegal robocalls (The Record)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Hackers ignore the ceasefire.

Thu, 09 Apr 2026 20:30:00 -0000

Iran-linked hackers signal cyberattacks will continue despite the cease-fire. Microsoft restores access after suspending open-source developer accounts. John Deere settles its right-to-repair fight. A suspected Adobe Reader zero-day surfaces. Palo Alto Networks and SonicWall patch high-severity flaws. New macOS malware targets crypto wallets. A threat cluster abuses live chat to bypass MFA. CISA orders urgent Ivanti patching. Researchers track a stealthy DDoS-for-hire botnet. Our guest is Edgard Capdevielle, CEO of Nozomi Networks, sharing insights on threats posed by nation-states and AI on OT security. macOS has a 49 day time limit.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On today’s Industry Voices, we are joined by Edgard Capdevielle, CEO of Nozomi Networks, sharing insights on threats posed by nation-states and AI on OT security. If you enjoyed this conversation, check out the full interview here.

Selected Reading

Shaky Ceasefire Unlikely to Stop Cyberattacks From Iran-Linked Hackers for Long (SecurityWeek)

Microsoft suspends dev accounts for high-profile open source projects (Bleeping Computer)

John Deere to Pay $99 Million in Monumental Right-to-Repair Settlement (The Drive)

Adobe Reader Zero-Day Exploited for Months: Researcher (SecurityWeek)

Palo Alto Networks, SonicWall Patch High-Severity Vulnerabilities (SecurityWeek)

New macOS Malware notnullOSX Targets Crypto Wallets Over $10K (Hackread)

Google Warns of New Threat Group Targeting BPOs and Helpdesks (Infosecurity Magazine)

Masjesu Rising: The Commercial IoT Botnet Built for Stealth, DDoS, and IoT Evasion (Trellix)

CISA orders feds to patch exploited Ivanti EPMM flaw by Sunday (Bleeping Computer)

We Found a Ticking Time Bomb in macOS TCP Networking - It Detonates After Exactly 49 Days (Photon Blog)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

CyberAv3ngers unleashed.

Wed, 08 Apr 2026 20:30:00 -0000

Federal agencies warn Iranian-linked hackers are probing U.S. critical infrastructure, while the DOJ disrupts a Russian router hijacking campaign. Cyberattacks hit Minnesota government systems and force a Massachusetts hospital to divert ambulances. Anthropic limits access to its new AI bug-hunting model, hackers leak terabytes of LAPD data, and researchers warn of a rise in AI recommendation poisoning. Our guest is Benny Czarny, Founder and CEO of OPSWAT, discussing his book "Cybersecurity Upside Down: Rethink Your Cybersecurity Strategy." Japan trades red tape for training data.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On today’s Industry Voices, we are joined by Benny Czarny, Founder and CEO of OPSWAT, discussing his book "Cybersecurity Upside Down: Rethink Your Cybersecurity Strategy." If you enjoyed this interview, check out the full conversation here.

Selected Reading

Iran-Linked Hackers Are Sabotaging US Energy and Water Infrastructure (WIRED)

Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure (FBI Internet Crime Complaint Center (IC3))

Pro-Iran Group Takes Credit for Cyberattacks on Chime, Pinterest (Bloomberg)

US disrupts Russian military-run DNS hijacking network, Justice Department says (Reuters)

Frostarmada forest blizzard dns hijacking (Lumen Technologies Black Lotus Labs)

Minnesota governor orders emergency support for cyberattack disrupting county's 'critical systems' (StateScoop)

Massachusetts hospital turning ambulances away after cyberattack (The Record)

What Anthropic Glasswing reveals about the future of vulnerability discovery (CSO Online)

Sensitive LAPD records leaked in hack of L.A. city attorney's office (LA Times)

Manipulating AI memory for profit: The rise of AI Recommendation Poisoning (Microsoft Security Blog)

Japan relaxes privacy laws to make AI development easy (The Register)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Proposed cuts put CISA in focus.

Tue, 07 Apr 2026 20:30:00 -0000

CISA faces a $700 million budget cut. Russian and Iranian cyber cooperation raises concerns. New BPFDoor variants emerge. Cybercrime losses climb again. Researchers advance a GPU Rowhammer attack. Northern Ireland schools go offline after a breach. An alleged hacker-for-hire faces U.S. charges. And German police name the suspected REvil mastermind. Our guest is John Anthony Smith, Founder and Chief Security Officer at Fenix24, explaining why more technology hasn't made us more secure. A frustrated researcher drops the hammer.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On today’s Industry Voices segment, John Anthony Smith, Founder and Chief Security Officer at Fenix24, discusses why more technology hasn't made us more secure. Check out the full conversation here.

Selected Reading

White House Seeks to Slash CISA Funding by $707 Million (SecurityWeek)

Exclusive: Russia supplies Iran with cyber support, spy imagery to hone attacks, Ukraine says (Reuters)

New Whitepaper: Stealthy BPFDoor Variants are a Needle That Looks Like Hay (Rapid7)

FBI Internet Crime Complaint Center (IC3) Report 2025 (FBI Internet Crime Complaint Center (IC3))

GPUBreach: Root Shell Access Achieved via GPU Rowhammer Attack (SecurityWeek)

Cyberattack hits Northern Ireland’s centralized school network, disrupting access for thousands (The Record)

Suspect in Hacking of Climate Activists Is Extradited to New York (New York Times)

German Police Unmask REvil Ransomware Leader (SecurityWeek)

Disgruntled researcher leaks “BlueHammer” Windows zero-day exploit (Bleeping Computer)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Patching can't wait.

Mon, 06 Apr 2026 20:40:00 -0000

Fortinet releases an emergency update for a critical vulnerability. A major outage disrupts Russian banking apps. A new report highlights critical skills gaps. CyberCorp scholars struggle to secure jobs. Scammers use QR codes in fake traffic violation schemes. A proposed lawsuit accuses Perplexity of oversharing users’ AI transcripts. Cambodia outlaws scam centers. Scammers impersonate Harvard IT staff. With “wrench attack” threats of violence, life imitates art. Kevin Magee from Microsoft for Startups describes emerging trends. On Afternoon Cyber Tea with Ann Johnson, Ann speaks with Allie Mellen about her new book "Code War: How Nations Hack, Spy, and Shape the Digital Battlefield." Users find Copilot’s terms of use highly entertaining.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today on our Industry Voices segment, we are joined by Kevin Magee from Microsoft for Startups discussing how cybersecurity startups can succeed by focusing on real problems and navigating emerging trends. Tune into the full conversation here.

Afternoon Cyber Tea

On this segment of Afternoon Cyber Tea with Ann Johnson, Ann speaks with Allie Mellen about her new book "Code War: How Nations Hack, Spy, and Shape the Digital Battlefield." You can listen to the full conversation here and catch new episodes of Afternoon Cyber Tea every other Tuesday on your favorite podcast app.

Selected Reading

New FortiClient EMS flaw exploited in attacks, emergency patch released (Bleeping Computer)

Major outage hits Russian banking apps, metro payments across regions (The Record)

SANS 2026 report flags cybersecurity skills crisis, putting critical infrastructure and OT sectors at measurable breach risk (Industrial Cyber)

CyberCorps grads consider private sector as fed hiring challenges persist (Federal News Network)

Traffic violation scams switch to QR codes in new phishing texts (Bleeping Computer)

Perplexity's "Incognito Mode" is a "sham," lawsuit says (Ars Technica)

Cambodian parliament passes landmark cybercrime law after scam centre scrutiny (Reuters)

Harvard Warns of Active Cyberattack Impersonating IT Staff and Targeting Affiliates (The Crimson)

Wealthy California crypto holders targeted in violent ‘wrench attacks’ (KTLA)

Security (xkcd)

Censys raises $70 million in a Series D round. (N2K Pro Business Briefing)

Even Microsoft know Copilot can't be trusted (The Register)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our ⁠brief listener survey⁠. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Anjali Hansen: Cross team collaboration works best. [Privacy Counsel] [Career Notes]

Sun, 05 Apr 2026 07:00:00 -0000

Please enjoy this encore of Career Notes. Anjali Hansen, a Senior Privacy Counselor from Noname Security shares her story as she climbed through the ranks to get to where she is today. When Anjali started, she wanted to do international law. She started working for the International Trade Commission after law school, where she was able to gain most of her experience and real world abilities. Working with online fraud and abuse, she shares, concerned her, because it felt like governments could not protect organizations from threats occurring, which is how she got interested in cybercrime. From there, she moved to Noname Security, and in working there, she found that she is working with every group in the organization, creating a cross team collaboration, saying how much she admires that type of model. She says "We have to help other departments protect the data because the data's throughout an organization, it's in HR, it's in sales and marketing, it's in IT, it's in finance. So you have to be able to work with all these teams." We thank Anjali for sharing her story.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Startup surge sparks spy interest. [Research Saturday]

Sat, 04 Apr 2026 07:00:00 -0000

This week, we are joined by Santiago Pontiroli, Threat Intelligence Research Lead from Acronis TRU team, discussing their work on "New year, new sector: Transparent Tribe targets India’s startup ecosystem." The Acronis Threat Research Unit uncovered a new campaign by Transparent Tribe showing the group has expanded beyond traditional government and defense targets to India’s startup ecosystem, especially cybersecurity and OSINT-focused firms.

The attackers use startup-themed lures delivered via ISO files and malicious shortcuts to deploy Crimson RAT, a highly obfuscated tool capable of surveillance, data theft, and system control. Despite this shift, the campaign closely mirrors the group’s long-standing espionage tactics, suggesting startups are being targeted for their connections to government, law enforcement, and sensitive intelligence networks.

The research and executive brief can be found here:

New year, new sector: Transparent Tribe targets India’s startup ecosystem

Learn more about your ad choices. Visit megaphone.fm/adchoices

War comes for the cloud.

Fri, 03 Apr 2026 20:30:00 -0000

Cloud data centers come under fire in wartime. A massive dark web intelligence database is exposed. Chinese hackers exploit a video conferencing zero-day. The intelligence community rolls out cyber modernization plans. React2Shell attacks spread at scale. Iowa sues UnitedHealth over the Change Healthcare breach. France moves to bar kids from social media. Researchers warn about hidden risks in power regulation. An insider extortion plot locks admins out of hundreds of servers. Our guest Brandon Karpf, friend of the show, with insights on the war in Iran. Espresso exploit exposes executive emails.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Brandon Karpf, friend of the show, discussing defending critical infrastructure against Iran.

Selected Reading

What Happens When Data Centers Become Military Targets? (GovInfo Security)

Shared EnemShared Enemy: Inside a Chinese Dark Web Monitoring Database | UpGuardy: Inside a Chinese Dark Web Monitoring Database (UpGuard)

TrueConf Zero-Day Exploited in Asian Government Attacks (SecurityWeek)

ODNI tackles AI, threat hunting, app cybersecurity in year-one tech review (CyberScoop)

React2Shell Exploited in Large-Scale Credential Harvesting Campaign (SecurityWeek)

State AG Sues Change Healthcare in 2024 Ransomware Attack (GovInfo Security)

French Senate passes bill that would ban children under 15 from social media (The Record)

The silent dependency: DC power regulation in cyber‑physical security (NCC Group)

Man admits to locking thousands of Windows devices in extortion plot (Bleeping Computer)

The company's biggest security hole lived in the breakroom (The Register)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

The WhatsApp impostor.

Thu, 02 Apr 2026 20:30:00 -0000

A fake WhatsApp spreads spyware. The State Department pushes embassies to counter influence ops. Cisco patches critical bugs. CrystalRAT hits Telegram. A Texas hospital breach affects 250,000. HHS reshuffles IT oversight. China-linked spies target Europe. EvilTokens hijacks Microsoft accounts. Ransomware hits a North Dakota water plant. Sumedh Thakar, President and CEO of Qualys, discusses how cybersecurity is shifting toward managing real business risk. Tales of a tortoise's termination have been greatly exaggerated.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

We will be sharing a series of interviews we held at RSAC 2026 over the next few weeks. Sumedh Thakar, President and CEO of Qualys, discusses how cybersecurity is shifting toward managing real business risk amid rapid technological change. If you enjoyed this interview, check out the full conversation here.

Selected Reading

WhatsApp notifies hundreds of users who installed a fake app made by government spyware maker (TechCrunch)

Trump Officials Try to Fight Foreign Disinformation They Once Dismissed (The New York Times)

Cisco Patches Critical and High-Severity Vulnerabilities (SecurityWeek)

New CrystalRAT malware adds RAT, stealer and prankware features (Bleeping Computer)

250,000 Affected by Data Breach at Nacogdoches Memorial Hospital (SecurityWeek)

HHS Shuffles Internal Cyber, AI Oversight Back to CIO Office (GovInfo Security)

European-Chinese geopolitical issues drive renewed cyberespionage campaign (CyberScoop)

New EvilTokens service fuels Microsoft device code phishing attacks (Bleeping Computer)

North Dakota water treatment plant reports March ransomware attack (The Record)

World’s oldest tortoise caught in viral crypto death scam | St Helena (The Guardian)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

A war of missiles and messages.

Wed, 01 Apr 2026 20:30:00 -0000

Iran’s cyber campaign continues. North Korea targets the axios NPM package. Cisco suffers a Trivy-related breach. Claude’s code leak unveils broad capabilities. The DOD’s zero-trust efforts are slow-going. A proposed class action suit accuses Perplexity of oversharing. Google patches another Chrome zero-day. The FBI warns against using foreign-developed mobile apps. Christy Wyatt, CEO from Absolute Security, discussing why cyber risk is now a business continuity problem. A city circulates cameras to cultivate crime control.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

We will be sharing a series of interviews we held at RSAC 2026 over the next few weeks. Christy Wyatt, CEO from Absolute Security, discussing why cyber risk is now a business continuity problem. If you enjoyed this conversation, tune in here to listen to the full interview.

Selected Reading

Iran's hackers are on the offensive against the US and Israel (Ars Technica)

Cisco Source Code and AWS Keys Stolen in Trivy Supply Chain Attack (Beyond Machines)

Claude Code's source reveals extent of system access (The Register)

Pentagon's Zero Trust Push Faces a 2027 Reality Check (GovInfo Security)

Perplexity AI Machine Accused of Sharing Data With Meta, Google (Bloomberg)

Google fixes fourth Chrome zero-day exploited in attacks in 2026 (Bleeping Computer)

FBI warns against using Chinese mobile apps due to privacy risks (Bleeping Computer)

North Korea-Nexus Threat Actor Compromises Widely Used Axios NPM Package in Supply Chain Attack (Google Cloud Blog)

Silicon Valley city to give residents doorbells equipped with cameras (The Guardian)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Water sector feels the pressure.

Tue, 31 Mar 2026 20:30:00 -0000

Iranian-linked hackers warn of possible “irreparable” attacks on U.S. water systems. CISA pushes urgent fixes for a critical Citrix flaw. The Dutch Finance Ministry takes systems offline after a breach. Space Force may scrap next-gen GPS control software. Attackers exploit a Fortinet server bug. Lloyds exposes customer transaction data. AI and regulation reshape cyber careers. The FTC settles with a dating app over data sharing. Sam Rubin, SVP, Palo Alto Networks Unit 42 Consulting and Threat Intelligence, discusses Iran's shift to identity weaponization. Wikipedia wrestles with a wayward writer.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

We will be sharing a series of interviews we held at RSAC 2026 over the next few weeks. Sam Rubin, SVP, Palo Alto Networks Unit 42 Consulting and Threat Intelligence, discussing Iran's shift to identity weaponization. If you enjoyed this conversation, tune in here to listen to the full conversation.

Selected Reading

Iranian Cyberthreats Test US Infrastructure Defenses (BankInfo Security)

CISA tells federal agencies to patch Citrix NetScaler bug by Thursday (The Record)

Dutch Ministry of Finance takes treasury systems offline amid cyber incident investigation (Security Affairs)

After 16 years and $8 billion, the military's new GPS software still doesn't work (Ars Technica)

Exploitation of Critical Fortinet FortiClient EMS Flaw Begins (SecurityWeek)

Lloyds IT Glitch Exposed Data of Nearly 500,000 Banking Customers (Infosecurity Magazine)

SANS Research: The Cybersecurity Talent Shortage Narrative Is Wrong. The Real Crisis Is Skills, and AI Just Rewrote the List. (Yahoo Finance)

FTC Takes Action Against Match and OkCupid for Deceiving Users by Sharing Personal Data with Third Party (FTC)

Business Briefing (N2K Pro)

An AI Agent Was Banned From Creating Wikipedia Articles, Then Wrote Angry Blogs About Being Banned (404 Media)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Bringing it all together. [CISOP]

Tue, 31 Mar 2026 06:00:00 -0000

Please enjoy this encore of CISO Perspectives.

In the season finale of CISOP, Kim Jones is joined by N2K’s own Ethan Cook to reflect on the conversations that shaped this season. Together, they revisit standout moments from Kim’s interviews, unpacking their significance and getting Ethan’s fresh perspective on the cybersecurity workforce challenge—as someone viewing the industry from the outside.

Since the mid-season reflection, Kim has explored a wide range of workforce issues, including skills mapping, talent identification, and the evolving strategies needed to close cybersecurity’s talent gap.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Inbox intrusion hits FBI chief.

Mon, 30 Mar 2026 20:30:00 -0000

Iran-linked hackers claim a breach of the FBI director’s personal email. ShinyHunters hit the European Commission. F5 and Citrix warn of actively exploited flaws. A WordPress plugin exposes hundreds of thousands of sites. Infinity Stealer targets macOS users. A Russian APT adopts a new iOS exploit kit. Treasury weighs a cyber insurance backstop. DHS clears suspended CISA staff. Our guest is Brian Long, CEO and Co-Founder of Adaptive Security, discussing deepfake job hires and the new identity attack surface. Bureaucrats bless a black-box behemoth.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

We will be sharing a series of interviews we held at RSAC 2026 over the next few weeks. Today, Dave Bittner is joined by Brian Long, CEO and Co-Founder of Adaptive Security, discussing deepfake job hires and the new identity attack surface. AI-generated identities are turning the hiring process into a new entry point for attackers. The solution isn’t spotting perfect fakes — it’s building stronger identity verification into hiring. Tune into the full conversation here.

Selected Reading

Iran-linked hackers breach FBI director's personal email, publish photos and documents

European Commission confirms data breach after Europa.eu hack

Hackers now exploit critical F5 BIG-IP flaw in attacks, patch now

Critical Citrix NetScaler Vulnerability Exploited in the Wild - Infosecurity Magazine

File read flaw in Smart Slider plugin impacts 500K WordPress sites

New Infinity Stealer malware grabs macOS data via ClickFix lures

Russian APT Star Blizzard Adopts DarkSword iOS Exploit Kit - SecurityWeek

US Treasury Weighs Cyber Insurance Backstop - GovInfoSecurity

DHS drops investigation into former acting CISA chief’s failed polygraph exam - Nextgov/FCW

Federal Cyber Experts Thought Microsoft’s Cloud Was “a Pile of Shit.” They Approved It Anyway

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

David Nosibor: Taking calculated risks. [Product Lead] [Career Notes]

Sun, 29 Mar 2026 07:00:00 -0000

Please enjoy this encore of Career Notes.

David Nosibor, Product Lead for SafeCyber at UL Solutions, started his career in a unique way by not letting himself be pigeonholed. Within his company, David was able to grow to the position he is in now and says that his position feels like a lot of roles tied into one. He says that on any given day he is tackling all sorts of elements, such as marketing, operations, working with the engineering team, figuring out ways to acquire customers, retain them, and also working on sales and business development capabilities. He also says that constantly learning and getting new opportunities was how he ended up being where he is today. David states that staying focused and being on the lookout for ways to accomplish the mission is the best way for him in his company to democratize product security. He quotes the famous singer Sean Carter in saying that he firmly believes in taking calculated risks to get where you need to be going. We thank David for sharing his story.

Learn more about your ad choices. Visit megaphone.fm/adchoices

CyberWire Daily at 10: The breaches we still talk about. [Special Edition]

Sun, 29 Mar 2026 06:00:00 -0000

In this special edition of CyberWire Daily’s 10th anniversary series, N2K CyberWire's Maria Varmazis and Dave Bittner discuss the biggest breaches over the past 10 years.

The foundational 2014 Sony hack kicks off our conversation, then Maria and Dave highlight:

the 2015 OPM breach, which exposed sensitive security-clearance data and was attributed to long-term access by China amid outdated government systems and security
2017’s WannaCry and NotPetya's global disruption and Equifax's ongoing fallout
the 2020 SolarWinds breach underscored supply-chain risks and raised concerns about potential personal criminal liability for CISOs.

The conversation illustrates two main threat-actor categories—nation-state espionage and financially motivated criminals—and the increasingly blurred lines between them. Join us as we reflect on how the industry and cybercrime have evolved over the past decade.

Learn more about your ad choices. Visit megaphone.fm/adchoices

When “safe” documents aren’t. [Research Saturday]

Sat, 28 Mar 2026 05:00:00 -0000

Omer Ninburg, CTO of Novee Security, joins us on this episode of Research Saturday to discuss their work on "From PDF to Pwn: Scalable 0day Discovery in PDF Engines and Services Using Multi-Agent LLMs." Historically, Portable Document Formats – the immutable, localized PDF – was once considered a “safe” component inside enterprise environments. That is no longer the case.

To demonstrate how PDF services and engines can be exploited, the team at Novee used their proprietary, multi-agent LLM system to uncover vulnerability patterns, and systematically scale them into a broad discovery campaign across two PDF vendor ecosystems.

The research uncovered 16 verified vulnerabilities across client-side PDF viewers, embedded plugins, and server-side PDF services.

The research and executive brief can be found here:

Learn more about your ad choices. Visit megaphone.fm/adchoices

Langflow locked and loaded.

Fri, 27 Mar 2026 20:30:00 -0000

CISA warns of actively exploited Langflow vulnerability. CISA flags critical PTC Windchill vulnerability. Phishing activity surges amid war in Iran. Google moves up their post-quantum timeline. Alleged RedLine infostealer developer faces thirty years in a US prison. Bearlyfy hacktivists launch disruptive ransomware campaign in Russia. FCC moves to crack down on robocallers and foreign call centers. Anti-piracy group takes down AnimePlay streaming platform. N2K’s Maria Varmazis and Dave Bittner are previewing the biggest breaches in the past 10 years. And what happens when hackers call the game?

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Daily at 10: The breaches we still talk about.

This installment celebrating 10 years of the CyberWire Daily podcast finds N2K’s Maria Varmazis and Dave Bittner previewing the biggest breaches in the past 10 years. You can tune in Sunday to your CyberWire Daily podcast feed to hear their full conversation.

Selected Reading

CISA: New Langflow flaw actively exploited to hijack AI workflows (Bleeping Computer)

CISA Flags Critical PTC Vulnerability That Had German Police Mobilized (SecurityWeek)

War in the Middle East Triggers Surge in Phishing and Malware Campaigns Targeting Gulf Countries (Bitdefender)

Google moves post-quantum encryption timeline up to 2029 (CyberScoop)

Alleged RedLine malware developer extradited to US, faces up to 30 years (The Record)

Pro-Ukraine hacker group Bearlyfy targets Russian companies with custom ransomware (The Record)

FCC pushes new rules to crack down on robocallers, foreign call centers (CyberScoop)

Anti-piracy coalition takes down AnimePlay app with 5 million users (Bleeping Computer)

AFC Ajax drops ball as hackers transfer tickets, lift bans (The Register)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Why is the vendor role so contentious in the cyber ecosystem? [CISOP]

Fri, 27 Mar 2026 06:00:00 -0000

As the emphasis on improving cybersecurity has continued to grow, so has the number of vendors offering a range of cybersecurity services. However, despite the value many of these vendors bring, the relationship between vendors and clients has become strained. In this episode, Kim explores this relationship, offering his thoughts on this relationship and what both sides can do to better to improve this dynamic.

Want more CISO Perspectives?

Check out a companion ⁠⁠blog post⁠⁠ by our very own Ethan Cook, where he breaks down key insights, shares behind-the-scenes context, and highlights research that complements this episode. It’s the perfect follow-up if you’re curious about the cyber talent crunch and how we can reshape the ecosystem for future professionals.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Wrapping RSAC 2026 up with a bow.

Thu, 26 Mar 2026 20:30:00 -0000

RSAC wraps. CISA warns shutdown furloughs are weakening cyber defenses. China-linked actors burrow into global telecom infrastructure. Iran’s Pay2Key resurfaces. India probes suspected Pakistan-linked CCTV spying. Florida suspends a firm over offshore medical data exposure. Cisco patches fresh flaws. Russian police arrest the alleged LeakBase operator. Intern Kevin files his latest man-on-the street report. Google gets grabby with your homepage.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest aka Intern Kevin

Intern Kevin is back from the floor at RSAC 2026. By day, he’s Global Director of Cybersecurity Startups at Microsoft for Startups, but this week, Kevin Magee is trolling the floor at RSAC to get the pulse of what is really happening in and around the Moscone Center. Kevin chats with Ann Johnson, Corporate Vice President and Executive Security Advisor at Microsoft, David Shipley, Chief Executive Officer and Field CISO at Beauceron Security , and Dr. Jessica Barker and FC, Co-Founders and Co-CEOs at Cygenta.

Selected Reading

RSAC Cryptographers' Panel Highlights AI Defense Challenges (GovInfo Security)

Only Trump can decide when cyberwar turns into real war (The Register)

Jen Easterly, cybersecurity's 'relentless optimist' (The Register)

CISA Forced Into 'Reactive' Cyber Posture Amid Shutdown (GovInfo Security)

Chinese Hackers Caught Deep Within Telecom Backbone Infrastructure (SecurityWeek)

Iran-Linked Pay2Key Ransomware Group Re-Emerges (Infosecurity Magazine)

Indian government probes CCTV espionage operation linked to Pakistan (The Register)

Florida Suspends Firm for Unlawfully Offshoring Claims Data (GovInfo Security)

Cisco Patches Multiple Vulnerabilities in IOS Software (SecurityWeek)

Russia arrests suspected owner of LeakBase cybercrime forum (Bleeping Computer)

Google Just Patented The End Of Your Website (Forbes)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Your private call isn’t so private.

Wed, 25 Mar 2026 20:30:00 -0000

The UK’s cyber security chief urges a “full court press” against threats. RSAC highlights. The U.S. State Department has launched a Bureau of Emerging Threats. The TeamPCP cybercriminal group targets an open source library. TP-Link patches multiple router vulnerabilities. A critical vulnerability hits Windchill and FlexPLM platforms. A phishing campaign impersonates Palo Alto Networks recruiters. Malicious Chrome extensions are harvesting users’ conversations with AI tools. Intern Kevin files his latest report from the RSAC show floor. Your “private” zoom call may already have a podcast deal.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest aka Intern Kevin

Intern Kevin joins us from the floor at RSAC 2026. By day, he’s Global Director of Cybersecurity Startups at Microsoft for Startups, but this week, Kevin Magee is trolling the floor at RSAC to get the pulse of what is really going on in San Francisco. Kevin caught up with Dale Hoak, CISO at RegScale, David DellaPelle, CEO at Dune Security, and Jason Williams, Senior Director Global Solutions Architecture at Arms Cyber.

Selected Reading

UK cyber chief urges ‘full court press’ to counter rising cyber threats (The Record)

Operation Henhouse Nets Over 500 Arrests in UK Fraud Crackdown (Infosecurity Magazine)

State Department launches effort to counter cyberattacks, AI risks from Iran, others (ABC News)

LiteLLM PyPI packages compromised in expanding TeamPCP supply chain attacks (Help Net Security)

TP-Link warns users to patch critical router auth bypass flaw (Bleeping Computer)

PTC warns of imminent threat from critical Windchill, FlexPLM RCE bug (Bleeping Computer)

Palo Alto Networks Phishing Scam Targets Professionals (TechNadu)

Experts Sound Alarm Over “Prompt Poaching” Browser Extensions (Infosecurity Magazine)

This Company Is Secretly Turning Your Zoom Meetings into AI Podcasts (404 Media)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Reports from RSAC and beyond.

Tue, 24 Mar 2026 20:30:00 -0000

RSAC spotlights public-private partnership gaps. DarkSword leaks to GitHub. The FCC blocks new foreign-made routers. Citrix patches a critical NetScaler flaw. DOE rolls out an energy-sector cyber strategy. CanisterWorm spreads through npm. Researchers flag suspected KACE SMA exploitation. QualDerm reports a 3.1-million-record breach. A Russian access broker gets 81 months. Intern Kevin checks in from RSAC. Maria Varmazis speaks with Jake Braun, longtime DEF CON organizer and former White House official about the DEF CON 33 Hackers' Almanack. Slow down, you vibe too fast.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Maria Varmazis speaks with today’s guest Jake Braun, longtime DEF CON organizer, former White House official, and lead on DEF CON Franklin, about the DEF CON 33 Hackers' Almanack. You can read more about it here.

Selected Reading

Public-private partnerships vital in disrupting China's Typhoons, says RSA panel with no government speakers (The Register)

Someone has publicly leaked an exploit kit that can hack millions of iPhones (TechCrunch)

US bans any new consumer-grade routers not made in America (The Register)

Critical Citrix NetScaler Vulnerability Poised for Exploitation, Security Firms Warn (SecurityWeek)

DOE Sets 5-Year Plan to Harden US Grid Against Cyberattacks (GovInfo Security)

New CanisterWorm Targets Kubernetes Clusters, Deploys “Kamikaze” Wiper (Hackread)

CVE-2025-32975 (Arctic Wolf)

3.1 Million Impacted by QualDerm Data Breach (SecurityWeek)

Russian hacker who helped Yanluowang ransomware gang gets nearly 7-year prison sentence (The Record)

This Web Tool Sabotages AI Chatbots By Making Them Really, Really Slow (404 Media)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

But what do you really want? [CISOP]

Tue, 24 Mar 2026 06:00:00 -0000

Despite being adopted and prioritized by many organizations, cybersecurity still faces a significant challenge where leaders still cannot articulate their needs, and find and develop talent. Rather, organizations oftentimes follow the same strategy many others are utilizing, which involves poaching talent with enticing salaries.

In this episode of CISO Perspectives, host ⁠Kim Jones⁠ sits down with Ed Vasko, the CEO at High Wire Networks, to discuss this approach and the impacts it is having on the cyber talent ecosystem. Throughout the conversation, Ed and Kim discuss their experience when assessing talent and some of the mistakes made by the industry, and what can be done to begin correcting this approach.

Want more CISO Perspectives?

Learn more about your ad choices. Visit megaphone.fm/adchoices

Policy drops and phishing pops.

Mon, 23 Mar 2026 20:30:00 -0000

The White House rolls out its AI legislative framework. The FBI warns Iranian actors are using Telegram for command and control, while Russian operators phish Signal users. Authorities dismantle a massive fake CSAM network, Tycoon 2FA rebounds after disruption, VoidStealer debuts a stealthy Chrome key-theft trick, QNAP patches Pwn2Own flaws, and CISA orders urgent fixes for a critical Cisco firewall bug. Plus, our Monday business breakdown. Brandon Karpf and Maria Varmazis ponder the practicality of orbital data centers. One radio to rule the range.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today, N2K CyberWire’s Dave BIttner and Maria Varmazis are joined by Brandon Karpf to discuss the practicality of orbital data centers.

Selected Reading

President Donald J. Trump Unveils National AI Legislative Framework (The White House)

FBI warns of Handala hackers using Telegram in malware attacks (Bleeping Computer)

Russian hackers target Signal users in phishing campaign, FBI and CISA warn (Cybernews)

Police Shut Down 373,000 Dark Web Sites in Single-Operator CSAM Network (Hackread)

Tycoon 2FA Fully Operational Despite Law Enforcement Takedown (SecurityWeek)

VoidStealer Steals Chrome Secrets Without Injection or Privilege Escalation (GB Hackers)

QNAP Patches Four Vulnerabilities Exploited at Pwn2Own (SecurityWeek)

CISA Orders US Government to Patch Maximum Severity Cisco Flaw (Infosecurity Magazine)

Surf AI has emerged from stealth with $57 million in funding led by Accel. (N2K Pro Business Briefing)

Military ‘Smartphone’: Comms, Jammer, Drone Control And More In One (Forbes)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Roya Gordon: Becoming a trailblazer. [Research] [Career Notes]

Sun, 22 Mar 2026 07:00:00 -0000

Please enjoy this encore of Career Notes.

Roya Gordon, a Security Research Evangelist at ICS cybersecurity firm Nozomi Networks, started her career as an intelligence specialist in the U.S. Navy. After her time serving, Roya spent time as a Control Systems Cybersecurity Analyst at the Idaho National Laboratory and then took the role of Cyber Threat Intelligence Manager at Accenture. She shares her story after the NSA accepted her and then quickly diverted, creating a new path for Roya to follow. She shares the jobs she went after along the way, leading up to Nozomi Networks and how she wishes to be a trailblazer for young black women everywhere. She hopes to shape young women's minds on what the cybersecurity industry is actually like, in hopes that she can be a figure people look up to. We thank Roya for sharing her story.

Learn more about your ad choices. Visit megaphone.fm/adchoices

CyberWire Daily at 10: From an idea to the airwaves. [Special Edition]

Sun, 22 Mar 2026 07:00:00 -0000

In this special edition of CyberWire Daily’s 10th anniversary series, Maria Varmazis hosts a thoughtful and engaging conversation with N2K CyberWire CEO Peter Kilpe and CyberWire Daily host Dave Bittner, exploring the origin story of the podcast that started it all. From early ambitions to behind-the-scenes turning points, they trace how the show found its voice and evolved from a startup experiment into a trusted cornerstone of the cybersecurity community. Along the way, they share candid anecdotes, hard-earned lessons, and reflections on how both the industry and CyberWire Daily have transformed over the past decade.

Learn more about your ad choices. Visit megaphone.fm/adchoices

A subtle flaw, a massive blast radius. [Research Saturday]

Sat, 21 Mar 2026 07:00:00 -0000

Yuval Avrahami from Wiz joins to share their work on "CodeBreach: Infiltrating the AWS Console Supply Chain and Hijacking AWS GitHub Repositories via CodeBuild." Wiz Research uncovered “CodeBreach,” a critical supply chain vulnerability caused by a subtle misconfiguration in AWS CodeBuild pipelines that allowed attackers to take over key GitHub repositories, including the widely used AWS JavaScript SDK that powers the AWS Console.

By exploiting an unanchored regex filter, unauthenticated attackers could trigger privileged builds, steal credentials, and potentially inject malicious code into software used across a majority of cloud environments. AWS has since remediated the issue and introduced stronger safeguards, but the incident highlights a growing trend of attackers targeting CI/CD pipelines where small misconfigurations can lead to massive downstream impact.

The research can be found here:

CodeBreach: Infiltrating the AWS Console Supply Chain and Hijacking AWS GitHub Repositories via CodeBuild

Learn more about your ad choices. Visit megaphone.fm/adchoices

Millions of devices still up for grabs.

Fri, 20 Mar 2026 20:30:00 -0000

Feds take down major IoT botnets. The FBI seizes hacktivist infrastructure. A data breach hits Kaplan, while a hacker claims access to millions of law enforcement tips. Fake Zoom calls deliver malware. A crypto “security” tool turns out to be spyware. A critical AI framework flaw gets exploited in hours. An insider extortion case ends in conviction. And a streaming scam pulls in over $10 million. A look back at ten years of Cyberwire podcasts. Intern Kevin gets ready for RSAC. A cyberattack leaves breathalyzers offline.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

Celebrating CyberWire Daily

Maria Varmazis leads a conversation with Peter Kilpe and Dave Bittner reflecting on the origins of the CyberWire Daily podcast as part of the 10th anniversary series, sharing behind-the-scenes insights and how it all got started.

CyberWire Guest

Today we are joined by Intern Kevin—also known as Kevin Magee—as he gets ready for RSA Conference 2026 next week.

Selected Reading

Feds disrupt IoT botnets behind record-breaking DDoS attacks (The Register)

FBI seizes Handala data leak site after Stryker cyberattack (Bleeping Computer)

Kaplan North America Reports Data Breach Impacting Nearly 195,000 Individuals (Beyond Machines)

Hacker says they compromised millions of confidential police tips held by US company (Reuters)

Fake interactive Zoom call leads to malicious ScreenConnect download | news (SC Media)

Crypto Scam "ShieldGuard" Dismantled After Malware Discovery (Infosecurity Magazine)

Hackers Exploit Critical Langflow Bug in Just 20 Hours (Infosecurity Magazine)

Ex-data analyst stole company data in $2.5M extortion scheme (Bleeping Computer)

Musician admits to $10M streaming royalty fraud using AI bots (Bleeping Computer)

Cyberattack leaves Maine drivers with breathalyzer test systems unable to start vehicles (WGME)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Strategic approaches to talent: A practical guide. [CISOP]

Fri, 20 Mar 2026 06:00:00 -0000

Even as cybersecurity has grown and become universially accepted, the field has continued to struggle when attempting to assess and aquire talent. Oftentimes, there is a disconnect between what organizations need and what they interview for leading vague job postings and ineffective hirings.

In this episode of CISO Perspectives, host ⁠Kim Jones⁠ sits down with Jeff Welgan, the Chief Strategist and CEO at SkillRex, to discuss how we assess talent. Throughout the conversation, Jeff and Kim will discuss the problems associated with traditional workforce management and how modernizing this approach can provide a strategic advantage.

Want more CISO Perspectives?

Learn more about your ad choices. Visit megaphone.fm/adchoices

iPhone exploits go mainstream.

Thu, 19 Mar 2026 20:30:00 -0000

DarkSword targets iPhones for indiscriminate exploitation. Cybercrime and the Iran war. The FBI confirms purchasing commercially available location data. The DHS secretary nominee gets grilled on CISA funding. A Zimbra Collaboration Suite vulnerability is being used in targeted espionage. A new Android malware targets sensitive data stored in user notes. AWS warns of ongoing Interlock ransomware activity. Tracking pixels grab more than they should. Perry Carpenter and Mason Amadeus from The FAIK Files podcast speak with Hany Farid about the real-world harms of synthetic media. Do Boomers balance breaches better?

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Perry Carpenter and Mason Amadeus, hosts of The FAIK Files podcast, speaking with Hany Farid about the real-world harms of synthetic media.

Last week, the FAIK Files team sat down with Hany Farid -- digital forensics expert, professor at UC Berkeley, and co-founder of Get Real Security ( getrealsecurity.com ) -- to discuss deepfakes, authenticity metadata (C2PA), and forensic deepfake detection approaches.

And here's a link to the youtube video: https://www.youtube.com/watch?v=RSpmRb2O7Xc

Selected Reading

Hundreds of Millions of iPhones Can Be Hacked With a New Tool Found in the Wild (WIRED)

Cybercrime has skyrocketed 245% since the start of the Iran war (The Register)

CISA official says agency has not seen uptick in cyber threats amid Iran war (The Record)

FBI is buying data that can be used to track people, Patel says (POLITICO)

DHS nominee Mullin pressed on restoring CISA staffing (The Record)

CISA Adds Exploited Zimbra Collaboration Suite Flaw to Warning List (GB Hackers)

Russian hackers exploit Zimbra flaw to breach Ukrainian maritime agency (The Record)

New ‘Perseus’ Android malware checks user notes for secrets (Bleeping Computer)

AWS Warns Hackers Have Abused Cisco Firewall Zero-Day Since January (Infosecurity Magazine)

The Collection of Commercial Intelligence: TikTok & Meta Ad Pixels (Jscrambler)

Forget Millennials: why those over 65 are the real cyber security pros (The Senior)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Persistent threats in a shifting battlefield.

Wed, 18 Mar 2026 20:30:00 -0000

Iran’s cyber ops stay resilient. U.S. lawmakers press Big Tech on EU rules. Researchers expose a Fancy Bear server. Japan moves toward offensive cyber. CISA calls for cross-agency teamwork. New malware targets network infrastructure. AI fooled by font-based attacks. Schneider Electric warns of critical flaws. Quantum cryptography earns top honors. Guest Bradon Rogers, Chief Customer Officer at Island, discusses making AI browsers safe for enterprises. Smart glasses on the witness stand.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On our Industry Voices segment, guest Bradon Rogers, Chief Customer Officer at Island, discusses making AI browsers safe for enterprises. You can dig into the details of what Bradon discussed in Gartner’s “Cybersecurity Must Block AI Browsers for Now.” You can hear the full interview here.

Selected Reading

U.S Strikes Killed Iranian Cyber Chiefs, But The Hacks Continued (Forbes)

US committee demands Big Tech share private comms with EU officials (POLITICO)

FancyBear Exposed: Major OPSEC Blunder Inside Russian Espionage Ops (Ctrl-Alt-Intel)

Japan to allow ‘proactive cyber-defense’ from October 1st (The Register)

CISA official advises agencies not to get too hung up on who takes lead in critical infrastructure sectors (CyberScoop)

New Malware Highlights Increased Systematic Targeting of Network Infrastructure (Eclypsium)

Poisoned Typeface: How Simple Font Rendering Poisons Every AI Assistant, And Only Microsoft Cares (LayerX)

Schneider Electric Patches Critical RCE Vulnerability in SCADAPack RTUs (Beyond Machines)

Turing Award Goes to Inventors of Quantum Cryptography (The New York Times)

Witness Caught Using Smartglasses in Court Blames it all on ChatGPT (404 Media)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Europe clamps down on global hackers.

Tue, 17 Mar 2026 20:30:00 -0000

The EU imposes sanctions after cyberattacks. DHS boosts surveillance spending. AI firms recruit weapons-risk experts. Stryker disruption, no patient impact. LeakNet leans on ClickFix. Sears chatbot data spills. A Chinese security firm leaks a private key. Tech giants team up on scams. Teens sue xAI over alleged AI-generated abuse. On today’s Threat Vector segment, David Moulton and guest Erica L. Shoemate, founder of The EN Strategy Group, explore how AI is fundamentally reshaping the security landscape. Cyber crooks cause a complimentary curbside convenience.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

Threat Vector

What if the choices we make about AI security today determine who holds power tomorrow? On this Threat Vector segment, David Moulton and guest Erica L. Shoemate, founder of The EN Strategy Group, explore how AI is fundamentally reshaping the security landscape, from compressed decision-making timelines and asymmetric threat capabilities to the erosion of trust that creates strategic vulnerabilities. You can listen to David and Erica's full conversation here and catch new episodes of Threat Vector from Palo Alto Networks each Thursday on your favorite podcast app.

Selected Reading

EU Sanctions Iranian and Chinese Firms for Cyberattacks Against European Networks (TechNadu)

DHS-built surveillance apparatus to surge in year ahead, documents show (FedScoop)

AI firm Anthropic seeks weapons expert to stop users from 'misuse' (BBC)

Stryker attack wiped tens of thousands of devices, no malware needed (Bleeping Computer)

LeakNet ransomware uses ClickFix and Deno runtime for stealthy attacks (Bleeping Computer)

Sears Exposed AI Chatbot Phone Calls and Text Chats to Anyone on the Web (WIRED)

China's biggest cybersecurity firm accidentally leaked an SSL key in a public installer (Neowin)

Google has signed the Industry Accord Against Online Scams and Fraud. (Google)

Teenage girls sue Musk’s xAI, accusing Grok tool of creating child sexual abuse material (The Guardian)

Free parking in Russia after Distributed Denial-of-Service attack knocks city's parking system offline (Bitdefender)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Mid season reflection with Kim Jones. [CISOP]

Tue, 17 Mar 2026 06:00:00 -0000

In this mid-season episode, Kim takes a step back to reflect on the journey so far—revisiting key conversations, standout moments, and recurring themes that have shaped the season. During the episode, Kim sits down with N2K's own Ethan Cook to connect the dots across episodes, uncovering deeper patterns and takeaways. Whether you're catching up or tuning in weekly, this episode offers a thoughtful recap and fresh perspective on where we've been—and what's still to come.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Watch out for cybercrime frequent flyers.

Mon, 16 Mar 2026 20:30:00 -0000

Drone strikes hit a key chip supply chain. China-linked hackers target Southeast Asian militaries. Attackers race ahead with AI. ShinyHunters claim a massive Telus breach. Microsoft issues a hotpatch. Malware turns up on Steam. Fileless attacks grow. Airline miles become cybercrime currency. Monday business breakdown. Tim Starks from CyberScoop unpacks the Stryker attack and the nebulous nature of Iranian cyber activity. AI playmates puzzle preschoolers.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Our guest is Tim Starks from CyberScoop discussing how the Stryker attack highlights the nebulous nature of Iranian cyber activity amid joint U.S.-Israel conflict. You can read more in Tim’s article here.

Selected Reading

Drone strikes halt a third of the world's helium supply, threatening chip production (TechSpot)

China-Linked Hackers Hit Asian Militaries in Patient Espionage Operation (SecurityWeek)

Attackers are exploiting AI faster than defenders can keep up, new report warns (CyberScoop)

Telus Digital confirms breach after hacker claims 1 petabyte data theft (Bleeping Computer)

Microsoft releases Windows 11 OOB hotpatch to fix RRAS RCE flaw (Bleeping Computer)

The FBI is investigating malware hidden inside games hosted on Steam (TechCrunch)

New XWorm 7.1 and Remcos RAT Attacks Abuse Windows Tools to Evade Detection (Hackread)

Airline miles become underground currency in loyalty fraud schemes | brief (SC Media)

Kevin Mandia-founded Armadin launches with $190 million. (N2K Pro Business Briefing)

AI toys for young children need tighter rules, researchers warn (BBC News)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Christian Lees: It's not always textbook. [CTO] [Career Notes]

Sun, 15 Mar 2026 07:00:00 -0000

Please enjoy this encore of Career Notes.

Christian Lees, CTO at Resecurity, shares his story and insight on coming into the cybersecurity world. He considers himself a late bloomer because he did not go to college until he was 23. He wasn’t sure of what he wanted to do, and a family friend gave him a computer and the rest was history, he says. He fell in love with computers and started working at different companies trying to get ahead. He says it's not always textbook, and sometimes you just need to cut your teeth on something to get where you're going. Throughout his journey, he was constantly questioning whether he made the right decision, and in the end he says you have to be willing to "define friction points in it, you may join security field, not knowing what you're gonna do, but by being that curious person and breaking things and putting it back together, you'll find the right way and just never stop being curious." We thank Christian for sharing his story.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Your AI sidekick might be a spy. [Research Saturday]

Sat, 14 Mar 2026 05:00:00 -0000

This week, we are joined by Or Eshed, Co-Founder and CEO from LayerX Security, discussing their work on "How We Discovered A Campaign of 16 Malicious Extensions Built to Steal ChatGPT Accounts." Researchers uncovered a coordinated campaign of 16 malicious browser extensions posing as ChatGPT productivity tools while secretly stealing user accounts.

The extensions intercept ChatGPT session authentication tokens and send them to attacker-controlled servers, allowing threat actors to impersonate users and access their conversations, files, and connected services like Google Drive or Slack. The findings highlight how AI-focused browser extensions are creating a new attack surface, emphasizing the need for organizations to closely monitor and restrict third-party AI tools.

The research can be found here:

⁠⁠⁠How We Discovered A Campaign of 16 Malicious Extensions Built to Steal ChatGPT Accounts

Learn more about your ad choices. Visit megaphone.fm/adchoices

Socks pulled, patches pushed.

Fri, 13 Mar 2026 20:30:00 -0000

Europol dismantles the SocksEscort proxy service. Cyber operations highlight imbalance in the war in Iran. Google rushes Chrome zero-day patches. Veeam fixes critical backup flaws. A former incident responder faces ransomware charges. Thomson Reuters staff push back on an ICE contract. Attackers abuse backup tools for data theft. CISA flags a critical n8n vulnerability. Maria Varmazis is joined by Jack R. Bialik, engineer and author, to discuss the hidden risks of a fully-digital society, and talk about his book "In Lost in Time: Our Forgotten and Vanishing Knowledge." A Phony photo fuels a phantom flight fiasco.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

N2K CyberWire’s Maria Varmazis is joined by Jack R. Bialik, engineer and author, to discuss the hidden risks of a fully-digital society, and talk about his book "In Lost in Time: Our Forgotten and Vanishing Knowledge."

Selected Reading

Europol and international partners disrupt ‘SocksEscort’ proxy service - Joint operation targeted malicious proxy service exploiting residential routers worldwide (Europol)

War in Iran – asymmetry in cyberspace (IISS)

Google fixes two new Chrome zero-days exploited in attacks (Bleeping Computer)

Veeam warns of critical flaws exposing backup servers to RCE attacks (Bleeping Computer)

Former Employee of Cybersecurity Companies Charged in ALPHV (BlackCat) Ransomware Extortion Case (TechNadu)

They Don’t Want Their Company’s Surveillance Tool Used by ICE (The New York Times)

Data Exfiltration and Threat Actor Infrastructure Exposed (Huntress)

CISA adds n8n RCE flaw to list of known exploited vulnerabilities (SC Media)

Cyber National Mission Force to get new commander amid broader leadership turnover (The Record)

AI Used to Promote Non-Existent Evacuation Flights From the Middle East (Bellingcat)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Is the role of the CISO adding to the confusion? [CISOP]

Fri, 13 Mar 2026 06:00:00 -0000

Show Notes:

As cybersecurity has matured, the field has become more formalized within businesses with CISOs leading the way. However, despite the value of the CISO and its widespread adoption, the role has continued to lose agency with other board members. In this episode of CISO Perspectives, host ⁠Kim Jones⁠ sits down with Patty Ryan, the CISO at QuidelOrtho, to assess the value of the role. Throughout the conversation, Patty and Kim will discuss the challenges facing CISOs, why the role has lost its agency, and what can be done to reverse the current trajectory.

Want more CISO Perspectives?:

Learn more about your ad choices. Visit megaphone.fm/adchoices

Oops, those were the FBI files.

Thu, 12 Mar 2026 20:30:00 -0000

Iran threatens tech firms as hackers strike Stryker. The EU advances efforts toward digital sovereignty. A foreign hacker stumbles upon the FBI’s Epstein files. DOGE used ChatGPT to cull humanities grants. Meta claims increased efforts against scams. A Wisconsin ambulance provider discloses a data breach. CISA shortens the patch deadline for a critical SolarWinds vulnerability. We preview this year’s RSAC 2026 Innovation Sandbox with Cecilia Marinier and Paul Kocher. Dangerous digital diets miss the mark.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On our Industry Voices segment, we share a RSAC 2026 Conference innovation preview with Cecilia Marinier and Innovation Sandbox judge Paul Kocher talking about this year's Top 10 Finalists.

Selected Reading

Iran-linked hackers claim responsibility for attack on US medical device maker Stryker (Reuters)

'Legitimate targets': Iran issues warning to US tech firms including Google, Amazon, Microsoft, Nvidia (The Times of India)

Iranian trolls are flooding social media with pro-Tehran, anti-war propaganda (MS Now)

Commission announces €75 million EURO-3C Project to build a federated Telco-Edge-Cloud infrastructure for digital sovereignty (European Commission)

Hacker broke into FBI and compromised Epstein files, report says (TechCrunch)

When DOGE Unleashed ChatGPT on the Humanities (The New York Times)

Meta says it culled millions of scam ads amid accusations that it profits from them (The Record)

Bell Ambulance Ransomware Attack Impacts Over 237,000 Individuals (Beyond Machines)

CISA Mandates Emergency Patching for SolarWinds Web Help Desk Vulnerabilities (Beyond Machines)

AI Chatbots Are Giving Teens Absolutely Terrible Diet Advice, Study Warns (Gizmodo)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

AI as Tradecraft: How Threat Actors Are Operationalizing AI [Microsoft Threat Intelligence Podcast]

Thu, 12 Mar 2026 13:00:00 -0000

In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo is joined by Greg Schlomer and Vlad Honyanyy to discuss new research on Jasper Sleet, a North Korean–aligned threat actor incorporating AI into active operations.

The conversation examines how AI is being integrated across the attack lifecycle — from highly tailored phishing lures and fabricated job applicant personas to accelerating malware development and refining operational workflows. Rather than treating AI as a novelty, Jasper Sleet is using it to increase speed, scale, and adaptability while reducing many of the friction points that once slowed campaigns.

They also explore what this shift means for defenders. As AI compresses iteration cycles and lowers barriers to entry, traditional attribution signals evolve, influence operations become more convincing, and defensive teams must tighten the loop between intelligence, detection, and response. This is less about experimentation and more about the operationalization of AI as part of modern tradecraft.

In this episode you’ll learn:

How AI is changing the speed at which cyber operations evolve

Why jailbreaking AI models is often trivial for motivated adversaries

The strategic implications of AI leveling the playing field between threat actors

Some questions we ask:

Is there resistance among experienced malware authors to adopting AI?

Are we seeing fully AI-written malware in the wild?

What stands out about Jasper Sleet’s use of AI?

Resources:

View Greg Schloemer on LinkedIn

View Sherrod DeGrippo on LinkedIn

Related Microsoft Podcasts:

Afternoon Cyber Tea with Ann Johnson

The BlueHat Podcast

Uncovering Hidden Risks

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Get the latest threat intelligence insights and guidance at Microsoft Security Insider

The Microsoft Threat Intelligence Podcast is produced by Microsoft, Hangar Studios and distributed as part of N2K media network.

Learn more about your ad choices. Visit megaphone.fm/adchoices

AI as Tradecraft: How Threat Actors Are Operationalizing AI [Microsoft Threat Intelligence Podcast]

Thu, 12 Mar 2026 05:00:00 -0000

In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo is joined by Greg Schlomer and Vlad H. to discuss new research on Jasper Sleet, a North Korean–aligned threat actor incorporating AI into active operations.

In this episode you’ll learn:

How AI is changing the speed at which cyber operations evolve

Why jailbreaking AI models is often trivial for motivated adversaries

The strategic implications of AI leveling the playing field between threat actors

Some questions we ask:

Is there resistance among experienced malware authors to adopting AI?

Are we seeing fully AI-written malware in the wild?

What stands out about Jasper Sleet’s use of AI?

Resources:

View Greg Schloemer on LinkedIn

View Sherrod DeGrippo on LinkedIn

Related Microsoft Podcasts:

Afternoon Cyber Tea with Ann Johnson

The BlueHat Podcast

Uncovering Hidden Risks

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Get the latest threat intelligence insights and guidance at Microsoft Security Insider

The Microsoft Threat Intelligence Podcast is produced by Microsoft, Hangar Studios and distributed as part of N2K media network.

Learn more about your ad choices. Visit megaphone.fm/adchoices

New command amid mounting cyber risks.

Wed, 11 Mar 2026 20:30:00 -0000

Rudd takes the helm at NSA and Cyber Command. A watchdog probes alleged Social Security data mishandling. Patch Tuesday lands. Governments brace for cyber fallout from Iran. BeatBanker spreads via a fake Starlink app. InstallFix targets developers. ZombieZIP hides malware in archives. And DHS reassigns CBP officials in a FOIA secrecy dispute. Ben Yelin unpacks Anthropic’s lawsuit against the Pentagon. AI eyewear leads to awkward exposures.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Our guest today is Ben Yelin from University of Maryland Center for Cyber Health and Hazard Strategies and Caveat cohost talking about Anthropic suing the Pentagon. You can read more on the topic here.

Selected Reading

Senate approves Joshua Rudd as dual-hat leader of Cyber Command, NSA (POLITICO)

Whistleblower claims ex-DOGE member says he took Social Security data to new job (Washington Post)

Microsoft Patches 83 Vulnerabilities (SecurityWeek)

Adobe Patches 80 Vulnerabilities Across Eight Products (SecurityWeek)

Fortinet, Ivanti, Intel Patch High-Severity Vulnerabilities (SecurityWeek)

ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Schneider, Moxa, Mitsubishi Electric (SecurityWeek)

Iran war will bring wave of 'low-level cyber activity,' says intelligence group (StateScoop)

New BeatBanker Android malware poses as Starlink app to hijack devices (Bleeping Computer)

Fake Claude Code install guides push infostealers in InstallFix attacks (Bleeping Computer)

New 'Zombie ZIP' technique lets malware slip past security tools (Bleeping Computer)

DHS Ousts CBP Privacy Officers Who Questioned ‘Illegal’ Orders (WIRED)

Meta sued over AI smart glasses' privacy concerns, after workers reviewed nudity, sex, and other footage (TechCrunch)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Signals, scams, and a Salesforce snatch.

Tue, 10 Mar 2026 20:30:00 -0000

Russian hackers target Signal and WhatsApp. Permit scammers impersonate local officials. Anthropic sues over a Pentagon blacklist. The White House moves to restore fraud victims. ShinyHunters target Salesforce data. Ericsson reports a breach. macOS users face ClickFix malware. AWS credentials are phished. And CISA warns of an exploited Ivanti flaw. Our guest is Brian Baskin, Threat Researcher at Sublime Security, discussing tax season employee impersonation scams. Who fact-checks the fact-checkers?

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Our guest today is Brian Baskin, Threat Researcher at Sublime Security, discussing how tax season employee impersonation scams are conducted and what to look out for as we prepare our returns.

Selected Reading

Russia targets Signal and WhatsApp accounts in cyber campaign (AIVD)

FBI warns of phishing attacks impersonating US city, county officials (Bleeping Computer)

Anthropic sues Trump administration over Pentagon blacklist (CNBC)

White House floats Victims Restoration Program for millions affected by cyber fraud (The Record)

CybercrimeHundreds of Salesforce Customers Allegedly Targeted in New Data Theft Campaign (SecurityWeek)

Ericsson US discloses data breach after service provider hack (Bleeping Computer)

Fake CleanMyMac Site Uses ClickFix Trick to Install SHub Stealer on macOS (Hackread)

Behind the console: Active phishing campaign targeting AWS console credentials (Datadog Security Labs)

CISA: Recently patched Ivanti EPM flaw now actively exploited (Bleeping Computer)

AI fake-news detectors may look accurate but fail in real use, study finds (Tech Xplore)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

What role does higher education play in cyber? [CISOP]

Tue, 10 Mar 2026 06:00:00 -0000

Show Notes:

Cybersecurity has continued to grow and mature as a field over the past decade which has given rise to numerous degree pathways across dozens of collegiate institutions; however, the value of these degrees has continued to be a topic of debate. In this episode of CISO Perspectives, host ⁠Kim Jones⁠ sits down with Dr. Lara Ferry, the Vice President of Research at Arizona State University, to explore higher education's role in cyber. Throughout the conversation, Lara and Kim will discuss the challenges facing degree programs, the disconnects between organizations and institutions, and how the gap can be better addressed.

Want more CISO Perspectives?:

Learn more about your ad choices. Visit megaphone.fm/adchoices

From Tehran to the Apple II.

Mon, 09 Mar 2026 20:30:00 -0000

Israel claims a strike on Iran’s cyber warfare headquarters. The Trump administration releases a new national cyber strategy. DHS shakes up its IT and cybersecurity leadership. Velvet Tempest uses ClickFix to drop loaders and RATs. Researchers uncover a Linux cryptocurrency clipboard hijacker. The DOJ brings a Ghanaian romance scammer to justice. Online advertising enables government tracking. Monday business breakdown. Our guest is Jon France, CISO from ISC2, sharing some insights and findings from their 2025 ISC2 Cybersecurity Workforce Study. An Apple II app gets audited by AI.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Joining us today is Jon France, CISO from ISC2, sharing some insights and findings from their 2025 ISC2 Cybersecurity Workforce Study. For further detail, you can also check out ISC2’s just released Women in Cybersecurity report.

Selected Reading

Iranian cyber warfare HQ allegedly hit by Israel | brief (SC Media)

Iran internet blackout reaches 6th day as rights groups call for end to digital shutdown (The Record)

The long-awaited Trump cyber strategy has arrived (CyberScoop)

DHS CISO, deputy CISO exit amid reported IT leadership overhaul (FedScoop)

Termite ransomware breaches linked to ClickFix CastleRAT attacks (Bleeping Computer)

ClipXDaemon: Autonomous X11 Clipboard Hijacker Delivered Via Bincrypter-Based Loader (Cyble)

Ghanaian Pleads Guilty to Role in $100m Romance Scam (Infosecurity Magazine)

The Government Uses Targeted Advertising to Track Your Location. Here's What We Need to Do. (Electronic Frontier Foundation)

Zurich Insurance Group intends to acquire UK cyber insurer Beazley for approximately $11 billion. (N2K Pro Business Briefing)

Microsoft Azure CTO says Claude found vulns in Apple II code (The Register)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Cyber without borders: Reporters notebook. [Special Edition]

Mon, 09 Mar 2026 07:00:00 -0000

In this special Reporter’s Notebook, Maria Varmazis⁠⁠⁠⁠, host here at N2K CyberWire, takes listeners behind the scenes of our three-part series on Cyber Coalition 2025 in Tallinn, Estonia. After exploring real-time incident response, cross-border coordination, and the broader stakes of collective cyber defense, this episode offers a more personal, behind-the-scenes look at how the reporting came together.

Hosted by the NATO Cooperative Cyber Defense Centre of Excellence, the exercise brought together allied military, government, and industry teams inside NATO’s secure cyber range. Here, Maria reflects on moments that didn’t make the final cut — the atmosphere inside the facilities, the pace of covering a live exercise, and the small, human details that added texture to the larger story.

If you haven’t yet, be sure to listen to all three episodes of the series to hear the full story from the ground at Cyber Coalition 2025.

Episode one can be found ⁠⁠here⁠⁠.

Episode two can be found ⁠here⁠.

Episode three can be found ⁠⁠here⁠⁠.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Anna Belak: Acquiring skills to make you into a unicorn. [Thought Leadership] [Career Notes]

Sun, 08 Mar 2026 07:00:00 -0000

Please enjoy this encore of Career Notes.

Anna Belak, Director of Thought Leadership at Sysdig, shares her story from physics to cyber. Anna explains how she went into college with the thinking of getting a physics degree and then for her PhD decided to switch to material science and engineering. Both were not something she enjoyed and ultimately decided to go into cyber. She shares some advice on how you should never limit yourself to your degree, as well as always learning new skills and honing in on skills you already have. She say's by doing these things it will make you into a unicorn, meaning if you are good at one thing and teach yourself to be good at something else, you will become that much more valuable. Anna hopes she makes an impact with the people she works with, she hopes they will want to work with her even long after she leaves a company. We thank Anna for sharing her story.

Learn more about your ad choices. Visit megaphone.fm/adchoices

The scareware rabbit hole. [Research Saturday]

Sat, 07 Mar 2026 08:00:00 -0000

This week we are joined by Marcelle Lee, cybersecurity consultant and researcher, discussing "CTI tradecraft: Investigating a mobile scareware campaign." She details how a routine click on a Google News story led to a mobile scareware pop-up—and a deeper investigation into a broader campaign.

Using free tools like Censys, URLScan, VirusTotal, and CyberChef, she pivoted from two domains to uncover more than 100 related domains, shared infrastructure, and links to questionable antivirus apps in the Google Play Store. The findings are mapped to the MITRE ATT&CK framework, showing how freely available resources can power meaningful, actionable threat intelligence.

The research can be found here:

⁠CTI tradecraft: Investigating a mobile scareware campaign

Learn more about your ad choices. Visit megaphone.fm/adchoices

Iran is muddying the waters.

Fri, 06 Mar 2026 21:30:00 -0000

Iran’s MuddyWater breaches multiple U.S. organizations. The FBI probes a breach of wiretap management systems. A China-linked threat actor targets South American telecoms. Cisco patches critical firewall flaws. CISA flags actively exploited bugs in Hikvision cameras and Rockwell industrial systems. A House committee advances the controversial KIDS online safety bill. The FBI arrests a suspect accused of stealing millions in seized crypto from the U.S. Marshals Service. Ben Yelin and Ethan Cook unpack the dispute between Anthropic and the Pentagon. Wikimedia worm wreaks widespread wiki woes.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today, we’re bringing you a featured conversation from our Caveat podcast, where Ben Yelin sits down with N2K Lead Analyst Ethan Cook to unpack the fallout between the Pentagon and Anthropic, what led to the deal unraveling, and what it means as the government pivots to a similar AI contracting agreement with OpenAI. You can listen to their full conversation here and catch new episodes of Caveat featuring Dave and Ben every Thursday with special appearances by Ethan.

Selected Reading

Iranian APT Hacked US Airport, Bank, Software Company (SecurityWeek)

Tech Giants, Washington Rally for Anthropic in Pentagon Feud (GovInfo Security)

FBI investigates breach of surveillance and wiretap systems (Bleeping Computer)

Chinese state hackers target telcos with new malware toolkit (Bleeping Computer)

Cisco Patches 48 Firewall Vulnerabilities with Two CVSS 10 Flaws (Hackread)

CISA Flags Hikvision Camera & Rockwell Logix Vulnerabilities as Actively Exploited (SOCRadar)

House panel marks up kids digital safety act amid Democrat backlash (The Record)

US contractor's son arrested over alleged $46M crypto theft (The Register)

Wikipedia hit by self-propagating JavaScript worm that vandalized pages (Bleeping Computer)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Do certifications matter? [CISOP]

Fri, 06 Mar 2026 07:00:00 -0000

Show Notes:

As the cybersecurity industry has grown, the field has struggled to answer the question: do certifications matter? In this episode of CISO Perspectives, host ⁠Kim Jones⁠ sits down with N2K's own, ⁠Simone Petrella, to answer this question and discuss why the value of certifications continue to be debated. Throughout the conversation, Simone and Kim will discuss the challenges associated with certifications, and how the industry can adjust the ways it sees and utilizes them.

Got cybersecurity, IT, or project management certification goals?

For the past 25 years, N2K's practice tests have helped more than half a million professionals reach certification success. Grow your career and reach your goals faster with N2K’s full exam prep of practice tests, labs, and training courses for Microsoft, CompTIA, PMI, Amazon, and more at n2k.com/certify.

Want more CISO Perspectives?

Learn more about your ad choices. Visit megaphone.fm/adchoices

Unit 42's Iran Threat Brief: What We're Seeing [Threat Vector]

Thu, 05 Mar 2026 23:00:00 -0000

Unit 42 is tracking more than 60 active hacktivist groups and Iran-linked threat actors right now. What are they actually doing, what should you believe, and what should you do about it?

In this episode of Threat Vector, David Moulton sits down with Justin Moore, Senior Manager of Threat Intelligence Research at Unit 42, and Andy Piazza, Senior Director of Threat Intelligence at Unit 42, to walk through the Unit 42 Iran Threat Brief and what the observed activity means for defenders.

You'll learn:

- What Unit 42 is actually observing from groups like Handala Hack, FAD Team, and Dark Storm, and what claims remain unverified

- Why Iran's reduced internet connectivity changes the threat picture in ways that aren't obvious

- What dispersed operators and proxy groups mean for organizations far outside the Middle East

- Which defensive actions matter most against the TTPs and IOCs Unit 42 has documented

- How to handle hacktivist claims that may be exaggerated or false

Justin Moore brings nine years of intelligence officer experience plus senior threat intel roles at Mandiant, Google, and TikTok before joining Unit 42. Andy Piazza has more than 20 years in security operations and threat intelligence, including leading IBM X-Force's global threat intel team.

Read the threat brief from Unit 42:

- Escalation of Cyber Risk Related to Iran (March 2026)

- Escalation of Cyber Risk Related to Iran (June 2025)

This episode is essential listening if you're: a CISO assessing current exposure, a threat analyst tracking Iran-linked groups, or a security leader who needs to explain the actual observed risk to your board.

Related Episodes:

- Inside the Mind of State-Sponsored Cyberattackers

- Frenemies With Benefits

- From Policy to Cyber Interference

#Cybersecurity #ThreatIntelligence

About Threat Vector

Threat Vector by Palo Alto Networks is your premier podcast for security thought leadership. Join us as we explore pressing cybersecurity threats, robust protection strategies, and the latest industry trends.

The podcast features in-depth discussions with industry leaders, Palo Alto Networks experts, and customers, providing crucial insights for security decision-makers.

Whether you're looking to stay ahead of the curve with innovative solutions or understand the evolving cybersecurity landscape, Threat Vector equips you with the knowledge needed to safeguard your organization.

Palo Alto Networks

Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile.⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠http://paloaltonetworks.com.⁠

Learn more about your ad choices. Visit megaphone.fm/adchoices

The internet joins the war.

Thu, 05 Mar 2026 21:30:00 -0000

Hacktivist activity surges in the Middle East. Defense tech firms distance themselves from Claude. International law enforcement take down the Leakbase cybercrime forum. A pair of Cisco SD-WAN vulnerabilities are under active exploitation. Google releases an urgent Chrome security update. Age-verification is put under the microscope. TikTok is leaving end-to-end encryption out of your DMs. Our guest is Daniel Barbu, Director of EMEA Security from Adobe, discussing fostering a human‑centered, enablement‑driven, and collaborative approach to AI. Clever code catches cardiac clues.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today on our Industry Voices segment, we are joined by ⁠Daniel Barbu⁠, Director of EMEA Security from ⁠Adobe⁠, discussing how fostering a human‑centered, enablement‑driven, and collaborative approach to AI through the security guild, trainings, and other initiatives. Tune into the full conversation here.

Selected Reading

Retaliatory Hacktivist DDoS Activity Following Operation Epic Fury/Roaring Lion (Radware)

Threat Brief: March 2026 Escalation of Cyber Risk Related to Iran (Palo Alto Networks)

Unit 42's Iran Threat Brief: What We're Seeing (Threat Vector podcast special edition by Palo Alto Networks)

Defense tech companies are dropping Claude after Pentagon's Anthropic blacklist (NBC)

Sen. Wyden Warns of Mass Surveillance Amid Pentagon's Fight With Anthropic (Gizmodo)

Sprawling FBI, European operation takes down Leakbase cybercriminal forum (The Record)

Cisco Warns of More Catalyst SD-WAN Flaws Exploited in the Wild (SecurityWeek)

Google Rolls Out Emergency Chrome Update to Patch 10 Critical Security Vulnerabilities (GB Hackers)

Hackers Expose The Massive Surveillance Stack Hiding Inside Your “Age Verification” Check (Techdirt)

TikTok says it won't encrypt DMs claiming it puts users at risk (BBC)

WiFi signals can measure heart rate—no wearables needed - News (UCSC)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

When zero-days escape the lab.

Wed, 04 Mar 2026 21:30:00 -0000

A suspected U.S. exploit kit shows up in global iOS attacks. Facebook goes down briefly worldwide. A critical help-desk flaw enables remote code execution. Juniper PTX routers face a major bug. LastPass warns of phishing. Telegram becomes a cybercrime marketplace. Healthcare groups fight relaxed IT rules. A stolen Gemini API key runs up massive bills. CISA’s CIO departs. Our guest is Brian Long, CEO and Co-Founder of Adaptive Security, discussing how AI is reshaping social engineering. The problem of posthumous profiles.

CyberWire Guest

Today on our Industry Voices segment we are joined by Brian Long, CEO and Co-Founder of Adaptive Security, discussing how AI is reshaping social engineering. If you want to hear the full conversation, listen to it here.

Selected Reading

Possible U.S.-developed exploits linked to first known ‘mass’ iOS attack (CyberScoop)

Facebook accounts unavailable in worldwide outage (Bleeping Computer)

Critical FreeScout Vulnerability Leads to Full Server Compromise (SecurityWeek)

Juniper PTX Routers at Risk, Critical Takeover Flaw Disclosed (BankInfo Security)

LastPass Warns of New Phishing Campaign (SecurityWeek)

Telegram Increasingly Used to Sell Access, Malware and Stolen Logs Hackread)

Groups Push Back on HHS' Proposed Health IT Rollbacks (BankInfo Security)

Dev stunned by $82K Gemini API key bill after theft (The Register)

CISA CIO Robert Costello exits agency (CyberScoop)

Calls for Global Digital Estate Standard as Posthumous Deepfake Fraud Risk Grows (Infosecurity Magazine)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

When the map lies at sea.

Tue, 03 Mar 2026 21:30:00 -0000

GPS jamming hits the Strait of Hormuz. An Iran linked threat actor uses AI to target Iraqi government officials. Hacktivists leak thousands of DHS contract records. A Hawaii cancer center suffers a data breach. Google patches over a hundred Android vulnerabilities. A new report tallies the scale of third party breaches. An MS-Agent AI framework flaw allows full system compromise. On today's Threat Vector segment, Evan Gordenker, Director of AI Security and DPRK Operations at Unit 42, joins David Moulton to unpack North Korea’s hiring scams. Tire tech turns tattletale.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

North Korea has turned your hiring pipeline into a revenue machine. And most organizations have no idea. Evan Gordenker, Director of AI Security and DPRK Operations at Unit 42, joins David Moulton on today’s Threat Vector segment to unpack how this operation actually works. Listen to their full conversation to get more detail and catch new episodes of Threat Vector every Thursday on your favorite podcast app.

Selected Reading

Attacks on GPS Spike Amid US and Israeli War on Iran (WIRED)

Amazon: Drone strikes damaged AWS data centers in Middle East (Bleeping Computer)

Iranian Cyber Threat Actor Targets Iraqi Government Officials in AI-Powered Campaign (Infosecurity Magazine)

Hacktivists claim to have hacked Homeland Security to release ICE contract data (TechCrunch)

UH Cancer Center data breach affects nearly 1.2 million people (Bleeping Computer)

Android gets patches for Qualcomm zero-day exploited in attacks (Bleeping Computer)

Chrome Gemini panel became privilege escalator for rogue extensions (The Register)

Huge “Shadow Layer” of Organizations Hit by Supply Chain Attacks (Infosecurity Magazine)

Vulnerability in MS-Agent AI Framework Can Allow Full System Compromise (SecurityWeek)

Researchers Uncover Method to Track Cars via Tire Sensors (SecurityWeek)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Does diversity matter in cyber? [CISOP]

Tue, 03 Mar 2026 07:00:00 -0000

Show Notes:

As cybersecurity matures, one area still lags: diversity. In this thought-provoking episode of CISO Perspectives, host Kim Jones takes the mic solo to address a topic that remains both critical and controversial. Kim explores the current state of diversity in the cybersecurity field, why progress has been slow, and how inclusive teams drive greater innovation and resilience. Tune in for an honest conversation that challenges the status quo and pushes the industry forward.

Want more CISO Perspectives?:

Learn more about your ad choices. Visit megaphone.fm/adchoices

The parallel war online.

Mon, 02 Mar 2026 21:30:00 -0000

Cyberwar shadows the US Israel attack on Iran. Hackers hijack Pakistani news broadcasts. President Trump orders all federal agencies to stop using AI technology from Anthropic. The Health Care Cybersecurity and Resiliency Act clears a hurdle. A new RAT streamlines double extortion attacks against Windows systems. CISA updates warnings on a zero-day targeting Ivanti Connect Secure devices. A North Korea-linked group targets air-gapped systems. Monday business breakdown. On our Afternoon Cyber Tea segment from Microsoft Security, host Ann Johnson speaks with Rob Suárez, Vice President and Chief Information Security Officer at CareFirst BlueCross BlueShield, about cybersecurity in healthcare. Tim Starks from CyberScoop has the latest goings on at CISA. Microsoft says the slop stops here.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Tim Starks from CyberScoop as he is discussing ongoing challenges at CISA. If you are interested in this topic, you can learn more here.

Afternoon Cyber Tea

On our Afternoon Cyber Tea segment from Microsoft Security, host Ann Johnson speaks with Rob Suárez, Vice President and Chief Information Security Officer at CareFirst BlueCross BlueShield, about cybersecurity in healthcare. You can hear the full conversation here, and catch new episodes of Afternoon Cyber Tea every other Tuesday on your favorite podcast app.

Selected Reading

US-Israel and Iran Trade Cyberattacks: Pro-West Hacks Cause Disruption as Tehran Retaliates (SecurityWeek)

Western Cybersecurity Experts Brace for Iranian Reprisal (BankInfo Security)

Pakistan’s Top News Channels Hacked and Hijacked With Anti-Military Messages (Hackread)

Anthropic confirms Claude is down in a worldwide outage (Bleeping Computer)

Trump Orders Government to Stop Using Anthropic After Pentagon Standoff (New York Times)

OpenAI Will Deploy AI in US Military Classified Networks (GovInfo Security)

Senate Health Cyber Bill Clears Committee Hurdle (GovInfo Security)

Double whammy: Steaelite RAT bundles data theft, ransomware (The Register)

CISA warns that RESURGE malware can be dormant on Ivanti devices (Bleeping Computer)

North Korean APT Targets Air-Gapped Systems in Recent Campaign (SecurityWeek)

Astelia secures $35 million in combined seed and Series A funding. (N2K Pro Business Briefing)

Microsoft gets tired of “Microslop,” bans the word on its Discord, then locks the server after backlash (Windows Latest)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Cyber Without Borders: Standing guard 210 kilometers from risk. [Special Edition]

Mon, 02 Mar 2026 08:00:00 -0000

In the final installment of our three-part series on ⁠Cyber Coalition 2025⁠⁠, ⁠⁠Maria Varmazis⁠⁠⁠, host here at N2K CyberWire, and ⁠⁠⁠Liz Stokes, CyberWire Producer, step back from the cyber range to reflect on what their time in Tallinn really meant. This episode moves beyond the mechanics of the exercise and into the broader stakes of collective cyber defense in an increasingly uncertain geopolitical moment.

Recorded two months after their visit, the conversation blends field tape and personal reflections — from standing outside the Russian Embassy in Old Town to recalling the weight inside NATO’s secure facilities. Estonia’s history, including the 2007 cyberattacks, and its visible solidarity with Ukraine underscore just how real and proximate the risks remain.

Be sure to check out the first two episodes of this three part series, you can find them below.

Episode one can be found ⁠here⁠.

Episode two can be found here.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Larry Cashdollar: Always learning new technology. [Intelligence response engineer]

Sun, 01 Mar 2026 08:00:00 -0000

Please enjoy this encore of Career Notes.

Larry Cashdollar, Principal Security Intelligence Response Engineer at Akamai Technologies, sits down with Dave Bittner to discuss his life leading up to working at Akamai. He shares his story from his beginnings to now, describing what college life was like as a young computer enthusiast. He says "If you look at my 1986 yearbook, I think it was my sixth grade class, it says computer scientist for my career path. So I had a love of computers when I was really young. I guess I knew what field I wanted to get into right off the bat." He describes different career paths that all led him to his current position. He also shares his love for computers and technology through the decades of his youth, and how he is learning, even now. We thank Larry for sharing his story.

Learn more about your ad choices. Visit megaphone.fm/adchoices

The parking lot of digital danger. [Research Saturday]

Sat, 28 Feb 2026 08:00:00 -0000

This week we are joined by Dr. Renée Burton, Vice President of Infoblox Threat Intel, discussing "Parked Domains and Direct Search: An Underreported Security Risk." Parked domains are no longer harmless ad pages — new research finds that in today’s “direct search” or zero-click parking ecosystem, more than 90% of visits to certain parked lookalike domains lead to scams, malware, or deceptive content, often hidden behind layers of traffic distribution systems and device fingerprinting.

The report details three previously unpublished domain portfolio actors who weaponize typosquatting, DNS manipulation — including rare “double fast flux” techniques highlighted in a 2025 advisory from Cybersecurity and Infrastructure Security Agency — and even misconfigured name server records to evade detection and funnel real users toward malicious advertisers. Beyond malvertising, some parked lookalike domains collect misdirected email, fuel business email compromise, and exploit outdated links — including those surfaced by generative AI — underscoring how a simple typo can expose users and enterprises to significant risk.

The research can be found here:

Parked Domains Become Weapons with Direct Search Advertising

Learn more about your ad choices. Visit megaphone.fm/adchoices

Leadership shakeup at CISA.

Fri, 27 Feb 2026 21:30:00 -0000

CISA’s acting director exits. Trump’s pick to lead the NSA hits Senate headwinds. The Pentagon pressures Anthropic over AI guardrails. A new WiFi attack sidesteps encryption. CISA flags flaws in EV chargers. Juniper patches a critical router bug. ManoMano discloses a massive breach. Europol cracks down on The Com. Greece delivers verdicts in Predatorgate. An alleged carding kingpin lands in U.S. custody. Jeff Williams, Founder of OWASP and Co-Founder/CTO of Contrast Security, shares how NIST is rethinking its role in analyzing software vulnerabilities as EU launches GCVE. Meta’s mischievous monocles meet their match.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we have Jeff Williams, Founder of OWASP and Co-Founder/CTO of Contrast Security, sharing how NIST is rethinking its role in analyzing software vulnerabilities as EU launches GCVE. If you enjoyed this conversation, you can hear the full interview over on the Caveat podcast.

Selected Reading

Gottumukkala out, Andersen in as acting CISA director (CyberScoop)

Senator seeks to block Trump’s NSA pick, citing civil liberties concerns (The Washington Post)

Anthropic Refuses to Bend to Pentagon on AI Safeguards as Dispute Nears Deadline (SecurityWeek)

New AirSnitch attack bypasses Wi-Fi encryption in homes, offices, and enterprises (Ars Technica)

Critical Vulnerabilities in SWITCH EV Charging Platform Allow Station Impersonation (Beyond Machines)

Juniper Networks PTX Routers Affected by Critical Vulnerability (SecurityWeek)

38 Million Allegedly Impacted by ManoMano Data Breach (SecurityWeek)

‘Project Compass’ Cracks Down on ‘The Com’: 30 Members Arrested (Infosecurity Magazine)

Greek court sentences Predator spyware gang (POLITICO)

Chilean Carding Shop Operator Extradited to US (SecurityWeek)

This App Warns You if Someone Is Wearing Smart Glasses Nearby (404 Media)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Rogue peers and hidden exploits.

Thu, 26 Feb 2026 21:30:00 -0000

Five Eyes flags active exploitation of Cisco SD-WAN flaws. Ransomware incidents surge, but fewer victims are paying. The FTC eases its stance on COPPA to encourage age verification. Authorities in Poland and Germany charge 11 in a Facebook credential harvesting scheme. Top UK news outlets unite on AI licensing standards, as the UK touts gains in cyber resilience. Researchers say a hacker abused Anthropic’s Claude to breach Mexican government networks. Gamers revolt over AI in game development. On our Industry Voices, we are joined by Linda Gray Martin, Chief of Staff and SVP, and Britta Glade, SVP of Content and Communities, from RSAC sharing what is new at RSAC 2026. In Moscow, a man is accused of impersonating an FSB officer to shake down the Conti ransomware gang.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today on our Industry Voices, we are joined by Linda Gray Martin, Chief of Staff and SVP, and Britta Glade, SVP of Content and Communities, from RSAC sharing what is new at RSAC 2026.

Selected Reading

Cisco SD-WAN Is Actively Exploited by UAT-8616, Five Eyes Alliance Agencies Issue Warning (TechNadu)

Ransomware payments dropped in 2025 as attack numbers reached record levels: Chainalysis (The Record)

FTC Softens Enforcement of Rule Protecting Children Online, Ostensibly to Protect Children Online (Gizmodo)

Poland Cybercrime Unit Uncovers Scheme Stealing 100,000 Facebook Logins (The 420)

UK news giants form 'NATO for news' group to control AI scraping (Press Gazette)

Government cuts cyber-attack fix times by 84% and launches new profession to protect public services (GOV.UK)

Hacker Used Anthropic’s Claude to Steal Sensitive Mexican Data (Bloomberg)

AI Mistakes Are Infuriating Gamers as Developers Seek Savings (Bloomberg)

Moscow man accused of posing as FSB officer to extort Conti ransomware gang (The Record)

AIs can’t stop recommending nuclear strikes in war game simulations (New Scientist)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

A new front in the data sovereignty debate.

Wed, 25 Feb 2026 21:30:00 -0000

Trump tells diplomats to fight digital sovereignty. DeepSeek allegedly trains on banned Nvidia chips. Google knocks out Gallium. Hackers tamper with patient records in New Zealand. Popular mental health apps leak risk. Wynn confirms a ShinyHunters breach. Telecoms dodge New York cyber rules. Russia targets Telegram’s founder. And a defense insider heads to prison for selling cyber weapons to Moscow. Andrew Dunbar, CISO of Shopify, discusses how identity and trust become the new perimeter and how commerce needs both. Barking backlash brews beneath big-game broadcast.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Andrew Dunbar, CISO of Shopify, to discuss how identity and trust become the new perimeter and how commerce needs both to be engineered into the platform.

Selected Reading

Exclusive: US orders diplomats to fight data sovereignty initiatives (Reuters)

Exclusive: China's DeepSeek trained AI model on Nvidia's best chip despite US ban, official says (Reuters)

Google disrupts Chinese-linked hackers that attacked 53 groups globally (Reuters)

Patient data changed as major NZ health app MediMap hacked (RNZ News)

Android mental health apps with 14.7M installs filled with security flaws (Bleeping Computer)

Wynn Resorts Confirms Cyberattack & Extortion Threat, Claims Data Deleted (Casino.org)

Verizon successfully dodged data security rules from state regulators (Times Union)

Russia opens probe of Telegram chief, claiming app has been used for terrorism (Washington Post)

Former Defense Contractor Sentenced to 87 Months in Prison for Selling Secrets to Russia: Peter Williams Trade Secrets Case Concludes (TechNadu)

$10,000 bounty offered if you can hack Ring cameras to stop them sharing your data with Amazon (Bitdefender)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Multiple root-level risks resolved.

Tue, 24 Feb 2026 21:10:00 -0000

SolarWinds patches four critical remote code execution vulnerabilities. A ransomware attack on Conduant puts the data of over 25 million Americans at risk. RoguePilot enables Github repository takeovers. ZeroDayRat targets Android and iOS devices. North Korea’s Lazarus group deploy Medusa ransomware against organizations in the U.S. and the Middle East. Attackers’ breakout times drop to under half an hour. CISA maintains its mission despite staffing challenges. Russian satellites draw fresh scrutiny. Two South Korean teenagers are charged with breaching Seoul’s public bike service. Krishna Sai, CTO at SolarWinds, discusses why leaders should focus less on speculating about an AI bubble, and more on how to quantify AI’s tangible contributions. The Pope pushes prayerful priests past predictable programs.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Krishna Sai, CTO at SolarWinds, discussing why leaders should focus less on speculating about an AI bubble, and more on how to quantify AI’s tangible contributions.

Selected Reading

Critical SolarWinds Serv-U flaws offer root access to servers (Bleeping Computer)

Massive Conduent Data Breach Exfiltrates 8 TB Affects Over 25 Million Americans (GB Hackers)

GitHub Issues Abused in Copilot Attack Leading to Repository Takeover (SecurityWeek)

New ZeroDayRAT Malware Claims Full Monitoring of Android and iOS Devices (Hackread)

North Korean state hackers seen using Medusa ransomware in attacks on US, Middle East (The Record)

CrowdStrike says attackers are moving through networks in under 30 minutes (CyberScoop)

Shutdown at D.H.S. Extends to Cyber Agency, Adding to Setbacks (The New York Times)

From Cold War interceptors to Ukraine: how Russia came to park spy satellites next to the West’s most sensitive tech in orbit (Meduza)

Korean cops charge two teens over Seoul bike hire breach (The Register)

Pope tells priests to use their brains, not AI, to write homilies (EWTN News)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

The basics broke telecom.

Mon, 23 Feb 2026 21:30:00 -0000

A senior FBI cyber official warns Salt Typhoon remains an ongoing threat. Data protection authorities issue a joint statement raising serious concerns about AI image creation. A Japanese semiconductor equipment maker confirms a ransomware attack. New number formats seek to reduce AI overhead. A low-skilled Russian-speaking threat actor compromised more than 600 Fortinet FortiGate firewalls. Spanish authorities have arrested four alleged members of Anonymous. CISA tags a pair of Roundcube Webmail flaws. Cybersecurity stocks fell sharply on news of a new security feature in Claude AI. Monday business breakdown. Brandon Karpf, friend of the show discussing sovereignty in space and cyber. Digital disruption drains drumsticks.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today Dave sits down with Brandon Karpf, friend of the show, and Maria Varmazis, host of T-Minus, as they are discussing sovereignty in space and cyber.

Selected Reading

FBI: Threats from Salt Typhoon are ‘still very much ongoing’ (CyberScoop)

Joint Statement on AI-Generated Imagery and the Protection of Privacy (International Enforcement Cooperation Working Group (IEWG))

Japanese chip-testing toolmaker Advantest suffers ransomware attack (Help Net Security)

AI's Math Tricks Don't Work for Scientific Computing (IEEE)

Russian Cyber Threat Actor Uses GenAI to Compromise Fortinet Firewalls (Infosecurity Magazine)

Suspected Anonymous members cuffed in Spain over DDoS attack (The Register)

CISA: Recently patched RoundCube flaws now exploited in attacks (Bleeping Computer)

Anthropic Unveils 'Claude Code Security,' Sending Cyber Stocks Lower (Bloomberg)

RSAC Innovation Sandbox finalists secure $5 million each. (N2K Pro Business Briefing)

Cyber attack takes major chicken processor Hazeldenes offline leaving businesses without meat (ABC News)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Cyber without borders: The human side of cyber defense. [Special Edition]

Mon, 23 Feb 2026 08:00:00 -0000

In this second installment of our three-part series on ⁠⁠Cyber Coalition 2025⁠⁠, ⁠⁠Maria Varmazis⁠⁠⁠, host of ⁠⁠⁠T-Minus⁠⁠⁠ Space Daily and CyberWire Producer ⁠⁠⁠Liz Stokes,⁠⁠ take listeners inside a single day at NATO’s cyber headquarters in Tallinn, Estonia — focusing on the human side of cyber defense.

Hosted by the NATO Cooperative Cyber Defence Centre of Excellence and led by NATO Allied Command Transformation, Cyber Coalition is a defensive-only exercise built around collaboration, coordination, and information sharing across allied nations. This episode highlights how that plays out in practice, from legal teams working through cross-border policy questions to military defenders coordinating with civilian infrastructure partners inside NATO’s secure cyber range.

In case you missed the first episode of this three part series, check it out ⁠here⁠.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Mary Writz: Take a negative and make it into a positive. [VP Product Strategy] [Career Notes]

Sun, 22 Feb 2026 08:00:00 -0000

Please enjoy this encore of Career Notes.

Mary Writz, Vice President of Product Strategy at ForgeRock, shares how each career path she has taken has led her to where she is now. Mary describes how she has been a woman working in a male dominated field for most of her career and how she had to take charge, and she had to get the men to take charge with her. She says "I was often leading people, mostly men older than me, potentially smarter than me, more well paid than me. So I had to learn how to think about galvanizing this group to charge forward with me, even though I was a bit of a minority in that way." She also states that she tells herself to always make a positive out of a negative by showing people how you can respond to what's happening with a lot of energy, focus, and care and that's what got her to where she is today.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Telegram for the throne. [Research Saturday]

Sat, 21 Feb 2026 08:00:00 -0000

Today we have Tomer Bar, VP of Security Research at SafeBreach Labs, discussing their work on "Prince of Persia: A Decade of Iranian Nation-State APT Campaign Activity under the Microscope". In this first installment of SafeBreach’s deep dive into the Iranian-linked APT known as “Prince of Persia,” originally exposed by Palo Alto Networks Unit 42, researchers reveal that the group never truly went dark after 2022—but instead evolved.

Led by Tomer, the investigation uncovers new variants of Foudre and Tonnerre malware, expanded campaign scale, active C2 infrastructure through late 2025, and a shift toward Telegram-based command-and-control. The research provides rare, sustained visibility into nearly a decade of Iranian nation-state cyber operations, offering fresh indicators of compromise and insight into how the group continues to refine its tooling, obfuscation, and targeting.

The research can be found here:

Prince of Persia, Part 1: A Decade of Iranian Nation-State APT Campaign Activity under the Microscope

Learn more about your ad choices. Visit megaphone.fm/adchoices

Facing a slow-burn confrontation.

Fri, 20 Feb 2026 21:30:00 -0000

Dutch authorities warn Russia is escalating hybrid operations across Europe. Ransomware shuts down the University of Mississippi Medical Center. PayPal notifies customers of a data breach. The FBI says ATM jackpotting is on the rise. An FBI confidential informant had a hand in online fentanyl sales. TrustConnect malware masquerades as a legitimate remote monitoring and management tool. Researchers uncover the first Android malware to integrate generative AI. A critical zero-day hits Grandstream VOIP phones. The IRS slashes IT staff and technology executives. Our guest is James Turgal, a 22-year FBI vet and VP of global cyber risk and board relations at Optiv, discussing the latest wave of tax scams and IRS fraud. DOGE dudes deliver DEI deathblows.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by James Turgal, a 22-year FBI vet and VP of global cyber risk and board relations at Optiv, discussing the latest wave of tax scams and IRS fraud.

Selected Reading

Russia stepping up hybrid attacks, preparing for long standoff with West, Dutch intelligence warns (The Record)

University of Mississippi Medical Center Suffers Cyberattack, Closes All Clinics, Cancels Services (Mississippi Free Press)

PayPal discloses data breach that exposed user info for 6 months (Bleeping Computer)

FBI: Over $20 million stolen in surge of ATM malware attacks in 2025 (Bleeping Computer)

An FBI ‘Asset’ Helped Run a Dark Web Site That Sold Fentanyl-Laced Drugs for Years (WIRED)

(Don't) TrustConnect: It's a RAT in an RMM hat (Proofpoint US)

PromptSpy ushers in the era of Android threats using GenAI (We Live Security)

CVE-2026-2329: Critical Unauthenticated Stack Buffer Overflow in Grandstream GXP1600 VoIP Phones (FIXED) (Rapid 7)

DOGE bites taxman (The Register)

DOGE Bro’s Grant Review Process Was Literally Just Asking ChatGPT ‘Is This DEI?’ (Techdirt)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

MFA meets its match.

Thu, 19 Feb 2026 21:45:00 -0000

Starkiller represents a significant escalation in phishing infrastructure. A blockchain lender breach affects nearly a million users. The Kimwolf botnet disrupts a peer-to-peer privacy network. Researchers identifiy vulnerabilities in widely used Visual Studio Code extensions. DEF CON bans three men named in the Epstein files. Texas sues TP-Link over supply chain security. Experts question the impact of cyber versus kinetic damage in Venezuela. African law enforcement arrest hundreds of suspected scammers. Tim Starks from CyberScoop explains CISA’s upcoming town hall meetings over ICS reporting rules. Warsaw walls off Wi-Fi-wired wheels.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Tim Starks from CyberScoop discussing “CISA to host industry feedback sessions on cyber incident reporting regulation.”

Selected Reading

Starkiller: New ‘Commercial-Grade’ Phishing Kit Bypasses MFA (Infosecurity Magazine)

Nearly 1 Million User Records Compromised in Figure Data Breach (SecurityWeek)

Kimwolf Botnet Swamps Anonymity Network I2P (Krebs on Security)

Flaws in Popular IDE Extensions Allow Data Exfiltration (Infosecurity Magazine)

DEF CON bans three Epstein-linked men from future events (The Register)

Texas sues TP-Link over Chinese hacking risks, user deception (Bleeping Computer)

The Caracas operation suggests cyber was part of the plan – just not the whole operation (CyberScoop)

Police arrests 651 suspects in African cybercrime crackdown (Bleeping Computer)

Nigerian man gets eight years in prison for hacking tax firms (Bleeping Computer)

Poland bans camera-packing cars made in China from military bases (The Register)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Rooted and patient.

Wed, 18 Feb 2026 21:30:00 -0000

A China-linked group exploits a critical Dell zero-day for 18 months. A Microsoft 365 Copilot bug risks sensitive email oversharing. A new Linux botnet leans on old-school IRC for command and control. Switzerland tightens critical infrastructure rules with mandatory cyber reporting. AstarionRAT emerges as a custom post-exploitation implant. Researchers find serious flaws in popular PDF platforms. A suspected Iranian-aligned campaign targets protest supporters. Notepad++ rolls out a “double-lock” update fix. And a Spanish court orders NordVPN and ProtonVPN to block illegal football streams. Our guest is Keith Mularski, Former FBI Special Agent and Chief Global Ambassador at Qintel, reflecting on the 25th anniversary of notorious spy Robert Hanssen's arrest. Dutch Defense flaunt F-35 firmware freedom.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Keith Mularski, Former FBI Special Agent and Chief Global Ambassador at Qintel, to talk about the 25th anniversary of Robert Hanssen's arrest. If you enjoyed Keith’s conversation, you can hear more from him over on the Only Malware in the Building podcast.

Selected Reading

Chinese hackers exploited a Dell zero-day for 18 months before anyone noticed (CyberScoop)

Microsoft says bug causes Copilot to summarize confidential emails (Bleeping Computer)

New Linux Botnet Discovered (Linux Magazine)

Switzerland’s NCSC boosts operational capabilities, mandates cyberattack reporting on critical infrastructure (Industrial Cyber)

ClickFix Won't Die. Neither Will Matanbuchus. A New RAT and a Hands-on-Keyboard Intrusion (Huntress)

Vulnerabilities in Popular PDF Platforms Allowed Account Takeover, Data Exfiltration (SecurityWeek)

CRESCENTHARVEST: Iranian protestors and dissidents targeted in cyberespionage campaign (Acronis)

Notepad++ boosts update security with ‘double-lock’ mechanism (Bleeping Computer)

Spain orders NordVPN, ProtonVPN to block LaLiga piracy sites (Bleeping Computer)

Dutch defense chief: F-35s can be jailbroken like iPhones (The Register)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

The lights stay on, but dimmer.

Tue, 17 Feb 2026 21:30:00 -0000

The government shutdown leaves CISA at reduced capacity. Ransomware and misconfigured AI threaten cyber-physical infrastructure. Operation DoppelBrand targets Fortune 500 financial and technology firms. Researchers uncover infostealers targeting OpenClaw AI. Identity-based attacks accounted for nearly two-thirds of initial intrusions last year. Researchers compromise popular cloud-based password managers. Authorities have arrested a man suspected of links to Phobos ransomware. Monday business breakdown. On Threat Vector, host David Moulton talks with Steve Elovitz about the 750 major breaches his team analyzed in a single year. Digital detour delivers a Dutchman to detention.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

Threat Vector

On today’s Threat Vector segment, David Moulton is joined by Steve Elovitz from Unit 42's North America consulting and incident response practice. After analyzing 750+ major breaches in a single year, he's seen exactly which security investments save companies and which ones fail when attackers strike. You can hear David and Steve’s full conversation on Thursday’s episode of Threat Vector and listen to new episodes each Thursday on your favorite podcast app.

Selected Reading

CISA Navigates DHS Shutdown With Reduced Staff (SecurityWeek)

Significant Rise in Ransomware Attacks Targeting Industrial Operations (Infosecurity Magazine)

A Misconfigured AI Could Trigger Infrastructure Collapse (BankInfo Security)

Operation DoppelBrand Weaponizes Trusted Brands For Credential Theft (Infosecurity Magazine)

Infostealer malware found stealing OpenClaw secrets for first time (Bleeping Computer)

Unit 42: Nearly two-thirds of breaches now start with identity abuse (CyberScoop)

Password Managers Vulnerable to Vault Compromise Under Malicious Server (SecurityWeek)

Poland arrests suspect linked to Phobos ransomware operation (Bleeping Computer)

Vega raises $120 million in a Series B round led by existing investor Accel (N2K Pro Business Briefing)

Dutch police arrest man who refused to delete confidential files shared by mistake (The Record)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Cyber without borders: How Estonia turned crisis into cyber power. [Special Edition]

Mon, 16 Feb 2026 08:00:00 -0000

In this three-part series, ⁠Maria Varmazis⁠, host of ⁠T-Minus⁠ Space Daily and CyberWire Producer ⁠Liz Stokes⁠, take you inside NATO’s flagship cyber defense exercise, ⁠Cyber Coalition 2025⁠. Hosted by the NATO Cooperative Cyber Defence Centre of Excellence in Tallinn, Estonia, the exercise brings together military, government, and industry teams from across the alliance to respond to realistic, high-pressure cyberattack scenarios targeting critical infrastructure and operational networks.

Throughout the series, Maria and Liz will guide you through what they witnessed on the ground — from real-time threat detection and incident response to the strategic collaboration shaping NATO’s cyber resilience in an increasingly contested digital landscape.

Please follow along with the next episode of our three part series ⁠here⁠.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Mike Arrowsmith: Facing adversity in the workplace. [CTrO] [Career Notes]

Sun, 15 Feb 2026 08:00:00 -0000

Please enjoy this encore of Career Notes.

Mike Arrowsmith, Chief Trust Officer at NinjaOne, leads the organization’s IT, security, and support infrastructure to ensure they meet customers’ security and data privacy demands as it scales. Mike discusses how his career path has led him to the position he currently holds and how exciting the world of cybersecurity can be. He mentioned how he mentored students in college thinking of going into the field, and he used a metaphor to help describe the industry, saying "We are working against adversaries that are always typically one step ahead. Figuratively, if you could imagine, you're trying to chase a ball, but you never can quite get your hands on it." He shares how he loves the evolving field and that he thrives in a situation where things are constantly changing. We thank Mike for sharing his story.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Stealer in the status bar. [Research Saturday]

Sat, 14 Feb 2026 08:00:00 -0000

Today we have Ziv Mador, VP of Security Research from LevelBlue SpiderLabs discussing their work on "SpiderLabs IDs New Banking Trojan Distributed Through WhatsApp." Researchers at LevelBlue SpiderLabs have identified a new Brazilian banking Trojan dubbed Eternidade Stealer, spread through WhatsApp hijacking and social engineering campaigns that use a Python-based worm to steal contacts and distribute malicious MSI installers.

The Delphi-compiled malware targets Brazilian victims, profiles infected systems, dynamically retrieves its command-and-control server via IMAP email, and deploys banking overlays to harvest credentials from financial institutions and cryptocurrency platforms. The campaign reflects the continued evolution of Brazil’s cybercrime ecosystem, combining WhatsApp propagation, geofencing, encrypted C2 communications, and process injection to maintain stealth and persistence.

The research can be found here:

SpiderLabs IDs New Banking Trojan Distributed Through WhatsApp

Learn more about your ad choices. Visit megaphone.fm/adchoices

Total defense meets total threat.

Fri, 13 Feb 2026 21:10:00 -0000

Global leaders call for collaboration at the Munich Cyber Security Conference. Phishing campaigns exploit fake video conference invitations. Italian authorities say cyber attacks on the Winter Olympics have met overall mitigation. AI reshapes the economics of ransomware attacks. CISA tags a critical Microsoft Configuration Manager vulnerability. Foxveil is a new malware loader targeting legitimate platforms. Researchers examine macOS infostealers. California fines Disney $2.75 million for violating the Consumer Privacy Act. Maria Varmazis, host of T-Minus space daily and CyberWire Producer Liz Stokes preview their coverage of the NATO Cyber Coalition 2025 Cyber Exercise in Tallinn, Estonia. When pull requests get personal.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Maria Varmazis, host of T-Minus space daily and CyberWire Producer Liz Stokes as they share their coverage of the NATO Cyber Coalition 2025 Cyber Exercise in Tallinn, Estonia.

Selected Reading

US wants cyber partnerships to send ‘coordinated, strategic message’ to adversaries (The Record)

Europe must adapt to ‘permanent’ cyber and hybrid threats, Sweden warns (The Record)

Attackers Weaponize Signed RMM Tools via Zoom, Meet, & Teams Lures (Netskope)

Winter Olympics 2026: Hacktivism Surges Ahead of Protests and Suspected Sabotage (Intel 471)

How AI is and is Not Changing Ransomware (Halcyon)

CISA flags critical Microsoft SCCM flaw as exploited in attacks (Bleeping Computer)

Foxveil malware loader abuses Discord, Cloudflare, Netlify for staging (SC Media)

AMOS infostealer targets macOS through a popular AI app (Bleeping Computer)

California fines Disney $2.75 million for data privacy violations (The Record)

An AI Agent Published a Hit Piece on Me (The Shamblog)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

AI or I-Spy?

Thu, 12 Feb 2026 21:10:00 -0000

Malicious Chrome extensions pose as AI tools. Google says nation-states are increasingly abusing its Gemini artificial intelligence tool. Data extortion group World Leaks deploys a new malware tool called RustyRocket. An Atlanta healthcare provider data breach affects over 625,000. Apple patches an iOS zero-day that’s been around since version 1.0. A government shutdown would furlough more than half of CISA’s staff. Dutch police arrest the alleged seller of the JokerOTP phishing automation service. Our guest is Simon Horswell, Senior Fraud Specialist at Entrust, discussing evolving romance scams for Valentine's Day. Fun with filters provides fuel for phishers.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Simon Horswell, Senior Fraud Specialist at Entrust, discussing evolving romance scams for Valentine's Day. If you enjoyed this conversation, tune into Hacking Humans to hear the full interview.

Selected Reading

Fake AI Chrome extensions with 300K users steal credentials, emails (Bleeping Computer)

Nation-state hackers ramping up use of Gemini for target reconnaissance, malware coding, Google says (The Record)

World Leaks Ransomware Adds Custom Malware ‘RustyRocket' to Attacks (Infosecurity Magazine)

ApolloMD Data Breach Impacts 626,000 Individuals (SecurityWeek)

Apple patches decade-old iOS zero-day exploited in the wild (The Register)

CISA: DHS Funding Lapse Would Sideline Federal Cyber Staff (Gov Infosecurity)

CISA Shares Lessons Learned from an Incident Response Engagement (CISA.gov)

Police arrest seller of JokerOTP MFA passcode capturing tool (Bleeping Computer)

What Can the AI Work Caricature Trend Teach Us About the Risks of Shadow AI? (Fortra)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

When Windows breaks and chips crack.

Wed, 11 Feb 2026 21:10:00 -0000

Patch Tuesday. Preliminary findings from the European Commission come down on TikTok. Switzerland’s military cancels its contract with Palantir. Social engineering leads to payroll fraud. Google hands over extensive personal data on a British student activist. Researchers unearth a global espionage operation called “The Shadow Campaigns.” Notepad’s newest features could lead to remote code execution. Our guest is Hazel Cerra, Resident Agent in Charge of the Atlantic City Office for the United States Secret Service. Ring says it’s all about dogs, but critics hear the whistle.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today, we’re joined by Hazel Cerra, Resident Agent in Charge of the Atlantic City Office for the United States Secret Service, as she discusses the evolution of the Secret Service’s investigative mission—from its early focus on financial crimes such as counterfeit currency and credit card fraud to the growing challenges posed by cryptocurrency-related crime.

Selected Reading

Microsoft February 2026 Patch Tuesday Fixes 58 Vulnerabilities, Six actively Exploited Flaws (Beyond Machines)

Adobe Releases February 2026 Patches for Multiple Products (Beyond Machines)

ICS Patch Tuesday: Vulnerabilities Addressed by Siemens, Schneider, Aveva, Phoenix Contact (SecurityWeek)

Chipmaker Patch Tuesday: Over 80 Vulnerabilities Addressed by Intel and AMD (SecurityWeek)

Commission preliminarily finds TikTok's addictive design in breach of the Digital Services Act (European Commission)

Palantir's Swiss Exit Highlights Global Data Sovereignty Challenge (NewsCase)

Payroll pirates conned the help desk, stole employee’s pay (The Register)

Google Fulfilled ICE Subpoena Demanding Student Journalist’s Bank and Credit Card Numbers (The Intercept)

The Shadow Campaigns: Uncovering Global Espionage (Palo Alto Networks Unit 42)

Notepad's new Markdown powers served with a side of RCE (The Register)

With Ring, American Consumers Built a Surveillance Dragnet (404 Media)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

A spyware swiss army knife.

Tue, 10 Feb 2026 21:10:00 -0000

ZeroDayRAT delivers full mobile compromise on Android and iOS. The UK warns infrastructure operators to act now as severe cyber threats mount. Russia moves to block Telegram. The FTC draws a line on data sales to foreign adversaries. Researchers unpack DeadVax, a stealthy new malware campaign, while an old-school Linux botnet resurfaces. BeyondTrust fixes a critical flaw. And in AI, are we moving too fast? One mild training prompt may be enough to knock down safety guardrails. Our guest is Omer Akgul, Researcher at RSA Conference, discussing his work on "The Case for LLM Consistency Metrics in Cybersecurity (and Beyond)." A pair of penned pentesters provoke a pricey payout.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Omer Akgul, PhD, Researcher at RSA Conference, discussing his work on "The Case for LLM Consistency Metrics in Cybersecurity (and Beyond)."

Selected Reading

New ‘ZeroDayRAT’ Spyware Kit Enables Total Compromise of iOS, Android Devices (SecurityWeek)

NCSC Issues Warning Over “Severe” Cyber-Attacks Targeting Critical National Infrastructure (Infosecurity Magazine)

Russian Watchdog Starts Limiting Access to Telegram, RBC Reports (Bloomberg)

FTC Reminds Data Brokers of Their Obligations to Comply with PADFAA (FTC)

Dead#Vax: Analyzing Multi-Stage VHD Delivery and Self-Parsing Batch Scripts to Deploy In-Memory Shellcode (secureonix)

New ‘SSHStalker’ Linux Botnet Uses Old Techniques (SecurityWeek)

BeyondTrust Patches Critical RCE Vulnerability (SecurityWeek)

Critics warn America’s 'move fast' AI strategy could cost it the global market (CyberScoop)

Microsoft boffins figured out how to break LLM safety guardrails with one simple prompt (The Register)

County pays $600,000 to pentesters it arrested for assessing courthouse security (Ars Technica)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Bringing it all together. [CISO Persepctives]

Tue, 10 Feb 2026 07:00:00 -0000

Please enjoy this encore of CISO Perspectives.

Survey:

We want to hear your perspectives on this season, fill out our audience survey before August 31st.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Your phone works for them now.

Mon, 09 Feb 2026 21:10:00 -0000

Ivanti zero-days trigger emergency warnings around the globe. Singapore blames a China-linked spy crew for hitting all four major telcos. DHS opens a privacy probe into ICE surveillance. Researchers flag a zero-click RCE lurking in LLM workflows. Ransomware knocks local government payment systems offline in Florida and Texas. Chrome extensions get nosy with your URLs. BeyondTrust scrambles to patch a critical RCE. A Polish data breach suspect is caught eight years later. It’s the Monday Business Breakdown. Ben Yelin gives us the 101 on subpoenas. And federal prosecutors say two Connecticut men bet big on fraud, and lost.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Our guest is Ben Yelin, Program Director for Public Policy & External Affairs at the University of Maryland Center for Cyber Health and Hazard Strategies, talking about weaponized administrative subpoenas.

Selected Reading

EU, Dutch government announce hacks following Ivanti zero-days (The Record)

Singapore says China-linked hackers targeted telecom providers in major spying campaign (The Record)

Inspector General Investigating Whether ICE's Surveillance Tech Breaks the Law (404 Media)

Critical 0-Click RCE Vulnerability in Claude Desktop Extensions Exposes 10,000+ Users to Remote Attacks (Cyber Security News)

Payment tech provider for Texas, Florida governments working with FBI to resolve ransomware attack (The Record)

Chrome extensions can use unfixable time-channel to leak tab URLs (CyberInsider)

BeyondTrust warns of critical RCE flaw in remote support software (Bleeping Computer)

Hacker Poland’s largest data leaks arrested (TVP World)

LevelBlue will acquire MDR provider Alert Logic from Fortra. (N2K Pro Business Briefing)

Men charged in FanDuel scheme fueled by thousands of stolen identities (Bleeping Computer)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Simone Petrella: Fake it, until you make it. [CEO] [Career Notes]

Sun, 08 Feb 2026 08:00:00 -0000

Simone Petrella, CEO of cybersecurity training workforce firm CyberVista, spent her career in the Department of Defense as a threat intelligence analyst before founding CyberVista. She says that running a company has a new set of challenges each day thrown at you. She explains that the way she finds the most success is by letting her team contribute to each matter, and having a say in the decisions made as they pertain to each department. Simone says "I would say is I am a firm firm believer in the idea of empowering people to really own and kind of run with the things that they're passionate about." She notes that people will do amazing things when they are passionate and that faking it until you make it is true, because you will get where you're going by having that passion and that inspiration. We thank Simone for sharing her story.

Learn more about your ad choices. Visit megaphone.fm/adchoices

The phishing kit that thinks like a human. [Research Saturday]

Sat, 07 Feb 2026 08:00:00 -0000

Piotr Wojtyla, Head of Threat Intel and Platform at Abnormal AI, is discussing their work on "InboxPrime AI: New Phishing Kit Fueling Scalable, AI-Powered Cybercrime." A new AI-powered phishing kit called InboxPrime AI is rapidly gaining traction in underground forums, automating the creation and delivery of highly believable phishing emails that mimic legitimate business communications and leverage Gmail’s web interface to evade detection.

First spotted in October 2025, the kit combines AI-generated content, template variation, sender identity spoofing, and built-in spam checks to maximize inbox placement and dramatically lower the barrier to running large-scale phishing campaigns. Its shift to a one-time $1,000 purchase and growing user base underscore the industrialization of phishing and highlight how quickly AI-driven attack tools are outpacing legacy email defenses.

The research can be found here:

⁠⁠⁠InboxPrime AI: New Phishing Kit Fueling Scalable, AI-Powered Cybercrime

Learn more about your ad choices. Visit megaphone.fm/adchoices

Patch or pull the plug.

Fri, 06 Feb 2026 21:10:00 -0000

CISA cracks down on aging edge devices. Congress looks to sure up energy sector security. DHS facial recognition software may fall short. Romania’s national oil pipeline operator suffers a cyberattack. The European Commission may fine TikTok for being addictive. DKnife is a China-linked threat actor operating a long-running adversary-in-the-middle framework. Researchers say OpenClaw is being abused at scale. Our guest is Mike Carr, Field CTO at Xona, talking about how Italy should be thinking about protecting the 2026 Winter Olympics. A BASE jumper attempts a daring AI alibi.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Mike Carr, Field CTO at Xona, talking about how Italy should be thinking about protecting the 2026 Winter Olympics.

Selected Reading

CISA: Remove EOL edge kit before cybercriminals strike (The Register)

5 Bills to Boost Energy Sector Cyber Defenses Clear House Panel (SecurityWeek)

ICE and CBP’s Face-Recognition App Can’t Actually Verify Who People Are (WIRED)

Romania’s oil pipeline operator confirms cyberattack as hackers claim data theft (The Record)

Flickr discloses potential data breach exposing users' names, emails (Bleeping Computer)

17% of 3rd-Party Add-Ons for OpenClaw Used in Crypto Theft and macOS Malware (Hackread)

EU says TikTok faces large fine over "addictive design" (Bleeping Computer)

'DKnife' Implant Used by Chinese Threat Actor for Adversary-in-the-Middle Attacks (SecurityWeek)

All gas, no brakes: Time to come to AI church (Talos Intelligence)

Man who videotaped himself BASE jumping in Yosemite arrested, federal officials say. He says it was AI (LA Times)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

The quietest weapon in America’s loudest strike.

Thu, 05 Feb 2026 21:20:00 -0000

Cyber weapons knock out Iranian air defenses during strikes on nuclear sites. ShinyHunters dump more than a million stolen records from Harvard and Penn. Betterment confirms a breach exposing data from roughly 1.4 million accounts. Researchers uncover a sprawling scam network impersonating law firms. Italy blocks cyberattacks aimed at Olympics infrastructure. Critical bugs put n8n and Google Looker servers at risk of full takeover. A state-backed Shadow Campaign hits governments worldwide. OpenClaw shows how AI-powered attacks are becoming faster, cheaper, and harder to stop. Our guest is Tony Scott, CEO of Intrusion and former federal CIO, sharing his perspective on evolving regulation and the realities behind critical policy shifts. Your smartphone may testify against you.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Our guest today comes as a segment from our Caveat podcast. Tony Scott, CEO of Intrusion and former federal CIO, joins Dave Bittner to share his perspective on evolving regulation and the realities behind critical policy shifts. You can listen to Tony and Dave’s full conversation on this week’s episode of Caveat, and catch new episodes of Caveat every Thursday on your favorite podcast app.

Selected Reading

Exclusive: US used cyber weapons to disrupt Iranian air defenses during 2025 strikes (The Record)

Personal data stolen during Harvard and UPenn data breaches leaked online - over a million details, including emails, home addresses and more, all published (TechRadar)

Data breach at fintech firm Betterment exposes 1.4 million accounts (Bleeping Computer)

Researchers Expose Network of 150 Cloned Law Firm Websites in AI-Powered Scam Campaign (SecurityWeek)

Italy Averted Russian-Linked Cyberattacks Targeting Winter Olympics Websites, Foreign Minister Says (SecurityWeek)

n8n security woes roll on as new critical flaws bypass December fix (The Register)

LookOut: Discovering RCE and Internal Access on Looker (Google Cloud & On-Prem) (Tenable)

Cyberspy Group Hacked Governments and Critical Infrastructure in 37 Countries (SecurityWeek)

The Rise of OpenClaw (SECURITY.COM)

Smartphones Now Involved in Nearly Every Police Investigation (Infosecurity Magazine)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

A softer touch on cyber.

Wed, 04 Feb 2026 21:10:00 -0000

The White House preps a major overhaul of U.S. cybersecurity policy. A key Commerce security office loses staff as regulatory guardrails weaken. Lawmakers Press AT&T and Verizon after months of silence on Salt Typhoon. A vulnerability in the React Native Metro development server is under active exploitation. Amaranth Dragon leverages a WinRAR flaw. A coordinated reconnaissance campaign targets Citrix NetScaler infrastructure. CISA warns a SolarWinds Web Help Desk flaw is under active exploitation. Zach Edwards, Senior Threat Researcher at Silent Push, is discussing a hole in the kill chain leaving law enforcement empty-handed. Cops in Northern Ireland get an unwanted data breach encore.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Zach Edwards, Senior Threat Researcher at Silent Push, discussing a hole in the kill chain leaving law enforcement empty-handed. You can read more from Zach’s team here.

Selected Reading

White House Cyber Director Charts New Course for Digital Defense Through Private Sector Partnership (Web Pro News)

Another Misstep in U.S.-China Tech Security Policy (Lawfare)

Cantwell claims telecoms blocked release of Salt Typhoon report (Cyberscoop)

Hackers exploit critical React Native Metro bug to breach dev systems (Bleeping Computer)

New Amaranth Dragon cyberespionage group exploits WinRAR flaw (Bleeping Computer)

Wave of Citrix NetScaler scans use thousands of residential proxies (Bleeping Computer)

Fresh SolarWinds Vulnerability Exploited in Attacks (SecurityWeek)

‘It defies belief’: Names of PSNI officers published on court website in new breach (Belfast Telegraph)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

The algorithm gets questioned.

Tue, 03 Feb 2026 21:10:00 -0000

French police raid X’s Paris offices. The Feds take over $400 million from a dark web cryptocurrency mixer. The NSA says zero-trust goes beyond authentication. Researchers warn of a multi-stage phishing campaign targeting Dropbox credentials. A new GlassWorn campaign targets macOS developers. Critical zero-day vulnerabilities in Ivanti Endpoint Manager Mobile are under active exploitation. Researchers disclose a major data exposure on Moltbook, a social network built for AI agents. States bridge the gaps in election security. Nitrogen ransomware has a fatal flaw that permanently destroys data. Supersize your passwords — you want fries with that?

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

Threat Vector

Aaron Isaksen leads AI Research and Engineering at Palo Alto Networks, where he advances state-of-the-art AI in cybersecurity while overseeing Cortex Xpanse's teams automating attack surface management across some of the world's largest networks. In this episode of Threat Vector, host David Moulton sits down with Dr. Aaron Isaksen to explore why engineering excellence must precede ethical AI debates, how adversarial AI is reshaping cybersecurity, and what it actually takes to build AI systems resilient enough to operate in hostile environments.

Selected Reading

French cops raid X's Paris office in algorithmic bias probe (The Register)

US seizes over $400 million in assets from dark web money laundering operation Helix (SC Media)

NSA Tells Feds: Zero Trust Must Go Beyond Login (GovInfo Security)

New Password-Stealing Phishing Campaign Targets Corporate Dropbox Credentials (Infosecurity Magazine)

New GlassWorm attack targets macOS via compromised OpenVSX extensions (Bleeping Computer)

Ivanti Issues Urgent Fix for Critical Zero-Day Flaws Under Active Attack (Hackread)

Vibe-Coded Moltbook Exposes User Data, API Keys and More (Infosecurity Magazine)

As feds pull back, states look inward for election security support (CyberScoop)

Nitrogen Ransomware: ESXi malware has a bug! (Coveware)

McDonald's is not lovin' your bigmac, happymeal, and mcnuggets passwords (The Register)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Mid season reflection with Kim Jones. [CISO Perspectives]

Tue, 03 Feb 2026 07:00:00 -0000

Please enjoy this encore of CISO Perspectives.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Wind and solar take a cyber hit.

Mon, 02 Feb 2026 21:10:00 -0000

Poland says weak security left parts of its power grid exposed. A Russian-linked hacker alliance threatens Denmark with a promised cyber offensive. Fancy Bear moves fast on a new Microsoft Office flaw, hitting Ukrainian and EU targets. Researchers find a sprawling supply chain attack buried in the ClawdBot AI ecosystem. A new report looks at how threats are shaping the work of journalists and security researchers. A stealthy Windows malware campaign blends Pulsar RAT with Stealerv37. A former Google engineer is convicted of stealing AI trade secrets for China. The latest cybersecurity funding and deal news. On our Afternoon Cyber Tea segment, Microsoft’s Ann Johnson chats with Dr. Lorrie Cranor from Carnegie Mellon about security design. The AI dinosaur that knew too much.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

Afternoon Cyber Tea

Dr. Lorrie Cranor⁠, Director of the CyLab Security and Privacy Institute at Carnegie Mellon University joins Ann Johnson, Corporate Vice President, Microsoft, on this month's segment of Afternoon Cyber Tea to discuss the critical gap between security design and real-world usability. They explore why security tools often fail users, the ongoing challenges with passwords and password less authentication, and how privacy expectations have evolved in an era of constant data collection. You can listen to Ann and Lorrie's full conversation here, and catch new episodes Afternoon Cyber Tea every other Tuesday on your favorite podcast app.

Selected Reading

Russian hackers breached Polish power grid thanks to bad security, report says (TechCrunch)

Newly Established Russian Hacker Alliance Threatens Denmark (Truesec)

Fancy Bear Exploits Microsoft Office Flaw in Ukraine, EU Cyber-Attacks (Infosecurity Magazine)

Notepad++ Hijacked by State-Sponsored Hackers (Notepad++)

ClawdBot Skills Just Ganked Your Crypto (OpenSource Malware Blog)

Under Pressure: Exploring the effect of legal and criminal threats on security researchers and journalists (DataBreaches.Net)

Windows Malware Uses Pulsar RAT for Live Chats While Stealing Data (Hackread)

U.S. convicts ex-Google engineer for sending AI tech data to China (Bleeping Computer)

Upwind secures $250 million in a Series B round. (N2K Pro Business Briefing)

Don't Buy Internet-Connected Toys For Your Kids (Blackout VPN)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Richard Melick: Finding the right pattern to solve the problem. [Threat reporting] [Career Notes]

Sun, 01 Feb 2026 08:00:00 -0000

Please enjoy this encore of Career Notes.

Richard Melick, Director of Threat Reporting for Zimperium, talks about his journey, from working in the military to moving up to the big screens. He shares that he's been in the business of solving unique cybersecurity problems for so long that he has found his own path that works very well for him. He says, "if I go to a unique problem and try to solve it, I find that I'm solving it the same way that I would've solved it five years ago, because I found my pattern." Richard reflects on his time working in the industry, from moving away from the military and into different roles over the years. He notes that giving credit where credit is due, to those who deserve it, is how you keep the audience engaged as a storyteller. We thank Richard for sharing his story.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Leaky chats collide with shifting security standards.

Fri, 30 Jan 2026 20:50:00 -0000

A popular chatbot exposes millions of private user messages. The White House rescinds Biden-era federal software security guidance. A senior Secret Service official urges more scrutiny of domain registration. The President’s NSA pick champions section 702. France looks to reduce reliance on U.S. digital infrastructure. CISA shares guidance on insider threats. Hugging Face infrastructure was abused to distribute an Android RAT. Ivanti discloses a pair of critical zero-days. Popular dating sites suffer a data breach. Our guest is Tim Starks from CyberScoop, discussing how the US looks to push its view of AI cybersecurity standards to the rest of the world. The Nobel Committee blames hackers for a spoiler alert.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Our guest is Tim Starks from CyberScoop discussing how the US looks to push its view of AI cybersecurity standards to the rest of the world. You can read Tim’s coverage here.

Selected Reading

Massive AI Chat App Leaked Millions of Users Private Conversations (404 Media)

White House Scraps 'Burdensome' Software Security Rules (SecurityWeek)

The 'staggering' cybersecurity weakness that isn't getting enough focus, according to a top Secret Service official (CyberScoop)

NSA pick champions foreign spying law as nomination advances (The Record)

French Government To Replace Zoom and Teams With Visio, a Local Alternative (The New York Times)

CISA Urges Critical Infrastructure Organizations to Take Action Against Insider Threats (HSToday)

Hugging Face Abused to Deploy Android RAT (SecurityWeek)

Ivanti warns of two EPMM flaws exploited in zero-day attacks (Bleeping Computer)

Match Group breach exposes data from Hinge, Tinder, OkCupid, and Match (Bleeping Computer)

Nobel Hacking Likely Leaked Peace Prize Winner Name, Probe Finds (Bloomberg)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Proxy wars and open doors.

Thu, 29 Jan 2026 20:50:00 -0000

Google dismantles a huge residential proxy network. Did the FBI take down the notorious RAMP cybercrime forum? A long running North Korea backed cyber operation has splintered into three specialized threat groups. U.S. military cyber operators carried out a covert operation to disrupt Russian troll networks ahead of the 2024 elections. Phishing campaigns target journalists using the Signal app. SolarWinds patches vulnerabilities in its Web Help Desk product. Amazon found CSAM in its AI training data. Initial access brokers switch up their preferred bot. China executes scam center kingpins. Our guest is Tom Pace, CEO of NetRise, explaining how open-source vulnerabilities are opening doors for nation-states. An unsecured webcam peers into Pyongyang.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today, Tom Pace, former DOE cyber analyst and CEO of NetRise, joins the show to explain how open-source vulnerabilities are opening doors for nation-states and why visibility into who maintains code repositories matters.

Selected Reading

Google Disrupted World’s Largest IPIDEA Residential Proxy Network (Cyber Security News)

Notorious Russia-based RAMP cybercrime forum apparently seized by FBI (The Record)

Long-running North Korea threat group splits into 3 distinct operations (CyberScoop)

Secret US cyber operations shielded 2024 election from foreign trolls, but now the Trump admin has gutted protections (CNN Politics)

Phishing attack: Numerous journalists targeted in attack via Signal Messenger (Netzpolitik.org)

Signal president warns AI agents are making encryption irrelevant (Cyber Insider)

SolarWinds Patches Critical Web Help Desk Vulnerabilities (SecurityWeek)

Amazon Found ‘High Volume’ Of Child Sex Abuse Material in AI Training Data (Bloomberg)

Initial access hackers switch to Tsundere Bot for ransomware attacks (Bleeping Computer)

China Executes 11 People Linked to Cyberscam Centers in Myanmar (Bloomberg)

North Korean Hackers' Daily Life Leaked in Video (The Chosun)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

When the Director uses the wrong chat window.

Wed, 28 Jan 2026 20:50:00 -0000

CISA’s interim director uploaded sensitive government material into the public version of ChatGPT. The cyberattack on Poland’s power grid compromised roughly 30 energy facilities. The EU and India sign a new partnership that includes expanded cyber cooperation. Meta rolls out enhanced WhatsApp security features. Researchers uncover a campaign targeting LLM service endpoints. Fortinet and OpenSSL patch multiple vulnerabilities. A high-severity WinRAR vulnerability continues to see widespread exploitation six months after it was patched. The SoundCloud data breach affected nearly 30 million users. Ben Yelin explains the California lawsuit accusing social media platforms of harming kids. A Spanish resort town gets hit with low-rent ransomware.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today, Dave is joined by his Caveat co-host Ben Yelin, Program Director for Public Policy & External Affairs at the University of Maryland Center for Cyber Health and Hazard Strategies, to discuss the upcoming trial where Meta and YouTube will make their case against accusations of social media being harmful to children. You can learn more here.

T-Minus Guest Host

Our T-Minus Space Daily podcast team is in Orlando, FL this week covering Commercial Space Week. Yesterday while the crew was on travel making their way to the event, Dave Bittner took his first spin behind the mic on T-Minus. Tune in and let us know how Dave did!

You can follow along with host Maria Varmazis and producers Alice Carruth and Liz Stokes for event coverage via our LinkedIn profile.

Selected Reading

Trump’s acting cyber chief uploaded sensitive files into a public version of ChatGPT (POLITICO)

Cyberattack on Poland’s power grid hit around 30 energy facilities, new report says (The Record)

Europe/India • Indian 'hackers for hire' to continue to thrive under Brussels-New Dehli trade deal (Intelligence Online)

New WhatsApp lockdown feature protects high-risk users from hackers (Bleeping Computer)

Hackers hijack exposed LLM endpoints in Bizarre Bazaar operation (Bleeping Computer)

Fortinet Patches Exploited FortiCloud SSO Authentication Bypass (SecurityWeek)

High-Severity Remote Code Execution Vulnerability Patched in OpenSSL (SecurityWeek)

Cybercriminals and nation-state groups are exploiting a six-month old WinRAR defect (CyberScoop)

SoundCloud breach added to HIBP, 29.8 million accounts exposed (CyberInsider)

Spanish municipality Sanxenxo City Council calls hackers bluff as malware takes over network (Cryptopolitan)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

“The hackers made me do it,” or did they?

Tue, 27 Jan 2026 20:50:00 -0000

Microsoft rushes an emergency fix for an actively exploited Office zero-day. A suspected cyberattack halts rail service in Spain. The FBI probes Signal chats in Minnesota. The UK moves to overhaul policing for the cyber age. Romania investigates a hitman-for-hire site. A UK court awards $4.1 million in a Saudi spyware case. Google agrees to a voice assistant settlement. CISA maps post-quantum crypto readiness. Prosecutors charge an Illinois man over a Snapchat hacking scheme targeting hundreds of women. Our guest today is Cynthia Kaiser, SVP of the Ransomware Research Center at Halcyon, sharing some insight into the AI and quantum threats to cybersecurity and the national cyber strategy. A Best Buy guy tries a creative alibi.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Our guest today is Cynthia Kaiser, SVP of the Ransomware Research Center at Halcyon, sharing some insight into the AI and quantum threats to cybersecurity and the national cyber strategy.

Selected Reading

Microsoft Issues Emergency Patch for Actively Exploited Office Zero-Day (Beyond Machines)

Catalonia travel chaos: thousands stranded as suspected cyber attack disrupts rail network (The Olive Press)

FBI is investigating Minnesota Signal groups tracking ICE, Patel says (NBC News)

UK plans sweeping overhaul of policing amid surge in online crimes (The Record)

Romania probes two suspects over alleged hitman-for-hire website (The Record)

Judge awards British critic of Saudis $4.1 million, finds the regime hacked his devices (The Record)

Google to pay $68 million over allegations its voice assistant eavesdropped on users (CBS News)

CISA releases technology readiness list for post-quantum cryptography (CSO Online)

Illinois man charged with hacking Snapchat accounts to steal nude photos (Bleeping Computer)

Savannah BSavannah Best Buy employee says 'hacker group' blackmailed him into theft ring scheme (WJCL 22)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

How do you gain “experience” in cyber without a job in cyber? [CISO Persepctives]

Tue, 27 Jan 2026 07:00:00 -0000

Please enjoy this encore of CISO Perspectives.

We're sharing a episode from another N2K show we thought you might like. It's the third episode of the new season of the show CISO Perspectives with Kim Jones. Enjoy!

Show Notes:

While the cybersecurity industry has expanded and grown in recent years, newcomers still struggle to gain relevant "experience" before officially beginning their cyber careers. In this episode of CISO Perspectives, host Kim Jones sits down with Kathleen Smith, the Chief Outreach Officer at clearedjobs.net and the co-host of Security Cleared Jobs: Who’s Hiring & How, to discuss this dilemma and what new entrants can do to account for these difficulties. Throughout the conversation, Kathleen and Kim will discuss the challenges associated with entry-level cyber positions, how to gain meaningful experience, and how the industry as a whole contributes to this problem.

Want more CISO Perspectives?:

Check out a companion ⁠blog post⁠ by our very own Ethan Cook, where he breaks down key insights, shares behind-the-scenes context, and highlights research that complements this episode. It’s the perfect follow-up if you’re curious about the cyber talent crunch and how we can reshape the ecosystem for future professionals.

Learn more about your ad choices. Visit megaphone.fm/adchoices

When encryption meets enforcement.

Mon, 26 Jan 2026 20:50:00 -0000

Microsoft granted the FBI access to laptops encrypted with BitLocker. The EU opens an investigation into Grok’s creation of sexually explicit images. Glimmers of access pierce Iran’s internet blackout. Koi Security warns npm fixes fall short against PackageGate exploits. Some Windows 11 devices fail to boot after installing the January Patch Tuesday updates. CISA warns of active exploitation of multiple vulnerabilities across widely used enterprise and developer software. ESET researchers have attributed the cyberattack on Poland’s energy sector to Russia’s Sandworm. This week's business breakdown. Brandon Karpf joins us to talk space and cyber. CISA sits out RSAC.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Our guest today is cybersecurity executive and friend of the show Brandon Karpf with Dave Bittner and T-Minus Space Daily host Maria Varmazis, for our monthly space and cyber segment. Brandon, Maria and Dave discuss “No more free rides: it’s time to pay for space safety.”

Selected Reading

FBI Accessed Windows Laptops After Microsoft Shared BitLocker Recovery Keys (Hackread)

European Commission opens new investigation into X's Grok (The Register)

Amid Two-Week Internet Blackout, Some Iranians Are Getting Back Online (New York Times)

Hackers can bypass npm’s Shai-Hulud defenses via Git dependencies (Bleeping Computer)

Microsoft investigates Windows 11 boot failures after January updates (Bleeping Computer)

CISA says critical VMware RCE flaw now actively exploited (Bleeping Computer)

CISA confirms active exploitation of four enterprise software bugs (Bleeping Computer)

ESET Research: Sandworm behind cyberattack on Poland’s power grid in late 2025 (ESET)

Aikido secures $60 million in Series B funding. (N2K Pro Business Briefing)

CISA won't attend infosec industry's biggest conference (The Register)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Lauren Van Wazer: You have to be your own North Star. [CISSP] [Career Notes]

Sun, 25 Jan 2026 08:00:00 -0000

Please enjoy this encore of Career Notes.

Lauren Van Wazer, Vice President, Global Public Policy and Regulatory Affairs for Akamai Technologies, shares her story as she followed her own North Star and landed where she is today. She describes her career path, highlighting how she went from working at AT&T to being able to work in the White House. She shares how she is a coach and a leader to the team she works with now, saying "my view is I've got their back, if they make a mistake, it's my mistake, and if they do well, they've done well." Lauren hopes she's made an impact in the world by making it a little bit better than before, and discusses how she doesn't let anyone stop her from her goals. Lauren shares her outlook on her experiences, calling attention to different roles in her life that made her journey all the better. We thank Lauren for sharing.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Caught in the funnel. [Research Saturday]

Sat, 24 Jan 2026 08:00:00 -0000

Today we have Andrew Northern, Principal Security Researcher at Censys, discussing "From Evasion to Evidence: Exploiting the Funneling Behavior of Injects". This research explains how modern web malware campaigns use multi-stage JavaScript injections, redirects, and fake CAPTCHAs to selectively deliver payloads and evade detection.

It shows that these attack chains rely on stable redirect and traffic-distribution chokepoints that can be monitored at scale. Using the SmartApe campaign as a case study, the report demonstrates how defenders can turn those chokepoints into high-confidence detection and tracking opportunities.

The research can be found here:

From Evasion to Evidence: Exploiting the Funneling Behavior of Injects

Learn more about your ad choices. Visit megaphone.fm/adchoices

TikTok lives to scroll another day.

Fri, 23 Jan 2026 21:10:00 -0000

At long last, a TikTok deal. Officials urge lawmakers to keep an eye on the quantum ball. Fortinet confirms active exploitation of a critical authentication bypass flaw. Ireland plans to authorize spyware for law enforcement. Okta warns customers of sophisticated vishing kits. Under Armour investigates data breach claims. CISA adds a Zimbra Collaboration Suite flaw to the known exploited vulnerabilities list. Poor OpSec enables recovery of data stolen by the INC ransomware gang. The DOJ deports a pair of Venezuelans convicted of ATM jackpotting. Our guest is Chris Nyhuis, Founder and CEO of Vigilant, sharing practical steps to protect money, identity, and devices. Curl pulls the plug on bug bounties after drowning in AI slop.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Chris Nyhuis, Founder and CEO of Vigilant, sharing "practical steps consumers can take in 2026 to protect their money, identity, and devices."

Selected Reading

TikTok Strikes Deal to Create New U.S. Entity and Loosen App’s Ties to China (New York Times)

US Officials Urge Congress to Reauthorize Key Quantum Law (BankInfo Security)

Fortinet confirms critical FortiCloud auth bypass not fully patched (Bleeping Computer)

Ireland plans law allowing law enforcement to use spyware (The Record)

Okta SSO accounts targeted in vishing-based data theft attacks (Bleeping Computer)

Under Armour Investigates Data Breach (Infosecurity Magazine)

Organizations Warned of Exploited Zimbra Collaboration Vulnerability (SecurityWeek)

INC ransomware opsec fail allowed data recovery for 12 US orgs (Bleeping Computer)

2 Venezuelans Convicted in US for Using Malware to Hack ATMs (SecurityWeek)

Curl ending bug bounty program after flood of AI slop reports (Bleeping Computer)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Stabilized but smaller.

Thu, 22 Jan 2026 21:10:00 -0000

CISA’s acting director assures Congress the agency has “stabilized”. Google and Cisco patch critical vulnerabilities. Fortinet firewalls are being hit by automated attacks that create rogue accounts. A global spam campaign leverages unsecured Zendesk support systems. LastPass warns of attempted account takeovers. Greek authorities make arrests in a sophisticated fake cell tower scam. Executives at Davos express concerns over AI. Pwn2Own Automotive proves profitable. Our guest is Kaushik Devireddy, AI data scientist at Fable Security, with insights on a fake ChatGPT installer. New password, same as the old password.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Kaushik Devireddy, AI data scientist at Fable Security, discussing their work on "How a fake ChatGPT installer tried to steal my password".

Selected Reading

CISA Is 'Trying to Get Back on Its Mission' After Trump Cuts (CISA)

Google Patches High-Severity V8 Race Condition in Chrome 144 published: today (Beyond Machines)

Cisco Patches Actively Exploited Flaw in Unified Communications Products (Beyond Machines)

Hackers breach Fortinet FortiGate devices, steal firewall configs (Bleeping Computer)

Zendesk ticket systems hijacked in massive global spam wave (Bleeping Computer)

LastPass Warns of Phishing Campaign Attempting to Steal Master Passwords (Infosecurity Magazine)

Greek Police Arrest Scammers in Athens Using Fake Cell Tower for SMS Phishing Operation (TechNadu)

Execs at Davos say AI's biggest problem isn't hype — it's security (Business Insider)

Hackers exploit 29 zero-days on second day of Pwn2Own Automotive (Bleeping Computer)

Analysis of 6 Billion Passwords Shows Stagnant User Behavior (SecurityWeek)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

DOGE and the data trail.

Wed, 21 Jan 2026 21:10:00 -0000

DOGE staff face scrutiny over possible Hatch Act violations. GitLab fixes a serious 2FA bypass. North Korean hackers target macOS developers through Visual Studio Code. Researchers say the VoidLink malware may be largely AI-built. MITRE rolls out a new embedded systems threat matrix. Oracle drops a massive patch update. Minnesota DHS reports a breach affecting 300,000 people. Germany looks to Israel for cyber defense lessons. A major illicit marketplace goes dark. Our guest is Ashley Jess, Senior Intelligence Analyst from Intel 471, with a “crash course” on underground cyber markets. And auditors emerge as an unlikely line of cyber defense.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we have Ashley Jess, Senior Intelligence Analyst from Intel 471, sharing a “crash course” on how underground cyber markets and emerging trends.

Selected Reading

Trump administration concedes DOGE team may have misused Social Security data (POLITICO)

GitLab warns of high-severity 2FA bypass, denial-of-service flaws (Bleeping Computer)

North Korean Hackers Target macOS Developers via Malicious VS Code Projects (SecurityWeek)

Voidlink Linux Malware Was Built Using an AI Agent, Researchers Reveal (Infosecurity Magazine)

MITRE Launches New Security Framework for Embedded Systems (SecurityWeek)

Oracle's First 2026 CPU Delivers 337 New Security Patches (SecurityWeek)

Minnesota Agency Notifies 304,000 of Vendor Breach (GovInfo Security)

Germany and Israel Pledge Cybersecurity Alliance (BankInfo Security)

$12B Scam Market Tudou Guarantee Shuts Down (GovInfo Security)

Research reveals a surprising line of defence against cyber attacks: accountants (The Conversation)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Million-dollar hacks and a manhunt.

Tue, 20 Jan 2026 21:30:00 -0000

Authorities pursue Black Basta. British authorities launch a new national service to fight fraud and cybercrime. LinkedIn private messages get infected with RATs. Researchers uncover a new malicious extension that intentionally crashes the browser. Ingram Micro discloses a ransomware-related data breach. A Jordanian man pleads guilty to selling stolen access to corporate networks. Business Breakdown. Tim Starks from CyberScoop discusses Sean Plankey's renomination to lead CISA. Grave oversight in the funeral biz.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Tim Starks from CyberScoop as he is discussing Sean Plankey's renomination to lead CISA. You can use Tim’s take on it here.

Selected Reading

Police raid homes of alleged Black Basta hackers, hunt suspected Russian ringleader (The Record)

UK launches landmark 'Report Fraud' service to tackle cybercrime and fraud (The Record)

Linkedin Phishing Campaign Exploits Open-Source Pen Testing Tool to Compromise Business Execs (Infosecurity Magazine)

Fake ad blocker extension crashes the browser for ClickFix attacks (Bleeping Computer)

Ingram Micro reveals ransomware attack hit 42,000 people - here's how to find out more (TechRadar)

Jordanian Man Pleads Fake ad blocker extension crashes the browser for ClickFix attacks Guilty to Selling Stolen Logins for 50 Companies (Hackread)

CrowdStrike agrees to acquire SGNL for $740 million and Seraphic for $420 million. (N2K Pro)

Exclusive: Funeral Industry Faces Security Gaps as Top Firms Lack Key Certifications (The Chosun Daily)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Are we a trade or a profession? [CISO Perspectives]

Tue, 20 Jan 2026 07:00:00 -0000

Please enjoy this encore of CISO Perspectives.

We're sharing a episode from another N2K show we thought you might like. It's the second episode of the new season of the show CISO Perspectives with Kim Jones. Enjoy!

Show Notes:

Cybersecurity has an identity problem where the industry as a whole is struggling to determine whether it is a trade or a profession. In this episode of CISO Perspectives, host Kim Jones sits down with Larry Whiteside Jr., the Chief Advisory Officer for The CISO Society, to discuss this identity crisis and how the industry as a whole connects to both of these labels. Throughout the conversation, Larry and Kim will discuss the merits and drawbacks of both labels and how cybersecurity does not solely fall into one category or the other.

Want more CISO Perspectives?:

Check out a companion blog post by our very own Ethan Cook, where he breaks down key insights, shares behind-the-scenes context, and highlights research that complements this episode. It’s the perfect follow-up if you’re curious about the cyber talent crunch and how we can reshape the ecosystem for future professionals.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Investing in the security tech market with NightDragon. [T-Minus Space Daily Special Edition]

Mon, 19 Jan 2026 09:00:00 -0000

While our team is away from the mic observing the Martin Luther King, Jr. holiday in the United States, we share this thoughtful discussion from our T-Minus Space Daily team.

Signals Intelligence (SIGINT) is the practice of intercepting and analyzing electronic signals, like phone calls, emails, radar, and telemetry, to gather actionable intelligence for national security, defense, and military operations. It’s primarily conducted by agencies like NSA, but over the last decade many companies in the commercial sector have grown in this vital area of national defense, especially in space. Our guest is Dave DeWalt, CEO of NightDragon, who shared why his firm is investing in tech and space. Dave joins T-Minus Space Daily host Maria Varmazis for this special edition podcast.

You can connect with Dave on LinkedIn, and learn more about NightDragon on their website.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Be sure to follow T-Minus on LinkedIn and Instagram.

Share your feedback.

What do you think about T-Minus Space Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at space@n2k.com to request more info.

Want to join us for an interview?

Please send your pitch to space-editor@n2k.com and include your name, affiliation, and topic proposal.

T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Pentesting at the speed of thought. [CyberWire-X]

Mon, 19 Jan 2026 06:00:00 -0000

While our team is observing the Martin Luther King, Jr. holiday in the United States, please enjoy this CyberWire-X episode featuring the team from Horizon3.ai.

In this CyberWire-X episode, Dave Bittner speaks with Horizon3.ai co-founder and CEO Snehal Antani about how continuous autonomous penetration testing is reshaping security resilience. Antani reflects on his journey from CIO to DoD operator, where he learned that the hardest part of security isn’t patching — it’s prioritizing what matters and proving defenses work before attackers do. He explains why vulnerability scans fall short, how “AI hackers” simulate adversary behavior at machine speed, and why organizations must shift from compliance thinking to attacker-centric validation. Antani shares real-world findings, warns of 77-second domain compromise, and predicts a future of AI fighting AI, with humans by exception.

Resources:

Whitepaper: NodeZero® for Pentesters and Red Teams
Whitepaper: Traditional vs. Autonomous: Why NodeZero® is the Future of Cyber Risk Assessments

Learn more about your ad choices. Visit megaphone.fm/adchoices

Deepen Desai: A doctor in computer viruses. [CISO] [Career Notes]

Sun, 18 Jan 2026 08:00:00 -0000

Please enjoy this encore of Career Notes.

Deepen Desai, Global Chief Information Security Officer at Zscaler, shares his story as a doctor that treats computer viruses. He describes how he got into the security field and his work with Zscaler. He says what it's like learning and growing in this field and shares great advice for people who are up and coming in the field. Deepen describes working with an incredible team and how much joy it brings him to see his team learning and growing beyond their roles working with him. He says he want's to be remembered as a mentor among his colleagues. He says "I still remember my first team that I built, 15 years ago. Most of those guys are leading key technologies at many of the major security vendors, and some of them are still with me." We thank Deepen for sharing his story.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Picture perfect deception. [Research Saturday]

Sat, 17 Jan 2026 08:00:00 -0000

Today we are joined by Ben Folland, Security Operations Analyst from Huntress, discussing their work on "ClickFix Gets Creative: Malware Buried in Images." This analysis covers a ClickFix campaign that uses fake human verification checks and a realistic Windows Update screen to trick users into manually running malicious commands.

The multi-stage attack chain leverages mshta.exe, PowerShell, and .NET loaders, ultimately delivering infostealers like LummaC2 and Rhadamanthys, with payloads hidden inside PNG images using steganography. While technically sophisticated, the campaign hinges on simple user interaction, underscoring the importance of user awareness and controls around command execution.

The research can be found here:

ClickFix Gets Creative: Malware Buried in Images

Learn more about your ad choices. Visit megaphone.fm/adchoices

Who turned out the lights?

Fri, 16 Jan 2026 21:40:00 -0000

Who turned out the lights in Venezuela? The European Space Agency confirms a series of cyberattacks. Dutch police nab the alleged operator of a notorious malware testing service. The U.S. and allies issue new guidance on OT security. Researchers warn of automated exploitation of a critical Hewlett-Packard Enterprise OneView flaw. TamperedChef cooks up trojanized PDF documents to deliver backdoor malware. A bluetooth vulnerability puts devices at risk. Cisco patches a maximum-severity zero-day exploited since November. Jen Easterly heads up RSAC. Our guest is Zak Kassas from Ohio State University, discussing GPS alternatives. Vintage phones face modern problems.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today Maria Varmazis from T-Minus pace sits down with Zak Kassas from the Ohio State University to discuss the study “Navigating the Arctic Circle with Starlink and OneWeb LEO Satellites”.This conversation is a preview of tomorrow’s Deep Space episode from T-Minus Space Daily.

Selected Reading

Cyberattack in Venezuela Demonstrated Precision of U.S. Capabilities (The New York Times)

Sensitive European Space Agency Data Leaked to the Dark Web by String of Cyberattacks (IBTimes UK)

Operation Endgame: Dutch Police Arrest Alleged AVCheck Operator (Hackread)

CISA, Allies Sound Alarm on OT Network Exposure (GovInfo Security)

RondoDox botnet exploits critical HPE OneView bug (The Register)

TamperedChef Malvertising Campaign Drops Malware via Fake PDF Manuals (Infosecurity Magazine)

WhisperPair Attack Leaves Millions of Bluetooth Accessories Open to Hijacking (SecurityWeek)

Cisco finally fixes AsyncOS zero-day exploited since November (Bleeping Computer)

Former CISA Director Jen Easterly Appointed CEO of RSAC (SecurityWeek)

iPhone 4 makes comeback — but experts warn of security risks (New York Post)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

A long day without bars.

Thu, 15 Jan 2026 21:10:00 -0000

Verizon hit by a major wireless outage. Poland blocks an attack on its power grid. A massive database of French citizens exposed. Microsoft shuts down a cybercrime-as-a-service operation. The UK backs away from digital ID plans. California probes Grok deepfakes. The FTC settles with GM over location data. Palo Alto Networks patches a serious firewall flaw. Plus, John Serafini of HawkEye on modern signals intelligence, and federal agents seize devices from a Washington Post reporter.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today Maria Varmazis sits down with John Serafini, Founder and CEO of Hawkeye 360, on T-Minus to discuss commercial signals intelligence, advanced RF signal processing, and Hawkeye 360’s recent acquisition of Innovative Signal Analysis alongside its Series E funding. To hear the full conversation, check out the episode on T-Minus.

Selected Reading

Verizon Says Service Restored After Thousands Affected by Outage (Bloomberg)

Poland says it repelled major cyberattack on power grid, blames Russia (The Record)

Massive breach leaks 45 million French records: demographic, healthcare, and financial data all leaked, here's what we know (TechRadar)

Criminal Subscription Service Behind AI-Powered Cyber-Attacks Taken Out By Microsoft (Infosecurity Magazine)

Government drops plans for mandatory digital ID to work in UK (BBC News)

Attorney General Bonta Launches Investigation into xAI, Grok Over Undressed, Sexual AI Images of Women and Children | State of California (Department of Justice)

FTC bans GM from selling drivers' location data for five years (Bleeping Computer)

Palo Alto Networks warns of DoS bug letting hackers disable firewalls (Bleeping Computer)

FBI executes search warrant at Washington Post reporter’s home (Washington Post)

US cargo tech company publicly exposed its shipping systems and customer data to the web (TechCrunch)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

CVEs don’t sleep.

Wed, 14 Jan 2026 21:10:00 -0000

Patch Tuesday fallout, China sidelines Western security vendors, and a critical flaw puts industrial switches at risk of remote takeover. A ransomware attack disrupts a Belgian hospital, crypto scams hit investment clients, and Eurail discloses a data breach. Analysts press Congress to go on offense in cyberspace, and Sean Plankey gets another shot at leading CISA. In our Threat Vector segment, David Moulton sits down with Ian Swanson, AI Security Leader at Palo Alto Networks about supply chain security. And, an AI risk assessment cites a football match that never happened.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

Threat Vector Segment

AI security is no longer optional, it’s urgent. In this segment of Threat Vector, David Moulton sits down with Ian Swanson, former CEO of Protect AI and now the AI Security Leader at Palo Alto Networks. Ian shares how securing the AI supply chain has become the next frontier in cybersecurity and why every enterprise building or integrating AI needs to treat it like any other software pipeline—rife with dependencies, blind spots, and adversaries ready to exploit them. You can catch the full conversation here and listen to new episodes of Threat Vector every Thursday on your favorite podcast app.

Selected Reading

Patch Tuesday, January 2026 Edition (Krebs on Security)

Adobe Patches Critical Apache Tika Bug in ColdFusion (SecurityWeek)

Chrome 144, Firefox 147 Patch High-Severity Vulnerabilities (SecurityWeek)

Fortinet Patches Critical Vulnerabilities in FortiFone, FortiSIEM (SecurityWeek)

Exclusive: Beijing tells Chinese firms to stop using US and Israeli cybersecurity software, sources say (Reuters)

Critical OpenSSH flaw exposes Moxa industrial switches to remote takeover (Beyond Machines)

Cyberattack forces Belgian hospital to transfer critical care patients (The Record)

Betterment confirms data breach after wave of crypto scam emails (Bleeping Computer)

Passports, bank details compromised in Eurail data breach (The Register)

Lawmakers Urged to Let US Take on 'Offensive' Cyber Role (Bank InfoSecurity)

Sean Plankey re-nominated to lead CISA (CyberScoop)

Police chief admits misleading MPs after AI used in justification for banning Maccabi Tel Aviv fans (BBC News)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Source code in the wild aisle.

Tue, 13 Jan 2026 21:10:00 -0000

Stolen Target source code looks real. CISA pulls the plug on Gogs. SAP rushes patches for critical flaws. A suspected Russian spy emerges in Sweden, while Cloudflare threatens to walk away from Italy. Researchers flag a Wi-Fi chipset bug, a long-running Magecart skimming campaign, and a surge in browser-in-the-browser phishing against Facebook users. Mandiant releases a new Salesforce defense tool, and NIST asks how to secure agentic AI before it secures itself. Our guests are Christine Blake and Madison Farabaugh from Inside the Media Minds. Plus, a Dutch court says seven years is still the going rate for a USB-powered cocaine plot.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Christine Blake and Madison Farabaugh from W2 Communications and hosts of Inside the Media Minds podcast on their show joining the N2K CyberWire network. You can listen to the latest episode of Inside the Media Minds today and catch new installments every month on your favorite podcast app.

Selected Reading

Target employees confirm leaked code after ‘accelerated’ Git lockdown (Bleeping Computer)

Fed agencies urged to ditch Gogs as zero-day makes CISA list (The Register)

SAP's January 2026 Security Updates Patch Critical Vulnerabilities (SecurityWeek)

Sweden detains ex-military IT consultant suspected of spying for Russia (The Record)

Cloudflare CEO threatens to pull out of Italy (The Register)

One Simple Trick to Knock Out the Wi-Fi Network (GovInfo Security)

Google's Mandiant releases free Salesforce access control checker (iTnews)

Global Magecart Campaign Targets Six Card Networks (Infosecurity Magazine)

Facebook login thieves now using browser-in-browser trick (Bleeping Computer)

NIST Calls for Public to Help Better Secure AI Agents (GovInfo Security)

Appeal fails for hacker who opened port to coke smugglers (The Register)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Is the cyber talent ecosystem broken? [CISO Perspectives]

Tue, 13 Jan 2026 19:00:00 -0000

Please enjoy this encore of CISO Perspectives

We're sharing an episode from another N2K show we thought you might like. It's the first episode of the new season of the show CISO Perspectives with Kim Jones. Enjoy!

Show Notes:

The cyber talent ecosystem faces severe indigestion, which has stifled growth and closed doors to new talent. In this episode of CISO Perspectives, host Kim Jones sits down with Ed Adams, the Head of Cybersecurity for North America at the Bureau Veritas Group, to discuss what has caused this indigestion and how leadership can better address these challenges. A key aspect of this conversation revolved around discussing Ed's book, See Yourself in Cyber: Security Careers Beyond Hacking, and how he expands the conversation surrounding traditional roles associated with cybersecurity.

Want more CISO Perspectives?:

Learn more about your ad choices. Visit megaphone.fm/adchoices

A picture worth a thousand breaches.

Mon, 12 Jan 2026 21:10:00 -0000

The FBI warns of Kimsuky quishing. Singapore warns of a critical vulnerability in Advantech IoT management platforms. Russia’s Fancy Bear targets energy research, defense collaboration, and government communications. Malaysia and Indonesia suspend access to X. Researchers warn a large-scale fraud operation is using AI-generated personas to trap mobile users in a social engineering scam. BreachForums gets breached. The NSA names a new Deputy Director. Monday Biz Brief. Our guest is Sasha Ingber, host of the International Spy Museum's SpyCast podcast. The commuter who hacked his scooter.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Sasha Ingber, host of the International Spy Museum's SpyCast podcast, on the return of SpyCast to the N2K CyberWire network.

Selected Reading

North Korea–linked APT Kimsuky behind quishing attacks, FBI warns (Security Affairs)

Advantech patches maximum-severity SQL injection flaw in IoT products (Beyond Machines)

Russia's APT28 Targeting Energy Research, Defense Collaboration Entities (SecurityWeek)

Malaysia and Indonesia block X over deepfake smut (The Register)

New OPCOPRO Scam Uses AI and Fake WhatsApp Groups to Defraud Victim (Hackread)

BreachForums hacking forum database leaked, exposing 324,000 accounts (Bleeping Computer)

Former NSA insider Kosiba brought back as spy agency’s No. 2 (The Record)

Vega raises $120 million in a Series B round led by Accel.

Reverse engineering my cloud-connected e-scooter and finding the master key to unlock all scooters (Rasmus Moorats)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Laura Hoffner: Setting your sights high. [Intelligence] [Career Notes]

Sun, 11 Jan 2026 08:00:00 -0000

Please enjoy this encore of Career Notes.

Laura Hoffner, Executive Vice President at Concentric, shares her story about her time working as a Naval Intelligence Officer and supporting special operations around the globe for 12 years, to now, where she transitioned to the Naval Reserves and joined the Concentric team. Laura has known since she was in the seventh grade that she wanted to work with SEALs and work in intelligence, so she set her goals high and achieved them shortly after graduating college. She credits being a Naval Intelligence Officer to helping her get to where she is today and says how much she is enjoying working with Concentric, saying she's "ultimately just incredibly benefiting from unbelievable mentors at the company itself." We thank Laura for sharing her story.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Walking on EggStremes. [Research Saturday]

Sat, 10 Jan 2026 08:00:00 -0000

This week, we are joined by Martin Zugec, Technical Solutions Director from Bitdefender, sharing their work and findings on "EggStreme Malware: Unpacking a New APT Framework Targeting a Philippine Military Company." Built for long-term espionage, the campaign uses DLL sideloading, in-memory execution, and abused Windows services to stay stealthy and persistent.

We walk through how the multi-stage framework delivers a powerful backdoor with reconnaissance, lateral movement, data theft, and keylogging capabilities—and what this operation reveals about the evolving tactics defenders need to watch for.

The research can be found here:

EggStreme Malware: Unpacking a New APT Framework Targeting a Philippine Military Company

Learn more about your ad choices. Visit megaphone.fm/adchoices

Is interim the new permanent?

Fri, 09 Jan 2026 21:10:00 -0000

The NSA reshuffles its cybersecurity leadership. A new report unmasks ICE’s latest surveillance system. CISA marks a milestone by retiring ten Emergency Directives. Trend Micro patches a critical vulnerability. Grok dials back the nudes, a bit. Cambodia extradites a cybercrime kingpin to China. Ghost Tap malware intercepts payment card data. Researchers disrupt a highly sophisticated VMware ESXi hypervisor exploit. European law enforcement arrest dozens of suspects linked to the international cybercriminal group Black Axe. Our guest is Sonali Shah, CEO of Cobalt, who says 2026 is the year AI stops being a concept and becomes the central battleground of cybersecurity. After firing the experts, DOGE hangs a help wanted sign.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today on our Industry Voices, we are joined by Sonali Shah, CEO of Cobalt, talking about 2026 is the year AI stops being a concept and becomes the central battleground of cybersecurity. Tune into the full conversation here.

Selected Reading

NSA cyber directorate gets new acting leadership (The Record)

Inside ICE’s Tool to Monitor Phones in Entire Neighborhoods (404 Media)

CISA Retires Ten Emergency Directives, Marking an Era in Federal Cybersecurity (CISA.gov)

Trend Micro warns of critical Apex Central RCE vulnerability (Bleeping Computer)

X pulls Grok images after UK ban threat over undress tool (The Register)

Alleged cyber scam kingpin arrested, extradited to China (The Record)

Chinese Hackers Use NFC-Enabled Android Malware to Steal Payment Information (GB Hackers)

The Great VM Escape: ESXi Exploitation in the Wild (Huntress)

Europol Leads Global Crackdown on Black Axe Cybercrime Gang, 34 Arrest (Infosecurity Magazine)

US DOGE Service is hiring following mass workforce losses across the government (Gov Exec)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

America goes solo on cyber.

Thu, 08 Jan 2026 21:10:00 -0000

The US withdraws from global cybersecurity institutions. A maximum-severity vulnerability called Ni8mare allows full compromise of a workflow automation platform. Cisco patches ISE. Researchers uncover a sophisticated multi-stage malware campaign targeting manufacturing and government organizations in Italy, Finland, and Saudi Arabia. The growing rift of defining AI risk. Microsoft gives 365 admins a one-month deadline to enable MFA. The Illinois Department of Human Services inadvertently exposed personal and protected health information of more than 700,000 residents. An Illinois man is charged with hacking Snapchat accounts to steal nudes. Our guest is Caitlin Clarke, Senior Director for Cybersecurity Services at Venable, with insights on CISA 2015. Facial recognition that’s bear-ly controversial.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Caitlin Clarke, Senior Director for Cybersecurity Services at Venable, for a conversation on CISA 2015 and its role in today’s cybersecurity and policy landscape. If you enjoyed this conversation, be sure to tune into the full interview on the next Caveat.

Selected Reading

US announces withdrawal from dozens of international treaties (The Record)

US To Leave Global Forum on Cyber Expertise (Infosecurity Magazine)

Max severity Ni8mare flaw lets hackers hijack n8n servers (Bleeping Computer)

Cisco warns of Identity Service Engine flaw with exploit code (Bleeping Computer)

CISA tags max severity HPE OneView flaw as actively exploited (Bleeping Computer)

Threat Actors Exploit Commodity Loader in Targeted Email Campaigns Against Organizations (GB Hackers)

Are Copilot prompt injection flaws vulnerabilities or AI limits? (Bleeping Computer)

Microsoft to enforce MFA for Microsoft 365 admin center sign-ins (Bleeping Computer)

Illinois state agency exposed personal data of 700,000 people (The Record)

Oswego man Kyle Svara, 26, allegedly hired by college coach Steve Waithe to get Snapchat access codes from nearly 600 women: FBI (ABC7 Chicago)

How facial recognition for bears can help ecologists manage wildlife (The Conversation)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Cyberattack in the fast lane.

Wed, 07 Jan 2026 21:10:00 -0000

Jaguar Land Rover reveals the fiscal results of last year’s cyberattack. A Texas gas station chain suffers a data spill. Taiwan tracks China’s energy-sector attacks. Google and Veeam push patches. Threat actors target obsolete D-Link routers. Sedgwick Government Solutions confirms a data breach. The U.S. Cyber Trust Mark faces an uncertain future. Google looks to hire humans to improve AI search responses. Our guest is Deepen Desai, Chief Security Officer of Zscaler, discussing what’s powering enterprise AI in 2026. AI brings creative cartography to the weather forecast.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On today’s Industry Voices, we are joined by Deepen Desai, Chief Security Officer of Zscaler, discussing what’s powering enterprise AI in 2026. To learn more on this topic, be sure to check out Zscaler’s report here. Listen to the full conversation here.

Selected Reading

Jaguar Land Rover wholesale volumes plummet 43% in cyberattack aftermath (The Register)

Major Data Breach Hits Company Operating 150 Gas Stations in the US (Hackread)

Taiwan says China's attacks on its energy sector increased tenfold (Bleeping Computer)

Google Patches High-Severity Chrome WebView Flaw CVE-2026-0628 in the Tag Component (Tech Nadu)

Several Code Execution Flaws Patched in Veeam Backup & Replication (SecurityWeek)

New D-Link flaw in legacy DSL routers actively exploited in attacks (Bleeping Computer)

Sedgwick confirms breach at government contractor subsidiary (Bleeping Computer)

FCC Loses Lead Support for Biden-Era IoT Security Labeling (GovInfoSecurity)

Google Search AI hallucinations push Google to hire "AI Answers Quality" engineers (Bleeping Computer)

‘Whata Bod’: An AI-generated NWS map invented fake towns in Idaho (The Washington Post)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

X marks the violation.

Tue, 06 Jan 2026 21:10:00 -0000

Grok’s non-consensual imagery draws scrutiny from the European Commission. Researchers link several major data breaches to a single threat actor. The UK unveils a new Cyber Action Plan. A stealthy ClickFix campaign targets the hospitality sector. VVS Stealer malware targets Discord users. Covenant Health and AFLAC report data leaks. Google silences a critical Dolby flaw. Ilona Cohen, Chief Legal and Policy Officer at HackerOne discusses “What the SolarWinds Dismissal Really Means for CISOs: Less Personal Risk, More Scrutiny on Disclosures.” UK students enjoy a digital snow day.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Ilona Cohen, Chief Legal and Policy Officer at HackerOne and former senior lawyer to President Obama, as she is discussing “What the SolarWinds Dismissal Really Means for CISOs: Less Personal Risk, More Scrutiny on Disclosures.”

Selected Reading

EU looking ‘very seriously’ at taking action against X over Grok (The Record)

Grok's AI CSAM Shitshow (404 Media)

Dozens of Major Data Breaches Linked to Single Threat Actor (SecurityWeek)

UK Launches New Cyber Unit to Bolster Defences Against Cyber Threats (Infosecurity Magazine)

Sophisticated ClickFix Campaign Targeting Hospitality Sector (SecurityWeek)

New VVS Stealer Malware Targets Discord Users via Fake System Errors (Hackread)

Covenant Health Notifying 480K Patients of 2025 Data Theft (Infosecurity)

Aflac Notifies 22.6 Million People of June Data Theft Attack (Infosecurity)

Critical Dolby leak in Android patched by Google (Techzine Global)

Students bag extended Christmas break after cyber hit on school IT (The Register)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

A city goes dark as cyber questions multiply.

Mon, 05 Jan 2026 21:10:00 -0000

Venezuela blames physical attacks for blackout as cyber questions swirl. Trump reverses a chip technology sale over national security issues, and removes sanctions linked to Predator spyware. Greek officials say an air traffic shutdown was not a cyberattack. The U.S. Army launches a new officer specialization in AI and machine learning. The Kimwolf botnet infects more than two million devices worldwide. ZoomStealer uses browser extensions to grab sensitive online meeting data. The European Space Agency confirms a cybersecurity incident. Former lawmakers and cyber policy leaders warn that U.S. cyber defenses are slipping. On today’s Afternoon Cyber Tea host Ann Johnson welcomes Troy Hunt, founder of Have I Been Pwned. A researcher swipes left on white supremacy.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On this segment of Afternoon Cyber Tea with host Ann Johnson, Ann is joined by Troy Hunt, founder of Have I Been Pwned, to explore what billions of breached records reveal about attacker behavior, human weakness, and the state of breach disclosure. To listen to Ann and Troy's full conversation, visit the episode page. You can catch new episodes of Afternoon Cyber Tea every other Tuesday on your favorite podcast app.

Selected Reading

Trump suggests US used cyberattacks to turn off lights in Venezuela during strikes (POLITICO)

US Action in Venezuela Provokes Cyberattack Speculation (GovInfosecurity)

COMUNICADO | CORPOELEC denuncia ataque perpetrado contra el Sistema Eléctrico Nacional (MPPEE)

President Trump Orders Divestment in $2.9 Million Chips Deal to Protect US Security Interests (SecurityWeek)

Treasury removes sanctions for three executives tied to spyware maker Intellexa (The Record)

Greece says a radio failure that grounded flights is unlikely to be a cyberattack (WRAL.com)

US Army to Establish AI Officer Corps for High-Tech Military Management (ForkLog)

The Kimwolf Botnet is Stalking Your Local Network (Krebs on Security)

Zoom Stealer browser extensions harvest corporate meeting intelligence (Bleeping Computer)

European Space Agency Confirms Server Breach (Infosecurity Magazine)

Time to restore America’s cyberspace security system (CyberScoop)

Researcher Wipes White Supremacist Dating Sites, Leaks Data on okstupid.lol (Hackread)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Michael Scott: A team of humble intellects. [Information security] [Career Notes]

Sun, 04 Jan 2026 08:00:00 -0000

Please enjoy this encore of Career Notes.

Chief Information Security Officer at Immuta, Michael Scott shares his story from working at a forgotten internet service provider to leading the security fight for major food chain restaurants. Michael explains how the different roles at various companies he has worked with paved his way to where he is now at Immuta. He works with a group of colleagues and he leads in a different style, describing that "It really is just a collection of a lot of, we call humble intellects" working with him. Michael attributes adversity to being a cornerstone of existence in the security community, and explains how that helps him keep up the fight. We thank Michael for sharing his story with us.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Don’t trust that app!

Sat, 03 Jan 2026 08:00:00 -0000

While our team is out on winter break, please enjoy this episode of Research Saturday.

Today we are joined by ⁠⁠Selena Larson⁠⁠, co-host of ⁠⁠Only Malware in the Building⁠⁠ and Staff Threat Researcher and Lead Intelligence Analysis and Strategy at ⁠⁠Proofpoint⁠⁠, sharing their work on "Microsoft OAuth App Impersonation Campaign Leads to MFA Phishing." Proofpoint researchers have identified campaigns where threat actors use fake Microsoft OAuth apps to impersonate services like Adobe, DocuSign, and SharePoint, stealing credentials and bypassing MFA via attacker-in-the-middle phishing kits, mainly Tycoon.

These attacks redirect users to fake Microsoft login pages to capture credentials, 2FA tokens, and session cookies, targeting nearly 3,000 Microsoft 365 accounts across 900 environments in 2025. Microsoft’s upcoming security changes and strengthened email, cloud, and web defenses, along with user education, are recommended to reduce these risks.

The research can be found here:

⁠⁠⁠⁠Microsoft OAuth App Impersonation Campaign Leads to MFA Phishing

Learn more about your ad choices. Visit megaphone.fm/adchoices

Cyber and its "Hive" Mind

Fri, 02 Jan 2026 06:00:00 -0000

While our team is out on winter break, please enjoy this episode of Cyber Things from our partners at Armis.

Welcome to Episode 2 of Cyber Things, a special edition podcast produced in partnership by Armis and N2K CyberWire in an homage to Stranger Things. Host ⁠Rebecca Cradick⁠, VP of Global Communications at ⁠Armis⁠, is joined by ⁠Curtis Simpson⁠, CISO at Armis, to dive deep into the rise of the “Hive Mind”: the collective, connected threat ecosystem where attackers share tools, data, and tactics across the dark web, evolving faster than ever through AI-powered reconnaissance and automation.

This is essential listening for anyone seeking to better understand how today’s adversaries no longer operate alone, but as a distributed learning network that observes, adapts, and strikes with speed and precision. Tune in now to learn how organizations can think upside down, harness AI, and build defenses that move at the speed of today’s threats - before the shadows reach your network.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Confronting China’s Expanding Cyber Threats [Threat Vector]

Thu, 01 Jan 2026 07:00:00 -0000

While our team is out on winter break, please enjoy this episode of Threat Vector from our partners at Palo Alto Networks.

In this episode of Threat Vector, host David Moulton talks with Wendi Whitmore, Chief Security Intelligence Officer at Palo Alto Networks, about the increasing scale of China-linked cyber threats and the vulnerabilities in outdated OT environments.

Wendi shares critical insights on how nation-state threats have evolved, why AI must be part of modern defense strategies, and the importance of real-time intelligence sharing. They also dive into scenario planning as a key to resilience. If you want to know how cybersecurity leaders are preparing for the next wave of threats, this episode is a must-listen.

From the show:

Hear more from Wendi Whitmore on Threat Vector:

Episode 5: From Nation States to Cybercriminals

Join the conversation on our social media channels:

Website:⁠ ⁠⁠⁠⁠https://www.paloaltonetworks.com/⁠
Threat Research:⁠ ⁠⁠⁠⁠https://unit42.paloaltonetworks.com/⁠⁠⁠⁠⁠
Facebook:⁠ ⁠⁠⁠⁠https://www.facebook.com/LifeatPaloAltoNetworks/⁠⁠⁠⁠⁠
LinkedIn:⁠ ⁠⁠⁠⁠https://www.linkedin.com/company/unit42/⁠⁠⁠⁠⁠
YouTube:⁠ ⁠⁠@paloaltonetworks⁠
Twitter:⁠ ⁠⁠⁠⁠⁠⁠https://twitter.com/PaloAltoNtwks⁠⁠⁠⁠⁠

About Threat Vector

The podcast features in-depth discussions with industry leaders, Palo Alto Networks experts, and customers, providing crucial insights for security decision-makers.

Palo Alto Networks

Learn more about your ad choices. Visit megaphone.fm/adchoices

Lorrie Cranor: Why Security Fails Real People [Afternoon Cyber Tea]

Wed, 31 Dec 2025 06:00:00 -0000

While our team is out on winter break, please enjoy this episode of Afternoon Cyber Tea with Ann Johnson from our partners at Microsoft Security.

Dr. Lorrie Cranor, Director of the CyLab Security and Privacy Institute at Carnegie Mellon University joins Ann Johnson, Corporate Vice President, Microsoft, on this week's episode of Afternoon Cyber Tea to discuss the critical gap between security design and real-world usability. They explore why security tools often fail users, the ongoing challenges with passwords and password less authentication, and how privacy expectations have evolved in an era of constant data collection. Dr. Cranor emphasizes the importance of user-centered design, practical research, behavioral insights, and simpler, more transparent systems to help CISOs build security programs that truly work for people.

Resources:

View Lorrie Cranor on LinkedIn

View Ann Johnson on LinkedIn

Related Microsoft Podcasts:

Microsoft Threat Intelligence Podcast

The BlueHat Podcast

Uncovering Hidden Risks

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Afternoon Cyber Tea with Ann Johnson is produced by Microsoft, Hangar Studios and distributed as part of N2K media network.

Learn more about your ad choices. Visit megaphone.fm/adchoices

The New Frontlines of Cybersecurity: Lessons from the 2025 Digital Defense Report [Microsoft Threat Intelligence Podcast]

Tue, 30 Dec 2025 10:00:00 -0000

While our team is out on winter break, please enjoy this episode of The Microsoft Threat Intelligence Podcast from our partners at Microsoft.

In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by Chloé Messdaghi and Crane Hassold to unpack the key findings of the 2025 Microsoft Digital Defense Report; a comprehensive look at how the cyber threat landscape is accelerating through AI, automation, and industrialized criminal networks.

They explore how nation-state operations and cybercrime have fused into a continuous cycle of attack and adaptation, with actors sharing tooling, infrastructure, and even business models. The conversation also examines AI’s growing impact, from deepfakes and influence operations to the defensive promise of AI-powered detection, and how identity compromise has become the front door to most intrusions, accounting for over 99% of observed attacks.

Listeners will gain perspective on:

How AI is shaping both attacker tradecraft and defensive response.

Why identity remains the cornerstone of global cyber risk.

What Microsoft’s telemetry—spanning 600 million daily attacks—reveals about emerging threats and evolving defender strategies.

Questions explored:

How are threat actors using AI to scale deception and influence operations?

What does industrialized cybercrime mean for organizations trying to defend at scale?

How can defenders harness AI responsibly without overreliance or exposure?

Resources:

Download the report and executive summary

View Chloé Messdaghi on LinkedIn

View Crane Hassold on LinkedIn

View Sherrod DeGrippo on LinkedIn

Related Microsoft Podcasts:

Afternoon Cyber Tea with Ann Johnson

The BlueHat Podcast

Uncovering Hidden Risks

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Get the latest threat intelligence insights and guidance at Microsoft Security Insider

The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Season finale: Leading security in a brave new world. [CISOP]

Tue, 30 Dec 2025 07:00:00 -0000

In the season finale of CSO Perspectives, Ethan Cook and Kim Jones reflect on a season of conversations exploring what it means to lead security in a rapidly evolving “brave new world.” From the realities behind AI hype and the slow-burn impact of quantum computing to the business forces shaping cybersecurity innovation, they revisit key lessons and lingering challenges facing today’s CISOs. The episode closes with an optimistic—but candid—look at why fundamentals, critical thinking, and leadership still matter as the industry moves forward.

Want more CISO Perspectives?

Check out companion ⁠⁠blog post⁠⁠s by our very own Ethan Cook, where he breaks down key insights, shares behind-the-scenes context, and highlights research that complements episodes throughout the season.

Learn more about your ad choices. Visit megaphone.fm/adchoices

The Hidden Risk in Your Stack [Data Security Decoded]

Mon, 29 Dec 2025 07:00:00 -0000

While our team is out on winter break, please enjoy this episode of Data Security Decoded from our partners at Rubrik.

In this episode of Data Security Decoded, host Caleb Tolin sits down with Hayden Smith, CEO of Hunted Labs, as he breaks down how software supply chain attacks really work, why open source dependencies create unseen exposure, and what modern threat actors are doing to exploit trust at scale. Caleb and Hayden dive deep into real-world attacks, emerging TTPs, AI-powered threat hunting, and what organizations must do today to keep pace. Listeners walk away with a clear picture of the problem—and a practical blueprint for reducing supply chain risk.

What You’ll Learn

How modern attackers infiltrate open source ecosystems through fake accounts and counterfeit package contributions.
Why dependency chains dramatically amplify both exposure and attacker leverage.
How to use threat intelligence and threat hunting to proactively evaluate upstream packages before adoption.
Where AI-powered code analysis is changing the ability to discover hidden vulnerabilities and suspicious patterns.
Why dependency pinning, SBOM discipline, and continuous monitoring now define a strong supply chain posture.

Episode Highlights

00:00 — Welcome + Why Software Supply Chain Risk Matters

02:00 — Hayden’s Non-Cyber Passion + Framing Today’s Topic

03:00 — Why Open Source Powers Everything—and Why That Creates Exposure

06:00 — The Real Attack Vector: Contribution as Initial Access

08:00 — Inside the Indonesian “Fake Package” Campaign

10:30 — How to Evaluate Code + Contributor Identity Together

12:00 — Threat Hunting and AI-Enabled Code Interrogation

15:00 — The Challenge of Undisclosed Vulnerabilities in Widely Used Components

16:30 — How Recovery Works When Malware Is Already in Your Stack

19:00 — Continuous Monitoring as the Foundation of Modern Supply Chain Security

22:00 — Pinning, Maintainer Analysis, and Code Interrogation Best Practices

24:00 — Where to Learn More About Hunted Labs

Episode Resources
- Hunted Labs — https://huntedlabs.com
- Hunted Labs Entercept
- Hunted Labs “Hunting Ground” research blog
- Open Source Malware (Paul McCarty)

Learn more about your ad choices. Visit megaphone.fm/adchoices

Charity Wright: Pursue what you love. [Threat intelligence] [Career Notes]

Sun, 28 Dec 2025 08:00:00 -0000

While our team is out on winter break, please enjoy this episode of Career Notes.

Threat intelligence analyst at Recorded Future, Charity Wright, shares her story from the army to her career today. Transitioning from the army to cybersecurity was an exciting change for her. During college she was recruited by the U.S. army where she started her journey and learned new skills paving her pathway to threat intelligence where she is now. She shares that she works with a great team of junior analysts who are constantly checking each others' biases which helps keep Charity grounded in her work. Charity spends her days keeping an eye on threats around the world where she says there is never a dull day in her line of work. We thank Charity for sharing her story with us.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Excel-lerating cyberattacks. [Research Saturday]

Sat, 27 Dec 2025 08:00:00 -0000

While our team is out on winter break, please enjoy this episode of Research Saturday.

This week, we are joined by ⁠Tom Hegel⁠, Principal Threat Researcher from ⁠SentinelLabs⁠ research team, to discuss their work on "Ghostwriter | New Campaign Targets Ukrainian Government and Belarusian Opposition." The latest Ghostwriter campaign, linked to Belarusian government espionage, is actively targeting Ukrainian military and government entities as well as Belarusian opposition activists using weaponized Excel documents.

SentinelLabs identified new malware variants and tactics, including obfuscated VBA macros that deploy malware via DLL files, with payload delivery seemingly controlled based on a target’s location and system profile. The campaign, which began preparation in mid-2024 and became active by late 2024, appears to be an evolution of previous Ghostwriter operations, combining disinformation with cyberattacks to further political and military objectives.

The research can be found here:

⁠Ghostwriter | New Campaign Targets Ukrainian Government and Belarusian Opposition

Learn more about your ad choices. Visit megaphone.fm/adchoices

Beyond cyber: Securing the next horizon. [Special Edition]

Fri, 26 Dec 2025 06:00:00 -0000

While our team is out on winter break, please enjoy this Special Edition episode.

Cybersecurity is no longer confined to the digital world or just a technical challenge, it’s a global imperative. The ⁠NightDragon Innovation Summit⁠ convened a group of industry leaders to discuss how public and private entities can work together to address emerging threats and harness the power of AI, cybersecurity, and innovation to strengthen national defense.

In this special edition podcast, we capture a glimpse into the knowledge and expertise shared at the NightDragon Innovation Summit. We are joined by ⁠NightDragon⁠ Founder and CEO ⁠Dave DeWalt⁠, ⁠DataBee⁠ CEO ⁠Nicole Bucala⁠, ⁠Liberty Mutual Insurance⁠ EVP and CISO ⁠Katie Jenkins⁠, Sophos CEO ⁠Joe Levy⁠, and ⁠Dataminr⁠ VP of Sales Engineering ⁠Michael Mastrole⁠.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Yippee-ki-yay, cybercriminals! [OMITB]

Thu, 25 Dec 2025 06:00:00 -0000

While our team is out on winter break, please enjoy this episode of Only Malware in the Building.

Welcome in! You’ve entered, Only Malware in the Building. Wrap yourself in a warm blanket, pour your favorite mug of tea, and join us each month as we unwrap the season’s juiciest cyber mysteries. Your host is ⁠⁠⁠⁠⁠⁠Selena Larson⁠⁠⁠⁠⁠⁠, ⁠⁠⁠⁠⁠⁠Proofpoint⁠⁠⁠⁠⁠⁠ intelligence analyst and host of their podcast ⁠⁠⁠⁠⁠⁠DISCARDED⁠⁠⁠⁠⁠⁠. Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by her co-hosts ⁠⁠⁠⁠⁠⁠N2K Networks⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠⁠ and ⁠⁠⁠⁠⁠Keith Mularski⁠⁠⁠⁠⁠, former FBI cybercrime investigator and now Chief Global Ambassador at ⁠⁠⁠⁠⁠Qintel⁠⁠⁠⁠⁠.

Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we explore Remote access, real cargo: cybercriminals targeting trucking and logistics. From clever schemes to protect shipments to the tools cybercriminals use, our guests discuss how organizations can safeguard physical goods in an increasingly connected world—because even during the season of hustle and bustle, the threats don’t take a holiday.

Learn more about your ad choices. Visit megaphone.fm/adchoices

And the Breachies go to…

Wed, 24 Dec 2025 21:10:00 -0000

In today’s episode, we dig into the Electronic Frontier Foundation’s annual Breachies, highlighting some of the year’s most avoidable, eye-opening, and sometimes head-shaking data breaches. From companies collecting far more data than they need to third-party missteps and quiet misconfigurations, the Breachies offer a revealing look at how familiar privacy failures keep repeating—and why they matter for users.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today’s we have a CyberWire holiday favorite: The 12 Days of Malware — with Dave and a lineup of cybersecurity friends gleefully rewriting The 12 Days of Christmas to celebrate malware, mishaps, and life online, one verse at a time.

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Eyes in the sky, red flags on the ground.

Tue, 23 Dec 2025 21:10:00 -0000

The White House bans foreign-made drones. African law enforcement agencies crackdown on cybercrime. A new phishing campaign targets Russian military personnel and defense-related organizations. A University of Phoenix data breach affects about 3.5 million people. A pair of Chrome extensions covertly hijack user traffic. Romania’s national water authority suffered a ransomware attack. A cyberattack in France disrupts postal, identity, and banking services for millions of customers. NIST and MITRE announce a $20 million partnership for AI research centers. A think-tank says the U.S. needs to go on the cyber offensive. Tim Starks from CyberScoop discusses the passage of the defense Authorization Bill and a look back at 2025. In high school, it’s no child left unscanned.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Tim Starks from CyberScoop discussing the passage of the Defense Authorization Bill and a look back at 2025.

Selected Reading

Trump Administration Declares Foreign-Made Drones a Security Threat (The New York Times)

Hundreds of Arrests as Operation Sentinel Recovers $3m (Infosecurity Magazine)

Cyber spies use fake New Year concert invites to target Russian military (The Record)

University of Phoenix Data Breach - 3.5 Million+ Individuals Affected (CybersecurityNews)

Malicious extensions in Chrome Web store steal user credentials (BleepingComputer)

Ransomware Hits Romanian Water Authority, 1000 Systems Knocked Offline (Hackread)

Cyberattack knocks offline France's postal, banking services (BleepingComputer)

NIST, MITRE announce $20 million research effort on AI cybersecurity (CyberScoop)

US Must Go on Offense in Cyberspace, Report Warns (Govifosecurity)

AI Bathroom Monitors? Welcome To America's New Surveillance High Schools (Forbes)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Tech Investment Strategies and Overview [CISOP]

Tue, 23 Dec 2025 07:00:00 -0000

In this CISOP episode of CSO Perspectives, Host Kim Jones sits down with John Funge, venture capitalist at DataTribe, to explore how investors view the cybersecurity landscape. Kim reflects on the tension between innovation, profit motives, and the real needs of security practitioners—raising questions about whether the industry prioritizes mitigation over true solutions. John offers a candid look inside the VC decision-making process, breaking down how teams, market fit, and long-term defensibility shape investment choices. Together, they examine how founders, investors, and CISOs can better align to drive meaningful, effective security innovation.

Want more CISO Perspectives?

Check out a companion ⁠⁠blog post⁠⁠ by our very own Ethan Cook, where he breaks down key insights, shares behind-the-scenes context, and highlights research that complements this episode.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Everything old is new again.

Mon, 22 Dec 2025 21:10:00 -0000

NATO suspects Russia is developing a new anti-satellite weapon to disrupt the Starlink network. A failed polygraph sparks a DHS probe and deepens turmoil at CISA. A look back at Trump’s cyber policy shifts. MacSync Stealer adopts a stealthy new delivery method. Researchers warn a popular open-source server monitoring tool is being abused. Cyber criminals are increasingly bypassing technical defenses by recruiting insiders. Scripted Sparrow sends millions of BEC emails each month. Federal prosecutors take down a global fake ID marketplace. Monday business brief. Our guest is Eric Woodruff, Chief Identity Architect at Semperis, discussing "NoAuth Abuse Alert: Full Account Takeover." Atomic precision meets Colorado weather.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today on our Industry Voices, we are joined by Eric Woodruff, Chief Identity Architect at Semperis, discussing "NoAuth Abuse Alert: Full Account Takeover." Tune into the full conversation here.

Selected Reading

Starlink in the crosshairs: How Russia could attack Elon Musk's conquering of space (AP News)

Project West Ford (Wikipedia)

Acting CISA director failed a polygraph. Career staff are now under investigation (POLITICO)

Dismantling Defenses: Trump 2.0 Cyber Year in Review (Krebs on Security)

MacSync macOS Malware Distributed via Signed Swift Application (SecurityWeek)

From ClickFix to code signed: the quiet shift of MacSync Stealer malware (Jamf)

Hackers Abuse Popular Monitoring Tool Nezha as a Stealth Trojan (Hackread)

Cyber Criminals Are Recruiting Insiders in Banks, Telecoms, and Tech (Check Point)

Scripted Sparrow Sends Millions of BEC Emails Each Month (Infosecurity Magazine)

FBI Seizes Fake ID Template Domains Operating from Bangladesh (Hackread)

Adaptive Security raises $81 million in a Series B round led by Bain Capital Ventures. (N2K Pro)

NIST tried to pull the pin on NTP servers after blackout caused atomic clock drift (The Register)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Eric Escobar: Collaboration is key. [Pen tester] [Career Notes]

Sun, 21 Dec 2025 08:00:00 -0000

Please enjoy this encore of Career Notes.

Principal consultant and pen tester at Secureworks, Eric Escobar, shares his career path translating his childhood favorite Legos to civil engineering and pivoting to cybersecurity. Eric was always headed toward engineering and got both his bachelor and master degrees in civil engineering. Upon breaking into a network with a friend, he was bitten by the cybersecurity bug. Making the switch to the red team and basically becoming a bankrobber for hire, Eric tests the security of many companies' networks. He feels that curiosity is an essential trait for cybersecurity and collaboration is key as no one person knows everything. He advises those interested in cybersecurity to just start. We thank Eric for sharing his story with us.

Learn more about your ad choices. Visit megaphone.fm/adchoices

The lies that let AI run amok. [Research Saturday]

Sat, 20 Dec 2025 08:00:00 -0000

Darren Meyer, Security Research Advocate at Checkmarx, is sharing their work on "Bypassing AI Agent Defenses with Lies-in-the-Loop." Checkmarx Zero researchers introduce “lies-in-the-loop,” a new attack technique that bypasses human‑in‑the‑loop AI safety controls by deceiving users into approving dangerous actions that appear benign.

Using examples with AI code assistants like Claude Code, the research shows how prompt injection and manipulated context can trick both the agent and the human reviewer into enabling remote code execution. The findings highlight a growing risk as AI agents become more common in developer workflows, underscoring the limits of human oversight as a standalone security control.

The research can be found here:

⁠Bypassing AI Agent Defenses With Lies-In-The-Loop

Learn more about your ad choices. Visit megaphone.fm/adchoices

Where encryption meets executive muscle.

Fri, 19 Dec 2025 21:10:00 -0000

Trump signs the National Defense Authorization Act for 2026. Danish intelligence officials accuse Russia of orchestrating cyberattacks against critical infrastructure. LongNosedGoblin targets government institutions across Southeast Asia and Japan. A new Android botnet infects nearly two million devices. WatchGuard patches its Firebox firewalls. Amazon blocks more than 1,800 North Korean operatives from joining its workforce. CISA releases nine new Industrial Control Systems advisories. The U.S. Sentencing Commission seeks public input on deepfakes. Prosecutors indict 54 in a large-scale ATM jackpotting conspiracy. Our guest is Nitay Milner, CEO of Orion Security, discussing the issue with data leaking into AI tools, and how CISOs must prioritize DLP. Riot Games finds cheaters hiding in the BIOS.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Nitay Milner, CEO of Orion Security, discusses the issue with data leaking into AI tools, and how CISOs must prioritize DLP.

Selected Reading

Trump signs defense bill allocating millions for Cyber Command, mandating Pentagon phone security (The Record)

Denmark blames Russia for destructive cyberattack on water utility (Bleeping Computer)

New China-linked hacker group spies on governments in Southeast Asia, Japan (The Record)

'Kimwolf' Android Botnet Ensnares 1.8 Million Devices (SecurityWeek)

New critical WatchGuard Firebox firewall flaw exploited in attacks (Bleeping Computer)

Amazon blocked 1,800 suspected DPRK job applicants (The Register)

CISA Releases Nine Industrial Control Systems Advisories (CISA.gov)

U.S. Sentencing Commission seeks input on criminal penalties for deepfakes (CyberScoop)

US Charges 54 in Massive ATM Jackpotting Conspiracy (Infosecurity Magazine)

Riot Games found a motherboard security flaw that helps PC cheaters (The Verge)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

OneView gives attackers the full tour.

Thu, 18 Dec 2025 21:10:00 -0000

Hewlett Packard Enterprise patches a maximum-severity vulnerability in its OneView infrastructure management software. Cisco warns a critical zero-day is under active exploitation. An emergency Chrome update fixes two high-severity vulnerabilities. French authorities make multiple arrests. US authorities dismantle an unlicensed crypto exchange accused of money laundering. SonicWall highlights an exploited zero-day. Researchers earn $320,000 for demonstrating critical remote code execution flaws in cloud infrastructure components. A U.S. Senator urges electronic health record vendors to give patients greater control over who can access their medical data. Our guest is Larry Zorio, CISO from Mark43, discussing first responders and insider cyber risks. A right-to-repair group puts cash on the table.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Larry Zorio, CISO from Mark43, to discuss first responders sounding the alarm on insider cyber risks. To see the full report, check it out here.

Selected Reading

HPE warns of maximum severity RCE flaw in OneView software (Bleeping Computer)

China-Linked Hackers Exploiting Zero-Day in Cisco Security Gear (SecurityWeek)

Google Chrome patches two high severity vulnerabilities in emergency update (Beyond Machines)

France arrests 22-year-old over Interior Ministry hack (The Record)

France arrests Latvian for installing malware on Italian ferry (Bleeping Computer)

FBI dismantles alleged $70M crypto laundering operation (The Register)

SonicWall Patches Exploited SMA 1000 Zero-Day (SecurityWeek)

Zeroday Cloud hacking event awards $320,0000 for 11 zero days (Bleeping Computer)

Senator Presses EHR Vendors on Patient Privacy Controls (Govinfosecurity)

A nonprofit is paying hackers to unlock devices companies have abandoned (TechSpot)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

The cloud that spies back.

Wed, 17 Dec 2025 21:10:00 -0000

Researchers detail a years-long Russian state-sponsored cyber espionage campaign. Israel’s cyber chief warns against complacency. Vulnerabilities affect products from Fortinet and Hitachi Energy. Studies show AI models are rapidly improving at offensive cyber tasks. MITRE expands its D3FEND cybersecurity ontology to cover operational technology. Texas sues smart TV manufacturers, alleging illegal surveillance. A fraudulent gift card locks an Apple user out of their digital life. Our guest is Doron Davidson from CyberProof Israel discussing agentic SOCs and agentic transformation of an MDR. Fat racks crack the stacks.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On our Industry Voices segment, we are joined by ⁠Doron Davidson⁠, GM at ⁠CyberProof⁠ Israel, MD Security Operations, discussing agentic SOC and agentic transformation of an MDR. If you’d like to learn more be sure to check out ⁠CyberProof⁠. Tune into the full conversation here.

Selected Reading

Amazon Exposes Years-Long GRU Cyber Campaign Targeting Energy and Cloud Infrastructure (Live Threat Intelligence)

IDF warns future cyberattacks may dwarf past threats (The Jerusalem Post)

CISA reports active exploitation of critical Fortinet authentication bypass flaw (Beyond Machines)

Hitachi Energy reports BlastRADIUS flaw in AFS, AFR and AFF Series product families (Beyond Machines)

AI models are perfecting their hacking skills (Axios)

AI Hackers Are Coming Dangerously Close to Beating Humans (WSJ)

MITRE Extends D3FEND Ontology to Operational Technology Cybersecurity (Mitre)

Texas sues biggest TV makers, alleging smart TVs spy on users without consent (Ars Technica)

Locked out: How a gift card purchase destroyed an Apple account (Apple Insider)

Racks of AI chips are too damn heavy (The Verge)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Cyber shock to the oil trade.

Tue, 16 Dec 2025 21:20:00 -0000

Venezuela’s state oil company blames a cyberattack on the U.S. An Iranian hacker group offers cash bounties for doxing Israelis. Germany’s lower house of parliament suffers a major email outage. South Korea’s e-commerce breach exposes personal information of nearly all of that nation’s adults. Researchers report active exploitation of two critical Fortinet authentication bypass vulnerabilities, and three critical vulnerabilities in the FreePBX VoIP platform. An auto-industry credit reporting agency suffers a data breach. Google is shutting down its dark web reporting service. European law enforcement dismantles a Ukrainian fraud network. Our guest is Christiaan Beek, Senior Director Threat Intelligence & Analytics from Rapid7, discussing how attackers are accelerating exploitation, refining ransomware, and expanding nation-state operations. A Pornhub breach proves the internet never forgets.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On today’s Industry Voices segment, guest Christiaan Beek, Senior Director Threat Intelligence & Analytics from Rapid7, discusses how attackers are accelerating exploitation, refining ransomware, and expanding nation-state operations. Dive into the details in Rapid7’s report. Tune into Christiaan's full conversation here.

Selected Reading

Venezuela Says Oil Export System Down After Weekend Cyberattack (Bloomberg)

Iran-linked hackers dox Israelis, offer cash bounties (The Jerusalem Post)

German Parliament Allegedly Hit by Email Outage During US-Ukraine Talks Amid Cyberattack Suspicions (TechNadu)

Breach at South Korea’s Equivalent of Amazon Exposed Data of Almost Every Adult (Wall Street Journal)

Arctic Wolf Observes Malicious SSO Logins on FortiGate Devices Following Disclosure of CVE-2025-59718 and CVE-2025-59719 (Arctic Wolf)

Critical authentication bypass and multiple flaws discovered in FreePBX VoIP platform (Beyond Machines)

Millions Affected by Massive 700Credit Data Breach (Tech.co)

Google Is Shutting Down Its Dark Web Monitoring Tool (Technology.org)

European authorities dismantle call center fraud ring in Ukraine (Bleeping Computer)

Porn User Data Stolen—Pornhub ‘Search, Watch And Download’ Activity (Forbes)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Quantum [CISOP]

Tue, 16 Dec 2025 07:00:00 -0000

In this episode, host Kim Jones tacks a topic that is rapidly moving from theoretical to operational reality: quantum computing. While classical computing will remain the backbone of our systems for years to come, quantum technologies are advancing fast enough that CISOs must begin preparing today. Kim explores what quantum computing really means, why it matters for cybersecurity, and how leaders should begin planning for its inevitable impact. To help demystify the subject, Kim is joined by longtime colleague and cybersecurity practitioner Michael Sottile—now the CSO of a quantum computing firm—who brings decades of hands-on experience across industries and a front-row seat to quantum's evolution.

Want more CISO Perspectives?

Check out a companion ⁠⁠blog post⁠⁠ by our very own Ethan Cook, where he breaks down key insights, shares behind-the-scenes context, and highlights research that complements this episode.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Another day, another emergency patch.

Mon, 15 Dec 2025 21:10:00 -0000

Apple and Google issue emergency updates to patch zero-days. Google links five additional Chinese state-backed hacking groups to “React2Shell.” France’s Ministry of the Interior was hit by a cyberattack. Atlassian patches roughly 30 third-party vulnerabilities. Microsoft says its December 2025 Patch Tuesday updates are breaking Message Queuing. Researchers uncovered a massive exposed database with nearly 4.3 billion professional records openly accessible online. Britain’s new MI6 chief warns of an “aggressive, expansionist, and revisionist” Russia. Monday Business Brief. On today’s Threat Vector, ⁠Michael Heller⁠ from Unit 42 chats with security leaders ⁠Greg Conti⁠ and ⁠Tom Cross⁠ to unpack the hacker mindset and the idea of “dark capabilities”. A cyber holiday gift guide for the rest of us.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

Threat Vector Segment

In this segment of Threat Vector, host ⁠Michael Heller⁠, Managing Editor for Cortex and Unit 42 and Executive Producer of the podcast, sits down with long-time security leaders ⁠Greg Conti⁠ and ⁠Tom Cross⁠ to unpack the hacker mindset and the idea of “dark capabilities” inside modern technology companies. You can listen to their full discussion here. Be sure to catch new episodes of Threat Vector by Palo Alto Networks every Thursday on your favorite podcast app.

Selected Reading

Apple, Google forced to issue emergency 0-day patches (The Register)

Google links more Chinese hacking groups to React2Shell attacks (Bleeping Computer)

French Interior Ministry confirms cyberattack on email servers (Bleeping Computer)

Atlassian Patches Critical Apache Tika Flaw (SecurityWeek)

Microsoft: December security updates cause Message Queuing failures (Bleeping Computer)

16TB of MongoDB Database Exposes 4.3 Billion Lead Gen Records (Hackread)

MI6 chief warns 'front line is everywhere' and signals intent to pressure Putin (The Record)

Saviynt raises $700 million in Series B growth equity financing. (The CyberWire Business Brief)

Last-minute cybersecurity and privacy gifts your friends and family won't hate (This Week In Security)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Amanda Fennell: There's a cyber warrior in all of us [Information] [Career Notes]

Sun, 14 Dec 2025 08:00:00 -0000

Please enjoy this encore of Career Notes.

Chief security officer and chief information officer at Relativity, Amanda Fennell shares her story from archeology to cybersecurity. She shares the path that lead her towards becoming an archeologist and how it turned out not being exactly what she expected. She then shares how she got into the cyber business and how her past has impacted what she's doing now. She describes how she would like to be remembered in the cyber world, she says "I do hope that I left things better than I found them, not just the security of a product or a company, but I believe strongly that every person has a little cyber warrior inside of them." We thank Amanda for sharing her story.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Root access to the great firewall. [Research Saturday]

Sat, 13 Dec 2025 08:00:00 -0000

Daniel Schwalbe, DomainTools Head of Investigations and CISO, is sharing their work on "Inside the Great Firewall." This two-part research project analyzes an extraordinary 500–600GB leak that exposes the internal architecture, tooling, and human ecosystem behind China’s Great Firewall.

Across both parts, you break down thousands of leaked documents, source code repositories, diagrams, packet captures, and telemetry that reveal how systems like the Traffic Secure Gateway, MAAT, Redis-based analytics, and modular DPI engines work together to censor, surveil, and fingerprint users at scale. Taken together, the research shows how the Great Firewall functions not just as a technical system, but as a living censorship-industrial complex that adapts, learns, and coordinates across government, telecoms, and security vendors.

The research can be found here:

Learn more about your ad choices. Visit megaphone.fm/adchoices

One rule to rule them all.

Fri, 12 Dec 2025 21:10:00 -0000

A new executive order targets states’ AI regulations, while the White House shifts course on an NSA deputy director pick. The UK fines LastPass over inadequate security measures. Researchers warn of active attacks against Gladinet CentreStack instances. OpenAI outlines future cybersecurity plans. MITRE ranks the top 25 vulnerabilities of 2025. CISA orders U.S. federal agencies to urgently patch a critical GeoServer vulnerability. An anti-piracy coalition shuts down one of India’s most popular illegal streaming services. Our guest Mark Lance, Vice President, DFIR & Threat Intelligence, GuidePoint Security, unpacks purple team table top exercises to prepare for AI-generated attacks. Hackers set their sights on DNA.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Mark Lance, Vice President, DFIR & Threat Intelligence, GuidePoint Security, is discussing purple team table top exercises to prepare for AI-generated attacks.

Selected Reading

Trump Signs Executive Order to Block State AI Regulations (SecurityWeek)

Announced pick for No. 2 at NSA won’t get the job as another candidate surfaces (The Record)

LastPass Data Breach — Insufficient Security Exposed 1.6 Million Users (Forbes)

Gladinet CentreStack Flaw Exploited to Hack Organizations (SecurityWeek)

OpenAI lays out its plan for major advances in AI cybersecurity features (SC Media)

MITRE Releases 2025 List of Top 25 Most Dangerous Software Vulnerabilities (SecurityWeek)

CISA orders feds to patch actively exploited Geoserver flaw (Bleeping Computer)

MKVCinemas streaming piracy service with 142M visits shuts down (Bleeping Computer)

The Unseen Threat: DNA as Malware (BankInfoSecurity)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Weak passwords meet strong motives

Thu, 11 Dec 2025 21:10:00 -0000

CISA warns that pro-Russia hacktivist groups are targeting US critical infrastructure. Google patches three new Chrome zero-day vulnerabilities. North Korean actors exploit React2Shell to deploy a new backdoor. Researchers claim Docker Hub secret leakage is now a systemic problem. Attackers exploit an unpatched zero-day in Gogs, the self-hosted Git service. IBM patches more than 100 vulnerabilities across its product line. Storm-0249 abuses endpoint detection and response tools. The DOJ indicts a former Accenture employee for allegedly misleading federal customers about cloud security. Our guest is Kavitha Mariappan, Chief Transformation Officer at Rubrik, talking about understanding & building resilience against identity-driven threats. A malware tutor gets schooled by the law.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On today’s Industry Voices segment, we are joined by Kavitha Mariappan, Chief Transformation Officer at Knowledge Partner Rubrik, talking about understanding and building resilience against identity-driven threats. Tune into Kavitha’s full conversation here.

New Rubrik Research Finds Identity Resilience is Imperative as AI Wave Floods the Workplace with AI Agents (Press release)
The Identity Crisis: Understanding and Building Resilience Against Identity-Driven Threats (Report)
Agentic AI and Identity Sprawl (Data Security Decoded podcast episode) Host Caleb Tolin and guest ⁠Joe Hladik⁠, Head of Rubrik Zero Labs, to unpack the findings from their the report Kavitha addresses.

Resources: Rubrik’s Data Security Decoded podcast airs semi-monthly on the N2K CyberWire network with host Caleb Tolin. You can catch new episodes twice a month on Tuesdays on your favorite podcast app.

Selected Reading

CISA: Pro-Russia Hacktivists Target US Critical Infrastructure

New cybersecurity guidance paves the way for AI in critical infrastructure | CyberScoop

Google Releases Critical Chrome Security Update to Address Zero-Days - Infosecurity Magazine

North Korea-linked ‘EtherRAT’ backdoor used in React2Shell attacks | SC Media

Thousands of Exposed Secrets Found on Docker Hub - Flare

Hackers exploit unpatched Gogs zero-day to breach 700 servers

IBM Patches Over 100 Vulnerabilities - SecurityWeek

Ransomware IAB abuses EDR for stealthy malware execution

US charges former Accenture employee with misleading feds on cloud platform’s security - Nextgov/FCW

Man gets jail for filming malware tutorials for syndicate; 129 Singapore victims lost S$3.2m - CNA

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

When preview pane becomes preview pain.

Wed, 10 Dec 2025 21:10:00 -0000

Patch Tuesday. Federal prosecutors charge a Houston man with smuggling Nvidia chips to China, a Ukrainian woman for targeting critical infrastructure, and an Atlanta activist for wiping his phone. The power sector sees cyber threats doubling. The new Spiderman phishing kit slings its way across the dark web. Our guest is Dick O'Brien, Principal Intelligence Analyst from Symantec and Carbon Black Threat Hunter Team, discussing “Unwanted Gifts: Major Campaign Lures Targets with Fake Party Invites.” The Pentagon unveils a killer chatbot.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Dick O'Brien, Principal Intelligence Analyst from Symantec and Carbon Black Threat Hunter Team, is discussing “Unwanted Gifts: Major Campaign Lures Targets with Fake Party Invites."

Selected Reading

Microsoft Patches 57 Vulnerabilities, Three Zero-Days (SecurityWeek)

Google Patches Gemini Enterprise Vulnerability Exposing Corporate Data (SecurityWeek)

Adobe Patches Nearly 140 Vulnerabilities (SecurityWeek)

ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Rockwell, Schneider (SecurityWeek)

Fortinet Patches Critical Authentication Bypass Vulnerabilities (SecurityWeek)

Smuggling Ring Charged as Trump Okays Nvidia Sales to China (Gov Infosecurity)

Cybersecurity in power: supply chain most vulnerable, varying confidence in resilience (Power Technology)

Spiderman Phishing Kit Targets European Banks with Real-Time Credential Theft (Hackread)

Hospice Firm, Eye Care Practice Notifying 520,000 of Hacks (Bank Infosecurity)

Ukrainian hacker charged with helping Russian hacktivist groups (Bleeping Computer)

Man Charged for Wiping Phone Before CBP Could Search It (404 Media)

Pete Hegseth Says the Pentagon's New Chatbot Will Make America 'More Lethal' (404 Media)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

The bug that got everyone’s attention.

Tue, 09 Dec 2025 21:10:00 -0000

Organizations worldwide scramble to address the critical React2Shell vulnerability. Major insurers look to exclude artificial intelligence risks from corporate policies. Three Chinese hacking groups converge on the same Sharepoint flaws. Ransomware crews target hypervisors. A UK hospital asks the High Court to block publication of data stolen by the Clop gang. The White House approves additional Nvidia AI chip exports to China. The ICEBlock app creator sues the feds over app store removal. The FBI warns of virtual kidnapping scams. The FTC upholds a ban on a stalkerware maker. Dave Lindner, CISO of Contrast Security, discusses nation-state adversaries targeting source code to infiltrate the government and private sector. Craigslist’s founder pledges support for cybersecurity, veterans and pigeons.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

⁠Dave Lindner⁠, CISO of ⁠Contrast Security⁠, discusses nation-state adversaries targeting source code to infiltrate the government and private sector.

Selected Reading

Researchers track dozens of organizations affected by React2Shell compromises tied to China’s MSS (The Record)

Insurers retreat from AI cover as risk of multibillion-dollar claims mounts (Financial Times)

Three hacking groups, two vulnerabilities and all eyes on China (The Record)

Researchers spot 700 percent increase in hypervisor ransomware attacks (The Register)

UK Hospital Asks Court to Stymie Ransomware Data Leak (Bank Infosecurity)

Trump says Nvidia can sell more powerful AI chips to China (The Verge)

ICEBlock developer sues Trump administration over App Store removal (The Verge)

New FBI alert urges vigilance on virtual kidnapping schemes (SC Media)

FTC upholds ban on stalkerware founder Scott Zuckerman (TechCrunch)

Craigslist founder signs the Giving Pledge, and his fortune will go to military families, fighting cyberattacks—and a pigeon rescue (Fortune)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

AI and cyber practicum [CISOP]

Tue, 09 Dec 2025 07:00:00 -0000

In this episode, host Kim Jones examines the rapid rise of enterprise AI and the tension between innovation and protection, sharing an RSA anecdote that highlights both excitement and concern. He outlines the benefits organizations hope to gain from AI while calling out often-overlooked risks like data quality, governance, and accountability. Kim is joined by technologist Tony Gauda to discuss why AI represents a fundamental shift in how systems and decisions are designed. Together, they explore AI-driven operations, cultural barriers to experimentation, and how CISOs can adopt AI responsibly without compromising security.

Want more CISO Perspectives?

Check out a companion ⁠⁠blog post⁠⁠ by our very own Ethan Cook, where he breaks down key insights, shares behind-the-scenes context, and highlights research that complements this episode.

Learn more about your ad choices. Visit megaphone.fm/adchoices

America’s tech turn.

Mon, 08 Dec 2025 21:10:00 -0000

How might Trump’s new National Security Strategy impact cyber? The UK’s NCSC warns LLMs may never get over prompt injection. At least 18 U.S. universities were hit by a months-long phishing campaign. Russia blocks FaceTime. A bipartisan group of senators reviving efforts to strengthen protections across the health sector. Portugal provides legal safe harbor for good-faith security research. A large-scale campaign targets Palo Alto GlobalProtect portals. A Maryland man gets 15 months in prison for his part in a North Korean IT worker scam. Business Brief. Tim Starks from CyberScoop unpacks the President's pending cybersecurity strategy release. An AI image sends UK train schedules off the rails.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Tim Starks, senior reporter from CyberScoop, discussing President Trump's pending cybersecurity strategy release and the end of Sean Plankey’s nomination process.

Selected Reading

National Security Strategy (The White House)

The National Security Strategy: The Good, the Not So Great, and the Alarm Bells (CSIS)

UK intelligence warns AI 'prompt injection' attacks might never go away (The Record)

Over 70 Domains Used in Months-Long Phishing Spree Against US Universities (Hackread)

Russia restricts FaceTime, its latest step in controlling online communications (AP News)

Bipartisan health care cybersecurity legislation returns to address a cornucopia of issues (CyberScoop)

Portugal updates cybercrime law to exempt security researchers (Bleeping Computer)

New wave of VPN login attempts targets Palo Alto GlobalProtect portals (Bleeping Computer)

Maryland man sentenced for N. Korea IT worker scheme involving US government contracts (The Record)

ServiceNow reportedly intends to acquire Veza for more than $1 billion (N2K Pro Business Briefing)

Trains cancelled over fake bridge collapse image (BBC News)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Jon DiMaggio: Two roads diverged. [Strategy] [Career Notes]

Sun, 07 Dec 2025 08:00:00 -0000

Please enjoy this encore of Career Notes.

Chief security strategist from Analyst1, Jon DiMaggio shares his story on how he grew to become a part of the cybersecurity world. He describes different jobs that paved the way to the knowledge he has in the industry right now, and he even shares about an experience that led him to a path that split and which decision he would make, would be crucial in his career. He explains which way he ended up going and how a critical part of his career helped to determine that path. He says "there's two paths when you have that happen, you can either let it defeat you, or you know, you come back swinging." We thank Jon for sharing his story.

Learn more about your ad choices. Visit megaphone.fm/adchoices

When macOS gets frostbite. [Research Saturday]

Sat, 06 Dec 2025 08:00:00 -0000

Jaron Bradley, Director of Jamf Threat Labs, is sharing their work on "ChillyHell: A Deep Dive into a Modular macOS Backdoor." Jamf Threat Labs uncovers a newly notarized macOS backdoor called ChillyHell, tied to past UNC4487 activity and disguised as a legitimate applet.

The malware showcases robust host profiling, multiple persistence mechanisms, timestomping, and flexible C2 communications over both DNS and HTTP. Its modular design includes reverse shells, payload delivery, self-updates, and a brute-force component targeting user credentials.

The research can be found here:

⁠ChillyHell: A Deep Dive into a Modular macOS Backdoor

Learn more about your ad choices. Visit megaphone.fm/adchoices

China’s quiet crawl into critical networks.

Fri, 05 Dec 2025 21:10:00 -0000

Chinese threat actors deploy Brickstorm malware. The critical React2Shell vulnerability is under active exploitation. Cloudflare’s emergency patch triggered a brief global outage. Phishing kits pivot to fake e-commerce sites. The European Commission fines X(Twitter) €120 million for violating the Digital Services Act. Predator spyware has a new bag of tricks. A Russian physicist gets 21 years in prison for cybercrimes. Twin brothers are arrested for allegedly stealing and destroying government data. Our guest is Blair Canavan, Director of Alliances - PKI & PQC Portfolio from Thales, discussing post quantum cryptography. Smart toilet encryption claims don’t hold water.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today on our Industry Voices segment, we are joined by Blair Canavan, Director of Alliances - PKI & PQC Portfolio from Thales, discussing post quantum cryptography (PQC). Listen to Blair’s full conversation here.

Selected Reading

Chinese hackers used Brickworm malware to breach critical US infrastructure (TechRadar)

React2Shell critical flaw actively exploited in China-linked attacks (BleepingComputer)

Cloudflare blames today's outage on emergency React2Shell patch (Bleeping Computer)

SMS Phishers Pivot to Points, Taxes, Fake Retailers (Krebs on Security)

Threat Spotlight: Introducing GhostFrame, a new super stealthy phishing kit (Barracuda)

EU issues €120 million fine to Elon Musk's X under rules to tackle disinformation (The Record)

Predator spyware uses new infection vector for zero-click attacks (Bleeping Computer)

Russian scientist sentenced to 21 years on treason, cyber sabotage charges (The Record)

Twins with hacking history charged in insider data breach affecting multiple federal agencies (Cyberscoop)

‘End-to-end encrypted’ smart toilet camera is not actually end-to-end encrypted (TechCrunch)- kicker

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Pay cuts and a personnel freefall.

Thu, 04 Dec 2025 21:10:00 -0000

CISA staff may see pay cuts in 2026. Threat actors advertise a full chain zero-day exploit for iOS. A US-led international coalition releases joint guidance on integrating AI into operational technology. Microsoft lowers sales growth targets for its agentic AI products. A major fintech provider suffers a ransomware-linked breach. Arizona’s Attorney General sues Temo over data collection practices. Lessons learned from Capita’s handling of Black Basta. The UK sanctions Russia’s GRU. My guest is Dave Baggett, co-founder and CEO of INKY (recently acquired by Kaseya), about the challenges of email security. A U.S. Bankruptcy Court insists on AI transparency.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today, Dave Bittner speaks with Dave Baggett, co-founder and CEO of INKY (recently acquired by Kaseya), about the need to update email security that was built on a 1971 design.

Selected Reading

US Slashes Pay Incentives at Already Weakened Cyber Agency (Bloomberg)

Zero-Day Alert: Alleged iOS 26 Full Chain Exploit for Sale (Dataminr)

Principles for the Secure Integration of Artificial Intelligence in Operational Technology (CISA)

Microsoft drops AI sales targets in half after salespeople miss their quotas (Ars Technica)

Marketing and Compliance Software Vendor to Banks Breached (Data Breach Today)

Arizona attorney general sues Chinese online retailer Temu over data theft claims (AP News)

What organisations can learn from the record breaking fine over Capita’s ransomware incident (DoublePulsar)

UK cracks down on Russian intelligence agency authorised by Putin to target Skripals (GOV.UK)

General Order 210: Filings Using Generative Artificial Intelligence (Southern District of California, United States Bankruptcy Court)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Just another day of scamming and jamming.

Wed, 03 Dec 2025 21:00:00 -0000

The DOJ shuts down another scam center in Myanmar. OpenAI confirms a Mixpanel data breach. A new phishing campaign targets company executives. A bipartisan bill looks to preserve the State and Local Cybersecurity Grant Program. Universities suffer Oracle EBS data breaches. India reports GPS jamming at eight major airports. Kaiser Permanente settles a class action suit over tracking pixels. The FTC plans to require a cloud provider to delete unnecessary student data. An international initiative is developing guidelines for commercial spyware. Our N2K Producer Liz Stokes speaks with Kristiina Omri, Director of Special Programs for CybExer Technologies about the cyber ranges for NATO and ESA. Iranian hackers give malware a retro reboot.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today, we bring you a conversation our N2K Producer Liz Stokes and Kristiina Omri, Director of Special Programs for CybExer Technologies, had during Liz’s visit to Tallinn, Estonia about the cyber ranges for NATO and ESA.

We are pleased to share that our N2K colleagues Liz Stokes and Maria Varmazis were in Tallinn, Estonia this week for the NATO Cyber Coalition 2025 Cyber Range Exercise. Their visit marks the CyberWire as the only United States podcasters invited to attend. We’ll be sharing interviews and insights from the event, starting today with our producer Liz Stokes’ conversation with Kristiina Omri, Director of Special Programs for CybExer Technologies.

Selected Reading
DOJ takes down Myanmar scam center website spoofing TickMill trading platform (The Record)

OpenAI Confirms Mixpanel Data Breach—Was Your Data Stolen? (KnowTechie)

New “Executive Award” Scam Exploits ClickFix to Deliver Stealerium Malware (GB Hackers)

Hassan and Cornyn bring in bipartisan bill to keep state and local cyber grant program alive (Industrial Cyber)

Penn and Phoenix Universities Disclose Data Breach After Oracle Hack (SecurityWeek)

Indian government reveals GPS spoofing at eight major airports (The Register)

Kaiser Permanente to Pay Up to $47.5M in Web Tracker Lawsuit (BankInfo Security)

FTC settlement requires Illuminate to delete unnecessary student data (Bleeping Computer)

Pall Mall Process to Define Responsible Commercial Cyber Intrusion (Infosecurity Magazine)

Iran Hackers Take Inspiration From Snake Video Game (GovInfo Security)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

The Unseen World [Cyber Things]

Wed, 03 Dec 2025 06:00:00 -0000

Enjoy this episode of Cyber things from Armis. Catch the next episode on your favorite podcast app on December 15th.

Welcome to Cyber Things, a special edition podcast produced in partnership by Armis and N2K CyberWire that plunges into the hidden world beneath our connected reality. Inspired by Stranger Things, we explore the digital realm's own Upside Down - a space teeming with unseen devices, silent intruders, and invisible threats that quietly impact our everyday lives.

In this first episode, we tackle the core challenge of modern defense: seeing the unseen. Rebecca Cradick, VP of Global Communications at Armis, is joined by Kam Chumley-Soltani, Director of OT Solutions Engineering at Armis. They discuss what it truly takes for cybersecurity professionals to achieve full visibility and how early intelligence acts as a crucial barrier, stopping a devastating cyber storm before it breaks through the gate.

Tune in now to hear how defenders are fighting back against the digital demons that lurk in the shadows.

Learn more about your ad choices. Visit megaphone.fm/adchoices

ShadyPanda’s patient poisoning.

Tue, 02 Dec 2025 21:00:00 -0000

ShadyPanda plays the long game. India mandates tracking software on mobile devices. Korea weighs punitive damages after a massive breach. Qualcomm patches a critical boot flaw impacting millions. OpenAI patches a Codex CLI vulnerability. Google patches Android zero-days. Cybersecurity issues prompt an FDA permanent recall for an at-home ventilator system. Switzerland questions the security of hyperscale clouds and SaaS services. One of the world’s largest cyber insurers pulls back from the market. On our Threat Vector segment, ⁠David Moulton⁠ sits down with ⁠Stav Setty to unpack the Jingle Thief campaign. In Russia, Porsches take a holiday.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

Threat Vector segment

In today’s Threat Vector segment, host ⁠David Moulton⁠, Senior Director of Thought Leadership for Unit 42, sits down with ⁠Stav Setty⁠, Principal Researcher at Palo Alto Networks, to unpack Jingle Thief a cloud-only, identity-driven campaign that turned Microsoft 365 into a gift card printing press. Stav explains how the Morocco-based group known as Atlas Lion lived off the land inside M365 for months at a time, using tailored phishing and smishing pages, URL tricks, and internal phishing to compromise one user and quietly pivot to dozens more. To listen to the full conversation on Threat Vector, listen here. You can catch new episodes of Threat Vector every Thursday on your favorite podcast app.

Selected Reading

Browser extensions pushed malware to 4.3M Chrome, Edge users (The Register)

India plans to verify and record every smartphone in circulation (TechCrunch)

Apple to Resist India's Order to Preload Government App on iPhones (MacRumors)

President orders probe into Coupang breach (The Korea Herald)

Qualcomm Alerts Users to Critical Flaws That Compromise the Secure Boot Process (GB Hackers)

Vulnerability in OpenAI Coding Agent Could Facilitate Attacks on Developers (SecurityWeek)

Google Releases Patches for Android Zero-Day Flaws Exploited in the Wild (Infosecurity Magazine)

'Cyber Issue' Leads to FDA Recall of Baxter Respiratory Gear (GovInfoSecurity)

Swiss government bans SaaS and cloud for sensitive info (The Register)

Publication: Resolution on outsourcing data processing to the cloud (Privatim)

Insurer Beazley Steps Back From Cyber Market as Attacks Surge (PYMNTS.com)

Hundreds of Porsche Owners in Russia Unable to Start Cars After System Failure (The Moscow Times)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

AI's impact on business [CISOP]

Tue, 02 Dec 2025 07:00:00 -0000

In this episode, Kim Jones sits down with Eric Nagel, a former CISO with a rare blend of engineering, legal, and patent expertise, to unpack what responsible AI really looks like inside a modern enterprise. Eric breaks down the difference between traditional machine learning and generative AI, why nondeterministic outputs can be both powerful and risky, and how issues like bias, hallucinations, and data leakage demand new safeguards—including AI firewalls.

He also discusses what smaller organizations can do to manage AI risk, how tools like code-generation models change expectations for developers, and the evolving regulatory landscape shaping how companies must deploy AI responsibly.

Want more CISO Perspectives?

Check out a companion ⁠⁠blog post⁠⁠ by our very own Ethan Cook, where he breaks down key insights, shares behind-the-scenes context, and highlights research that complements this episode.

Learn more about your ad choices. Visit megaphone.fm/adchoices

From cryptomixers to recipe mixers.

Mon, 01 Dec 2025 21:00:00 -0000

European authorities take down an illegal cryptomixer. An Australian man is sentenced for running an airport evil twin WiFi campaign. Researchers unmask a Scattered LAPSUS$ Hunters impresario. CISA flags a cross-site scripting flaw in OpenPLC ScadaBR. A major South Korean retailer suffers a data breach affecting over 33 million customers. Threat actors abuse digital calendar subscription features. New York’s new hospital cybersecurity mandates may raise the bar nationwide. Scammers target Cyber Monday shoppers. Monday business brief. Ann Johnson speaks with Microsoft’s Amy Hogan-Burney on the Afternoon Cyber Tea segment. Google gets caught reheating someone else’s holiday recipe.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, ⁠Daily Briefing⁠, and you’ll never miss a beat. And be sure to follow CyberWire Daily on ⁠LinkedIn⁠.

Afternoon Cyber Tea segment

Afternoon Cyber Tea host Ann Johnson speaks with Amy Hogan-Burney, Corporate Vice President of Customer Trust and Security at Microsoft, about how Microsoft Is redefining global cyber defense. Ann and Amy discuss Microsoft’s evolving approach to combating global cybercrime and the importance of collaboration across the private and public sectors. You can listen to their full conversation here and catch new episodes of Afternoon Cyber Tea every other Tuesday on your favorite podcast app.

Selected Reading

Cryptomixer crypto laundering service taken down by law enforcement (Help Net Security)

Man behind in-flight Evil Twin WiFi attacks gets 7 years in prison (Bleeping Computer)

Meet Rey, the Admin of ‘Scattered Lapsus$ Hunters’ (Krebs on Security)

U.S. CISA adds an OpenPLC ScadaBR flaw to its Known Exploited Vulnerabilities catalog (Security Affairs)

Data breach hits 'South Korea's Amazon,' potentially affecting 65% of country’s population (The Record)

Threat Actors Exploit Calendar Subscriptions for Phishing and Malware (Infosecurity Magazine)

New York Hospital Cyber Rules to 'Raise the Bar' Nationwide (GovInfo Security)

Over 2,000 Fake Shopping Sites Spotted Before Cyber Monday (Hackread)

Guardio secures $80 million in new funding. (N2K Pro Business Briefing)

Google deletes X post after getting caught using a ‘stolen’ AI recipe infographic (Bleeping Computer)

Share your feedback.
What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

AI in the GRC: What's real, what's risky and what's next. [Special Edition]

Sun, 30 Nov 2025 08:00:00 -0000

Join us for a timely and insightful live discussion on the evolving role of artificial intelligence in governance, risk, and compliance. Host Dave Bittner from N2K | CyberWire is joined by Kayne McGladrey from Hyperproof, Matthew Cassidy, PMP, CISA from Grant Thornton (US), and Alam Ali from Hyperproof to explore the current state of artificial intelligence in governance, risk, and compliance. The panel will discuss what AI is truly doing well today, the risks and challenges organizations need to watch for, and how AI is poised to influence the future of GRC. They will also share practical insights and real-world guidance for teams looking to adopt AI responsibly and effectively. Don’t miss this timely conversation as our experts break down what’s real, what’s risky, and what’s next in AI for GRC.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Danielle Jablanski: Finding the path to success [Strategy] [Career Notes]

Sun, 30 Nov 2025 08:00:00 -0000

Please enjoy this encore of Career Notes.

Operational technology cybersecurity strategist from Nozomi Networks, Danielle Jablanski shares her story of building a target map to end up where she is today. She shares how she started in college and how different paths in life got her to be on the target of success where she is today. She says " you build out that kind of target of where you want to be, and understand that getting to that point might mean doing things you don't enjoy for a number of years, but figuring that out is another way to get to that target without having like a clear bullseye" She goes on to explain how this target map is helping her to create real change and ultimately makes an impact. We thank Danielle for sharing her story.

Learn more about your ad choices. Visit megaphone.fm/adchoices

A new stealer hiding behind AI hype. [Research Saturday]

Sat, 29 Nov 2025 08:00:00 -0000

Please enjoy this encore of Research Saturday.

This week, we are joined by ⁠Michael Gorelik⁠, Chief Technology Officer from ⁠Morphisec⁠, discussing their work on "New Noodlophile Stealer Distributes Via Fake AI Video Generation Platforms." A new threat dubbed Noodlophile Stealer is exploiting the popularity of AI-powered content tools by posing as fake AI video generation platforms, luring users into uploading media in exchange for malware-laced downloads.

Distributed through convincing Facebook groups and viral campaigns, the malware steals browser credentials, cryptocurrency wallets, and can deploy a remote access trojan like XWorm. The campaign uses a layered, obfuscated delivery chain disguised as legitimate video editing software, making it both deceptive and difficult to detect.

The research can be found here:

⁠⁠⁠New Noodlophile Stealer Distributes Via Fake AI Video Generation Platforms

Learn more about your ad choices. Visit megaphone.fm/adchoices

Pass the intel, please. [Only Malware in the Building]

Fri, 28 Nov 2025 06:00:00 -0000

Please enjoy this encore of Only Malware in the Building.

Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is ⁠⁠⁠⁠⁠Selena Larson⁠⁠⁠⁠⁠, ⁠⁠⁠⁠⁠Proofpoint⁠⁠⁠⁠⁠ intelligence analyst and host of their podcast ⁠⁠⁠⁠⁠DISCARDED⁠⁠⁠⁠⁠. Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by her co-hosts ⁠⁠⁠⁠⁠N2K Networks⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠ and ⁠⁠⁠⁠Keith Mularski⁠⁠⁠⁠, former FBI cybercrime investigator and now Chief Global Ambassador at ⁠⁠⁠⁠Qintel⁠⁠⁠⁠.

Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we explore what makes information sharing actually work. From public-private partnerships to actionable intelligence, our guests discuss how organizations can prioritize, process, and operationalize shared cyber threat data to stay ahead of emerging risks.

Plus, catch Dave, Selena, and Keith on their road trip adventure in our video on ⁠⁠YouTube⁠⁠ — full of laughs, unexpected detours, and plenty of sleuthing!

Learn more about your ad choices. Visit megaphone.fm/adchoices

Hacker Movies Then vs Now [Threat Vector]

Thu, 27 Nov 2025 07:00:00 -0000

We dive into a nostalgic yet revealing journey through classic hacker films, from WarGames to The Net and beyond, to assess what they got right, what they wildly imagined, and what those stories say about culture, fears, and cyber reality today. David Moulton, Senior Director of Thought Leadership for Unit 42 talks with Ben Hasskamp, Global Content Leader at Palo Alto Networks, who has been writing deeply on this intersection of media, tech, and risk. Together, we’ll examine how cinematic depictions of hacking have shaped public perception, influenced policy, and sometimes eerily foreshadowed modern cyber threats. Expect a blend of film critique, security insight, and cultural reflection.

Join the conversation on our social media channels:

About Threat Vector

The podcast features in-depth discussions with industry leaders, Palo Alto Networks experts, and customers, providing crucial insights for security decision-makers.

Palo Alto Networks

Learn more about your ad choices. Visit megaphone.fm/adchoices

Identifying vulnerabilities in space with Bigbear.ai. [Deep Space]

Thu, 27 Nov 2025 06:00:00 -0000

Please enjoy this encore of T-Minus Deep Space.

BigBear.ai is at the forefront of innovation for national security, and is committed to supporting the critical infrastructure driving America’s competitive edge. The company deploys cutting-edge Al, machine learning, and computer vision solutions to defend critical operations and win with decision advantage. Our guests are ⁠Eric Conway,⁠ Vice President of Technology, and ⁠Joe Davis⁠, Cybersecurity Research Scientist at ⁠Bigbear.ai.⁠

Remember to leave us a 5-star rating and review in your favorite podcast app.

Be sure to follow T-Minus on ⁠LinkedIn⁠ and ⁠Instagram⁠.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our ⁠media kit⁠. Contact us at ⁠space@n2k.com⁠ to request more info.

Want to join us for an interview?

Please send your pitch to ⁠space-editor@n2k.com⁠ and include your name, affiliation, and topic proposal.

T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Hacktivists go galactic.

Wed, 26 Nov 2025 21:10:00 -0000

Report sheds light on cyber activity targeting space-related organizations during the Gaza War. Russian threat actor targets US civil engineering firm. FBI says $262 million has been stolen in account takeover scams this year. HashJack attack tricks AI browser assistants. London councils disrupted by cyberattacks. Russia’s Gamaredon and North Korea’s Lazarus Group appear to be sharing infrastructure. Canon says subsidiary was breached by Oracle EBS flaw. Dave Bittner was joined by Cynthia Kaiser, SVP of the Ransomware Research Center at Halcyon, sharing a deep dive on Akira ransomware. And Campbell’s Soup CISO placed on leave following lawsuit.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Dave Bittner was joined by Cynthia Kaiser, SVP of the Ransomware Research Center at Halcyon, sharing a deep dive on Akira ransomware. Learn more on Halcyon’s threat actor profile of Akira, and how they fit into their latest Malicious Quartile Report.

Selected Reading

New Report Warns Space Sector Faces Rising Cyber Threats Amid Modern Conflicts (Orbital Today)

Russian RomCom Utilizing SocGholish to Deliver Mythic Agent to U.S. Companies Supporting Ukraine (Arctic Wolf)

FBI says $262 million has been stolen in account takeover scams this year (IC3)

HashJack – Novel Indirect Prompt Injection Against AI Browser Assistants (Cato Networks)

Multiple London councils 'hit by cyber-attacks' (BBC)

London Cyberattacks Confirmed — Security Experts Issue Multiple Warnings (Forbes)

Russian and North Korean Hackers Forge Global Cyberattack Alliance (GB Hackers)

Canon Allegedly Breached by Clop Ransomware via Oracle E-Business Suite 0-Day Hack (Cyber Security News)

A Campbell Soup VP is on leave after secret recording appears to show him mocking 'poor' customers, '3D-printed chicken' (Business Insider)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Message in the malware.

Tue, 25 Nov 2025 21:10:00 -0000

CISA warns of spyware targeting messaging apps. CodeRED, this is not a test. Infostealer campaign spreads via malicious Blender files. Shai-Hulud’s second coming. Real estate finance firm SitusAMC investigates breach. Dartmouth College discloses Oracle EBS breach. Dave Bittner is joined by Tim Starks, Senior reporter from CyberScoop, to discuss the Trump administration’s upcoming cyber strategy. And tis the season for deals — and digital deception.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Dave Bittner is joined by Tim Starks, Senior reporter from CyberScoop, to discuss the Trump administration’s upcoming cyber strategy. Read Tim’s piece on the topic “Completed draft of cyber strategy emphasizes imposing costs, industry partnership”.

Selected Reading

Spyware Allows Cyber Threat Actors to Target Users of Messaging Applications (CISA)

CodeRED cyber attack leaves emergency notification system down, exposes user data (First Alert 4)

Morphisec Thwarts Russian-Linked StealC V2 Campaign Targeting Blender Users via Malicious .blend Files (Morphisec)

Shai-Hulud’s Second Coming: NPM Malware Attack Evolved (Checkmarx)

SitusAMC confirms breach of client data after cyberattack (The Register)

Clop's Oracle EBS rampage reaches Dartmouth College (The Register)

2025 Retail Holiday Threat Report: Scams and Impersonation Attacks Targeting Retailers (BforeAI)

The data privacy costs of Black Friday bargains: 100 Black Friday apps analyzed (Comparitech)

2025 Ransomware Holiday Risk Report (Semperis)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

A midseason takeaway. [CISO Perspectives]

Tue, 25 Nov 2025 07:00:00 -0000

In this mid-season episode, Kim takes a step back to reflect on the conversations he has had so far. During the episode, Kim sits down with N2K's own Ethan Cook to connect the dots across episodes, diving into how new technologies are impacting longstanding challenges, both from a security standpoint and from an attacker's view. Whether you're catching up or tuning in weekly, this episode offers a thoughtful recap and fresh perspective on where we've been—and what's still to come.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Inside job interrupted.

Mon, 24 Nov 2025 21:10:00 -0000

CrowdStrike fires an insider who allegedly shared screenshots with hackers. Google agrees, it wasn’t Salesforce. Cox Enterprises confirms Oracle EBS breach. Alleged Transport for London hackers plead not guilty. Hackers exploit new WSUS bug to deploy ShadowPad backdoor. Iberia discloses breach of customer data. Harvard discloses voice-phishing breach exposing alumni and donor data. We have our Monday Business Briefing. Our guest today is Brandon Karpf, friend of the show discussing maritime GPS jamming and spoofing. And the launderers who wanted a bank for Christmas.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Brandon Karpf, friend of the show discussing maritime GPS jamming and spoofing.

Selected Reading

CrowdStrike fires 'suspicious insider' who passed information to hackers (TechCrunch)

Google says hackers stole data from 200 companies following Gainsight breach (TechCrunch)

Cox Confirms Oracle EBS Hack as Cybercriminals Name 100 Alleged Victims (SecurityWeek)

Teens plead not guilty over TfL cyber-attack (BBC)

Attackers deliver ShadowPad via newly patched WSUS RCE bug (Security Affairs)

Iberia discloses customer data leak after vendor security breach (Bleeping Computer)

Harvard University discloses data breach affecting alumni, donors (Bleeping Computer)

Doppel secures $70 million in a Series C round. (N2K Pro Business Briefing)

Russia-linked crooks bought a bank for Christmas to launder cyber loot (The Register)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

How realistic is A House of Dynamite? [T-Minus Deep Space]

Mon, 24 Nov 2025 07:00:00 -0000

The new Netflix movie A House of Dynamite, chronicles what happens when the unthinkable unfolds. How realistic is it? We ask the movie’s advisor and expert, Lieutenant General Daniel Karbler (Ret.).

Remember to leave us a 5-star rating and review in your favorite podcast app.

Be sure to follow T-Minus on LinkedIn and Instagram.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at space@n2k.com to request more info.

Want to join us for an interview?

Please send your pitch to space-editor@n2k.com and include your name, affiliation, and topic proposal.

T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Satya Gupta: Rising to your contribution. [CTO] [Career Notes]

Sun, 23 Nov 2025 08:00:00 -0000

Please enjoy this encore of Career Notes.

Co-founder and CTO of Virsec, Satya Gupta shares his story of how he has over 25 years of expertise in embedded systems, network security and systems architecture. He also talks about how a colleague of his told him something that resinated with him, he said " that was really a remarkable statement that I heard from that person. You rise to the point where you can actually contribute." He also discusses how he got into the startup atmosphere and how different scenarios in his life helped to lead him to the successful man he has become in the cyber community. We thank Satya for sharing his story.

Learn more about your ad choices. Visit megaphone.fm/adchoices

DataTribe's Cyber Innovation Day: Cyber: The Wake of Tech Innovation. [Special Edition]

Sun, 23 Nov 2025 06:00:00 -0000

On this Special Edition podcast, we share a panel from DataTribe's Cyber Innovation Day 2025, "Cyber: The Wake of Tech Innovation."

The podcast tech host panel included Dave Bittner, host of CyberWire Daily podcast, Maria Varmazis, host of T-Minus Space Daily podcast, and Daniel Whitenack, co-host of Practical AI podcast, sharing a wide-ranging discussion.

Together, Dave, Maria and Dan examine the intersection of frontier innovation and cyber innovation through the lens of cyber, space, and AI.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Two RMMs walk into a phish… [Research Saturday]

Sat, 22 Nov 2025 08:00:00 -0000

Alex Berninger, Senior Manager of Intelligence at Red Canary, and Mike Wylie, Director, Threat Hunting at Zscaler, join to discuss four phishing lures in campaigns dropping RMM tools. Red Canary and Zscaler uncovered phishing campaigns delivering legitimate remote monitoring and management (RMM) tools—like ITarian, PDQ, SimpleHelp, and Atera—to gain stealthy access to victim systems. Attackers used four main lures (fake browser updates, meeting invites, party invitations, and fake government forms) and often deployed multiple RMM tools in quick succession to establish persistent access and deliver additional malware.

The report highlights detection opportunities, provides indicators of compromise, and stresses the importance of monitoring authorized RMM usage, scrutinizing trusted services like Cloudflare R2, and enforcing strict network and endpoint controls.

The research can be found here:

You’re invited: Four phishing lures in campaigns dropping RMM tools

Learn more about your ad choices. Visit megaphone.fm/adchoices

AI meets the chain of command.

Fri, 21 Nov 2025 21:10:00 -0000

Cyber Command names a new head of AI. The UK introduces its long-delayed Cyber Security and Resilience Bill. Researchers highlight a critical Oracle Identity Manager flaw. Salesforce warns customers of a third-party data breach. Italy’s state-owned railway operator leaks sensitive information. SonicWall patches firewalls and email security devices. The US charges four individuals with conspiring to illegally export restricted Nvidia AI chips to China. The SEC drops its lawsuit against SolarWinds. NSO group claims a permanent injunction could cause irreparable and potentially existential harm. Maria Varmazis of the T-Minus Space Daily show sits down with General Daniel Karbler (Ret.) to discuss his consulting work for A House of Dynamite, the newly released Netflix film. Roses are red, violets are blue, this poem just jailbroke your AI too.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Maria Varmazis of the T-Minus Space Daily show sits down with Lt. General Daniel Karbler (Ret.) to discuss his consulting work for A House of Dynamite, the newly released Netflix film. This is an excerpt of T-Minus Deep Space airing tomorrow in all of your favorite podcast app.

Selected Reading

Cyber Command Taps Reid Novotny as New AI Chief (MeriTalk)

UK's New Cybersecurity Bill Takes Aim at Ransomware Gangs and State-Backed Hackers (Fortra)

Critical Oracle Identity Manager Flaw Possibly Exploited as Zero-Day (SecurityWeek)

Salesforce alerts customers of data breach traced to a supply chain partner (CXOtoday)

Massive data leak hits Italian railway operator Ferrovie dello Stato via Almaviva hack (Security Affairs)

SonicWall Patches High-Severity Flaws in Firewalls, Email Security Appliance (SecurityWeek)

Four charged with plotting to sneak Nvidia chips into China (The Register)

SEC voluntarily dismisses SolarWinds lawsuit (The Record)

NSO Group argues WhatsApp injunction threatens existence, future U.S. government work (CyberScoop)

Adversarial Poetry as a Universal Single-Turn Jailbreak Mechanism in Large Language Models (Arxiv)

Freesound Music

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Inside Jingle Thief Cloud Fraud Unwrapped [Threat Vector]

Fri, 21 Nov 2025 07:00:00 -0000

In this special episode of Threat Vector, host David Moulton, Senior Director of Thought Leadership for Unit 42, sits down with Stav Setty, Principal Researcher at Palo Alto Networks, to unpack Jingle Thief a cloud-only, identity-driven campaign that turned Microsoft 365 into a gift card printing press. Stav explains how the Morocco based group known as Atlas Lion lived off the land inside M365 for months at a time, using tailored phishing and smishing pages, URL tricks, and internal phishing to compromise one user and quietly pivot to dozens more.

Together, David and Stav walk through how the attackers abused legitimate identity features like device registration, MFA resets, inbox forwarding rules, and ServiceNow style access requests to blend into normal business workflows and monetize “digital cash” in the form of gift cards. They dig into why MFA alone is not safety, why identity is now the real perimeter, and how behavioral analytics, UEBA, and ITDR can piece together small signals into a clear story of compromise.

You’ll come away with practical steps to harden identity posture, spot early warning signs in cloud environments, and protect high value systems where trust can be turned directly into profit. To go deeper on this campaign and the Atlas Lion threat actor, read the Unit 42 article Jingle Thief Inside a Cloud-Based Gift Card Fraud Campaign at https://unit42.paloaltonetworks.com/cloud-based-gift-card-fraud-campaign/

Join the conversation on our social media channels:

About Threat Vector

The podcast features in-depth discussions with industry leaders, Palo Alto Networks experts, and customers, providing crucial insights for security decision-makers.

Palo Alto Networks

Learn more about your ad choices. Visit megaphone.fm/adchoices

Eviction notice for Media Land.

Thu, 20 Nov 2025 21:10:00 -0000

The US and allies sanction Russian bulletproof hosting providers. The White House looks to sue states over AI regulations. The US Border Patrol flags citizens’ “suspicious” travel patterns. Lawmakers seek to strengthen the SEC’s cybersecurity posture. A new Android banking trojan captures content from end-to-end encrypted apps. A hidden browser API raises security concerns. Fortinet patches a zero-day. A Philippine former mayor gets life in prison for scam center human trafficking. Our guest is Cliff Crosland, CEO and Co-founder at Scanner.dev, discussing why security data lakes are ideal for AI in the SOC. Green energy gets hijacked for a blockchain side-hustle.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On our Industry Voices segment, we are joined by Cliff Crosland, CEO and Co-founder at Scanner.dev, discussing why security data lakes are ideal for AI in the SOC. Listen to Cliff's full conversation here.

Selected Reading

Russian bulletproof hosting provider sanctioned over ransomware ties (Bleeping Computer)

White House drafts order directing Justice Department to sue states that pass AI regulations (Washington Post)

Border Patrol is monitoring US drivers and detaining those with 'suspicious' travel patterns (Associated Press)

Lawmakers reintroduce bill to bolster cybersecurity at Securities and Exchange Commission (The Record)

Multi-threat Android malware Sturnus steals Signal, WhatsApp messages (Bleeping Computer)

Hidden API in Comet AI browser raises security red flags for enterprises (CSO Online)

Eternidade Stealer Trojan Fuels Aggressive Brazil Cybercrime (Infosecurity Magazine)

Fortinet Patches Actively Exploited FortiWeb Zero Day Flaw (HIPAA Journal)

Ex-Philippine mayor Alice Guo given life sentence for human trafficking (Reuters)

Wind farm worker sentenced after turning turbines into a secret crypto mine (Bitdefender)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

The oversized file that stalled the internet.

Wed, 19 Nov 2025 21:10:00 -0000

Cloudflare’s outage is rooted in an internal configuration error. The Trump administration is preparing a new national cyber strategy. CISA gives federal agencies a week to secure a new Fortinet flaw. MI5 warns that China is using LinkedIn headhunters and covert operatives to target lawmakers. Experts question the national security risks of TP-Link routers. The China-aligned PlushDaemon threat group hijacks software updates. Researchers discover WhatsApp’s entire global member directory accessible online without protection. LG Energy Solution confirms a ransomware attack. ShinySp1d3r makes its debut. Rotem Tsadok, Director of Security Operations and Forensics at Varonis, is sharing lessons learned from thousands of forensics investigations. A judge says Google’s claims to water use secrecy are all wet.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On our Industry Voices segment, we are joined by Rotem Tsadok, Director of Security Operations and Forensics at Varonis, sharing lessons learned from thousands of forensics investigations. Listen to Rotem's full conversation here.

Selected Reading

Cloudflare blames this week's massive outage on database issues (Bleeping Computer)

National cyber strategy will include focus on ‘shaping adversary behavior,’ White House official says (The Record)

CISA gives govt agencies 7 days to patch new Fortinet flaw (Bleeping Computer)

Chinese Spies Are Using LinkedIn to Target U.K. Lawmakers, MI5 Warns (The New York Times)

No evidence that TP-Link routers are a Chinese security threat (CSO Online)

PlushDaemon compromises network devices for adversary-in-the-middle attacks (welivesecurity)

3.5 Billion Accounts: Complete WhatsApp Directory Retrieved and Evaluated (heise online)

LG Energy Solution reports ransomware attack, hackers claim theft of 1.7 terabytes of data (beyondmachines)

Meet ShinySp1d3r: New Ransomware-as-a-Service created by ShinyHunters (Bleeping Computer)

Google Strives To Keep Data Center Water Use Secret After Judge Orders Records Released (Roanoke Rambler)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

A morning without Cloudflare.

Tue, 18 Nov 2025 21:10:00 -0000

Cloudflare suffers a major outage. Google issues an emergency Chrome update. Logitech discloses a data breach. CISA plans a major hiring push. The House renews the State and Local Cybersecurity Grant Program. The GAO warns military personnel are oversharing online. Tech groups urge governments worldwide to reject proposals that weaken or bypass encryption. Australian authorities blame outdated software for the death of a telecom customer. An alleged Void Blizzard hacker faces extradition to the US. Our guest is Kevin Kennedy from ManTech discussing the future battlefield and the importance of integrating non-kinetic effects. AI meets the IRS. What could possibly go wrong?

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On our Industry Voices segment, we are joined by ⁠Kevin Kennedy⁠ from ⁠ManTech⁠ discussing the future battlefield and the importance of integrating non-kinetic effects. You can hear Kevin's full conversation here.

Selected Reading

Cloudflare outage causes error messages across the internet (The Guardian)

Google releases emergency Chrome update to patch actively exploited vulnerability (Beyond Machines)

Logitech discloses data breach after Clop claims (The Record)

CISA, eyeing China, plans hiring spree to rebuild its depleted ranks (Cybersecurity Dive)

Full renewal of state and local cyber grants program passes in House (The Record)

Pentagon and soldiers let too many secrets slip on socials (The Register)

Dozens of groups call for governments to protect encryption (CyberScoop)

Australia's TPG Telecom links customer's death to outdated Samsung phone (Reuters)

Alleged Void Blizzard hacker arrested in Thailand (SC Media)

Intuit signs $100M+ deal with OpenAI to bring its apps to ChatGPT (TechCrunch)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Fraud and Identity [CISO Perspectives]

Tue, 18 Nov 2025 07:00:00 -0000

Managing identity has been an evolving challenge as networks have only continued to grow and become more sophisticated. In this current landscape, these challenges have only become further exacerbated with new emerging technologies.

In this episode of CISO Perspectives, host ⁠Kim Jones⁠ sits down with Richard Bird from Singular AI to discuss this evolving paradigm. Throughout this conversation, Kim and Richard tackle how managing identity has evolved and how security leaders can get ahead of AI to better secure their systems and networks.

Want more CISO Perspectives?

Check out a companion ⁠⁠blog post⁠⁠ by our very own Ethan Cook, where he breaks down key insights, shares behind-the-scenes context, and highlights research that complements this episode.

Learn more about your ad choices. Visit megaphone.fm/adchoices

The rise of AI-driven cyber offense.

Mon, 17 Nov 2025 21:10:00 -0000

The Pentagon is spending millions on AI hacking. The New York Times investigates illicit crypto funds. Researchers uncover widespread remote code execution flaws in AI inference engines. Police in India arrest CCTV hackers. Payroll Pirates use Google Ads to steal credentials and redirect salaries. A large-scale brand impersonation campaign delivers Gh0st RAT to Chinese-speaking users.A bitcoin mining company CEO gets scammed. Monday biz brief. On our Industry Voices segment with our Knowledge Partner SpecterOps, Chief Technology Officer Jared Atkinson is discussing Attack Path Management: Identities in Transit. Bitcoin big wigs learn to bite through plastic.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On our Industry Voices segment with our Knowledge Partner SpecterOps, Chief Technology Officer Jared Atkinson is discussing Attack Path Management: Identities in Transit. Hear more from Jared here.

Cyber Things podcast

Something strange has landed in all the cool podcast apps…

Cyber Things is a new three-part series from Armis that decodes real-world cyber threats through the lens of a certain Hawkins-based sci-fi phenomenon.

Just in time for the show’s final season, Rebecca Cradick leads us through a world where fiction meets cybersecurity.

Because sometimes the scariest villains aren’t in the Upside Down — they’re online.

You can check out Cyber Things on your favorite podcast app and on our website. On the site, you will find the trailer and Episode 1: The Unseen World available today!

Selected Reading

The Pentagon Is Spending Millions On AI Hacking From Startup Twenty (Forbes)

The Crypto Industry’s $28 Billion in ‘Dirty Money’ (The New York Times)

The Coin Laundry, a global cryptocurrency investigation (International Consortium of Investigative Journalism)

"ShadowMQ" exploit pattern reported in major AI frameworks, enables remote code execution (Beyond Machines)

Gujarat: Hackers steal maternity ward CCTV videos in India cybercrime racket (BBC News)

Payroll Pirates: One Network, Hundreds of Targets (Check Point)

Digital Doppelgangers: Anatomy of Evolving Impersonation Campaigns Distributing Gh0st RAT (Unit 42, Palo Alto Networks)

Inside a Wild Bitcoin Heist: Five-Star Hotels, Cash-Stuffed Envelopes, and Vanishing Funds (WIRED)

UK prosecutors seize £4.11M in crypto from Twitter mega-hack culprit (The Register)

Tenzai emerges from stealth with $75 million in seed funding led by Greylock Partners. (N2K Pro)

How to Not Get Kidnapped for Your Bitcoin (The New York Times)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Chenxi Wang: Overcoming the obstacle of fear. [Venture Capital] [Career Notes]

Sun, 16 Nov 2025 08:00:00 -0000

Please enjoy this encore of Career Notes.

Founder and general partner of Rain Capital, Chenxi shares her story and how she conquered and got over the obstacle of fear to reach her goals in life. " I realized a lot of times my obstacle is my own fear rather than a real obstacle" Wang states, she also shares her story of breaking glass ceilings as a female founder and working in the field of cybersecurity. She hopes to be remembered for being a kind person and developing her own venture fund, as she shares her story to the top, she states what she does and how she got to be where she is today. We thank Chenxi for sharing her story.

Learn more about your ad choices. Visit megaphone.fm/adchoices

When clicks turn criminal. [Research Saturday]

Sat, 15 Nov 2025 08:00:00 -0000

Dr. Renée Burton, Vice President of Threat Intelligence from Infoblox, is sharing the team's work on "Deniability by Design: DNS-Driven Insights into a Malicious Ad Network." Infoblox returns with new threat actor research uncovering Vane Viper, a Cyprus-based holding company behind PropellerAds—one of the world’s largest advertising networks. The report reveals that Vane Viper isn’t just being exploited by criminals but operates as a criminal infrastructure itself, built to profit from fraud, malware, and disinformation through offshore entities and complex ownership structures.

The findings highlight the growing convergence between adtech, cybercrime, and state-linked influence operations, suggesting that elements of the global digital advertising ecosystem are now functioning as infrastructure for large-scale cyber and disinformation campaigns.

The research can be found here:

Deniability by Design: DNS-Driven Insights into
a Malicious Ad Network

Learn more about your ad choices. Visit megaphone.fm/adchoices

Operation spyGPT.

Fri, 14 Nov 2025 21:10:00 -0000

Anthropic reports China-linked hackers used Claude AI in an automated espionage campaign. Google reconsiders its upcoming “Developer Verification” policy for Android. AT&T customers affected by two data breaches in 2024 can now file claims. Nearly 10,000 Washington Post employees were affected by a data breach. ASUS and Imunify360 patch critical flaws. DoorDash discloses a data breach. Checkout.com donates the ransom to researchers. Kraken ransomware benchmarks systems before encryption. Mike Arrowsmith, Chief Trust Officer of NinjaOne, shares his thoughts on how cyber may be heading for its California fire insurance moment. AI ChatBot toys behave badly.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Mike Arrowsmith, Chief Trust Officer of NinjaOne, is sharing his thoughts on how cyber insurance is heading for its California fire insurance moment.

Selected Reading

Anthropic Says Chinese Hackers Used Its A.I. in Online Attack (The New York Times)

Researchers question Anthropic claim that AI-assisted attack was 90% autonomous (Ars Technica)

Google backpedals on new Android developer registration rules (Bleeping Computer)

AT&T data breach settlement to pay thousands to claimants. Who is eligible, how to apply (El Paso Times)

Washington Post Says Nearly 10,000 Employees Impacted by Oracle Hack (SecurityWeek)

ASUS warns of critical auth bypass flaw in DSL series routers (Bleeping Computer)

Imunify360 Vulnerability Could Expose Millions of Sites to Hacking (SecurityWeek)

DoorDash hit by new data breach in October exposing user information (Bleeping Computer)

Protecting our Merchants: Standing up to Extortion (Checkout.com)

Kraken ransomware benchmarks systems for optimal encryption choice (Bleeping Computer)

AI-Powered Toys Caught Telling 5-Year-Olds How to Find Knives and Start Fires With Matches (Futurism)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

404: Cybercrime not found.

Thu, 13 Nov 2025 21:10:00 -0000

Operation Endgame expands global takedowns. The U.S. is creating a Scam Center Strike Force. Microsoft rolls out its delayed “Prevent screen capture” feature for Teams. Proton Pass patches a clickjacking flaw. Researchers uncover previously undisclosed zero-day flaws in both Citrix and Cisco Identity Services Engine. Android-based digital picture frames contain multiple critical vulnerabilities. Lumma Stealer rebounds after last month’s doxxing campaign. Our guest is Garrett Hoffman, Senior Manager of Cloud Security Engineering from Adobe, talking about achieving cloud security at scale. X marks the spot… where your passkey stops working.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On our Industry Voices segment, we are joined by Garrett Hoffman, Senior Manager of Cloud Security Engineering from Adobe, talking about achieving cloud security at scale. You can hear the full conversation with Garrett here.

Selected Reading

End of the game for cybercrime infrastructure: 1025 servers taken down - Operation Endgame’s latest phase targeted the infostealer Rhadamanthys, Remote Access Trojan VenomRAT, and the botnet Elysium (Europol)

US announces ‘strike force’ to counter Southeast Asian cyber scams, sanctions Myanmar armed group (The Record)

Microsoft rolls out screen capture prevention for Teams users (Bleeping Computer)

Proton Pass patches DOM-based clickjacking zero-day vulnerability (Cyberinsider)

Amazon discovers APT exploiting Cisco and Citrix zero-days (AWS Security Blog)

CISA warns feds to fully patch actively exploited Cisco flaws (Bleeping Computer)

Increase in Lumma Stealer Activity Coincides with Use of Adaptive Browser Fingerprinting Tactics (Trend Micro)

Elon Musk's X botched its security key switchover, locking users out (TechCrunch)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Closing cracks before hackers do.

Wed, 12 Nov 2025 21:10:00 -0000

Patch Tuesday. Google sues a “phishing-as-a-service” network linked to global SMS scams, and launches “private ai compute.” Hyundai notifies vehicle owners of a data breach. Amazon launches a bug bounty program for its AI models. The Rhadamanthys infostealer operation has been disrupted. An initial access broker is set to plead guilty in U.S. federal court. Our guest is Bob Maley, CSO from Black Kite, discussing a new AI assessment framework. “Bitcoin Queen’s” $7.3 billion crypto laundering empire collapses.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On our Industry Voices segment, we are joined by Bob Maley, CSO from Black Kite, discussing a new AI assessment framework. You can hear Bob’s full conversation here.

Selected Reading

Microsoft Fixes Windows Kernel Zero Day in November Patch Tuesday (Infosecurity Magazine)

Chipmaker Patch Tuesday: Over 60 Vulnerabilities Patched by Intel (SecurityWeek)

ICS Patch Tuesday: Vulnerabilities Addressed by Siemens, Rockwell, Aveva, Schneider (SecurityWeek)

Adobe Patches 29 Vulnerabilities (SecurityWeek)

High-Severity Vulnerabilities Patched by Ivanti and Zoom (SecurityWeek)

Google launches a lawsuit targeting text message scammers (NPR)

Private AI Compute: our next step in building private and helpful AI (Google)

Hyundai confirms security breach after hackers access sensitive data (CBT News)

Amazon rolls out AI bug bounty program (CyberScoop)

Rhadamanthys infostealer disrupted as cybercriminals lose server access (Bleeping Computer)

Russian hacker admits helping Yanluowang ransomware infect companies (Bitdefender)

$7.3B crypto laundering: ‘Bitcoin Queen’ sentenced to 11 Years in UK (Security Affairs)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Transitioning from service to civilian life. [T-Minus Deep Space]

Tue, 11 Nov 2025 07:00:00 -0000

Lieutenant Rob Sarver and Alex Gendzier are the authors of Warrior to Civilian: The Field Manual for the Hero's Journey, the definitive guide to transition to civilian life for veterans and their spouses and families. The book aims to provide actionable advice to veterans looking for work, while coaching those in hiring positions to give veterans the fair shake they deserve after serving our country.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Be sure to follow T-Minus on LinkedIn and Instagram.

T-Minus Crew Survey

We want to hear from you! Please complete our 4 question survey. It’ll help us get better and deliver you the most mission-critical space intel every day.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at space@n2k.com to request more info.

Want to join us for an interview?

Please send your pitch to space-editor@n2k.com and include your name, affiliation, and topic proposal.

T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

The changing face of fraud. [CISO Perspectives]

Tue, 11 Nov 2025 07:00:00 -0000

Fraud has always been a consistent challenge. As the world has continued to become increasingly interconnected and as new technologies have become widely available, threat actors have continued to evolve their tactics.

In this episode of CISO Perspectives, host ⁠Kim Jones⁠ sits down with Mel Lanning from the Better Business Bureau to discuss fraud and how it has been evolving in recent years. From exploiting cryptocurrencies to utilizing emerging technologies, Kim and Mel look into how threat actors are changing and refining tactics in the current threat landscape.

This episode of N2K Pro's CISO Perspectives podcast is brought to you by our sponsor, Meter. Meter provides a full-stack, enterprise-grade networking solution—wired, wireless, and cellular—designed, deployed, and managed end-to-end. From hardware to software, ISP to security, Meter delivers seamless, secure, and scalable connectivity for modern business environments. Learn more about ⁠Meter⁠.

Want more CISO Perspectives?

Check out a companion ⁠⁠blog post⁠⁠ by our very own Ethan Cook, where he breaks down key insights, shares behind-the-scenes context, and highlights research that complements this episode.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Rebooting the government, one cyber law at a time.

Mon, 10 Nov 2025 21:10:00 -0000

Ending the government shutdown revives an expired cybersecurity law. The DoD finalizes a new model for building U.S. military cyber forces. A North Korean APT exploits Google accounts for full device control. The EU dials back AI protections in response to pressure from Big Tech companies and the U.S. government. Researchers discover a critical vulnerability in the Monsta FTP web-based file management tool. The Landfall espionage campaign targets Samsung Galaxy devices in the Middle East. Five Eyes partners fret eroding cooperation on counterintelligence and counterterrorism. Israeli spyware maker NSO Group names the former U.S. ambassador to Israel as its new executive chairman. Monday Biz Roundup. Tim Starks from CyberScoop discusses uncertainty in the federal Cyber Corp program, The friendly face of digital villainy.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Tim Starks from CyberScoop discussing uncertainty in the federal Cyber Corp program.

Selected Reading

Cyber information sharing law would get extension under shutdown deal bill (CyberScoop)

Don't call it Cyber Command 2.0: Master plan for digital forces will take years to implement (The Record)

North Korean hackers hijack Google, KakaoTalk accounts to control South Korean phones: Report (The Straits Times)

EU set to water down landmark AI act after Big Tech pressure (The Financial Times)

Monsta FTP Vulnerability Exposed Thousands of Servers to Full Takeover (Hackread)

Newly identified Android spyware appears to be from a commercial vendor (The Record)

F.B.I. Director Is Said to Have Made a Pledge to Head of MI5, Then Broken It (The New York Times)

Seeking to get off US blacklist, spyware firm NSO taps ex-envoy Friedman as chairman (The Times of Israel)

Google's Wiz acquisition clears DOJ's antitrust review. (The Cyberwire)

Tank interview: A hacking kingpin reveals all to the BBC (BBC News)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Michael DeBolt: From acting to cyber. [Intelligence] [Career Notes]

Sun, 09 Nov 2025 08:00:00 -0000

Please enjoy this encore of Career Notes.

Chief intelligence officer at Intel 471, Michael shares his story where he started as an actor and quickly changed over to intelligence and what the transition was like for him. Michael grew up wanting to be an actor and even was able to land some acting jobs, after going into the Marine Corps he decided to leave acting behind and start a new path in his journey. He says looking for a purpose really helped to shape him, saying "looking back on it, I feel like my life purpose has really been all about kind of this relentless pursuit of justice" and how the risks in his life has helped to right the wrongs of the world. We thank Michael for sharing his story.

Learn more about your ad choices. Visit megaphone.fm/adchoices

A fine pearl gone rusty. [Research Saturday]

Sat, 08 Nov 2025 08:00:00 -0000

Tal Peleg, Senior Product Manager, and Coby Abrams, Cyber Security Researcher of Varonis, discussing their work and findings on Rusty Pearl - Remote Code Execution in Postgres Instances. The flaw could allow attackers to execute arbitrary commands on a database server’s operating system, leading to potential data theft, destruction, or lateral movement across networks.

While the vulnerability existed in PostgreSQL, Amazon RDS and Aurora were not affected, thanks to built-in protections like SELinux and AWS’s automated threat detection. Still, the research underscores the importance of patching and configuration hygiene in managed database environments.

The research can be found here:

⁠⁠⁠⁠Rusty Pearl: Remote Code Execution in Postgres Instances

Learn more about your ad choices. Visit megaphone.fm/adchoices

Legislating in the shadow of hackers.

Fri, 07 Nov 2025 21:10:00 -0000

The CBO was hacked by a suspected foreign actor. Experts worry Trump’s budget cuts weaken U.S. cyber defenses. Regulation shapes expectations. ClickFix evolves on macOS. Notorious cybercrime groups form a new “federated alliance.” Congressional leaders look to counter China’s influence in 6G networks. An EdTech firm pays $5.1 million to settle data breach claims. Nevada did not pay the ransom. Our guest is CEO and Co-Founder Ben Nunez from Evercoast, winner of the 8th Annual DataTribe Challenge. The FBI tries to uncover the archivist.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Evercoast, winner of the 8th Annual DataTribe Challenge, is redefining Training Data for Embodied AI with enriched 4D spatial data from real-world environments to better train robots. CEO and Co-Founder Ben Nunez joins Dave Bittner to discuss their win and what’s next for the company.

Selected Reading

Congressional Budget Office believed to be hacked by foreign actor (The Washington Post)

Trump budget cuts, agency gutting, leave Americans and economy at greater risk of being hacked, experts warn (CNBC)

The quiet revolution: How regulation is forcing cybersecurity accountability (CyberScoop)

ClickFix Attacks Against macOS Users Evolving (SecurityWeek)

“I Paid Twice” Phishing Campaign Targets Booking.com (Infosecurity Magazine)

Scattered Spider, LAPSUS$, and ShinyHunters form extortion alliance (SC Media)

Congressional leaders want an executive branch strategy on China 6G, tech supply chain (CyberScoop)

Ed tech company fined $5.1 million for poor data security practices leading to hack (The Record)

Nevada government declined to pay ransom, says cyberattack traced to breach in May (The Record)

FBI Tries to Unmask Owner of Infamous Archive.is Site (404 Media)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

The role of AI in Zero Trust. [CyberWire-X]

Thu, 06 Nov 2025 21:45:00 -0000

Zero Trust has been top of mind for years, but how is AI changing what that actually looks like in practice? In this episode of CyberWire-X, Dave Bittner is joined by Deepen Desai, Chief Security Officer at Zscaler, to discuss the transformative impact of AI on Zero Trust security frameworks.

The discussion outlines how AI enhances threat prevention, automates data discovery, and improves user experience while addressing the practical financial implications of adopting AI in security. Hear how organizations must embrace AI to stay competitive and secure against evolving threats.

For additional resources on Zero Trust + AI, visit Zscaler's Replace Legacy Systems for Better Security.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Stomping out critical bugs.

Thu, 06 Nov 2025 20:50:00 -0000

Cisco patches critical vulnerabilities in its Unified Contact Center Express (UCCX) software. CISA lays off 54 employees despite a federal court order halting workforce reductions. Gootloader malware returns. A South Korean telecom is accused of concealing a major malware breach. Russia’s Sandworm launches multiple wiper attacks against Ukraine. China hands out death sentences to scam compound kingpins. My guest is Dr. Sasha O'Connell, Senior Director for Cybersecurity Programs at Aspen Digital. Meta’s moral compass points to profit.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Dr. Sasha O'Connell, Senior Director for Cybersecurity Programs at Aspen Digital, joins us to preview her Caveat podcast interview about "10 Years of Cybersecurity Progress & What Comes Next." Listen to Sasha and Dave’s full conversation on this week’s Caveat episode.

Selected Reading

Critical Cisco UCCX flaw lets attackers run commands as root (Bleeping Computer)

CISA plans to fire 54 employees despite court injunction (Metacurity)

CISA reports active exploitation of critical vulnerability in CentOS Web Panel (Beyond Machines)

Gootloader malware is back with new tricks after 7-month break (Bleeping Computer)

KT accused of concealing major malware infection, faces probe over customer data breach (The Korea Times)

Sandworm hackers use data wipers to disrupt Ukraine's grain sector (Bleeping Computer)

⁠China sentences 5 Myanmar scam kingpins to death ⁠(The Record)

⁠“Hackers” rig elections to IAN executive committee⁠ (Mumbai News)

Meta is earning a fortune on a deluge of fraudulent ads, documents show (Reuters)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

From small charges to big busts.

Wed, 05 Nov 2025 21:10:00 -0000

Operation “Chargeback” takes down global fraud networks. An investigation reveals the dangers of ADINT. M&S profits plunge after a cyberattack. Google patches a critical Android flaw. Asian prosecutors seize millions from an accused Cambodian scam kingpin. Ohio residents are still guessing water bills months after a cyberattack. Houston firefighters deny blame in city data breach. Nikkei reports a slack breach exposing 17,000 records.The Google–Wiz deal clears DOJ review. Ann Johnson welcomes her Microsoft colleague Frank X. Shaw⁠ to Afternoon Cyber Tea. Norway parks its Chinese Bus in a cave, just in case.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

Afternoon Cyber Tea

On this month's segment from Afternoon Cyber Tea, host Ann Johnson welcomes Frank X. Shaw⁠, Chief Communications Officer at Microsoft, to explore the critical role of communication in cybersecurity. They discuss how transparency and trust shape effective response to cyber incidents, the importance of breaking down silos across teams, and how AI is transforming communication strategies. You can listen to Ann and Frank's full conversation here, and catch new episodes of Afternoon Cyber Tea every other Tuesday on your favorite podcast app.

Selected Reading

Operation Chargeback: 4.3 million cardholders affected, EUR 300 million in damages - Three criminal networks suspected of misusing credit card data from cardholders across 193 countries; 18 suspects arrested (Europol)

Databroker Files: Targeting the EU (Netzpolitik)

M&S profits almost wiped out after cyber hack left shelves empty (BBC News)

Google releases November 2025 Android patch, fixes critical zero-click flaw (Beyond Machines)

Prosecutors seize yachts, luxury cars from man accused of running Cambodia cyberscams (NPR)

Cyberattack that crippled Middletown's systems shows how hackers target smaller cities (Cincinnati.com)

Houston data breach exposes firefighters’ personal info, union says they’re being blamed (Click2Houston)

Japanese publishing company Nikkei suffers Slack compromise exposing data of over 17,000 people (Beyond Machines)

Google Clears DOJ Antitrust Hurdle for $32 Billion Wiz Deal (Bloomberg)

Dybt i et norsk fjeld blev en kinesisk bybus splittet ad. En status på vores frygt (Zetland)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

A storm brews behind the firewall.

Tue, 04 Nov 2025 21:10:00 -0000

China-Linked hackers target Cisco firewalls. MIT Sloan withdraws controversial “AI-Driven Ransomware” paper. A new study questions the value of cybersecurity training. Hackers exploit OpenAI’s API as a malware command channel. Apple patches over 100 Security flaws across devices. A Florida-based operator of mental health and addiction treatment centers exposes sensitive patient information. OPM plans a “mass deferment” for Cybercorps scholars affected by the government shutdown. Lawmakers urge the FTC to investigate Flock Safety’s cybersecurity gaps. Cybercriminals team with organized crime for high-tech cargo thefts. Ben Yelin from University of Maryland Center for Cyber Health and Hazard Strategies discussing ICE’s controversial facial scanning initiative. A priceless theft meets a worthless password.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

We are joined by Ben Yelin from University of Maryland Center for Cyber Health and Hazard Strategies discussing ICE’s controversial facial scanning initiative. You can read more about Ben’s topic from 404 Media: You Can't Refuse To Be Scanned by ICE's Facial Recognition App, DHS Document Says.

Selected Reading

China-Linked Hackers Target Cisco Firewalls in Global Campaign (Hackread)

MIT Sloan shelves paper about AI-driven ransomware (The Register)

CyberSlop — meet the new threat actor, MIT and Safe Security (DoublePulsar)

Study concludes cybersecurity training doesn’t work (KPBS Public Media)

Microsoft: OpenAI API moonlights as malware HQ (The Register)

Apple Patches 19 WebKit Vulnerabilities (SecurityWeek)

Data Theft Hits Behavioral Health Network in 3 States (Bank Infosecurity)

OPM plans to give CyberCorps members more time to find jobs after shutdown ends (CyberScoop)

Lawmakers ask FTC to probe Flock Safety’s cybersecurity practices (The Record)

Cybercriminals, OCGs team up on lucrative cargo thefts (The Register)

Louvre Robbery: Security Flaws: The (Obviously) Password Was "Louvre" (L’Unione Sarda)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Privacy needs where you least expect it. [CISO Perspectives]

Tue, 04 Nov 2025 07:00:00 -0000

When discussing privacy risks, many often look to implementing strong encryption, secure data storage practices, and data sanitization processes to help ensure sensitive information remains protected. Though these practices are good and should be prioritized, many often miss other key areas that need just as much focus. As the internet of things has only continued to grow larger and larger, so has the risk these devices inherently create as they collect and store more information than many would instinctively assume.

In this episode of CISO Perspectives, host ⁠Kim Jones⁠ sits down with Merry Marwig, the Vice President of Global Communications & Advocacy at Privacy4Cars, to explore how privacy risks are in places many do not think to look. Together, Merry and Kim discuss why security leaders need to rethink how they approach privacy and consider how the devices we use every day could inadvertently expose our sensitive information.

Want more CISO Perspectives?

Check out a companion ⁠⁠blog post⁠⁠ by our very own Ethan Cook, where he breaks down key insights, shares behind-the-scenes context, and highlights research that complements this episode.

Learn more about your ad choices. Visit megaphone.fm/adchoices

FCC resets cyber oversight.

Mon, 03 Nov 2025 21:10:00 -0000

The FCC plans to roll back cybersecurity mandates that followed Salt Typhoon. The alleged cybercriminal MrICQ has been extradited to the U.S. Ransomware negotiators are accused of conducting ransomware attacks. Ernst & Young accidentally exposed a 4-terabyte SQL Server backup. A hacker claims responsibility for last week’s University of Pennsylvania breach. The UK chronicles cyberattacks on Britain’s drinking water suppliers. Monday business brief. Our guest is Caleb Tolin, host of Rubrik's Data Security Decoded podcast. Hackers massage the truth.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Caleb Tolin, host of Rubrik's Data Security Decoded podcast, as he is introducing himself and his show joining the N2K CyberWire network. You can catch new episodes of Data Security Decoded the first and third Tuesdays of each month on your favorite podcast app.

Selected Reading

FCC plans vote to remove cyber regulations installed after theft of Trump info from telecoms (The Record)

Alleged Jabber Zeus Coder ‘MrICQ’ in U.S. Custody (Krebs on Security)

Chicago firm that resolves ransomware attacks had rogue workers carrying out their own hacks, FBI says (Chicago Sun Times)

Ernst & Young cloud misconfiguration leaks 4TB SQL Server backup on Microsoft Azure (Beyond Machines)

Penn hacker claims to have stolen 1.2 million donor records in data breach (Bleeping Computer)

Hackers are attacking Britain’s drinking water suppliers (The Record)

JumpCloud acquires Breez. Chainguard secures $280 million in growth financing. Sublime Security closes $150 million Series C round. (N2K Pro)

Hackers steal data, extort $350,000 from massage parlor clients (Korea JoongAng Daily)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Arti Lalwani: Supporting and being the change. [Risk Management] [Career Notes]

Sun, 02 Nov 2025 08:00:00 -0000

Risk Management and Privacy Knowledge Leader at A-LIGN, Arti Lalwani shares her story from finance to risk management and how she made the transition. Arti started her career in finance after graduating with a finance degree. Quickly learning the field was not for her, she decided to dip her toes into the tech world. She credits her mentors for helping her and said "they were able to push me up and get me there faster than I even thought." Arti says that she would like to be a part, and hopes to be apart, of the change where women are supporting women in the field. We thank Arti for sharing her story.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Attack of the automated ops. [Research Saturday]

Sat, 01 Nov 2025 07:00:00 -0000

Today we are joined by Dario Pasquini, Principal Researcher at RSAC, sharing the team's work on WhenAIOpsBecome “AI Oops”: Subverting LLM-driven IT Operations via Telemetry Manipulation. A first-of-its-kind security analysis showing that LLM-driven AIOps agents can be tricked by manipulated telemetry, turning automation itself into a new attack vector.

The researchers introduce AIOpsDoom, an automated reconnaissance + fuzzing + LLM-driven telemetry-injection attack that performs “adversarial reward-hacking” to coerce agents into harmful remediations—even without prior knowledge of the target and even against some prompt-defense tools. They also present AIOpsShield, a telemetry-sanitization defense that reliably blocks these attacks without harming normal agent performance, underscoring the urgent need for security-aware AIOps design.

The research can be found here:

⁠When AIOps Become “AI Oops”: Subverting LLM-driven IT Operations via Telemetry Manipulation

Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA’s steady hand in a stalled senate.

Fri, 31 Oct 2025 20:10:00 -0000

CISA says cooperation between federal agencies and the private sector remains steady. Long-standing Linux kernel vulnerability in active ransomware campaigns confirmed. A Chinese-linked group targets diplomatic organizations in Hungary, Belgium, and other European nations. A government contractor breach exposes data of over 10 million Americans. Luxury fashion brands fall victim to impersonation scams. Phishing shifts from email to LinkedIn. Advocacy groups urge the FTC to block Meta from using chatbot interactions to target ads. A man pleads guilty to selling zero-days to the Russians. Emily Austin, Principal Security Researcher at Censys, discusses why nation state attackers continue targeting critical infrastructure. When M&S went offline, shoppers hit ‘Next’.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Emily Austin, Principal Security Researcher at Censys, as she discusses why nation state attackers continue targeting critical infrastructure.

Selected Reading

Cyber info sharing ‘holding steady’ despite lapse in CISA 2015, official says (The Record)

CISA: High-severity Linux flaw now exploited by ransomware gangs (Bleeping Computer)

CISA and NSA share tips on securing Microsoft Exchange servers (Bleeping Computer)

UNC6384 Weaponizes ZDI-CAN-25373 Vulnerability to Deploy PlugX Against Hungarian and Belgian Diplomatic Entities (Arctic Wolf)

More than 10 million impacted by breach of government contractor Conduent (The Record)

Luxury Fashion Brands Face New Wave of Threats in Lead-up to 2025 Holiday Shopping Season (BforeAI)

LinkedIn phishing targets finance execs with fake board invites (Bleeping Computer)

Coalition calls on FTC to block Meta from using chatbot interactions to target ads, personalize content (The Record)

Ex-L3Harris exec pleads guilty to selling zero-day exploits to Russian broker (CyberScoop)

Business rival credits cyberattack on M&S for boosting profits (The Record)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

The Malware Mash!

Fri, 31 Oct 2025 05:00:00 -0000

Happy Halloween from the team at N2K Networks!

We hope you share in our Halloween tradition of listening to the Malware Mash. You can check out our video ⁠here⁠.

Lyrics

I was coding in the lab late one night

when my eyes beheld an eerie sight

for my malware threat score began to rise

and suddenly to my surprise...

It did the Mash

It did the Malware Mash

The Malware Mash

It was a botnet smash

It did the Mash

It caught on 'cause of Flash

The Malware Mash

It did the Malware Mash

From the Stuxnet worm squirming toward the near east

to the dark web souqs where the script kiddies feast

the APTs left their humble abodes

to get installed from rootkit payloads.

They did the Mash

They did the Malware Mash

The Malware Mash

It was an adware smash

They did the Mash

It caught on 'cause of Flash

The Malware Mash

They did the Malware Mash

The botnets were having fun

The DDoS had just begun

The viruses hit the darknet,

with ransomware yet to come.

The keys were logging, phishing emails abound,

Snowden on chains, backed by his Russian hounds.

The Shadow Brokers were about to arrive

with their vocal group, "The NotPetya Five."

They did the Mash

They played the Malware Mash

The Malware Mash

It was a botnet smash

They did the Mash

It caught on 'cause of Flash

The Malware Mash

They played the Malware Mash

Somewhere in Moscow Vlad's voice did ring

Seems he was troubled by just one thing.

He opened a shell then shook his fist

and said, "Whatever happened to my Turla Trojan twist."

It's now the Mash

It's now the Malware Mash

The Malware Mash

And it's a botnet smash

It's now the Mash

It caught on 'cause of Flash

The Malware Mash

It's now the Malware Mash

Now everything's cool, Vlad's a part of the band

And the Malware Mash is the hit of the land.

For you, defenders, this mash was meant to

when you get to my door, tell them Creeper sent you.

Then you can Mash

Then you can Malware Mash

The Malware Mash

And be a botnet smash

It is the Mash

Don't you dare download Flash

The Malware Mash

Just do the Malware Mash

Learn more about your ad choices. Visit megaphone.fm/adchoices

Dial M for malware.

Thu, 30 Oct 2025 20:10:00 -0000

A Texas telecom confirms a nation-state attack. A global outage disrupts Azure and Microsoft 365 services. Malicious npm packages steal sensitive data from Windows, Linux, and macOS systems. Hacktivists have breached multiple critical infrastructure systems across Canada. Major chipmakers spill the TEE. TP-Link home routers fall under federal scrutiny. Cloud Atlas targets Russia’s agricultural sector. Israel’s cloud computing deal with Google and Amazon allegedly includes a secret “winking mechanism.”The FCC tamps down on overseas robocalls. Mike Anderson, from Netskope, discusses why CIOs should think like HR leaders when considering Agentic AI. Danes Draw the line at digital doppelgängers.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Mike Anderson, Netskope’s Chief Digital and Information Officer, to discuss why CIOs must think like HR leaders when considering Agentic AI.

Selected Reading

US company with access to biggest telecom firms uncovers breach by nation-state hackers (Reuters)

Huge Microsoft outage hit 365, Xbox, and beyond — deployment of fix for Azure breakdown rolled out (Tom's Hardware)

Malicious NPM packages fetch infostealer for Windows, Linux, macOS (Bleeping Computer)

Canada says hacktivists breached water and energy facilities (Bleeping Computer)

New physical attacks are quickly diluting secure enclave defenses from Nvidia, AMD, and Intel (Ars Technica)

U.S. agencies back banning top-selling home routers on security grounds (The Washington Post)

Cloud Atlas hackers target Russian agriculture sector ahead of industry forum (The Record)

Revealed: Israel demanded Google and Amazon use secret ‘wink’ to sidestep legal orders (The Guardian)

FCC adopts new rule targeting robocalls (The Record)

Denmark to tackle deepfakes by giving people copyright to their own features (The Guardian)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Logging off in Myawaddy.

Wed, 29 Oct 2025 20:10:00 -0000

Explosions rock a shuttered Myanmar cybercrime hub. The Aisuru botnet shifts from DDoS to residential proxies. Dentsu confirms data theft at Merkle. Boston bans biometrics. Proton restores journalists’ email accounts after backlash. Memento labs admits Dante spyware is theirs. Australia accuses Microsoft of improperly forcing users into AI upgrades. CISA warns of active exploitation targeting manufacturing management software. A covert cyberattack during Trump’s first term disabled Venezuela’s intelligence network. Our guest is Ben Seri, Co-Founder and CTO of Zafran, discussing the trend of AI native attacks. New glasses deliver fashionable paranoia.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today’s guest is Ben Seri, Co-Founder and CTO of Zafran, discussing the trend of AI native attacks and how defenders should use AI to defend and remediate.

Selected Reading

Stragglers from Myanmar scam center raided by army cross into Thailand as buildings are blown up (AP News)

Aisuru Botnet Shifts from DDoS to Residential Proxies (Krebs on Security)

Advertising giant Dentsu reports data breach at subsidiary Merkle (Bleeping Computer)

Boston Police Can No Longer Use Facial Recognition Software (Built in Boston)

Proton Mail Suspended Journalist Accounts at Request of Cybersecurity Agency (The Intercept)

CEO of spyware maker Memento Labs confirms one of its government customers was caught using its malware (TechCrunch)

Australia sues Microsoft for forcing Copilot AI onto Office 365 customers (Pivot to AI)

CISA warns of actively exploited flaws in Dassault DELMIA Apriso manufacturing software (Beyond Machines)

CIA cyberattacks targeting the Maduro regime didn’t satisfy Trump in his first term. Now the US is flexing its military might (CNN Politics)

Zenni’s Anti-Facial Recognition Glasses are Eyewear for Our Paranoid Age (404 Media)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Windows servers under siege

Tue, 28 Oct 2025 20:10:00 -0000

WSUS attacks escalate as emergency patch fails to fully contain exploited flaw. Schneider Electric and Emerson are listed among victims in the Oracle EBS cyberattack. Google debunks reports of a massive GMail breach. A new banking trojan mimics human behavior for stealth. Sweden’s power grid operator confirms a cyberattack. Italian spyware targets Russian and Belarusian organizations. The U.S. declines to sign the new UN cyber treaty. Ransomware payments fall to record lows. U.S. Cyber Chief calls for a “clean American tech stack” to counter China's global surveillance push. On today's Threat Vector segment, David Moulton⁠ speaks with two cybersecurity leaders from Palo Alto Networks:⁠ Sarit Tager⁠ and⁠ Krithivasan Mecheri⁠. AI mistakes Doritos for a deadly weapon.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

Threat Vector

On today's Threat Vector segment, David Moulton⁠ speaks with two cybersecurity leaders from Palo Alto Networks:⁠ Sarit Tager⁠ and⁠ Krithivasan Mecheri⁠ (Krithi). Together, they dive into the urgent challenges of securing modern development in the age of AI and "Shifting Security Left". You can listen to their full conversation here, and catch new episodes every Thursday on your favorite podcast app.

Selected Reading

Microsoft WSUS attacks hit 'multiple' orgs, Google warns (The Register)

Industrial Giants Schneider Electric and Emerson Named as Victims of Oracle Hack (SecurityWeek)

Google says talk of Gmail breach impacting millions not true (The Register)

'Herodotus' Android Trojan Mimics Human Sluggishness (Gov Infosecurity)

Hackers Target Swedish Power Grid Operator (SecurityWeek)

Italian-made spyware spotted in breaches of Russian, Belarusian systems (The Record)

US declines to join more than 70 countries in signing UN cybercrime treaty (The Record)

Ransomware profits drop as victims stop paying hackers (Bleeping Computer)

National cyber director says U.S. needs to counter Chinese surveillance, push American tech (CyberScoop)

Armed police handcuff teen after AI mistakes crisp packet for gun in US (BBC News)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

The impact of data privacy on cyber. [CISO Perspectives]

Tue, 28 Oct 2025 06:00:00 -0000

Privacy is one of the most universally valued rights. Yet, despite its importance, data breaches exposing millions of people's sensitive information have become routine. Many have come to assume that their personal data has already been, or inevitably will be, compromised. Despite this reality, prioritizing privacy is more important than ever.

In this episode of CISO Perspectives, host ⁠Kim Jones⁠ sits down with Kristy Westphal, the Global Security Director of Spirent Communications, to explore data privacy's impacts on cybersecurity efforts. Together, Kristy and Kim discuss why privacy cannot be an afterthought but rather must be something actively addressed through proactive security efforts, shifting security culture mindsets, and staying ahead of rapidly changing technologies.

Want more CISO Perspectives?

Check out a companion ⁠⁠blog post⁠⁠ by our very own Ethan Cook, where he breaks down key insights, shares behind-the-scenes context, and highlights research that complements this episode.

Learn more about your ad choices. Visit megaphone.fm/adchoices

The UN’s big push for global cybercrime rules.

Mon, 27 Oct 2025 20:10:00 -0000

The UN launches the world’s first global treaty to combat cybercrime. A House Democrats’ job portal left security clearance data exposed online. A new data leak exposes 183 million email addresses and passwords. Threat actors target Discord users with an open-source red-team toolkit. A new campaign targets unpatched WordPress plugins. The City of Gloversville, New York, suffers a ransomware attack. Jen Easterly hopes AI could eliminate the buggy software that fuels cybercrime. A Connecticut health system agrees to an $18 million settlement following a ransomware attack. Monday business brief. Tim Starks from CyberScoop is discussing concerns over budget cuts and visibility. Meta’s privacy safeguard goes dark.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Tim Starks from CyberScoop who is discussing concerns over budget cuts and visibility. You can read the articles Tim references here:

US ‘slipping’ on cybersecurity, annual Cyberspace Solarium Commission report concludes (CyberScoop)
F5 vulnerability highlights weak points in DHS’s CDM program (CyberScoop)

Selected Reading⁠

UN Cybercrime Treaty wins dozens of signatories (The Register)

Hundreds of People With ‘Top Secret’ Clearance Exposed by House Democrats’ Website (WIRED)

Gmail passwords confirmed in 183 million account data breach (Tribune Online)

Hackers steal Discord accounts with RedTiger-based infostealer (Bleeping Computer)

Year-Old WordPress Plugin Flaws Exploited to Hack Websites (SecurityWeek)

Gloversville hit by ransomware attack (WNYT.com NewsChannel 13)

Ex-CISA chief says AI could mean the end of cybersecurity (The Register)

Yale New Haven Health Will Pay $18M to Settle Hack Lawsuit (GovInfo Security)

Veeam to acquire Securiti AI for $1.7 billion. (N2K Pro)

A $60 Mod to Meta’s Ray-Bans Disables Its Privacy-Protecting Recording Light (404 Media)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Derek Manky: Putting the rubber to the road. [Threat Intelligence] [Career Notes]

Sun, 26 Oct 2025 07:00:00 -0000

Please enjoy this encore of Career Notes.

Chief Security Strategist and VP of Global Threat Intelligence at FortiGuard Labs, Derek Manky, shares his story from programmer to cybersecurity and how it all came together. Derek started his career teaching programming because he had such a passion for it. When he joined Fortinet, Derek said putting where it "really started putting the rubber to the road and connecting my previous experience with programming and debugging and knowledge of operating systems and all that with real-world applications." Derek advises that it doesn't need to be complicated getting into the cybersecurity field and that there are many avenues to enter the field. He hopes to have made a real dent, or "hopefully a crater" in cyber crime when he ends his career. We thank Derek for sharing his story with us.

Learn more about your ad choices. Visit megaphone.fm/adchoices

A look behind the lens. [Research Saturday]

Sat, 25 Oct 2025 07:00:00 -0000

Noam Moshe, Claroty’s Vulnerability Research Team Lead, joins Dave to discuss Team 82's work on "Turning Camera Surveillance on its Axis." Team82 disclosed four vulnerabilities in Axis.Remoting—deserialization, a MiTM “pass-the-challenge” NTLMSSP flaw, and an unauthenticated fallback HTTP endpoint—that enable pre-auth remote code execution against Axis Device Manager and Axis Camera Station.
They found more than 6,500 Axis.Remoting services exposed online (over half in the U.S.), letting attackers enumerate targets, install malicious Axis packages, and hijack, view, or shut down managed camera fleets.Axis published an urgent advisory, issued patches for ADM 5.32, Camera Station 5.58 and Camera Station Pro 6.9, accepted Team82’s disclosure, and organizations are urged to update.

The research can be found here:

Turning Camera Surveillance on its Axis

Learn more about your ad choices. Visit megaphone.fm/adchoices

The spy who sold out.

Fri, 24 Oct 2025 20:10:00 -0000

A former defense contractor is charged with attempting to sell trade secrets to Russia. Researchers uncover critical vulnerabilities in TP-Link routers. Microsoft patches a critical Windows Server Update Service flaw. CISA issues eight new ICS advisories. “Shadow Escape” targets LLMs database connections. Halloween-themed scams spike. Our guest is Chris Inglis, first National Cyber Director, speaking on cybercrime and the upcoming documentary on cyber war, "Midnight in the War Room". WhatsApp’s missing million-dollar exploit.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Chris Inglis, first National Cyber Director, speaking on cybercrime and the upcoming documentary on cyber war, "Midnight in the War Room" presented by Semperis. Learn more and check out the trailer.

Selected Reading

Hacking Lab Boss Charged with Seeking to Sell Secrets (Bloomberg)

Dark Covenant 3.0: Controlled Impunity and Russia’s Cybercriminals (Recorded Future)

New TP-Link Router Vulnerabilities: A Primer on Rooting Routers (Forescout)

Windows Server emergency patches fix WSUS bug with PoC exploit (Bleeping Computer)

CISA Releases Eight Industrial Control Systems Advisories (CISA)

Cyberattack on Russia’s food safety agency reportedly disrupts product shipments (The Record)

Shadow Escape 0-Click Attack in AI Assistants Puts Trillions of Records at Risk (Hackread)

Trick or Treat: Bitdefender Labs Uncovers Halloween Scams Flooding Inboxes and Feeds (Bitdefender)

Pwn2Own WhatsApp Hacker Says Exploit Privately Disclosed to Meta (SecurityWeek)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Cyber solidarity on the chopping block.

Thu, 23 Oct 2025 20:10:00 -0000

CISA Layoffs threaten U.S. cyber coordination with states, businesses, and foreign partners. Google issues its second emergency Chrome update in a week, and puts Privacy Sandbox out of its misery. OpenAI’s new browser proves vulnerable to indirect prompt injection. SpaceX disables Starlink devices used by scam compounds. Reddit sues alleged data scrapers. Blue Cross Blue Shield of Montana suffers a data breach. A new Android infostealer abuses termux to exfiltrate data. Iran’s MuddyWater deploys a wide-ranging middle east espionage campaign. We’re joined by Lauren Zabierek and Camille Stewart Gloster discussing the next evolution of #ShareTheMicInCyber. When customer service fails, try human resources.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Lauren Zabierek and Camille Stewart Gloster, as they are discussing the next evolution of #ShareTheMicInCyber.

Selected Reading

CISA’s international, industry and academic partnerships slashed (Cybersecurity Dive)

Google releases emergency security update for Chrome V8 Engine flaw (Beyond Machines)

Google officially shuts down Privacy Sandbox (Search Engine Land)

OpenAI defends Atlas as prompt injection attacks surface (The Register)

SpaceX disables more than 2,000 Starlink devices used in Myanmar scam compounds (The Record)

Reddit Accuses ‘Data Scraper’ Companies of Theft (The New York Times)

Blue Cross Blue Shield of Montana under investigation for data breach (NBC Montana)

Infostealer Targeting Android Devices (SANS ISC)

Iranian hackers targeted over 100 govt orgs with Phoenix backdoor (Bleeping Computer)

This Guy Noticed A Data Breach With A Company But Couldn’t Get Them To Respond, So He Infiltrated His Way Into An Interview To Drop The News (TwistedSifter)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Hackers peek behind the nuclear curtain.

Wed, 22 Oct 2025 20:10:00 -0000

A foreign threat actor breached a key U.S. nuclear weapons manufacturing site. The cyberattack on Jaguar Land Rover is the most financially damaging cyber incident in UK history. A new report from Microsoft’ warns that AI is reshaping cybersecurity at an unprecedented pace. The ToolShell vulnerability fuels Chinese cyber operations across four continents. Fake browser updates are spreading RansomHub, LockBit, and data-stealing malware. Hackers deface LA Metro bus stop displays. A Spyware developer is warned by Apple of a mercenary spyware attack. Pwn2Own payouts proceed. Ben Yelin from University of Maryland Center for Cyber Health and Hazard Strategies on a Federal Whistle Blower from the SSA. When the cloud goes down, beds heat up.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Ben Yelin from University of Maryland Center for Cyber Health and Hazard Strategies on a Federal Whistle Blower from the SSA. If you enjoyed Ben’s conversation, be sure to check out more from him over on the Caveat Podcast.

2025 Microsoft Digital Defense Report

To learn more about the 2025 Microsoft Digital Defense Report, join our partners on The Microsoft Threat Intelligence Podcast. On today’s episode, host Sherrod DeGrippo is joined by Chloé Messdaghi and Crane Hassold to unpack the key findings of the 2025 Microsoft Digital Defense Report; a comprehensive look at how the cyber threat landscape is accelerating through AI, automation, and industrialized criminal networks. You can listen to new episodes of The Microsoft Threat Intelligence Podcast every other Wednesday on your favorite podcast app.

Selected Reading

Foreign hackers breached a US nuclear weapons plant via SharePoint flaws (CSO Online)

JLR hack is costliest cyber attack in UK history, say analysts (BBC)

Microsoft 2025 digital defense report flags rising AI-driven threats, forces rethink of traditional defenses (Industrial Cyber)

The New Frontlines of Cybersecurity: Lessons from the 2025 Digital Defense Report (The Microsoft Threat Intelligence Podcast)

Sharepoint ToolShell attacks targeted orgs across four continents (Bleeping Computer)

SocGholish Malware Using Compromised Sites to gDeliver Ransomware (Hackread)

LA Metro digital signs taken over by hackers (KTLA)

Apple alerts exploit developer that his iPhone was targeted with government spyware (TechCrunch)

Hackers Earn Over $520,000 on First Day of Pwn2Own Ireland 2025 (SecurityWeek)

AWS crash causes $2,000 Smart Beds to overheat and get stuck upright (Dexerto)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

The SMB slip-up.

Tue, 21 Oct 2025 20:10:00 -0000

CISA warns a Windows SMB privilege escalation flaw is under Active exploitation. Microsoft issues an out of band fix for a WinRE USB input failure. Nation state hackers had long term access to F5. Envoy Air confirms it was hit by the zero-day in Oracle’s E-Business Suite. A nonprofit hospital system in Massachusetts suffers a cyberattack. Russian’s COLDRiver group rapidly retools its malware arsenal. GlassWorm malware hides malicious logic with invisible Unicode characters. European authorities dismantle a large-scale Latvian SIM farm operation. Myanmar’s military raids a notorious cybercrime hub. Josh Kamdjou, from Sublime Security discusses how teams should get ahead of Scattered Spider's next move. Eagle Scouts are soaring into cyberspace.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Josh Kamdjou, CEO and co-founder of Sublime Security and former DOD white hat hacker, is discussing how teams should get ahead of Scattered Spider's next move.

Selected Reading

CISA warns of active exploitation of Windows SMB privilege escalation flaw (Beyond Machines)

Windows 11 KB5070773 emergency update fixes Windows Recovery issues (Bleeping Computer)

Hackers Had Been Lurking in Cyber Firm F5 Systems Since 2023 (Bloomberg)

Envoy Air (American Airlines) Confirms Oracle EBS 0-Day Breach Linked to Cl0p (Hackread)

Cyberattack Disrupts Services at 2 Massachusetts Hospitals (BankInfo Security)

Russian Coldriver Hackers Deploy New ‘NoRobot’ Malware (Infosecurity Magazine)

Self-spreading GlassWorm malware hits OpenVSX, VS Code registries (Bleeping Computer)

Police Shutter SIM Farm Provider in Latvia, Bust 7 Suspects (Data Breach Today)

Myanmar Military Shuts Down Major Cybercrime Center and Detains Over 2,000 People (SecurityWeek)

Scouts will now be able to earn badges in AI and cybersecurity (CNN Business)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Regulation takeaways with Ethan Cook. [CISO Perspectives]

Tue, 21 Oct 2025 06:00:00 -0000

On this episode, host Kim Jones is joined by Ethan Cook, N2K’s lead analyst and editor, for a deeper, more reflective conversation on cybersecurity regulation, privacy, and the future of policy. This episode steps back from the news cycle to connect the dots and explore where the regulatory landscape is heading — and why it matters.

Ethan, who will join the show regularly this season to provide big-picture analysis after major policy conversations, shares his perspective on the evolving balance between government oversight, innovation, and individual responsibility.

Learn more about your ad choices. Visit megaphone.fm/adchoices

The day the cloud got foggy.

Mon, 20 Oct 2025 20:10:00 -0000

An AWS outage sparks speculation. An F5 exposure and breach raise patching and supply-chain concerns. Salt Typhoon breaches a European telecom via a Netscaler flaw. A judge bans NSO Group from Whatsapp. China alleges “irrefutable evidence” of NSA hacking. Connectwise patches adversary in the middle risks. A Dolby decoder flaw enables zero-click remote code execution on Android. A Cyber M&A and funding surge signals a busy consolidation cycle. Our guest Jeff Collins, CEO of WanAware, sharing how hospital consolidations are reshaping IT asset visibility and what it takes to close these gaps. One man’s quest to make AI art legit.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Jeff Collins, CEO of WanAware, sharing how hospital consolidations are reshaping IT asset visibility and what it takes to close these gaps.

Selected Reading

Cyberattack: Did China just bring Amazon down, along with Robinhood, Snapchat - what happened? Here's what experts are saying (The Economic Times)

F5 breach exposes 262,000 BIG-IP systems worldwide (Security Affairs)

Salt Typhoon Uses Citrix Flaw in Global Cyber-Attack (Infosecurity Magazine)

Israeli spyware company blocked from WhatsApp (Courthouse News Service)

China Says It Found Evidence of US Cyber Attack on State Agency (Bloomberg)

ConnectWise Patches Critical Flaw in Automate RMM Tool (SecurityWeek)

Vulnerability in Dolby Decoder Can Allow Zero-Click Attacks (SecurityWeek)

NSO Group acquired by American investors. LevelBlue to acquire Cybereason. (N2K Pro Business Briefing)

Creator of Infamous AI Painting Tells Court He's a Real Artist (404 Media)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Kristin Strand: Be firm in your goals. [Consultant] [Career Notes]

Sun, 19 Oct 2025 07:00:00 -0000

Please enjoy this encore of Career Notes.

Cybersecurity Associate Consultant at BARR Advisory, Kristin Strand, shares her journey from the military to teaching and now to cybersecurity. Kristin shares how she'd wanted to be a teacher since she was young. She joined the Army to help pay for college and throughout her career has taken advantage of programs to help her move on to her next challenge. From teaching, Kristin decided to transition to IT and came to cybersecurity through a Department of Labor program. She's also currently training to be a drill sergeant. Kristin advises you stand firm to your goals and know what you want. It will come around. We thank Kristin for sharing her story with us.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Smile for the malware. [Research Saturday]

Sat, 18 Oct 2025 07:00:00 -0000

Eclypsium researchers Jesse Michael and Mickey Shkatov to share their work on "BadCam - Now Weaponizing Linux Webcams." Eclypsium researchers disclosed “BadCam,” a set of vulnerabilities in certain Lenovo USB webcams that run Linux and do not validate firmware signatures, allowing attackers to reflash the devices and turn them into BadUSB-style tools.

An adversary who supplies a backdoored camera or who gains remote code execution on a host can weaponize the webcam to emulate human-interface devices, inject keystrokes, deliver payloads, and maintain persistence — even re-infecting systems after OS reinstalls. The findings were presented at DEF CON 2025, Lenovo issued updated firmware/tools in coordination with SigmaStar, and researchers warn the same vector could affect other Linux-based USB peripherals, underscoring the need for firmware signing and stronger device attestation.

The research can be found here:

BadCam: Now Weaponizing Linux Webcams

Learn more about your ad choices. Visit megaphone.fm/adchoices

Prosper’s not so prosperous week.

Fri, 17 Oct 2025 20:10:00 -0000

Prosper data breach reportedly affected more than 17 million accounts. Microsoft revokes certificates used in Rhysida ransomware operation. Threat actors exploit Cisco flaw to deploy Linux rootkits. Europol disrupts cybercrime-as-a-service operation. BeaverTail and OtterCookie merge and display new functionality. Singapore cracks down on social media. On our Industry Voices segment, we are joined by Danny Jenkins who is talking about defending against AI. And who let the bots out?

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On our Industry Voices segment, we are joined by Danny Jenkins, CEO and Co-Founder of ThreatLocker, talking about defending against AI. You can tune into Danny’s full conversation here.

Selected Reading

Have I Been Pwned: Prosper data breach impacts 17.6 million accounts (BleepingComputer)

Microsoft Revokes Over 200 Certificates to Disrupt Ransomware Campaign (SecurityWeek)

Operation Zero Disco: Attackers Exploit Cisco SNMP Vulnerability to Deploy Rootkits (Trend Micro)

Critical ConnectWise Vulnerabilities Allow Attackers To Inject Malicious Updates (Cybersecurity News)

European police bust network selling thousands of phone numbers to scammers (The Record)

North Korean operatives spotted using evasive techniques to steal data and cryptocurrency (CyberScoop)

New Singapore law empowers commission to block harmful online content (Reuters)

Niantic’s Peridot, the Augmented Reality Alien Dog, Is Now a Talking Tour Guide (WIRED)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

When hackers go BIG in cyber espionage.

Thu, 16 Oct 2025 20:10:00 -0000

F5 discloses long-term breach tied to nation-state actors. PowerSchool hacker receives a four-year prison sentence. Senator scrutinizes Cisco critical firewall vulnerabilities. Phishing campaign impersonates LastPass and Bitwarden. Credential phishing with Google Careers. Reduce effort, reuse past breaches, recycle into new breach. Qilin announces new victims. Manoj Nair, from Snyk, joins us to explore the future of AI security and the emerging risks shaping this rapidly evolving landscape. And AI faces the facts.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Manoj Nair, Chief Innovation Officer at Snyk, joins us to explore the future of AI security and the emerging risks shaping this rapidly evolving landscape. In light of the recent high-severity vulnerability in Cursor, Manoj discusses how threats like tool poisoning, toxic flows, and MCP vulnerabilities are redefining what secure AI-driven development means—and why organizations must move faster to keep up.

Selected Reading

F5 disclosures breach tied to nation-state threat actor (CyberScoop)

CISA Directs Federal Agencies to Mitigate Vulnerabilities in F5 Devices (CISA)

ED 26-01: Mitigate Vulnerabilities in F5 Devices (CISA)

PowerSchool hacker sentenced to 4 years in prison (The Record)

Cisco faces Senate scrutiny over firewall flaws (The Register)

Fake LastPass, Bitwarden breach alerts lead to PC hijacks (Bleeping Computer)

Google Careers impersonation credential phishing scam with endless variation (Sublime Security)

Elasticsearch Leak Exposes 6 Billion Records from Scraping, Old and New Breaches (HackRead)

Qilin Ransomware announced new victims (Security Affairs)

When Face Recognition Doesn’t Know Your Face Is a Face (WIRED)

Semperis Announces Midnight in the War Room: A Groundbreaking Cyberwar Documentary Featuring the World's Leading Defenders and Reformed Hackers (PR Newswire)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Prince of fraud loses crown.

Wed, 15 Oct 2025 20:30:00 -0000

A record-breaking Bitcoin seizure. Patch Tuesday notes. Capita fined for unlawful access to personal data. Unity site skimmed by malicious script. Vietnam Airlines breached potentially exposing 20 million passengers. An automotive giant experiences a third-party breach. Tim Starks from CyberScoop is discussing how Sen. Peters tries another approach to extend expired cyber threat information-sharing. In our latest Threat Vector, David Moulton⁠ sits down with⁠ Harish Singh about hybrid work. And inside North Korea's blueprints for deception.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Tim Starks from CyberScoop is discussing how Sen. Peters tries another approach to extend expired cyber threat information-sharing law.

Threat Vector

Hybrid work has changed the game, but has your security kept up? In this segment of Threat Vector, David Moulton⁠ sits down with⁠ Harish Singh⁠, Vice President and Global Head of Infrastructure and Application Management at Wipro, to unpack the evolving cybersecurity landscape at the intersection of digital transformation, SaaS expansion, and AI-powered operations. You can listen to their full discussion here, and catch new episodes every Thursday on your favorite podcast app.

Selected Reading

Feds Seize Record-Breaking $15 Billion in Bitcoin From Alleged Scam Empire (WIRED)

Microsoft October 2025 Patch Tuesday fixes 6 zero-days, 172 flaws (Bleeping Computer)

Patch Tuesday, October 2025 ‘End of 10’ Edition (Krebs on Security)

Capita Fined £14m After 2023 Breach that Hit 6.6 Million People (Infosecurity Magazine)

Malicious Code on Unity Website Skims Information From Hundreds of Customers (SecurityWeek)

Airline with over 20 million passengers a year involved in customer data breach (Daily Mail)

Information Regarding Customer Data Breach (Vietnam Airlines)

Auto giant Stellantis discloses data breach affecting North American customers (Top Class Actions)

North Korean Scammers Are Doing Architectural Design Now (WIRED)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

When GoAnywhere goes wrong.

Tue, 14 Oct 2025 20:10:00 -0000

Fortra confirms an exploitation of the maximum-severity GoAnywhere flaw. Harvard investigates a claim of a breach. Banking Trojan targets Brazilian WhatsApp users. Reduction-in-force hits CISA. SimonMed says 1.2 million hit by Medusa ransomware. Netherlands invokes the Goods Availability Act against a Chinese company. We have our Business Breakdown. On today’s Industry Voices, we are joined by Mickey Bresman sharing insights on hybrid identity security. And, beware of the shuffler.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On today’s Industry Voices, we are joined by Mickey Bresman, Semperis CEO, sharing insights on hybrid identity security and their HIP Conference. Mickey joined us as their 2025 Hybrid Identity Protection (HIP) Conference wrapped up. If you want to hear the full conversation, you can tune in here.

Selected Reading

Fortra cops to exploitation of GoAnywhere file-transfer service defect (CyberScoop)

Harvard Investigating Security Breach After Cybercrime Group Threatens To Release Stolen Data (The Crimson)

WhatsApp Worm Targets Brazilian Banking Customers (Sophos News)

Government Shutdown Fallout: RIF Notices Hit CISA as Cyber Threats Rise (ClearanceJobs)

SimonMed says 1.2 million patients impacted in January data breach (Bleeping Computer)

Netherlands invokes special powers against Chinese-owned semiconductor company Nexperia (The Record)

UK fines 4chan over noncompliance with Online Safety Act (The Record)

Synechron acquires RapDev, Calitii, and Waivgen. (N2K Pro Business Briefing)

Hackers Rig Casino Card-Shuffling Machines for ‘Full Control’ Cheating (WIRED)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

What Happened to Hacker Culture? [Threat Vector]

Mon, 13 Oct 2025 06:00:00 -0000

While the N2K team is observing Indigenous Peoples' Day, we thought you'd enjoy this episode of the Threat Vector podcast from our N2K Cyberwire network partner, Palo Alto Networks.

New episodes of Threat Vector release each Thursday. We hope you will explore their catalog and subscribe to the show.

Join David Moulton, Senior Director of Thought Leadership for Unit 42, as he sits down with Kyle Wilhoit,Technical Director of Threat Research at Unit 42, for an intimate conversation about the evolution of hacker culture and cybersecurity. From picking up 2600: The Hacker Quarterly magazines at Barnes & Noble and building beige boxes to leading threat research at Palo Alto Networks, Kyle shares his personal journey into the security community. This conversation explores how AI and automation are lowering barriers for attackers, the professionalization of cybersecurity, and what's been lost and gained in the industry's maturation. Kyle offers practical advice for newcomers who don't fit the traditional mold, emphasizing the importance of curiosity, soft skills, and intellectual humility.

Kyle Wilhoit is a seasoned cybersecurity researcher, with more than 15 years of experience studying cybercrime and nation-state threats. He's a frequent speaker at global conferences like Black Hat, FIRST, and SecTor, and has authored two industry-respected books: Hacking Exposed Industrial Control Systems and Operationalizing Threat Intelligence.

As a long-standing member of the Black Hat US Review Board and an adjunct instructor, Kyle is deeply involved in shaping both cutting-edge research and the next generation of cybersecurity professionals.

Connect with Kyle on LinkedIn

Previous appearances on Threat Vector:

Inside DeepSeek’s Security Flaws (Mar 31, 2025) https://www.paloaltonetworks.com/resources/podcasts/threat-vector-inside-deepseeks-security-flaws
War Room Best Practices (Nov 07, 2024)
https://www.paloaltonetworks.com/resources/podcasts/threat-vector-war-room-best-practices
Cybersecurity in the AI Era: Insights from Unit 42's Kyle Wilhoit, Director of Threat Research (Jan 11, 2024)
https://www.paloaltonetworks.com/resources/podcasts/threat-vector-cybersecurity-in-the-ai-era-insights-from-unit-42s-kyle-wilhoit-director-of-threat-research

Learn more about Unit 42's threat research at https://unit42.paloaltonetworks.com/.

Related episodes: For more conversations about AI's impact on cybersecurity, career development in security, and insights from Unit 42 researchers, explore past episodes at https://www.paloaltonetworks.com/podcasts/threat-vector.

Join the conversation on our social media channels:

Website: http://www.paloaltonetworks.com/
Threat Research: ⁠⁠⁠⁠https://unit42.paloaltonetworks.com/⁠⁠⁠⁠
Facebook: ⁠⁠⁠⁠https://www.facebook.com/LifeatPaloAltoNetworks/⁠⁠⁠⁠
LinkedIn: ⁠⁠⁠⁠https://www.linkedin.com/company/palo-alto-networks/
YouTube: ⁠⁠⁠⁠@paloaltonetworks
Twitter: ⁠⁠⁠⁠https://twitter.com/PaloAltoNtwks⁠⁠⁠⁠

About Threat Vector

Threat Vector, Palo Alto Networks podcast, is your premier destination for security thought leadership. Join us as we explore pressing cybersecurity threats, robust protection strategies, and the latest industry trends.

The podcast features in-depth discussions with industry leaders, Palo Alto Networks experts, and customers, providing crucial insights for security decision-makers.

Palo Alto Networks

Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile. ⁠http://paloaltonetworks.com⁠

Learn more about your ad choices. Visit megaphone.fm/adchoices

Chetan Conikee: Create narratives of your journey. [CTO] [Career Notes]

Sun, 12 Oct 2025 07:00:00 -0000

Please enjoy this encore of Career Notes.

Founder and CTO of ShiftLeft, Chetan Conikee shares his story from computer science to founding his own company. When choosing a career, Chetan notes that "the liking and doing has to matter and be in conjunction with each other." Explaining the parallels in his home country of India and where he studied his for his masters in the US, Chetan stresses the need to find someone who inspires you to follow and learn from. On being an entrepreneur, he says, "The entrepreneurial mindset is a sum total of many sufferings that lead to success." Chethan advises you take time out to write narratives so that you are remembered and so that others following a similar path may learn from you. We thank Chetan for sharing his story with us.

Learn more about your ad choices. Visit megaphone.fm/adchoices

No honor among thieves. [Research Saturday]

Sat, 11 Oct 2025 07:00:00 -0000

John Fokker, Head of Threat Intelligence at Trellix is discussing "Gang Wars: Breaking Trust Among Cyber Criminals." Trellix researchers reveal how the once-organized ransomware underworld is collapsing under its own paranoia.

Once united through Ransomware-as-a-Service programs, gangs are now turning on each other — staging hacks, public feuds, and exit scams as trust evaporates. With affiliates jumping ship and rival crews sabotaging each other, the RaaS model is fracturing fast, signaling the beginning of the end for ransomware’s criminal empires.

The research can be found here:

⁠⁠⁠⁠Gang Wars: Breaking Trust Among Cyber Criminals

Learn more about your ad choices. Visit megaphone.fm/adchoices

When the breachers get breached.

Fri, 10 Oct 2025 20:10:00 -0000

International law enforcement take down the Breachforums domains. Researchers link exploitation campaigns targeting Cisco, Palo Alto Networks, and Fortinet. Juniper Networks patches over 200 vulnerabilities. Apple and Google update their bug bounties. Evaluating AI use in application security (AppSec) programs. Microsegmentation can contain ransomware much faster and yield better cyber insurance terms. The new RondoDox botnet exploits over 50 vulnerabilities. Researchers tag 13 unpatched Ivanti Endpoint Manager flaws. Our guest is Jason Manar, CISO of Kaseya, sharing his insight into how the private and public sectors can work together for national security. Hackers mistake a decoy for glory.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by ⁠Jason Manar⁠, CISO of ⁠Kaseya⁠, sharing his insight into how the private and public sectors can/must work together for national security.

Selected Reading

FBI takes down BreachForums portal used for Salesforce extortion (Bleeping Computer)

Cisco, Fortinet, Palo Alto Networks Devices Targeted in Coordinated Campaign (SecurityWeek)

Juniper Networks Patches Critical Junos Space Vulnerabilities (OffSeq)

Apple Announces $2 Million Bug Bounty Reward for the Most Dangerous Exploits (WIRED)

Google Launches AI Bug Bounty with $30,000 Top Reward (Infosecurity Magazine)

In AI We Trust? Increasing AI Adoption in AppSec Despite Limited Oversight (Fastly)

Reducing Risk: Microsegmentation Means Faster Incident Response, Lower Insurance Premiums for Organizations (Akamai)

RondoDox Botnet Takes ‘Exploit Shotgun’ Approach (SecurityWeek)

ZDI Drops 13 Unpatched Ivanti Endpoint Manager Vulnerabilities (SecurityWeek)

Pro-Russian hackers caught bragging about attack on fake water utility (The Record)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Cyber defenders pulled into deportation duty.

Thu, 09 Oct 2025 20:10:00 -0000

DHS reassigns cyberstaff to immigration duties. A massive DDoS attack disrupts several major gaming platforms. Discord refuses ransom after a third-party support system breach. Researchers examine Chaos ransomware and creative log-poisoning web intrusions. The FCC reconsiders its telecom data breach disclosure rule. Experts warn of teen recruitment in pro-Russian hacking operations. Ukraine’s parliament approves the establishment of Cyber Forces. Troy Hunt criticizes data breach injunctions as empty gestures. Our guest is Sarah Graham from the Atlantic Council’s Cyber Statecraft Initiative (CSI) discussing their report, "Mythical Beasts: Diving into the depths of the global spyware market." And, Spy Dog’s secret site goes off leash.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Sarah Graham from the Atlantic Council’s Cyber Statecraft Initiative (CSI) discussing their work and findings on "Mythical Beasts: Diving into the depths of the global spyware market."

Selected Reading

Homeland Security Cyber Personnel Reassigned to Jobs in Trump’s Deportation Push (Bloomberg)

Massive DDoS Attack Knocks Out Steam, Riot, and Other Services (Windows Report)

Hackers claim Discord breach exposed data of 5.5 million users (Bleeping Computer)

The Evolution of Chaos Ransomware: Faster, Smarter, and More Dangerous (FortiGuard Labs)

The Crown Prince, Nezha: A New Tool Favored by China-Nexus Threat Actors (Huntress)

Court Pauses FCC Data Breach Rules as Agency Takes New Look | Regulation (Cablefax)

Arrests Underscore Fears of Teen Cyberespionage Recruitment (Data Breach Today)

Ukraine's parliament backs creation of cyber forces in first reading (The Kyiv Independent)

Troy Hunt: Court Injunctions are the Thoughts and Prayers of Data Breach Response (Troy Hunt)

Spy Dog: Children's books pulled over explicit weblink (BBC News)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Chinese hackers serve up espionage.

Wed, 08 Oct 2025 20:20:00 -0000

Chinese hackers infiltrate a major U.S. law firm. The EU Commission President warns Russia is waging a hybrid war against Europe. Researchers say LoJax is the latest malware from Russia’s Fancy Bear. Salesforce refuses ransom demands. London Police arrest two teens over an alleged ransomware attack on a preschool. Microsoft tightens Windows 11 setup restrictions. SINET and DataTribe spotlight 2025 cybersecurity innovators. On our Industry Voices segment, we are joined by Sean Deuby, Semperis Principal Technologist, discussing identity system security and the growth of the HIP Conference. Employees overshare with ChatGPT.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On our Industry Voices segment, we are joined by ⁠Sean Deuby⁠, ⁠Semperis⁠ Principal Technologist, discussing identity system security and the growth of the ⁠HIP Conference⁠ while highlighting some of the keynotes and presentations. If you want to hear the full conversation, you can tune in here.

Selected Reading

Chinese Hackers Said to Target U.S. Law Firms (The New York Times)

Russia is at ‘hybrid war’ with Europe, warns EU chief, calling for members ‘to take it very seriously’ (The Record)

What you need to know about “LoJax”, the new, stealthy malware from Fancy Bear (ESET)

Salesforce refuses to pay ransom over widespread data theft attacks (Bleeping Computer)

Teens arrested in London preschool ransomware attack (The Register)

Microsoft kills more Microsoft Account bypasses in Windows 11 (Bleeping Computer)

SINET Announces the 2025 SINET16 Innovator Awards (BusinessWire)

DataTribe Announces Finalists for Eighth Annual Cybersecurity Startup Challenge (DataTribe)

Employees regularly paste company secrets into ChatGPT (The Register)

One-man spam campaign ravages EU ‘chat control’ bill (POLITICO)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Critical GoAnywhere bug fuels ransomware wave.

Tue, 07 Oct 2025 20:10:00 -0000

Microsoft tags a critical vulnerability in Fortra’s GoAnywhere software. A critical Redis vulnerability could allow remote code execution. Researchers tie BIETA to China’s MSS technology enablement. Competing narratives cloud the Oracle E-Business Suite breach. An Ohio-based vision care firm will pay $5 million to settle phishing-related data breach claims. “Trinity of Chaos” claims to be a new ransomware collective. LinkedIn files a lawsuit against an alleged data scraper. This year’s Nobel Prize in Physics recognizes pioneering research into quantum mechanical tunneling. On today’s Industry Voices segment, we are joined by Alastair Paterson from Harmonic Security, discussing shadow AI and the new era of work. Australia’s AI-authored report gets a human rewrite.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On today’s Industry Voices segment, we are joined by Alastair Paterson, CEO and Co-Founder of Harmonic Security, discussing shadow AI and the new era of work. You can hear the full conversation with Alastair here.

Selected Reading

Microsoft: Critical GoAnywhere Bug Exploited in Medusa Ransomware Camp (Infosecurity Magazine)

Redis warns of critical flaw impacting thousaRends of instances (Bleeping Computer)

BIETA: A Technology Enablement Front for China's MSS (Recorded Future)

Well, Well, Well. It’s Another Day. (Oracle E-Business Suite Pre-Auth RCE Chain - CVE-2025-61882) (Labs)

EyeMed Agrees to Pay $5M to Settle Email Breach Litigation (Govinfo Security)

Ransomware Group “Trinity of Chaos” Launches Data Leak Site (Infosecurity Magazine)

LinkedIn sues ProAPIs for using 1M fake accounts to scrape user data (Bleeping Computer)

The Nobel Prize for physics is awarded for discoveries in quantum mechanical tunneling (NPR)

Deloitte refunds Australian government over AI in report (The Register)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire Daily podcast is a production of N2K Networks, your source for critical industry insights, strategic intelligence, and performance-driven learning products. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Oracle zero-day serves up persistent access.

Mon, 06 Oct 2025 20:10:00 -0000

A critical zero-day in Oracle E-Business Suite is under active exploitation. ICE plans a major expansion of its social media surveillance operations. Discord confirms a third-party data breach. A critical vulnerability in the Unity game engine could allow arbitrary code execution. New variants of the XWorm remote access trojan spread through phishing campaigns. Researchers uncover a critical command injection flaw in Dell UnityVSA storage appliances. There’s been a sharp surge in reconnaissance scans targeting Palo Alto Networks login portals. A new hacking competition offers $4.5 million in prizes for exploits targeting major cloud and AI software. Monday Business Brief. On our Afternoon Cyber Tea segment with Microsoft’s Ann Johnson, Ann and guest Volker Wagner⁠, Chief Information Security Officer at BASF, share some Lessons from the Frontlines of Industrial Security. Don’t spend that ParkMobile settlement all in one place.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

Afternoon Cyber Tea Segment

Today we are highlighting Afternoon Cyber Tea with Ann Johnson. Ann and guest Volker Wagner⁠, Chief Information Security Officer at BASF, share some Lessons from the Frontlines of Industrial Security. You can listen to Ann and Volker's full conversation⁠ here⁠ and catch new episodes of Afternoon Cyber Tea every other Tuesday on your favorite podcast app.

Selected Reading

PoC Exploit Released for Remotely Exploitable Oracle E-Business Suite 0-Day Vulnerability (Cyber Security News)

ICE Wants to Build Out a 24/7 Social Media Surveillance Team (WIRED)

Discord blames third-party support outfit for data breach (The Register)

Android and Windows gamers worldwide potentially affected by bug in Unity game engine (The Record)

XWorm malware resurfaces with ransomware module, over 35 plugins (Bleeping Computer)

Patch Now: Dell UnityVSA Flaw Allows Command Execution Without Login (HackRead)

Scanning of Palo Alto Portals Surges 500% (Infosecurity Magazine)

$4.5 Million Offered in New Cloud Hacking Competition (SecurityWeek)

Accenture acquires Japanese AI and DX provider, Aidemy Inc. (N2K Pro Business Briefing)

ParkMobile pays... $1 each for 2021 data breach that hit 22 million (Bleeping Computer)

Vote for Dave!

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our ⁠brief listener survey⁠. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Sloane Menkes: What is the 2%? [Consultant] [Career Notes]

Sun, 05 Oct 2025 07:00:00 -0000

Please enjoy this encore of Career Notes.

Principal in PricewaterhouseCoopers Cyber Risk and Regulatory Practice, Sloane Menkes, shares her story of how non-linear math helped to shape her life and career. Sloane credits a high school classmate for inspiring her mantra "What is the 2%?" that she employs when she feels like things are shutting down. She talks about her experiences in calculus class at the US AIr Force Academy that helped to enlighten her and inform the intuitive problem solving skill or way of thinking that she'd been employing in her life. She joined Office of Special Investigations and working with Howard Schmidt is where Sloane first started to get interested in cybersecurity. She shares what she loves about the consulting role is that the environment is constantly changing, and she offers some advice for women interested in cybersecurity. We thank Sloane for sharing her story with us.

Learn more about your ad choices. Visit megaphone.fm/adchoices

2025 DataTribe Challenge: Forging the future of cyber. [Special Edition]

Sun, 05 Oct 2025 07:00:00 -0000

The DataTribe Challenge is a launchpad for elite cybersecurity and cyber-adjacent startups ready to break out. 2025 marks the 8th annual edition of the event with a change in venue and some exciting new updates.

We take you on a journey from inception with Leo Scott, Managing Director and Chief Innovation Officer at DataTribe, and 3 past DataTribe Challenge winners at different levels on their growth tracks following their participation in the event. You'll meet Anita D'Amico, former CEO of Code DX (acquired by Synopsis in 2021) and 2019 winner; Greg Baker, Co-Founder of Balance Theory and 2022 winner; and Brian Proctor, Founder and CEO of Frenos and 2024 winner.

Learn more about your ad choices. Visit megaphone.fm/adchoices

China’s stealthiest spy operation yet. [Research Saturday]

Sat, 04 Oct 2025 07:00:00 -0000

Assaf Dahan, Director of Threat Research, Cortex XDR, at Palo Alto Networks, discussing Phantom Taurus, a new China APT uncovered by Unit 42. Unit 42 researchers have identified Phantom Taurus, a newly designated Chinese state-aligned APT conducting long-term espionage against government and telecommunications organizations across Africa, the Middle East, and Asia.

Distinguished by its stealth, persistence, and rare tactics, the group has recently shifted from email-focused data theft to directly targeting databases and deploying a powerful new malware suite called NET-STAR, designed to compromise IIS web servers and evade detection. This suite, featuring modular, fileless backdoors and advanced evasion capabilities, marks a significant evolution in Phantom Taurus’ operations and underscores the group’s strategic intelligence-gathering objectives.

The research can be found here:

⁠Phantom Taurus: A New Chinese Nexus APT and the Discovery of the NET-STAR Malware Suite

Learn more about your ad choices. Visit megaphone.fm/adchoices

WhatsApp worm spreads.

Fri, 03 Oct 2025 20:10:00 -0000

A fast-spreading malware campaign is abusing WhatsApp as both lure and launchpad. Carmaker Renault suffers a data breach. DrayTek patches a critical router flaw. CISA alerts cover a range of vulnerabilities. A new phishing kit lowers the bar for convincing lures. A Catholic hospital network pays $7.6 million to settle data breach litigation. A major breach at FEMA exposes employee data. Google expands Gmail’s end-to-end encryption (E2EE) capabilities. On our Industry Voices segment, we are joined by Brian Vecci, Field CTO at Varonis, discussing move fast but don’t break things: Innovating at light speed without putting data at risk. The UK’s digital ID is a solution in search of a mandate.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On our Industry Voices segment, we are joined by Brian Vecci, Field CTO at Varonis, discussing move fast but don’t break things: Innovating at light speed without putting data at risk. You can listen to Brian’s full conversation here.

Selected Reading

Threat Actors Leveraging WhatsApp Messages to Attack Windows Systems With SORVEPOTEL Malware (Cybersecurity News)

Major car maker confirms customer data stolen in cyber attack (The Independent)

Unauthenticated RCE Flaw Patched in DrayTek Routers (SecurityWeek)

Organizations Warned of Exploited Meteobridge Vulnerability (SecurityWeek)

CISA Releases Two Industrial Control Systems Advisories (CISA.gov)

New ‘point-and-click’ phishing kit simplifies malicious attachment creation (SC Media)

Hospital Chain to Pay $7.6M to Settle Breach Litigation (Bank Inforsecurity)

FEMA cyber breach exposes employee data (SC Media)

Gmail business users can now send encrypted emails to anyone (Bleeping Computer)
UK government says digital ID won't be compulsory – honest (The Register)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA furlough sparks fears.

Thu, 02 Oct 2025 20:10:00 -0000

CISA furloughs most of its workforce due to the government shutdown. The U.S. Air Force confirms it is investigating a SharePoint related breach. Google warns of a large-scale extortion campaign targeting executives. Researchers uncover Android spyware campaigns disguised as popular messaging apps. An extortion group claims to have breached Red Hat’s private GitHub repositories. A software provider for recreational vehicle and power sport dealers suffers a ransomware breach. Patchwork APT deploys a new Powershell loader using scheduled tasks for persistence. A Tennessee Senator urges aggressive U.S. action to prepare for a post-quantum future. Cynthia Kaiser, SVP of Halcyon’s Ransomware Research Center and former Deputy Assistant Director at the FBI’s Cyber Division, joins us with insights on the government shutdown. A Malaysian man pleads guilty to supporting a massive crypto fraud. Protected health info is not a marketing tool.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Cynthia Kaiser, SVP of Halcyon’s Ransomware Research Center and former Deputy Assistant Director at the FBI’s Cyber Division, joins us with insights on the government shutdown.

Selected Reading

Shutdown guts U.S. cybersecurity agency at perilous time (CISA)

Air Force admits SharePoint privacy issue; reports of breach (The Register)

Google warns executives are being targeted for extortion with leaked Oracle data (IT Pro)

Researchers uncover spyware targeting messaging app users in the UAE (The Record)

Red Hat confirms security incident after hackers claim GitHub breach (Bleeping Computer)

766,000 Impacted by Data Breach at Dealership Software Provider Motility (Security Week)

Patchwork APT: Leveraging PowerShell to Create Scheduled Tasks and Deploy Final Payload (GB Hackers)

GOP senator confirms pending White House quantum push, touts legislative alternatives (CyberScoop)

Bitcoin Fixer Convicted for Role in Money Laundering Scheme (Bank Infosecurity)
Nursing Home Fined $182K for Posting Patient Photos Online (Bank Infosecurity)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

When politics break the firewall.

Wed, 01 Oct 2025 20:10:00 -0000

Major federal cybersecurity programs expire amidst the government shutdown. Global leaders and experts convene in Riyadh for the Global Cybersecurity Forum. NIST tackles removable media. ICE buys vast troves of smartphone location data. Researchers claim a newly patched VMware vulnerability has been a zero-day for nearly a year. ClickFix-style attacks surge and spread across platforms. Battering RAM defeats memory encryption and boot-time defenses. A new phishing toolkit converts ordinary PDFs into interactive lures. A trio of breaches exposes data of 3.7 million across North America. Tim Starks from CyberScoop unpacks a report from Senate Democrats on DOGE. The Lone Star State proves even the internet isn’t bulletproof.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Tim Starks, Senior Reporter from CyberScoop, is back and joins Dave to discuss a report from Senate Democrats on the Department of Government Efficiency (DOGE). You can read Tim’s article on the subject here.

Selected Reading

Cyber information-sharing law and state grants set to go dark as Congress stalls over funding (The Record)

Live - Global Cybersecurity Forum in Riyadh tackles how technology can shape future of cyberspace (Euronews)

NIST Publishes Guide for Protecting ICS Against USB-Borne Threats (SecurityWeek)

ICE to Buy Tool that Tracks Locations of Hundreds of Millions of Phones Every Day (404 Media)

Broadcom Fails to Disclose Zero-Day Exploitation of VMware Vulnerability (SecurityWeek)

Don’t Sweat the ClickFix Techniques: Variants & Detection Evolution (Huntress)

Battering RAM Attack Breaks Intel and AMD Security Tech With $50 Device (SecurityWeek)

New MatrixPDF toolkit turns PDFs into phishing and malware lures (Bleeping Computer)

3.7M breach notification letters set to flood North America's mailboxes (The Register)

A Bullet Crashed the Internet in Texas (404 Media)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

One flaw to rule the root.

Tue, 30 Sep 2025 20:10:00 -0000

CISA issues an urgent warning about active exploitation of a critical vulnerability in the sudo utility. Broadcom patches two high-severity vulnerabilities in VMware NSX. South Korea raises its national cyber threat level after a datacenter fire. Formbricks patches a critical token validation flaw. Microsoft blocks a credential phishing campaign that made use of malicious SVG files. Landlords are accused of scraping sensitive payroll data. Cybercriminals lay the groundwork for large-scale FIFA fraud. Burnout takes a heavy toll on cybersecurity professionals. On our Threat Vector segment, host David Moulton⁠ is joined by⁠ Kyle Wilhoit⁠ talking about the evolution of hacker culture and cybersecurity. London police bag the biggest bitcoin bust.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On this Threat Vector segment, host David Moulton⁠ is joined by⁠ Kyle Wilhoit⁠ of Unit 42 talking about the evolution of hacker culture and cybersecurity. You can listen to the full conversation⁠ here⁠, and catch new episodes of Threat Vector each Thursday in your podcast app of choice.

Selected Reading

CISA Issues Alert on Active Exploitation of Linux and Unix Sudo Flaw (GB Hackers)

Broadcom fixes high-severity VMware NSX bugs reported by NSA (Bleeping Computer)

South Korea raises cyber threat level after huge data centre fire sparks hacking fears (The Guardian)

JWT signature verification bypass enables account takeover in Formbricks (Beyond Machines)

Microsoft Flags AI Phishing Attack Hiding in SVG Files (Hackread)

Landlords Demand Tenants’ Workplace Logins to Scrape Their Paystubs (404 Media)

Playing Offside: How Threat Actors Are Warming Up for FIFA 2026 (Check Point Blog)

Why burnout is a growing problem in cybersecurity (BBC)

Chinese woman convicted after 'world's biggest' bitcoin seizure (BBC)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

The November that never ended.

Mon, 29 Sep 2025 20:10:00 -0000

A Chinese state-sponsored group exploited enterprise devices in a global espionage effort. The UK Government guarantees £1.5 billion financing to help Jaguar Land Rover’s recovery efforts. A maximum-severity flaw in Fortra’s GoAnywhere Managed File Transfer product is under active exploitation. The AI boom faces sustainability questions. Akira ransomware bypasses MFA on SonicWall devices. Dutch teens are arrested for allegedly spying for Russia. Luxury retailer Harrods confirms a data breach. An Interpol crackdown targets African cybercrime rings. We’ve got our Monday business briefing. Brandon Karpf joins us to discuss the cybersecurity ecosystem in Japan. Cyber crooks offer a BBC journalist an early retirement package.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today our guest is Brandon Karpf, friend of the show, and he joins to discuss the Cybersecurity ecosystem in Japan.

Selected Reading

Chinese hackers breached critical infrastructure globally using enterprise network gear (CSO Online)

UK government bails out Jaguar Land Rover with $2 billion loan (Metacurity)

Maximum severity GoAnywhere MFT flaw exploited as zero day (Bleeping Computer)

The AI boom is unsustainable unless tech spending goes ‘parabolic,’ Deutsche Bank warns: ‘This is highly unlikely’ (Fortune)

Akira ransomware breaching MFA-protected SonicWall VPN accounts (Bleeping Computer)

Dutch teens arrested for trying to spy on Europol for Russia (Bleeping Computer)

Harrods: Hackers contact firm after 430,000 customer records stolen (BBC)

Africa cybercrime crackdown includes hundreds of arrests, Interpol says (The Record)

Cyberbit acquires RangeForce. Terra Security raises $30 million. (N2K Pro)

'You'll never need to work again': Criminals offer reporter money to hack BBC (BBC)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Joe Carrigan: Build your network. [Security engineer] [Career Notes]

Sun, 28 Sep 2025 07:00:00 -0000

Please enjoy this encore of Career Notes.

Senior security engineer with the Johns Hopkins University Information Security Institute and the Institute for Assured Autonomy, Joe Carrigan, shares what he calls his life mistake and what spurred him to finally choose a career in technology. Throughout his life, Joe had interest in technology, he even worked at the computer lab in college, but never set his sights on that for a career. A conversation with a stranger guided him in that direction and he's been there ever since. As co-host of the CyberWire's Hacking Humans, Joe sees some heartbreaking results of scams and feels education of the public will help to prevent these. Joe reminds us to build our networks as they include people we can always go back to either when searching for a position or looking to fill one on our teams. We thank Joe for sharing his story with us.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Sunny-side spyware. [Research Saturday]

Sat, 27 Sep 2025 07:00:00 -0000

This week, we are joined by Martin Zugec, Technical Solutions Director from Bitdefender, sharing their work and findings on "EggStreme Malware: Unpacking a New APT Framework Targeting a Philippine Military Company. A newly identified Chinese APT group has been observed deploying a sophisticated, fileless malware framework called EggStreme against a Philippine military company.

The multi-stage toolkit uses DLL sideloading and in-memory execution to evade detection, with its core backdoor, EggStremeAgent, enabling reconnaissance, lateral movement, keylogging, and data theft. Researchers note the campaign’s persistence and stealth highlight professional, geopolitically motivated espionage activity linked to Chinese national interests.

The research can be found here:

EggStreme Malware: Unpacking a New APT Framework Targeting a Philippine Military Company

Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA sounds the alarm on Cisco flaws.

Fri, 26 Sep 2025 20:10:00 -0000

CISA gives federal agencies 24 hours to patch a critical Cisco firewall bug. Researchers uncover the first known malicious MCP server used in a supply chain attack. The New York SIM card threat may have been overblown. Microsoft tags a new variant of the XCSSET macOS malware. An exposed auto insurance claims database puts PII at risk. Amazon will pay $2.5 billion to settle dark pattern allegations. Researchers uncover North Korea’s hybrid playbook of cybercrime and insider threats. An old Hikvision security camera vulnerability rears its ugly head. Dan Trujillo from the Air Force Research Laboratory’s Space Vehicles Directorate joins Maria Varmazis, host of T-Minus Space Daily to discuss how his team is securing satellites and space systems from cyber threats. DOGE delivers dysfunction, disarray, and disappointment.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest

Dan Trujillo from the Air Force Research Laboratory’s Space Vehicles Directorate joins Maria Varmazis, host of T-Minus Space Daily to discuss how his team is securing satellites and space systems from cyber threats and also shares advice for breaking into the fast-growing field of space cybersecurity

Selected Reading

Federal agencies given one day to patch exploited Cisco firewall bugs (The Record)

First malicious MCP Server discovered, stealing data from AI-Powered email systems (Beyond Machines)

Secret Service faces backlash over SIM farm bust as experts challenge threat claims (Metacurity)

Microsoft warns of new XCSSET macOS malware variant targeting Xcode devs (Bleeping Computer)

Microsoft cuts off cloud services to Israeli military unit after report of storing Palestinians' phone calls (CNBC)

Auto Insurance Platform Exposed Over 5 Million Records Including Documents Containing PII (Website Planet)

Amazon pays $2.5 billion to settle Prime memberships lawsuit (Bleeping Computer)

DeceptiveDevelopment: From primitive crypto theft to sophisticated AI-based deception (We Live Security)

Critical 8 years old Hikvision Camera flaw actively exploited again (Beyond Machines)

The Story of DOGE, as Told by Federal Workers (WIRED)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Critical GoAnywhere bug exposed.

Thu, 25 Sep 2025 20:10:00 -0000

Fortra flags a critical flaw in its GoAnywhere Managed File Transfer (MFT) solution. Cisco patches a critical vulnerability in its IOS and IOS XE software. Cloudflare thwarts yet another record DDoS attack. Rhysida ransomware gang claims the Maryland Transit cyberattack. The new “Obscura” ransomware strain spreads via domain controllers. Retailers’ use of generative AI expands attack surfaces. Researchers expose GitHub Actions misconfigurations with supply chain risk. Mandiant links the new BRICKSTORM backdoor to a China-based espionage campaign. Kansas students push back against an AI monitoring tool. Ben Yelin speaks with Michele Kellerman, Cybersecurity Engineer for Air and Missile Defense at Johns Hopkins University Applied Physics Lab, discussing Women's health apps and the legal grey zone that they create with HIPAA. Senators push the FTC to regulate your brainwaves.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Ben Yelin, co-host of Caveat, is speaking with Michele Kellerman, Cybersecurity Engineer for Air and Missile Defense at Johns Hopkins University Applied Physics Lab, about Women's health apps and the legal grey zone that they create with HIPAA. If you want to hear the full conversation, check it out on Caveat, here.

Selected Reading

Critical CVSS 10 Flaw in GoAnywhere File Transfer Threatens 20,000 Systems (HackRead)

Cisco IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution Vulnerability (Cisco)

Cloudflare mitigates new record-breaking 22.2 Tbps DDoS attack (Bleeping Computer)

Ransomware gang known for government attacks claims Maryland transit incident (The Record)

Obscura, an obscure new ransomware variant (Bleeping Computer)

Threat Labs Report: Retail 2025 (Netskope)

pull_request_nightmare Part 1: Exploiting GitHub Actions for RCE and Supply Chain Attacks (Orca)

China-linked hackers use ‘BRICKSTORM’ backdoor to steal IP (The Record)

AI safety tool sparks student backlash after flagging art as porn, deleting emails (The Washington Post)

Senators introduce bill directing FTC to establish standards for protecting consumers’ neural data (The Record)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

AI to the rescue.

Wed, 24 Sep 2025 20:10:00 -0000

British authorities arrest a man in connection with the Collins Aerospace ransomware attack. CISA says attackers breached a U.S. federal civilian executive branch agency last year. Researchers uncover two high-severity vulnerabilities in Supermicro server motherboards. A Las Vegas casino operator confirms a cyber attack. Analysts track multiple large-scale, automated email phishing campaigns. Libraesva issues an emergency patch for its Email Security Gateway. Our guest is Jason Clark, Chief Strategy Officer (CSO) at Cyera, tackling the security threat of Agentic AI. Robocars get misdirected by mirrors.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On our Industry Voices segment, we are joined by Jason Clark, Chief Strategy Officer (CSO) at Cyera, discussing tackling the security industry's biggest threat: Agent AI. If you want to hear the full conversation from Jason, you can check it out here.

Selected Reading

UK police arrest man over hack that affected European airports (Reuters)

AI tool helped recover £500m lost to fraud, government says (BBC)

CISA says hackers breached federal agency using GeoServer exploit (Bleeping Computer)

Supermicro server motherboards can be infected with unremovable malware (Ars Technica)

Boyd Gaming Suffers Cyberattack, Data Breach (Casino.org)

Email Threat Radar – September 2025 (Barracuda)

Revamped Phishing Techniques: How Telegram and Front-End Hosting Platforms Scale Campaigns (Forescout)

GitHub notifications abused to impersonate Y Combinator for crypto theft (Bleeping Computer)

Libraesva ESG issues emergency fix for bug exploited by state hackers (Bleeping Computer)

Fooling a self-driving car with mirrors on traffic cones (The Register)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Espionage in the airwaves.

Tue, 23 Sep 2025 20:10:00 -0000

The Secret Service dismantles an illegal network. Jaguar Land Rover (JLR) extends the shutdown production plants. The EU probes tech giants over online scams. Iranian APT Nimbus Manticore expands operations in Europe. North Korean Kimsuky deploys a shortcut-based espionage campaign. Github and Ruby Central roll out supply-chain security upgrades. Lastpass warns of macOS ClickFix campaign using fake GitHub repos. AT&T’s CISO warns hackers mimic Salt Typhoon's unconventional tactics. CISO Perspectives host Kim Jones previews the upcoming season. An attorney pays $10K for AI hallucinations.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

CISO Perspectives host Kim Jones previews the upcoming season, sharing what’s ahead for listeners. From leadership challenges to the evolving role of the CISO, Kim highlights the conversations and insights you can expect this season.You can check out the season opener here.

Selected Reading

Cache of Devices Capable of Crashing Cell Network Is Found Near U.N. (The New York Times)

Secret Service Disrupts Threat Network Near UN General Assembly (YouTube)

JLR extends shutdown – again – as toll on workers laid bare (The Register)

The EU is scrutinizing how Apple, Google, and Microsoft tackle online scams (The Verge)

Nimbus Manticore Deploys New Malware Targeting Europe (Check Point Research)

Kimsuky attack disguised as sex offender notice information (Logpresso)

GitHub tightens npm security with mandatory 2FA, access tokens (Bleeping Computer)

NPM package caught using QR Code to fetch cookie-stealing malware (Bleeping Computer)

LastPass: Fake password managers infect Mac users with malware (Bleeping Computer)

Telecom exec: Salt Typhoon inspiring other hackers to use unconventional techniques (CyberScoop)

Attorney Slapped With Hefty Fine for Citing 21 Fake, AI-Generated Cases (PCMag)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Grounded by ransomware.

Mon, 22 Sep 2025 20:10:00 -0000

A major ransomware attack disrupts airport operations across Europe. Congress is on the verge of letting major cyber legislation expire. A critical flaw nearly allowed total compromise of every Entra ID tenant. Automaker Stellantis confirms a data breach. Fortra patches a critical flaw in its GoAnywhere MFT software. Europol leads a major operation against online child sexual exploitation. Three of the cybersecurity industry’s biggest players opt out of MITRE’s 2025 ATT&CK Evaluations. A compromised Steam game drains a cancer patient’s donations. Business Breakdown. Andrzej Olchawa and Milenko Starcik from VisionSpace join Maria Varmazis, host of T-Minus Space on hacking satellites. How one kid got tangled in Scattered Spider’s web.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Andrzej Olchawa and Milenko Starcik from VisionSpace are speaking with Maria Varmazis, host of T-Minus Space on hacking satellites.

Selected Reading

EU cyber agency says airport software held to ransom by criminals (BBC News)

Cyber threat information law hurtles toward expiration, with poor prospects for renewal (CyberScoop)

Microsoft Entra ID flaw allowed hijacking any company's tenant (Bleeping Computer)

Stellantis says a third-party vendor spilled customer data (The Register)

Fortra Patches Critical GoAnywhere MFT Vulnerability (SecurityWeek)

AI Forensics Help Europol Track 51 Children in Global Online Abuse Case (HackRead)

Cyber Threat Detection Vendors Pull Out of MITRE Evaluations Test (Infosecurity Magazine)

Verified Steam game steals streamer's cancer treatment donations (Bleeping Computer)

CrowdStrike and Check Point intend to acquire AI security firms. (N2K CyberWire Business Briefing)

‘I Was a Weird Kid’: Jailhouse Confessions of a Teen Hacker (Bloomberg)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Roselle Safran: So much opportunity. [Entrepreneur] [Career Notes]

Sun, 21 Sep 2025 07:00:00 -0000

Please enjoy this encore of Career Notes.

CEO and Founder of KeyCaliber, Roselle Safran, takes us on her circuitous career journey from startup to White House and back to startup again. With a degree in civil engineering, Roselle veered off into a more technical role at a startup and she says "caught the startup bug." After convincing a hiring manager that she could learn on the job, she transitioned to computer forensics and started on the path of cybersecurity. Roselle worked in government for the Department of Homeland Security and then to the Executive Office of the President leading all of the security operations. She jumped back into the world of startups and has stayed there. Roselle tells people interested in a career in cybersecurity to just apply. Learn as much as you can and go for it. We thank Roselle for sharing her story with us.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Browser attacks without downloads. [Research Saturday]

Sat, 20 Sep 2025 07:00:00 -0000

Today we are joined by Nati Tal, Head of Guardio Labs, discussing their work “CAPTCHAgeddon” or unmasking the viral evolution of the ClickFix browser-based threat. CAPTCHAgeddon — Shaked Chen’s deep dive into the ClickFix fake-captcha wave — reveals how a red-team trick morphed into a dominant, download-free browser threat that tricks users into pasting clipboard PowerShell/shell commands and leverages trusted infrastructure, including Google Scripts.
Guardio’s DBSCAN-based payload clustering exposes distinct attacker toolkits and distribution paths — from malvertising and compromised WordPress to social posts and Git repos — and argues defenders need behavioral, intelligence-driven protections, not just signatures.

The research can be found here:

“CAPTCHAgeddon” Unmasking the Viral Evolution of the ClickFix Browser-Based Threat

Learn more about your ad choices. Visit megaphone.fm/adchoices

The email that tricked an AI.

Fri, 19 Sep 2025 20:10:00 -0000

OpenAI patches a ChatGPT flaw that could have exposed Gmail data. CISA documents malware exploiting two Ivanti Endpoint Manager Mobile (EPMM) flaws. WatchGuard patches a critical flaw in its Firebox firewalls. MI6 launches a dark web snitch site. The DoD looks to cut its cybersecurity job hiring time just 25 days. Researchers trick ChatGPT agents into solving CAPTCHAs. A UK teen faces accusations of being part of the Scattered Spider gang. The Senate confirms a new assistant secretary of defense for cyber policy. A former CIA officer is accused of selling classified information to private clients. Karin Ophir Zimet, Torq's Chief People Officer, is speaking with N2K Senior Workforce Analyst Will Markow about their internship program for upleveling AI skills. Russia’s AI propaganda goes prime time.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Karin Ophir Zimet, Torq's Chief People Officer, is speaking with N2K Senior Workforce Analyst Will Markow about their internship program for upleveling AI skills.

Selected Reading

OpenAI Fixed ChatGPT Security Flaw That Put Gmail Data at Risk (Bloomberg)

CISA Analyzes Malware From Ivanti EPMM Intrusions (SecurityWeek)

WatchGuard Issues Fix for 9.3-Rated Firebox Firewall Vulnerability (HackRead)

MI6 upgrades dark web portal to recruit new spies (The Register)

DOD official: We need to drop the cybersecurity talent hiring window to 25 days (CyberScoop)

ChatGPT Tricked Into Solving CAPTCHAs (SecurityWeek)

Scattered Spider teen cuffed after crypto splurge on games (The Register)

Senate confirms Sutton as Pentagon cyber policy chief (The Record)

Contractor Used Classified CIA Systems as ‘His Own Personal Google’ (404 Media)

Russian State TV Launches AI-Generated News Satire Show (404 Media)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Brute force break-in.

Thu, 18 Sep 2025 20:10:00 -0000

SonicWall confirms a breach in its cloud backup platform. Google patches a high-severity zero-day in Chrome. Updates on the Shai-Hulud worm. Chinese phishing emails impersonate the chair of the House China Committee. The UK’s NCA takes the reins of the Five Eyes Law Enforcement Group. RevengeHotels uses AI to deliver VenomRAT to Windows systems. A major VC shares details of a recent ransomware attack. A lawsuit targets automated license plate readers. Our guest is Brock Lupton, Product Strategist at Maltego, discussing the human side of intelligence work. From mic check to malware, a crypto phishing story.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today on our Industry Voices segment, we are joined by Brock Lupton, Product Strategist at Maltego, discussing the human side of intelligence work. You can hear the full conversation with Brock here.

Selected Reading

SonicWall MySonicWall platform breached, firewall config files exposed (Beyond Machines)

Google patches sixth Chrome zero-day exploited in attacks this year (Bleeping Computer)

"Shai-Hulud" Worm Compromises npm Ecosystem in Supply Chain Attack (Palo Alto Networks)

China-backed attackers spoof Congressman for US trade data (The Register)

NCA Singles Out “The Com” as It Chairs Five Eyes Group (Infosecurity Magazine)

New RevengeHotels attack targets Windows with VenomRAT (SC Media)

VC Firm Insight Partners Notifies Victims After Ransomware Breach (Infosecurity Magazine)

Police cameras tracked one driver 526 times in four months, lawsuit says (NBC)

Fake Empire Podcast Invites Target Crypto Industry with macOS AMOS Stealer (HackRead)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Code beneath the sand.

Wed, 17 Sep 2025 20:10:00 -0000

A new self-replicating malware infects the NPM repository. Microsoft and Cloudflare disrupt a Phishing-as-a-Service platform. Researchers uncover a new Fancy Bear backdoor campaign. The VoidProxy phishing-as-a-service (PhaaS) platform targets Microsoft 365 and Google accounts. A British telecom says its ransomware recovery may stretch into November. A new Rowhammer attack variant targets DDR5 memory. Democrats warn proposed budget cuts could slash the FBI’s cyber division staff by half at a heated Senate Judiciary Committee hearing. On our Industry Voices segment, we are joined by Abhishek Agrawal from Material security discussing challenges of securing the Google Workspace. Pompompurin heads to prison.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On our Industry Voices segment, we are joined by Abhishek Agrawal, CEO and Co-Founder of Material Security, discussing challenges of securing the Google Workspace. You can hear Abhishek’s full conversation here.

Selected Reading

Self-Replicating Worm Hits 180+ Software Packages (Krebs on Security)

Microsoft disrupts the RaccoonO365 Phishing-as-a-Service operation, names alleged leader (Help Net Security)

Fancy Bear attacks abuse Office macros, legitimate cloud services (SC Media)

VoidProxy phishing operation targets Microsoft 365, Google accounts (SC Media)

UK telco Colt’s cyberattack recovery seeps into November (The Register)

Ruh-roh. DDR5 memory vulnerable to new Rowhammer attack (The Register)

Senators, FBI Director Patel clash over cyber division personnel, arrests (CyberScoop)

House lawmakers move to extend two key cyber programs, for now (The Record)

BreachForums founder caged after soft sentence overturned (The Register)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

AI chips flow east.

Tue, 16 Sep 2025 20:10:00 -0000

A controversial Trump administration deal gives the U.A.E. access to cutting-edge U.S. AI chips. FlowiseAI warns of a critical account takeover vulnerability. A new social engineering campaign impersonates Meta account suspension notices. A macOS Spotlight 0-day flaw bypasses Apple’s Transparency, Consent, and Control (TCC) protections. Are cost saving from outsourced IT services worth the risk? Poland boosts its cybersecurity budget after a surge in Russian-backed attacks. NTT Group joins the Comm-ISAC. Jaguar Land Rover’s global shutdown continues. A data breach affects millions of customers of top luxury brands. On today's Threat Vector segment, David Moulton⁠ speaks with⁠ Palo Alto Networks’ Spencer Thellmann about the dual challenges of securing employee use of generative AI tools and defending internally built AI models and agents. AI chatbots hustle seniors for science.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

Threat Vector Segment

On today's segment of Threat Vector, host⁠ David Moulton⁠, Director of Thought Leadership for Unit 42, speaks with⁠ Spencer Thellmann⁠, Principal Product Manager at Palo Alto Networks. David and Spencer explore the dual challenges of securing employee use of generative AI tools and defending internally built AI models and agents. You can listen to the full conversation here, and catch new episodes of Threat Vector each Thursday in your podcast app of choice.

Selected Reading

In Giant Deals, U.A.E. Got Chips, and Trump Team Got Crypto Riches (The New York Times)

Critical FlowiseAI password reset flaw exposes accounts to complete takeover (Beyond Machines)

New FileFix attack uses steganography to drop StealC malware (Bleeping Computer)

From Spotlight to Apple Intelligence (Objective- See)

The Elephant in The Biz: outsourcing of critical IT and cybersecurity functions risks UK economic security | by Kevin Beaumont | Sep, 2025 (DoublePulsar)

Russian hackers target Polish hospitals and city water supply (The Financial Times)

NTT Group Joins the U.S. Communications-ISAC (Topics)

Jaguar Land Rover says cyberattack shutdown to last 'at least' another week (The Record)

Bags of info stolen from multiple top luxury brands - double check your data now (TechRadar)

We wanted to craft a perfect phishing scam. AI bots were happy to help (Reuters)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

The return of CISO Perspectives. [CISO Perspectives]

Tue, 16 Sep 2025 06:00:00 -0000

This season on CISO Perspectives—your host, Kim Jones is digging into the issues shaping the future of cybersecurity leadership. From the regulations every CISO needs to understand, to the unexpected places privacy risks are emerging, to the new ways fraud and identity are colliding—these conversations will sharpen your strategies and strengthen your defenses.

Industry leaders join the discussion to share their insights, challenges, and hard-earned lessons. Together, we’ll connect the dots across regulation, privacy, fraud, leadership, and talent—helping you build a stronger, more resilient cybersecurity ecosystem.

This is CISO Perspectives. Real conversations. Real strategies. Real impact.

Learn more about your ad choices. Visit megaphone.fm/adchoices

FBI botnet cleanup backfires.

Mon, 15 Sep 2025 20:10:00 -0000

FBI botnet disruption leaves cybercriminals scrambling to pick up the pieces. Notorious ransomware gangs announce their retirement, but don’t hold your breath. Hacktivists leak data tied to China’s Great Firewall. A new report says DHS mishandled a key program designed to retain cyber talent at CISA. GPUGate malware cleverly evades analysis. WhiteCobra targets developers with malicious extensions. North Korea’s Kimsuky group uses AI to generate fake South Korean military IDs. My guest is Tim Starks from CyberScoop, discussing offensive cyber operations. A cyberattack leaves students hung out to dry.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined once again by Tim Starks from CyberScoop discussing offensive cyber operations. You can read Tim’s article Google previews cyber ‘disruption unit’ as U.S. government, industry weigh going heavier on offense for more background.

Selected Reading

The FBI Destroyed an Internet Weapon, but Criminals Picked Up the Pieces (Wall Street Journal)

15 ransomware gangs ‘go dark’ to enjoy 'golden parachutes' (The Register)

600 GB of Alleged Great Firewall of China Data Published in Largest Leak Yet (HackRead)

China Enforces 1-Hour Cybersecurity Incident Reporting (The Cyber Express)

DHS watchdog finds mismanagement in critical cyber talent program (FedScoop)

GPUGate Malware: Malicious GitHub Desktop Implants Use Hardware-Specific Decryption, Abuse Google Ads to Target Western Europe (Arctic Wolf)

'WhiteCobra' floods VSCode market with crypto-stealing extensions (Bleeping Computer)

AI-Forged Military IDs Used in North Korean Phishing Attack (Infosecurity Magazine)

Mitsubishi to acquire Nozomi Networks for nearly $1 billion. (N2K CyberWire Business Briefing)

Dutch students denied access to jailbroken laundry machines (The Register)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Helen Patton: A platform to talk about security. [CISO] [Career Notes]

Sun, 14 Sep 2025 07:00:00 -0000

Please enjoy this encore of Career Notes.

Advisory CISO at Cisco, Helen Patton, shares that a combination of dumb luck, hard work and serendipity that got her to where she is today. Growing up in the country in Australia, Helen notes that computers were not really a thing. She happened into technology after moving to the US, as she was the only person in her office under 40. Of course she would be comfortable with computers and able to handle a database conversion, right? That launched her into a career that spanned supporting small nonprofits, working at one of the biggest banks on Wall Street while leading a global team, being the CISO of a major university, and now Advisory CISO at Cisco. Helen recently wrote a book, "Navigating the Cybersecurity Career Path," to help others know when it's time to move on from one role to another role as part of desire to give back to the community. We thank Helen for sharing her story with us.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Data leak without a click. [Research Saturday]

Sat, 13 Sep 2025 07:00:00 -0000

Today we are joined by Amanda Rousseau, Principal AI Security Researcher from Straiker, discussing their work on "The Silent Exfiltration: Zero‑Click Agentic AI Hack That Can Leak Your Google Drive with One Email." Straiker’s research found that enterprise AI agents can be silently manipulated to leak sensitive data, even without user clicks or alerts. By chaining small gaps across tools like Gmail, Google Drive, and calendars, attackers achieved zero-click exfiltration, system mapping, and even policy rewrites. The findings highlight that excessive agent autonomy creates a new attack surface, requiring least-privilege design, runtime guardrails, and continuous red-teaming to stay secure.

The research can be found here:

The Silent Exfiltration: Zero‑Click Agentic AI Hack That Can Leak Your Google Drive with One Email

Learn more about your ad choices. Visit megaphone.fm/adchoices

WhatsAppened to Samsung?

Fri, 12 Sep 2025 20:10:00 -0000

Samsung patches a critical Android zero-day vulnerability. Microsoft resolves a global Exchange Online outage. CISA reaffirms its commitment to the CVE program. California passes a bill requiring web browsers to let users automatically send opt-out signals. Apple issues spyware attack warnings. The FTC opens an investigation into AI chatbots on how they protect children and teens. A hacker convicted of attempting to extort more than 20,000 psychotherapy patients is free on appeal. Our guest is Dave Lewis, Global Advisory CISO at 1Password, discussing how security leaders can protect M&A deal value and integrity. Schools face insider threats from students.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today’s guest is Dave Lewis, Global Advisory CISO at 1Password, discussing how security leaders can protect deal value and integrity.
Selected Reading

Samsung patches actively exploited zero-day reported by WhatsApp (Bleeping Computer)

Microsoft fixes Exchange Online outage affecting users worldwide (Bleeping Computer)

CISA looks to partners to shore up the future of the CVE Program (Help Net Security)

California legislature passes bill forcing web browsers to let consumers automatically opt out of data sharing (The Record)

Apple warns customers targeted in recent spyware attacks (Bleeping Computer)

FTC to AI Companies: Tell Us How You Protect Teens and Kids Who Use AI Companions (CNET)

Defence, Space and Cybersecurity. Why the General Assembly in Frascati matters (Decode39)

DSEI Takeaways: Space and Cyber and the Invisible Front Line (Via Satellite)

Hacker convicted of extorting 20,000 psychotherapy victims walks free during appeal (The Record)

Children hacking their own schools for 'fun', watchdog warns (BBC) - kicker

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Cyber and AI take center stage.

Thu, 11 Sep 2025 20:10:00 -0000

The House passes a defense policy bill that includes new provisions on cybersecurity and artificial intelligence. Senator Wyden accuses Microsoft of “gross cybersecurity negligence” after a 2024 ransomware attack crippled healthcare giant Ascension. The White House shelves plans to split U.S. Cyber Command and the NSA. The Pentagon finalizes its long-awaited Cybersecurity Maturity Model Certification (CMMC 2.0) rule. Akira ransomware group targets SonicWall devices. Officials warn solar-powered highway infrastructure should be checked for hidden radios. The Atlantic Council maps the global spyware market. Researchers uncover serious flaws in Apple’s AirPlay. A European DDoS mitigation provider thwarts a record-breaking attack. My Caveat cohosts Ethan Cook and Ben Yelin unpack the cyber elements of the Big Beautiful Bill. Who fixes the vibe code?

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we have Ethan Cook joining Caveat hosts Dave Bittner and Ben Yelin for this month’s Policy Deep Dive. Together, they unpack HR1, the “Big Beautiful Bill”, and how its investments in technology, supply chain security, and defensive resiliency reflect the Trump administration’s push for long-term technological dominance. If you want to hear the full conversation, head over to Caveat.

Selected Reading

House moves ahead with defense bill that includes AI, cyber provisions (The Record)

FTC should investigate Microsoft after Ascension ransomware attack, senator says (The Record)

Cyber Command, NSA to remain under single leader as officials shelve plan to end 'dual hat' (The Record)

Pentagon Releases Long-Awaited Contractor Cybersecurity Rule (GovInfo Security)

Akira Ransomware Group Utilizing SonicWall Devices for Initial Access (Rapid7)

Exclusive: US warns hidden radios may be embedded in solar-powered highway infrastructure (Reuters)

Mythical Beasts: Diving into the depths of the global spyware market (Atlantic Council)

Remote CarPlay Hack Puts Drivers at Risk of Distraction and Surveillance (SecurityWeek)

DDoS defender targeted in 1.5 Bpps denial-of-service attack (Bleeping Computer)

The Software Engineers Paid to Fix Vibe Coded Messes (404 Media)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

86 reasons to update.

Wed, 10 Sep 2025 20:10:00 -0000

Patch Tuesday. A data leak sheds light on North Korean APT Kimsuky. Apple introduces Memory Integrity Enforcement. Ransomware payments have dropped sharply in the education sector in 2025. A top NCS official warns ICS security lags behind, and a senator calls U.S. cybersecurity a “hellscape”. A Ukrainian national faces federal charges and an $11 million bounty for allegedly running multiple ransomware operations. Our guest is Jake Braun sharing the latest on Project Franklin. WhoFi makes WiFi a new spy.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Jake Braun, longtime DEF CON organizer, former White House official, and lead on DEF CON Franklin, sharing the latest on Project Franklin.

Selected Reading

Two Zero-Days Among Patch Tuesday CVEs This Month (Infosecurity Magazine)

Fortinet, Ivanti, Nvidia Release Security Updates (SecurityWeek)

ICS Patch Tuesday: Rockwell Automation Leads With 8 Security Advisories (SecurityWeek)

SAP 'wins' Patch Tuesday with worse flaws than Microsoft (The Register)

Adobe Patches Critical ColdFusion and Commerce Vulnerabilities (SecurityWeek)

Data leak sheds light on Kimsuky operations (SC Media)

Apple Unveils iPhone Memory Protections to Combat Sophisticated Attacks (SecurityWeek)

Learn about ChillyHell, a modular Mac backdoor (jamf)

Ransomware Payments Plummet in Education Amid Enhanced Resiliency (Infosecurity Magazine)

Critical infrastructure security tech needs to be as good as our smartphones, top NSC cyber official says (CyberScoop)

Sen. King: Cyber domain is a ‘hellscape’ that will be made worse by cuts (The Record)

US indicts alleged ransomware boss tied to $18B in damages (The Register)
Jeremy Clarkson's pub has been 'swindled' out of £27,000 by hackers (Manchester Evening News)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Chalk one up for defenders.

Tue, 09 Sep 2025 20:10:00 -0000

The open source community heads off a major npm supply chain attack. The Treasury Department sanctions cyber scam centers in Myanmar and Cambodia. Scammers abuse iCloud Calendar invites to send callback phishing emails. Researchers discover a new malware variant exploiting exposed Docker APIs. Phishing attacks abuse the Axios user agent and Microsoft’s Direct Send feature. Plex warns users of a data breach. Researchers flag a surge in scans targeting Cisco ASA devices. CISA delays finalizing its incident reporting rule. The GAO says federal cyber workforce figures are incomplete and unreliable. Our guest is Kevin Magee, Global Director of Cybersecurity Startups at Microsoft Security, discussing cybersecurity education going back to school. AI earns its own Darwin awards.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Kevin Magee, Global Director of Cybersecurity Startups at Microsoft Security discussing cybersecurity education going back to school.

Selected Reading

Hackers hijack npm packages with 2 billion weekly downloads in supply chain attack (Bleeping Computer)

Open Source Community Thwarts Massive npm Supply Chain Attack (Infosecurity Magazine)

US sanctions companies behind cyber scam centers in Cambodia, Myanmar (The Record)

New Apple Warning, This iCloud Calendar Invite Is Actually An Attack (Forbes)

New Docker Malware Strain Spotted Blocking Rivals on Exposed APIs (HackRead)

Axios User Agent Helps Automate Phishing on “Unprecedented Scale” (Infosecurity Magazine)

Plex Urges Password Resets Following Data Breach (SecurityWeek)

Surge in networks scans targeting Cisco ASA devices raise concerns (Bleeping Computer)

CISA pushes final cyber incident reporting rule to May 2026 (CyberScoop)

US government lacks clarity into its infosec workforce (The Register)

AI Darwin Awards launch to celebrate spectacularly bad deployments (The Register)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Big tech, bigger fines.

Mon, 08 Sep 2025 20:10:00 -0000

The EU fines Google $3.5 billion over adtech abuses. Cloudflare blocks record-breaking Distributed Denial of Service (DDoS) attacks. The Salesforce-Salesloft breach began months earlier with GitHub access. Researchers say the new TAG-150 cybercriminal group has been active since March. Hackers use stolen secrets to leak more than 6,700 Nx private repositories. Subsea cable outages disrupt internet connectivity across India, Pakistan, and parts of the UAE. Monday Business Breakdown. On our Industry Voices segment Todd Moore, Global Vice President, Data Security at Thales, unpacks the perils of insider risk. Hackers claim Burger King’s security flaws are a real whopper.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

Industry Voices

On our Industry Voices segment, we are joined by ⁠Todd Moore⁠, Global Vice President, Data Security at ⁠Thales⁠, discussing the biggest threat to your data has a badge, a password, and years of goodwill. Check out Todd's full conversation here. You can learn more about monitoring unstructured data at scale and enabling security teams to leverage AI & ML technologies from Thales.

Selected Reading

EU fines Google $3.5 billion for anti-competitive ad practices (Bleeping Computer)

Cloudflare blocks massive 11.5 Tbps DDoS attack (SDxCentral)

Salesloft GitHub Account Compromised Months Before Salesforce Attack (SecurityWeek)

From CastleLoader to CastleRAT: TAG-150 Advances Operations with Multi-Tiered Infrastructure (Recorded Future)

Over 6,700 Private Repositories Made Public in Nx Supply Chain Attack (SecurityWeek)

Red Sea cable cuts disrupt internet across Asia and the Middle East (Reuters)

⁠N2K Pro Business Briefing update⁠ (N2K Networks)

Burger King hacked, attackers 'impressed by the commitment to terrible security practices' — systems described as 'solid as a paper Whopper wrapper in the rain,’ other RBI brands like Tim Hortons and Popeyes also vulnerable (Tom’s Hardware)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Andrew Maloney: Never-ending thirst for knowledge. [COO] [Career Notes]

Sun, 07 Sep 2025 07:00:00 -0000

Please enjoy this encore of Career Notes.

COO and Co-Founder of Query. AI, Andrew Maloney, shares how the building blocks he learned in the military helped him get where he is today. Coming from a blue collar family with a minimal knowledge of computers, Andrew went into computer operations in the Air Force. While deployed to Oman just after the start of the Iraq War, Andrew said he got his break into security. That's where he learned the components that fit together in order to effectively secure an environment. Andrew's words of wisdom: You've got to keep pushing and you've got to believe in yourself and never sell yourself short. We thank Andrew for sharing his story with us.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Don’t trust that app! [Research Saturday]

Sat, 06 Sep 2025 07:00:00 -0000

Today we are joined by Selena Larson, co-host of Only Malware in the Building and Staff Threat Researcher and Lead Intelligence Analysis and Strategy at Proofpoint, sharing their work on "Microsoft OAuth App Impersonation Campaign Leads to MFA Phishing." Proofpoint researchers have identified campaigns where threat actors use fake Microsoft OAuth apps to impersonate services like Adobe, DocuSign, and SharePoint, stealing credentials and bypassing MFA via attacker-in-the-middle phishing kits, mainly Tycoon.

The research can be found here:

⁠Microsoft OAuth App Impersonation Campaign Leads to MFA Phishing

Learn more about your ad choices. Visit megaphone.fm/adchoices

Wheels left spinning after cyber incident.

Fri, 05 Sep 2025 20:10:00 -0000

A cyberattack disrupts Bridgestone’s manufacturing operations. CISA warns of critical vulnerabilities in products used across multiple sectors. Additional cybersecurity firms confirm data exposure in the recent Salesforce–Salesloft Drift attack. A configuration vulnerability in Sitecore products leads to remote code execution. HHS promises stricter enforcement of healthcare information access rules. Texas sues an education software provider over a December 2024 data breach. A federal jury orders Google to pay $425 million over improperly collected user data. Nations unite for global guidance on SBOMs. On our Industry Voices segment, we are joined by Aron Anderson, Enterprise Security Manager of Adobe, on embracing the journey to zero trust. Chess.com gets caught in a tricky gambit.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

Industry Voices

On our Industry Voices segment we are joined by Aron Anderson, Enterprise Security Manager of Adobe, as he is talking about embracing the journey to zero trust. If you want to hear the full conversation from Aron, you can check it out here.

Selected Reading

Tire giant Bridgestone confirms cyberattack impacts manufacturing (Bleeping Computer)

CISA issues ICS advisories on hardware flaws in Honeywell, Mitsubishi Electric, Delta Electronics, rail communication protocols (Industrial Cyber)

More Cybersecurity Firms Hit by Salesforce-Salesloft Drift Breach (SecurityWeek)

Unknown miscreants snooping around Sitecore via sample keys (The Register)

HHS Says It's 'Cracking Down' on Health Information Blocking (BankInfo Security)

Texas sues PowerSchool over breach exposing 62M students, 880k Texans (Bleeping Computer)

Google hit with $425 million verdict in privacy class action suit (The Record)

US and 14 Allies Release Joint Guidance on Software Bill of Materials (Infosecurity Magazine)

Chess.com says 4,500 people had data stolen during June breach (The Record)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

China’s cyberstorm goes global.

Thu, 04 Sep 2025 20:10:00 -0000

Salt Typhoon marks China’s most ambitious campaign yet. A major Google outage hit Southeastern Europe. A critical zero-day flaw in FreePBX gets patched. Scattered Lapsus$ Hunters claim the Jaguar Land Rover hack. Researchers uncover a major evolution in the XWorm backdoor campaign. GhostRedirector is a new China-aligned threat actor. CISA adds a pair of TP-Link router flaws to its Known Exploited Vulnerabilities (KEV) catalog. The feds put a $10 million bounty on three Russian FSB officers. Experts warn sweeping cuts to ODNI could cripple U.S. cyber defense. Our guest is Rick Kaun, Global Director of Cybersecurity Services at Rockwell Automation, discussing IT/OT convergence in securing critical water and wastewater systems. Google says rumors of Gmail’s breach are greatly exaggerated.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest

Today our guest is Rick Kaun, Global Director of Cybersecurity Services at Rockwell Automation, who is talking about "IT/OT Convergence for Critical Water & Wastewater Security."

Selected Reading

‘Unrestrained’ Chinese Cyberattackers May Have Stolen Data From Almost Every American (The New York Times)

Google Down in Eastern Europe (UPDATED) (Novinite Sofia News Agency)

Sangoma Patches Critical Zero-Day Exploited to Hack FreePBX Servers (SecurityWeek)

M&S hackers claim to be behind Jaguar Land Rover cyber attack (BBC)

XWorm’s Evolving Infection Chain: From Predictable to Deceptive (Trellix)

GhostRedirector poisons Windows servers: Backdoors with a side of Potatoes (welivesecurity by ESET)

CISA Flags TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 as Actively Exploited (The Cyber Security News)

US offers $10 million bounty for info on Russian FSB hackers (Bleeping Computer)

Cutting Cyber Intelligence Undermines National Security (FDD)

No, Google did not warn 2.5 billion Gmail users to reset passwords (Bleeping Computer)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Ransomware in the rearview.

Wed, 03 Sep 2025 20:10:00 -0000

Jaguar Land Rover suffers a major cyberattack. ICE gains access to a powerful spyware tool. Researchers find Fancy Bear snuffling around a new Outlook backdoor. Cloudflare and Palo Alto Networks confirm compromised Salesforce data. A researcher discovers an unsecured Navy Federal Credit Union (NFCU) server. A new ClickFix scam spreads MetaStealer malware. Specialty healthcare providers struggle to protect sensitive patient data. CISA appoints a new Executive Assistant Director for Cybersecurity. On Afternoon Cyber Tea, Ann Johnson and Harvard’s Amy Edmondson discuss how psychological safety helps cybersecurity teams speak up, spot risks, and learn from failure. Our guest today is Tim Starks from CyberScoop discussing China’s reliance on domestic firms for hacking. Hackers threaten to feed stolen art to the machines.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

Afternoon Cyber Tea

On our Afternoon Cyber Tea segment, host Ann Johnson is joined by Amy Edmondson⁠, Harvard Business School professor and psychological safety pioneer. Together they discuss how creating psychologically safe environments allows teams, especially in high-pressure fields like cybersecurity, to speak up about early warnings, embrace the red, and learn from failure. You can listen to Ann and Amy's full conversation here and don't miss new episodes of Afternoon Cyber Tea every other Tuesday on your favorite podcast app.

CyberWire Guest

Our guest today is Tim Starks from CyberScoop discussing Top FBI official says Chinese reliance on domestic firms for hacking is a weakness.

Selected Reading

Jaguar Land Rover Operations ‘Severely Disrupted’ by Cyberattack (Security Week)

Ice obtains access to Israeli-made spyware that can hack phones and encrypted apps (The Guardian)

Russian APT28 Expands Arsenal with 'NotDoor' Outlook Backdoor (Infosecurity Magazine)

Cloudflare and Palo Alto Networks Victimized in Salesloft Drift Breach (Infosecurity Magazine)

Misconfigured Server Leaks 378GB of Navy Federal Credit Union Files (Hack Read)

Fake AnyDesk Installer Spreads MetaStealer Through ClickFix Scam (Hack Read)

Hacks on Specialty Health Entities Affect Nearly 900,000 (Bank Infosecurity)

Python-based infostealer ‘Inf0s3c’ combines stealth with broad data theft (SC Media)

CISA Names Nicholas Andersen as Executive Assistant Director for Cybersecurity (The Cyber Express)

Hackers Threaten to Submit Artists' Data to AI Models If Art Site Doesn't Pay Up (404 Media)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Blizzard warning: Amazon freezes midnight hack.

Tue, 02 Sep 2025 20:10:00 -0000

Researchers disrupt a cyber campaign by Russia’s Midnight Blizzard. The Salesloft Drift breach continues to ripple outward. WhatsApp patches a critical flaw in its iOS and Mac apps. A fake PDF editing tool delivers the TamperChef infostealer. A hacker finds crash data Tesla claimed not to have. Spain cancels a €10 million contract with Huawei. A fraudster bilks Baltimore for over $1.5 million. We’ve got a breakdown of the latest Business news. In our Threat Vector segment, ⁠Michael Sikorski⁠ and guest ⁠Thomas P. Bossert explore the path from policy and national security strategy to building operational cyber defense. We preview our spicy new episode of Only Malware in the Building.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
Threat Vector Segment

In our Threat Vector segment, host David Moulton hands the mic over to ⁠Michael Sikorski⁠ and guest ⁠Thomas P. Bossert⁠, President of Trinity Cyber and former Homeland Security Advisor. They explore the path from policy and national security strategy to building operational cyber defense. Listen to the full conversation here and find new episodes of⁠ Threat Vector⁠ each Thursday on the N2K CyberWire network and in your favorite podcast app.
CyberWire Guest

Today, our podcast producer Liz Stokes speaks with N2K Director of Enterprise Content Strategy Ma'ayan Plaut about our spicy new episode of Only Malware in the Building. You can find the audio version of Only Malware episode here, but we recommend you view the episode for added enjoyment!

Selected Reading

Amazon disrupts Russian APT29 hackers targeting Microsoft 365 (Bleeping Computer)

The Ongoing Fallout from a Breach at AI Chatbot Maker Salesloft (Krebs on Security)

Zscaler swiftly mitigates a security incident impacting Salesloft Drift (Zscaler)

WhatsApp fixes 'zero-click' bug used to hack Apple users with spyware (TechCrunch)

TamperedChef infostealer delivered through fraudulent PDF Editor (Bleeping Computer)

Heimdal Investigation: European Organizations Hit by PDF Editor Malware Campaign (Heimdal Security)

Tesla said it didn’t have critical data in a fatal crash. Then a hacker found it. (The Washington Post)

Spanish government cancels €10m contract using Huawei equipment (The Record)

Scammer steals $1.5 million from Baltimore by spoofing city vendor (The Record)

N2K Pro Business Briefing update (N2K Networks)
Taco Bell rethinks AI drive-through after man orders 18,000 waters (BBC)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Hot sauce and hot takes: An Only Malware in the Building special. [OMITB]

Tue, 02 Sep 2025 07:00:00 -0000

Welcome in! You’ve entered, Only Malware in the Building — but this time, it’s not just another episode. This is a special edition you won’t want to miss.

For the first time, our hosts are together in-studio — and they’re turning up the heat. Literally. Join ⁠⁠⁠⁠⁠⁠Selena Larson⁠⁠⁠⁠⁠⁠, ⁠⁠⁠⁠⁠⁠Proofpoint⁠⁠⁠⁠⁠⁠ intelligence analyst and host of their podcast ⁠⁠⁠⁠⁠⁠DISCARDED⁠, along with ⁠⁠⁠⁠⁠⁠N2K Networks⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠⁠ and ⁠⁠⁠⁠⁠Keith Mularski⁠⁠⁠⁠⁠, former FBI cybercrime investigator and now Chief Global Ambassador at ⁠⁠⁠⁠⁠Qintel⁠⁠⁠⁠⁠⁠⁠⁠⁠, as they take on a fiery hot wings challenge while answering personal questions about themselves, their careers, and the stories that shaped them. Think you’ve seen them tackle malware mysteries before? Wait until you see them sweat.

This one’s too good for audio alone — you’ll want to watch the full ⁠video⁠ edition to catch every spicy reaction, every laugh, and maybe even a few tears.

So grab your milk, get ready to feel the burn, and come join us for this special hot take on Only Malware in the Building.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Live from Black Hat: Ransomware, Responsible Disclosure, and the Rise of AI [Microsoft Threat Intelligence Podcast]

Mon, 01 Sep 2025 07:05:00 -0000

While our team is observing the Labor Day holiday in the US, we hope you will enjoy this episode of The Microsoft Threat Intelligence Podcast . New episodes airs on the N2K CyberWIre network every other Wednesday.

In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo is live from Black Hat 2025 with a special lineup of Microsoft security leaders and researchers.

First, Sherrod sits down with Tom Gallagher, VP of Engineering and head of the Microsoft Security Response Center (MSRC). Tom shares how his team works with researchers worldwide, why responsible disclosure matters, and how programs like Zero Day Quest (ZDQ) are shaping the future of vulnerability research in cloud and AI security. He also announced the next iteration of ZTQ with $5 million up for grabs.

Next, Sherrod is joined by Eric Baller (Senior Security Researcher) and Eric Olson (Principal Security Researcher) to unpack the fast-changing ransomware landscape. From dwell time collapsing from weeks to minutes, to the growing role of access brokers, they explore how attackers operate as organized ecosystems and how defenders can respond.

Finally, Sherrod welcomes Travis Schack (Principal Security Researcher) alongside Eric Olson to examine the mechanics of social engineering. They discuss how attackers exploit urgency, trust, and human curiosity, why AI is supercharging phishing campaigns, and how defenders can fight back with both training and technology.

In this episode you’ll learn:

How MSRC partners with researchers across 59 countries to protect customers
Why Zero Day Quest is accelerating vulnerability discovery in cloud and AI
How ransomware dwell times have shrunk from days to under an hour

Resources:

Related Microsoft Podcasts:

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Get the latest threat intelligence insights and guidance at Microsoft Security Insider

The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.

Learn more about your ad choices. Visit megaphone.fm/adchoices

The labor behind the labor. [Special Edition]

Mon, 01 Sep 2025 07:00:00 -0000

This Labor Day, we’re celebrating more than just a holiday. Join us in celebrating not just the work, but the people who make it possible — the labor behind the labor.We’re honoring the people who bring their creativity, dedication, and passion to every corner of N2K. The work you hear, read, and see from us doesn’t happen by accident. It’s the result of talented colleagues who pour themselves into their craft, often in ways that don’t always get the spotlight. From shaping sound and refining scripts to building certification content and producing video, their labor is the heartbeat of what we do.In this special edition, host Ma’ayan Plaut introduces you to some of the voices behind the scenes: Elliott, whose audio artistry makes every show sing; Ethan, whose sharp analysis bridges policy and practice; Alice, whose storytelling brings energy and curiosity to the space industry; George and Ann, who create and refine the certification content that keeps us at the forefront of technology; and Sarelle, whose video production brings our stories to life. Together, they embody the care and creativity that define N2K.And if you’d like to see the labor behind the labor, we’ve also put together a ⁠⁠video⁠⁠ companion to this project — giving you another way to meet the team and experience their work in action. Be sure to check it out!

Learn more about your ad choices. Visit megaphone.fm/adchoices

Marina Ciavatta: Going after the human error. [Social engineer] [Career Notes]

Sun, 31 Aug 2025 07:00:00 -0000

Please enjoy this encore of Career Notes.

Social engineer and CEO of Hekate, Marina Ciavatta, shares her story of how people think her job is a la Mission Impossible coming from the ceiling with a rope and stealing stuff in the dead of the night. Marina does physical pentesting. Starting with an unused degree in journalism, Marina turned her talent for writing into a job as a content producer for a technology company and this appealed to her self-proclaimed nerdism. She fell in love with hacking and got into pentesting thanks to a friend. Marina recommends those interested in physical pentesting "try to find other social engineers to mingle. It's in the name. We are social creatures." We thank Marina for sharing her story with us.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Cracks in the wall. [Research Saturday]

Sat, 30 Aug 2025 07:00:00 -0000

This week, we are joined by Jamie Levy, Director of Adversary Tactics at Huntress, who is discussing their work on "Active Exploitation of SonicWall VPNs." Huntress has released an urgent threat advisory on active exploitation of SonicWall VPNs, with attackers bypassing MFA, pivoting to domain controllers, and ultimately deploying Akira ransomware. The campaigns involve techniques such as disabling defenses, clearing logs, credential theft, and Bring Your Own Vulnerable Driver (BYOVD) attacks with legitimate Windows drivers.

Organizations using SonicWall devices are strongly advised to disable SSL VPN access or restrict it via IP allow-listing, rotate credentials, and hunt for indicators of compromise as this remains an ongoing and evolving threat.

Complete our annual ⁠⁠⁠⁠⁠audience survey⁠⁠⁠⁠⁠ before August 31.

The research can be found here:

Huntress Threat Advisory: Active Exploitation of SonicWall VPNs

Learn more about your ad choices. Visit megaphone.fm/adchoices

Ransomware sick day.

Fri, 29 Aug 2025 20:10:00 -0000

A suspected ransomware attack disrupts hundreds of Swedish municipalities. Google warns Gmail users of emerging cyberattacks tied to the ShinyHunters group. A malicious supply chain attack hits the npm registry. Senators press AFLAC for answers following a data breach. Law enforcement takedowns splinter the ransomware ecosystem. The FBI and Dutch police take down a major online fakeID marketplace. Florida proposes requiring healthcare providers to strengthen data breach preparedness and reporting. Our guest is Kathleen Peters, Chief Innovation Officer at Experian North America, explaining why AI is both accelerating and mitigating fraud. An affiliate army pushes fake casinos worldwide.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Kathleen Peters, Chief Innovation Officer at Experian North America, who is sharing the AI paradox: why AI is both accelerating and mitigating fraud. You can learn more in Experian’s U.S. Identity & Fraud Report.

Selected Reading

Hundreds of Swedish municipalities impacted by suspected ransomware attack on IT supplier (The Record)

Google issues emergency warning for all Gmail users (Geekspin)

TransUnion Data Breach Impacts 4.4 Million (Security Week)

Npm Package Hijacked to Steal Data and Crypto via AI-Powered Malware (Infosecurity Magazine)

US Senators Call for Details of Aflac Data Breach (Bank Infosecurity)

Ransomware gang takedowns causing explosion of new, smaller groups (The Record)

FBI, Dutch cops seize fake ID marketplace, servers (The Register)

Florida Considers Rule to Improve Healthcare Data Breach Transparency (The HIPPA Journal)

Affiliates Flock to ‘Soulless’ Scam Gambling Machine (Krebs on Security)

Audience Survey

Complete our annual audience survey before August 31.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Listening in on the listeners.

Thu, 28 Aug 2025 05:00:00 -0000

The FBI shares revelations on Salt Typhoon’s reach. Former NSA and FBI directors sound alarm on infrastructure cybersecurity gaps. Google is launching a new cyber “disruption unit”. A new report highlights cyber risks to the maritime industry. A Pennsylvania healthcare provider suffers a data breach affecting over six hundred thousand individuals. Citrix patches a critical vulnerability under active exploitation. The U.S. sanctions a North Korean-linked fraud network. Ransomware is rapidly evolving with generative AI. Our guest is Brandon Karpf, speaking with T-Minus host Maria Varmazis connecting three seemingly disparate stories. Who needs a tutor when you’ve got root access?

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Our guest today is Brandon Karpf, friend of the show, founder of T-Minus Space Daily, and cybersecurity expert talking with T-Minus host Maria Varmazis. Brandon decided to do a stump the host play for this month's space and cybersecurity segment.

Selected Reading

Chinese Spies Hit More Than 80 Countries in ‘Salt Typhoon’ Breach, FBI Reveals (WSJ)

NSA and Others Provide Guidance to Counter China State-Sponsored Actors Targeting Critical Infrastructure Organizations (NSA)

Critical Infrastructure Leaders and Former National Security Officials Address Escalating Cyber Threats at Exclusive GCIS Security Briefing (Business Wire)

Google previews cyber ‘disruption unit’ as U.S. government, industry weigh going heavier on offense (CyberScoop)

Maritime cybersecurity is the iceberg no one sees coming (Help Net Security)

Healthcare Services Group reports data breach exposing information of over 624 K individuals (Beyond Machines)

Over 28,000 Citrix devices vulnerable to new exploited RCE flaw (Bleeping Computer)

US sanctions fraud network used by North Korean 'remote IT workers' to seek jobs and steal money (TechCrunch)

The Era of AI-Generated Ransomware Has Arrived (WIRED)

Spanish police arrest student suspected of hacking school system to change grades (The Record)

Audience Survey

Complete our annual audience survey before August 31.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Whistle-blown and wide open.

Wed, 27 Aug 2025 20:10:00 -0000

A whistle-blower claims DOGE uploaded a sensitive Social Security database to a vulnerable cloud server. Allies push back against North Korean IT scams. ZipLine is a sophisticated phishing campaign targeting U.S.-based manufacturing. Researchers uncover a residential proxy network operating across at least 20 U.S. states. Flock Safety license plate readers face increased scrutiny. A new report chronicles DDoS through the first half of the year. LLM guard rails fail to defend against run-on sentences. A South American APT targets the Colombian government. Our guest is Harry Thomas, Founder and CTO at Frenos, on the benefits of curated and vetted AI training data. One man’s fight against phantom jobs posts.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Our guest today is Harry Thomas, Founder and CTO at Frenos, talking about the benefits of curated and vetted AI training data. Learn more about the Frenos and N2K Networks partnership to utilize industry validated intelligence to build the first AI native OT security posture management platform.

Selected Reading

DOGE Put Critical Social Security Data at Risk, Whistle-Blower Says (The New York Times)

Governments, tech companies meet in Tokyo to share tips on fighting North Korea IT worker scheme (The Record)

ZipLine Campaign: A Sophisticated Phishing Attack Targeting US Companies (Check Point Research)

Phishing Campaign Targeting Companies via UpCrypter (FortiGuard Labs)

Belarus-Linked DSLRoot Proxy Network Deploys Hardware in U.S. Residences, Including Military Homes (Infrawatch)

CBP Had Access to More than 80,000 Flock AI Cameras Nationwide (404 Media)

Evanston shuts down license plate cameras, terminates contract with Flock Safety (Evanston Round Table)

Global DDoS attacks exceed 8M amid geopolitical tensions (Telecoms Tech News)

One long sentence is all it takes to make LLMs misbehave (The Register)

TAG-144’s Persistent Grip on South American Organizations (Recorded Future)

This tech worker was frustrated with ghost job ads. Now he’s working to pass a national law banning them (CNBC)

Audience Survey

Complete our annual audience survey before August 31.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Rolling the dice on cybersecurity.

Tue, 26 Aug 2025 20:10:00 -0000

A cyberattack disrupts state systems in Nevada. A China-linked threat actor targets Southeast Asian diplomats. A new attack method hides malicious prompts inside images processed by AI systems.Experts ponder preventing AI agents from going rogue. A new study finds AI is hitting entry-level jobs hardest. Michigan’s Supreme Court upholds limits on cell phone searches. Sen. Wyden accuses the judiciary of cyber negligence. CISA issues an urgent alert on a critical Git vulnerability. Hackers target Maryland’s transit services for the disabled. Our guest is Cristian Rodriguez, Field CTO for the Americas from CrowdStrike, examining the escalating three-front war in AI. A neighborhood crime reporting app gets algorithmically sketchy.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Cristian Rodriguez, Field CTO, Americas from CrowdStrike, as he is examining the escalating three-front war in AI.

Selected Reading

Cybercrime Government Leadership News News Briefs Recorded Future Nevada state websites, phone lines knocked offline by cyberattack (The Record)

Chinese UNC6384 Hackers Use Valid Code-Signing Certificates to Evade Detection (GB Hackers)

New AI attack hides data-theft prompts in downscaled images (Bleeping Computer)

How to stop AI agents going rogue (BBC)

AI Makes It Harder for Entry-Level Coders to Find Jobs, Study Says (Bloomberg)

Fourth Amendment Victory: Michigan Supreme Court Reins in Digital Device Fishing Expeditions (Electronic Frontier Foundation)

Wyden calls for probe of federal judiciary data breaches, accusing it of ‘negligence’ (The Record)

CISA Alerts on Git Arbitrary File Write Flaw Actively Exploited (GB Hackers)

Maryland investigating cyberattack impacting transit service for disabled people (The Record)

Citizen Is Using AI to Generate Crime Alerts With No Human Review. It’s Making a Lot of Mistakes (404 Media)

Audience Survey

Complete our annual audience survey before August 31.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

A farmers market of stolen data.

Mon, 25 Aug 2025 20:10:00 -0000

Farmers Insurance discloses a data breach affecting over a million people. Agentic AI tools fall for common scams. A new bill in Congress looks to revive letters of marque for the digital age. Cybercriminals target macOS users with the Shamos infostealer. New Android spyware masquerades as antivirus to target Russian business executives. CISA seeks public comments on SBOM updates. A major third party electronics manufacturer reports a ransomware attack. Salesforce patches multiple vulnerabilities in its Tableau products. Over 370,000 user Grok conversations were accidentally indexed by Google. Ben Yelin examines the UK’s decision to drop digital backdoor requirements. WIRED gets duped by an AI author.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Ben Yelin from University of Maryland Center for Cyber Health and Hazard Strategies joins to discuss the U.K. dropping ‘back door’ demand for Apple user data. Read the article Ben discusses. If you enjoyed this conversation and want to hear more from Ben, check out our Caveat podcast here.

Selected Reading

Farmers Insurance Data Breach Impacts Over 1 Million People (SecurityWeek)

"Scamlexity": When Agentic AI Browsers Get Scammed (Guardio)

Bill would give hackers letters of marque against US enemies (The Register)

Fake macOS help sites push Shamos infostealer via ClickFix technique (Help Net Security)

New Android malware poses as antivirus from Russian intelligence agency (Bleeping Computer)

CISA Requests Public Feedback on Updated SBOM Guidance (SecurityWeek)

Electronics manufacturer Data I/O reports ransomware attack to SEC (The Record)

Salesforce patches multiple flaws in Tableau Server, at least one critical (Beyond Machines)

370,000 Grok AI chats leaked after being indexed on Google (Cyber Daily)

How WIRED Got Rolled by an AI Freelancer (WIRED)

Audience Survey

Complete our annual audience survey before August 31.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Julian Waits: Find a way to help society. [Serial Entrepreneur] [Career Notes]

Sun, 24 Aug 2025 07:00:00 -0000

Please enjoy this encore of Career Notes.

Senior Vice President and Executive in Residence with Rapid7 and Chairman for Cyversity, Julian Waits, grew up in the era of the Justice League and Superman and it shaped his career. Julian always wanted to do something where he could find a way to help society to basically help others. Starting out as a Baptist minister with aspirations of being a professional musician, Julian found it more practical to take some technology classes and practice his saxophone when he had time. His first tech job was at Texaco where he worked on early networks and moved into systems engineering at Compaq. Julian notes his ADD made coding less attractive than talking with others to solve problems and Compaq provided him with opportunities to pivot. Searching out diversity, Julian moved to DC, and had his first taste of startups. He now describes himself as a serial entrepreneur. We thank Julian for sharing his story with us.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Beyond the smoke screen. [Research Saturday]

Sat, 23 Aug 2025 07:00:00 -0000

This week, we are joined by Dr. Renée Burton, VP of Infoblox Threat Intel, who is discussing their work on VexTrio, a notorious traffic distribution system (TDS) involved in digital fraud. The VexTrio investigation uncovers a massive global ad fraud and scam operation powered by just 250 virtual machines, tying it directly to named individuals and shell companies across Europe.

The research exposes VexTrio’s full criminal supply chain—including fake apps, dating scams, affiliate networks, and payment processors—alongside a powerful CDN infrastructure ranked among the world’s top 10k domains. It also calls on the adtech industry to take accountability for enabling and sustaining such widespread abuse.

Complete our annual ⁠⁠⁠⁠audience survey⁠⁠⁠⁠ before August 31.

The research can be found here:

⁠VexTrio’s Origin Story : From Spam to Scam to Adtech

Learn more about your ad choices. Visit megaphone.fm/adchoices

A free speech showdown.

Fri, 22 Aug 2025 20:10:00 -0000

The FTC warns one country’s “online safety” may be another’s “censorship.” A new bipartisan bill aims to reduce barriers to federal cyber jobs. MURKY PANDA targets government, technology, academia, legal, and professional services in North America. MITRE updates their hardware weaknesses list. Customs and Border Protection conducts a record number of device searches at U.S. borders. A recent hoax exposes weaknesses in the cybersecurity community’s verification methods. A Houston man gets four years in prison for sabotaging his employer’s computer systems. A Florida-based provider of sleep apnea equipment suffers a data breach. Interpol dismantles a vast cybercriminal network spanning Africa. Brandon Karpf shares his experience with fake North Korean job applicants. Being a smooth-talking English speaker can land you a gig in the cybercrime underworld.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Brandon Karpf, friend of the show discussing his experience with fake North Korean job applicants. You can also hear more from Brandon on our show T-Minus Daily, where he’s a regular guest on a monthly space segment—catch his latest episode this Monday!

Selected Reading

US warns tech companies against complying with European and British ‘censorship’ laws (The Record)

House lawmakers take aim at education requirements for federal cyber jobs (CyberScoop)

MURKY PANDA: Trusted-Relationship Cloud Threat (CrowdStrike)

MITRE Updates List of Most Common Hardware Weaknesses (SecurityWeek)

Phone Searches at the US Border Hit a Record High (WIRED)

The Cybersecurity Community's Wake-Up Call: A Fake Reward and Its Lessons (The DefendOps Diaries)

Chinese national who sabotaged Ohio company’s systems handed four-year jail stint (The Record)

CPAP Medical Data Breach Impacts 90,000 People (SecurityWeek)

Interpol-Led African Cybercrime Crackdown Leads to 1209 Arrests (Infosecurity Magazine)

'Impersonation as a service' next big thing in cybercrime (The Register)

Audience Survey

Complete our annual audience survey before August 31.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Behind the lock lies a flaw.

Thu, 21 Aug 2025 20:10:00 -0000

Zero-day clickjacking flaws affect major password managers. The FBI warns that Russian state-backed hackers are exploiting a long-known Cisco flaw. Apple releases emergency patches for a zero-day flaw in the Image I/O framework. Home Depot faces a proposed class action lawsuit accusing it of secretly using facial recognition at self-checkout kiosks. A VPN browser extension has been exposed for secretly spying on users. Browser fingerprinting overtakes cookies as the dominant method of online tracking. Agentic AI browsers prove easily scammed. A Scattered Spider member earns 10 years in federal prison. Ron Zayas, CEO of Ironwall by Incogni, to discuss the massive data sharing and privacy risks in the leading Buy Now Pay Later apps. An Australian bank’s AI cutbacks are put on permanent hold.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Ron Zayas, CEO of Ironwall by Incogni, to discuss the massive data sharing and privacy risks in the leading Buy Now Pay Later apps. Tune in to hear the full conversation on Caveat.

Selected Reading

Researcher Exposes Zero-Day Clickjacking Vulnerabilities in Major Password Managers (Socket)

FBI warns of Russian hackers exploiting 7-year-old Cisco flaw (Bleeping Computer)

Apple fixes new zero-day flaw exploited in targeted attacks (Bleeping Computer)

Home Depot Sued for 'Secretly' Using Facial Recognition Technology on Self-Checkout Cameras (PetaPixel)

SpyVPN: The Google-Featured VPN That Secretly Captures Your Screen (Koi Blog)

Beyond cookies: browser fingerprinting in 2025 (PITG Network)

"Scamlexity": When Agentic AI Browsers Get Scammed (Guardio)

SIM-Swapper, Scattered Spider Hacker Gets 10 Years (Krebs on Security)

Commonwealth Bank backtracks on AI job cuts, apologises for 'error' as call volumes rise (ABC News)

Audience Survey

Complete our annual audience survey before August 31.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Undoing the undo bug.

Wed, 20 Aug 2025 20:10:00 -0000

Microsoft releases emergency out-of-band (OOB) Windows updates. Trump targets NSA’s leading AI and cyber expert in clearance revocations. A breach may have compromised the privacy of Ohio medical marijuana patients. Cybercriminals exploit an AI website builder to rapidly create phishing sites. Warlock ransomware operators target Microsoft’s SharePoint ToolShell vulnerability. Google and Mozilla patch Chrome and Firefox. European officials report two cyber incidents targeting water infrastructure. A federal appeals court has upheld fines against T-Mobile and Sprint for illegally selling customer location data. Authorities dismantle DDoS powerhouse Rapper Bot. On our Industry Voices segment, we are joined by Matt Radolec, VP - Incident Response, Cloud Operations, and Sales Engineering at Varonis, speaking about ShinyHunters and the problems with securing Salesforce. Microsoft Copilot gets creative with compliance.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On our Industry Voices segment, we are joined by Matt Radolec, VP - Incident Response, Cloud Operations, and Sales Engineering at Varonis, who is speaking about ShinyHunters and the problems with securing Salesforce. You can hear more from Matt here.

Selected Reading

Microsoft releases emergency updates to fix Windows recovery (Bleeping Computer)

Trump Revokes Security Clearances of 37 Former and Current Officials (The New York Times)

Highly Sensitive Medical Cannabis Patient Data Exposed by Unsecured Database (WIRED)

AI Website Builder Lovable Abused for Phishing and Malware Scams (Hackread)

Warlock Ransomware Hitting Victims Globally Through SharePoint ToolShell Exploit (InfoSecurity Magazine)

High-Severity Vulnerabilities Patched in Chrome, Firefox (SecurityWeek)

Russia-linked European attacks renew concerns over water cybersecurity (CSO Online)

T-Mobile claimed selling location data without consent is legal, judges disagree (Ars Technica)

Officials gain control of Rapper Bot DDoS botnet, charge lead developer and administrator (CyberScoop)

Copilot Broke Your Audit Log, but Microsoft Won’t Tell You (Pistachio Blog)

Audience Survey

Complete our annual audience survey before August 31.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Inside Intel’s internal web maze.

Tue, 19 Aug 2025 20:10:00 -0000

A researcher uncovers vulnerabilities across Intel’s internal websites that exposed sensitive employee and supplier data. The Kimsuky group (APT43) targets South Korean diplomatic missions. A new DDoS vulnerability bypasses the 2023 “Rapid Reset” fix. Drug development firm Inotiv reports a ransomware attack to the SEC. The UK drops their demand that Apple provide access to encrypted iCloud accounts. Hackers disguise the PipeMagic backdoor as a fake ChatGPT desktop app. The source code for a powerful Android banking trojan was leaked online. A Nebraska man is sentenced to prison for defrauding cloud providers to mine nearly $1 million in cryptocurrency. On this week’s Threat Vector, David Moulton speaks with Liz Pinder and Patrick Bayle for a no holds barred look at context switching in the SOC. A UK police force fails to call for backup.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

Threat Vector

Security analysts are drowning in tools, alerts, and tabs. On today's Threat Vector segment from Palo Alto Networks, we offer a snapshot from host⁠ David Moulton⁠'s conversation with⁠ Liz Pinder⁠ and⁠ Patrick Bayle⁠⁠. Together they take a no holds barred look at context switching in the SOC, what it costs, why it's getting worse, and how smarter design can fix it. You can listen to David, Patrick, and Liz's conversation⁠ here⁠. It’s a must-listen for anyone building or managing a modern SOC. New episodes of⁠ Threat Vector⁠ drop each Thursday on the N2K CyberWire network and in your favorite podcast app.

Selected Reading

Intel data breach: employee data could be accessed via API (Techzine Global)

North Korean Kimsuky Hackers Use GitHub to Target Foreign Embassies with XenoRAT Malware (GB Hackers)

Internet-wide Vulnerability Enables Giant DDoS Attacks (Dark Reading)

Drug development company Inotiv reports ransomware attack to SEC (The Record)

UK ‘agrees to drop’ demand over Apple iCloud encryption, US intelligence head claims (The Record)

Ransomware gang masking PipeMagic backdoor as ChatGPT desktop app: Microsoft (The Record)

ERMAC Android malware source code leak exposes banking trojan infrastructure (Bleeping Computer)

Nebraska man gets 1 year in prison for $3.5M cryptojacking scheme (Bleeping Computer)

South Yorkshire Police Deletes 96,000 Pieces of Digital Evidence (Infosecurity Magazine)

Audience Survey

Complete our annual audience survey before August 31.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Workday’s bad day.

Mon, 18 Aug 2025 20:10:00 -0000

HR software giant Workday discloses a data breach. Researchers uncover a zero-day in Elastic’s EDR software. Ghost-tapping is an emerging fraud technique where cybercriminals use NFC relay attacks to exploit stolen payment card data. Germany may be on a path to ban ad blockers. A security researcher documents multiple serious flaws in McDonald’s systems. There’s a new open-source framework for testing 5G security flaws. New York’s Attorney General sues the banks behind Zelle over fraud allegations. The DOJ charges the alleged Zeppelin ransomware operator and seizes over $2.8 million in cryptocurrency. Tim Starks from CyberScoop discusses the overlooked changes that two Trump executive orders could bring to cybersecurity. Bots build their own echo chambers.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest

Today we have Tim Starks from CyberScoop discussing the overlooked changes that two Trump executive orders could bring to cybersecurity.

Selected Reading

HR giant Workday discloses data breach after Salesforce attack (Bleeping Computer)

Researchers report zero-day vulnerability in Elastic Endpoint Detection and Respons Driver that enables system compromise (Beyond Machines)

Ghost-Tapping and the Chinese Cybercriminal Retail Fraud Ecosystem (Recorded Future)

Is Germany on the Brink of Banning Ad Blockers? User Freedom, Privacy, and Security Is At Risk. (Open Policy & Advocacy)

How I Hacked McDonald's (Their Security Contact Was Harder to Find Than Their Secret Sauce Recipe) (bobdahacker)

Boffins say tool can sniff 5G traffic, launch 'attacks' without using rogue base stations (The Register)

New York claims Zelle’s shoddy security enabled a billion dollars in scams (The Verge)

US Seizes $2.8 Million From Zeppelin Ransomware Operator (SecurityWeek)

Researchers Made a Social Media Platform Where Every User Was AI. The Bots Ended Up at War (Gizmodo)

Audience Survey

Complete our annual audience survey before August 31.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Strengthening product security through ethical hacker collaboration. [CyberWire-X]

Sun, 17 Aug 2025 05:00:00 -0000

Bug bounty programs have become a critical bridge between businesses and ethical hackers, but what does it take to make that relationship thrive? In this episode, Ani Turner, Senior Security Engineer and bug bounty program lead at Adobe, and Jasmin Landry, a seasoned ethical hacker and top-performing researcher on Adobe’s program, dive into the goals, benefits, and hidden challenges of running and contributing to a bug bounty program.

From the motivations that drive hackers and businesses, to the misconceptions that persist in the space, this conversation explores what really makes a bug bounty program successful — and how trust, communication, and shared purpose can lead to stronger security outcomes.

Resources:

Learn more about Adobe’s bug bounty program: https://www.adobe.com/trust/security/bug-bounty.html
Submit a report to Adobe: https://hackerone.com/adobe?type=team

Learn more about your ad choices. Visit megaphone.fm/adchoices

Dr. Rois Ni Thuama: Get into the game. [Cyber governance] [Career Notes]

Sat, 16 Aug 2025 07:00:00 -0000

Please enjoy this encore of Career Notes.

Head of Cyber Governance with Red Sift, Dr. Rois Ni Thuama shares the circuitous route of her career into cyber governance. She notes the route "looks really clean, but actually it was a bit more Jeremy Bearimy." While at Trinity College, Rois was moved to be part of history unfolding in South Africa and pause her studies. While there, she began making music videos and wildlife documentaries. Upon her return to London, Rois started working in corporate governance and risk at a music technology startup. This ignited her enthusiasm for startups. She now works in a company with several coworkers from that tech startup doing cyber governance. Rois advises law students of many ways into the industry including doing coding, learning risk management, and understanding privacy legislation, and then "just get into the game." We thank Rois for sharing her story.

Learn more about your ad choices. Visit megaphone.fm/adchoices

The CVE countdown clock. [Research Saturday]

Sat, 16 Aug 2025 07:00:00 -0000

Bob Rudis, VP Data Science from GreyNoise, is sharing some insights into their work on "Early Warning Signals: When Attacker Behavior Precedes New Vulnerabilities." New research reveals a striking trend: in 80% of cases, spikes in malicious activity against enterprise edge technologies like VPNs and firewalls occurred weeks before related CVEs were disclosed.

The report breaks down this “6-week critical window,” highlighting which vendors show the strongest early-warning patterns and offering tactical steps defenders can take when suspicious spikes emerge. These findings reveal how early attacker activity can be transformed into actionable intelligence, enabling defenders to anticipate and neutralize threats before vulnerabilities are publicly disclosed.

Complete our annual ⁠⁠⁠audience survey⁠⁠⁠ before August 31.

The research can be found here:

Early Warning Signals: When Attacker Behavior Precedes New Vulnerabilities

Learn more about your ad choices. Visit megaphone.fm/adchoices

Media server mayday.

Fri, 15 Aug 2025 20:10:00 -0000

Plex urges users to immediately update their Media Server due to an undisclosed security flaw. Cisco warns of a critical remote code execution flaw in their Secure Firewall Management Center software.Rockwell Automation discloses multiple critical and high-severity flaws. Hackers breached a Canadian House of Commons database. Active law enforcement and government email accounts are sold online for as little as $40. Telecom giant Colt Technology Services suffers a cyber incident disrupting its customer portal. Taiwan launches new measures to boost hospital cybersecurity after ransomware attacks. NIST has released a concept paper proposing control overlays for securing AI systems. A date with an AI chatbot ends in tragedy. Our guest is Randall Degges, Snyk's Head of Developer and Security Relations, to discuss how underqualified or outsourced coding support can open doors for nation-state threats. Dutch speed cameras are stuck in a cyber-induced siesta.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Randall Degges, Snyk's Head of Developer and Security Relations, to discuss how underqualified or outsourced coding support can open doors for nation-state threats.

Selected Reading

Plex warns users to patch security vulnerability immediately (Bleeping Computer)

Cisco Discloses Critical RCE Flaw in Firewall Management Software (Infosecurity Magazine)

Critical Flaws Patched in Rockwell FactoryTalk, Micro800, ControlLogix Products (SecurityWeek)

CISA Releases Thirty-Two Industrial Control Systems Advisories (CISA.gov)

Hackers Breach Canadian Government Via Microsoft Exploit (Bank Infosecurity)

Compromised Government and Police Email Accounts on the Dark Web (Abnormal.AI)

Telco giant Colt suffers attack, takes systems offline (The Register)

Taiwan announces measures to protect hospitals from hackers (Focus Taiwan)

New NIST Concept Paper Outlines AI-Specific Cybersecurity Framework (Hack Read)

A flirty Meta AI bot invited a retiree to meet. He never made it home. (Reuters)

Dutch prosecution service attack keeps speed cameras offline (The Register)

Audience Survey

Complete our annual audience survey before August 31.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Dialysis down, data out.

Thu, 14 Aug 2025 20:10:00 -0000

A ransomware attack exposes personal medical records of VA patients. New joint guidance from CISA and the NSA emphasizes asset inventory and OT taxonomy. The UK government reportedly spent millions to cover up a data breach. Researchers identified two critical flaws in a widely used print orchestration platform. Phishing attacks increasingly rely on personalization. Rooting and jailbreaking frameworks pose serious enterprise risks. Fortinet warns of a critical command injection flaw in FortiSIEM. Estonian nationals are sentenced in a crypto Ponzi scheme. Michele Campobasso from Forescout joins us to unpack new research separating the hype from reality around “vibe hacking.” Meet the Blockchain Bandits of Pyongyang.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Michele Campobasso from Forescout joins us to unpack new research separating the hype from reality around “vibe hacking.” Their team tested open-source, underground, and commercial AI models on vulnerability research and exploit development tasks—finding high failure rates and significant limitations, even among top commercial systems.

Selected Reading

Medical records for 1 million dialysis patients breached in data hack of VA vendor (Stars and Stripes)

NSA Joins CISA and Others to Share OT Asset Inventory Guidance (NSA.gov)

CISA warns of N-able N-central flaws exploited in zero-day attacks (Bleeping Computer)

U.K. Secretly Spent $3.2 Million to Stop Journalists From Reporting on Data Breach (The New York Times)

From Support Ticket to Zero Day (Horizon3.ai)

Personalization in Phishing: Advanced Tactics for Malware Delivery (Cofense)

The Root(ing) Of All Evil: Security Holes That Could Compromise Your Mobile Device (Zimperium)

Fortinet warns of FortiSIEM pre-auth RCE flaw with exploit in the wild (Bleeping Computer)

Estonians behind $577 million cryptomining fraud sentenced to 16 months (The Record)

Someone counter-hacked a North Korean IT worker: Here’s what they found (Cointelegraph)

Audience Survey

Complete our annual audience survey before August 31.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

When spies get spied on.

Wed, 13 Aug 2025 20:10:00 -0000

Patch Tuesday. The Matrix Foundation patches high-severity vulnerabilities in its open-source communications protocol. The “Curly COMrades” Russian-aligned APT targets critical infrastructure. Microsoft tells users to ignore new CertificateServicesClient (CertEnroll) errors. Researchers uncover a malware campaign hiding the NjRat Remote Access Trojan in a fake Minecraft clone. Motorcycle manufacturer Royal Enfield suffers a ransomware attack. The DOJ details a major operation against the BlackSuit ransomware group. Our guest is Jack Jones, father of Factor Analysis of Information Risk (FAIR) and the FAIR Controls Analytics Model (FAIR-CAM), sharing insights on cyber risk quantification. Data Brokers’ digital hide-and-seek.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Jack Jones, father of Factor Analysis of Information Risk (FAIR) and the FAIR Controls Analytics Model (FAIR-CAM), as he is sharing insights on where he sees the cyber risk quantification market heading.

Selected Reading

Microsoft Patches Over 100 Vulnerabilities (SecurityWeek)

Adobe Patches Over 60 Vulnerabilities Across 13 Products (SecurityWeek)

Chipmaker Patch Tuesday: Many Vulnerabilities Addressed by Intel, AMD, Nvidia (SecurityWeek)

Fortinet, Ivanti Release August 2025 Security Patches (SecurityWeek)

ICS Patch Tuesday: Major Vendors Address Code Execution Vulnerabilities (SecurityWeek)

Alarm raised over 'high-severity' vulnerabilities in Matrix messaging protocol (The Record)

'Curly COMrades' APT Hackers Target Critical Organizations Across Multiple Countries (GB Hackers)

Microsoft asks users to ignore certificate enrollment errors (Bleeping Computer)

Fake Minecraft Installer Spreads NjRat Spyware to Steal Data (Hackread)

Motorcycle manufacturer Royal Enfield hit by ransomware attack published: yesterday (Beyond Machines)

US Authorities Seize $1m from BlackSuit Ransomware Group (Infosecurity Magazine)

We caught companies making it harder to delete your personal data online (The Markup)

Audience Survey

Complete our annual audience survey before August 31.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Kimsuky gets kim-sunk.

Tue, 12 Aug 2025 20:10:00 -0000

Hackers leak backend data from the North Korean state-sponsored hacking group Kimsuky. A ransomware attack on a Dutch clinical diagnostics lab exposes medical data of nearly half a million women. One of the world’s largest staffing firms suffers a data breach. Saint Paul, Minnesota, confirms the Interlock ransomware gang was behind a July cyberattack. Researchers jailbreak ChatGPT-5. A cyber incident takes the Pennsylvania Attorney General’s Office entirely offline. A new report quantifies global financial exposure from Operational Technology (OT) cyber incidents. Finnish prosecutors charge a Russian captain for allegedly damaging five critical subsea cables in the Baltic Sea. On our Industry Voices segment, we are joined by Sean Deuby, Semperis’ Principal Technologist, with insights on the global state of ransomware. Hackers take smart buses for a virtual joyride.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On our Industry Voices segment, we are joined by Sean Deuby, Semperis’ Principal Technologist, who is sharing insights and observations on the state of ransomware around the globe. If you want to hear the full conversation, check it out here.

Selected Reading

Kimsuky APT Hackers Exposed in Alleged Breach Revealing Phishing Tools and Operational Data (TechNadu)

Ransomware attack on dutch medical lab exposes cancer screening data of almost 500K women (Beyond Machines)

Manpower discloses data breach affecting nearly 145,000 people (Bleeping Computer)

Saint Paul cyberattack linked to Interlock ransomware gang (Bleeping Computer)

Tenable Jailbreaks GPT-5, Gets It To Generate Dangerous Info Despite OpenAI’s New Safety Tech (Tenable)

Pennsylvania Attorney General's Office hit by cybersecurity incident, shuts down digital infrastructure (Beyond Machines)

New Dragos Report Estimates Over $300 Billion in Potential Global OT Cyber Risk Exposure (Business Wire)

The 2025 OT Security Financial Risk Report (Dragos)

Finland charges captain of suspected Russian ‘shadow fleet’ tanker for subsea cable damage (The Record)

Free Wi-Fi Leaves Buses Vulnerable to Remote Hacking (SecurityWeek)

Audience Survey

Complete our annual audience survey before August 31.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Deadlines in the cloud.

Mon, 11 Aug 2025 20:10:00 -0000

CISA issues an Emergency Directive to urgently patch a critical vulnerability in Microsoft Exchange hybrid configurations. SoupDealer malware proves highly evasive. Google patches a Gemini calendar flaw. A North Korean espionage group pivots to financial crime. Russia’s RomCom exploits a WinRAR zero-day. Researchers turn Linux-based webcams into persistent threats. The Franklin Project enlists volunteer hackers to strengthen cybersecurity at U.S. water utilities. DoD announces the winner of DARPA’s two-year AI Cyber Challenge. The U.S. extradites Ghanaian nationals for their roles in a massive fraud ring. Our guest is Steve Deitz, President of MANTECH's Federal Civilian Sector, with a look at cell-based Security Operations Centers (SOC). AI advice turns dinner into a medical mystery.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On today’s Industry Voices, we are joined by Steve Deitz, President of MANTECH's Federal Civilian Sector, as he is discussing the cell-based Security Operations Center (SOC) approach. Check out the full conversation from Steve here.

Selected Reading

Understanding and Mitigating CVE-2025-53786: A Critical Microsoft Exchange Vulnerability (The DefendOps Diaries)

CISA Issues Urgent Advisory to Address Microsoft Exchange Flaw (GB Hackers)

SoupDealer Malware Evades Sandboxes, AVs, and EDR/XDR in Real-World Attacks (GB Hackers)

Google Calendar invites let researchers hijack Gemini to leak user data (Bleeping Computer)

North Korean Group ScarCruft Expands From Spying to Ransomware Attacks (Hackread)

Russian Hackers Exploited WinRAR Zero-Day in Attacks on Europe, Canada (SecurityWeek)

BadCam: New BadUSB Attack Turns Linux Webcams Into Persistent Threats (SecurityWeek)

DEF CON hackers plug security holes in US water systems (The Register)

DARPA announces $4 million winner of AI code review competition at DEF CON (The Record)

'Chairmen' of $100 million scam operation extradited to US (Bleeping Computer)

Guy Gives Himself 19th Century Psychiatric Illness After Consulting With ChatGPT (404 Media)

Audience Survey

Complete our annual audience survey before August 31.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Ed Amoroso: Security shouldn't be the main dish. [Computer Science] [Career Notes]

Sun, 10 Aug 2025 07:00:00 -0000

Please enjoy this encore of Career Notes.

Chief Executive Officer and Founder of TAG Cyber, Ed Amoroso, shares how he learned on the job and grew his career. In his words, Ed "went from my dad having an ARPANET connection and I'm learning Pascal, to Bell Labs, to CISO, to business, to quitting, to starting something new. And now I'm riding a new exponential up and it's a hell of a ride." Hear from Ed how he sees security as a side dish that you'll progress into naturally once you've paid your dues and mastered a skill like networking, software or databases. We thank Ed for sharing his story with us.

Learn more about your ad choices. Visit megaphone.fm/adchoices

When malware plays pretend. [Research Saturday]

Sat, 09 Aug 2025 07:00:00 -0000

Nicolás Chiaraviglio, Chief Scientist from Zimperium's zLabs, joins to discuss their work on "Behind Random Words: DoubleTrouble Mobile Banking Trojan Revealed." Zimperium’s zLabs team has been tracking an evolving banker trojan dubbed DoubleTrouble, which has grown more sophisticated in both its distribution and capabilities. Initially spread via phishing sites impersonating European banks, it now uses malicious APKs hosted in Discord channels, and boasts features like screen recording, keylogging, UI overlays, and app blocking—all while heavily abusing Android’s Accessibility Services.

Despite advanced obfuscation and dynamic evasion techniques, Zimperium’s on-device detection tools have successfully identified both known and previously unseen variants, helping protect users from credential theft, financial fraud, and device compromise.

Complete our annual ⁠⁠audience survey⁠⁠ before August 31.

The research can be found here:

⁠Behind Random Words: DoubleTrouble Mobile Banking Trojan Revealed

Learn more about your ad choices. Visit megaphone.fm/adchoices

Reflections in a broken vault.

Fri, 08 Aug 2025 20:10:00 -0000

Researchers uncover multiple vulnerabilities in a popular open-source secrets manager. Software bugs threaten satellite safety. Columbia University confirms a cyberattack. Researchers uncover malicious NPM packages posing as WhatsApp development tools.A new EDR killer tool is being used by multiple ransomware gangs. Home Improvement stores integrate AI license plate readers into their parking lots. The U.S. federal judiciary announces new cybersecurity measures after cyberattacks compromised its case management system. CISA officials reaffirm their commitment to the CVE Program. Our guest is David Wiseman, Vice President of Secure Communications at BlackBerry, discussing the challenges of secure communications. AI watermarking breaks under spectral pressure.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by David Wiseman, Vice President of Secure Communications at BlackBerry, who is discussing the challenges and misconceptions around secure communications.

Selected Reading

HashiCorp Vault 0-Day Flaws Enable Remote Code Execution Attacks (GB Hackers)

Yamcs v5.8.6 Vulnerability Assessment (VisionSpace)

Columbia University says hacker stole SSNs and other data of nearly 900,000 (The Record)

Fake WhatsApp developer libraries hide destructive data-wiping code (Bleeping Computer)

New EDR killer tool used by eight different ransomware groups (Bleeping Computer)

Home Depot and Lowe's Share Data From Hundreds of AI Cameras With Cops (404 Media)

US Federal Judiciary Tightens Security Following Escalated Cyber-Attacks (Infosecurity Magazine)

CISA pledges to continue backing CVE Program after April funding fiasco (The Record)

CISA Issues 10 ICS Advisories Detailing Vulnerabilities and Exploits (GB Hackers)

AI Watermark Remover Defeats Top Techniques (IEEE Spectrum)

Audience Survey

Complete our annual audience survey before August 31.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Exchange hybrid flaw raises cloud alarm.

Thu, 07 Aug 2025 20:10:00 -0000

Microsoft warns of a high-severity vulnerability in Exchange Server hybrid deployments. A Dutch airline and a French telecom report data breaches. Researchers reveal new HTTP request smuggling variants. An Israeli spyware maker may have rebranded to evade U.S. sanctions. CyberArk patches critical vulnerabilities in its secrets management platform. The Akira gang use a legit Intel CPU tuning driver to disable Microsoft Defender. ChatGPT Connectors are shown vulnerable to indirect prompt injection. Researchers expose new details about the VexTrio cybercrime network. SonicWall says a recent SSLVPN-related cyber activity is not due to a zero-day. Ryan Whelan from Accenture is our man on the street at Black Hat. Do androids dream of concierge duty?

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

We continue our coverage from the floor at Black Hat USA 2025 with another edition of Man on the Street. This time, we’re catching up with Ryan Whelan, Managing Director and Global Head of Cyber Intelligence at Accenture, to hear what’s buzzing at the conference.

Selected Reading

Microsoft warns of high-severity flaw in hybrid Exchange deployments (Bleeping Computer)

KLM suffers cyber breach affecting six million passengers (IO+)

Cyberattack hits France’s third-largest mobile operator, millions of customers affected (The Record)

New HTTP Request Smuggling Attacks Impacted CDNs, Major Orgs, Millions of Websites (SecurityWeek)

Candiru Spyware Infrastructure Uncovered (BankInfoSecurity)

Enterprise Secrets Exposed by CyberArk Conjur Vulnerabilities (SecurityWeek)

Akira ransomware abuses CPU tuning tool to disable Microsoft Defender (Bleeping Computer)

A Single Poisoned Document Could Leak ‘Secret’ Data Via ChatGPT (WIRED)

Researchers Expose Infrastructure Behind Cybercrime Network VexTrio (Infosecurity Magazine)

Gen 7 and newer SonicWall Firewalls – SSLVPN Recent Threat Activity (SonicWall)

Want a Different Kind of Work Trip? Try a Robot Hotel (WIRED)

Audience Survey

Complete our annual audience survey before August 31.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Chasing Silicon shadows.

Wed, 06 Aug 2025 20:10:00 -0000

Two Chinese nationals are arrested for allegedly exporting sensitive Nvidia AI chips. A critical security flaw has been discovered in Microsoft’s new NLWeb protocol. Vulnerabilities in Dell laptop firmware could let attackers bypass Windows logins and install malware. Trend Micro warns of an actively exploited remote code execution flaw in its endpoint security platform. Google confirms a data breach involving one of its Salesforce databases. A lack of MFA leaves a Canadian city on the hook for ransomware recovery costs. Nvidia’s CSO denies the need for backdoors or kill switches in the company’s GPUs. CISA flags multiple critical vulnerabilities in Tigo Energy’s Cloud Connect Advanced (CCA) platform. DHS grants funding cuts off the MS-ISAC. Helicopter parenting officially hits the footwear aisle.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Sarah Powazek from UC Berkeley's Center for Long-Term Cybersecurity (CLTC) discussing her proposed nationwide roadmap to scale cyber defense for community organizations.

Black Hat Women on the street

Live from Black Hat USA 2025, it’s a special “Women on the Street” segment with Halcyon’s Cynthia Kaiser, SVP Ransomware Research Center, and CISO Stacey Cameron. Hear what’s happening on the ground and what’s top of mind in cybersecurity this year.

Selected Reading

Two Arrested in the US for Illegally Exporting Microchips Used in AI Applications to China (TechNadu)

Microsoft’s plan to fix the web with AI has already hit an embarrassing security flaw (The Verge)

ReVault flaws let hackers bypass Windows login on Dell laptops (Bleeping Computer)

Trend Micro warns of Apex One zero-day exploited in attacks (Bleeping Computer)

Google says hackers stole its customers' data in a breach of its Salesforce database (TechCrunch)

Hamilton taxpayers on the hook for full $18.3M cyberattack repair bill after insurance claim denied (CP24)

Nvidia rejects US demand for backdoors in AI chips (The Verge)

Critical vulnerabilities reported in Tigo Energy Cloud connect advanced solar management platform (Beyond Machines)

New state, local cyber grant rules prohibit spending on MS-ISAC (StateScoop)

Skechers skewered for adding secret Apple AirTag compartment to kids’ sneakers — have we reached peak obsessive parenting? (NY Post)

Audience Survey

Complete our annual audience survey before August 31.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Hello, hacker speaking.

Tue, 05 Aug 2025 20:10:00 -0000

Cisco reveals a phishing related data breach. SonicWall warns users to disable SSLVPN services after reports of ransomware gangs exploiting a likely zero-day. Researchers uncover a stealthy Linux backdoor and new vulnerabilities in Nvidia’s Triton Inference Server. A new malware campaign targets Microsoft 365 users with fake OneDrive emails. The U.S. Treasury warns of rising criminal activity involving cryptocurrency ATMs. Cloudflare accuses an AI startup of using stealthy methods to bypass restrictions on web scraping. A global infostealer campaign compromises over 4,000 victims across 62 countries. Marty Momdjian, General Manager of Ready1 by Semperis, tells us about Operation Blindspot, a tabletop exercise taking place this week at Black Hat. On this week’s Threat Vector segment, host David Moulton speaks with ⁠Nigel Hedges⁠ from ⁠Sigma Healthcare⁠ about how CISOs can shift cybersecurity from a technical problem to a business priority. One hospital’s data ends up in the snack aisle.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

We are joined by Marty Momdjian, General Manager of Ready1 by Semperis, who is talking about Operation Blindspot, a tabletop exercise simulating a cyberattack against a rural water utility based in Nevada taking place this week at Black Hat USA 2025.

Threat Vector Segment

On this week’s Threat Vector segment, host David Moulton speaks with ⁠Nigel Hedges⁠, Executive General Manager of Cyber & Risk at ⁠Chemist Warehouse⁠ and ⁠Sigma Healthcare⁠. Nigel shares how CISOs can shift cybersecurity from a technical problem to a business priority. You can listen to the full discussion on Threat Vector here and catch new episodes every Thursday on your favorite podcast app.

Selected Reading

Cisco discloses data breach impacting Cisco.com user accounts (Bleeping Computer)

SonicWall urges admins to disable SSLVPN amid rising attacks (Bleeping Computer)

Antivirus vendors fail to spot persistent, nasty, stealthy Linux backdoor (The Register)

Nvidia Triton Vulnerabilities Pose Big Risk to AI Models (SecurityWeek)

Discord CDN Link Abused to Deliver RAT Disguised as OneDrive File (Hackread)

Crypto ATMs fueling criminal activity, Treasury warns (The Record)

AI company Perplexity is sneaking to get around blocks on crawlers, Cloudflare alleges (CyberScoop)

Python-powered malware grabs 200K passwords, credit cards (The Register)

Thai hospital fined 1.2 million baht for data breach via snack bags (DataBreaches.Net)

Audience Survey

Complete our annual audience survey before August 31.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

New sheriff in cyber town.

Mon, 04 Aug 2025 20:10:00 -0000

The Senate confirms a new national cyber director. A new commission explores the establishment of a separate Cyber Force. Cybercriminals exploit link wrapping to launch sophisticated phishing attacks. AI agents are hijacked, cameras cracked, and devs phished. Gene sequencers and period trackers settle allegations of oversharing personal data and inadequate security. Today we are joined by Tim Starks from CyberScoop discussing how China accuses the US of exploiting Microsoft zero-day in a cyberattack. OpenAI scrambles after a chat leak fiasco.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. You can read Tim’s article on the topic here.

CyberWire Guest

Today we are joined by Tim Starks from CyberScoop discussing how China accuses the US of exploiting Microsoft zero-day in a cyberattack.

Selected Reading

Sean Cairncross confirmed as national cyber director (The Record)

Panel to create roadmap for establishing US Cyber Force (The Record)

Microsoft 365: Attackers Weaponize Proofpoint and Intermedia Link Wrapping to Steal Logins (WinBuzzer)

When Public Prompts Turn Into Local Shells: ‘CurXecute’ – RCE in Cursor via MCP Auto‑Start (Aim Security)

LegalPwn Attack Tricks GenAI Tools Into Misclassifying Malware as Safe Code (Hackread)

Bitdefender Warns Users to Update Dahua Cameras Over Critical Flaws (Hackread)

Mozilla warns of phishing attacks targeting add-on developers (Bleeping Computer)

Gene Sequencing Giant Illumina Settles for $9.8M Over Product Vulnerabilities (SecurityWeek)

Flo settles class action lawsuit alleging improper data sharing (The Record)

ChatGPT users shocked to learn their chats were in Google search results (Ars Technica)

Audience Survey

Complete our annual audience survey before August 31.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Hannah Kenney: Focused on people. [Risk] [Career Notes]

Sun, 03 Aug 2025 07:00:00 -0000

Please enjoy this encore of Career Notes.

Manager in BARR Advisory's Cyber Risk Advisory Practice, Hannah Kenney, shares her journey from never considering technology as a career to having it click in an informations systems class in college. After noticing she was the only one in the room who enjoyed the lecture, Hannah knew she wanted to go down the technology route. In talking about her work, Hannah describes it as creative problem solving. She hopes "people see me as someone who viewed cybersecurity and risk as something that is focused on people first and foremost." We thank Hannah for sharing her story with us.

Learn more about your ad choices. Visit megaphone.fm/adchoices

nOAuth-ing to see here. [Research Saturday]

Sat, 02 Aug 2025 07:00:00 -0000

This week, we are joined by Eric Woodruff, Chief Identity Architect at Semperis, discussing "nOAuth Abuse Alert: Full Account Takeover of Entra Cross-Tenant SaaS Applications". Semperis researchers identified a critical authentication flaw known as nOAuth in 9 out of 104 tested SaaS applications integrated with Microsoft Entra ID.

This low-complexity but severe vulnerability allows attackers with just a user’s email address and access to an Entra tenant to impersonate users, exfiltrate data, and move laterally within affected apps—with no viable defense or detection available to customers. The findings spotlight ongoing risks tied to improper use of email claims in authentication and emphasize the urgent need for SaaS vendors to adopt secure OpenID Connect practices and remediate vulnerable applications.

Complete our annual ⁠audience survey⁠ before August 31.

The research can be found here:

nOAuth Abuse Alert: Full Account Takeover of Entra Cross-Tenant SaaS Applications

Learn more about your ad choices. Visit megaphone.fm/adchoices

SUSE flaw found hiding in plain port.

Fri, 01 Aug 2025 20:10:00 -0000

A critical vulnerability in SUSE [SOO-suh] Manager allows attackers to run commands with root privilege. A joint CISA and U.S. Coast Guard threat hunt at a critical infrastructure site reveals serious cybersecurity issues. Healthcare providers across the U.S. report recent data breaches. Cybercriminals infiltrate a bank by physically planting a Raspberry Pi on a network switch. Russian state-backed hackers target Moscow diplomats to deploy ApolloShadow malware. Luxembourg investigates a major telecom outage tied to Huawei equipment. China’s cyberspace regulator summons Nvidia over alleged security risks linked to its H20 AI chips. A new report examines early indicators of system compromise. Today we are joined by Ryan Whelan, Managing Director and Global Head of Accenture Cyber Intelligence, with their analysis of Scattered Spider. Pwn2Own puts a million dollar bounty on WhatsApp zero-clicks.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest
Our guest today is Ryan Whelan, Managing Director and Global Head of Accenture Cyber Intelligence, discussing the possibilities of Scattered Spider.

Selected Reading

Critical flaw in SUSE Manager exposes enterprise deployments to compromise (Beyond Machines)

CISA identifies OT configuration flaws during cyber threat hunt at critical infrastructure organization, lists cyber hygiene (Industrial Cyber)

CISA Issues ICS Advisories for Rockwell Automation Using VMware, and Güralp Seismic Monitoring Systems (Cyber Security News)

Florida Internal Medicine Practices Discloses November 2024 Data Breach (HIPAA Journal)

Cybercrooks use Raspberry Pi to steal ATM cash (The Register)

Russian Cyberspies Target Foreign Embassies in Moscow via AitM Attacks: Microsoft (SecurityWeek)

Luxembourg probes reported attack on Huawei tech that caused nationwide telecoms outage (The Record)

Nvidia summoned by China's cyberspace watchdog over risks in H20 chips (CGTN)

Hackers Regularly Exploit Vulnerabilities Before Public Disclosure (Infosecurity Magazine)

Pwn2Own hacking contest pays $1 million for WhatsApp exploit (Bleeping Computer)

Audience Survey

Complete our annual audience survey before August 31.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Open source, open target.

Thu, 31 Jul 2025 20:10:00 -0000

A sweeping malware campaign by North Korea’s Lazarus Group targets open source ecosystems. President Trump announces a new electronic health records system. A new report reveals deep ties between Chinese state-sponsored hackers and Chinese tech companies. Researchers describe a new prompt injection threat targeting LLMs via browser extensions. Palo Alto Networks’ Unit 42 proposes a new Attribution Framework. Honeywell patches six vulnerabilities in its Experion Process Knowledge System. Researchers track the rapid evolution of a sophisticated Android banking trojan. Scattered Spider goes quiet following recent arrests. Our guests are Jermaine Roebuck and Ann Galchutt from CISA, discussing "Open-Source Eviction Strategies Tool for Cyber Incident Response." A Polish trainmaker sues hackers for fixing trains.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Jermaine Roebuck, Associate Director for Threat Hunting at CISA and Ann Galchutt, Technical Lead at CISA, who will be discussing "Open-Source Eviction Strategies Tool for Cyber Incident Response."

Selected Reading

Sonatype uncovers global espionage campaign in open source ecosystems (Sonatype)

Trump administration is launching a new private health tracking system with Big Tech's help (AP News)

Report Links Chinese Companies to Tools Used by State-Sponsored Hackers (SecurityWeek)

Top 5 GenAI Tools Vulnerable to Man-in-the-Prompt Attack, Billions Could Be Affected (LayerX)

Introducing Unit 42’s Attribution Framework (Unit42)

Honeywell Experion PKS Flaws Allow Manipulation of Industrial Processes (SecurityWeek)

Behind Random Words: DoubleTrouble Mobile Banking Trojan Revealed

Cybercriminals ‘Spooked’ After Scattered Spider Arrests (Infosecurity Magazine)

Polish Train Maker Is Suing the Hackers Who Exposed Its Anti-Repair Tricks (iFixit)

Audience Survey

Complete our annual audience survey before August 31.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

State of emergency in St Paul.

Wed, 30 Jul 2025 20:10:00 -0000

Officials in St. Paul, Minnesota declare a state of emergency following a cyberattack. Hackers disrupt a major French telecom. A power outage causes widespread service disruptions for cloud provider Linode. Researchers reveal a critical authentication bypass flaw in an AI-driven app development platform. A new study shows AI training data is chock full of PII. Fallout continues for the Tea dating safety app. Hackers are actively exploiting a critical SAP NetWeaver vulnerability to deploy malware. CISA and the FBI update their Scattered Spider advisory. A Florida prison exposes personal information of visitors to all of its inmates. Our guest today is Keith Mularski, Chief Global Ambassador at Qintel, retired FBI Special Agent, and co-host of Only Malware in the Building. CISA and Senator Wyden come to terms —mostly— over the long-buried US Telecommunications Insecurity Report.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Our guest today is Keith Mularski, Chief Global Ambassador at Qintel, retired FBI Special Agent, and co-host of Only Malware in the Building discussing what it's like to be the new host on the N2K CyberWire network and giving a glimpse into some upcoming episodes. You can catch Keith and his co-hosts Selena Larson, Staff Threat Researcher and Lead, Intelligence Analysis and Strategy at Proofpoint, and our own Dave Bittner the first Tuesday of each month on your favorite podcast app with new episodes of Only Malware.

Selected Reading

Major cyberattack hits St. Paul, shuts down many services (Star Tribune)

French telecom giant Orange discloses cyberattack (Bleeping Computer)

Power Outage at Newark Data Center Disrupts Linode, Took LWN Offline (FOSS Force)

Critical authentication bypass flaw reported in AI coding platform Base44 (Beyond Machines)

A major AI training data set contains millions of examples of personal data (MIT Technology Review)

Dating safety app Tea suspends messaging after hack (BBC)

Hackers exploit SAP NetWeaver bug to deploy Linux Auto-Color malware (Bleeping Computer)

CISA and FBI Release Tactics, Techniques, and Procedures of the Scattered Spider Hacker Group (gb hackers)

Florida prison data breach exposes visitors' contact information to inmates (Florida Phoenix)

CISA to release long-buried US telco security report (The Register)

Audience Survey

Complete our annual audience survey before August 31.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Tea time is over.

Tue, 29 Jul 2025 20:50:00 -0000

Things get worse in the Tea dating app breach. CISA adds three vulnerabilities to its Known Exploited Vulnerabilities catalog. Researchers uncover a critical flaw in Google’s AI coding assistant. A Missouri Health System agrees to a $9.25 million settlement over claims it used web tracking tools. “Sploitlight” could let attackers bypass Apple’s TCC framework to steal sensitive data. Malware squeaks its way into a mouse configuration tool. Threat actors hide the Oyster backdoor in popular IT tools. The FBI nabs over $2.4 million in Bitcoin from the Chaos ransomware gang. Our guest is Jaeson Schultz, Technical Leader for Cisco Talos Security Intelligence & Research Group, to talk about their work on the security of PDF files. The unintended privacy paradox of data brokers.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Jaeson Schultz, Technical Leader for Cisco Talos Security Intelligence & Research Group, to talk about their work on "PDFs: Portable documents, or perfect deliveries for phish?"

Selected Reading

A Second Tea Breach Reveals Users’ DMs About Abortions and Cheating (404 Media)

CISA warns of active exploitation of critical PaperCut flaw, mandates immediate patching (Beyond Machines)

CISA Warns of Exploited Critical Vulnerabilities in Cisco Identity Services Engine (Infosecurity Magazine)

Researchers flag flaw in Google’s AI coding assistant that allowed for ‘silent’ code exfiltration (CyberScoop)

Health System Settles Web Tracker Lawsuit for Up to $9.25M (GovInfo Security)

Microsoft: macOS Sploitlight flaw leaks Apple Intelligence data (Bleeping Computer)

Endgame Gear mouse config tool infected users with malware (Bleeping Computer)

Oyster Backdoor Disguised as PuTTY and KeyPass Targets IT Admins via SEO Poisoning (GB Hackers)

FBI Seizes $2.4m in Crypto from Chaos Ransomware Gang (Infosecurity Magazine)

Hundreds of registered data brokers ignore user requests around personal data (CyberScoop)

Audience Survey

Complete our annual audience survey before August 31.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Ground control to Kremlin.

Mon, 28 Jul 2025 20:10:00 -0000

Russia’s flagship airline suffers a major cyberattack. U.S. insurance giant Allianz Life confirms the compromise of personal data belonging to most of its 1.4 million customers. A women’s dating safety app spills the tea. NASCAR confirms a data breach. Researchers believe the newly emerged Chaos ransomware group may be a rebrand of BlackSuit. Over 200,000 WordPress sites remain vulnerable to account takeover attacks. Lawmakers introduce legislation to Stop AI Price Gouging and Wage Fixing. States band together to regulate data brokers. My Caveat cohost Ben Yelin explains the impending expiration of the Cybersecurity and Information Sharing Act. Expel missed the mark, but nails the apology.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today’s guest is Ben Yelin from University of Maryland Center for Cyber Health and Hazard Strategies, and co-host on the Caveat podcast, on the impending expiration of the Cybersecurity and Information Sharing Act. If you enjoyed this conversation, head on over to the Caveat podcast to hear more from Ben.

Selected Reading

Russia's Aeroflot cancels flights after pro-Ukrainian hackers claim massive cyberattack (Reuters)

Allianz Life says 'majority' of customers' personal data stolen in cyberattack (TechCrunch)

Women Dating Safety App 'Tea' Breached, Users' IDs Posted to 4chan (404 Media)

NASCAR Confirms Personal Information Stolen in Ransomware Attack (SecurityWeek)

BlackSuit Ransomware Group Transitioning to 'Chaos' Amid Leak Site Seizure (SecurityWeek)

Post SMTP plugin flaw exposes 200K WordPress sites to hijacking attacks (Bleeping Computer)

Congress introduces bill to ban AI surveillance pricing (The Register)

An inside look into how a coalition of state legislators plan to take on data brokers (The Record)

An important update (and apology) on our PoisonSeed blog (Expel)

Audience Survey

Complete our annual audience survey before August 31.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Ryan Kovar: Everyday, assume compromise. [Strategy] [Career Notes]

Sun, 27 Jul 2025 05:00:00 -0000

Please enjoy this encore of Career Notes.

Distinguished Security Strategist at Splunk, Ryan Kovar, shares his journey that started in the US Navy and how it contributed to his leadership in life after the military. Cutting his teeth as sysadmin on the USS Kitty Hawk, Ryan worked as a contractor following the Navy. At Splunk, he leads the SURGe research team to solve what he calls the "blue collar for the blue team problems". He works hard on incorporating diversity of thought. Ryan notes, "I've been doing cybersecurity or IT now for over 20 years and of that 20 years of knowledge, only about five years of that knowledge is really relevant. You can't sit on your laurels in this industry." We thank Ryan for sharing his story with us.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Muddled Libra: From Spraying to Preying in 2025 [Threat Vector]

Sat, 26 Jul 2025 04:00:00 -0000

Please enjoy this Special Edition episode of the Threat Vector podcast with an update on our previous Muddled Libra coverage.

Muddled Libra is back and more dangerous than ever. In this episode of Threat Vector, David Moulton speaks with Sam Rubin and Kristopher Russo from Unit 42 about the resurgence of the threat group also known as Scattered Spider. They break down the group’s shift to destructive extortion, modular attack teams, and cloud-first tactics. Discover why traditional defenses fail, how attackers now exploit trusted tools, and what forward-leaning security leaders are doing to stay ahead. With real-world case studies, strategic advice, and insights from the front lines, this episode helps defenders understand today’s threat landscape and what’s coming next.

Join the conversation on our social media channels:

Website: ⁠⁠⁠⁠https://www.paloaltonetworks.com/
Threat Research: ⁠⁠⁠⁠https://unit42.paloaltonetworks.com/⁠⁠⁠⁠
Facebook: ⁠⁠⁠⁠https://www.facebook.com/LifeatPaloAltoNetworks/⁠⁠⁠⁠
LinkedIn: ⁠⁠⁠⁠https://www.linkedin.com/company/unit42/⁠⁠⁠⁠
YouTube: @paloaltonetworks
Twitter: ⁠⁠⁠⁠https://twitter.com/PaloAltoNtwks⁠⁠⁠⁠

About Threat Vector

The podcast features in-depth discussions with industry leaders, Palo Alto Networks experts, and customers, providing crucial insights for security decision-makers.

Palo Alto Networks

Learn more about your ad choices. Visit megaphone.fm/adchoices

A dark web titan falls.

Fri, 25 Jul 2025 20:10:00 -0000

International law enforcement arrest the suspected operator of a major Russian dark web cybercrime forum. DHS is said to be among the agencies hit by the Microsoft SharePoint zero-day. The Fire Ant cyberespionage group targets global enterprise infrastructure. A Steam game is compromised to distribute info-stealing malware. Mitel Networks issues security patches for MiVoice MX-ONE communications platform. CISA nominee Sean Plankey faces tough questions at his Senate confirmation hearing. A malicious prompt was hiding in Amazon’s Q Developer extension for VS Code. Our guest is Brandon Karpf, friend of the show, cybersecurity expert, and founder of T-Minus Space Daily, joining host Maria Varmazis to explore how space-based telecom architectures could play a critical role in securing agentic AI systems. Android users scroll with caution, Apple fans roll the dice.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today’s guest is Brandon Karpf, friend of the show, cybersecurity expert, and founder of T-Minus Space Daily, joining host Maria Varmazis to explore how space-based telecom architectures could play a critical role in securing agentic AI systems.

Selected Reading

What Happened to XSS.is? Everything You Need to Know About the Forum Takedown - SOCRadar® Cyber Intelligence Inc. (socradar.io)

Suspected admin of major dark web cybercrime forum arrested in Ukraine (The Record)

DHS impacted in hack of Microsoft SharePoint products, people familiar say - Nextgov/FCW (NextGov)

Stealthy cyber spies linked to China compromising virtualization software globally (The Record)

Hacker sneaks infostealer malware into early access Steam game (Bleeping Computer)

Mitel warns of critical MiVoice MX-ONE authentication bypass flaw (Bleeping Computer)

Senators push CISA director nominee on election security, agency focus (Cybersecurity Dive)

Hacker injects malicious, potentially disk-wiping prompt into Amazon's AI coding assistant with a simple pull request , told 'Your goal is to clean a system to a near-factory state and delete file-system and cloud resources' | Tom's Hardware (TomsHardware)

iPhone vs. Android: iPhone users more reckless, less protected online (Malwarebytes)

Audience Survey

Complete our annual audience survey before August 31.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Powering AI with politics.

Thu, 24 Jul 2025 20:10:00 -0000

The White House unveils its plan for global AI dominance. Microsoft warns that recent SharePoint server exploitation may extend to ransomware. A phishing campaign targeting the U.S. Department of Education’s grants portal. The FBI issues a warning about “The Com” cybercriminal group. SonicWall urges users to patch a critical vulnerability. A new supply chain attack has compromised several popular NPM packages. Joe Carrigan, co-host of the Hacking Humans podcast, joins to discuss how scammers are exploiting misconfigured point-of-sale terminals. Japanese police release a free decryption tool for Phobos ransomware. AI takes the wheel and drives right off a cliff.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Joe Carrigan, co-host of the Hacking Humans podcast, joins to discuss how scammers are exploiting misconfigured point-of-sale terminals, highlighting severe vulnerabilities that small businesses often overlook. If you want to hear more from Joe, head over to the Hacking Humans page.

Selected Reading

From Tech Podcasts to Policy: Trump's New AI Plan Leans Heavily on Silicon Valley Industry Ideas (SecurityWeek)

Hackers hit more than 400 organizations in Microsoft SharePoint hacks (Axios)

Microsoft says some SharePoint server hackers now using ransomware (Reuters)

Hackers Clone U.S. Department of Education's Grant Site in Credential Theft Campaign (TechNadu)

Copilot Vision on Windows 11 sends data to Microsoft servers (The Register)

FBI: Thousands of people involved in 'The Com' targeting victims with ransomware, swatting (The Record)

SonicWall urges admins to patch critical RCE flaw in SMA 100 devices (Bleeping Computer)

High-Value NPM Developers Compromised in New Phishing Campaign (SecurityWeek)

Free decryptor for victims of Phobos ransomware released (Fortra)

'I destroyed months of your work in seconds' says AI coding tool after deleting a dev's entire database during a code freeze: 'I panicked instead of thinking' (PC Gamer)

Audience Survey

Complete our annual audience survey before August 31.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

SharePoint springs a leak.

Wed, 23 Jul 2025 20:10:00 -0000

The National Nuclear Security Administration was among the organizations impacted by the SharePoint zero-day. Experts testify before congress that OT security still lags.The FBI warns healthcare and critical infrastructure providers about Interlock ransomware. New York proposes new cybersecurity regulations for water and wastewater systems along with grants to fund them. Researchers uncover an active cryptomining campaign targeting cloud environments. A new variant of the Coyote banking trojan exploits Microsoft’s Windows UI Automation (UIA) framework for credential theft. The DoD pilots an agentic AI project aimed at helping military planners critique and enhance war plans. Clorox sues its former IT service provider for $380 million. Our guest is Tim Starks from CyberScoop discussing sanctions on Russian hackers and spies. Pirate Prime, do the time.

CyberWire Guest

Today we are joined by Tim Starks from CyberScoop discussing research on "UK sanctions Russian hackers, spies as US weighs its own punishments for Russia.”

Selected Reading

US nuclear weapons agency reportedly breached in Microsoft SharePoint attacks (The Verge)

Fully Operational Stuxnet 15 Years Later & the Evolution of Cyber Threats to Critical Infrastructure (US House of Representatives Cybersecurity and Infrastructure Protection Subcommittee Hearing)

European healthcare network AMEOS Group hit by cyberattack (Beyond Machines)

FBI urges vigilance against Interlock ransomware group behind recent healthcare attacks (The Record)

New York unveils new cyber regulations, $2.5 million grant program for water systems (The Record)

Soco404: Multiplatform Cryptomining Campaign (Wiz)

Coyote malware abuses Windows accessibility framework for data theft (Bleeping Computer)

Thunderforge Brings AI Agents to Wargames (IEEE Spectrum)

Clorox Sues Cognizant for Causing 2023 Cyber-Attack (Infosecurity Magazine)

Operator of Jetflix illegal streaming service gets 7 years in prison (Bleeping Computer)

Audience Survey

Complete our annual audience survey before August 31.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

The SharePoint siege goes strategic.

Tue, 22 Jul 2025 20:10:00 -0000

Confusion persists over the Microsoft Sharepoint zero-days. CrushFTP confirms a zero-day under active exploitation. The UK government proposes a public sector ban on ransomware payments. A new ransomware group is using an AI chatbot to handle victim negotiations. Australia’s financial regulator accuses a wealth management firm of failing to manage cybersecurity risks. Researchers uncover a WordPress attack that abuses Google Tag Manager. Arizona election officials question CISA following a state portal cyberattack. Hungarian police arrest a man accused of launching DDoS attacks on independent media outlets. On our Threat Vector segment guest host ⁠Michael Sikorski⁠ ⁠and Michael Daniel⁠ of the Cyber Threat Alliance (CTA) explore cybersecurity collaboration. A Spyware kingpin wants back in.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

Threat Vector Segment

On our Threat Vector segment, host David Moulton turns the mic over to guest host ⁠Michael Sikorski⁠ and his guest ⁠Michael Daniel⁠ of the Cyber Threat Alliance (CTA) for a deep dive into cybersecurity collaboration. You can hear Michael and Michael's full discussion on Threat Vector ⁠⁠⁠here⁠⁠⁠ and catch new episodes every Thursday on your favorite podcast app.

Selected Reading

ToolShell Zero-Day Attacks on SharePoint: First Wave Linked to China, Hit High-Value Targets (SecurityWeek)

Microsoft: Windows Server KB5062557 causes cluster, VM issues (Bleeping Computer)

File transfer company CrushFTP warns of zero-day exploit seen in the wild (The Record)

UK to lead crackdown on cyber criminals with ransomware measures (GOV.UK)

Ransomware Group Uses AI Chatbot to Intensify Pressure on Victims (Infosecurity Magazine)

Australian Regulator Alleges Financial Firm Exposed Clients to Unacceptable Cyber Risks (Infosecurity Magazine)

WordPress spam campaign abuses Google Tag Manager scripts (SC Media)

After website hack, Arizona election officials unload on Trump’s CISA (CyberScoop)

Hungarian police arrest suspect in cyberattacks on independent media (The Record)

Serial spyware founder Scott Zuckerman wants the FTC to unban him from the surveillance industry (TechCrunch)

Audience Survey

Complete our annual audience survey before August 31.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Microsoft flaws fuel global breaches.

Mon, 21 Jul 2025 20:30:00 -0000

Microsoft issues emergency updates for zero-day SharePoint flaws. Alaska Airlines resumes operations following an IT outage. The UK government reconsiders demands for Apple iCloud backdoors. A French Senate report raises concerns over digital sovereignty. Meta declines to sign the EU’s new voluntary AI code of practice. A new report claims last year’s CrowdStrike outage disrupted over 750 hospitals. The World Leaks extortion group has breached Dell’s Customer Solution Centers. Hewlett-Packard Enterprise (HPE) issues a critical warning about two severe security flaws in Aruba Instant On Access Points. A single compromised password leads to a UK transport company’s demise. An AI assistant falls for fake metadata magic.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Maria Varmazis, host of T-Minus Space Daily, joins Dave Bittner to unpack AST SpaceMobile’s request to use amateur radio spectrum for satellite communications. They explore what this means for ham radio users, the role of secondary spectrum access, and why the amateur community is pushing back. It’s a nuanced look at spectrum sharing, space tech, and regulatory tensions.

Selected Reading

Global hack on Microsoft product hits U.S., state agencies, researchers say (The Washington Post)

Microsoft releases emergency patches for SharePoint RCE flaws exploited in attacks (Bleeping Computer)

Alaska Airlines requests all flights to be grounded: FAA (ABC News)

UK government seeks way out of clash with US over Apple encryption (Financial Times)

Digital vassals? French Government ‘exposes citizens’ data to US’ (Brussels Signal)

Meta snubs the EU’s voluntary AI guidelines (The Verge)

At Least 750 US Hospitals Faced Disruptions During Last Year’s CrowdStrike Outage, Study Finds (WIRED)

Dell confirms breach of test lab platform by World Leaks extortion group (Bleeping Computer)

HPE warns of hardcoded passwords in Aruba access points (Bleeping Computer)

Weak password allowed hackers to sink a 158-year-old company (BBC News)

Claude Jailbroken to Mint Unlimited Stripe Coupons (General Analysis)

Audience Survey

Complete our annual audience survey before August 31.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Anisha Patel: Right along with them. [Program management] [Career Notes]

Sun, 20 Jul 2025 07:00:00 -0000

Please enjoy this encore of Career Notes:

Associate Director at Raytheon Intelligence and Space in the Cyber Protection Services Division Anisha Patel always loved math and it defined her career journey. As a first-generation American from an Asian household, Anisha said she was destined for a STEM-focused career and chose electrical engineering. She began her career and remains at Raytheon (formerly E-Systems) working in several areas of the business thanks to her skills and informal mentors. Starting a rotational assignment in program management (7 years ago), Anisha said she "went to the dark side and then the hole closed and there I ended up." Anisha talks about the need to bring diversity of thought into the industry and adds to her team with this in mind. We thank Anisha for sharing her story with us.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Creeping like a spider. [Research Saturday]

Sat, 19 Jul 2025 07:00:00 -0000

This week, we are pleased to be joined by ⁠George Glass⁠, Associate Managing Director of ⁠Kroll⁠'s Cyber Risk business, as he is discussing their research on Scattered Spider and their targeting of insurance companies. While Scattered Spider has recently turned its attention to the airline industry, George focuses on the broader trend of the group’s industry-by-industry approach and what that means for defenders across sectors.

George and Dave discuss the group’s history, their self-identification as a cartel, and their increasingly aggressive tactics, including the use of fear-based social engineering, physical threats, and the recruitment of insiders at telecom providers. They also examine how organizations—especially those with vulnerabilities similar to past targets—can proactively defend against this threat and prepare an effective response if their industry becomes the next focus.

Complete our annual ⁠⁠audience survey⁠⁠ before August 31.

Learn more about your ad choices. Visit megaphone.fm/adchoices

UK calls out Russia’s playbook.

Fri, 18 Jul 2025 20:10:00 -0000

The UK sanctions Russian military intelligence officers tied to GRU cyber units. An AI-powered malware called LameHug targets Windows systems. Google files a lawsuit against the operators of the Badbox 2.0 botnet. A pair of healthcare data breaches impact over 3 million individuals. Researchers report a phishing attack that bypasses FIDO authentication by exploiting QR codes. A critical flaw in Nvidia’s Container Toolkit threatens managed AI cloud services. A secure messaging app is found exposing sensitive data due to outdated configurations. Meta investors settle their $8 billion lawsuit. Our guest is Will Markow, CEO of FourOne Insights and N2K CyberWire Senior Workforce Analyst, with a data-driven look at how AI is affecting jobs. Belgian police provide timely cyber tips, baked right in.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we have Will Markow, CEO of FourOne Insights and N2K CyberWire Senior Workforce Analyst, discussing how AI is affecting jobs.

Got cybersecurity, IT, or project management certification goals?

Selected Reading

Breaking: UK sanctions Russian cyber spies accused of facilitating murders (The Record)

Russia Linked to New Malware Targeting Email Accounts for Espionage (Infosecurity Magazine)

New “LameHug” Malware Deploys AI-Generated Commands (Infosecurity Magazine)

Google Sues Operators of 10-Million-Device Badbox 2.0 Botnet (SecurityWeek)

1.4 Million Affected by Data Breach at Virginia Radiology Practice (SecurityWeek)

Anne Arundel Dermatology Data Breach Impacts 1.9 Million People (SecurityWeek)

Phishing attack abuses QR codes to bypass FIDO keys (SC Media)

Critical Nvidia Toolkit Flaw Exposes AI Cloud Services to Hacking (SecurityWeek)

New TeleMessage SGNL Flaw Is Actively Being Exploited by Attackers (Hackread)

Meta investors, Zuckerberg settle $8 billion privacy lawsuit tied to Cambridge Analytica scandal (The Record)

Loaf and order: Belgian police launch bread-based cybersecurity campaign (Graham Cluley)

Audience Survey

Complete our annual audience survey before August 31.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

When hackers become the hunted.

Thu, 17 Jul 2025 20:10:00 -0000

Pro-Russian Hackers, scam lords, and ransomware gangs face global justice. Louis Vuitton ties customer data breaches to a single cyber incident. The White House is developing a “Zero Trust 2.0” cybersecurity strategy. OVERSTEP malware targets outdated SonicWall Secure Mobile Access (SMA) devices. An Australian political party suffers a massive ransomware breach. Our guest Jacob Oakley speaks with T-Minus Space Daily host Maria Varmazis. Jacob is Technical Director at SIXGEN and Space Lead for the DEFCON Aerospace Village. An Italian YouTuber faces a retro reckoning.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Our guest Jacob Oakley joins us from today’s episode of T-Minus Space Daily host Maria Varmazis. Jacob is Technical Director at SIXGEN and Space Lead for the DEFCON Aerospace Village. He and Maria discuss space cybersecurity.

Selected Reading

Global operation targets NoName057(16) pro-Russian cybercrime network - The offenders targeted Ukraine and supporting countries, including many EU Member States (Europol)

Cambodia makes 1,000 arrests in latest crackdown on cybercrime (NBC News)

Armenian National Extradited to the United States Faces Federal Charges for Ransomware Extortion Conspiracy (US Department of Justice)

Italian police dismantle Romanian ransomware gang targeting nonprofits, film companies (The Record)

Louis Vuitton says regional data breaches tied to same cyberattack (Bleeping Computer)

Trump admin focuses on ‘zero trust 2.0,’ cybersecurity efficiencies (Federal News Network)

SonicWall SMA devices hacked with OVERSTEP rootkit tied to ransomware (Bleeping Computer)

Clive Palmer's political parties suffer data breach affecting 'all emails ... documents and records' (Crikey)

YouTuber faces jail time for showing off Android-based gaming handhelds (Ars Technica)

Audience Survey

Complete our annual audience survey before August 31.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Chrome’s high-risk bug gets squashed.

Wed, 16 Jul 2025 20:10:00 -0000

Google and Microsoft issue critical updates. CISA warns of active exploitation of a critical flaw in Wing FTP Server. Cloudflare restores their DNS Resolver service following a brief outage. A critical vulnerability in a PHP documentation tool allows attackers to execute code on affected servers. NSA and FBI officials say they’ve disrupted Chinese cyber campaigns targeting U.S. critical infrastructure. A UK data breach puts Afghan soldiers and their families at risk. Researchers find malware hiding in DNS records. A former U.S. Army soldier pleads guilty to charges of hacking and extortion. Ben Yelin joins us with insights on the Senate Armed Services Committee’s response to rising threats to critical infrastructure.The large print giveth and the small print taketh away.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Ben Yelin, co host of our Caveat podcast and Program Director for Public Policy & External Affairs at the University of Maryland Center for Cyber Health and Hazard Strategies, discussing the Senate Armed Services Committee’s and Trump administration nominees’ recent conversation about rising threats to critical infrastructure. You can find the article Ben discusses here.

Selected Reading

Google fixes actively exploited sandbox escape zero day in Chrome (Bleeping Computer)

Windows KB5064489 emergency update fixes Azure VM launch issues (Bleeping Computer)

Exploited Wing file transfer bug risks ‘total server compromise,’ CISA warns (The Record)

Cloudflare 1.1.1.1 incident on July 14, 2025 (Cloudflare)

Critical template Injection flaw in LaRecipe Documentation Package enables remote code execution (Beyond Machines)

NSA: Volt Typhoon was ‘not successful’ at persisting in critical infrastructure (The Record)

Defence secretary 'unable to say' if anyone killed after Afghan data breach (BBC News)

Hackers exploit a blind spot by hiding malware inside DNS records (Ars Technica)

21-year-old former US soldier pleads guilty to hacking, extorting telecoms (The Record)

WeTransfer says files not used to train AI after backlash (BBC News)

Audience Survey

Complete our annual audience survey before August 31.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

The Grok that broke the camel’s back.

Tue, 15 Jul 2025 20:10:00 -0000

A DOGE employee leaks private API keys to GitHub. North Korea’s “Contagious Interview” campaign has a new malware loader. A New Jersey diagnostic lab suffers a ransomware attack. A top-grossing dark web marketplace goes dark in what experts believe is an exit scam. MITRE launches a cybersecurity framework to address threats in cryptocurrency and digital financial systems. Experts fear steep budget cuts and layoffs under the Trump administration may undermine cybersecurity information sharing. A Maryland IT contractor settles federal allegations of cyber fraud. Kim Jones and Ethan Cook reflect on CISO perspectives. A crypto hacker goes hero and gets a hefty reward.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today Kim Jones, host of CISO perspectives, sits down with N2K’s analyst Ethan Cook to reflect on highlights from this season of CISO Perspectives. They revisit key moments, discuss recurring themes like the cybersecurity workforce gap, and get Ethan’s outsider take on the conversations. It’s all part of a special wrap-up to close out the season finale. If you like this conversation and want to hear more from CISO Perspectives, check it out here.

Selected Reading

DOGE Employee exposes AI API Keys in source code, giving access to advanced xAI models (Beyond Machines)

DOGE Denizen Marko Elez Leaked API Key for xAI (Krebs on Security)

North Korean Actors Expand Contagious Interview Campaign with New Malware Loader (Infosecurity Magazine)

Avantic Medical Lab hit by ransomware attack, data breach (Beyond Machines)

Abacus Market Shutters After Exit Scam, Say Experts (Infosecurity Magazine)

MITRE Unveils AADAPT Framework to Tackle Cryptocurrency Threats (SecurityWeek)

How Trump's Cyber Cuts Dismantle Federal Information Sharing (BankInfo Security)

UK launches vulnerability research program for external experts (Bleeping Computer)

Federal IT contractor to pay $14.75 fine over ‘cyber fraud’ allegations (The Record)

Crypto Hacker Who Drained $42,000,000 From GMX Goes White Hat, Returns Funds in Exchange for $5,000,000 Bounty (The Daily Hodl)

Audience Survey

Complete our annual audience survey before August 31.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Taxing times for cyber fraudsters.

Mon, 14 Jul 2025 20:10:00 -0000

British and Romanian authorities make arrests in a major tax fraud scheme. The Interlock ransomware gang has a new RAT. A new vulnerability in Google Gemini for Workspace allows attackers to hide malicious instructions inside emails. Suspected Chinese hackers breach a major DC law firm. Multiple firmware vulnerabilities affect products from Taiwanese manufacturer Gigabyte Technology. Nvidia warns against Rowhammer attacks across its product line. Louis Vuitton joins the list of breached UK retailers. Indian authorities dismantle a cyber fraud gang. CISA pumps the brakes on a critical vulnerability in American train systems. Our guest is Cynthia Kaiser, SVP of Halcyon’s Ransomware Research Center and former Deputy Assistant Director at the FBI’s Cyber Division, with insights on Scattered Spider. Hackers ransack Elmo’s World.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Cynthia Kaiser, SVP of Halcyon’s Ransomware Research Center and former Deputy Assistant Director at the FBI’s Cyber Division, discussing "Scattered Spider and Other Criminal Compromise of Outsourcing Providers Increases Victim Attacks." You can check out more from Halcyon here.

Selected Reading

Romanian police arrest 13 scammers targeting UK’s tax authority (The Record)

Interlock Ransomware Unleashes New RAT in Widespread Campaign (Infosecurity Magazine)

Google Gemini flaw hijacks email summaries for phishing (Bleeping Computer)

Chinese hackers suspected in breach of powerful DC law firm (CNN Politics)

Flaws in Gigabyte Firmware Allow Security Bypass, Backdoor Deployment (Security Week)

Nvidia warns of Rowhammer attacks on GPUs (The Register)

Louis Vuitton UK Latest Retailer Hit by Data Breach (Infosecurity Magazine)

Indian Police Raid Tech Support Scam Call Center (Infosecurity Magazine)

Security vulnerability on U.S. trains that let anyone activate the brakes on the rear car was known for 13 years — operators refused to fix the issue until now (Tom's Hardware)

End-of-Train and Head-of-Train Remote Linking Protocol (CISA)

Hacker Makes Antisemitic Posts on Elmo’s X Account (The New York Times)

Audience Survey

Complete our annual audience survey before August 31.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

MK Palmore: Lead from where you stand. [CISO] [Career Notes]

Sat, 12 Jul 2025 07:00:00 -0000

Please enjoy this encore of Career Notes.

Director of Google Cloud's Office of the CISO, MK Palmore, dedicated much of his life to public service and now brings his experience working for the greater good to the private sector. A graduate of the US Naval Academy, including the Naval Academy Prep School that he calls the most impactful educational experience of his life, MK commissioned into the US Marine Corps following his service academy time. He joined the FBI and that is where he came into the cybersecurity realm. MK is passionate about getting more diversity, equity and inclusion into industry. We thank MK for sharing his story with us.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Click here to steal. [Research Saturday]

Sat, 12 Jul 2025 07:00:00 -0000

Today we are joined by ⁠Selena Larson⁠, Threat Researcher at ⁠Proofpoint⁠, and co-host of ⁠Only Malware in the Building⁠, as she discusses their work on "Amatera Stealer - Rebranded ACR Stealer With Improved Evasion, Sophistication." Proofpoint researchers have identified Amatera Stealer, a rebranded and actively developed malware-as-a-service (MaaS) variant of the former ACR Stealer, featuring advanced evasion techniques like NTSockets for stealthy C2 communication and WoW64 Syscalls to bypass user-mode defenses.

Distributed via ClearFake web injects and the ClickFix technique, Amatera leverages multilayered PowerShell loaders, blockchain-based hosting, and creative social engineering to compromise victims. With enhanced capabilities to steal browser data, crypto wallets, and other sensitive files, Amatera poses a growing threat in the wake of disruptions to competing stealers like Lumma.

Complete our annual ⁠audience survey⁠ before August 31.

The research can be found here:

⁠Amatera Stealer: Rebranded ACR Stealer With Improved Evasion, Sophistication

Learn more about your ad choices. Visit megaphone.fm/adchoices

Behind the firewall, trouble brews.

Fri, 11 Jul 2025 20:10:00 -0000

Fortinet patches a critical flaw in its FortiWeb web application firewall. Hackers are exploiting a critical vulnerability in Wing FTP Server. U.S. Cyber Command’s fiscal 2026 budget includes a new AI project. Czechia’s cybersecurity agency has issued a formal warning about Chinese AI company DeepSeek. The DoNot APT group targets Italy’s Ministry of Foreign Affairs. Mexico’s former president is under investigation for alleged bribes to secure spyware contracts. The FBI seizes a major Nintendo Switch piracy site. CISA releases 13 ICS advisories. A retired US Army lieutenant colonel pleads guilty to oversharing classified information on a dating app. Our guest is Catherine Woneis, VP of Product at Fingerprint, to discuss how bots are being used to facilitate music royalty fraud. A federal judge is not impressed with a crypto-thief’s lack of restitution.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Catherine Woneis, VP of Product at Fingerprint, to discuss how bots are being used to facilitate music royalty fraud and how companies can protect themselves.

Selected Reading

Critical SQL injection vulnerability in Fortinet FortiWeb enables unauthenticated remote code execution (Beyond Machines)

Critical Wing FTCritical Wing FTP Server Vulnerability Exploited - SecurityWeekP Server Vulnerability Exploited (SecurityWeek)

Cyber Command creates new AI program in fiscal 2026 budget (DefenseScoop)

DeepSeek a threat to national security, warns Czech cyber agency (The Record)

Indian Cyber Espionage Group Targets Italian Government (Infosecurity Magazine)

Former Mexican president investigated over allegedly taking bribes from spyware industry (The Record)

Major Nintendo Switch Piracy Website Seized By FBI (Kotaku)

CISA Releases Thirteen Industrial Control Systems Advisories (CISA)

Lovestruck US Air Force worker admits leaking secrets on dating app (The Register)

Crypto Scammer Truglia Gets 12 Years Prison, Up From 18 Months (Bloomberg)

Audience Survey

Complete our annual audience survey before August 31.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Cybercrime has a hefty price tag.

Thu, 10 Jul 2025 20:10:00 -0000

UK police make multiple arrests in the retail cyberattack case. French authorities arrest a Russian basketball player at the request of the U.S. A German court declares open season on Meta’s tracking pixels. The European Union unveils new rules to regulate artificial intelligence. London’s Iran International news confirms cyberattacks from Banished Kitten. Treasury sanctions a North Korean hacker over fake IT worker schemes. Microsoft confirms a widespread issue preventing organizations from deploying the latest Windows updates. Agreements over AI help end a year-long Hollywood strike. Researchers take an in-depth look at ClickFix. I’m joined by Ben Yelin and Ethan Cook for a look at Congress’ recent attempt to limit AI regulation through preemption. Password insecurity with a side of fries.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we’re sharing our latest Caveat Policy Deep Dive—a special segment where we explore the legal and policy forces shaping our digital lives. In this episode, Ethan Cook joins hosts Dave Bittner and Ben Yelin to break down a recent attempt by Congress to use preemption as a way to block state-level AI laws, and what this means for the ongoing tug-of-war over who should regulate AI in America.

For the full conversation and a deeper dive into the implications of this federal vs. state showdown, check out the Caveat podcast

Selected Reading

UK police arrest four in connection with M&S and Co-op cyberattacks (Reuters)

Russian Basketball Player Arrested in France at Request of United States (The Moscow Times)

German court rules Meta tracking technology violates European privacy laws (The Record)

European Union Unveils Rules for Powerful A.I. Systems (The New York Times)

Leaked materials came from previously reported cyberattacks, Iran International confirms (Iran Insight)

Treasury sanctions North Korean over IT worker malware scheme (Bleeping Computer)

Microsoft confirms Windows Server Update Services (WSUS) sync is broken (Bleeping Computer)

Industry video game actors pass agreement with studios for AI security (Reuters)

Fix the Click: Preventing the ClickFix Attack Vector (Palo Alto Networks)

McDonald’s AI Hiring Bot Exposed Millions of Applicants' Data to Hackers Using the Password ‘123456’ (WIRED)

Audience Survey

Complete our annual audience survey before August 31.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Plug-ins gone rogue.

Wed, 09 Jul 2025 20:10:00 -0000

Patch Tuesday. An Iranian ransomware group puts a premium on U.S. and Israeli targets. Batavia spyware targets Russia’s industrial sector. HHS fines a Texas Behavioral Health firm for failed risk analysis. The Anatsa banking trojan targets financial institutions in the U.S. and Canada. Hackers abuse a legitimate commercial evasion framework to package infostealer payloads. Researchers discovered malicious browser extensions infecting over 2.3 million users. Joe Carrigan, co-host on Hacking Humans discusses phishing kits targeting CFOs. Can felines frustrate algorithms? Purr-haps…

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Joe Carrigan, a co-host of Hacking Humans, as he discusses phishing kits targeting CFOs.

Selected Reading

Microsoft July 2025 Patch Tuesday fixes one zero-day, 137 flaws (Bleeping Computer)

SAP Patches Critical Flaws That Could Allow Remote Code Execution, Full System Takeover (SecurityWeek)

CISA Releases One Industrial Control Systems Advisory (CISA)

Iranian ransomware group offers bigger payouts for attacks on Israel, US (The Record)

New spyware strain steals data from Russian industrial companies (The Record)

Mental Health Provider Fined $225K for Lack of Risk Analysis (BankInfo Security)

Anatsa mobile malware returns to victimize North American bank customers (The Record)

Legitimate Shellter Pen-Testing Tool Used in Malware Attacks (SecurityWeek)

Researchers Reveal 18 Malicious Chrome and Edge Extensions Disguised as Everyday Tools (Infosecurity Magazine)

Cat content disturbs AI models (Computerworld)

Audience Survey

Complete our annual audience survey before August 31.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Memory leaks and login sneaks.

Tue, 08 Jul 2025 20:10:00 -0000

Researchers release proof-of-concept exploits for CitrixBleed2. Grafana patches four high-severity vulnerabilities. A hacker claims to have breached Spanish telecom giant Telefónica. Italian police arrest a Chinese man wanted by U.S. authorities for alleged industrial espionage. Beware of a new ransomware group called Bert. Call of Duty goes offline after reports of RCE vulnerabilities. President Trump's spending bill allocates hundreds of millions for cybersecurity. Nearly 26 million job seekers’ resumes and personal data are leaked. CISA adds four actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog. Outsmarting AI scraper bots with math.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

Threat Vector Segment

Cyber attackers are increasingly targeting the very tools developers trust—integrated development environments (IDEs), low-code platforms, and public code repositories. In this segment of Threat Vector, host ⁠David Moulton⁠ speaks with ⁠Daniel Frank⁠ and ⁠Tom Fakterman⁠ from Palo Alto Networks' threat research team about “Hunting Threats in Developer Environments.” You can hear David and Tyler's full discussion on Threat Vector ⁠⁠here⁠⁠ and catch new episodes every Thursday on your favorite podcast app.

Selected Reading

Public exploits released for Citrix Bleed 2 NetScaler flaw, patch now (Bleeping Computer)

Grafana Patches Chromium Bugs, Including Zero-Day Exploited in the Wild (SecurityWeek)

Hacker leaks Telefónica data allegedly stolen in a new breach (Bleeping Computer)

Italian police arrest Chinese national wanted by FBI for alleged industrial espionage (Reuters)

Beware of Bert: New ransomware group targets healthcare, tech firms (The Record)

Call of Duty takes PC game offline after multiple reports of RCE attacks on players (CyberScoop)

GOP domestic policy bill includes hundreds of millions for military cyber (CyberScoop)

TalentHook leaks resumes of 26 Million job seekers (Beyond Machines)

CISA Adds Four Known Exploited Vulnerabilities to Catalog (CISA)

The Open-Source Software Saving the Internet From AI Bot Scrapers (404 Media)

Audience Survey

Complete our annual audience survey before August 31.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

SafePay, unsafe day.

Mon, 07 Jul 2025 20:30:00 -0000

Ingram Micro suffers a ransomware attack by the SafePay gang. Spanish police dismantle a large-scale investment fraud ring. The SatanLock ransomware group says it is shutting down. Brazilian police arrest a man accused of stealing over $100 million from the country’s banking system. Qantas confirms contact from a “potential cybercriminal” following its recent customer data breach. The XWorm RAT evolves to better evade detection. Cybercriminals ramp up fraudulent domains ahead of Amazon Prime day. Apple sues a former engineer allegedly stealing confidential data. Our guest is Rob Allen, Chief Product Officer at Threat Locker, discussing why 'Default Deny' could be the Antidote to Security Fatigue. AI image editing blurs the evidence.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On our Industry Voices segment, we are joined by Rob Allen, Chief Product Officer at Threat Locker, discussing From Noise to Control: Why 'Default Deny' Is the Antidote to Security Fatigue. If you want to hear more from Rob or Threat Locker, you can listen to them here.

Selected Reading

Ingram Micro outage caused by SafePay ransomware attack (Bleeping Computer)

Police dismantles investment fraud ring stealing €10 million (Bleeping Computer)

SatanLock Ransomware Ends Operations, Says Stolen Data Will Be Leaked (Hackread)

Police in Brazil Arrest a Suspect Over $100M Banking Hack (SecurityWeek)

Qantas Contacted by Potential Cybercriminal Following Data Breach (Infosecurity Magazine)

Arbor Associates reports data breach exposing patient information (Beyond Machines)

XWorm RAT Deploys New Stagers and Loaders to Bypass Defenses (GB Hackers)

Amazon Prime Day 2025: Deals Await, But So Do the Cyber Criminals (Check Point)

Apple Accuses Ex-Engineer Of Stealing Vision Pro Secrets, Silently Accepting Job At Snap Inc., And Covering His Tracks By Wiping Data From Work Laptop (WCCF TECH)

Cops Use ChatGPT to Edit Drugs Bust Photo, Goes Horribly Wrong (PetaPixel)

Audience Survey

Complete our annual audience survey before August 31.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Swati Shekhar: Challenges increase your risk appetite. [Engineering] [Career Notes]

Sun, 06 Jul 2025 07:00:00 -0000

Please enjoy this encore of Career Notes.

Ground Labs' Head of Engineering, Swati Shekhar, shares her circuitous route from and back to engineering. Always being interested in leveraging the tools available to solve problems, Swati talks about how she found her place in engineering. She mentions how she had her first real experience with a computer when she was 17 in her first year at college. Aside from being one of 30 young women in a sea of 500 young men there, Swati described it as a "good culture shock because anything that takes you out of your comfort zone actually makes you learn and grow." She notes that challenges experienced in life increase your risk appetite so significantly. Swati advises those looking to make a job change to be certain of what is attracting them and to be yourself. We thank Swati for sharing her story with us.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Botnet’s back, tell a friend. [Research Saturday]

Sat, 05 Jul 2025 07:00:00 -0000

Please enjoy this encore of Research Saturday.

This week we are joined by ⁠⁠Silas Cutler⁠⁠, Principal Security Researcher at ⁠⁠Censys⁠⁠, asking the important question of "Will the Real Volt Typhoon Please Stand Up?" The FBI's disruption of the KV Botnet in December 2023, attributed to the Chinese threat group Volt Typhoon, targeted infected systems but did not affect the botnet's control infrastructure.

Despite law enforcement efforts and technical exposure, the botnet's infrastructure has remained largely stable, with only changes in hosting providers, raising questions about whether another party operates the botnet. Censys scanning data from 2024 shows a shift in the botnet's control servers, indicating a response to disruption attempts, while the botnet's operators have shown limited efforts to obscure their infrastructure.

The research can be found here:

⁠⁠Will the Real Volt Typhoon Please Stand Up?

Learn more about your ad choices. Visit megaphone.fm/adchoices

Turning data into decisions. [Deep Space]

Fri, 04 Jul 2025 07:00:00 -0000

Please enjoy this encore from our T-Minus Space Daily segment Deep Space.

Parker Wishik⁠ from ⁠The Aerospace Corporation⁠ explores how experts are turning data into decisions in the space industry on the latest Nexus segment. Parker is joined by⁠ Jackie Barbieri⁠, Founder and CEO of ⁠Whitespace⁠, and Dr. Steve Lewis, Leader of The Aerospace Corporations’s ⁠SPEAR team⁠.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Be sure to follow T-Minus on ⁠LinkedIn⁠ and ⁠Instagram⁠.

Selected Reading

⁠Aerospace Advances Massless Payloads for Space Missions⁠

⁠Aerospace Experts Are Turning Data into Decisions⁠

⁠Aerospace recently assembled a team of highly skilled scientists and engineers who play a critical role in addressing national and global disruptions in GPS and other radio frequency spectrums.⁠

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our ⁠media kit⁠. Contact us at ⁠space@n2k.com⁠ to request more info.

Want to join us for an interview?

Please send your pitch to ⁠space-editor@n2k.com⁠ and include your name, affiliation, and topic proposal.

T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Secure Your Summer: Top Cyber Myths, Busted [Threat Vector]

Fri, 04 Jul 2025 06:00:00 -0000

While the N2K CyberWire team is observing Independence Day in the US, we thought you'd enjoy this episode of Threat Vector from our podcast network. Listen in and bust those cyber myths.

In this episode of Threat Vector, David Moulton talks with Lisa Plaggemier, Executive Director of the National Cybersecurity Alliance. Lisa shares insights from this year’s “Oh Behave!” report and dives into why cybersecurity habits remain unchanged—even when we know better. From password reuse to misunderstood AI risks, Lisa explains how emotion, storytelling, and system design all play a role in protecting users. Learn why secure-by-design is the future, how storytelling can reshape behavior, and why facts alone won’t change minds. This episode is a must-listen for CISOs, security leaders, and anyone working to reduce human risk at scale.

Resources:

Join the conversation on our social media channels:

Website:⁠⁠⁠ ⁠⁠⁠⁠https://www.paloaltonetworks.com/⁠⁠⁠
Threat Research:⁠⁠⁠ ⁠⁠⁠⁠https://unit42.paloaltonetworks.com/⁠⁠⁠⁠⁠⁠⁠
Facebook:⁠⁠⁠ ⁠⁠⁠⁠https://www.facebook.com/LifeatPaloAltoNetworks/⁠⁠⁠⁠⁠⁠⁠
LinkedIn:⁠⁠⁠ ⁠⁠⁠⁠https://www.linkedin.com/company/unit42/⁠⁠⁠⁠⁠⁠⁠
YouTube:⁠⁠⁠ ⁠⁠⁠⁠⁠⁠@paloaltonetworks⁠⁠⁠
Twitter:⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/PaloAltoNtwks⁠⁠⁠⁠⁠⁠⁠

About Threat Vector

The podcast features in-depth discussions with industry leaders, Palo Alto Networks experts, and customers, providing crucial insights for security decision-makers.

Palo Alto Networks

Learn more about your ad choices. Visit megaphone.fm/adchoices

The bug that let anyone in.

Thu, 03 Jul 2025 20:10:00 -0000

Sudo patch your Linux systems. Cisco has removed a critical backdoor account that gave remote attackers root privileges. The Hunters International ransomware group rebrands and closes up shop. The Centers for Medicare and Medicaid Services (CMS) notifies 103,000 people that their personal data was compromised. NimDoor is a sophisticated North Korean cyber campaign targeting macOS. Researchers uncover a massive phishing campaign using thousands of fake retail websites. The FBI’s top cyber official says Salt Typhoon is largely contained. Microsoft tells customers to ignore Windows Firewall error warnings. A California jury orders Google to pay $314 million for collecting Android user data without consent. Ben Yelin shares insights from this year’s Supreme Court session. Ransomware negotiations with a side of side hustle.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today our guest is Ben Yelin from UMD CHHS, who is sharing a wrap up of this year’s Supreme Court session. If you want to hear more from Ben, head on over to the Caveat podcast, where he is co-host with Dave as they discuss all things law and privacy.

Selected Reading

Linux Users Urged to Patch Critical Sudo CVE (Infosecurity Magazine)

Cisco warns that Unified CM has hardcoded root SSH credentials (Bleeping Computer)

Hunters International ransomware shuts down after World Leaks rebrand (Bleeping Computer)

Feds Notify 103,000 Medicare Beneficiaries of Scam, Breach (Data Breach Today)

N Korean Hackers Drop NimDoor macOS Malware Via Fake Zoom Updates (Hackread)

China-linked hackers spoof big-name brand websites to steal shoppers' payment info (The Record)

Top FBI cyber official: Salt Typhoon ‘largely contained’ in telecom networks (CyberScoop)

Microsoft asks users to ignore Windows Firewall config errors (Bleeping Computer)

California jury orders Google to pay $314 million over data transfers from Android phones (The Record)

US Probes Whether Negotiator Took Slice of Hacker Payments (Bloomberg)

Audience Survey

Complete our annual audience survey before August 31.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Houken blends stealth and chaos.

Wed, 02 Jul 2025 20:10:00 -0000

French authorities report multiple entities targeted by access brokers. A ransomware group extorts a German hunger charity. AT&T combats SIM swapping and account takeover attacks. A Missouri physician group suffers a cyber attack. Qantas doesn’t crash, but their computers do. Researchers uncover multiple critical vulnerabilities in Agorum Core Open. A student loan administrator in Virginia gets hit by the Akira ransomware group. The Feds sanction a Russian bulletproof hosting service. Johnson Controls notifies individuals of a major ransomware attack dating back to 2023. Will Markow, CEO of FourOne Insights and N2K CyberWire Senior Workforce Analyst shares the latest technology workforce trends. The ICEBlock app warms up to users.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Our guest is Will Markow, CEO of FourOne Insights and N2K CyberWire Senior Workforce Analyst, sharing the latest workforce technology trends. Will recently appeared on our CISO Perspectives podcast with host Kim Jones in the “What’s the “correct” path for entering cyber?” episode. If you are not already an N2K Pro member, you can learn more about that here.

Got cybersecurity, IT, or project management certification goals?

Selected Reading

French cybersecurity agency confirms government affected by Ivanti hacks (The Record)

Ransomware gang attacks German charity that feeds starving children (The Record)

AT&T deploys new account lock feature to counter SIM swapping (CyberScoop)

Cyberattack in Missouri healthcare provider Esse Health exposes data of over 263,000 patients (Beyond Machines)

Australia's Qantas says 6 million customer accounts accessed in cyber hack (Reuters)

Security Advisories on Agorum Core Open (usd)

Virginia student loan administrator Southwood Financial hit by ransomware attack (Beyond Machines)

Russian bulletproof hosting service Aeza Group sanctioned by US for ransomware work (The Record)

Johnson Controls starts notifying people affected by 2023 breach (Bleeping Computers)

ICEBlock, an app for anonymously reporting ICE sightings, goes viral overnight after Bondi criticism (TechCrunch)

Audience Survey

Complete our annual audience survey before August 31.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

North Korea’s covert coders caught.

Tue, 01 Jul 2025 20:10:00 -0000

The Feds shut down a covert North Korean IT operation. Google releases an emergency update to fix a new Chrome zero-day. A major U.S. trade show and event marketing firm suffers a data breach. NetScaler patches a pair of critical vulnerabilities. A sophisticated cyber attack targets The Hague. An Iran-linked hacking group threatens to release emails allegedly stolen from aides to President Trump. A ransomware attack exposes sensitive data linked to multiple Swiss federal government offices. The U.S. Treasury Department faces scrutiny after a string of cyberattacks. The FBI’s phone security tips draw fire from Senator Wyden. Tim Starks from CyberScoop describes how ubiquitous surveillance turned deadly. AI proves its pentesting prowess.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

We are joined today by Tim Starks, Senior Reporter from CyberScoop, discussing his story "Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report."

Selected Reading

US government takes down major North Korean 'remote IT workers' operation (TechCrunch)

Google fixes fourth actively exploited Chrome zero-day of 2025 (Bleeping Computer)

NetScaler Critical Security Updates for CVE-2025-6543 and CVE-2025-5777 (NetScaler)

International Criminal Court hit with cyber security attack (AP News)

Iran-linked hackers threaten to release Trump aides' emails (Reuters)

Swiss government data compromised in ransomware attack on health foundation Radix (Beyond Machines)

Trade show management firm Nth Degree hit by data breach, exposing sensitive data (Beyond Machines)

A Trio of US Treasury Hacks Exposes a Pattern Making Banks Nervous (Bloomberg)

Senator Chides FBI for Weak Advice on Mobile Security (Krebs on Security)

The top red teamer in the US is an AI bot (CSO Online)

Audience Survey

Complete our annual audience survey before August 31.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

U.S. braces for Iranian cyber intrusions.

Mon, 30 Jun 2025 20:10:00 -0000

CISA warns organizations of potential cyber threats from Iranian state-sponsored actors.Scattered Spider targets aviation and transportation. Workforce cuts at the State Department raise concerns about weakened cyber diplomacy. Canada bans Chinese security camera vendor Hikvision over national security concerns.Cisco Talos reports a rise in cybercriminals abusing Large Language Models. MacOS malware Poseidon Stealer rebrands.Researchers discover multiple vulnerabilities in Bluetooth chips used in headphones and earbuds. The FDA issues new guidance on medical device cybersecurity. Our guest is Debbie Gordon, Co-Founder of Cloud Range, looking “Beyond the Stack - Why Cyber Readiness Starts with People.” An IT worker’s revenge plan backfires.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On today’s Industry Voices segment, Debbie Gordon, Co-Founder of Cloud Range, shares insights on looking “Beyond the Stack - Why Cyber Readiness Starts with People.” Learn more about what Debbie discusses in Cloud Range’s blog: Bolstering Your Human Security Posture. You can hear Debbie's full conversation here.

Selected Reading

CISA and Partners Urge Critical Infrastructure to Stay Vigilant in the Current Geopolitical Environment (CISA)

Joint Statement from CISA, FBI, DC3 and NSA on Potential Targeted Cyber Activity Against U.S. Critical Infrastructure by Iran (CISA, FBI, DOD Cyber Crime Center, NSA)

Prolific cybercriminal group now targeting aviation, transportation companies (Axios)

U.S. Cyber Diplomacy at Risk Amid State Department Shakeup (GovInfo Security)

Canada Bans Chinese CCTV Vendor Hikvision Over National Security Concerns (Infosecurity Magazine)

Malicious AI Models Are Behind a New Wave of Cybercrime, Cisco Talos (Hackread)

MacOS malware Poseidon Stealer rebranded as Odyssey Stealer (SC Media)

Airoha Chip Vulnerabilities Expose Headphones to Takeover (SecurityWeek)

FDA Expands Premarket Medical Device Cyber Guidance (GovInfo Security)

'Disgruntled' British IT worker jailed for hacking employer after being suspended (The Record)

Audience Survey

Complete our annual audience survey before August 31.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Jamil Jaffer: You should run towards risk. [Strategy] [Career Notes]

Sun, 29 Jun 2025 07:00:00 -0000

Please enjoy this encore of Career Notes.

Senior Vice President for Strategy, Partnerships, and Corporate Development at IronNet Cybersecurity, Jamil Jaffer, shares how his interest in technology brought him full circle. Always a tech guy, Jamil paid he way through college doing computer support. Jamil went to law school and worked in various jobs in Washington DC including a stint in the newly-created National Security division of the Justice Department just after 9/11. When talking about adversity, Jamil notes, "Adversity has happened in life, but you gotta run at those things. To me, you know, I like risk. I think risk is something that a lot of people shy away from." We thank Jamil for sharing his story with us.

Learn more about your ad choices. Visit megaphone.fm/adchoices

A tale of two botnets. [Research Saturday]

Sat, 28 Jun 2025 07:00:00 -0000

This week we are joined by Kyle Lefton, Security Researcher from Akamai, who is diving into their work on "Two Botnets, One Flaw - Mirai Spreads Through Wazuh Vulnerability." Akamai researchers have observed active exploitation of CVE-2025-24016, a critical RCE vulnerability in Wazuh, by two Mirai-based botnets.

The campaigns highlight how quickly attackers are adapting proof-of-concept exploits to spread malware, underscoring the urgency of patching vulnerable systems. One botnet appears to target Italian-speaking users, suggesting regionally tailored operations.

The research can be found here:

⁠Two Botnets, One Flaw: Mirai Spreads Through Wazuh Vulnerability

Learn more about your ad choices. Visit megaphone.fm/adchoices

Turbulence in the cloud.

Fri, 27 Jun 2025 20:10:00 -0000

Hawaiian Airlines reports a cybersecurity incident. Microsoft updates its Windows Resiliency Initiative after the 2024 CrowdStrike crash. CitrixBleed 2 is under active exploitation in the wild. Researchers disclose a critical vulnerability in Open VSX. Malware uses prompt injection to evade AI analysis. A new report claims Cambodia turns a blind eye to scam compounds. Senators propose a ban on AI tools from foreign adversaries. An NSA veteran is named top civilian at U.S. Cyber Command. Maria Varmazis speaks with Ian Itz from Iridium Communications on allowing IoT devices to communicate directly with satellites. One Kansas City hacker’s bold marketing campaign ends with a guilty plea.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Our guest today is Ian Itz, Executive Director at the IoT Line of Business at Iridium Communications. Ian spoke with T-Minus Space Daily host Maria Varmazis on their Deep Space weekend show about how Iridium allows IoT devices, like sensors and trackers, to communicate directly with satellites, bypassing terrestrial infrastructure. We share an excerpt of their conversation on our show today. You can listen to the full conversation on Deep Space. And, be sure to check out T-Minus Space Daily brought to you by N2K CyberWire each weekday on your favorite podcast app.

Selected Reading

Hawaiian Airlines Hit by Cybersecurity Incident (Infosecurity Magazine)

Microsoft to Preview New Windows Endpoint Security Platform After CrowdStrike Outage (SecurityWeek)

CitrixBleed 2 Vulnerability Exploited (Infosecurity Magazine)

Vulnerability Exposed All Open VSX Repositories to Takeover (SecurityWeek)

Prompt injection in malware sample targets AI code analysis tools (SC Media)

Scam compounds labeled a 'living nightmare' as Cambodian government accused of turning a blind eye (The Record)

Bipartisan bill seeks to ban federal agencies from using DeepSeek, AI tools from ‘foreign adversaries’ (The Record)

NSA’s Patrick Ware takes over as top civilian at U.S. Cyber Command (The Record)

Man Who Hacked Organizations to Advertise Security Services Pleads Guilty (SecurityWeek)

Audience Survey

Complete our annual audience survey before August 31.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

No panic—just patch.

Thu, 26 Jun 2025 20:10:00 -0000

Patches, patches and more patches.A patient death has been linked to the 2023 ransomware attack on an NHS IT provider. U.S. authorities indict the man known online as “IntelBroker”. A suspected cyberattack disrupts Columbia University’s computer systems. A major license plate reader company restricts cross-state data access after reports revealed misuse of its network by police agencies. Our guest is Andy Boyd, former Director of CIA's Center for Cyber Intelligence (CCI) and currently an operating partner at AE Industrial Partners. Discounted parking as a gateway cybercrime.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Our guest today joins us from this week’s Caveat podcast episode. Andy Boyd, former Director of CIA's Center for Cyber Intelligence (CCI) and currently an operating partner at AE Industrial Partners, a private equity firm focused on the national security and aerospace industries, joins Dave and co-host Ben Yelin to discuss offensive cyber and the United States government. You can listen to the full conversation here and catch new episodes of Caveat every Thursday on your favorite podcast app.

Selected Reading

Cisco reports perfect 10 critical remote code execution flaws in Identity Services Engine (ISE) (Beyond Machines)

Citrix releases emergency patches for actively exploited vulnerability in NetScaler Products (Beyond Machines)

CISA Warns of FortiOS Hard-Coded Credentials Vulnerability Exploited in Attacks (Cyber Security News)

CISA: AMI MegaRAC bug enabling server hijacks exploited in attacks (Bleeping Computer)

Patient's death linked to cyber attack on NHS, hospital trust says | Science, Climate & Tech News (Sky News)

British Man Charged by US in ‘IntelBroker’ Company Data Hacks (Bloomberg)

French police reportedly arrest suspected BreachForums administrators (The Record)

Potential Cyberattack Scrambles Columbia University Computer Systems (The New York Times)

Flock Removes States From National Lookup Tool After ICE and Abortion Searches Revealed (404 Media)

Student allegedly hacked Western Sydney University to get discounted parking and alter academic results | New South Wales (The Guardian)

Audience Survey

Complete our annual audience survey before August 31.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Open-source, open season.

Wed, 25 Jun 2025 20:10:00 -0000

Cybercriminals target financial institutions across Africa using open-source tools. Threat actors are using a technique called Authenticode stuffing to abuse ConnectWise remote access software. A fake version of SonicWall’s NetExtender VPN app steals users’ credentials. CISA and the NSA publish a guide urging the adoption of Memory Safe Languages. Researchers identify multiple security vulnerabilities affecting Brother printers. Fake AI-themed websites spread malware. Researchers track a sharp rise in signup fraud. A new Common Good Cyber Fund has been launched to support nonprofits that provide essential cybersecurity services. Tim Starks from CyberScoop joins us to discuss calls for a federal cyberinsurance backstop. A Moscow court says ‘nyet’ to more jail time for cyber crooks.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

We are again joined by Tim Starks, Senior Reporter from CyberScoop. Tim discusses his recent piece on “Federal cyber insurance backstop should be tied to expiring terrorism insurance law, report recommends.”

Selected Reading

Cybercriminals Abuse Open-Source Tools To Target Africa’s Financial Sector (Unit 42)

Hackers Abuse ConnectWise to Hide Malware (SecurityWeek)

Fake SonicWall VPN app steals user credentials (The Register)

CISA Publishes Guide to Address Memory Safety Vulnerabilities in Modern Software Development (GB Hackers)

New Vulnerabilities Expose Millions of Brother Printers to Hacking (SecurityWeek)

Black Hat SEO Poisoning Search Engine Results For AI (ThreatLabz)

Half of Customer Signups Are Now Fraudulent (Infosecurity Magazine)

Common Good Cyber Fund Launched to Support Non-Profit Security Efforts (Infosecurity Magazine)

Russia releases REvil members after convictions for payment card fraud (The Record)

Audience Survey

Complete our annual audience survey before August 31.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Iran’s digital threat after U.S. strikes.

Tue, 24 Jun 2025 20:10:00 -0000

Cybersecurity warnings about possible Iranian retaliation have surged. A potential act of sabotage disrupts the NATO Summit in The Hague. Canadian cybersecurity officials discover Salt Typhoon breached a major telecom provider. The U.S. House bans WhatsApp from all government devices. APT28 uses Signal chats in phishing campaigns targeting Ukrainian government entities. A China-linked APT has built a covert network of over 1,000 compromised devices for long-term espionage. FileFix is a new variant of the well-known ClickFix method. SparkKitty targets Android and iOS users for image theft. Scammers steal $4 million from Coinbase users by posing as support staff. On today’s Threat Vector, host David Moulton sits down with Tyler Shields, Principal Analyst at ESG, to discuss the fine line between thought leadership and echo chambers in the industry. War Thunder gamers just can’t resist state secrets.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

Threat Vector Segment

In this segment of Threat Vector, host David Moulton sits down with Tyler Shields, Principal Analyst at ESG, entrepreneur, and cybersecurity marketing expert, to discuss the fine line between thought leadership and echo chambers in the industry. You can hear David and Tyler's full discussion on Threat Vector ⁠here⁠ and catch new episodes every Thursday on your favorite podcast app.

Selected Reading

Warnings Ratchet Over Iranian Cyberattack (BankInfoSecurity)

NATO Summit in The Hague hit by potential sabotage as rail cables set on fire (The Record)

Canada says Salt Typhoon hacked telecom firm via Cisco flaw (BleepingComputer)

Scoop: WhatsApp banned on House staffers' devices (Axios)

APT28 hackers use Signal chats to launch new malware attacks on Ukraine (Bleeping Computer)

Chinese APT Hacking Routers to Build Espionage Infrastructure (SecurityWeek)

FileFix - A ClickFix Alternative (mr.d0x)

Photo-Stealing Spyware Sneaks Into Apple App Store, Google Play (SecurityWeek)

Hackers Impersonate Coinbase User Support To Scam Victims of $4,000,000 Before Blowing Most of Money on Gambling: ZachXBT (The Daily Hodl)

Reset the clock! War Thunder fan posts restricted Harrier data to game forum (Cyber Daily)

Audience Survey

Complete our annual audience survey before August 31.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Iran’s digital retaliation looms.

Mon, 23 Jun 2025 20:10:00 -0000

US warns of heightened risk of Iranian cyberattacks. Cyber warfare has become central to Israel and Iran’s strategies. Oxford City Council discloses data breach. Europe aiming for digital sovereignty. Michigan hospital network says data belonging to 740,000 was stolen by ransomware gang. RapperBot pivoting to attack DVRs. A picture worth a thousand wallets. New Zealand’s public sector bolsters cyber defenses. On our Industry Voices segment today, we are joined by Imran Umar, Zero Trust Lead at Booz Allen Hamilton, discussing Zero Trust and Thunderdome. And a cyberattack spoils Russia’s dairy flow.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest

On our Industry Voices segment today, we are joined by Imran Umar, Zero Trust Lead at Booz Allen Hamilton, discussing Zero Trust and Thunderdome. Hear the full conversation ⁠here⁠. Find resources below to learn more about the topic Imran discusses.

For additional information:

Zero Trust, More Confidence

Zero Trust: Translating Results into Action

Selected Reading

US Warns of Heightened Risk of Iranian Cyber-Attacks After Military Strikes (Infosecurity Magazine)

Bank hacks, internet shutdowns and crypto heists: Here’s how the war between Israel and Iran is playing out in cyberspace (Politico)

Oxford City Council suffers breach exposing two decades of data (Bleeping Computer)

Europeans seek 'digital sovereignty' as US tech firms embrace Trump (Reuters)

Data of more than 740,000 stolen in ransomware attack on Michigan hospital network (The Record)

RapperBot Attacking DVRs to Gain Access Over Surveillance Cameras to Record Video (Cyber Security News)

CoinMarketCap Doodle Image Vulnerability Lets Attackers Run Malicious Code via API Call (GB Hackers)

NZ NCSC mandates minimum cybersecurity baseline for public sector agencies, sets October deadline (Industrial Cyber)

Russian dairy supply disrupted by cyberattack on animal certification system (The Record)

Audience Survey

Complete our annual audience survey before August 31.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Jadee Hanson: Cybersecurity is a team effort. [CISO] [Career Notes]

Sun, 22 Jun 2025 07:00:00 -0000

Please enjoy this encore of Career Notes.

Jadee Hanson, CIO and CISO at Code 42, started her technology journey thanks to the help of a teacher in high school. She began college studying computer science and ended with a degree in computer information systems as it had more of the business side. Working in the private sector for companies such as Deloitte, Target and Code 42, Jadee gained experience and specialized in insider risk. She notes "utopia for me and my team is to get to a spot where the team is just firing on all cylinders and being really proactive about what's coming and what's changing." Jadee mentions she tries hard to do things that might scare her every day. For those interested in the field, especially young women, Jadee recommends they get involved and then stay curious. We thank Jadee for sharing her story with us.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Signed, sealed, exploitable. [Research Saturday]

Sat, 21 Jun 2025 07:00:00 -0000

Dustin Childs, Head of Threat Awareness at Trend Micro Zero Day Initiative, joins to discuss their work on "ZDI-23-1527 and ZDI-23-1528: The Potential Impact of Overly Permissive SAS Tokens on PC Manager Supply Chains." The research explores two critical vulnerabilities (ZDI-23-1527 and ZDI-23-1528) that could have enabled attackers to hijack the Microsoft PC Manager supply chain via overly permissive SAS tokens in WinGet and official Microsoft domains.

While the issues have since been resolved, the findings highlight how misconfigured cloud storage access can put trusted software distribution at risk. The post also includes detection strategies to help defenders identify and mitigate similar threats.

The research can be found here:

ZDI-23-1527 and ZDI-23-1528: The Potential Impact of Overly Permissive SAS Tokens on PC Manager Supply Chains

Learn more about your ad choices. Visit megaphone.fm/adchoices

A blast from the breached past.

Fri, 20 Jun 2025 20:10:00 -0000

An historic data breach that wasn’t. Aflac says it stopped a ransomware attack. Cloudflare thwarts a record breaking DDoS attack. Mocha Manakin combines clever social engineering with custom-built malware. The Godfather Android trojan uses a sophisticated virtualization technique to hijack banking and crypto apps. A British expert on Russian information warfare is targeted in a sophisticated spear phishing campaign. A federal judge dismisses a lawsuit against CrowdStrike filed by airline passengers. Banana Squad disguises malicious code as legitimate open-source software. The U.S. Justice Department wants to seize over $225 million in cryptocurrency linked to romance and investment scams. Ben Yelin explains the recent Oversight Committee request for Microsoft to hand over GitHub logs related to alleged DOGE misconduct. This one weird audio trick leaves AI scam calls speechless.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today, we are joined Ben Yelin, co host of Caveat podcast and Program Director for Public Policy & External Affairs at the University of Maryland Center for Health and Homeland Security, discussing the recent Oversight Committee request for Microsoft to hand over GitHub logs related to alleged misconduct by Elon Musk’s "Department of Government Efficiency" (DOGE). You can learn more here.

Selected Reading

No, the 16 billion credentials leak is not a new data breach (Bleeping Computer)

Aflac says it stopped ransomware attack launched by ‘sophisticated cybercrime group’ (The Record)

Record-Breaking 7.3 Tbps DDoS Attack Targets Hosting Provider (SecurityWeek)

New Mocha Manakin Malware Deploys NodeInitRAT via Clickfix Attack (Hackread)

Godfather Android Trojan Creates Sandbox on Infected Devices (SecurityWeek)

Russia Expert Falls Prey to Elite Hackers Disguised as US Officials (Infosecurity Magazine)

Judge Axes Flight Disruption Suit Tied to CrowdStrike Outage (GovInfo Security)

Banana Squad Hides Data-Stealing Malware in Fake GitHub Repositories (Hackread)

DOJ moves to seize $225 million in crypto stolen by scammers (The Record)

Boffins devise voice-altering tech to jam 'vishing' ploys (The Register)

Audience Survey

Complete our annual audience survey before August 31.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Juneteenth: Reflecting, belonging, and owning your seat at the table. [Special Edition]

Thu, 19 Jun 2025 07:00:00 -0000

We put together an open conversation between our podcast hosts, CyberWire Daily's Dave Bittner, T-Minus Space Daily’s Maria Varmazis, and CISO Perspectives podcast’s Kim Jones. Their conversation goes deeper than just the historical significance of Juneteenth, diving into candid conversations on allyship, representation, and the enduring value of diversity in the cybersecurity and space fields. Grab your coffee and join us in the room.

Resources:

Juneteenth

CISO Perspectives podcast:

T-Minus Space Daily podcast:

Learn more about your ad choices. Visit megaphone.fm/adchoices

Typhoon on the line.

Wed, 18 Jun 2025 20:10:00 -0000

Viasat confirms it was breached by Salt Typhoon. Microsoft’s June 2025 security update giveth, and Microsoft’s June 2025 security update taketh away. Local privilege escalation flaws grant root access on major Linux distributions. BeyondTrust patches a critical remote code execution flaw. SMS low cost routing exposes users to serious risks. Erie Insurance says their ongoing outage isn’t ransomware. Backups are no good if you can’t find them. Veeam patches a critical vulnerability in its Backup software. SuperCard malware steals payment card data for ATM fraud and direct bank transfers. We preview our Juneteenth special edition. Backing up humanity.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today, we are sharing an excerpt of our Juneteenth Special Edition conversation between Dave Bittner, T-Minus Space Daily’s Maria Varmazis, and CISO Perspectives podcast’s Kim Jones. Enjoy this discussion on the eve of Juneteenth and tune into your CyberWire Daily feed tomorrow on your favorite podcast app to hear the full conversation.

Selected Reading

Viasat hacked by China-backed Salt Typhoon in 2024 US telecom attacks (Cybernews)

Microsoft's June Patches Unleash a Cascade of Critical Failures (WinBuzzer)

New Linux udisks flaw lets attackers get root on major Linux distros (Bleeping Computer)

BeyondTrust warns of pre-auth RCE in Remote Support software (Bleeping Computer)

Two Factor Insecurity (Lighthouse Reports)

Erie Insurance: ‘No Evidence’ of Ransomware in Network Outage (Insurance Journal)

Half of organizations struggle to locate backup data, report finds (SC Media)

New Veeam RCE flaw lets domain users hack backup servers (Bleeping Computer)

Russia detects first SuperCard malware attacks skimming bank data via NFC (The Record)

Why one man is archiving human-made content from before the AI explosion (Ars Technica)

Audience Survey

Complete our annual audience survey before August 31.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Can’t DOGE the inquiry.

Tue, 17 Jun 2025 20:00:00 -0000

A House oversight committee requests DOGE documents from Microsoft. Predatory Sparrow claims a cyberattack on an Iranian bank. Microsoft says data that happens in Europe will stay in Europe. A complex malware campaign is using heavily obfuscated Visual Basic files to deploy RATs. A widely used CMS platform suffers potential RCE bugs. North Korea’s Kimsuky targets academic institutions using password-protected research documents. Asus patches a high-severity vulnerability in its Armoury Crate software. CISA’s new leader remains in confirmation limbo. Our guest is Brian Downey, VP of Product Management from Barracuda, talking about how security sprawl increases risk. Operation Fluffy Narwhal thinks it’s time to rethink adversary naming.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

We are joined by Brian Downey, VP of Product Marketing and Product Management from Barracuda, talking about how security sprawl increases risk. You can find more information about what Brian discussed here.

Selected Reading

Following Whistleblower Reports, Acting Ranking Member Lynch Demands Microsoft Hand Over Information on DOGE’s Misconduct at NLRB | The Committee on Oversight and Accountability Democrats (House Committee on Oversight and Government Reform)

Pro-Israel hackers claim breach of Iranian bank amid military escalation (The Record)

Microsoft lays out data protection plans for European cloud customers (Reuters)

New Sophisticated Multi-Stage Malware Campaign Weaponizes VBS Files to Execute PowerShell Script (Cyber Security News)

Chained Flaws in Enterprise CMS Provider Sitecore Could Allow RCE (Infosecurity Magazine)

Beware of Weaponized Research Papers That Delivers Malware Via Password-Protected Documents (Cyber Security News)

Organizations Warned of Vulnerability Exploited Against Discontinued TP-Link Routers (SecurityWeek)

Asus Armoury Crate Vulnerability Leads to Full System Compromise (SecurityWeek)

Trump’s Pick to Lead CISA is Stuck in Confirmation Limbo (Gov Infosecurity)

Call Them What They Are: Time to Fix Cyber Threat Actor Naming (Just Security)

Audience Survey

Complete our annual audience survey before August 31.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Darknet drug marketplace closed for business.

Mon, 16 Jun 2025 20:00:00 -0000

International law enforcement takes down a darknet drug marketplace. The Washington Post is investigating a cyberattack targeting several journalists' email accounts. Anubis ransomware adds destructive capabilities. The GrayAlpha threat group uses fake browser update pages to deliver advanced malware. Researchers uncover a stealthy malware campaign that hides a malicious payload in a JPEG image. Tenable patches three high-severity vulnerabilities in Nessus Agent. Attackers can disable Secure Boot on many Windows devices by exploiting a firmware flaw. Lawmakers introduce a bipartisan bill to strengthen coordination between CISA and HHS. Harry Coker reflects on his tenure as National Cyber Director. Maria Varmazis checks in with Brandon Karpf on agentic AI. When online chatbots overshare, it’s no laughing Meta.

CyberWire Guest

Joining us today to discuss Agentic AI and it relates to cybersecurity and space with T-Minus Space Daily host Maria Varmazis is Brandon Karpf, friend of the show, founder of T-Minus Space Daily, and cybersecurity expert.

Selected Reading

Police seizes Archetyp Market drug marketplace, arrests admin (Bleeping Computer)

Washington Post investigating cyberattack on journalists' email accounts, source says (Reuters)

Anubis Ransomware Packs a Wiper to Permanently Delete Files (SecurityWeek)

GrayAlpha Hacker Group Weaponizes Browser Updates to Deploy PowerNet Loader and NetSupport RAT (Cyber Security News)

Malicious Payload Uncovered in JPEG Image Using Steganography and Base64 Obfuscation (Cyber Security News)

Tenable Fixes Three High-Severity Flaws in Vulnerability Scanner Nessus (Infosecurity Magazine)

Microsoft-Signed Firmware Module Bypasses Secure Boot (Gov Infosecurity)

Bipartisan bill aims to create CISA-HHS liaison for hospital cyberattacks (The Record)

Coker: We can’t have economic prosperity or national security without cybersecurity (The Record)

The Meta AI app is a privacy disaster (TechCrunch)

Audience Survey

Complete our annual audience survey before August 31.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Mark Nunnikhoven: Providing clarity about security. [Cloud strategy]

Sun, 15 Jun 2025 05:00:00 -0000

Please enjoy this encore of Career Notes.

Distinguished Cloud Strategist at Lacework, Mark Nunnikhoven, has gone from taking technology to its limits for his own understanding to providing clarity about security for others. Mark fell in love with his Commodore 128 and once he realized he could bend the machine to his will, it set him on the path to technology. While he had some bumps in the road, dropping out of high school and not following the traditional path in college, Mark did complete his masters in information security. His professional life took him from Canadian public service to the private sector where Mark noted the culture shift was an eye-opening experience. Mark always looks to learn something new and share that with others and that is evidenced as his includes teaching as a facet of his career. We thank Mark for sharing his story with us.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Hiding in plain sight with vibe coding.

Sat, 14 Jun 2025 05:00:00 -0000

This week, Dave is joined by ⁠Ziv Karliner⁠, ⁠Pillar Security⁠’s Co-Founder and CTO, sharing details on their work on "New Vulnerability in GitHub Copilot and Cursor: How Hackers Can Weaponize Code Agents." Vibe Coding - where developers use AI assistants like GitHub Copilot and Cursor to generate code almost instantly - has become central to how enterprises build software today. But while it’s turbo-charging development, it’s also introducing new and largely unseen cyber threats.

The team at Pillar Security identified a novel attack vector, the ⁠"Rules File Backdoor"⁠, which allows attackers to manipulate these platforms into generating malicious code. It represents a new class of supply chain attacks that weaponizes AI itself, where the malicious code suggestions blend seamlessly with legitimate ones, bypassing human review and security tools.

The research can be found here:

⁠New Vulnerability in GitHub Copilot and Cursor: How Hackers Can Weaponize Code Agents

Learn more about your ad choices. Visit megaphone.fm/adchoices

Cloudflare’s cloudy day resolved.

Fri, 13 Jun 2025 20:00:00 -0000

Cloudflare says yesterday’s widespread outage was not caused by a cyberattack. Predator mobile spyware remains highly active. Microsoft is investigating ongoing Microsoft 365 authentication services issues. An account takeover campaign targets Entra ID users by abusing a popular pen testing tool. Palo Alto Networks documents a JavaScript obfuscation method dubbed “JSFireTruck.” Trend Micro and Mitel patch multiple high-severity vulnerabilities. CISA issues multiple advisories. My Hacking Humans cohost Joe Carrigan joins us to discuss linkless recruiting scams. Uncle Sam wants an AI chatbot.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today, we are joined by Joe Carrigan, one of Dave’s Hacking Humans co-hosts, to talk about linkless recruiting scams. You can learn more in this article from The Record: FIN6 cybercriminals pose as job seekers on LinkedIn to hack recruiters. Tune in to Hacking Humans each Thursday on your favorite podcast app to hear the latest on the social engineering scams that are making the headlines from Joe, Dave and their co-host Maria Varmazis.

Selected Reading

Cloudflare: Outage not caused by security incident, data is safe (Bleeping Computer)

Predator Mobile Spyware Remains Consistent with New Design Changes to Evade Detection (Cyber Security News)

Microsoft confirms auth issues affecting Microsoft 365 users (Bleeping Computer)

TeamFiltration Abused in Entra ID Account Takeover Campaign (SecurityWeek)

270K websites injected with ‘JSF-ck’ obfuscated code (SC Media)

Palo Alto Networks Patches Series of Vulnerabilities (Infosecurity Magazine)

SimpleHelp Vulnerability Exploited Against Utility Billing Software Users (SecurityWeek)

Trend Micro fixes critical vulnerabilities in multiple products (Bleeping Computer)

Critical Vulnerability Exposes Many Mitel MiCollab Instances to Remote Hacking (SecurityWeek)

CISA Releases Ten Industrial Control Systems Advisories (CISA)

Trump team leaks AI plans in public GitHub repository (The Register)

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Scam operations disrupted across Asia.

Thu, 12 Jun 2025 20:00:00 -0000

Interpol’s Operation Secure dismantles a major cybercrime network, and Singapore takes down scam centers. GitLab patches multiple vulnerabilities in its DevSecOps platform. Researchers unveil a covert method for exfiltrating data using smartwatches. EchoLeak allows for data exfiltration from Microsoft Copilot. Journalists are confirmed targets of Paragon’s Graphite spyware. France calls for comments on tracking pixels. Fog ransomware operators deploy an unusual mix of tools. Skeleton Spider targets recruiters by posing as job seekers on LinkedIn and Indeed. Erie Insurance suffers ongoing outages following a cyberattack. Our N2K Lead Analyst Ethan Cook shares insights on Trump’s antitrust policies. DNS neglect leads to AI subdomain exploits.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today, we share a selection from today’s Caveat podcast where Dave Bittner and Ben Yelin are joined by N2K’s Lead Analyst, Ethan Cook, to take a Policy Deep Dive into “The art of the breakup: Trump’s antitrust surge.” You can listen to the full episode here and find new episodes of Caveat in your favorite podcast app each Thursday.

Selected Reading

Interpol takes down 20,000 malicious IPs and domains (Cybernews)

Singapore leads multinational operation to shutter scam centers tied to $225 million in thefts (The Record)

GitLab patches high severity account takeover, missing auth issues (Bleeping Computer)

SmartAttack uses smartwatches to steal data from air-gapped systems (Bleeping Computer)

Critical vulnerability in Microsoft 365 Copilot AI called EchoLeak enabled data exfiltration (Beyond Machines)

Researchers confirm two journalists were hacked with Paragon spyware (TechCrunch)

Tracking pixels: CNIL launches public consultation on its draft recommendation (CNIL)

Fog ransomware attack uses unusual mix of legitimate and open-source tools (Bleeping Computer)

FIN6 cybercriminals pose as job seekers on LinkedIn to hack recruiters (The Record)

Erie Insurance confirms cyberattack behind business disruptions (Bleeping Computer)

Why Was Nvidia Hosting Blogs About 'Brazilian Facesitting Fart Games'? (404 Media)

Secure your public DNS presence from subdomain takeovers and dangling DNS exploits (Silent Push)

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Ghost students “haunting” online colleges.

Wed, 11 Jun 2025 20:00:00 -0000

Patch Tuesday. Mozilla patches two critical FireFox security flaws. A critical flaw in Salesforce OmniStudio exposes sensitive customer data stored in plain text. The Badbox botnet continues to evolve. AI-powered “ghost students” enrolling in online college courses to steal government funds. Hackers steal nearly 300,000 vehicle crash reports from the Texas Department of Transportation. ConnectWise rotates its digital code signing certificates. The chair of the House Homeland Security Committee announces his upcoming retirement. Our guest is Matt Radolec, VP of Incident Response, Cloud Operations & SE EU from Varonis, wondering if AI may be the Cerberus of our time. Friendly skies…or friendly spies?

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On our Industry Voices segment, we have Matt Radolec, VP of Incident Response, Cloud Operations & SE EU from Varonis, sharing insights on AI: The Cerberus of our time. You can hear Matt’s full interview here. The State of Data Security: Quantifying AI’s Impact on Data Risk report from Varonis reveals how much sensitive data is exposed and at risk in the AI era. Learn more and get State of Data Security Report.

Selected Reading

Microsoft warns of 66 flaws to fix for this Patch Tuesday, and two are under active attack (The Register)

Microsoft slows Windows 11 24H2 Patch Tuesday due to a 'compatibility issue' (The Register)

ICS Patch Tuesday: Vulnerabilities Addressed by Siemens, Schneider, Aveva, CISA (SecurityWeek)

Firefox Patches Multiple Vulnerabilities That Could Lead to Browser Crash (Cyber Security News)

Salesforce OmniStudio Vulnerabilities Exposes Sensitive Customer Data in Plain Text (Cyber Security News)

CISO who helped unmask Badbox warns: Version 3 is coming (The Register)

How Scammers Are Using AI to Steal College Financial Aid (SecurityWeek)

300K Crash Reports Stolen in Texas DOT Hack (BankInfoSecurity)

ConnectWise rotating code signing certificates over security concerns (Bleeping Computer)

House Homeland Chairman Mark Green’s departure could leave congressional cyber agenda in limbo (CyberScoop)

Airlines Don't Want You to Know They Sold Your Flight Data to DHS (404 Media)

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Jedai tricks, human risks.

Tue, 10 Jun 2025 20:10:00 -0000

An unsecured Chroma database exposes personal information of Canva Creators. A researcher brute-forces Google phone numbers. Five zero-day vulnerabilities in Salesforce Industry Cloud are uncovered. Librarian Ghouls target Russian organizations with stealthy malware. SAP releases multiple security patches including a critical fix for a NetWeaver bug. Sensata Technologies confirms the theft of sensitive personal data during an April ransomware attack.SentinelOne warns of targeted cyber-espionage attempts by China-linked threat actors. Skitnet gains traction amongst ransomware gangs. The UK’s NHS issues an urgent appeal for blood donors. On today’s Threat Vector, host David Moulton talks with Arjun Bhatnagar, CEO of Cloaked, about why protecting your digital privacy is more urgent than ever. The FBI’s Cyber Division welcomes a new leader.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

Threat Vector Segment

In this segment of Threat Vector, host David Moulton talks with Arjun Bhatnagar, CEO of Cloaked, about why protecting your digital privacy is more urgent than ever. From building better cybersecurity habits to understanding the hidden risks in everyday apps, Arjun shares practical advice that listeners can use immediately. You can hear David and Arjun's full discussion on Threat Vector ⁠here⁠ and catch new episodes every Thursday on your favorite podcast app.

Selected Reading

Canva Creators' Data Exposed Via AI Chatbot Company Database (Cyber Security News)

Google brute-force attack exposes phone numbers in minutes (The Register)

Five Zero-Days, 15 Misconfigurations Found in Salesforce Industry Cloud (SecurityWeek)

'Librarian Ghouls' APT Group Actively Attacking Organizations To Deploy Malware (Cyber Security News)

Critical Vulnerability Patched in SAP NetWeaver (SecurityWeek)

Sensitive Information Stolen in Sensata Ransomware Attack (SecurityWeek)

SentinelOne Warns Cybersecurity Vendors of Chinese Attacks (Infosecurity Magazine)

Skitnet Malware Actively Adopted by Ransomware Gangs to Enhance Operational Efficiency (GB Hackers)

NHS calls for 1 million blood donors as UK stocks remain low following cyberattack (The Record) – mentioning this in the Briefing

Brett Leatherman to follow Bryan Vorndran as head of FBI Cyber Division (The Record)

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

White House reboots cybersecurity priorities.

Mon, 09 Jun 2025 20:10:00 -0000

A new White House executive Order overhauls U.S. cybersecurity policy. The EU updates its “cybersecurity blueprint”. The Pentagon’s inspector general investigates Defense Secretary Hegseth’s Signal messages. Chinese hackers target U.S. smartphones. A new Mirai botnet variant drops malware on vulnerable DVRs. 17 popular Gluestack packages on NPM have been compromised. Attackers exploit vulnerabilities in Fortigate security appliances to deploy Qilin ransomware. A Nigerian man gets five years in prison for a hacking and fraud scheme. Our guest is Tim Starks from CyberScoop, discussing Sean Cairncross’ journey toward confirmation as the next National Cyber Director. Fire Stick flicks spark a full-on legal blitz.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Tim Starks from CyberScoop, to discuss Sean Cairncross, who’s bringing a focus on policy coordination if confirmed as the next National Cyber Director.

Selected Reading

Trump Administration Revises Cybersecurity Rules, Replaces Biden Order (Infosecurity Magazine)

Europe arms itself against cyber catastrophe (Politico)

Pentagon watchdog investigates if staffers were asked to delete Hegseth’s Signal messages (Associated Press)

Chinese hackers and user lapses turn smartphones into a 'mobile security crisis' (Associated Press)

iMessage Zero-Click Attacks Suspected in Targeting of High-Value EU, US Individuals (SecurityWeek)

New Mirai botnet infect TBK DVR devices via command injection flaw (Bleeping Computer)

Malware found in NPM packages with 1 million weekly downloads (Bleeping Computer)

Hackers Actively Exploiting Fortigate Vulnerabilities to Deploy Qilin Ransomware (Cyber Security News)

Nigerian Involved in Hacking US Tax Preparation Firms Sentenced to Prison (SecurityWeek)

Hacked Fire Sticks now come with more than just malware – a possible jail sentence (Cybernews)

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Ell Marquez: It's okay to be new. [Linux] [Career Notes]

Sun, 08 Jun 2025 07:00:00 -0000

Please enjoy this encore of Career Notes.

Linux and Security Advocate at Intezer Ell Marquez shares her journey from the family ranch to security. Needing a life change due to a bunch of circumstances that had occurred that left her almost homeless, Ell found out about a six week Linux boot camp that took her down the path toward technology. She fell in love with security at at BSides Conference and hasn't looked back. Ell says she recently started a campaign called "it's okay to be new" noting that no matter how long you've been in the industry, you need to be new because technology changes so quickly. She concludes by offering one final piece of advice to everybody is just "be unapologetically yourself." We thank Ell for sharing her story with us.

Learn more about your ad choices. Visit megaphone.fm/adchoices

A new stealer hiding behind AI hype. [Research Saturday]

Sat, 07 Jun 2025 07:00:00 -0000

This week, we are joined by Michael Gorelik, Chief Technology Officer from Morphisec, discussing their work on "New Noodlophile Stealer Distributes Via Fake AI Video Generation Platforms." A new threat dubbed Noodlophile Stealer is exploiting the popularity of AI-powered content tools by posing as fake AI video generation platforms, luring users into uploading media in exchange for malware-laced downloads.

The research can be found here:

⁠⁠New Noodlophile Stealer Distributes Via Fake AI Video Generation Platforms

Learn more about your ad choices. Visit megaphone.fm/adchoices

Beware of BADBOX.

Fri, 06 Jun 2025 20:30:00 -0000

The DOJ files to seize over $7 million linked to illegal North Korean IT workers. The FBI warns of BADBOX 2.0 malware targeting IoT devices. Researchers uncover a major security flaw in Chrome extensions. ESET uncovers Iranian hackers targeting Kurdish and Iraqi government officials. Hitachi Energy, Acronis and Cisco patch critical vulnerabilities. 20 suspects are arrested in a major international CSAM takedown. Hackers exploit a critical flaw in Roundcube webmail. Today’s guest is Ian Bramson, Global Head of Industrial Cybersecurity at Black & Veatch, exploring how organizations can close the cyberattack readiness gap. ChatGPT logs are caught in a legal tug-of-war.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today’s guest is Ian Bramson, Global Head of Industrial Cybersecurity at Black & Veatch. Ian joins us to explore how organizations can close the cyberattack readiness gap in industrial environments—especially as cyber threats grow more sophisticated and aggressive.

Selected Reading

Department Files Civil Forfeiture Complaint Against Over $7.74M Laundered on Behalf of the North Korean Government (U.S. Department of Justice)

FBI: BADBOX 2.0 Android malware infects millions of consumer devices (Bleeping Computer)

Chrome Extensions Vulnerability Exposes API Keys, Secrets, and Tokens (Cyber Security News)

Iran-linked hackers target Kurdish and Iraqi officials in long-running cyberespionage campaign (The Record)

CISA reports critical flaw in Hitachi Energy Relion devices (Beyond Machines)

Critical security vulnerabilities discovered in Acronis Cyber Protect software (Beyond Machines)

Cisco Patches Critical ISE Vulnerability With Public PoC (SecurityWeek)

Police arrests 20 suspects for distributing child sexual abuse content (Bleeping Computer)

Hacker selling critical Roundcube webmail exploit as tech info disclosed (Bleeping Computer)– mentioning this in the Briefing

OpenAI slams court order to save all ChatGPT logs, including deleted chats (Ars Technica)

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

China’s largest data leak exposes billions.

Thu, 05 Jun 2025 20:10:00 -0000

Researchers discover what may be China’s largest ever data leak. CrowdStrike cooperates with federal authorities following last year’s major software bug. A researcher discovers over half a million sensitive insurance documents exposed online. Microsoft offers free cybersecurity programs to European governments. The FBI chronicles the Play ransomware gang. Google warns a threat group is targeting Salesforce customers. A former Biden cybersecurity official warns that U.S. critical infrastructure remains highly vulnerable to cyberattacks. The State Department offers up to $10 million for information on the RedLine infostealer malware. Our guest is Anneka Gupta, Chief Product Officer at Rubrik, on the challenges of managing security across systems. Some FDA workers want to put their new Elsa AI on ice.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we have Anneka Gupta, Chief Product Officer at Rubrik, talking about organizations moving to the cloud thinking security will be handled there and the challenges of managing security across systems.

Selected Reading

Largest ever data leak exposes over 4 billion user records (Cybernews)

CrowdStrike Cooperating With Federal Probes Into July Software Outage (Wall Street Journal)

Two Decades of Triangle Insurance Documents Exposed Publicly (Substack)

Microsoft offers to boost European governments' cybersecurity for free ( (Reuters)

FBI: Play ransomware gang has attacked 600 organizations since 2023 (The Record)

Google Warns of Vishing, Extortion Campaign Targeting Salesforce Customers (SecurityWeek)

‘I do not have confidence’ that US infrastructure is cyber-secure, former NSC official says (Nextgov/FCW)

China issues warrants for alleged Taiwanese hackers and bans a business for pro-independence links (AP News)

US offers $10M for tips on state hackers tied to RedLine malware (Bleeping Computer)

FDA rushed out agency-wide AI tool—it’s not going well (Ars Technica)

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Appetite for tracking: A feast on private data.

Wed, 04 Jun 2025 20:10:00 -0000

Researchers uncover a major privacy violation involving tracking scripts from Meta and Yandex. A compliance automation firm discloses a data breach. PumaBot stalks vulnerable IoT devices. The Ramnit banking trojan gets repurposed for ICS intrusions. The North Face suffers a credential stuffing attack. Kaspersky says the Black Owl team is a cyber threat to Russia. CISA releases ISC advisories. An Indian grocery delivery startup suffers a devastating data wiping attack. The UK welcomes their new Cyber and Electromagnetic (CyberEM) Command. Our guest is Rohan Pinto, CTO of 1Kosmos, discussing the implications of AI deepfakes for biometric security. The cybersecurity sleuths at Sophos unravel a curious caper.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Rohan Pinto, CTO of 1Kosmos, and he is discussing the implications of AI deepfakes for biometric security.

Selected Reading

Meta and Yandex are de-anonymizing Android users’ web browsing identifiers (Ars Technica)

Vanta leaks customer data due to product code change (Beyond Machines)

New Linux PumaBot Attacking IoT Devices by Brute-Forcing SSH Credentials (Cyber Security News)

Ramnit Malware Infections Spike in OT as Evidence Suggests ICS Shift (SecurityWeek)

The North Face warns customers of April credential stuffing attack (Bleeping Computer)

Pro-Ukraine hacker group Black Owl poses ‘major threat’ to Russia, Kaspersky says (The Record)

CISA Releases ICS Advisories Covering Vulnerabilities & Exploits (Cyber Security News)

Indian grocery startup KiranaPro was hacked and its servers deleted, CEO confirms (TechCrunch)

UK CyberEM Command to spearhead new era of armed conflict (The Register)

Widespread Campaign Targets Cybercriminals and Gamers (Infosecurity Magazine)

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Zero-day déjà vu.

Tue, 03 Jun 2025 20:10:00 -0000

Google issues an emergency patch for a Chrome zero-day. A new malware campaign uses fake DocuSign CAPTCHA pages to trick users into installing a RAT. A high-severity Splunk vulnerability allows non-admin users to access and modify critical directories. Experts warn congress that Chinese infiltrations are preparations for war. Senators look to strengthen cybersecurity collaboration in the U.S. energy sector. Crocodilus Android malware adds fake contacts to victims’ phones. SentinelOne publishes a detailed analysis of their recent outage. Cartier leaves some of its cyber sparkle exposed. Our guest is Jon Miller, CEO and Co-founder of Halcyon, discussing Bring Your Own Vulnerable Driver (BYOVD) attacks. Microsoft and CrowdStrike tackle hacker naming…or do they?

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today on our Industry Voices segment, we are joined by Jon Miller, CEO and Co-founder of Halcyon who is discussing Bring Your Own Vulnerable Driver (BYOVD) attacks. Listen to Jon’s conversation here.

Selected Reading

Google patches new Chrome zero-day bug exploited in attacks (Bleeping Computer)

Fake Docusign Pages Deliver Multi-Stage NetSupport RAT Malware (Infosecurity Magazine)

Splunk Universal Forwarder on Windows Lets Non-Admin Users Access All Contents (Cyber Security News)

China hacks show they're 'preparing for war': McMaster (The Register)

FCC Proposes Rules to Ferret Out Control of Regulated Entities by Foreign Adversaries (Cooley)

US lawmakers propose legislation to expand cyber threat coordination across energy sector (Industrial Cyber)

Android malware Crocodilus adds fake contacts to spoof trusted callers (Bleeping Computer)

SentinelOne Global Service Outage Root Cause Revealed (Cyber Security News)

Romanian man pleads guilty to 'swatting' plot that targeted an ex-US president and lawmakers (AP News)

Cartier reports data breach exposing customer personal information (Beyond Machines)

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

AVCheck goes dark in Operation Endgame.

Mon, 02 Jun 2025 20:10:00 -0000

An international law enforcement operation dismantles AVCheck. Trump’s 2026 budget looks to cut over one thousand positions from CISA. Cyber Command’s defensive wing gains sub-unified command status. A critical vBulletin vulnerability is actively exploited. Acreed takes over Russian markets as credential theft kingpin. Qualcomm patches three actively exploited zero-days in its Adreno GPU drivers. Researchers unveil details of a Cisco IOS XE Zero-Day. Microsoft warns a memory corruption flaw in the legacy JScript engine is under active exploitation. A closer look at the stealthy Lactrodectus loader. On today’s Afternoon Cyber Tea, Ann Johnson speaks with Hugh Thompson, RSAC program committee chair. Decoding AI hallucinations with physics.

Complete our annual audience survey before August 31.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we have our Afternoon Cyber Tea segment with Ann Johnson. On today’s episode, Ann speaks with Hugh Thompson, RSAC program committee chair, as they discuss what goes into building the RSA Conference.

Selected Reading

Police takes down AVCheck site used by cybercriminals to scan malware (Bleeping Computer)

DHS budget request would cut CISA staff by 1,000 positions (Federal News Network)

Cybercom’s defensive arm elevated to sub-unified command (DefenseScoop)

vBulletin Vulnerability Exploited in the Wild (SecurityWeek)

Acreed Emerges as Dominant Infostealer Threat Following Lumma Takedown (Infosecurity Magazine)

Qualcomm fixes three Adreno GPU zero-days exploited in attacks (Bleeping Computer)

Exploit details for max severity Cisco IOS XE flaw now public (Bleeping Computer)

Microsoft Scripting Engine flaw exploited in wild, Proof-of-Concept published (Beyond Machines)

Latrodectus Malware Analysis: A Deep Dive into the Black Widow of Cyber Threats in 2025 (WardenShield)

The Root of AI Hallucinations: Physics Theory Digs Into the 'Attention' Flaw (SecurityWeek)

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Brandon Karpf: A sailor of the 21st century. [Transitioning service member] [Career Notes]

Sun, 01 Jun 2025 07:00:00 -0000

Please enjoy this encore of Career Notes.

Lieutenant in the US Navy and Skillbridge Fellow at the CyberWire, Brandon Karpf, knew he wanted to join the military at a young age. He achieved that through the US Naval Academy where he was a member of the men’s heavyweight rowing team. Commissioned as a cryptologic warfare officer, Brandon was sent to MIT for a graduate degree where he experienced the exact opposite of the Naval Academy’s highly structured life. Brandon’s later work with both NSA and US Cyber Command helped him gain experience and cyber operations skills. As he transitions from active duty to civilian life, Brandon shares his personal challenges and struggles during that process. Through the DoD Skillbridge Fellowship program, Brandon’s transition has him sharing his skills with the CyberWire. We thank Brandon for sharing his expertise and his story with us.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Triofox and the key to disaster. [Research Saturday]

Sat, 31 May 2025 07:00:00 -0000

This week, we are joined by John Hammond, Principal Security Researcher at Huntress, who is sharing his PoC and research on "CVE-2025-30406 - Critical Gladinet CentreStack & Triofox Vulnerability Exploited In The Wild." A critical 9.0 severity vulnerability (CVE-2025-30406) in Gladinet CentreStack and Triofox is being actively exploited in the wild, allowing remote code execution via hardcoded cryptographic keys in default configuration files.

Huntress researchers observed compromises at multiple organizations and confirmed hundreds of vulnerable internet-exposed servers, urging immediate patching or manual machineKey updates. Mitigation guidance, detection, and remediation scripts have been released to help users identify and secure affected installations.

The research can be found here:

⁠CVE-2025-30406 - Critical Gladinet CentreStack & Triofox Vulnerability Exploited In The Wild

Learn more about your ad choices. Visit megaphone.fm/adchoices

All systems not go.

Fri, 30 May 2025 20:10:00 -0000

SentinelOne suffers a global service outage. A major DDoS attack hits a Russian internet provider. U.S. banking groups urge the SEC to scrap cybersecurity disclosure rules. Australia mandates reporting of ransomware payments. Researchers uncover a new Browser-in-the-Middle (BitM) attack targeting Safari users. A Florida health system pays over $800,000 to settle insider breach concerns. CISA issues five urgent ICS advisories. Our guest is Matt Covington, VP of Product at BlackCloak, discussing the emergence of advanced impersonation techniques like deepfakes and the importance of digital executive protection. The feds are putting all our digital data in one basket.

CyberWire Guest

On our Industry Voices segment, at the 2025 RSA Conference, we were joined by Matt Covington, VP of Product at BlackCloak, discussing the emergence of advanced impersonation techniques like deepfakes and digital executive protection. Listen to Matt’s conversation here.

Selected Reading

Cybersecurity Firm SentinelOne Suffers Major Outage (Bank Infosecurity)

DDoS incident disrupts internet for thousands in Moscow (The Record)

Banks Want SEC to Rescind Cyberattack Disclosure Requirements (PYMNTS.com)

Australian ransomware victims now must tell the government if they pay up (The Record)

New BitM Attack Exploits Safari Vulnerability to Steal Login Credentials (Cyber Security News)

Florida Health System Pays $800K for Insider Record Snooping (Bank Infosecurity)

UTG-Q-015 Hackers Launched Large Scale Brute-Force Attacks Against Govt Web Servers (Cyber Security News)

CISA Releases Five ICS Advisories Targeting Vulnerabilities and Exploits (Cyber Security News)

Trump Taps Palantir to Compile Data on Americans (The New York Times)

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

When "out of the box" becomes "out of control."

Thu, 29 May 2025 20:10:00 -0000

Children’s DNA in criminal databases. ASUS routers get an unwanted houseguest. New APT41 malware uses Google Calendar for command-and-control. Interlock ransomware gang deploys new Trojan. Estonia issues arrest warrant for suspect in massive pharmacy breach. The enemy within the endpoint. New England hospitals disrupted by cyberattack. Tim Starks from CyberScoop is discussing ‘Whatever we did was not enough’: How Salt Typhoon slipped through the government’s blind spots. And Victoria’s Secrets are leaked.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we have Tim Starks from CyberScoop discussing ‘Whatever we did was not enough’: How Salt Typhoon slipped through the government’s blind spots.

Selected Reading

The US Is Storing Migrant Children’s DNA in a Criminal Database (WIRED)

GreyNoise Discovers Stealthy Backdoor Campaign Affecting Thousands of ASUS Routers (GreyNoise)

Mark Your Calendar: APT41 Innovative Tactics (Google Threat Intelligence Group)

Interlock ransomware gang deploys new NodeSnake RAT on universities (BleepingComputer)

Estonia issues arrest warrant for Moroccan wanted for major pharmacy data breach (The Record)

Israeli company Syngia thwarts North Korean cyberattack (The Jerusalem Post)

St. Joseph Hospital owner says company targeted in cybersecurity incident (WMUR)

Victoria’s Secret Website Taken Offline After Cybersecurity Breach (GB Hackers)

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Fingers point east.

Wed, 28 May 2025 20:10:00 -0000

The Czech Republic accuses Chinese state-backed hackers of cyber-espionage. CISA’s leaders head for the exits. Cybercriminals are using fake AI video generator websites to spread malware. A stealthy phishing campaign delivers the Remcos RAT via DBatLoader. A fake Bitdefender website spreads malware targeting financial data. Medusa ransomware claims to have breached global real estate firm RE/MAX. An Iranian national faces up to 30 years in prison for ransomware targeting US cities. Our guest is Tony Velleca, CyberProof's CEO, discussing exposure management and a more risk-focused approach to prioritize threats. Mind reading for fun and profit.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On today’s Industry Voices segment, at the 2025 RSA Conference we were joined by Tony Velleca, CyberProof's CEO, who is discussing exposure management and moving towards a more risk-focused approach to prioritize threats. Listen to Tony’s interview here.

Selected Reading

Chinese spies blamed for attempted hack on Czech government network (The Record)

CISA loses nearly all top officials as purge continues- (Cybersecurity Dive)

Google warns of Vietnam-based hackers using bogus AI video generators to spread malware (The Record)

Chrome 137, Firefox 139 Patch High-Severity Vulnerabilities (SecurityWeek)

New Phishing Campaign Uses DBatLoader to Drop Remcos RAT: What Analysts Need to Know (Hack Read)

Hackers Mimic Popular Antivirus Site to Deliver VenomRAT & Steal Finance Data (Cybersecurity News)

RE/MAX deals with alleged 150GB data theft: Medusa ransomware demands $200K (Cyber News)

CISA Releases ICS Advisories Covering Vulnerabilities & Exploits (Cybersecurity News)

Iranian pleads guilty to launching Baltimore ransomware attack, faces 30 years behind bars (The Record)

Neural Privacy Under Threat: The Battle for Neural Data (tsaaro consulting)

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

BEAR-ly washed and dangerous.

Tue, 27 May 2025 20:10:00 -0000

“Laundry Bear” airs dirty cyber linen in the Netherlands. AI coding agents are tricked by malicious prompts in a Github MCP vulnerability.Tenable patches critical flaws in Network Monitor on Windows. MathWorks confirms ransomware behind MATLAB outage. Feds audit NVD over vulnerability backlog. FBI warns law firms of evolving Silent Ransom Group tactics. Chinese hackers exploit Cityworks flaw to breach US municipal networks. Everest Ransomware Group leaks Coca-Cola employee data. Nova Scotia Power hit by ransomware. On today’s Threat Vector, ⁠David Moulton⁠ speaks with ⁠his Palo Alto Networks colleagues Tanya Shastri⁠ and ⁠Navneet Singh about a strategy for secure AI by design. CIA’s secret spy site was… a Star Wars fan page?

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

Threat Vector

In this segment of Threat Vector, host ⁠David Moulton⁠ speaks with ⁠Tanya Shastri⁠, SVP of Product Management, and ⁠Navneet Singh⁠, VP of Marketing - Network Security, at Palo Alto Networks. They explore what it means to adopt a secure AI by design strategy, giving employees the freedom to innovate with generative AI while maintaining control and reducing risk. You can hear their full discussion on Threat Vector ⁠here⁠ and catch new episodes every Thursday on your favorite podcast app.

Selected Reading

Dutch intelligence unmasks previously unknown Russian hacking group 'Laundry Bear' (The Record)

GitHub MCP Server Vulnerability Let Attackers Access Private Repositories (Cybersecurity News)

Tenable Network Monitor Vulnerabilities Let Attackers Escalate Privileges (Cybersecurity News)

Ransomware attack on MATLAB dev MathWorks – licensing center still locked down (The Register)

US Government Launches Audit of NIST’s National Vulnerability Database (Infosecurity Magazine)

Law Firms Warned of Silent Ransom Group Attacks (SecurityWeek)

Chinese Hackers Exploit Cityworks Flaw to Target US Local Governments (Infosecurity Magazine)

Everest Ransomware Leaks Coca-Cola Employee Data Online (Hackread)

Nova Scotia Power Suffers Ransomware Attack; 280,000 Customers' Data Compromised (GB Hackers)

The CIA Secretly Ran a Star Wars Fan Site (404 Media)

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

AWS in Orbit: Automated Satellite Management. [T-Minus Space]

Mon, 26 May 2025 06:00:00 -0000

While our team is observing Memorial Day in the United States, please enjoy this episode from our team from T-Minus Space Daily recorded recently at Space Symposium.

You can learn more about AWS in Orbit at space.n2k.com/aws.

Our guests on this episode are Dax Garner, CTO at Cognitive Space and Ed Meletyan, AWS Sr Solutions Architect.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Be sure to follow T-Minus on LinkedIn and Instagram.

Selected Reading

AWS Aerospace and Satellite

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at space@n2k.com to request more info.

Want to join us for an interview?

Please send your pitch to space-editor@n2k.com and include your name, affiliation, and topic proposal.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Hugh Thompson on Building the RSA Conference [Afternoon Cyber Tea]

Mon, 26 May 2025 06:00:00 -0000

While our team is observing Memorial Day in the United States, please enjoy this episode from the N2K CyberWire network partner, Microsoft Security. You can hear new episodes of Ann Johnson's Afternoon Cyber Tea podcast every other Tuesday.

Dr. Hugh Thompson, Executive Chairman of RSA Conference and Managing Partner at Crosspoint Capital joins Ann on this week's episode of Afternoon Cyber Tea. They discuss what goes into planning the world’s largest cybersecurity conference—from theme selection to llama-related surprises on the expo floor—and how the RSA community continues to evolve. Hugh also shares how his background in applied math led him from academia to cybersecurity, his thoughts on the human element in security, and what keeps him optimistic about the future of the industry.

Resources:

View Hugh Thompson on LinkedIn

View Ann Johnson on LinkedIn

Related Microsoft Podcasts:

Microsoft Threat Intelligence Podcast

The BlueHat Podcast

Uncovering Hidden Risks

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Afternoon Cyber Tea with Ann Johnson is produced by Microsoft and distributed as part of N2K media network.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Pattie Dillon: Take the leap. [Anti-fraud] [Career Notes]

Sun, 25 May 2025 07:00:00 -0000

Please enjoy this encore of Career Notes.

Product Manager in Anti-Fraud Solutions at SpyCloud, Pattie Dillon shares her journey from raising her family to specializing in the anti-fraud space. Upon reentering the workforce, Pattie worked on identity verification and developed a system with privacy concerns in mind. She moved to work in gift cards and was exposed to money laundering. Traveling along the fraud spectrum, Pattie learned about underground data and feels that this data can be leveraged to actually prevent and fight online fraud. Pattie believes if you don't try, you'll never know. We know we appreciate Pattie sharing her story with us.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Purple teaming in the modern enterprise. [CyberWire-X]

Sun, 25 May 2025 05:00:00 -0000

In large enterprise software companies, Red and Blue Teams collaborate through Purple Teaming to proactively detect, respond to, and mitigate advanced threats. In this episode of CyberWire-X, N2K's Dave Bittner is joined by Adobe’s Justin Tiplitsky, Director of Red Team and Ivan Koshkin, Senior Detection Engineer to discuss how their teams work together daily to strengthen Adobe’s security ecosystem. They share real-world insights on how this essential collaboration enhances threat detection, refines security controls, and improves overall cyber resilience.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Pandas with a purpose. [Research Saturday]

Sat, 24 May 2025 07:00:00 -0000

This week, we are joined by Deepen Desai, Zscaler's Chief Security Officer and EVP of Cyber and AI Engineering, taking a dive deep into Mustang Panda’s latest campaign. Zscaler ThreatLabz uncovered new tools used by Mustang Panda, including the backdoors TONEINS, TONESHELL, PUBLOAD, and the proxy tool StarLoader, all delivered via phishing.

They also discovered two custom keyloggers, PAKLOG and CorKLOG, and an EDR evasion tool, SplatCloak, highlighting the group's focus on surveillance, persistence, and stealth in cyberespionage operations.4o.

The research can be found here:

Learn more about your ad choices. Visit megaphone.fm/adchoices

When malware masters meet their match.

Fri, 23 May 2025 20:10:00 -0000

Operation Endgame dismantles cybercriminal infrastructure. DOGE’s use of the Grok AI chatbot raises ethical and privacy concerns. Malware on the npm registry uses malicious packages to quietly gather intelligence on developer environments. Researchers link Careto malware to the Spanish government. Exploring proactive operations via letters of marque. Hackers hesitate to attend the HOPE conference over travel concerns. Our guest is Jeffrey Wheatman, Cyber Risk Expert at Black Kite, warning us to "Beware the silent breach." AI threatens to spill secrets to save itself.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On today’s Industry Voices, we were joined at the RSAC Conference by Jeffrey Wheatman, Cyber Risk Expert at Black Kite, as he is sharing his thoughts on "Beware the silent breach." Listen to Jeffery’s interview here.
Selected Reading

Operation ENDGAME strikes again: the ransomware kill chain broken at its source (Europol)

Russian developer of Qakbot malware indicted by US for global ransomware campaign (CNews)

Russian hackers target US and allies to disrupt Ukraine aid, warns NSA (CNews)

Exclusive: Musk’s DOGE expanding his Grok AI in U.S. government, raising conflict concerns (Reuters)

60 malicious npm packages caught mapping developer networks (Developer Tech)

Mysterious hacking group Careto was run by the Spanish government, sources say (TechCrunch)

An 18th-century war power resurfaces in cyber policy talks (Next Gov)

Hacker Conference HOPE Says U.S. Immigration Crackdown Caused Massive Crash in Ticket Sales (404 Media)

Anthropic's new AI model turns to blackmail when engineers try to take it offline (TechCrunch)

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Lights out for Lumma.

Thu, 22 May 2025 20:10:00 -0000

A joint operation takes down Lumma infrastructure. The FTC finalizes a security settlement with GoDaddy. The Telemessage breach compromised far more U.S. officials than initially known. Twin hackers allegedly breach a major federal software provider from the inside. U.S. telecom providers fail to notify the Senate when law enforcement agencies request data from Senate-issued devices.DragonForce makes its mark on the ransomware front. A data leak threatens survivors of domestic abuse in the UK. Lexmark discloses a critical vulnerability affecting over 120 printer models. Our guest is David Holmes, CTO for Application Security at Imperva, with insights into the role of AI in bot attacks. Scammers ship stolen cash in Squishmallows.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today’s guest is David Holmes, CTO for Application Security at Imperva, a Thales company, who is sharing some insights into the role of AI in bot attacks.

Selected Reading

Lumma infostealer’s infrastructure seized during US, EU, Microsoft operation (the Record)

FTC finalizes order requiring GoDaddy to secure hosting services (Bleeping Computer)

Exclusive: Hacker who breached communications app used by Trump aide stole data from across US government (Reuters)

By Default, Signal Doesn't Recall (Signal)

Hack of Contractor Was at Root of Massive Federal Data Breach (Bloomberg)

Phone companies failed to warn senators about surveillance, Wyden says - Live Updates (POLITICO)

DragonForce targets rivals in a play for dominance (Sophos News)

‘Deep concern’ for domestic abuse survivors as cybercriminals expected to publish confidential refuge addresses (The Record)

Lexmark reporting remote code execution flaw affecting over 120 Printer Models (Beyond Machines)

DOJ charges 12 more in $263 million crypto fraud takedown where money was hidden in squishmallow stuffed animals (Bitdefender)

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Bear in the network.

Wed, 21 May 2025 20:10:00 -0000

A joint advisory warns of Fancy Bear targeting Western logistics and technology firms. A nonprofit hospital network in Ohio suffers a disruptive ransomware attack. The Consumer Financial Protection Bureau (CFPB) drops plans to subject data brokers to tighter regulations. KrebsOnSecurity and Google block a record breaking DDoS attack. A phishing campaign rerouted employee paychecks. Atlassian patches multiple high-severity vulnerabilities. A Wisconsin telecom provider confirms a cyberattack caused a week-long outage. VMware issues a Security Advisory addressing multiple high-risk vulnerabilities. Prosecutors say a 19-year-old student from Massachusetts will plead guilty to hacking PowerSchool. Our guest is Rob Allen, Chief Product Officer at ThreatLocker, discussing deliberate simplicity of fundamental controls around zero trust. Oversharing your call location data.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On our Industry Voices segment, today we are joined by Rob Allen, Chief Product Officer at ThreatLocker from RSAC 2025. Rob is discussing the deliberate simplicity of fundamental controls around zero trust. Token theft and phishing attacks bypass traditional MFA protections, letting attackers impersonate users and access critical SaaS platforms — without needing passwords. Listen to Rob’s interview here.

Learn more from the ThreatLocker team here.

Selected Reading

Russian GRU Targeting Western Logistics Entities and Technology Companies ( CISA)

Ransomware attack disrupts Kettering Health Network in Ohio (Beyond Machines)

America’s CFPB bins proposed data broker crackdown (The Register)

Krebs on Security hit by 'test run' DDoS attack that peaked at 6.3 terabits of data per second (Metacurity)

SEO poisoning campaign swipes direct deposits from employees (SC Media)

Atlassian Warns of Multiple High-Severity Vulnerabilities Hits Data Center Server (Cybersecurity News)

Cellcom Service Disruption Caused by Cyberattack (SecurityWeek)

VMware releases patches for security flaws in multiple virtualization products (Beyond Machines)

Massachusetts man will plead guilty in PowerSchool hack case (CyberScoop)

O2 VoLTE: locating any customer with a phone call (Mast Database)

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

The Take It Down Act walks a fine line.

Tue, 20 May 2025 20:10:00 -0000

President Trump signs the Take It Down Act into law. A UK grocer logistics firm gets hit by ransomware. Researchers discover trojanized versions of the KeePass password manager. Researchers from CISA and NIST promote a new metric to better predict actively exploited software flaws. A new campaign uses SEO poisoning to deliver Bumblebee malware. A sophisticated phishing campaign is impersonating Zoom meeting invites to steal user credentials. CISA has added six actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog. A bipartisan bill aims to strengthen the shrinking federal cybersecurity workforce. Our guest is Chris Novak, Vice President of Global Cybersecurity Solutions at Verizon, sharing insights on their 2025 DBIR. DOGE downsizes, and the UAE recruits.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Chris Novak, Vice President of Global Cybersecurity Solutions at Verizon, sharing insights on their 2025 Data Breach Investigations Report (DBIR).
Selected Reading

Trump signs the Take It Down Act into law |(The Verge)

Supplier to Tesco, Aldi and Lidl hit with ransomware (Computing)

Fake KeePass password manager leads to ESXi ransomware attack (Bleeping Computer)

Vulnerability Exploitation Probability Metric Proposed by NIST, CISA Researchers (Security Week)

Threat Actors Deliver Bumblebee Malware Poisoning Bing SEO (Cybersecurity News)

New Phishing Attack Poses as Zoom Meeting Invites to Steal Login Credentials (GB Hackers)

CISA Adds Six Known Exploited Vulnerabilities to Catalog (CISA)

Federal cyber workforce training institute eyed in bipartisan House bill (CyberScoop)

UAE Recruiting US Personnel Displaced by DOGE to Work on AI for its Military (Zetter Sero Day)

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Redacted realities: Inside the MoJ hack.

Mon, 19 May 2025 20:10:00 -0000

The UK’s Ministry of Justice suffers a major breach. Mozilla patches two critical JavaScript engine flaws in Firefox. Over 200,000 patients of a Georgia-based health clinic see their sensitive data exposed. Researchers track increased malicious targeting of iOS devices. A popular printer brand serves up malware. PupkinStealer targets Windows systems. An Alabama man gets 14 months in prison for a sim-swap attack on the SEC. Our guest is Ian Tien, CEO at Mattermost, sharing insights on enhancing cybersecurity through effective collaboration. Ethical Hackers win the day at Pwn2Own Berlin.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On today’s Industry Voices segment, we are joined by Ian Tien, CEO at Mattermost at RSAC 2025, who is sharing insights on enhancing cybersecurity through effective collaboration. Check out Ian’s blog on “What’s Next for Cybersecurity Teams? AI, Automation & Real-Time Workflows.” Listen to Ian’s interview here.

Selected Reading

Hackers steal 'significant amount of personal data' from Ministry of Justice in brazen cyber-attack (Daily Mail Online)

M&S and Co-Op: BBC reporter on talking to the hackers (BBC)

210K American clinics‘ patients had their financial data leaked (Cybernews)

480,000 Catholic Health Patients Impacted by Serviceaide Data Leak (SecurityWeek)

Over 40,000 iOS Apps Found Exploiting Private Entitlements, Zimperium (Hackread)

This printer company served you malware for months and dismissed it as false positives (Neowin)

Hack of SEC social media account earns 14-month prison sentence for Alabama man (The Record)

Hackers Earn Over $1 Million at Pwn2Own Berlin 2025 (SecurityWeek)

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Dave Bittner: From puppet shows to podcasts. [Media] [Career Notes]

Sun, 18 May 2025 07:00:00 -0000

Please enjoy this encore of Career Notes.

Host of the CyberWire Podcast, Dave Bittner, wanted to work with the Muppets, so naturally he landed in cybersecurity. Dave and his Cookie Monster puppet spent much of his childhood putting on shows for his parents friends. During one of those performances, he was discovered and got his start at the local PBS station. A radio, television and film major in college, Dave owned his own company and as the most tech-savvy member of the group, handled that side of things. Dave notes his cybersecurity challenges back then consisted of maybe a corrupt floppy disk. It wasn't until he joined the CyberWIre that cybersecurity became Dave's focus. A former boss showed him how to lead a team and treat everyone with kindness regardless of their role. We thank Dave for sharing his story with us.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Leveling up their credential phishing tactics. [Research Saturday]

Sat, 17 May 2025 05:00:00 -0000

This week, Dave speaks with Max Gannon of Cofense Intelligence to dive into his team's research on "The Rise of Precision-Validated Credential Theft: A New Challenge for Defenders."

Threat actors continuously develop new tactics, techniques, and procedures (TTPs) to bypass existing defenses. When defenders identify these methods and implement countermeasures, attackers adapt or create more sophisticated approaches.

This research explores how cybercriminals are leveling up their credential phishing tactics using Precision-Validated Phishing, a technique that leverages real-time email validation to ensure only high-value targets receive the phishing attempt.

The research can be found here:

The Rise of Precision-Validated Credential Theft: A New Challenge for Defenders⁠⁠⁠⁠⁠

Learn more about your ad choices. Visit megaphone.fm/adchoices

Preparing for the cyber battlespace.

Fri, 16 May 2025 20:00:00 -0000

NATO hosts the world’s largest cyber defense exercise. The DOJ charges a dozen people in a racketeering conspiracy involving the theft of over $230 million in cryptocurrency. Japan has enacted a new Active Cyberdefense Law. Lawmakers push to reauthorize the Cybersecurity Information Sharing Act. Two critical Ivanti Endpoint Manager Mobile vulnerabilities are under active exploitation. Hackers use a new fileless technique to deploy Remcos RAT. The NSA’s Director of Cybersecurity hangs up their hat. Our guest is Christopher Cleary, VP of ManTech's Global Cyber Practice, discussing the cyber battlespace of the future. Coinbase flips the script on an extortion attempt.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Joining us on our Industry Voices segment, Christopher Cleary, VP of ManTech's Global Cyber Practice, talks about the battlespace of the future. If you would like to hear the full-length interview between Christopher and Dave, listen here. Learn more about ManTech’s cybersecurity work here.

Selected Reading

NATO's Locked Shields Reflects Cyber Defense Growth (SecurityWeek)

US charges 12 more suspects linked to $230 million crypto theft (Bleeping Computer)

Japan enacts new Active Cyberdefense Law allowing for offensive cyber operations (The Record)

Lawmakers push for reauthorization of cyber information sharing bill as deadline looms (The Record)

Ban sales of gear from China’s TP-Link, Republican lawmakers tell Trump administration (The Record)

Scammers are deepfaking voices of senior US government officials, warns FBI (The Register)

Multiple Ivanti Endpoint Mobile Manager Vulnerabilities Allows Remote Code Execution (Cyber Security News)

Updated Remcos RAT deployed in fileless intrusion (SC Media)

NSA cyber director Luber to retire at month’s end (The Record)

Coinbase offers $20 million bounty after extortion attempt with stolen data (The Record)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Bypassing Bitlocker encryption.

Thu, 15 May 2025 20:00:00 -0000

Google issues an emergency patch for a high-severity Chrome browser flaw. Researchers bypass BitLocker encryption in minutes. A massive Chinese-language black market has shut down. The CFPB cancels plans to curb the sale of personal information by data brokers. A cyberespionage campaign called Operation RoundPress targets vulnerable webmail servers. Google warns that Scattered Spider is now targeting U.S. retail companies. The largest steelmaker in the U.S. shut down operations following a cybersecurity incident. Our guest is Devin Ertel, Chief Information Security Officer at Menlo Security, discussing redefining enterprise security. The long and the short of layoffs.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On our Industry Voices segment and direct from RSAC 2025, our guest is Devin Ertel, Chief Information Security Officer at Menlo Security, discussing redefining enterprise security. Listen to Devin's interview here.

Selected Reading

Google fixes high severity Chrome flaw with public exploit (Bleeping Computer)

BitLocker Encryption Bypassed in Minutes Using Bitpixie Vulnerability: PoC Released (Cyber Security News)

The Internet’s Biggest-Ever Black Market Just Shut Down Amid a Telegram Purge (WIRED)

German operation shuts down crypto mixer eXch, seizes millions in assets (The Record)

CFPB Quietly Kills Rule to Shield Americans From Data Brokers (WIRED)

EU ruling: tracking-based advertising by Google, Microsoft, Amazon, X, across Europe has no legal basis (Irish Council for Civil Liberties)

Operation RoundPress targeting high-value webmail servers (We Live Security)

Google says hackers that hit UK retailers now targeting American stores (Reuters)

Cybersecurity incident forces largest US steelmaker to take some operations offline (The Record)

Infosec Layoffs Aren't the Bargain Boards May Think (Dark Reading)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Get to patching: Patch Tuesday updates.

Wed, 14 May 2025 20:00:00 -0000

A busy Patch Tuesday. Investigators discover undocumented communications devices inside Chinese-made power inverters. A newly discovered Branch Privilege Injection flaw affects Intel CPUs. A UK retailer may claim up to £100mn from its cyber insurers after a major cyberattack. A Kosovo national has been extradited to the U.S. for allegedly running an illegal online marketplace. CISA will continue alerts on its website following industry backlash. On our Industry Voices segment, Neil Hare-Brown, CEO at STORM Guidance, discusses Cyber Incident Response (CIR) retainer service provision. Shoring up the future of the CVE program.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On today’s Industry Voices segment, we are joined by Neil Hare-Brown, CEO at STORM Guidance, discussing Cyber Incident Response (CIR) retainer service provision. You can learn more here.

Selected Reading

Microsoft Patch Tuesday security updates for May 2025 fixed 5 actively exploited zero-days (Security Affairs)

SAP patches second zero-day flaw exploited in recent attacks (Bleeping Computer)

Ivanti fixes EPMM zero-days chained in code execution attacks (Bleeping Computer)

Fortinet fixes critical zero-day exploited in FortiVoice attacks (Bleeping Computer)

Vulnerabilities Patched by Juniper, VMware and Zoom (SecurityWeek)

ICS Patch Tuesday: Vulnerabilities Addressed by Siemens, Schneider, Phoenix Contact (SecurityWeek)

Adobe Patches Big Batch of Critical-Severity Software Flaws (SecurityWeek)

Ghost in the machine? Rogue communication devices found in Chinese inverters (Reuters)

New Intel CPU flaws leak sensitive data from privileged memory (Bleeping Computer)

M&S cyber insurance payout to be worth up to £100mn (Financial Times)

US extradites Kosovo national charged in operating illegal online marketplace (The Record)

CISA Planned to Kill .Gov Alerts. Then It Reversed Course. (Data BreachToday)

CVE Foundation eyes year-end launch following 11th-hour rescue of MITRE program (CyberScoop)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Jamming in a ban on state AI regulation.

Tue, 13 May 2025 20:00:00 -0000

House Republicans look to limit state regulation of AI. Spain investigates potential cybersecurity weak links in the April 28 power grid collapse. A major security flaw has been found in ASUS mainboards’ automatic update system. A new macOS info-stealing malware uses PyInstaller to evade detection. The U.S. charges 14 North Korean nationals in a remote IT job scheme. Europe’s cybersecurity agency launches the European Vulnerability Database. CISA pares back website security alerts. Moldovan authorities arrest a suspect in DoppelPaymer ransomware attacks. On today’s Threat Vector segment, David Moulton speaks with ⁠Noelle Russell⁠, CEO of the AI Leadership Institute, about how to scale responsible AI in the enterprise. Dave & Buster’s invites vanish into the void.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

Threat Vector

Recorded Live at the Canopy Hotel during the RSAC Conference in San Francisco, ⁠David Moulton⁠ speaks with ⁠Noelle Russell⁠, CEO of the AI Leadership Institute and a leading voice in responsible AI on this Threat Vector segment. Drawing from her new book Scaling Responsible AI, Noelle explains why early-stage AI projects must move beyond hype to operational maturity—addressing accuracy, fairness, and security as foundational pillars. Together, they explore how generative AI models introduce new risks, how red teaming helps organizations prepare, and how to embed responsible practices into AI systems. You can hear David and Noelle’s full discussion on Threat Vector here and catch new episodes every Thursday on your favorite podcast app.

Selected Reading

Republicans Try to Cram Ban on AI Regulation Into Budget Reconciliation Bill (404 Media)

Spain investigates cyber weaknesses in blackout probe (The Financial Times)

Critical Security flaw in ASUS mainboard update system (Beyond Machines)

Hackers Exploiting PyInstaller to Deploy Undetectable macOS Infostealer (Cybersecurity News)

Researchers Uncover Remote IT Job Fraud Scheme Involving North Korean Nationals (GB Hackers)

European Vulnerability Database Launches Amid US CVE Chaos (Infosecurity Magazine)

Apple Security Update: Multiple Vulnerabilities in macOS & iOS Patched (Cybersecurity News)

CISA changes vulnerabilities updates, shifts to X and emails (The Register)

Suspected DoppelPaymer Ransomware Group Member Arrested (Security Week)

Cracking The Dave & Buster’s Anomaly (Rambo.Codes)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

No quick fix for a ClickFix attack.

Mon, 12 May 2025 20:00:00 -0000

A major student engagement platform falls victim to the ClickFix social engineering attack. Google settles privacy allegations with Texas for over one point three billion dollars. Stores across the UK face empty shelves due to an ongoing cyberattack. Ascension Health reports that over 437,000 patients were affected by a third-party data breach. A critical zero-day vulnerability in SAP NetWeaver is being actively exploited. Researchers uncover two major cybersecurity threats targeting IT admins and cloud systems. U.S. prosecutors charge three Russians and one Kazakhstani in connection with the takedown of two major botnets. A new tool disables Microsoft Defender by tricking Windows into thinking a legitimate antivirus is installed. Tim Starks, Senior Reporter from CyberScoop, discusses congressional reactions to White House budget cut proposals for CISA. Fair use faces limits in generative AI.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

We welcome back Tim Starks, Senior Reporter from CyberScoop, discussing congressional reactions to White House budget cut proposals for CISA. You can find background information in these articles:

Selected Reading

iClicker website compromised with fake ClickFix CAPTCHA installing malware (BeyondMachines.net)

Google Agrees to $1.3 Billion Settlement in Texas Privacy Lawsuits (SecurityWeek)

Fears 'hackers still in the system' leave Co-op shelves running empty across UK (The Record)

437,000 Impacted by Ascension Health Data Breach (SecurityWeek)

SAP NetWeaver Vulnerability Exploited in Wild by Chinese Hackers (Cyber Security News)

New SEO Poisoning Campaign Targeting IT Admins With Malware (Hackread)

Three Russians, one Kazakhstani charged in takedown of Anyproxy and 5socks botnets (The Record)

Defendnot — A New Tool That Disables Windows Defender by Posing as an Antivirus Solution (Cyber Security News)

Five Takeaways from the Copyright Office’s Controversial New AI Report (Copyright Lately)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Limor Kessem: Be an upstander. [Security Advisor] [Career Notes]

Sun, 11 May 2025 07:00:00 -0000

Enjoy this encore of Career Notes.

Executive Security Advisor at IBM Security Limor Kessem says she started her cybersecurity career by pure chance. Limor made a change from her childhood dream of being a doctor and came into cybersecurity with her passion, investment, discipline, and perseverance. Limor talks about how we must tighten our core security and at the same time we allow innovation to help us move forward with the times. She's been fortunate to have been able to stand up for others and has had others support her. She said that is very motivating and has allowed her to really explore every possible thing in her career that she can contribute without limiting herself to a certain role. We thank Limor for sharing her story with us.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Beyond cyber: Securing the next horizon. [Special Edition]

Sun, 11 May 2025 05:00:00 -0000

Cybersecurity is no longer confined to the digital world or just a technical challenge, it’s a global imperative. The NightDragon Innovation Summit convened a group of industry leaders to discuss how public and private entities can work together to address emerging threats and harness the power of AI, cybersecurity, and innovation to strengthen national defense.

In this special edition podcast, we capture a glimpse into the knowledge and expertise shared at the NightDragon Innovation Summit. We are joined by NightDragon Founder and CEO Dave DeWalt, DataBee CEO Nicole Bucala, Liberty Mutual Insurance EVP and CISO Katie Jenkins, Sophos CEO Joe Levy, and Dataminr VP of Sales Engineering Michael Mastrole.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Hijacking wallets with malicious patches. [Research Saturday]

Sat, 10 May 2025 05:00:00 -0000

This week, we are joined by Lucija Valentić, Software Threat Researcher from ReversingLabs, who is discussing "Atomic and Exodus crypto wallets targeted in malicious npm campaign." Threat actors have launched a malicious npm campaign targeting Atomic and Exodus crypto wallets by distributing a fake package called "pdf-to-office," which secretly patches locally installed wallet software to redirect crypto transfers to attacker-controlled addresses.

ReversingLabs researchers discovered that this package used obfuscated JavaScript to trojanize specific files in targeted wallet versions, enabling persistence even after the malicious package was removed. This incident highlights the growing threat of software supply chain attacks in the cryptocurrency space and underscores the need for vigilant monitoring of both open-source repositories and local applications.

The research can be found here:

⁠⁠Atomic and Exodus crypto wallets targeted in malicious npm campaign

Learn more about your ad choices. Visit megaphone.fm/adchoices

Scrutinizing the security of messaging apps continues.

Fri, 09 May 2025 20:00:00 -0000

The messaging app used by CBP and the White House faces continued security scrutiny. Hacktivists breach the airline used for U.S. deportation flights. The FBI warns that threat actors are exploiting outdated, unsupported routers. Education giant Pearson confirms a cyberattack. Researchers report exploitation of Windows Remote Management (WinRM) for stealthy lateral movement in Active Directory (AD) environments. A sophisticated email attack campaign uses malicious PDF invoices to deliver a cross-platform RAT. A zero-day vulnerability in SAP NetWeaver enables remote code execution. An Indiana health system reports a data breach affecting nearly 263,000 individuals. Our guest is Alex Cox, Director of Information Security at LastPass, discussing tax-related lures targeting refunds. AI empowers a murder victim to speak from beyond the grave.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Alex Cox, Director of Information Security at LastPass, to discuss tax-related lures facing both tax preparation agencies and filers expecting refunds.

Selected Reading

On the state of modern Web Application Security (BrightTalk)

Customs and Border Protection Confirms Its Use of Hacked Signal Clone TeleMessage (Wired)

Hackers hit deportation airline GlobalX, leak flight manifests, and leave an unsubtle message for "Donnie" Trump (Bitdefender)

FBI Sounds Alarm on Rogue Cybercrime Services Targeting Obsolete Routers (infosecurity magazine)

Education giant Pearson hit by cyberattack exposing customer data (Bleeping Computer)

Hackers Using Windows Remote Management to Stealthily Navigate Active Directory Network (Cybersecurity News)

Hackers Weaponizing PDF Invoices to Attack Windows, Linux & macOS Systems (Cybersecurity News)

SAP Zero-Day Targeted Since January, Many Sectors Impacted (Security Week)

Indiana Health System Notifies 263,000 of Oracle Hack (Bank of Infosecurity)

A Judge Accepted AI Video Testimony From a Dead Man (404 Media)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Targeting schools is not cool.

Thu, 08 May 2025 20:00:00 -0000

The LockBit ransomware gang has been hacked. Google researchers identify a new infostealer called Lostkeys. SonicWall is urging customers to patch three critical device vulnerabilities. Apple patches a critical remote code execution flaw. Cisco patches 35 vulnerabilities across multiple products. Iranian hackers cloned a German modeling agency’s website to spy on Iranian dissidents. Researchers bypass SentinelOne’s EDR protection. Education tech firm PowerSchool faces renewed extortion. CrowdStrike leans into AI amidst layoffs. Our guest is Caleb Barlow, CEO of Cyberbit, discussing the mixed messages of the cyber skills gaps. Honoring the legacy of Joseph Nye.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Caleb Barlow, CEO of Cyberbit, who is discussing the mixed messages of the cyber skills gaps.

Selected Reading

LockBit ransomware gang hacked, victim negotiations exposed (Bleeping Computer)

Russian state-linked Coldriver spies add new malware to operation (The Record)

Fake AI Tools Push New Noodlophile Stealer Through Facebook Ads (Hackread)

SonicWall urges admins to patch VPN flaw exploited in attacks (Bleeping Computer)

Researchers Details macOS Remote Code Execution Vulnerability - CVE-2024-44236 (Cyber Security News)

Cisco IOS XE Wireless Controllers Vulnerability Enables Full Device Control for Attackers (Cyber Security News)

Cisco Patches 35 Vulnerabilities Across Several Products (SecurityWeek)

Iranian Hackers Impersonate as Model Agency to Attack Victims (Cyber Security News)

Hacker Finds New Technique to Bypass SentinelOne EDR Solution (Infosecurity Magazine)

CrowdStrike trims workforce by 5 percent, aims to rely on AI (The Register)

Despite ransom payment, PowerSchool hacker now extorting individual school districts (The Record)

Joseph Nye, Harvard professor, developer of “soft power” theory, and an architect of modern international relations, dies at 88 (Harvard University)

Nye Lauded for Cybersecurity Leadership (The Belfer Center for Science and International Affairs at Harvard University)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

AWS in Orbit: Empowering exploration on the Moon, Mars, and more.

Thu, 08 May 2025 18:00:00 -0000

From the N2K CyberWire network T-Minus team, please enjoy this podcast episode recorded at Space Symposium 2025. Find out how AWS for Aerospace and Satellite is empowering exploration on the Moon, Mars, and beyond with Lunar Outpost. You can learn more about AWS in Orbit at space.n2k.com/aws.

Our guests on this episode are AJ Gemer, CTO at Lunar Outpost and Salem El Nimri, CTO at AWS Aerospace & Satellite.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Be sure to follow T-Minus on LinkedIn and Instagram.

Selected Reading

AWS Aerospace and Satellite

Audience Survey

We want to hear from you! Please complete our short survey. It’ll help us get better and deliver you the most mission-critical space intel every day.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at space@n2k.com to request more info.

Want to join us for an interview?

Please send your pitch to space-editor@n2k.com and include your name, affiliation, and topic proposal.

Learn more about your ad choices. Visit megaphone.fm/adchoices

When spyware backfires.

Wed, 07 May 2025 20:10:00 -0000

A jury orders NSO Group to pay $167 millions dollars to Meta over spyware allegations. CISA warns of hacktivists targeting U.S. ICS and SCADA systems. Researcher Micah Lee documents serious privacy risks in the TM SGNL app used by high level Trump officials. The NSA plans significant workforce cuts. Nations look for alternatives to U.S. cloud providers. A medical device provider discloses a cyberattack disrupting its ability to ship customer orders. The Panda Shop smishing kit impersonates trusted brands. Accenture’s CFO thwarts a deepfake attempt. Our temporary intern Kevin Magee from Microsoft wraps up his reporting from the RSAC show floor. Server room shenanigans, with romance, retaliation, and root access.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Wrapping up RSAC 2025, we’re joined by our partner Kevin Magee, Global Director of Cybersecurity Startups at Microsoft for Startups. Kevin brings the energy with a high-octane medley of interviews directly from the show floor, featuring sharp insights and bold ideas from some of cybersecurity’s most influential voices. It’s the perfect, fast-paced finale to our RSAC coverage—check out the show notes for links to all the guests featured!

In this segment, you’ll hear from Eoin Wickens, Director of Threat Intelligence of HiddenLayer, Jordan Shaw-Young, Chief of Staff for Security Services at BlueVoyant, Gil Barak, co-founder and CEO of Blink Ops, and Paul St Vil, VP of Field Engineering at Zenity.

You can also catch Kevin on our Microsoft for Startups⁠ Spotlight, brought to you by N2K CyberWire and Microsoft, where we shine a light on innovation, ambition, and the tech trailblazers building the future right from the startup trenches. Kevin and Dave talk with startup veteran and Cygenta co-founder FC about making the leap from hacker to entrepreneur, then speak with three Microsoft for Startups members: Matthew Chiodi⁠ of ⁠Cerby⁠, ⁠Travis Howerton⁠ of ⁠RegScale⁠, and ⁠Karl Mattson⁠ of ⁠Endor Labs⁠. Whether you are building your own startup or just love a good innovation story, listen and learn more here.

Selected Reading

Spyware-maker NSO ordered to pay $167 million for hacking WhatsApp (The Washington Post)

CISA Warns of Hackers Attacking ICS/SCADA Systems in Oil and Natural Gas Companies (Cyber Security News)

Despite misleading marketing, Israeli company TeleMessage, used by Trump officials, can access plaintext chat logs (Micha Flee)

NSA to cut up to 2,000 civilian roles as part of intel community downsizing' (The Record)

NIST loses key cyber experts in standards and research (Cybersecurity Dive)

A coherent European/non-US cloud strategy: building railroads for the cloud economy (Bert Hubert)

Medical device giant Masimo says cyberattack is limiting ability to fill customer orders (The Record)

New Chinese Smishing Kit Dubbed 'Panda Shop' Steal Google, Apple Pay & Credit Card Details (Cyber Security News)

Accenture: What we learned when our CEO got deepfaked (Computing)

IT Worker from Computacenter Let Girlfriend Into Deutsche Bank’s Restricted Areas (GB Hackers)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

No hocus pocus—MagicINFO flaw is the real threat.

Tue, 06 May 2025 20:30:00 -0000

A critical flaw in a Samsung’s CMS is being actively exploited. President Trump’s proposed 2026 budget aims to slash funding for CISA. “ClickFix” malware targets both Windows and Linux systems through advanced social engineering. CISA warns of a critical Langflow vulnerability actively exploited in the wild. A new supply-chain attack targets Linux servers using malicious Go modules found on GitHub. The Venom Spider threat group targets HR professionals with fake resume submissions. The Luna Moth group escalates phishing attacks on U.S. legal and financial institutions. The U.S. Treasury aims to cut off a Cambodia-based money laundering operation. Our guest is Monzy Merza, Co-Founder and CEO of Crogl, discussing the CISO's conundrum in the face of AI. Malware, mouse ears, and mayhem: Disney hacker pleads guilty.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On our Industry Voices segment, we are joined by Monzy Merza, Co-Founder and CEO of Crogl, who is discussing the CISO's conundrum—the growing challenge of securing organizations in a world where AI rapidly expands both the number of users and potential adversaries.
Selected Reading

Samsung MagicINFO Vulnerability Exploited Days After PoC Publication (SecurityWeek)

Trump would cut CISA budget by $491M amid ‘censorship’ claim (The Register)

New ClickFix Attack Mimics Ministry of Defense Website to Attack Windows & Linux Machines (Cyber Security News)

Critical Vulnerability in AI Builder Langflow Under Attack (SecurityWeek)

Linux wiper malware hidden in malicious Go modules on GitHub (Bleeping Computer)

Malware scammers target HR professionals with Venom Spider malware (SC Media)

Luna Moth extortion hackers pose as IT help desks to breach US firms (Bleeping Computer)

US Readies Huione Group Ban Over Cybercrime Links (GovInfo Security)

Hacker 'NullBulge' pleads guilty to stealing Disney's Slack data (Bleeping Computer)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Hardcoded credentials and hard lessons.

Mon, 05 May 2025 20:10:00 -0000

Researchers uncover serious vulnerabilities in the Signal fork reportedly used by top government officials. CISA adds a second Commvault flaw to its Known Exploited Vulnerabilities catalog. xAI exposed a private API key on GitHub for nearly two months. FortiGuard uncovers a cyber-espionage campaign targeting critical national infrastructure in the Middle East. Threat brokers advertise a new SS7 zero-day exploit on cybercrime forums. The StealC info-stealer and malware loader gets an update. Passkeys blaze the trail to a passwordless future. On our Afternoon Cyber Tea segment with Ann Johnson, Ann speaks with Christina Morillo, Head of Information Security at the New York Giants. Cubism meets computing: the Z80 goes full Picasso.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire GuestOn our Afternoon Cyber Tea segment with Ann Johnson, Ann speaks with Christina Morillo, Head of Information Security at New York Football Giants, as they discuss how she approaches cybersecurity with curiosity, business alignment, and strong collaboration across the NFL community.

Selected Reading

The Signal Clone the Trump Admin Uses Was Hacked (404 Media)

Critical Commvault Vulnerability in Attacker Crosshairs (SecurityWeek)

xAI Dev Leaked API Key on GitHub for Private SpaceX, Tesla & Twitter/X (Cyber Security News)

FortiGuard Incident Response Team Detects Intrusion into Middle East Critical National Infrastructure (Fortinet)

Hackers Selling SS7 0-Day Vulnerability on Hacker Froums for $5000 (Cyber Security News)

StealC malware enhanced with stealth upgrades and data theft tools (Bleeping Computer)

Sick of 15-character passwords? Microsoft is going password-less, starting now. (Mashable)

Passkeys for Normal People (Troy Hunt)

Single-Board Z80 Computer Draws Inspiration From Picasso (Hackaday)

Share your feedback.

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Joe Bradley: A bit of a winding road. [Chief Scientist] [Career Notes]

Sun, 04 May 2025 07:00:00 -0000

Please enjoy this encore of Career Notes.

Chief Scientist at LivePerson Joe Bradley takes us down his circuitous career journey that led him back to math. Joe had many ambitions from opera singer to middle school teacher, spent some time at two national labs and went back to his first love of math and physics. He notes that many of the most mathematically intuitive people that he's met are people that also have a creative outlet and a lot of times it's music. Adding a business aspect to his technical work, Joe came to his current position. He recommends going deep into your preferred subject and hopes that it helps you to become something different because of all you put into the work. We thank Joe for sharing his story with us.

Learn more about your ad choices. Visit megaphone.fm/adchoices

When AI gets a to-do list. [Research Saturday]

Sat, 03 May 2025 07:00:00 -0000

This week, we are joined by ⁠Shaked Reiner⁠, Security Principal Security Researcher at ⁠CyberArk⁠, who is discussing their research on"Agents Under Attack: Threat Modeling Agentic AI." Agentic AI empowers LLMs to take autonomous actions, like browsing the web or executing code, making them more useful—but also more dangerous.

Threats like prompt injections and stolen API keys can turn agents into attack vectors. Shaked Reiner explains how treating agent outputs like untrusted code and applying traditional security principles can help keep them in check.

The research can be found here:

⁠Agents Under Attack: Threat Modeling Agentic AI

Learn more about your ad choices. Visit megaphone.fm/adchoices

Wired, but not fired.

Fri, 02 May 2025 20:10:00 -0000

RSAC 2025 comes to an end. Canadian power company hit by cyberattack. Ascension Health discloses another breach. UK luxury department store Harrods discloses attempted cyberattack. Microsoft fixes bug flagging Gmail as spam. An unofficial version of the Signal app shared in photo. EU fines TikTok for violating GDPR with China data transfer. US Treasury to cut off Southeast Asian cybercrime key player. Passwordless by default coming your way. Our guest is Kevin Magee, from Microsoft, sharing a medley of interviews he gathered on the show floor of RSAC 2025.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

Kevin on the Street

Joining us this week from RSAC 2025, we have our partner Kevin Magee, Global Director of Cybersecurity Startups at Microsoft for Startups. Kevin closes out RSAC 2025 with a high-energy medley of interviews straight from the show floor, packed with sharp insights and bold ideas from some of cybersecurity’s standout voices. It’s a dynamic and fast-paced finale to our RSAC coverage—and you can find links to all of the guests featured in the show notes.

In this segment, you’ll hear from Christopher Simm, CTO at Bulletproof; Dr. Chase Cunningham (aka Dr. Zero Trust), Chief Strategy Officer at Ericom Software; Helen Patton, cybersecurity advisor at Cisco; Jeremy Vaughan, CEO and co-founder of Start Left Security; and Tzvika Shneider, CEO of Pynt.

Selected Reading

Day 4 Recap: Closing Celebration with Alicia Keys, RSAC College Day, and What's Ahead for 2025 (RSAC Conference)

Canadian Electric Utility Hit by Cyberattack (SecurityWeek)

Ascension discloses second major cyber attack in a year (The Register)

Harrods latest retailer to be hit by cyber attack (BBC)

Microsoft fixes Exchange Online bug flagging Gmail emails as spam (Bleeping Computer)

Mike Waltz Accidentally Reveals Obscure App the Government Is Using to Archive Signal Messages (404 Media)

TikTok hit with 530 million euro privacy fine in investigation into China data transfer (AP News)

Ukrainian extradited to US for alleged Nefilim ransomware attack spree (CyberScoop)

US wants to cut off key player in Southeast Asian cybercrime industry (The Record)

Microsoft makes all new accounts passwordless by default (Bleeping Computer)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

AI on the offensive.

Thu, 01 May 2025 20:10:00 -0000

Updates from RSAC 2025. Former NSA cyber chief Rob Joyce warns that AI is rapidly approaching the ability to develop high-level software exploits. An FBI official warns that China is the top threat to U.S. critical infrastructure. Mandiant and Google raise alarms over widespread infiltration of global companies by North Korean IT workers. France accuses Russia’s Fancy Bear of targeting at least a dozen French government and institutional entities. SonicWall has issued an urgent alert about active exploitation of a high-severity vulnerability in its Secure Mobile Access appliances. A China-linked APT group known as “TheWizards” is abusing an IPv6 networking feature. Gremlin Stealer emerges as a serious threat. A 23-year-old Scottish man linked to the Scattered Spider hacking group has been extradited from Spain to the U.S. Senators urge FTC action on consumer neural data. New WordPress malware masquerades as an anti-malware plugin. Our guest is Andy Cao from ProjectDiscovery, the Winner of the 20th Annual RSAC™ Innovation Sandbox Contest. Our intern Kevin returns with some Kevin on the Street interviews from the RSAC floor. Research reveals the risk of juice jacking isn’t entirely imaginary.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Our guest is Andy Cao from ProjectDiscovery, who is the Winner of the 20th Annual RSAC™ Innovation Sandbox Contest 2025 event.
Kevin on the Street

Joining us this week from RSAC 2025, we have our partner Kevin Magee, Global Director of Cybersecurity Startups at Microsoft for Startups. Stay tuned to the CyberWire Daily podcast for “Kevin on the Street” updates on all things RSAC 2025 from Kevin all week. Today Kevin is joined by Shane Harding CEO of Devicie and Nathan Ostrowski Co-Founder Petrą Security.

Selected Reading

Ex-NSA cyber boss: AI will soon be a great exploit dev (The Register)

AI makes China leading threat to US critical infrastructure, says FBI official (SC World)

North Korean operatives have infiltrated hundreds of Fortune 500 companies (CyberScoop)

France Blames Russia for Cyberattacks on Dozen Entities (SecurityWeek)

SonicWall OS Command Injection Vulnerability Exploited in the Wild (Cyber Security News)

Hackers abuse IPv6 networking feature to hijack software updates (Bleeping Computer)

New Gremlin Stealer Advertised on Hacker Forums Targets Credit Card Data and Login Credentials (GB Hackers)

Alleged ‘Scattered Spider’ Member Extradited to U.S. (Krebs on Security)

Senators Urge FTC Action on Consumer Neural Data, Signaling Heightened Scrutiny (Cooley)

New WordPress Malware as Anti-Malware Plugin Take Full Control of Website (Cyber Security News)

iOS and Android juice jacking defenses have been trivial to bypass for years (Ars Technica)
Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Less CISA, more private sector power?

Wed, 30 Apr 2025 20:10:00 -0000

DHS Secretary Kristi Noem justifies budget cuts in her RSAC keynote. The EFF pens an open letter to Trump backing Chris Krebs. Scattered Spider is credited with the Marks & Spencer cyberattack. Researchers discover a critical flaw in Apple’s AirPlay protocol. The latest CISA advisories. On our Industry Voices segment, we are joined by Neil Gad, Chief Product and Technology Officer at RealVNC, who is discussing a security-first approach in remote access software development. What do you call an AI chatbot that finished at the bottom of its class in med school?

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On our Industry Voices segment, we are joined by Neil Gad, Chief Product and Technology Officer at RealVNC, who is discussing a security-first approach in remote access software development.

Kevin on the Street

Joining us this week from RSAC 2025, we have our partner Kevin Magee, Global Director of Cybersecurity Startups at Microsoft for Startups. Stay tuned to the CyberWire Daily podcast for “Kevin on the Street” updates on all things RSAC 2025 from Kevin all week. Today Kevin is joined by Ryan Lasmaili Co-Founder and CEO of Vaultree and Stan Golubchik CEO and co-founder of Contraforce, here are their conversations.

Selected Reading

DHS Secretary Noem: CISA needs to get back to ‘core mission’ (CyberScoop)

Noem calls for reauthorization of cyberthreat information sharing law during RSA keynote (The Record)

Cyber experts, Democrats urge Trump administration not to break up cyber coordination in State reorg (CyberScoop)

Infosec pros rally against Trump's attack on Chris Krebs (The Register)

Scattered Spider Suspected in Major M&S Cyberattack (Hackread)

AirPlay Zero-Click RCE Vulnerability Enables Remote Device Takeover via Wi-Fi (Cyber Security News)

CISA Adds One Known Exploited Vulnerability to Catalog (CISA)

CISA Releases Three Industrial Control Systems Advisories (CISA)

Instagram's AI Chatbots Lie About Being Licensed Therapists (404 Media)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Trends shaping the future at RSAC.

Tue, 29 Apr 2025 20:10:00 -0000

RSAC 2025 is well under way, and Kevin the Intern files his first report. Authorities say Spain and Portugal’s massive power outage was not a cyberattack. Concerns are raised over DOGE access to classified nuclear networks. The FS-ISAC launches the Cyberfraud Prevention Framework. Real-time deepfake fraud is here to stay. On today’s Threat Vector, host David Moulton speaks with Daniel B. Rosenzweig, a leading data privacy and AI attorney, about the growing complexity of privacy compliance in the era of big data and artificial intelligence. Protecting your company…with a fat joke.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

Threat Vector

In this segment of Threat Vector, host David Moulton speaks with Daniel B. Rosenzweig, a leading data privacy and AI attorney, about the growing complexity of privacy compliance in the era of big data and artificial intelligence. Dan explains how businesses can build trust by aligning technical operations with legal obligations—what he calls “say what you do, do what you say.” They explore U.S. state privacy laws, global data transfer regulations, AI compliance, and the role of privacy-enhancing technologies. You can hear David and Daniel's full discussion on Threat Vector here and catch new episodes every Thursday on your favorite podcast app.

Kevin on the Street

Selected Reading

RSA Conference 2025 Announcements Summary (Day 1) (SecurityWeek)

ISMG Editors: Day 1 Overview of RSAC Conference 2025 (GovInfo Security)

ProjectDiscovery Named “Most Innovative Startup” at RSAC™ 2025 Conference Innovation Sandbox Contest (RSAC)

Krebs: People should be ‘outraged’ at efforts to shrink federal cyber efforts (The Record)

NSA, CISA top brass absent from RSA Conference (The Register)

Power Is Restored in Spain and Portugal After Widespread Outage (New York Times)

DOGE employees gain accounts on classified networks holding nuclear secrets (NPR)

New Framework Targets Rising Financial Crime Threats (GovInfo Security)

The Age of Realtime Deepfake Fraud Is Here (404 Media)

The one interview question that will protect you from North Korean fake workers (The Register)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Lights out, lines down.

Mon, 28 Apr 2025 20:10:00 -0000

A massive power outage strikes the Iberian Peninsula. Iran says it repelled a “widespread and complex” cyberattack targeting national infrastructure. Researchers find hundreds of SAP NetWeaver systems vulnerable to a critical zero-day. A British retailer tells warehouse workers to stay home following a cyberattack. VeriSource Services discloses a breach exposing personal data of four million individuals. Global automated scanning surged 16.7% in 2024. CISA discloses several critical vulnerabilities affecting Planet Technology’s industrial switches and network management products. A Greek court upholds a VPN provider’s no-logs policies. Law enforcement dismantles the JokerOTP phishing tool. Our guest is Tim Starks from CyberScoop with developments in the NSO Group trial. How Bad Scans and AI Spread a Scientific Urban Legend.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Special Edition

On our ⁠Microsoft for Startups⁠ Spotlight, brought to you by N2K CyberWire and Microsoft, we are shining a light on innovation, ambition, and the tech trailblazers building the future right from the startup trenches. This episode is part of our exclusive RSAC series where we dive into the real world impact of the Microsoft for Startups Founders Hub.

Along with Microsoft’s ⁠Kevin Magee⁠, Dave Bittner talks with an entrepreneur and startup veteran, and founders from three incredible startups who are part of the Founders Hub, each tackling big problems with even bigger ideas.

Dave and Kevin set the stage speaking with startup veteran and Cygenta co-founder FC about making the leap from hacker to entrepreneur. Dave and Kevin then speak with three founders: ⁠Matthew Chiodi⁠ of ⁠Cerby⁠, ⁠Travis Howerton⁠ of ⁠RegScale⁠, and ⁠Karl Mattson⁠ of ⁠Endor Labs⁠. So whether you are building your own startup or just love a good innovation story, listen in. For more information, visit the ⁠Microsoft for Startups website⁠.

CyberWire Guest

We are joined by Tim Starks from CyberScoop who is discussing Judge limits evidence about NSO Group customers, victims in damages trial

Selected Reading

Nationwide Power Outages in Portugal & Spain Possibly Due to Cyberattack (Cyber Security News)

Iran claims it stopped large cyberattack on country’s infrastructure (The Record)

400+ SAP NetWeaver Devices Vulnerable to 0-Day Attacks that Exploited in the Wild (Cyber Security News)

M&S warehouse workers told not to come to work following cyberattack (The Record)

4 Million Affected by VeriSource Data Breach (SecurityWeek)

Researchers Note 16.7% Increase in Automated Scanning Activity (Infosecurity Magazine)

Critical Vulnerabilities Found in Planet Technology Industrial Networking Products (SecurityWeek)

Court Dismisses Criminal Charges Against VPN Executive, Affirms No-Log Policy (Hackread)

JokerOTP Dismantled After 28,000 Phishing Attacks, 2 Arrested (Hackread)

A Strange Phrase Keeps Turning Up in Scientific Papers, But Why? (ScienceAlert)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Natali Tshuva: Impacting critical industries. [CEO] [Career Notes]

Sun, 27 Apr 2025 07:00:00 -0000

Please enjoy this encore episode of Career Notes.

CEO and co-founder of Sternum, Natali Tshuva shares how she took her interest in science and technology and made a career and company out of it. Beginning her computer science undergraduate degree at age 14 through a special program in Israel, Natali says it opened up a new world for her. Her required service in the IDF found Natali as a member of Unit 8200, the Israeli intelligence. In the Israeli corporate space following the IDF, Natali discovered how cybersecurity could actually create impact in the real world environment and found a way to combine her cybersecurity expertise with the passion to impact critical industries like the medical industry. Natali recommends that those entering the field get some hands-on experience and use your unique strengths to find a way to make the world a better place. We thank Natali for sharing her story.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Microsoft for Startups: The benefits of the cyber startup ecosystem. [Special Edition]

Sun, 27 Apr 2025 05:00:00 -0000

Welcome to the Microsoft for Startups Spotlight, brought to you by N2K CyberWire and Microsoft. In this episode, we are shining a light on innovation, ambition, and the tech trailblazers building the future right from the startup trenches. This episode is part of our exclusive RSAC series where we dive into the real world impact of the Microsoft for Startups Founders Hub.

Along with Microsoft’s Kevin Magee, Dave Bittner talks with an entrepreneur and startup veteran, and founders from three incredible startups who are part of the Founders Hub, each tackling big problems with even bigger ideas.

Dave and Kevin set the stage speaking with startup veteran and Cygenta co-founder FC about making the leap from hacker to entrepreneur. Dave and Kevin then speak with three founders: Matthew Chiodi of Cerby, Travis Howerton of RegScale, and Karl Mattson of Endor Labs. So whether you are building your own startup or just love a good innovation story, listen in. For more information, visit the Microsoft for Startups website.

Learn more about your ad choices. Visit megaphone.fm/adchoices

China’s new cyber arsenal revealed. [Research Saturday]

Sat, 26 Apr 2025 07:00:00 -0000

Today we are joined by Crystal Morin, Cybersecurity Strategist from Sysdig, as she is sharing their work on "UNC5174’s evolution in China’s ongoing cyber warfare: From SNOWLIGHT to VShell." UNC5174, a Chinese state-sponsored threat actor, has resurfaced with a stealthy cyber campaign using a new arsenal of customized and open-source tools, including a variant of their SNOWLIGHT malware and the VShell RAT.

Sysdig researchers discovered that the group targets Linux systems through malicious bash scripts, domain squatting, and in-memory payloads, indicating a high level of sophistication and espionage intent. Their evolving tactics, such as using spoofed domains and fileless malware, continue to blur attribution and pose a significant threat to research institutions, critical infrastructure, and NGOs across the West and Asia-Pacific regions.

The research can be found here:

UNC5174’s evolution in China’s ongoing cyber warfare: From SNOWLIGHT to VShell

Learn more about your ad choices. Visit megaphone.fm/adchoices

Pentagon hits fast-forward on software certs.

Fri, 25 Apr 2025 20:20:00 -0000

The Defense Department is launching a new fast-track software approval process. A popular employee monitoring tool exposes over 21 million real-time screenshots. The U.S. opens a criminal antitrust investigation into router maker TP-Link. A pair of health data breaches affect over six million people. South Korea’s SK Telecom confirms a cyberattack. A critical zero-day puts thousands of SAP applications at potential risk. Researchers raise concerns over AI agents performing unauthorized actions. “Policy Puppetry” can break the safety guardrails of all major generative AI models. New research tallies the high costs of data breaches. A preview of the RSAC Innovation Sandbox with Cecilia Marinier, Vice President at RSAC, and David Chen, Head of Global Technology Investment Banking at Morgan Stanley. Stocking hard drives full of human knowledge, just in case.

Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn

CyberWire Guest Cecilia Marinier, Vice President at RSAC, and David Chen, Head of Global Technology Investment Banking at Morgan Stanley, sit down with Dave to discuss the Innovation Sandbox Contest 2025.

Selected Reading Acting Pentagon CIO Signing Off on New, Faster Cyber Rules for Contractors (airandspaceforces)

Top employee monitoring app leaks 21 million screenshots on thousands of users (TechRadar)

Router Maker TP-Link Faces US Criminal Antitrust Investigation (bloomberg)

Yale New Haven Health Notifying 5.5 Million of March Hack (bankinfosecurity)

Frederick Health data breach impacts nearly 1 million patients (BleepingComputer)

Hackers access sensitive SIM card data at South Korea's largest telecoms company (bitdefender)

SAP Zero-Day Possibly Exploited by Initial Access Broker (SecurityWeek)

Chrome Extension Uses AI Engine to Act Without User Input (Infosecurity Magazine)

All Major Gen-AI Models Vulnerable to 'Policy Puppetry' Prompt Injection Attack (SecurityWeek)

US Data Breach Lawsuits Total $155M Amid Cybersecurity Failures (Infosecurity Magazine)

Sales of Hard Drives for the End of the World Boom Under Trump (404media)

Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Lessons from the latest breach reports.

Thu, 24 Apr 2025 20:10:00 -0000

Verizon and Mandiant call for layered defenses against evolving threats. Cisco Talos describes ToyMaker and Cactus threat actors. Researchers discover a major Linux security flaw which allows rootkits to bypass traditional detection methods. Ransomware groups are experimenting with new business models. Deputy Assistant Director Cynthia Kaiser from the FBI Cyber Division shares the latest on Salt Typhoon. Global censorship takes a coffee break.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Dave sits down with Deputy Assistant Director Cynthia Kaiser from the FBI Cyber Division who shares a PSA on Salt Typhoon.

Selected Reading

2025 Data Breach Investigations Report (Verizon)

Mandiant M-Trends 2025 Report (Mandiant)

Introducing ToyMaker, an initial access broker working in cahoots with double extortion gangs (Ciso Talos)

Linux 'io_uring' security blindspot allows stealthy rootkit attacks (bleepingcomputer)

Ransomware groups test new business models to hit more victims, increase profits (the record)

Cloudflare: Government-backed internet shutdowns plummet to zero in first quarter (the record)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

States struggle with cyber shift.

Wed, 23 Apr 2025 20:20:00 -0000

The White House’s shift of cybersecurity responsibilities to the states is met with skepticism. Baltimore City Public Schools suffer a ransomware attack. Russian state-backed hackers target Dutch critical infrastructure. Microsoft resolves multiple Remote Desktop issues. A new malware campaign is targeting Docker environments for cryptojacking. A new phishing campaign uses weaponized Word documents to steal Windows login credentials. Zyxel Networks issues critical patches for two high-severity vulnerabilities. CISA issues five advisories highlighting critical vulnerabilities in ICS systems. Our guest is Deputy Assistant Director Cynthia Kaiser from the FBI Cyber Division, sharing the findings of their latest IC3 report. So long, Privacy Sandbox.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Deputy Assistant Director Cynthia Kaiser from the FBI Cyber Division, as she is sharing the findings of their latest IC3 report.

Selected Reading

Trump is shifting cybersecurity to the states, but many aren’t prepared (Stateline)

Baltimore City Public Schools report data breach (beyondmachines)

Russia attempting cyber sabotage attacks against Dutch critical infrastructure (record)

Microsoft fixes Remote Desktop freezes caused by Windows updates (bleepingcomputer)

New Malware Hijacking Docker Images with Unique Obfuscation Technique (cybersecuritynews)

Hackers Exploit Weaponized Word Docs to Steal Windows Login Credentials (gbhackers)

Kelly Benefits Data Breach Impacts 260,000 People (SecurityWeek)

Data Breach at Onsite Mammography Impacts 350,000 (SecurityWeek)

Zyxel Patches Privilege Management Vulnerabilities in USG FLEX H Series Firewalls (cybersecuritynews)

CISA Releases Five Advisories Covering ICS Vulnerabilities & Exploits (cybersecuritynews)

RIP to the Google Privacy Sandbox (The Register)

2024 IC3 ANNUAL REPORT

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Proton66’s malware highway.

Tue, 22 Apr 2025 20:10:00 -0000

The Russian Proton66 is tied to cybercriminal bulletproof hosting services. A new Rust-based botnet hijacks vulnerable routers. CISA budget cuts limit the use of popular analysis tools. A pair of healthcare providers confirm ransomware attacks. Researchers uncover the Scallywag ad fraud network. The UN warns of cyber-enabled fraud in Southeast Asia expanding at an industrial scale. Fog ransomware resurfaces and points a finger at DOGE. The cybercrime marketplace Cracked relaunches under a new domain. On our Industry Voices segment, Bob Maley, CSO of Black Kite, shares insights on the growing risk of third-party cyber incidents. Taking the scenic route through Europe's digital landscape.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Kim Jones, the new Host of CISO Perspectives podcast, previewing the latest episode where Kim is joined by Larry Whiteside Jr. discussing “Are we a trade or a profession?”

Industry Voices

On our Industry Voices segment, Bob Maley, CSO of Black Kite, sharing insights on the growing risk of third-party cyber incidents.

Selected Reading

Many Malware Campaigns Linked to Proton66 Network (SecurityWeek)

New Rust Botnet Hijacking Routers to Inject Commands Remotely (Cyber Security News)

CISA Issues Warning Against Using Censys, VirusTotal in Threat Hunting Ops (GB Hackers)

Two Healthcare Orgs Hit by Ransomware Confirm Data Breaches Impacting Over 100,000 (SecurityWeek)

Scalllywag Ad Fraud Network Generates 1.4 Billion Bid Requests Daily (Infosecurity Magazine)

$40bn Southeast Asian Scam Sector Growing “Like a Cancer” (Infosecurity Magazine)

Fog ransomware notes troll with DOGE references, bait insider attacks (SC World)

Reborn: Cybercrime Marketplace Cracked Appears to Be Back (BankInfo Security)

Nemesis darknet market founder indicted for years-long “borderless powerhouse of criminal activity” (Cybernews)

Digital Weaning Guide from the United States (Dagbladet Information)

Two top cyber officials resign from CISA (The Record)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

When fake fixes hide real attacks.

Mon, 21 Apr 2025 20:10:00 -0000

Adversary nations are using ClickFix in cyber espionage campaigns. Japan’s Financial Services Agency issues an urgent warning after hundreds of millions in unauthorized trades. The critical Erlang/OTP’s SSH vulnerability now has public exploits. A flawed rollout of a new Microsoft Entra app triggers widespread account lockouts. The alleged operator of SmokeLoader malware faces federal hacking charges. A new scam blends social engineering, malware, and NFC tech to drain bank accounts. GSA employees may have been oversharing sensitive documents. Yoni Shohet, Co-Founder and CEO of Valence Security, who cautions financial organizations of coming Chinese open source AI. Crosswalks in the crosshairs of satirical hacking.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

We are joined by Yoni Shohet, Co-Founder and CEO of Valence Security, discussing how the onslaught of more open source AI tools coming out of China will be difficult to manage for companies especially those in the financial sector.

Selected Reading

North Korea, Iran, Russia-Backed Hackers Deploy ClickFix in New Attacks (Hackread)

Countries Shore Up Their Digital Defenses as Global Tensions Raise the Threat of Cyberwarfare (SecurityWeek)

Japan warns of hundreds of millions of dollars in unauthorized trades from hacked accounts (The Record)

Critical Erlang/OTP SSH RCE bug now has public exploits, patch now (Bleeping Computer)

Widespread Microsoft Entra lockouts tied to new security feature rollout (Bleeping Computer)

Alleged SmokeLoader malware operator facing federal charges in Vermont (The Record)

New payment-card scam involves a phone call, some malware and a personal tap (The Record)

Sensitive files, including White House floor plans, shared with thousands (The Washington Post)

Hacking US crosswalks to talk like Zuck is as easy as 1234 (The Register)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Rich Hale: Understanding the data. [CTO] [Career Notes]

Sun, 20 Apr 2025 07:00:00 -0000

Please enjoy this encore episode of Career Notes.

Chief Technology Officer of ActiveNav Rich Hale takes us through his career aspirations of board game designer (one he has yet to realize), through his experience with the Royal Air Force to the commercial sector where his firm works to secure dark data. During his time in the Air Force, Rich was fortunate to serve on a wide range of different platforms from training aircraft to bombers, and all the way into procurement and policy. Transitioning to the commercial sector, Rich notes he was well prepared for some aspects, but lacking in some he's made up on his own. Rich likes to lead with vision and empower his teams. He counsels that you should not fear making a career change, but be sure to look twice before making the leap. We thank Rich for sharing his story with us.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Crafting malware with modern metals. [Research Saturday]

Sat, 19 Apr 2025 07:00:00 -0000

This week, we are joined by Nick Cerne, Security Consultant from Bishop Fox, to discuss "Rust for Malware Development." In pursuit of simulating real adversarial tactics, this blog explores the use of Rust for malware development, contrasting it with C in terms of binary complexity, detection evasion, and reverse engineering challenges.

The author demonstrates how Rust's inherent anti-analysis traits and memory safety features can create more evasive malware tooling, including a simple dropper that injects shellcode using lesser-known Windows APIs. Through hands-on comparisons and decompiled output analysis, the post highlights Rust’s growing appeal in offensive security while noting key OPSEC considerations and tooling limitations.

The research can be found here:

Rust for Malware Development

Learn more about your ad choices. Visit megaphone.fm/adchoices

SSH-attered trust.

Fri, 18 Apr 2025 20:10:00 -0000

A critical vulnerability in Erlang/OTP SSH allows unauthenticated remote code execution. There’s a bipartisan effort to renew a key cybersecurity info sharing law. A newly discovered Linux kernel vulnerability allows local attackers to escalate privileges. A researcher uncovers 57 risky Chrome extensions with a combined 6 million users. AttackIQ shares StrelaStealer simulations. A major live events service provider notifies employees and customers of a data breach. CISA warns of an actively exploited SonicWall vulnerability. An airport retailer agrees to a multi-million dollar settlement stemming from a ransomware attack. A preview of RSAC 2025 with Linda Gray Martin and Britta Glade. Zoom-a-zoom zoom, it’s always DNS.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today Dave sits down with Linda Gray Martin, Chief of Staff, and Britta Glade, SVP of Content and Communities, from RSAC sharing what is new at RSAC 2025.

Selected Reading

Critical Erlang/OTP SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch now (Bleeping Computer)

Bipartisan duo wants to renew 10-year-old cyberthreat information sharing law (The Record)

Linux Kernel Vulnerability Let Attackers Escalate Privilege – PoC Released (Cyber Security News)

Chrome extensions with 6 million installs have hidden tracking code (Bleeping Computer)

Emulating the Stealthy StrelaStealer Malware (AttackIQ)

Live Events Giant Legends International Hacked (SecurityWeek)

CISA tags SonicWall VPN flaw as actively exploited in attacks (Bleeping Computer)

Airport retailer agrees to $6.9 million settlement over ransomware data breach (The Record)

Global Zoom Outage Caused by Server Block Imposed from GoDaddy Registry (Cyber Security News)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Microsoft squashes windows server bug.

Thu, 17 Apr 2025 20:20:00 -0000

Microsoft issues emergency updates for Windows Server. Apple releases emergency security updates to patch two zero-days. CISA averts a CVE program disruption. Researchers uncover Windows versions of the BrickStorm backdoor. Atlassian and Cisco patch several high-severity vulnerabilities. An Oklahoma cybersecurity CEO is charged with hacking a local hospital. A Fortune 500 financial firm reports an insider data breach. Researchers unmask IP addresses behind the Medusa Ransomware Group. CISA issues a warning following an Oracle data breach. On our Industry Voices segment, we are joined by Rob Allen, Chief Product Officer at ThreatLocker, to discuss a layered approach to zero trust. Former CISA director Chris Krebs steps down from his role at SentinelOne.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

Industry Voices

On our Industry Voices segment, we are joined by Rob Allen, Chief Product Officer at ThreatLocker, to discuss a layered approach to zero trust.

Selected Reading

New Windows Server emergency updates fix container launch issue (Bleeping Computer)

Apple fixes two zero-days exploited in targeted iPhone attacks (Bleeping Computer)

CISA Throws Lifeline to CVE Program with Last-Minute Contract Extension (Infosecurity Magazine)

MITRE Hackers' Backdoor Has Targeted Windows for Years (SecurityWeek)

Vulnerabilities Patched in Atlassian, Cisco Products (SecurityWeek)

Edmond cybersecurity CEO accused in major hack at hospital (KOCO News)

Fortune 500 firm's ex-employee exposes thousands of clients (Cybernews)

Researchers Deanonymized Medusa Ransomware Group's Onion Site (Cyber Security News)

CISA warns of potential data breaches caused by legacy Oracle Cloud leak (The Record)

Krebs Exits SentinelOne After Security Clearance Pulled (SecurityWeek)

The top 10 ThreatLocker policies for 2025 (ThreatLocker)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

CVE program gets last-minute lifeline.

Wed, 16 Apr 2025 20:10:00 -0000

The CVE program gets a last-minute reprieve. A federal whistleblower alleges a security breach at the NLRB. Texas votes to spin up their very own Cyber Command. BreachForums suffers another takedown. A watchdog group sues the federal government over SignalGate allegations. The SEC Chair reveals a 2016 hack. ResolverRAT targets the healthcare and pharmaceutical sectors worldwide. Microsoft warns of blue screen crashes following recent updates. On our CertByte segment, Chris Hare is joined by Troy McMillan to break down a question targeting the EC-Council® Certified Ethical Hacker (CEH) exam. 4chan gets Soyjacked.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CertByte Segment

Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare, a content developer and project management specialist at N2K. In each segment, Chris is joined by an N2K Content Developer to help illustrate the learning. This week, Chris is joined by Troy McMillan to break down a question targeting the EC-Council® Certified Ethical Hacker (CEH) exam. Today’s question comes from N2K’s EC-Council Certified Ethical Hacker CEH (312-50) Practice Test.

Have a question that you’d like to see covered? Email us at certbyte@n2k.com. If you're studying for a certification exam, check out N2K’s full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify.To get the full news to knowledge experience, learn more about our N2K Pro subscription at https://thecyberwire.com/pro.

Please note: The questions and answers provided here, and on our site, are not actual current or prior questions and answers from these certification publishers or providers.

Selected Reading

Funding Expires for Key Cyber Vulnerability Database (Krebs on Security)

CISA extends funding to ensure 'no lapse in critical CVE services' (Bleeping Computer)

CVE Foundation (CVE Foundation)

NoVa govcon firm Mitre to lay off 442 employees after DOGE cuts contracts (Virginia Business)

Federal employee alleges DOGE activity resulted in data breach at labor board (NBC News)

Whistleblower claims DOGE took sensitive data - now he’s being hounded by threatening notes (CNN via YouTube)

New state agency to deal with cyber threats advances in Texas House (Texarkana Gazette)

BreachForums taken down by the FBI? Dark Storm hackers say they did it “for fun” (Cybernews)

Here’s What Happened to Those SignalGate Messages (WIRED)

After breach, SEC says hackers used stolen data to buy stocks (CNET)

New ResolverRAT malware targets pharma and healthcare orgs worldwide (Bleeping Computer)

Microsoft warns of blue screen crashes caused by April updates (Bleeping Computer)

Infamous message board 4chan taken down following major hack (Bleeping Computer)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

OCC breach jolts financial sector.

Tue, 15 Apr 2025 20:10:00 -0000

Some U.S. banks pause electronic communications with the OCC following a major breach of the agency’s email system. Uncertainty spreads at CISA. China accuses three alleged U.S. operatives of conducting cyberattacks during February’s Asian Games. Microsoft Teams suffers filesharing issues. Fraudsters use ChatGPT to create fake passports. Car rental giant Hertz confirms data stolen in last year’s Cleo breach. Researchers describe a novel process injection method called Waiting Thread Hijacking. A new macOS malware-as-a-service threat is being sold on underground forums. A UK man is sentenced to over eight years for masterminding the LabHost phishing platform. Kim Jones joins us with a preview of the newly relaunched CISO Perspective podcast. David Moulton from Unit 42 sits down with Rob Wright, Security News Director at Informa TechTarget for the latest Threat Vector. Fighting the flood of AI generated experts.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Kim Jones joins Dave to launch the newly rebranded CISO Perspectives—formerly CSO Perspectives. We’re excited to welcome a fresh voice to the mic as Kim takes the helm. In this premiere episode, he’s joined by Ed Adams for a candid conversation about the evolving role of the CISO and the big question on everyone’s mind: Is the cyber talent ecosystem broken? Tune in as Kim kicks off this next chapter—same mission, sharper focus, new perspective.

Threat Vector Segment

The cybersecurity industry is full of headlines, but are we paying attention to the right ones? In this segment of Threat Vector, host David Moulton, Director of Thought Leadership at Unit 42, sits down with Rob Wright, Security News Director at Informa TechTarget, to discuss the stories the industry overlooks, the overhyped AI security fears, and the real risks posed by certificate authorities. You can listen to the full conversation here and catch new episodes of Threat Vector each Thursday on your favorite podcast app.

Selected Reading

OCC Hack: JPMorgan, BNY Limit Information Sharing With Agency After Breach (Bloomberg)

CISA Braces for Major Workforce Cuts Amid Security Fears (BankInfo Security)

China Pursuing 3 Alleged US Operatives Over Cyberattacks During Asian Games (SecurityWeek)

Microsoft Teams File Sharing Outage, Users Unable to Share Files (Cyber Security News)

ChatGPT Image Generator Abused for Fake Passport Production (GB Hackers)

Hertz says personal, sensitive data stolen in Cleo attacks (The Register)

Waiting Thread Hijacking: A Stealthier Version of Thread Execution Hijacking (Check Point Research)

macOS Users Beware! Hackers Allegedly Offering Full System Control Malware for Rent (Cyber Security News)

LabHost Phishing Mastermind Sentenced to 8.5 Years (Infosecurity Magazine)

Virtual reality: The widely-quoted media experts who are not what they seem (Press Gazette)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

AI ambitions clash with cyber caution.

Mon, 14 Apr 2025 20:10:00 -0000

The Department of the Interior removes top cybersecurity and tech officials. The DOJ looks to block foreign adversaries from acquiring sensitive personal data of U.S. citizens. Microsoft issues emergency updates to fix an Active Directory bug. Hackers are installing stealth backdoors on FortiGate devices. Researchers warn of a rise in “Dangling DNS” attacks. A pair of class action lawsuits allege a major adtech firm secretly tracks users online without consent. Google is fixing a 20-year-old Chrome privacy flaw. The Tycoon2FA phishing-as-a-service platform continues to evolve. My guest is Tim Starks from CyberScoop, discussing the latest from CISA and Chris Krebs. Slopsquatting AI totally harshes the supply chain vibe.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Tim Starks from CyberScoop, and he is discussing the latest with CISA and Chris Krebs.

Selected Reading

Interior Department Ousts Key Cyber Leaders Amid DOGE Spat (Data Breach Today)

US Blocks Foreign Governments from Acquiring Citizen Data (Infosecurity Magazine)

Microsoft: New emergency Windows updates fix AD policy issues (Bleeping Origin)

Fortinet Issues Fixes After Attackers Bypass Patches to Maintain Access (Hackread)

Dangling DNS Attack Let Hackers Gain Control Over Organization’s Subdomain (Cyber Security News)

Two Lawsuits Allege The Trade Desk Secretly Violates Consumer Privacy Laws (AdTech)

Chrome 136 fixes 20-year browser history privacy risk (Bleeping Computer)

Tycoon2FA phishing kit targets Microsoft 365 with new tricks (Bleeping Computer)

AI Hallucinations Create a New Software Supply Chain Threat (SecurityWeek)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Jennifer Walsmith: Pioneering and defining possible. [Cyber Solutions] [Career Notes]

Sun, 13 Apr 2025 07:00:00 -0000

Please enjoy this encore of Career Notes.

Vice President for Cyber and Information Solutions within Mission Systems at Northrop Grumman, Jennifer Walsmith takes us on her pioneering career journey. Following in her father's footsteps at the National Security Agency, Jennifer began her career out of high school in computer systems analysis. Jennifer notes she saw the value of a college degree and at her parents' urging attended night school. She completed her bachelors in computer science at University of Maryland, Baltimore County with the support of the NSA. Jennifer talks about the support of her team at NSA where she was one of the first women to have a career and a family, raising two children while working. Upon retirement from government service, Jennifer chose an organization with values that closely matched her own and uses her position to help her team define possible where they sometimes think they can't. We thank Jennifer for sharing her story with us.

Learn more about your ad choices. Visit megaphone.fm/adchoices

The new malware on the block. [OMITB]

Sat, 12 Apr 2025 07:00:00 -0000

This week, we are sharing an episode of our monthly show, Only Malware in the Building. We invite you to join Dave Bittner and cohost Selena Larson as they explore "The new malware on the block."

Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by N2K Networks Dave Bittner —and our newest totally unbiased co-host, Archy, a highly sophisticated AI robot who swears they have no ulterior motives (but we’re keeping an eye on them just in case).

Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we talk about the latest shake-ups in the fake update threat landscape, including two new cybercriminal actors, fresh Mac malware, and the growing challenge of tracking these evolving campaigns.

Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA shrinks while threats grow.

Fri, 11 Apr 2025 20:20:00 -0000

CISA braces for widespread staffing cuts. Russian hackers target a Western military mission in Ukraine. China acknowledges Volt Typhoon. The U.S. signs on to global spyware restrictions. A lab supporting Planned Parenthood confirms a data breach. Threat actors steal metadata from unsecured Amazon EC2 instances. A critical WordPress plugin vulnerability is under active exploitation. A new analysis details a critical unauthenticated remote code execution flaw affecting Ivanti products. Joining us today is Johannes Ullrich, Dean of Research at SANS Technology Institute, with his take on "Vibe Security." Does AI understand, and does that ultimately matter?

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Joining us today is Johannes Ullrich, Dean of Research at SANS Technology Institute, discussing "Vibe Security," similar to “Vibe Coding” where security teams overly rely on AI to do their job.

Selected Reading

Trump administration planning major workforce cuts at CISA (The Record)

Cybersecurity industry falls silent as Trump turns ire on SentinelOne (Reuters)

Russian hackers attack Western military mission using malicious drive (Bleeping Computer)

China Admitted to US That It Conducted Volt Typhoon Attacks: Report (SecurityWeek)

US to sign Pall Mall pact aimed at countering spyware abuses (The Record)

US lab testing provider exposed health data of 1.6 million people (Bleeping Computer)

Amazon EC2 instance metadata targeted in SSRF attacks (SC Media)

Vulnerability in OttoKit WordPress Plugin Exploited in the Wild (SecurityWeek)

Ivanti 0-day RCE Vulnerability Exploitation Details Disclosed (Cyber Security News)

Experts Debate: Do AI Chatbots Truly Understand? (IEEE Spectrum)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Former cybersecurity officials lose clearances.

Thu, 10 Apr 2025 20:00:00 -0000

Trump targets former cybersecurity officials. Senator blocks CISA nominee over telecom security concerns. The acting head of NSA and Cyber Command makes his public debut. Escalation of Cyber Tensions in U.S.-China Trade Relations. Researchers evaluate the effectiveness of Large Language Models (LLMs) in automating Cyber Threat Intelligence. Hackers at Black Hat Asia pown a Nissan Leaf. A smart hub vulnerability exposes WiFi credentials. A new report reveals routers’ riskiness. Operation Endgames nabs SmokeLoader botnet users. Our guest is Anushika Babu, Chief Growth Officer at AppSecEngineer, joins us to discuss the creative ways people are using AI. The folks behind the Flipper Zero get busy.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Our guest is Anushika Babu, Chief Growth Officer at AppSecEngineer, joins us to discuss the creative ways people are using AI.

Selected Reading

Trump Signs Memorandum Revoking Security Clearance of Former CISA Director Chris Krebs (Zero Day)

Senator puts hold on Trump's nominee for CISA director, citing telco security 'cover up' (TechCrunch)

Infosec experts fear China could retaliate against tariffs with a Typhoon attack (The Register)

New US Cyber Command, NSA chief glides in first public appearance (The Record)

LARGE LANGUAGE MODELS ARE UNRELIABLE FOR CYBER THREAT INTELLIGENCE (ARXIG)

Nissan Leaf Hacked for Remote Spying, Physical Takeover (SecurityWeek)

TP-Link IoT Smart Hub Vulnerability Exposes Wi-Fi Credentials (Cyber Security News)

Study Identifies 20 Most Vulnerable Connected Devices of 2025 (SecurityWeek)

Authorities Seized Smokeloader Malware Operators & Seized Servers (Cyber Security News)

Flipper Zero maker unveils ‘Busy Bar,’ a new ADHD productivity tool (Bleeping Computer)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Major breach at the US Treasury’s OCC.

Wed, 09 Apr 2025 20:00:00 -0000

Treasury’s OCC reports a major email breach. Patch Tuesday updates. A critical vulnerability in AWS Systems Manager (SSM) Agent allowed attackers to execute arbitrary code with root privileges. Experts urge Congress to keep strict export controls to help slow China’s progress in AI. A critical bug in WhatsApp for Windows allows malicious code execution.CISA adds multiple advisories on actively exploited vulnerabilities. Insider threat allegations rock a major Maryland medical center. Microsoft’s Ann Johnson from Afternoon Cyber Tea is joined by Jack Rhysider, the creator and host of the acclaimed podcast Darknet Diaries. Feds Aim to Rewrite Social Security Code in Record Time.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

In this episode of Afternoon Cyber Tea, Ann Johnson is joined by Jack Rhysider, the creator and host of the acclaimed podcast Darknet Diaries. You can hear the full conversation here. Be sure to catch new episodes of Afternoon Cyber Tea every other Tuesday on N2K CyberWIre and your favorite podcast app.

Selected Reading

Treasury's OCC Says Hackers Had Access to 150,000 Emails (SecurityWeek)

Microsoft Fixes Over 130 CVEs in April Patch Tuesday (Infosecurity Magazine)

Vulnerabilities Patched by Ivanti, VMware, Zoom (SecurityWeek)

Fortinet Patches Critical FortiSwitch Vulnerability (SecurityWeek)

ICS Patch Tuesday: Vulnerabilities Addressed by Rockwell, ABB, Siemens, Schneider (SecurityWeek)

AWS Systems Manager Plugin Vulnerability Let Attackers Execute Arbitrary Code (Cyber Security News)

Tech experts recommend full steam ahead on US export controls for AI (CyberScoop)

Don't open that file in WhatsApp for Windows just yet (The Register)

CISA Warns of Microsoft Windows CLFS Vulnerability Exploited in Wild (Cyber Security News)

CISA Urges Urgent Patching for Exploited CentreStack, Windows Zero-Days (SecurityWeek)

Pharmacist accused of spying on women using work, home cams (The Register)

DOGE Plans to Rebuild SSA Code Base in Months, Risking Benefits and System Collapse (WIRED)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Using AI to sniff out opposition.

Tue, 08 Apr 2025 20:00:00 -0000

Is DOGE using AI to monitor federal employees? Google’s latest Android update addresses two zero-days. Scattered Spider continues its phishing and malware campaigns. Ransomware’s grip is slipping. ToddyCat exploits a critical flaw in ESET products. Oracle privately confirms a legacy system breach. Over 5,000 Ivanti Connect Secure appliances remain exposed online to a critical remote code execution vulnerability. CISA confirms active exploitation of a critical vulnerability in CrushFTP. In our Industry Voices segment, we are joined by Matt Radolec, VP of Incident Response at Varonis, on turning to gamers to to Build Resilient Cyber Teams. AI outphishes human red teams.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

In our Industry Voices segment, we are joined by Matt Radolec, VP of Incident Response, Cloud Operations & SE EU from Varonis, as he is discussing research on “From Gamer to Leader: How to Build Resilient Cyber Teams.” Catch Matt’s keynote at RSAC 2025 on April 30th.

Selected Reading

Exclusive: Musk's DOGE using AI to snoop on U.S. federal workers, sources say (Reuters)

Tariff Wars: The Technology Impact (BankInfo Security)

Google Patched Android 0-Day Vulnerability Exploited in the Wild (Cyber Security News)

Scattered Spider adds new phishing kit, malware to its web (The Register)

Ransomware Underground Faces Declining Relevance (BankInfo Security)

ESET Vulnerability Exploited for Stealthy Malware Execution (SecurityWeek)

Oracle Confirms that Hackers Broke Systems & Stole Client Login Credentials (Cyber Security News)

Exploited Vulnerability Puts 5,000 Ivanti VPN Appliances at Risk (SecurityWeek)

CISA Warns of CrushFTP Vulnerability Exploitation in the Wild (Infosecurity Magazine)

AI Outsmarts Human Red Teams in Phishing Tests (GovInfo Security)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

UK Apple showdown gonna be public.

Mon, 07 Apr 2025 20:00:00 -0000

UK court blocks government's attempt to keep Apple encryption case secret. Port of Seattle says last year's breach affected 90,000 people. Verizon Call Filter App flaw exposes millions' call records. Hackers hit Australian pension funds. A global threat hiding in plain sight. Cybercriminals are yelling CAPTCH-ya! Meta retires U.S. fact-checking program. Our guest today is Rob Boyce from Accenture and he’s discussing Advanced Persistent Teenagers (APTeens). And Google’s AI Goes Under the Sea.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Rob Boyce, Global Lead for Cyber Resilience at Accenture, joins to discuss Advanced Persistent Teenagers (APTeens). Advanced Persistent Teenagers (APTeens) have rapidly become a significant enterprise risk by demonstrating capabilities once limited to organized ransomware groups, the threat from juvenile, homegrown threat-actors has risen steadily.

Selected Reading

UK Effort to Keep Apple Encryption Fight Secret Blocked in Court (Bloomberg)

Port of Seattle says ransomware breach impacts 90,000 people (BleepingComputer)

Call Records of Millions Exposed by Verizon App Vulnerability (SecurityWeek)

Cybercriminals are trying to loot Australian pension accounts in new campaign (The Record)

NEPTUNE RAT Attacking Windows Users to Exfiltrate Passwords from 270+ Apps (Cyber Security News)

Threat Actors Using Fake CAPTCHAs and CloudFlare Turnstile to Deliver LegionLoader (Cyber Security News)

Meta ends its fact-checking program in the US later today, replaces it with Community Notes (Techspot)

Suspected Scattered Spider Hacker Pleads Guilty (SecurityWeek)

This Alphabet Spin-off Brings “Fishal Recognition” to Aquaculture (IEEE Spectrum)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Rick Howard: Give people resources. [CSO] [Career Notes]

Sun, 06 Apr 2025 07:00:00 -0000

Please enjoy this encore of Career Notes.

Chief Security Officer, Chief Analyst, and Senior Fellow at the CyberWire, Rick Howard, shares his travels through the cybersecurity job space. The son of a gold miner who began his career out of West Point in the US Army, Rick worked his way up to being the Commander of the Army's Computer Emergency Response Team. Rick moved to the commercial sector working for Bruce Schneier running Counterpane's global SOC. Rick's first CSO job was for Palo Alto Networks where he was afforded the opportunity to create the Cybersecurity Canon Hall of Fame and the Cyber Threat Alliance. Upon considering retirement, Rick called up on the CyberWire to ask about doing a podcast and he was hired on to the team. Rick shares a proud moment through a favorite story. We thank Rick for sharing his story with us.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Bybit’s $1.4B breach. [Research Saturday]

Sat, 05 Apr 2025 07:00:00 -0000

Zach Edwards from Silent Push is discussing their work on "New Lazarus Group Infrastructure, Acquires Sensitive Intel Related to $1.4B ByBit Hack and Past Attacks." Silent Push analysts uncovered significant infrastructure used by the Lazarus APT Group, linking them to the $1.4 billion Bybit crypto heist through the domain bybit-assessment[.]com registered just hours before the attack.

The investigation revealed a pattern of test entries, VPN usage, and fake job interview scams targeting crypto users, with malware deployment tied to North Korean threat actor groups like TraderTraitor and Contagious Interview. The team also identified numerous companies being impersonated in these scams, including major crypto platforms like Coinbase, Binance, and Kraken, to alert potential victims.

The research can be found here:

Silent Push Pivots into New Lazarus Group Infrastructure, Acquires Sensitive Intel Related to $1.4B ByBit Hack and Past Attacks

Learn more about your ad choices. Visit megaphone.fm/adchoices

A leadership shift.

Fri, 04 Apr 2025 20:10:00 -0000

President Trump fires the head of NSA and Cyber Command. The Health Sector Coordinating Council asks the White House to abandon Biden-era security updates. Senators introduce bipartisan legislation to help fight money laundering. A critical vulnerability has been discovered in the Apache Parquet Java library. The State Bar of Texas reports a ransomware-related data breach. New Android spyware uses a password-protected uninstallation method. A Chinese state-backed threat group exploits a critical Ivanti vulnerability for remote code execution. Today’s guest is Dave Dewalt, Founder and CEO of NightDragon, with the latest trends and outlook from cyber leaders. Malware masquerades as the tax man.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today’s guest is Dave Dewalt, Founder and CEO of NightDragon, sharing 2024 trends and a 2025 outlook.

Selected Reading

Haugh fired from leadership of NSA, Cyber Command (The Record)

Defense Sec Hegseth in Signalgate Pentagon watchdog probe (The Register)

HSCC Urges White House to Shift Gears on Health Cyber Regs (BankInfo Security)

Lawmakers seek to close loophole limiting Secret Service investigations into cyber laundering (The Record)

Critical Apache Parquet RCE Vulnerability Lets Attackers Run Malicious Code (Cyber Security News)

State Bar of Texas Says Personal Information Stolen in Ransomware Attack (SecurityWeek)

New Android Spyware That Asks Password From Users to Uninstall (TechCrunch)

Chinese State Hackers Exploiting Newly Disclosed Ivanti Flaw (Infosecurity Magazine)

Hackers Leveraging URL Shorteners & QR Codes for Tax-Related Phishing Attacks (Microsoft)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

The invisible force fueling cyber chaos.

Thu, 03 Apr 2025 20:10:00 -0000

A joint advisory labels Fast Flux a national security threat. Europol shuts down a major international CSAM platform. Oracle verifies a data breach. A new attack targets Apache Tomcat servers. The Hunters International group pivots away from ransomware. Hackers target Juniper routers using default credentials. A controversy erupts over a critical CrushFTP vulnerability. Johannes Ullrich, Dean of Research at SANS Technology Institute unpacks Next.js. Abracadabra, alakazam — poof! Your credentials are gone.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Johannes Ullrich, Dean of Research at SANS Technology Institute, is discussing Next.js and how similar problems have led to vulnerabilities recently.

Selected Reading

Fast Flux: A National Security Threat (CISA)

Don’t cut CISA personnel, House panel leaders say, as they plan legislation giving the agency more to do (CyberScoop)

CSAM platform Kidflix shut down by international operation (The Record)

AI Image Site GenNomis Exposed 47GB of Underage Deepfakes (Hackread)

Oracle tells clients of second recent hack, log-in data stolen, Bloomberg News reports (Reuters)

Hackers Exploiting Apache Tomcat Vulnerability to Steal SSH Credentials & Gain Server Control (Cyber Security News)

Hunters International Ransomware Gang Rebranding, Shifting Focus (SecurityWeek)

Hackers Actively Scanning for Juniper’s Smart Router With Default Password (Cyber Security News)

Details Emerge on CVE Controversy Around Exploited CrushFTP Vulnerability (SecurityWeek)

New Malware Attacking Magic Enthusiasts to Steal Login Credentials (Cyber Security News)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Chrome & Firefox squash the latest flaws.

Wed, 02 Apr 2025 20:10:00 -0000

Google and Mozilla patch nearly two dozen security flaws. The UK’s Royal Mail Group sees 144GB of data stolen and leaked. A bizarre campaign looks to recruit cybersecurity professionals to hack Chinese websites. PostgreSQL servers with weak credentials have been compromised for cryptojacking. Google Cloud patches a vulnerability affecting its Cloud Run platform. Oracle faces a class-action lawsuit over alleged cloud services data breaches. CISA releases ICS advisories detailing vulnerabilities in Rockwell Automation and Hitachi Energy products. General Paul Nakasone offers a candid assessment of America’s evolving cyber threats. On today’s CertByte segment, a look at the Cisco Enterprise Network Core Technologies exam. Are AI LLMs more like minds or mirrors?

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CertByte Segment

Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare, a content developer and project management specialist at N2K, we share practice questions from N2K’s suite of industry-leading certification resources, this week, Chris is joined by Troy McMillan to break down a question targeting the Cisco Enterprise Network Core Technologies (350-401 ENCOR) v1.1 exam. Today’s question comes from N2K’s Cisco CCNP Implementing and Operating Cisco Enterprise Network Core Technologies ENCOR (350-401) Practice Test.

The ENCOR exam enables candidates to earn the Cisco Certified Specialist - Enterprise Core certification, which can also be used to meet exam requirements for several other Cisco certifications.

Please note: The questions and answers provided here, and on our site, are not actual current or prior questions and answers from these certification publishers or providers.

Additional source: https://www.cisco.com/site/us/en/learn/training-certifications/exams/encor.html

Selected Reading

Chrome 135, Firefox 137 Patch High-Severity Vulnerabilities (SecurityWeek)

Royal Mail Group Loses 144GB to Infostealers: Same Samsung Hacker, Same 2021 Infostealer Log (Infostealers)

Someone is trying to recruit security researchers in bizarre hacking campaign (TechCrunch)

Ongoing cryptomining campaign hits over 1.5K PostgreSQL servers (SC Media)

ImageRunner Flaw Exposed Sensitive Information in Google Cloud (SecurityWeek)

Google Brings End-to-End Encrypted Emails to All Enterprise Gmail Users (SecurityWeek)

Oracle now faces class action amid alleged data breaches (The Register)

CISA Releases Two ICS Advisories for Vulnerabilities, & Exploits Surrounding ICS (Cyber Security News)

Exclusive: Gen. Paul Nakasone says China is now our biggest cyber threat (The Record)

Large AI models are cultural and social technologies (Science)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Hackers beware, fines are in the air.

Tue, 01 Apr 2025 20:10:00 -0000

The UK unveils the full scope of its upcoming Cyber Security and Resilience Bill. Apple warns of critical zero-day vulnerabilities under active exploitation. The InterLock ransomware group claims responsibility for a cyberattack on National Presto Industries. Microsoft flags a critical vulnerability in Canon printer drivers. Check Point Software confirms a data breach. The FTC warns 23andMe’s bankruptcy trustees to uphold their privacy obligations. A Canadian hacker has been arrested and charged for allegedly breaching systems tied to the Texas Republican Party. A GCHQ intern pleads guilty to stealing top-secret data. On our Threat Vector segment, host David Moulton from Palo Alto Networks speaks with Richu Channakeshava, Senior Product Manager at Palo Alto Networks, about the urgent need for organizations to prepare for a post-quantum world. The confabulous hallucinations of AI.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

Threat Vector Segment

Host David Moulton from Palo Alto Networks Threat Vector podcast asks “Is the Quantum Threat Closer Than You Think?” on the latest segment of Threat Vector. Quantum computing is advancing fast, and with it comes a major cybersecurity risk—the potential to break today’s encryption standards. David speaks with Richu Channakeshava, Senior Product Manager at Palo Alto Networks, about the urgent need for organizations to prepare for a post-quantum world. You can catch the full discussion here. Be sure to listen to new episodes of Threat Vector every Thursday on your favorite podcast app.

Selected Reading

UK threatens £100K-a-day fines under new cyber bill (The Register)

Apple Warns of Three 0-Day Vulnerabilities Actively Exploited in Attacks (Cyber Security News)

Ransomware Group Takes Credit for National Presto Industries Attack (SecurityWeek)

Critical Vulnerability Found in Canon Printer Drivers (SecurityWeek)

Check Point Acknowledges Data Breach, Claims Information is 'Old (Cyber Security News)

FTC: 23andMe's Buyer Must Uphold Co.'s Data Privacy Pledge (BankInfo Security)

Canadian hacker arrested for allegedly stealing data from Texas Republican Party (The Record)

GCHQ intern took top secret spy tool home, now faces prison (The Register)

A Peek Into How AI 'Thinks' - and Why It Hallucinates (GovInfo Security)

Why Confabulation, Not Hallucination, Defines AI Errors (Integrative Psych)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Ransom demands and medical data for sale.

Mon, 31 Mar 2025 20:20:00 -0000

A cyberattack targeting Oracle Health compromises patient data. The DOJ nabs over $8 million tied to romance scams. Trend Micro examines a China-linked APT group conducting cyber-espionage. A new Android banking trojan called Crocodilus has emerged. North Korea’s Lazarus Group targets job seekers in the crypto industry. CISA IDs a new malware variant targeting Ivanti Connect Secure appliances. Maria Varmazis, host of N2K’s T-Minus Space Daily show chats with Jake Braun, former White House Principal Deputy National Cyber Director and chairman of DEF CON Franklin. They discuss designating space as critical infrastructure. Nulling out your pizza payment.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Maria Varmazis, host of N2K’s T-Minus Space Daily show sits down with Jake Braun, former White House Principal Deputy National Cyber Director and chairman of DEF CON Franklin, and they discuss designating space as critical infrastructure and sharing an overview of its attack surface.

Selected Reading

Oracle Health breach compromises patient data at US hospitals (Bleeping Computer)

Oracle Warns Health Customers of Patient Data Breach (Bloomberg)

Critical Condition: Legacy Medical Devices Remain Easy Targets for Ransomware (SecurityWeek)

U.S. seized $8.2 million in crypto linked to 'Romance Baiting' scams (Bleeping Computer)

DOJ Seizes USD 8.2M Tied to Pig Butchering Scheme (TRM Labs)

Earth Alux Hackers Employ VARGIET Malware to Attack Organizations (Cyber Security News)

'Crocodilus' Android Banking Trojan Allows Device Takeover, Data Theft (SecurityWeek)

ClickFake Interview – Lazarus Hackers Exploit Windows and macOS Users Fake Job Campaign (Cyber Security News)

CISA Analyzes Malware Used in Ivanti Zero-Day Attacks (SecurityWeek)

How A Null Character Was Used to Bypass Payments (System Weakness on Medium)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Alyssa Miller: We have to elevate others. [BISO] [Career Notes]

Sun, 30 Mar 2025 07:00:00 -0000

Please enjoy this encore episode of Career Notes.

Business Information Security Officer at S&P Global Ratings, Alyssa Miller, joins us to talk about her journey to become a champion to create a welcoming nature and acceptance of diversity in the cybersecurity community. Starting her first full-time tech position while still in college, Alyssa noted the culture shock being in both worlds. Entering as a programmer and then moving to pen testing where she got her start in security, Alyssa grew into a leader who is committed to elevating those around her. Some stumbling blocks along the way gave her pause and helped point her in her current role where Alyssa works to bring more diverse views to improve the problem-solving in the space, something she sees as a key to success for the industry. We thank Alyssa for sharing her story with us.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Breaking barriers, one byte at a time. [Research Saturday]

Sat, 29 Mar 2025 07:00:00 -0000

This week, we are joined by Jon Williams, Vulnerability Researcher from Bishop Fox, discussing "Tearing Down (Sonic)Walls: Decrypting SonicOSX Firmware." Bishop Fox researchers reverse-engineered the encryption protecting SonicWall SonicOSX firmware, enabling them to access its underlying file system for security research.

They presented their process and findings at DistrictCon Year 0 and released a tool called Sonicrack to extract keys from VMware virtual machine bundles, facilitating the decryption of VMware NSv firmware images. This research builds upon previous work, including techniques to decrypt static NSv images and reverse-engineer other encryption formats used by SonicWall.

The research can be found here:

Tearing Down (Sonic)Walls: Decrypting SonicOSX Firmware

Learn more about your ad choices. Visit megaphone.fm/adchoices

New sandbox escape looks awfully familiar.

Fri, 28 Mar 2025 20:10:00 -0000

Mozilla patches Firefox flaw similar to actively exploited Chrome vulnerability. Russia-based RedCurl gang deploys ransomware for the first time. Ukraine's railway operator recovers from cyberattack. India cracks down on Google’s billing monopoly. Morphing Meerkat's phishing kit abuses DNS mail exchange records. 300,000 attacks in three weeks. Our guest is Chris Wysopal, Founder and Chief Security Evangelist of Veracode, who sits down with Dave to discuss the increase in the average fix time for security flaws. And Liz Stokes joins with another Fun Fact Friday.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Chris Wysopal, Founder and Chief Security Evangelist of Veracode, discussing increase in the average fix time for security flaws and percent of organizations that carry critical security debt for longer than a year.

Selected Reading

After Chrome patches zero-day used to target Russians, Firefox splats similar bug (The Register)

Microsoft fixes Remote Desktop issues caused by Windows updates (Bleeping Computer)

Firefox fixes flaw similar to Chrome zero-day used against Russian organizations (The Record)

RedCurl's Ransomware Debut: A Technical Deep Dive (Bitdefender)

Ukraine’s state railway restores online ticket sales after major cyberattack (The Record)

Google App Store Billing Policy Anti-Competitive, India Court Rules (Bloomberg)

Morphing Meerkat PhaaS Platform Spoofs 100+ Brands - Infosecurity Magazine (Infosecurity Magazine)

Fresh Grandoreiro Banking Trojan Campaigns Target Latin America, Europe (SecurityWeek)

Malware distributed via fake DeepSeek ads on Google (SC Media)

GorillaBot Attacks Windows Devices With 300,000+ Attack Commands Across 100+ Countries (Cyber Security News)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

FamousSparrow’s sneaky resurgence.

Thu, 27 Mar 2025 20:20:00 -0000

China’s FamousSparrow is back. A misconfigured Amazon S3 bucket exposes data from an Australian fintech firm. Researchers uncover a sophisticated Linux-based backdoor targeting industrial systems. Infiltrating the BlackLock Ransomware group’s infrastructure. Solar inverters in the security spotlight. Credential stuffing gets automated. CISA updates the Known Exploited Vulnerabilities catalog. The UK’s NCA warns of online groups involved in sadistic cybercrime and real-world violence. Authorities arrest a dozen individuals linked to the now-defunct Ghost encrypted communication platform. Our guest is Tal Skverer, Research Team Lead from Astrix, discussing the OWASP NHI Top 10 framework. Remembering our friend Matt Stephenson.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

We are joined by Tal Skverer, Research Team Lead from Astrix, who is discussing the OWASP NHI Top 10 framework and how teams can use these as they implement NHIs into their systems.

Selected Reading

Chinese Spy Group FamousSparrow Back with a Vengeance, Targets US (Infosecurity Magazine)

Aussie Fintech Vroom Exposes Thousands of Records After AWS Misconfiguration (HackRead)

New Sophisticated Linux Backdoor Targets OT Systems via 0-Day RCE Exploit (GB Hackers)

Blacklock Ransomware: A Late Holiday Gift with Intrusion into the Threat Actor's Infrastructure (Resecurity)

Dozens of solar inverter flaws could be exploited to attack power grids (Bleeping Computer)

Threat Actors Using Powerful Cybercriminal Weapon 'Atlantis AIO' to Automate Credential Stuffing Attacks (Cyber Security News)

CISA Adds of Sitecore CMS Code Execution Vulnerability to List of Known Exploited Vulnerabilities (Cyber Security News)

NCA Warns of Sadistic Online “Com” Networks (Infosecurity Magazine)

12 Cybercriminals Arrested Following Takedown of Ghost Communication Platform (Cyber Security News)

Matt Stephenson remembrance (LinkedIn)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

No click, all tricks.

Wed, 26 Mar 2025 20:10:00 -0000

Researchers uncover a new Windows zero-day. A covert Chinese-linked network targets recently laid-off U.S. government workers. Malicious npm packages are found injecting persistent reverse shell backdoors. A macOS malware loader evolves. DrayTek router disruptions affect users worldwide. A new report warns of growing cyber risks to the commercial space sector. CISA issues four ICS advisories. U.S. Marshals arrest a key suspect in a multi million dollar cryptocurrency heist. Our guest is Brian Levine, Co-Founder and CEO of FormerGov.com, speaking about creating a networking directory for former government and military professionals. The UK’s NCSC goes full influencer to promote 2FA.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Brian Levine, Co-Founder and CEO of FormerGov.com, speaking about the importance of networking and creating a directory for former government and military professionals.

Selected Reading

New Windows 0-Day Vulnerability Let Remote Attackers Steal NTLM Credentials - Unofficial Patch (cybersecuritynews)

Exclusive: Secretive Chinese network tries to lure fired federal workers, research shows (Reuters)

New npm attack poisons local packages with backdoors (bleepingcomputer)

macOS Users Warned of New Versions of ReaderUpdate Malware (securityweek)

DrayTek Routers Vulnerability Exploited in the Wild – Possibly Links to Reboot Loop (cybersecuritynews)

ENISA Probes Space Threat Landscape in New Report (Infosecurity Magazine)

CISA Warns of Four Vulnerabilities, and Exploits Surrounding ICS (cybersecuritynews)

Crypto Heist Suspect "Wiz" Arrested After $243 Million Theft (hackread)

NCSC taps influencers to make 2FA go viral (The Register)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

The nightmare you can’t ignore.

Tue, 25 Mar 2025 20:10:00 -0000

Critical Remote Code Execution vulnerabilities affect Kubernetes controllers. Senior Trump administration officials allegedly use unsecured platforms for national security discussions. Even experts like Troy Hunt get phished. Google acknowledges user data loss but doesn’t explain it. Chinese hackers spent four years inside an Asian telecom firm. SnakeKeylogger is a stealthy, multi-stage credential-stealing malware. A cybercrime crackdown results in over 300 arrests across seven African countries. Ben Yelin, Caveat co-host and Program Director, Public Policy & External Affairs at the University of Maryland Center for Health and Homeland Security, joins to discuss the Signal national security leak. Pew Research Center figures out how its online polling got slightly forked.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

We are joined by Ben Yelin, Caveat co-host and Program Director, Public Policy & External Affairs at the University of Maryland Center for Health and Homeland Security, on the Signal national security leak.

Selected Reading

IngressNightmare: critical Kubernetes vulnerabilities in ingress NGINX controller (Beyond Machines)

Remote Code Execution Vulnerabilities in Ingress NGINX (Wiz)

Ingress-nginx CVE-2025-1974: What You Need to Know (Kubernetes)

Trump administration is reviewing how its national security team sent military plans to a magazine editor (NBC News)

The Trump Administration Accidentally Texted Me Its War Plans (The Atlantic)

How Russian Hackers Are Exploiting Signal 'Linked Devices' Feature for Real-Time Spying (SecurityWeek)

Troy Hunt: A Sneaky Phish Just Grabbed my Mailchimp Mailing List (Troy Hunt)

'Technical issue' at Google deletes some customer data (The Register)

Chinese hackers spent four years inside Asian telco’s networks (The Record)

Multistage Info Stealer SnakeKeylogger Attacking Individuals and Businesses to Steal Logins (Cyber Security News)

Over 300 arrested in international crackdown on cyber scams (The Record)

How a glitch in an online survey replaced the word ‘yes’ with ‘forks’ (Pew Research)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Scammers celebrate with a bang.

Mon, 24 Mar 2025 20:10:00 -0000

Money laundering runs rampant in Cambodia. Privacy advocates question a new data sharing EO from the White House. An NYU website hack exposes the data of millions. A game demo gets pulled from Steam after users report infostealing malware. The Cloak ransomware group claims a cyberattack on the Virginia Attorney General’s Office. 23andMe files for Chapter 11 bankruptcy. Medusa ransomware is using a malicious driver to disable security tools on infected systems. Clearview AI settles a class-action lawsuit over privacy violations. A look back at the CVE program. In today’s Industry Voices segment, we are joined by Joe Ryan, Head of Customer Enablement at Maltego Technologies, who is highlighting how to help analysts in resource-constrained environments overcome training gaps and use investigative tools more effectively. Luring AI bots into the digital labyrinth.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

In today’s Industry Voices segment, we are joined by Joe Ryan, Head of Customer Enablement at Maltego Technologies, who is highlighting how to help analysts in resource-constrained environments overcome training gaps and use investigative tools more effectively.

Selected Reading

How Scammers Launder Money and Get Away With It (New York Times)

Trump order on information sharing appears to have implications for DOGE and beyond (The Record)

Over 3 million applicants’ data leaked on NYU’s website (Washington Square News)

Steam pulls game demo infecting Windows with info-stealing malware (Bleeping Computer)

Ransomware Group Claims Attack on Virginia Attorney General’s Office (SecurityWeek)

23andMe Files for Bankruptcy Amid Concerns About Security of Customers’ Genetic Data (New York Times)

Medusa Ransomware Uses Malicious Driver to Disable Security Tools (SecurityWeek)

Clearview AI settles class-action privacy lawsuit worth an estimated $50 million (The Record)

Despite challenges, the CVE program is a public-private partnership that has shown resilience (CyberScoop)

Trapping misbehaving bots in an AI Labyrinth (Cloudflare)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Andrew Hammond: Understanding the plot. [Historian and Curator] [Career Notes]

Sun, 23 Mar 2025 19:00:00 -0000

Please enjoy this encore of Career Notes.

Historian and Curator at the International Spy Museum. Dr. Andrew Hammond, shares how he came to share the history of espionage and intelligence as a career. Starting out in the Royal Air Force when 9/11 happened, Andrew found himself trying to understand what was going on in the world. Studying history and international relations gave him some perspective and led him on his career path which included an introduction to museum industry at the 9/11 Museum. After a stint in academia in the UK, Andrew found his way back to the US and eventually ended up at the International Spy Museum in Washington, DC. He said one of the "greatest parts of the job being able to engage with the artifacts" and share their stories. We thank Andrew for sharing his story with us.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Excel-lerating cyberattacks. [Research Saturday]

Sat, 22 Mar 2025 07:00:00 -0000

This week, we are joined by Tom Hegel, Principal Threat Researcher from SentinelLabs research team, to discuss their work on "Ghostwriter | New Campaign Targets Ukrainian Government and Belarusian Opposition." The latest Ghostwriter campaign, linked to Belarusian government espionage, is actively targeting Ukrainian military and government entities as well as Belarusian opposition activists using weaponized Excel documents.

The research can be found here:

Ghostwriter | New Campaign Targets Ukrainian Government and Belarusian Opposition

Learn more about your ad choices. Visit megaphone.fm/adchoices

Brute force and broken trust.

Fri, 21 Mar 2025 20:10:00 -0000

Over 150 government database servers are dangerously exposed to the internet. Threat actors are exploiting a vulnerability in CheckPoint’s ZoneAlarm antivirus software. Albabat ransomware goes cross-platform. ESET reports on the Chinese Operation FishMedley campaign. VanHelsing ransomware targets Windows systems in the U.S. and France. CISA issues five ICS advisories warning of high-severity vulnerabilities across critical infrastructure systems. A former NFL coach is indicted for allegedly hacking into the accounts of thousands of college athletes. Brandon Karpf joins us with a look at cyberspace in space. A fraud detection firm gets shut down for fraud.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Brandon Karpf, friend of N2K CyberWire, joins T-Minus Space Daily host Maria Varmazis for the Space and Cyber March segment.

Selected Reading

Over 150 US Government Database Servers Vulnerable to Internet Exposure (GB Hackers)

White House Shifting Cyber Risk to State and Local Agencies (Data Breach Today)

Cybercriminals Exploit CheckPoint Driver Flaws in Malicious Campaign (Infosecurity Magazine)

Albabat Ransomware Attacking Windows, Linux & macOS by Leveraging GitHub (Cyber Security News)

Chinese I-Soon Hackers Hit 7 Organizations in Operation FishMedley (SecurityWeek)

VanHelsing Ransomware Attacking Windows Systems With New Evasion Technique & File Extension (Cyber Security News)

CISA Releases Five Industrial Control Systems Advisories Covering Vulnerabilities & Exploits (Cyber Security News)

Former NFL, Michigan Assistant Coach Matt Weiss Charged With Hacking for Athletes' Intimate Photos (SecurityWeek)

AdTech CEO whose products detected ad fraud jailed for fraud (The Register)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Can’t escape RCE flaws.

Thu, 20 Mar 2025 20:10:00 -0000

Veeam patches a critical vulnerability in its Backup & Replication software. A spyware data breach highlights ongoing risks. Clearview AI attempted to purchase sensitive data such as Social Security numbers and mug shots. The Netherlands’ parliament looks to reduce reliance on U.S. software firms. A Pennsylvania union notifies over 517,000 individuals of a data breach. Researchers discover a RansomHub affiliate deploying a new custom backdoor called Betruger. A new info-stealer spreads through game cheats and cracks. David Wiseman, Vice President of Secure Communications at BlackBerry, joins us to explore how organizations can effectively implement CISA’s encrypted communications guidelines. What to do when AI casually accuses you of murder?

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

David Wiseman, Vice President of Secure Communications at BlackBerry, joins us to explore how organizations can effectively implement CISA’s encrypted communications guidelines. Don’t miss the full conversation—listen now on the Caveat podcast!

Selected Reading

Veeam Patches Critical Vulnerability in Backup & Replication (SecurityWeek)

The Citizen Lab’s director dissects spyware and the ‘proliferating’ market for it (The Record)

Data breach at stalkerware SpyX affects close to 2 million, including thousands of Apple users (TechCrunch)

Facial Recognition Company Clearview Attempted to Buy Social Security Numbers and Mugshots for its Database (404 Media)

Dutch parliament calls for end to dependence on US software companies (Yahoo)

Pennsylvania education union data breach hit 500,000 people (Bleeping Computer)

RansomHub Affiliate Deploying New Custom Backdoor Dubbed ‘Betruger’ For Persistence (Cyber Security News)

New Arcane infostealer infects YouTube, Discord users via game cheats (Bleeping Computer)

Dad demands OpenAI delete ChatGPT’s false claim that he murdered his kids (Ars Technica)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Remote hijacking at your fingertips.

Wed, 19 Mar 2025 20:10:00 -0000

A critical vulnerability could let attackers hijack and potentially disable vulnerable servers. Europol warns of a “shadow alliance” between state-backed threat actors and cybercriminals. Sekoia examines ClearFake. A critical PHP vulnerability is under active exploitation. A sophisticated scareware phishing campaign has shifted its focus to macOS users. Phishing as a service attacks are on the rise. A new jailbreak technique bypasses security controls in popular LLMs. Microsoft has uncovered StilachiRAT. CISA confirms active exploitation of a critical Fortinet vulnerability. On our CertByte segment, Chris Hare is joined by Troy McMillan to break down a question targeting the ISACA® Certified Information Security Manager® (CISM®) exam. AI coding assistants get all judgy.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CertByte Segment

Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare, a content developer and project management specialist at N2K, we share practice questions from N2K’s suite of industry-leading certification resources. This week, Chris is joined by Troy McMillan to break down a question targeting the ISACA® Certified Information Security Manager® (CISM®) exam. Today’s question comes from N2K’s ISACA® Certified Information Security Manager® (CISM®) Practice Test.

The CISM exam helps to affirm your ability to assess risks, implement effective governance, proactively respond to incidents and is the preferred credential for IT managers, according to ISACA.To learn more about this and other related topics under this objective, please refer to the following resource: CISM Review Manual, 15th Edition, 1.0, Information Security Governance, Introduction.

Please note: The questions and answers provided here, and on our site, are not actual current or prior questions and answers from these certification publishers or providers.

Additional source: https://www.isaca.org/credentialing/cism#1

Selected Reading

Critical AMI MegaRAC bug can let attackers hijack, brick servers (bleepingcomputer)

Europol Warns of “Shadow Alliance” Between States and Criminals (Infosecurity Magazine)

ClearFake’s New Widespread Variant: Increased Web3 Exploitation for Malware Delivery (Sekoia.io Blog)

PHP RCE Vulnerability Actively Exploited in Wild to Attack Windows-based Systems (cybersecuritynews)

Scareware Combined With Phishing in Attacks Targeting macOS Users (securityweek)

Sneaky 2FA Joins Tycoon 2FA and EvilProxy in 2025 Phishing Surge (Infosecurity Magazine)

New Jailbreak Technique Bypasses DeepSeek, Copilot, and ChatGPT to Generate Chrome Malware (gbhackers)

Microsoft Warns of New StilachiRAT Malware (SecurityWeek)

Fortinet Vulnerability Exploited in Ransomware Attack, CISA Warns (Infosecurity Magazine)

AI coding assistant Cursor reportedly tells a 'vibe coder' to write his own damn code (TechCrunch)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Tomcat got your server?

Tue, 18 Mar 2025 20:10:00 -0000

An Apache Tomcat vulnerability is under active exploitation. CISA rehires workers ousted by DOGE. Lawmakers look to protect rural water systems from cyber threats. Western Alliance Bank notifies 22,000 individuals of a data breach. A new cyberattack method called BitM allows hackers to bypass multi-factor authentication. A Chinese cyberespionage group targets Central European diplomats. A new cyberattack uses ChatGPT infrastructure to target the financial sector and U.S. government agencies. Australia sues a major securities firm over inadequate protection of customer data. Our Threat Vector segment examines how unifying security capabilities strengthens cyber resilience. Cybercriminals say, “Get me Edward Snowden on the line!”

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

Threat Vector Segment

Security platformization is transforming the way organizations defend against cyber threats. In this episode of Threat Vector, host David Moulton speaks with Carlos Rivera, Senior Analyst at Forrester, about how unifying security capabilities strengthens cyber resilience. To listen to the full discussion, please check out the episode here or on your favorite podcast app, and tune in to new episodes of Threat Vector by Palo Alto Networks every Thursday.

Selected Reading

Critical Apache Tomcat RCE Vulnerability Exploited in Just 30hrs of Public Exploit (Cyber Security News)

CISA Rehires Fired Employees, Immediately Puts Them on Leave (GovInfo Security)

Western Alliance Bank Discloses Data Breach Linked to Cleo Hack (SecurityWeek)

New BitM Attack Lets Hackers Steal User Sessions Within Seconds (Cyber Security News)

US Lawmakers Reintroduce Bill to Boost Rural Water Cybersecurity (SecurityWeek)

Chinese Hackers Target European Diplomats with Malware (GovInfo Security)

Hackers Exploit ChatGPT with CVE-2024-27564, 10,000+ Attacks in a Week (Hackread)

Australia Sues FIIG Investment Firm in Cyber 'Wake-Up Call' (GovInfo Security)

Extortion crew threatened to inform Edward Snowden (?!) if victim didn't pay up (The Register)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

A reel disaster for GitHub.

Mon, 17 Mar 2025 20:10:00 -0000

A phishing campaign targets nearly 12,000 GitHub repositories. The BlackLock ransomware group is one to watch. A federal judge orders reinstatement of workers at CISA. Over 100 car dealership websites suffer a supply chain attack, and Hellcat breaches Jaguar Land Rover. Researchers uncover a major vulnerability affecting RSA encryption keys. A Life Insurance Company notifies 355,500 individuals of a December 2024 data breach. A researcher releases a decryptor for Akira ransomware. A new mapping database aims to help NGOs and high-risk individuals find security tools. Tim Starks from CyberScoop reports that trade groups fear a cybersecurity blackout if a key panel and vital cyber law aren’t renewed. A fundamental shift of our understanding of hash tables.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today our guest is Tim Starks from CyberScoop is discussing how "Trade groups worry information sharing will worsen without critical infrastructure panel, CISA law renewal."

Selected Reading

Fake "Security Alert" issues on GitHub use OAuth app to hijack accounts (Bleeping Computer)

BlackLock Ransomware Strikes Over 40 Organizations in Just Two Months (GB Hackers)

Federal Judges Block Trump's Mass Firings of Federal Workers (BankInfo Security)

100 Car Dealerships Hit by Supply Chain Attack (SecurityWeek)

Jaguar Land Rover Breached by HELLCAT Ransomware Group using Jira Credentials (Cyber Security News)

Millions Of RSA Key Exposes Serious Flaws That Can Be Exploited (Cyber Security News)

Insurer Notifying 335,500 Customers, Agents, Others of Hack (BankInfo Security)

New Akira ransomware decryptor cracks encryptions keys using GPUs (Bleeping Computer)

Security Database Aims to Empower Non-Profits (Infosecurity Magazine)

Undergraduate Disproves 40-Year-Old Conjecture, Invents New Kind of Hash Table (WIRED)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Ingrid Toppelberg: Knowing how to take risks will pay off. [Cybersecurity education] [Career Notes]

Sun, 16 Mar 2025 07:00:00 -0000

Please enjoy this encore of Career Notes.

Chief Product Officer at Cybint Solutions, Ingrid Toppelberg, shares her journey from consulting to bootcamp coach and cybersecurity education. As a young girl, Ingrid wanted to do everything from being a teacher to the head of the World Bank. After consulting for several years, Ingrid found cybersecurity. What she found fascinating about the cyber world is how important it is for absolutely everyone at all levels to know about cybersecurity. Ingrid also develops and conducts bootcamps to reskill displaced people into cybersecurity. Ingrid says to those interested in cyber, "just do it. We need different kinds of minds in cyber keeping us safe." We thank Ingrid for sharing her story with us.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Trailblazers in Cybersecurity: Lessons from the Women Leading the Charge [Threat Vector]

Sun, 16 Mar 2025 06:00:00 -0000

We thought you might enjoy this episode of Threat Vector podcast from the N2K CyberWIre network as we continue our observance of Women's History Month. You can catch new episodes of Threat Vector every Thursday here and on your favorite podcast app.

In this special Women’s History Month episode of Threat Vector, host David Moulton speaks with four trailblazing women in cybersecurity who are shaping the industry: Kristy Friedrichs, Chief Partnerships Officer; Tanya Shastri, SVP of Product Management; Sama Manchanda, Consultant at Unit 42; and Stephanie Regan, Principal Technical Architect at Unit 42.

They share their journeys into cybersecurity, discuss the challenges they faced, and offer insights on leadership, innovation, and mentorship. From AI-driven security to digital forensics, these women have made a lasting impact. Tune in to hear their advice for the next generation and why cybersecurity remains one of the most exciting and dynamic fields to be in today.

Join the conversation on our social media channels:

Website: ⁠⁠⁠⁠https://www.paloaltonetworks.com/
Threat Research: ⁠⁠⁠⁠https://unit42.paloaltonetworks.com/⁠⁠⁠⁠
Facebook: ⁠⁠⁠⁠https://www.facebook.com/LifeatPaloAltoNetworks/⁠⁠⁠⁠
LinkedIn: ⁠⁠⁠⁠https://www.linkedin.com/company/unit42/⁠⁠⁠⁠
YouTube: @paloaltonetworks
Twitter: ⁠⁠⁠⁠https://twitter.com/PaloAltoNtwks⁠⁠⁠⁠

About Threat Vector

The podcast features in-depth discussions with industry leaders, Palo Alto Networks experts, and customers, providing crucial insights for security decision-makers.

Palo Alto Networks

Learn more about your ad choices. Visit megaphone.fm/adchoices

The ransomware clones of HellCat & Morpheus. [Research Saturday]

Sat, 15 Mar 2025 07:00:00 -0000

Jim Walter, Senior Threat Researcher on SentinelLabs research team, to discuss their work on "HellCat and Morpheus | Two Brands, One Payload as Ransomware Affiliates Drop Identical Code." Over the past six months, new ransomware groups like FunkSec, Nitrogen, and Termite have emerged, while established threats such as Cl0p and LockBit 4.0 have resurfaced. Two prominent Ransomware-as-a-Service (RaaS) operations, HellCat and Morpheus, have gained traction, with research indicating that affiliates of both are using nearly identical ransomware payloads.

Despite similarities in their encryption techniques and ransom notes, there is no conclusive evidence linking HellCat and Morpheus to the Underground Team, though shared tools or affiliates may be involved.

The research can be found here:

HellCat and Morpheus | Two Brands, One Payload as Ransomware Affiliates Drop Identical Code

Learn more about your ad choices. Visit megaphone.fm/adchoices

Balancing budget cuts and cybersecurity.

Fri, 14 Mar 2025 21:05:00 -0000

The White House is urging federal agencies not to lay off cybersecurity teams. Google doesn’t deny receiving a secret legal order from the UK government. Microsoft researchers identify a simple method to bypass AI safety guardrails. Scammers are impersonating the Clop ransomware gang. Cisco issues security advisories for multiple IOS XR vulnerabilities. CISA warns of multiple ICS security issues. A LockBit ransomware developer has been extradited to the U.S. GCHQ’s former director calls for stronger cybersecurity collaboration. Rick Howard and Kim Jones pass the mic for the CISO Perspectives podcast. Sniffing out Stingrays.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today, we have Dave speaking with Rick Howard, a friend of the show, and Kim Jones, a veteran CISO, educator, and expert in the field, as Rick passes the mic to Kim for a brand new season of CISO Perspectives, formerly CSO Perspectives.

Selected Reading

White House instructs agencies to avoid firing cybersecurity staff, email says (Reuters)

Elon Musk Made Visit to U.S. Spy Agency (Wall Street Journal)

Google refuses to deny it received encryption order from UK government (The Record)

New Context Compliance Exploit Jailbreaks Major AI Models (GB Hackers)

Fraudsters Impersonate Clop Ransomware to Extort Businesses (Infosecurity Magazine)

Cisco Warns of IOS XR Software Vulnerability Let Attackers Trigger DoS condition (Cyber Security News)

CISA Releases Thirteen Industrial Control Systems Focusing Vulnerabilities & Exploits (Cyber Security News)

LockBit Ransomware Developer Extradited to US (SecurityWeek)

Cyber Industry Falls Short on Collaboration, Says Former GCHQ Director (Infosecurity Magazine)

Meet Rayhunter: A New Open Source Tool from EFF to Detect Cellular Spying (Electronic Frontier Foundation)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

FCC draws the line on Chinese tech threats.

Thu, 13 Mar 2025 20:10:00 -0000

The FCC looks to counter Chinese cyber threats. Turmoil at CISA. Volt Typhoon infiltrated a power utility for over 300 days. Europe takes the lead at Ukraine’s annual cyber conference. Facebook discloses a critical vulnerability in FreeType. A new Android spyware infiltrated the Google Play store. Our guest is Alvaro Alonso Ruiz, Co-Founder and CCO of Leanspace, who is discussing software in space with T-Minus Space Daily host Maria Varmazis. A UK hospital finds thousands of unwelcome guests on their network.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today our guest is Alvaro Alonso Ruiz, Co-Founder and CCO of Leanspace, who is discussing software in space with T-Minus Space Daily host Maria Varmazis.

Selected Reading

US communications regulator to create council to counter China technology threats (Financial Times)

‘People Are Scared’: Inside CISA as It Reels From Trump’s Purge (WIRED)

CISA cuts $10 million annually from ISAC funding for states amid wider cyber cuts (The Record)

Arizona Secretary of State Proposes Alternative to Defunded National Election Security Program (Democracy Docket)

China's Volt Typhoon Hackers Dwelled in US Electric Grid for 300 Days (SecurityWeek)

Chinese cyberspies backdoor Juniper routers for stealthy access (Bleeping Computer)

At Ukraine’s major cyber conference, Europe takes center stage over US (The Record)

Facebook discloses FreeType 2 flaw exploited in attacks (Bleeping Computer)

New North Korean Android spyware slips onto Google Play (Bleeping Computer)

NHS Trust IT head: ‘Our attack surface was much bigger than we thought’ (Computing)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Will Plankey lead CISA to victory?

Wed, 12 Mar 2025 20:10:00 -0000

The White House names their nominee for CISA’s top spot. Patch Tuesday updates. Apple issues emergency updates for a zero-day WebKit vulnerability. Researchers highlight advanced MFA-bypassing techniques. North Korea's Lazarus Group targets cryptocurrency wallets and browser data. Our guest today is Rocco D’Amico of Brass Valley discussing hidden risks in retired devices and reducing data breach threats. Making sense of the skills gap paradox.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Joining us today is Rocco D’Amico of Brass Valley discussing hidden risks in retired devices and reducing data breach threats.

Selected Reading

Trump nominates Sean Plankey as new CISA director (Tech Crunch)

CISA worker says 100-strong red team fired after DOGE action (The Register)

March 2025 Patch Tuesday: Microsoft Fixes 57 Vulnerabilities, 7 Zero-Days (Hackread)

ICS Patch Tuesday: Advisories Published by CISA, Schneider Electric, Siemens (SecurityWeek)

CISA Warns of Microsoft Windows Management Console (MMC) Vulnerability Exploited in Wild (Cyber Security News)

Apple WebKit Zero-Day Vulnerability Actively Exploit in High Profile Cyber Attacks (Cyber Security News)

Hackers Using Advanced MFA-Bypassing Techniques To Gain Access To User Account (Cyber Security News)

North Korean Lazarus hackers infect hundreds via npm packages (Bleeping Computer)

Welcome to the skills gap paradox (Computing)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

X marks the hack.

Tue, 11 Mar 2025 20:10:00 -0000

X-Twitter had multiple waves of outages yesterday. Signal’s president warns against agentic AI. A new lawsuit alleges DOGE bypassed critical security safeguards. Is the Five Eyes Alliance fraying? The Minja attack poisons ai memory through user interaction. Researchers report increased activity from the SideWinder APT group. A critical Veritas vulnerability enables remote code execution. A Kansas healthcare provider breach exposes 220,000 patients’ data. New York sues Allstate over data exposure in insurance websites. CISA warns of critical Ivanti and VeraCode vulnerabilities. FTC to refund $25.5 million to victims of tech support scams. On our Industry Voices segment, we are joined by Gerald Beuchelt, CISO at Acronis, who is discussing how threat research and intelligence matter to MSPs. The UK celebrates a record-breaking CyberFirst Girls Competition.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On our Industry Voices segment, we are joined by Gerald Beuchelt, CISO at Acronis, who is discussing how threat research and intelligence matter to MSPs.

Selected Reading

Hackers Take Credit for X Cyberattack (SecurityWeek)

X users report login troubles as Dark Storm claims cyberattack (Malwarebytes)

Signal President Meredith Whittaker calls out agentic AI as having 'profound' security and privacy issues (TechCrunch)

Lawsuit Says DOGE Is Ignoring Key Social Security Data Rules (BankInfo Security)

As Trump pivots to Russia, allies weigh sharing less intel with U.S. (NBC News)

MINJA sneak attack poisons AI models for other chatbot users (The Register)

SideWinder APT Group Attacking Military & Government Entities With New Tools (Cyber Security News)

Critical Veritas Vulnerability Let Attackers Execute Malicious Code (Cyber Security News)

Kansas healthcare provider says more than 220,000 impacted by cyberattack (The Record)

Allstate sued for exposing personal info in plaintext (The Register)

CISA Urges All Organizations to Patch Exploited Critical Ivanti Vulnerabilities (Infosecurity Magazine)

FTC will send $25.5 million to victims of tech support scams (Bleeping Computer)

Record Number of Girls Compete in CyberFirst Contest (Infosecurity Magazine)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

PHP flaw sparks global attack wave.

Mon, 10 Mar 2025 20:30:00 -0000

PHP exploits are active in the wild. Security researchers discover undocumented commands in a popular Wi-Fi and Bluetooth-enabled microcontroller. The ONCD could gain influence in this second Trump administration. The Akira ransomware gang leverages an unsecured webcam. Mission, Texas declares a state of emergency following a cyberattack. The FBI and Secret Service confirm crypto-heists are linked to the 2022 LastPass breach. A popular home appliance manufacturer suffers a cyberattack. Switzerland updates reporting requirements for critical infrastructure operators. Our guest is Errol Weiss, Chief Security Officer at the Health-ISAC, who warns “the cavalry isn’t coming—why the private sector must take the lead in critical infrastructure cybersecurity.” A termination kill switch leads to potential jail time.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today, we have Errol Weiss, Chief Security Officer at the Health-ISAC, sharing his take “the cavalry isn’t coming—why the private sector must take the lead in critical infrastructure cybersecurity.”

Selected Reading

Mass Exploitation of Critical PHP Vulnerability Begins (SecurityWeek)

Undocumented commands found in Bluetooth chip used by a billion devices (Bleeping Computer)

White House cyber director’s office set for more power under Trump, experts say (The Record)

Ransomware gang encrypted network from a webcam to bypass EDR (Bleeping Computer)

Texas border city declares state of emergency after cyberattack on government systems (The Record)

Feds Link $150M Cyberheist to 2022 LastPass Hacks (Krebs on Security)

Home appliance company Presto says cyberattack causing delivery delays (The Record)

Switzerland Mandates Cyber-Attack Reporting for Critical Infrastructure (Infosecurity Magazine)

Developer sabotaged ex-employer IT systems with kill switch (The Register)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Peter Baumann: Adding value to data. [CEO] [Career Notes]

Sun, 09 Mar 2025 07:00:00 -0000

Please enjoy this encore of Career Notes.

CEO of ActiveNav, Peter Baumann, takes us on his career journey from minor home electrical experiments to the business of data discovery. He began his career as an electrical engineer, but felt an entrepreneurial spirit was part of his makeup. Following his return to college to study business and finance, Peter talks about being set on the path to shine the light on the data to provide discovery capability. To those interested in the field, he suggests having a broad familiarity of different approaches. We thank Peter for sharing his story with us.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Botnet’s back, tell a friend. [Research Saturday]

Sat, 08 Mar 2025 08:00:00 -0000

This week we are joined by Silas Cutler, Principal Security Researcher at Censys, asking the important question of "Will the Real Volt Typhoon Please Stand Up?" The FBI's disruption of the KV Botnet in December 2023, attributed to the Chinese threat group Volt Typhoon, targeted infected systems but did not affect the botnet's control infrastructure.

The research can be found here:

Will the Real Volt Typhoon Please Stand Up?

Learn more about your ad choices. Visit megaphone.fm/adchoices

The end of the line for Garantex.

Fri, 07 Mar 2025 21:30:00 -0000

Law enforcement shutters Garantex crypto exchange. NTT discloses breach affecting corporate customers. Malvertising campaign hits nearly a million devices. AI’s role in Canada’s next election. Scammers target Singapore’s PM in AI fraud. Botnets exploit critical IP camera vulnerability. In our International Women's Day and Women’s History Month special, join Liz Stokes as she shares the inspiring stories of women shaping the future of cybersecurity. And how did Insider threats turn a glitch into a goldmine?

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

In this special International Women’s Day edition, we shine a spotlight on the incredible women in and around our network who are shaping the future of cybersecurity. Join Liz Stokes as we celebrate Selena Larson, Threat Researcher at Proofpoint, and co-host of Only Malware in the Building, Gianna Whitver, CEO & Co-Founder of the Cybersecurity Marketing Society and co-host of the Breaking Through in Cybersecurity Marketing podcast, Maria Velasquez, Chief Growth Officer & Co-Founder of the Cybersecurity Marketing Society and co-host of the Breaking Through in Cybersecurity Marketing podcast, Chris Hare, Project Management Specialist and Content Developer at N2K Networks, and host of CertByte, Ann Lang, Project Manager at N2K Networks, Jennifer Eiben, Executive Producer at N2K Networks, and Maria Varmazis, host of the T-Minus Space Daily show at N2K Networks for their achievements, resilience, and the invaluable contributions they make to keeping our digital world secure.

Selected Reading

Russian crypto exchange Garantex’s website taken down in apparent law enforcement operation (The Record)

Data breach at Japanese telecom giant NTT hits 18,000 companies (BleepingComputer)

Malvertising campaign leads to info stealers hosted on GitHub (Microsoft)

Canadian intelligence agency warns of threat AI poses to upcoming elections (The Record)

Deepfakes of Singapore PM Used to Sell Crypto, Residency Program (Bloomberg)

Edimax Camera Zero-Day Disclosed by CISA Exploited by Botnets (SecurityWeek)

Magecart: How Akamai Protected a Global Retailer Against a Live Attack (Akamai)

Cybercrime 'crew' stole $635,000 in Taylor Swift concert tickets (BleepingComputer)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

From China with love (and Malware).

Thu, 06 Mar 2025 21:10:00 -0000

US Justice Department charges employees of Chinese IT contractor i-Soon. Silk Typhoon targets the IT supply chain for initial access. Chrome extensions that change shape. Attackers target airflow misconfigurations. LibreOffice vulnerability opens the door to script-based attacks. NSO group leaders face charges in spyware case. Today, our own Dave Bittner is our guest as he appeared on the Adopting Zero Trust podcast at ThreatLocker’s Zero Trust World 2025 event with hosts Elliot Volkman and Neal Dennis and guest Dr. Chase Cunningham. And turning $1B into thin air.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today, our own Dave Bittner is in our guest spot as he appeared on the Adopting Zero Trust podcast at ThreatLocker’s Zero Trust World 2025 event with hosts Elliot Volkman and Neal Dennis and guest Dr. Chase Cunningham aka Dr. Zero Trust. Adopting Zero Trust is an ongoing conversation about the people and organizations adopting Zero Trust. You can catch the full episode here where Dave and Dr. Zero Trust weigh the difference between delivering refined news and raw perspective, hitting critical mass for AI, and the current political environment.

Selected Reading

US charges Chinese nationals in cyberattacks on Treasury, dissidents and more (The Record)

Silk Typhoon targeting IT supply chain (Microsoft)

Malicious Chrome extensions can spoof password managers in new attack (Bleeping Computer)

Apache Airflow Misconfigurations Leak Login Credentials to Hackers (GB Hackers)

LibreOffice Flaw Allows Attackers to Run Arbitrary Scripts via Macro URL (GB Hackers)

Exploited VMware ESXi Flaws Put Many at Risk of Ransomware, Other Attacks (SecurityWeek)

Catalan court says NSO Group executives can be charged in spyware investigation (TechCrunch)

Former top NSA cyber official: Probationary firings ‘devastating’ to cyber, national security (CyberScoop)

Financial Organizations Urge CISA to Revise Proposed CIRCIA Implementation (SecurityWeek)

North Koreans finish initial laundering stage after more than $1 billion stolen from Bybit (The Record)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

US Treasury targets darknet kingpin.

Wed, 05 Mar 2025 21:30:00 -0000

US Treasury Department sanctions Iranian national accused of running the Nemesis criminal marketplace. Hunters International threatens to leak data stolen from Tata Technologies. Apple challenges U.K.’s iCloud encryption backdoor order. UK competition regulator says no investigation into Microsoft's OpenAI partnership. Stealthy malware campaign targets the UAE's aviation and satellite industry. This week on our CertByte segment, N2K’s Chris Hare is joined by Troy McMillan to break down a question targeting the Cisco Certified Network Associate (CCNA) exam. And hackers hit the books.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CertByte Segment

Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare, a content developer and project management specialist at N2K. This week, Chris is joined by Troy McMillan to break down a question targeting the Cisco Certified Network Associate (CCNA) exam, 201-301, version 1.1 exam. Today’s question comes from N2K’s Cisco Certified Network Associate (CCNA 200-301) Practice Test.

According to Cisco, the CCNA is the industry’s most widely recognized and respected associate-level certification. To learn more about this and other related topics under this objective, please refer to the following resource: https://learningnetwork.cisco.com/s/article/protection-techniques-nbsp-from-wardriving-attack

To get the full news to knowledge experience, learn more about our N2K Pro subscription at https://thecyberwire.com/pro.

Please note: The questions and answers provided here, and on our site, are not actual current or prior questions and answers from these certification publishers or providers.

Additional source: https://www.cisco.com/site/us/en/learn/training-certifications/certifications/enterprise/ccna/index.html

Selected Reading

Treasury sanctions Iranian national behind defunct Nemesis darknet marketplace (The Record)

Ransomware Group Claims Attack on Tata Technologies (SecurityWeek)

Apple is challenging U.K.’s iCloud encryption backdoor order (TechCrunch)

UK's competition regulator says Microsoft's OpenAI partnership doesn't qualify for investigation (TechCrunch)

Call It What You Want: Threat Actor Delivers Highly Targeted Multistage Polyglot Malware (Proofpoint)

Snail Mail Fail: Fake Ransom Note Campaign Preys on Fear (GuidePoint Security)

Fake police call cryptocurrency investors to steal their funds (Bitdefender)

Microsoft Teams tactics, malware connect Black Basta, Cactus ransomware (Bleeping Computer)

Investigator says differing names for hacker groups, hackers studying investigative methods hinders law enforcement (CyberScoop)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA keeps watch on Russia.

Tue, 04 Mar 2025 21:10:00 -0000

CISA says it will continue monitoring Russian cyber threats. Broadcom patches zero-days that can lead to VM escape. Google patches 43 Bugs, including two sneaky zero-days. CISA flags vulnerabilities exploited in the wild. Palau's health ministry recovers from ransomware attack. Lost and found or lost and leaked? On this week's Threat Vector segment, David Moulton previews an episode with Hollie Hennessy on IoT cybersecurity risk mitigation and next week’s special International Women's Day episode featuring trailblazing women from Palo Alto Networks sharing their cybersecurity journeys and leadership insights. And is that really you?

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

Threat Vector Segment

On our Threat Vector Segment, host David Moulton shares previews of two upcoming episodes. On this Thursday’s episode, he speaks with Hollie Hennessy, Principal Analyst for IoT Cybersecurity at Omdia, to discuss how attackers exploit vulnerabilities in connected environments and the best approaches for risk mitigation.

The next week On Thursday, March 13th, David shares four conversations with some of the trailblazing women at Palo Alto Networks in honor of International Women’s Day and Women’s History Month. They share their journeys into cybersecurity, discuss the challenges they faced and offer insights on leadership, innovation, and mentorship. Be sure to tune in for some inspiring stories.

Don't miss the full episodes every Threat Vector Thursday, subscribe now to stay ahead. If you're in Austin, Texas for SXSW and want to meet up, email David at threatvector@Paloaltonetworks.com.

Selected Reading

DHS says CISA won’t stop looking at Russian cyber threats (CyberScoop)

Did Trump Admin Order U.S. Cyber Command and CISA to Stand Down on Russia? (Zero Day)

Broadcom Patches 3 VMware Zero-Days Exploited in the Wild (SecurityWeek)

Google fixes Android zero-day exploited by Serbian authorities (Bleeping Computer)

Several flaws added to CISA known exploited vulnerabilities catalog (SC Media)

Palau health ministry on the mend after Qilin ransomware attack (The Record)

Lost luggage data leak exposes nearly a million records (Cybernews)

Lee Enterprises ransomware attack halts freelance and contractor payments (TechCrunch)

TikTok Blasts Australia for YouTube Carveout in Social Media Ban (Bloomberg)

Deepfake cyberattacks proliferated in 2024, iProov claims (The Register)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Is it cyber peace or just a buffer?

Mon, 03 Mar 2025 21:10:00 -0000

Cyber Command ordered to halt offensive operations against Russia during Ukraine negotiations. Ransomware actors exploit Paragon Partition Manager vulnerability. Amnesty International publishes analysis of Cellebrite exploit chain. California orders data broker to shut down for violating the Delete Act. On our Afternoon Cyber Tea segment with host Ann Johnson of Microsoft Security, Ann speaks with Igor Tsyganskiy, Microsoft's Global Chief Information Security Officer, about "The Power of Partnership in Cyber Defense." And it’s the end of an era.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

Afternoon Cyber Tea segment.

On our monthly Afternoon Cyber Tea segment with host Ann Johnson of Microsoft Security, Ann speaks with Igor Tsyganskiy, Microsoft's Global Chief Information Security Officer, about "The Power of Partnership in Cyber Defense." Ann and Igor share an engaging conversation on the challenges and optimism driving the fight against cyber threats. To hear the full conversation on Ann’s show, check out the episode here. You can catch new episodes of Afternoon Cyber Tea every other Tuesday on N2K CyberWire network and on your favorite podcast app.

Selected Reading

Exclusive: Hegseth orders Cyber Command to stand down on Russia planning (The Record)

As Trump warms to Putin, U.S. halts offensive cyber operations against Moscow (The Washington Post)

Hegseth Orders Pentagon to Stop Offensive Cyberoperations Against Russia (The New York Times)

Ransomware gangs exploit Paragon Partition Manager bug in BYOVD attacks (Bleeping Computer)

VU#726882 - Paragon Partition Manager contains five memory vulnerabilities within its BioNTdrv.sys driver that allow for privilege escalation and denial-of-service (DoS) attacks (Carnegie Mellon University Software Engineering Institute CERT Coordination Center)

Cellebrite zero-day exploit used to target phone of Serbian student activist (Amnesty International Security Lab)

California shuts down data broker for failing to register (The Record)

Research finds 12,000 ‘Live’ API Keys and Passwords in DeepSeek's Training Data (Truffle Security)

Cyberattack detected at Polish space agency, minister says (Reuters)

Polish space agency confirms cyberattack (The Register)

As Skype shuts down, its legacy is end-to-end encryption for the masses (TechCrunch)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Taree Reardon: A voice for women in cyber. [Career Notes]

Sun, 02 Mar 2025 08:00:00 -0000

Senior Threat Analyst and Shift Lead for VMware Taree Reardon shares her journey to becoming leader for women in the cybersecurity field. A big gamer who has always been interested in hacking and forensics, Taree found her passion while learning about cybersecurity. She's dedicated to diversity and inclusion and found her footing on a team made up of 50% women. Taree spends her days tracking and blocking attacks and as a champion for women. Trusting yourself is top on her list of advice. We thank Taree for sharing her story.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Caught in the contagious interview. [Research Saturday]

Sat, 01 Mar 2025 08:00:00 -0000

This week we are joined by Phil Stokes, threat researcher at SentinelOne's SentinelLabs, discussing their work on "macOS FlexibleFerret | Further Variants of DPRK Malware Family Unearthed." Apple recently pushed an update to its XProtect tool, blocking several variants of the DPRK-linked Ferret malware family, which targets victims through the "Contagious Interview" campaign.

The malware uses fake job interview processes to trick users into installing malicious software, and new variants, including FlexibleFerret, remain undetected by XProtect. SentinelOne's research reveals a deeper investigation into this malware, which uses social engineering to expand its attack vectors, including targeting developers through platforms like GitHub.

The research can be found here:

macOS FlexibleFerret | Further Variants of DPRK Malware Family Unearthed

Learn more about your ad choices. Visit megaphone.fm/adchoices

Pay the ransom or risk data carnage.

Fri, 28 Feb 2025 21:10:00 -0000

Qilin ransomware gang claims responsibility for attack against Lee Enterprises. Thai police arrest suspected hacker behind more than 90 data leaks. JavaGhost uses compromised AWS environments to launch phishing campaigns. LotusBlossum cyberespionage campaigns target Southeast Asia. Malware abuses Microsoft dev tunnels for C2 communication. Protecting the food supply. Today’s guest is Keith Mularski, Chief Global Ambassador at Qintel and former FBI Special Agent, discussing crypto being the target of the cyber underground. And an interview with Iron Man?

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we share Dave’s conversation with Keith Mularski, Chief Global Ambassador at Qintel and former FBI Special Agent, discussing crypto being the target of the cyber underground.

Selected Reading

Ransomware Group Takes Credit for Lee Enterprises Attack (SecurityWeek)

Hacker Behind Over 90 Data Leaks Arrested in Thailand (SecurityWeek)

JavaGhost’s Persistent Phishing Attacks From the Cloud (Unit 42)

Lotus Blossom espionage group targets multiple industries with different versions of Sagerunex and hacking tools (Cisco Talos)

Njrat Campaign Using Microsoft Dev Tunnels (SANS Internet Storm Center)

New Pass-the-Cookie Attack Bypass Microsoft 365 & YouTube MFA Logins (Cyber Security News)

How pass the cookie attacks can bypass your MFA (Longwall Security)

Farm and Food Cybersecurity Act reintroduced to protect food supply chain from cyber threats (Industrial Cyber)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

The masterminds behind a $1.5 billion heist.

Thu, 27 Feb 2025 21:10:00 -0000

FBI attributes $1.5 billion Bybit hack to DPRK hackers. Cellebrite suspends services in Serbia following allegations of misuse. A Belgium spy agency is hacked. New groups, bigger attacks. Sticky Werewolf strikes again. US DNI orders legal review of UK's request for iCloud backdoor. A cybersecurity veteran takes CISA’s lead. DOGE accesses sensitive HUD data. Cleveland Municipal Court remains closed following cyber incident. Our guest today is an excerpt from our Caveat podcast. Adam Marré, Arctic Wolf CISO and former FBI special agent, joins Dave to discuss banning TikTok and increasing regulations for social media companies. And can hacking be treason?

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Our guest today is an excerpt from our Caveat podcast. Adam Marré, Arctic Wolf CISO and former FBI special agent, joins Dave to discuss banning TikTok and increasing regulations for social media companies. You can hear Adam and Dave’s full discussion on today’s Caveat episode. Listen to Dave and co-host Ben Yelin discuss the issue following the interview on Caveat.

Selected Reading

FBI confirms Lazarus hackers were behind $1.5B Bybit crypto heist (Bleeping Computer)

Cellebrite suspends Serbia as customer after claims police used firm's tech to plant spyware (TechCrunch)

Belgium probes suspected Chinese hack of state security service (The Record)

It's not just Salt Typhoon: All China-backed attack groups are showcasing specialized offensive skills (CyberScoop)

Angry Likho APT Resurfaces with Lumma Stealer Attacks Against Russia (Hackread)

Gabbard: UK demand to Apple for backdoor access is 'grave concern' to US (The Record)

Karen Evans steps into a leading federal cyber position: executive assistant director for cybersecurity at CISA (CyberScoop)

DOGE Gains Access to Confidential Records on Housing Discrimination, Medical Details — Even Domestic Violence (ProPublica)

‘Cyber incident’ shuts down Cleveland Municipal Court for third straight day (The Record)

Cyber threat shuts down Cleveland Municipal Court for second day (News5 Cleveland)

U.S. Soldier Charged in AT&T Hack Searched “Can Hacking Be Treason” (Krebs on Security)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Live from Orlando, it's Hacking Humans! [Hacking Humans]

Thu, 27 Feb 2025 16:20:00 -0000

In this special live episode of Hacking Humans, recorded at ThreatLocker’s Zero Trust World 2025 conference in Orlando, Florida, Dave Bittner is joined by T-Minus host Maria Varmazis. Together, they explore the latest in social engineering scams, phishing schemes, and cybercriminal exploits making headlines. Their guest, Seamus Lennon, ThreatLocker’s VP of Operations for EMEA, shares insights on Zero Trust security and the evolving threat landscape. Maria's story this week follows the IRS warning about a fake “Self Employment Tax Credit” scam on social media, urging taxpayers to ignore misinformation and consult professionals. Dave's got the story of the Better Business Bureau’s annual Scam Tracker report, revealing that online shopping scams continue to top the list for the fifth year, with phishing and employment scams remaining major threats, while fraudsters increasingly use AI and deepfake technology to deceive victims. Our catch of the day comes from Diesel in West Virginia, and features a scammer who tried to panic their target with a classic “We’ve frozen your account” scam—only to get hilariously mixed up with actual embryo freezing.

Resources and links to stories:

You can hear more from the T-Minus space daily show here.

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@n2k.com.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Hacked in plain sight.

Wed, 26 Feb 2025 21:10:00 -0000

A major employee screening provider discloses a data breach affecting over 3.3 million people. Signal considers exiting Sweden over a proposed law that would give police access to encrypted messages. House Democrats call out DOGE’s negligent cybersecurity practices. Critical vulnerabilities in Rsync allow attackers to execute remote code. A class action lawsuit claims Amazon violates Washington State’s privacy laws. CISA warns that attackers are exploiting Microsoft’s Partner Center platform. A researcher discovers a critical remote code execution vulnerability in MITRE’s Caldera security training platform. An analysis of CISA’s JCDC AI Cybersecurity Collaboration Playbook. Ben Yelin explains Apple pulling iCloud end-to-end encryption in response to the UK Government. A Disney employee’s cautionary tale.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

We are joined by Caveat podcast co-host Ben Yelin to discuss Apple pulling iCloud end-to-end encryption in response to the UK Government. You can read the article from Bleeping Computer here. Ben is the Program Director for Public Policy & External Affairs at University of Maryland Center for Health and Homeland Security. You can catch Caveat every Thursday here on the N2K CyberWire network and on your favorite podcast app.

Selected Reading

3.3 Million People Impacted by DISA Data Breach (SecurityWeek)

DOGE must halt all ‘negligent cybersecurity practices,’ House Democrats tell Trump (The Record)

Signal May Exit Sweden If Government Imposes Encryption Backdoor (Infosecurity Magazine)

Rsync Vulnerabilities Let Hackers Gain Full Control of Servers - PoC Released (Cyber Security News)

Lawsuit: Amazon Violates Washington State Health Data Law (BankInfo Security)

CISA Warns of Microsoft Partner Center Access Control Vulnerability Exploited in Wild (Cyber Security News)

MITRE Caldera security suite scores perfect 10 for insecurity (The Register)

CISA’s AI cybersecurity playbook calls for greater collaboration, but trust is key to successful execution (CyberScoop)

A Disney Worker Downloaded an AI Tool. It Led to a Hack That Ruined His Life. (Wall Street Journal)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Orange you glad you didn't fall for this?

Tue, 25 Feb 2025 21:10:00 -0000

A hacker claims to have stolen internal documents from a major French telecommunications company. A security breach hits Russia’s financial sector. Cyberattacks targeting ICS and OT surged dramatically last year. Chinese group Silver Fox is spoofing medical software. The UK Home Office’s new vulnerability reporting policy risks prosecuting ethical hackers. Ransomware actors are shifting away from encryption. A sophisticated macOS malware campaign is distributing Poseidon Stealer. The LightSpy surveillance framework evolves into a cross-platform espionage tool. A Chinese botnet is targeting Microsoft 365 accounts using password spraying attacks. Our guest today is Lauren Buitta, Founder and CEO at Girl Security, discussing mentoring and intergenerational strategies. There may be a backdoor in your front door.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Our guest today is Lauren Buitta, Founder and CEO at Girl Security, discussing mentoring and intergenerational strategies.

Selected Reading

Orange Group confirms breach after hacker leaks company documents (Bleeping Computer)

Russia warns of breach of major IT service provider LANIT serving the financial sector (Beyond Machines)

Dragos: Surge of new hacking groups enter ICS space as states collaborate with private actors (CyberScoop)

China's Silver Fox spoofs medical imaging apps to hijack patients' computers (The Register)

UK Home Office’s new vulnerability reporting mechanism leaves researchers open to prosecution (The Record)

Only a Fifth of Ransomware Attacks Now Encrypt Data (Infosecurity Magazine)

Poseidon Stealer Malware Attacking Mac Users via Fake DeepSeek Site (Cyber Security News)

Exploits for unpatched Parallels Desktop flaw give root on Macs (Bleeping Computer)

LightSpy Malware Expands with 100+ Commands to Target Users Across All Major OS Platforms (GB Hackers)

Chinese Botnet Bypasses MFA in Microsoft 365 Attacks (Infosecurity Magazine)

CISA Warns of Attacks Exploiting Oracle Agile PLM Vulnerability (SecurityWeek)

A single default password exposes access to dozens of apartment buildings (TechCrunch)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Can the U.S. keep up in cyberspace?

Mon, 24 Feb 2025 21:10:00 -0000

Retired Gen. Paul Nakasone warns the U.S. is falling behind in cyberspace. Australia orders government entities to remove and ban Kaspersky products. FatalRAT targets industrial organizations in the APAC region. A major cryptocurrency exchange reports the theft of $1.5 billion in digital assets. Apple removes end-to-end encryption (E2EE) for iCloud in the UK. Researchers uncover a LockBit ransomware attack exploiting a Windows Confluence server. Researchers uncover zero-day vulnerabilities in a widely used cloud logging utility.A PayPal email scam is tricking users into calling scammers. Republican leaders in the House request public input on national data privacy standards. A Michigan man faces charges for his use of the Genesis cybercrime marketplace. Our guest is Karl Sigler, Senior Security Research Manager from Trustwave SpiderLabs, explaining the domino effect of a cyberattack on the power grid. Meta sues an Insta Extortionist.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today, Dave speaks with Karl Sigler, Senior Security Research Manager from Trustwave SpiderLabs, about the domino effect of a cyberattack on the power grid. You can dig into the details in their report.

Selected Reading

Former NSA, Cyber Command chief Paul Nakasone says U.S. falling behind its enemies in cyberspace (CyberScoop)

Kaspersky Banned on Australian Government Systems (SecurityWeek)

Chinese Hackers Attacking Industrial Organizations With Sophisticated FatalRAT (Cyber Security News)

Bybit Hack Drains $1.5 Billion From Cryptocurrency Exchange (SecurityWeek)

Experts Slam Government After “Disastrous” Apple Encryption Move (Infosecurity Magazine)

Confluence Exploit Leads to LockBit Ransomware (The DFIR Report)

Fluent Bit 0-day Vulnerabilities Exposes Billions of Production Environments to Cyber Attacks (Cyber Security News)

Beware: PayPal "New Address" feature abused to send phishing emails (Bleeping Computer)

Top House E&C Republicans query public for ideas on data privacy law (CyberScoop)

US Charges Genesis Market User (SecurityWeek)

Meta Sues Alleged Instagram Extortionist (404 Media)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Dwayne Price: Sharing information. [Project Management] [Career Notes]

Sun, 23 Feb 2025 08:00:00 -0000

Please enjoy this encore of Career Notes.

Senior technical project manager Dwayne Price takes us on his career journey from databases to project management. Always fascinated with technology and one who appreciates the aspects of the business side of a computer implementations, Dwayne attended UMBC for both his undergraduate and graduate degrees in information systems management. A strong Unix administration background prepared him to understand the relationship between Unix administration and database security. He recommends those interested in cybersecurity check out the NICE Framework as it speaks to all the various different types of roles in cybersecurity, Dwayne prides himself on his communication skills and openness. We thank Dwayne for sharing his story with us.

Learn more about your ad choices. Visit megaphone.fm/adchoices

From small-time scams to billion-dollar threats. [Research Saturday]

Sat, 22 Feb 2025 06:00:00 -0000

This week, we are joined by Selena Larson from Proofpoint, and co-host of the "Only Malware in the Building" podcast, as she discusses the research on "Why Biasing Advanced Persistent Threats over Cybercrime is a Security Risk." The cybersecurity industry has historically prioritized Advanced Persistent Threats (APTs) from nation-state actors over cybercrime, but this distinction is outdated as cybercriminals now employ equally sophisticated tactics.

Financially motivated threat actors, especially ransomware groups, have evolved to the point where they rival state-backed hackers in technical capability and impact, disrupting businesses, infrastructure, and individuals on a massive scale. To enhance security, defenders must shift focus from an APT-centric mindset to a broader approach that equally prioritizes combating cybercrime, which poses an immediate and tangible risk to global stability.

The research can be found here:

Why Biasing Advanced Persistent Threats over Cybercrime is a Security Risk

Learn more about your ad choices. Visit megaphone.fm/adchoices

The political shake-up at the FBI.

Fri, 21 Feb 2025 21:10:00 -0000

The Senate confirms Kash Patel as FBI director. The SEC rebrands its Crypto Assets and Cyber Unit. Microsoft's quantum chip signals an urgent need for post-quantum security. Chat log leaks reveal the inner workings of BlackBasta. CISA advisories highlight Craft CMS and ICS devices. Researchers release proof-of-concepts for Ivanti Endpoint Manager vulnerabilities. Warby Parker gets a $1.5 million HIPAA fine. Our guest is Steve Schmidt, Amazon CSO, with a behind the scenes look at securing a major event. Researchers explore the massive, mysterious YouTube wormhole.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Our guest is Steve Schmidt, Amazon CSO, talking about integrating physical and logical security measures. Learn more: "Securing a city-sized event: How Amazon integrates physical and logical security at re:Invent."

Selected Reading

Trump loyalist Kash Patel is confirmed as FBI director by the Senate despite deep Democratic doubts (AP)

SEC rebrands cryptocurrency unit to focus on emerging technologies (CyberScoop)

Microsoft’s Quantum Chip Breakthrough Accelerates Threat to Encryption (Infosecurity Magazine)

BlackBasta Ransomware Chatlogs Leaked Online (Infosecurity Magazine)

CISA Warns of Attacks Exploiting Craft CMS Vulnerability (SecurityWeek)

CISA Releases 7 ICS Advisories Detailing Vulnerabilities & Exploits (Cyber Security News)

Ivanti endpoint manager can become endpoint ravager (The Register)

Feds Fine Eyeglass Retailer $1.5M for HIPAA Lapses in Hacks (GovInfo Security)

How a computer that 'drunk dials' videos is exposing YouTube's secrets (BBC)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

No rest for the patched.

Thu, 20 Feb 2025 21:10:00 -0000

The CISA and FBI warn that Ghost ransomware has breached organizations in over 70 countries. President Trump announces his pick to lead the DOJ’s National Security Division. A new ransomware strain targets European healthcare organizations. Researchers uncover four critical vulnerabilities in Ivanti Endpoint Manager. Microsoft has patched a critical improper access control vulnerability in Power Pages. The NSA updates its Ghidra reverse engineering tool. A former U.S. Army soldier admits to leaking private call records. Our guest is Stephen Hilt, senior threat researcher at Trend Micro, sharing the current state of the English cyber underground market. The pentesters’ breach was simulated — their arrest was not.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Our guest is Stephen Hilt, senior threat researcher at Trend Micro, sharing the current state of the English cyber underground market. Learn more in the report.

Selected Reading

CISA and FBI: Ghost ransomware breached orgs in 70 countries (Bleeping Computer)

Trump to nominate White House insider from first term to lead DOJ’s National Security Division (The Record)

New NailaoLocker ransomware used against EU healthcare orgs (Bleeping Computer)

PoC Exploit Published for Critical Ivanti EPM Vulnerabilities (SecurityWeek)

Microsoft Patches Exploited Power Pages Vulnerability (SecurityWeek)

NSA Added New Features to Supercharge Ghidra 11.3 (Cyber Security News)

Army soldier linked to Snowflake extortion to plead guilty (The Register)

Katie Arrington Returns to Pentagon as DoD CISO (GovInfo Security)

Penetration Testers Arrested by Police During Authorized Physical Penetration Testing (Cyber Security News)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Pennies for access.

Wed, 19 Feb 2025 21:20:00 -0000

Credential theft puts sensitive corporate and military networks at risk. A federal judge refuses to block DOGE from accessing sensitive federal data. New York-based Insight Partners confirms a cyber-attack. BlackLock ransomware group is on the rise. OpenSSH patches a pair of vulnerabilities. Russian threat actors are exploiting Signal’s “Linked Devices” feature. Over 12,000 GFI KerioControl firewalls remain exposed to a critical remote code execution (RCE) vulnerability.CISA issued two ICS security advisories. Federal contractors pay $11 million in cybersecurity noncompliance fines. In our CertByte segment, Chris Hare is joined by Steven Burnley to break down a question targeting the ISC2® SSCP - Systems Security Certified Practitioner exam.Sweeping cybercrime reforms are unveiled by…Russia?

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CertByte Segment

Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare, a content developer and project management specialist at N2K, we share practice questions from N2K’s suite of industry-leading certification resources, for the past 25 years, N2K's practice tests have helped more than half a million IT and cyber security professionals reach certification success. Have a question that you’d like to see covered? Email us at certbyte@n2k.com. If you're studying for a certification exam, check out N2K’s full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify.

Please note: The questions and answers provided here, and on our site, are not actual current or prior questions and answers from these certification publishers or providers.

Additional source: https://www.isc2.org/certifications/sscp

Selected Reading

Hundreds of US Military and Defense Credentials Compromised (Infosecurity Magazine)

DOGE Team Wins Legal Battle, Retains Access to Federal Data (GovInfo Security)

Musk Ally Demands Admin Access to System That Lets Government Text the Public (404 Media)

Cyber Investor Insight Partners Suffers Security Breach (Infosecurity Magazine)

BlackLock On Track to Be 2025’s Most Prolific Ransomware Group (Infosecurity Magazine)

Qualys reports two flaws in OpenSSH, one critical DDoS (Beyond Machines)

Russian phishing campaigns exploit Signal's device-linking feature (Bleeping Computer)

Over 12,000 KerioControl firewalls exposed to exploited RCE flaw (Bleeping Computer)

CISA Releases Two New ICS Advisories Exploits Following Vulnerabilities (Cyber Security News)

Managed healthcare defense contractor to pay $11 million over alleged cyber failings (The Record)

Russian Government Proposes Stricter Penalties to Tackle Cybercrime (GB Hackers)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

PAN-ic mode: The race to secure PAN-OS.

Tue, 18 Feb 2025 21:10:00 -0000

Palo Alto Networks confirms a recently patched firewall vulnerability is being actively exploited. CISA warns of an actively exploited iOS vulnerability. Juniper Networks has issued a critical security advisory for an API authentication bypass vulnerability. The acting commissioner of the Social Security Administration (SSA) resigns after Elon Musk’s team sought access to sensitive personal data of millions of Americans. The EagerBee malware framework is actively targeting government agencies and ISPs across the Middle East. Proofpoint researchers document a new macOS infostealer. A new phishing kit uses timesheet notification emails to steal credentials and two-factor authentication codes. JPMorgan Chase will begin blocking Zelle payments to social media contacts to combat online scams. Our guest is Tim Starks from CyberScoop discussing his interview with former National Cyber Director Harry Coker. Transferring your digital legacy.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Our guest is Tim Starks from CyberScoop discussing his interview with former National Cyber Director Harry Coker. You can read more about Tim’s interview “National Cyber Director Harry Coker looks back (and ahead) on the Cyber Director office” and companion piece “Trump picks Sean Cairncross for national cyber director” on CyberScoop.

Selected Reading

Palo Alto Networks Confirms Exploitation of Firewall Vulnerability (SecurityWeek)

CISA Warns of Apple iOS Vulnerability Exploited in Wild (Cyber Security News)

Juniper Warns of Critical Authentication Bypass Vulnerability Affecting Multiple Products (Cyber Security News)

Top Social Security Official Leaves After Musk Team Seeks Data Access (New York Times)

EagerBee Malware Attacking Government Entities & ISPs To Deploy Backdoor (Cyber Security News)

Proofpoint Uncovers FrigidStealer, A New MacOS Infostealer (Infosecurity Magazine)

Microsoft Warns of Improved XCSSET macOS Malware (SecurityWeek)

Fake Timesheet Report Emails Linked to Tycoon 2FA Phishing Kit (GB Hackers)

Chase will soon block Zelle payments to sellers on social media (Bleeping Computer)

Digital Estate Planning: How to Prepare Your Social Media Accounts (New York Times)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

LIVE! From Philly [Threat Vector]

Mon, 17 Feb 2025 07:00:00 -0000

While we are taking a publishing break to observe Washington's Birthday here in the United States, enjoy this primer on how to create a podcast from our partners at Palo Alto Networks direct from the CyberMarketingCon 2024.

Podcasts have become vital tools for sharing knowledge and insights, particularly in technical fields like cybersecurity. "Threat Vector," led by David Moulton, serves as an essential guide through the complex landscape of cyber threats, offering expert interviews and in-depth analysis.

In this session, David will discuss the process behind creating "Threat Vector," highlighting the challenges and rewards of developing a podcast that resonates with industry experts. Attendees will learn about the foundational elements of podcasting, from initial concept development to content creation and audience engagement.

David's approach integrates his extensive background in storytelling, design, and strategic marketing, enabling him to tackle intricate cybersecurity topics and make them accessible to a broad audience. This session will dive into how to present intricate cybersecurity topics in an accessible and engaging manner and explore various techniques for producing compelling content and effective strategies for promoting a podcast to a wider audience.

Join David and guest host David J. Ebner of Content Workshop for an informative discussion on using podcasts as a medium for education and influence in the cybersecurity field. This session is ideal for anyone interested in starting a podcast or enhancing their approach to cybersecurity communication.

Join the conversation on our social media channels:

Website: http://www.paloaltonetworks.com
Threat Research: ⁠⁠⁠⁠https://unit42.paloaltonetworks.com/⁠⁠⁠⁠
Facebook: ⁠⁠⁠⁠https://www.facebook.com/LifeatPaloAltoNetworks/⁠⁠⁠⁠
LinkedIn: ⁠⁠⁠⁠https://www.linkedin.com/company/palo-alto-networks/
YouTube: ⁠⁠⁠⁠@paloaltonetworks
Twitter: ⁠⁠⁠⁠https://twitter.com/PaloAltoNtwks⁠⁠⁠⁠

About Threat Vector

The podcast features in-depth discussions with industry leaders, Palo Alto Networks experts, and customers, providing crucial insights for security decision-makers.

Palo Alto Networks

Learn more about your ad choices. Visit megaphone.fm/adchoices

Maria Thompson-Saeb: Be flexible and make it happen. [Program Management] [Career Notes]

Sun, 16 Feb 2025 08:00:00 -0000

Please enjoy this encore of Career Notes.

Senior Program Manager for Governance, Risk and Compliance at Illumio, Maria Thompson-Saeb shares experiences that led to her career in cybersecurity. Interested in computers and not a fan of math, Maria opted for information systems management rather than computer science. She started her career as a government contractor. Once in the private sector, Maria moved into the Unix and Linux environments where she says "something that would totally change everything." She gained an interest in security and took it upon herself to train up and move into that realm. Maria notes it was not without roadblocks, but that being flexible helped her address those challenges and make her career in security happen. We thank Maria for sharing her story.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Bot or not? The fake CAPTCHA trick spreading Lumma malware. [Research Saturday}

Sat, 15 Feb 2025 08:00:00 -0000

Nati Tal, Head of Guardio Labs, discusses their work on "“DeceptionAds” — Fake Captcha Driving Infostealer Infections and a Glimpse to the Dark Side of Internet Advertising." Guardio has uncovered a large-scale malvertising campaign dubbed “DeceptionAds,” which tricks users into running a malicious PowerShell command under the guise of proving they’re human. This fake CAPTCHA scheme delivers Lumma info-stealer malware while bypassing security measures like Google’s Safe Browsing.

Even after disclosure and takedown efforts, the campaign resurfaced—raising concerns about the effectiveness of existing defenses against ad-driven cyber threats.

The research can be found here:

“DeceptionAds” — Fake Captcha Driving Infostealer Infections and a Glimpse to the Dark Side of Internet Advertising

Learn more about your ad choices. Visit megaphone.fm/adchoices

AI’s blind spots need human eyes.

Fri, 14 Feb 2025 21:10:00 -0000

Nakasone addresses AI at the Munich Cyber Security Conference. Court documents reveal the degree to which DOGE actually has access. Dutch police dismantle a bulletproof hosting operation. German officials investigate Apple’s App Tracking. Hackers exploited security flaws in BeyondTrust. CISA issues 20 new ICS advisories. The new Astoroth phishing kit bypasses 2FA. Hackers waste no time exploiting a SonicWall proof-of-concept vulnerability. Our guest today is Lawrence Pingree, VP of Technical Marketing at Dispersive, joining us to discuss why preemptive defense is essential in the AI arms race. Have I Been Pwned ponders whether resellers are worth the trouble.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Our guest today is Lawrence Pingree, VP of Technical Marketing at Dispersive, joining us to discuss why preemptive defense is essential in the AI arms race. You can read more in "How Cybercriminals Are Using AI: Exploring the New Threat Landscape."

Selected Reading

Putting the human back into AI is key, former NSA Director Nakasone says (The Record)

Court Documents Shed New Light on DOGE Access and Activity at Treasury Department (Zero Day)

Musk's DOGE team: Judges to consider barring it from US government systems (Reuters)

Anyone Can Push Updates to the DOGE.gov Website (404 Media)

Dutch Police seizes 127 XHost servers, dismantles bulletproof hoster (Bleeping Computer)

Apple app tracking rules more strict for others – watchdog (The Register)

PostgreSQL flaw exploited as zero-day in BeyondTrust breach (Bleeping Computer)

CISA Releases 20 ICS Advisories Detailing Vulnerabilities & Exploits (Cyber Security News)

Astaroth 2FA Phishing Kit Targets Gmail, Yahoo, Office 365, and Third-Party Logins (GB Hackers)

SonicWall Firewall Vulnerability Exploited After PoC Publication (SecurityWeek)

Have I Been Pwned likely to ban resellers (The Register)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Salt in the wound.

Thu, 13 Feb 2025 21:10:00 -0000

Salt Typhoon is still at it. Russian cyber-actor Seashell Blizzard expands its reach. The EFF sues DOGE to protect federal workers’ data. House Republicans pursue a comprehensive data privacy bill. Fortinet patches a critical vulnerability. Google views cybercrime as a national security threat. Palo Alto Networks issues 10 new security advisories. Symantec suspects a Chinese APT sidehustle. Guest Jason Baker, Principal Security Consultant at GuidePoint Security, joins us to share an update on the state of ransomware. A massive IoT data breach exposes 2.7 billion records. Here come the AI agents.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today’s guest, Jason Baker, Principal Security Consultant at GuidePoint Security, joins us to share an update on the state of ransomware.

Selected Reading

China’s Salt Typhoon Spies Are Still Hacking Telecoms—Now by Exploiting Cisco Routers (WIRED)

Russian Seashell Blizzard Enlists Specialist Initial Access Subgroup to Expand Ops (Infosecurity Magazine)

EFF Leads Fight Against DOGE and Musk's Access to US Federal Workers' Data (Infosecurity Magazine)

Elon Musk and the Right Are Recasting Reporting as ‘Doxxing’ (New York Times)

FortiOS Vulnerability Allows Super-Admin Privilege Escalation – Patch Now! (Hackread)

Cybercrime evolving into national security threat: Google (The Record)

House Republicans launch group for comprehensive data privacy legislation (The Record)

Palo Alto Networks Patches Potentially Serious Firewall Vulnerability (SecurityWeek)

Chinese Cyberspy Possibly Launching Ransomware Attacks as Side Job (SecurityWeek)

Massive IoT Data Breach Exposes 2.7 Billion Records, Including Wi-Fi Passwords (Cyber Security News)

Are You Ready to Let an AI Agent Use Your Computer? (IEEE Spectrum)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

DOGEgeddon: The cyber crisis hiding in plain sight.

Wed, 12 Feb 2025 23:10:00 -0000

Is DOGE a cyberattack against America? The White House plans to nominate a new national cyber director. Patch Tuesday updates. Ivanti discloses a critical stack-based buffer overflow vulnerability. The GAO identifies cybersecurity gaps in the U.S. Coast Guard’s efforts to secure the Maritime Transportation System. An Arizona woman pleads guilty to running a laptop farm for North Korea. A notorious swatter gets a prison sentence. Our guests are Gianna Whitver and Maria Velasquez, co-hosts of the Breaking Through in Cybersecurity Marketing podcast. Plague-themed phishing tests take it too far.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today, we welcome Gianna Whitver and Maria Velasquez, co-hosts of the Breaking Through in Cybersecurity Marketing podcast, sharing their plans for 2025. You can listen to new episodes of Breaking Through in Cybersecurity Marketing every Wednesday airing on the N2K CyberWire network and wherever you get your podcasts.

Selected Reading

DOGE's Cyberattack Against America (Foreign Policy)

Trump plans to nominate GOP insider Sean Cairncross as national cyber director (The Record)

Microsoft Fixes Another Two Actively Exploited Zero-Days (Infosecurity Magazine)

Chipmaker Patch Tuesday: Intel, AMD, Nvidia Fix High-Severity Vulnerabilities (SecurityWeek)

ICS Patch Tuesday: Vulnerabilities Addressed by Schneider Electric, Siemens (SecurityWeek)

Ivanti Connect Secure Vulnerabilities Let Attackers Execute Code Remotely (Cyber Security News)

GAO Tells Coast Guard to Improve Cybersecurity of Maritime Transportation System (SecurityWeek)

Arizona woman pleads guilty to running laptop farm for N. Korean IT workers, faces 9-year sentence (The Record)

California Teenager Sentenced to 48 Months in Prison for Nationwide Swatting Spree (US Department of Justice)

Phishing Tests, the Bane of Work Life, Are Getting Meaner (Wall Street Journal)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Apple’s race to secure your iPhone.

Tue, 11 Feb 2025 21:10:00 -0000

Apple releases emergency security updates to patch a zero-day vulnerability. CISA places election security workers on leave. Elon Musk leads a group of investors making an unsolicited bid to acquire OpenAI. The man accused of hacking the SEC’s XTwitter account pleads guilty. Law enforcement seizes the leak site of the 8Base ransomware gang. Researchers track a massive increase in brute-force attacks targeting edge devices. Experts question the U.K. government’s demand for an encryption backdoor in Apple devices. Today’s guest is John Fokker, Head of Threat Intelligence at Trellix, joining us to discuss their work on "Blurring the Lines: How Nation-States and Organized Cybercriminals Are Becoming Alike." And it’s international day for women and girls in science.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today’s guest is John Fokker, Head of Threat Intelligence at Trellix, joining us to discuss their work on "Blurring the Lines: How Nation-States and Organized Cybercriminals Are Becoming Alike."

Selected Reading

Apple fixes zero-day exploited in 'extremely sophisticated' attacks (BleepingComputer)

US cyber agency puts election security staffers who worked with the states on leave (AP News)

Elon Musk-led group makes $97.4 billion bid for OpenAI, CEO refuses and offers to "buy Twitter for $9.74 billion" (TechSpot)

OpenAI Finds No Evidence of Breach After Hacker Offers to Sell 20 Million Credentials (SecurityWeek)

Hacker who hijacked SEC’s X account pleads guilty, faces maximum five-year sentence (The Record)

8Base ransomware site taken down as Thai authorities arrest 4 connected to operation (The Record)

Edge Devices Face Surge in Mass Brute-Force Password Attacks (Data Breach Today)

U.K. Kicks Apple’s Door Open for China (Wall Street Journal)

International Day of Women and Girls in Science- United Nations (United Nations)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Read all about it—or maybe not.

Mon, 10 Feb 2025 21:10:00 -0000

A cyberattack disrupts newspaper publishing. A major AI summit takes place in Paris this week. A federal judge restricts DOGE from accessing Treasury Department systems. Cybersecurity cooperation between Canada and the U.S. remains strong. The Kraken ransomware group leaks credentials allegedly linked to Cisco. Europol urges banks to start preparing for quantum-safe cryptography. Microsoft expands its Copilot bug bounty program. The PlayStation Network (PSN) experienced a major outage over the weekend. Indiana man sentenced to 20 years for $37m cryptocurrency fraud. Our guest is Mike Woodard, VP of Product Management for App Security at Digital.ai, sharing strategies to minimize risk when implementing AI. Hunting for length and complexity in WiFi passwords.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Our guest is Mike Woodard, VP of Product Management for App Security at Digital.ai, sharing strategies to minimize risk when implementing AI to enhance security.

Selected Reading

Cyberattack Disrupts Publication of Lee Newspapers Across the U.S. (New York Times)

Trump’s AI Ambition and China’s DeepSeek Overshadow an AI Summit in Paris (SecurityWeek)

Musk Team’s Treasury Access Raises Security Fears, Despite Judge’s Ordered Halt (New York Times)

In Breaking USAID, the Trump Administration May Have Broken the Law (ProPublica)

Judge: DOGE made US Treasury ‘more vulnerable to hacking’ (The Register)

Cisco Data Breach – Ransomware Group Allegedly Breached Internal Network (GB Hackers)

Europol Warns Financial Sector of “Imminent” Quantum Threat (Infosecurity Magazine)

Trade war or not, Canada will keep working with the U.S. on cybersecurity (The Logic)

Microsoft Expands Copilot Bug Bounty Program, Increases Payouts (SecurityWeek)

PlayStation Network Down; Outage Leaves Gamers Frustrated (Updated) (HackRead)

Indiana Man Sentenced to 20 Years in Federal Prison for Conspiracies Involving Cyber Intrusion and a Massive $37 Million Cryptocurrency Theft (DataBreaches.Net)

The World's Longest and Strongest WiFi Passwords (InfoSec Write-ups)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Avi Shua: Try to do things by yourself. [CEO] [Career Notes]

Sun, 09 Feb 2025 08:00:00 -0000

Please enjoy this encore of Career Notes.

CEO and co-founder of Orca Security Avi Shua shares his thoughts on ways to succeed in cybersecurity. Avi's excitement about cybersecurity began when he was 13 as he tried to think of ways to get around the school's network security. He joined the Israeli Army's Intelligence Unit 8200 and experienced some unique cybersecurity training programs that he would eventually come to teach. Learning to solve problems on your own is a skill Avi acquired and took into his professional career. In his current position, Avi works to advance Orca's mission. He loves that his company works to reduce friction and enables security people to do their jobs. Instead of becoming of plumbers connecting things, Avi says they can do their job and become real security practitioners. We thank Avi for sharing his story with us.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Cleo’s trojan horse. [Research Saturday]

Sat, 08 Feb 2025 08:00:00 -0000

Mark Manglicmot, SVP of Security Services from Arctic Wolf, is sharing their research on "Cleopatra’s Shadow: A Mass Exploitation Campaign Deploying a Java Backdoor Through Zero-Day Exploitation of Cleo MFT Software." Arctic Wolf Labs discovered an ongoing exploitation campaign targeting Cleo Managed File Transfer (MFT) products, beginning on December 7, 2024. Threat actors used a malicious PowerShell stager to deploy a Java-based backdoor, dubbed Cleopatra, which features in-memory file storage and cross-platform compatibility across Windows and Linux.

Despite Cleo's previous patch for CVE-2024-50623, attackers appear to have leveraged an alternative access method, exploiting the software's autorun feature to execute payloads and establish persistent access.

The research can be found here:

Cleopatra’s Shadow: A Mass Exploitation Campaign Deploying a Java Backdoor Through Zero-Day Exploitation of Cleo MFT Software

Learn more about your ad choices. Visit megaphone.fm/adchoices

DOGE-eat-DOGE world.

Fri, 07 Feb 2025 21:10:00 -0000

Security concerns grow over DOGE’s use of AI. The British government demands access to encrypted iCloud accounts. Researchers identify critical vulnerabilities in the DeepSeek iOS app. Microsoft Edge uses AI to block scareware. A phishing campaign targets Facebook users with fake copyright infringement notices. Researchers discover malicious machine learning models on Hugging Face. A major data broker faces yet-another data breach lawsuit. CISA warns of a critical Microsoft Outlook vulnerability under active exploitation. Guest John Anthony Smith, Founder and Chief Security Officer at Fenix24, shares insights into why backups are the most important security control. The UK’s cyber weather report says expect light phishing with a chance of ransomware.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today on our Industry Voices segment, guest John Anthony Smith, Founder and Chief Security Officer at Fenix24, shares insights into why backups are the most important security control.

For additional details, please visit this resource:

The Reality of Resilience, Recovery, and Repeat Cyberattacks (Infographic)

Selected Reading

Elon Musk’s DOGE feeds AI sensitive federal data to target cuts (The Washington Post)

Will DOGE Access to CMS Data Lead to HIPAA Breaches? (GovInfo Security)

Federal judge tightens DOGE leash over critical Treasury payment system access (The Register)

UK reportedly demands secret ‘back door’ to Apple users’ iCloud accounts (The Record)

NowSecure Uncovers Multiple Security and Privacy Flaws in DeepSeek iOS Mobile App (NowSecure)

Microsoft Edge update adds AI-powered Scareware Blocker (Bleeping Computer)

New Facebook Fake Copyright Notices Phishing Steals Your FB Credentials (Cyber Security News)

Developers Beware! Malicious ML Models Detected on Hugging Face Platform (Cyber Security News)

Coordinates of millions of smartphones feared stolen, sparking yet another lawsuit against data broker (The Register)

Critical Microsoft Outlook Vulnerability (CVE-2024-21413) Actively Exploited in Attacks - CISA Warns (CISA)

UK cyberattack severity to be scored by world-first group (The Register)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

FCC around and find out.

Thu, 06 Feb 2025 21:10:00 -0000

Chaos and security concerns continue in Washington. Spanish authorities arrest a man suspected of hacking NATO, the UN, and the US Army. A major U.S. hiring platform exposes millions of resumes. Another British engineering firm suffers a cyberattack. Cisco patches multiple vulnerabilities. Cybercriminals exploit SVG files in phishing attacks. SparkCat SDK targets cryptocurrency via Android and iOS apps. CISA directs federal agencies to patch a high-severity Linux kernel flaw. Thailand leaves scamming syndicates in the dark. Positive trends in the fight against ransomware. Our guest is Cliff Crosland, CEO and Co-founder at Scanner.dev, discusses the evolution of security data lakes and the "bring your own" model for security tools. Don’t eff with the FCC.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today on our Industry Voices segment, guest Cliff Crosland, CEO and Co-founder at Scanner.dev, discusses the evolution of security data lakes and the "bring your own" model for security tools. For some additional details, check out their blog on “Security Data Lakes: A New Tool for Threat Hunting, Detection & Response, and GenAI-Powered Analysis.”

Selected Reading

Musk’s DOGE agents access sensitive personnel data, alarming security officials (Washington Post)

Union groups sue Treasury over giving DOGE access to sensitive data (The Record)

Hacker Who Targeted NATO, US Army Arrested in Spain (SecurityWeek)

Hiring platform serves users raw with 5.4 million CVs exposed (Cybernews)

IMI becomes the latest British engineering firm to be hacked (TechCrunch)

Cisco Patches Critical Vulnerabilities in Enterprise Security Product (SecurityWeek)

Scalable Vector Graphics files pose a novel phishing threat (Sophos News)

Crypto-stealing apps found in Apple App Store for the first time (Bleeping Computer)

Ransomware payments dropped in 2024 as victims refused to pay hackers (TechCrunch)

CISA orders agencies to patch Linux kernel bug exploited in attacks (Bleeping Computer)

Thailand cuts power supply to Myanmar scam hubs (The Record)

Robocallers posing as FCC fraud prevention team call FCC staff (Bleeping Computer)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

DOGE days numbered?

Wed, 05 Feb 2025 21:10:00 -0000

The DOGE team faces growing backlash. The Five Eyes release guidance on protecting edge devices. A critical macOS kernel vulnerability allows privilege escalation, memory corruption, and kernel code execution. Google and Mozilla release security updates for Chrome and Firefox. Multiple Veeam backup products are vulnerable to man-in-the-middle attacks. Zyxel suggests you replace those outdated routers. A former Google engineer faces multiple charges for alleged corporate espionage. CISA issues nine new advisories for ICS vulnerabilities. A house Republican introduces a cybersecurity workforce scholarship bill. On our CertByte segment, a look at ISC2’s CISSP exam. Google updates its stance on AI weapons.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CertByte Segment

Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare.

This week, Chris is joined by Steven Burnley to break down a question targeting ISC2®'s CISSP - Certified Information Systems Security Professional) exam. Today’s question comes from N2K’s ISC2® CISSP - Certified Information Systems Security Professional Practice Test.

Please note: The questions and answers provided here, and on our site, are not actual current or prior questions and answers from these certification publishers or providers.

Selected Reading

Federal Workers Sue to Disconnect DOGE Server (WIRED)

Treasury says DOGE review has ‘read-only’ access to federal payments system (The Record)

‘Things Are Going to Get Intense:’ How a Musk Ally Plans to Push AI on the Government (404 Media)

Cybersecurity, government experts are aghast at security failures in DOGE takeover (CyberScoop)

Five Eyes Launch Guidance to Improve Edge Device Security (Infosecurity Magazine)

Apple's MacOS Kernel Vulnerability Let Attackers Escalate Privileges - PoC Released (Cyber Security News)

Chrome 133, Firefox 135 Patch High-Severity Vulnerabilities (SecurityWeek)

Critical Veeam Vulnerability (CVE-2025-23114) Exposes Backup Servers to Remote Code Execution (SOCRadar)

Router maker Zyxel tells customers to replace vulnerable hardware exploited by hackers (TechCrunch)

US cranks up espionage charges against ex-Googler accused of trade secrets heist (The Register)

CISA Releases Nine Advisories Detailing vulnerabilities and Exploits Surrounding ICS (Cyber Security News)

CISA hires former DHS CIO into top cyber position (Federal News Network)

Proposal for federal cyber scholarship, with service requirement, returns in House (The Record)

Google drops pledge not to use AI for weapons or surveillance (Washington Post)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

A wolf in DOGE’s clothing?

Tue, 04 Feb 2025 21:10:00 -0000

DOGE’s unchecked access to federal networks sparks major cybersecurity fears. Senator Hawley’s AI ban targets China and raises free speech concerns. Apple service ticket portal vulnerability exposed millions of users’ data. North Korean ‘FlexibleFerret’ malware targets macos via job scams and fake zoom apps. February 2025 android security update fixes 48 vulnerabilities, including exploited zero-day. Grubhub data breach exposes customer and driver information. Abandoned cloud infrastructure creates major security risks. Texas to launch its own Cyber Command amid rising cyber threats. Dell PowerProtect vulnerabilities pose critical security risks. On our Threat Vector segment, David Moulton and his guests look at the potential dangers of DeepSeek. U.S. Government is quietly altering the Head Start database. And a moment of inspiration from a spacefaring poet.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

Threat Vector Segment

Artificial intelligence is advancing fast, but with innovation comes risk. In this segment of Threat Vector, host David Moulton sits down with Sam Rubin, SVP of Consulting and Threat Intelligence at Unit 42, and Kyle Wilhoit, Director of Threat Research, to explore the vulnerabilities of DeepSeek, a new large language model. To listen to the full discussion, please check out the episode here or on your favorite podcast app, and tune in to new episodes of Threat Vector by Palo Alto Networks every Thursday.

Selected Reading

Musk’s DOGE effort could spread malware, expose US systems to threat actors (CSO Online)

As DOGE teams plug into federal networks, cybersecurity risks could be huge, experts say (The Record)

Senator Hawley Proposes Jail Time for People Who Download DeepSeek (404 Media)

Apple Service Ticket portal Vulnerability Exposes Millions of Users Data (Cyber Security News)

N. Korean ‘FlexibleFerret’ Malware Hits macOS with Fake Zoom, Job Scams (Hackread)

Google fixes Android kernel zero-day exploited in attacks (Bleeping Computer)

GrubHub Data Breach - Customers Phone Numbers Exposed (Cyber Security News)

Here’s all the ways an abandoned cloud instance can cause security issues (CyberScoop)

Texas to Establish Cyber Command Amid “Dramatic” Rise in Attacks (Infosecurity Magazine)

Multiple Dell PowerProtect Vulnerabilities Let Attackers Compromise System (Cyber Security News)

‘Forbidden Words’: Github Reveals How Software Engineers Are Purging Federal Databases (404 Media)

T-Minus Deep Space: Inspiration4 with Dr. Sian “Leo” Proctor. (T-Minus Deep Space podcast)

Dr. Sian Proctor got her ticket to space after being selected for her poetry (Instagram)

2025 SpaceCom: Interview with Dr. Sian Proctor (YouTube)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Federal agencies in power struggle crossfire.

Mon, 03 Feb 2025 21:00:00 -0000

Federal agencies become battlegrounds in an unprecedented power struggle. XE Group evolves from credit-card skimming to exploiting zero-day vulnerabilities. WhatsApp uncovers a zero-click spyware attack linked to an Israeli firm.Texas expands its ban on Chinese-backed AI and social media apps. Data breaches expose the personal and medical information of over a million people.NVIDIA patches multiple critical vulnerabilities. Arm discloses critical vulnerabilities affecting its Mali GPU Kernel Drivers and firmware. The UK government aims to set the global standard for securing AI. Tim Starks from CyberScoop has the latest from Senate confirmation hearings. The National Cryptologic Museum rights a wrong.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Joining us today is Tim Starks, Senior Reporter from CyberScoop, to discuss two of his recent articles:

Selected Reading

Top Security Officials at Aid Agency Put on Leave After Denying Access to Musk Team (New York Times)

Exclusive: Musk aides lock workers out of OPM computer system (Reuters)

Federal Workers Block Doors of Admin Building Over Elon Musk Data Breach (DC Media Group)

Trump Broke the Federal Email System and Government Employees Got Blasted With Astonishingly Vulgar Messages (Futurism)

CISA employees told they are exempt from federal worker resignation program (The Record)

From credit card fraud to zero-day exploits: Xe Group expanding cybercriminal efforts (CyberScoop)

Israeli Firm Paragon Attack WhatsApp With New Zero-Click Spyware (Cyber Security News)

Texas Gov. Greg Abbott bans DeepSeek, RedNote and other Chinese-backed AI platforms (Statesman)

Hundreds of Thousands Hit by Data Breaches at Healthcare Firms in Colorado, North Carolina (SecurityWeek)

Insurance Company Globe Life Notifying 850,000 People of Data Breach (SecurityWeek)

NVIDIA GPU Display Driver Vulnerability Lets Attackers Steal Files Remotely - Update Now (Cyber Security News)

Arm Mali GPU Kernel Driver 0-Day Vulnerability Actively Exploited in the Wild (Cyber Security News)

UK Announces “World-First” AI Security Standard (Infosecurity Magazine)

Larry Pfeiffer on Bluesky (Bluesky)

Possibly related to the Bluesky post: Trailblazers in U.S. Cryptologic History

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Margaret Cunningham: A people scientist with a technology focus. [Behavioral science} [Career Notes]

Sun, 02 Feb 2025 08:00:00 -0000

Please enjoy this encore episode with Principal Research Scientist for Human Behavior at Forcepoint, Margaret Cunningham. She shares her story of how she landed in cybersecurity. With a background in psychology and counseling and not feeling that one-on-one counseling was her thing, Margaret had a transformational moment in her PhD program in applied experimental technology when she realized she could "provide helping services and good work services at a broader scale." Margaret found her professional footing at DHS's Human Systems Integration Branch of Science and Technology Department as the person who figured out how to measure how new technologies impacted human performance. Margaret points out that making connections and reading whatever you can is important to stay up to date in the field. She notes that her statistical analysis skills are an asset. She hopes to create champions in human behavior and performance in the world of technology. We thank Margaret for sharing her story with us.

Learn more about your ad choices. Visit megaphone.fm/adchoices

A Digital Eye on supply-chain-based espionage attacks. [Research Saturday]

Sat, 01 Feb 2025 08:00:00 -0000

This week, Dave Bittner is joined by Juan Andres Guerrero-Saade (JAGS) from SentinelOne's SentinelLabs to discuss the work his team and Tinexta Cyber did on "Operation Digital Eye | Chinese APT Compromises Critical Digital Infrastructure via Visual Studio Code Tunnels."

Tinexta Cyber and SentinelLabs have been tracking threat activities targeting business-to-business IT service providers in Southern Europe. Based on the malware, infrastructure, techniques used, victimology, and the timing of the activities, we assess that it is highly likely these attacks were conducted by a China-nexus threat actor with cyberespionage motivations.

The relationships between European countries and China are complex, characterized by cooperation, competition, and underlying tensions in areas such as trade, investment, and technology. Suspected China-linked cyberespionage groups frequently target public and private organizations across Europe to gather strategic intelligence, gain competitive advantages, and advance geopolitical, economic, and technological interests.

The research can be found here:

Operation Digital Eye | Chinese APT Compromises Critical Digital Infrastructure via Visual Studio Code Tunnels

Learn more about your ad choices. Visit megaphone.fm/adchoices

The end of a cybercrime empire.

Fri, 31 Jan 2025 21:10:00 -0000

Authorities dismantle a Pakistan-based cybercrime network. Lawmakers question the feasibility of establishing a U.S. Cyber Force as a standalone military branch. The DOJ sues to block HPE’s acquisition of Juniper Networks. Tangerine Turkey deploys cryptomining malware. Major healthcare providers send breach notifications. Norwegian police seize a Russian-crewed ship suspected of damaging a communications cable. Researchers discover critical vulnerabilities in GitHub Copilot. D-Link patches a critical router vulnerability. CISA and the FDA have warned U.S. healthcare organizations of severe security vulnerabilities in Chinese-made patient monitors. Pauses in funding create confusion for federal cybersecurity vendors. We bid a fond farewell to a pair of N2K colleagues. The case of the disappearing government data.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today’s guest segment is bittersweet as we offer our thanks and see you laters to two of our beloved colleagues N2K President Simone Petrella, who’s taking her leadership role to our advisory board, and Executive Editor Brandon Karpf, who will be taking up the mantle of protecting our national security starting his own company, Hedy Cyber. Join us in celebrating their incredible journeys, contributions to our successes, and letting them both know just how deeply they will be missed by all of us here at N2K.

Selected Reading

US, Dutch Authorities Disrupt Pakistani Hacking Shop Network (SecurityWeek)

Lawmakers push for guardrails, deadline on cyber military study (The Record)

US Sues to Stop HPE $14 Billion Deal to Buy Juniper Networks (Bloomberg)

Tangerine Turkey mines cryptocurrency in global campaign (Red Canary)

US healthcare provider data breach impacts 1 million patients (Bleeping Computer)

NorthBay Health Data Breach Impacts 569,000 Individuals (SecurityWeek)

Norway seizes ship suspected of sabotage, says crew are Russian nationals (The Record)

GitHub Copilot Jailbreak Vulnerability Let Attackers Train Malicious Models (Cyber Security News)

D-Link Routers Vulnerability Let Attackers Gain Full Router Control Remotely (Cyber Security News)

CISA, FDA Warn of Dangerous Backdoor in Contec Patient Monitors (SecurityWeek)

Federal Cybersecurity Contractors Whiplashed By Uncertainty (GovInfo Security)

Archivists Work to Identify and Save the Thousands of Datasets Disappearing From Data.gov (404 Media)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Cracked and Nulled taken down.

Thu, 30 Jan 2025 21:00:00 -0000

International law enforcement takes down a pair of notorious hacking forums. Wiz discovers an open DeepSeek database. Time Bandit jailbreaks ChatGPT. Ransomware hits one of the largest U.S. blood centers. A cyberattack takes the South African Weather Service offline. Researchers describe a new “browser syncjacking” attack. TeamViewer patches a high-severity privilege escalation flaw. Over three dozen industry groups urge Congress to pass a national data privacy law. CISA faces an uncertain future. N2K’s Brandon Karpf speaks with Ellen Chang, Vice President Ventures at BMNT and Head of BMNT Ventures. OpenAI Cries Foul After Getting a Taste of Its Own Medicine.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today, N2K’s Brandon Karpf speaks with Ellen Chang, Vice President Ventures at BMNT and Head of BMNT Ventures, about the venture model, why it exists, how it works, and its impact.

Selected Reading

Police seizes Cracked and Nulled hacking forum servers, arrests suspects (Bleeping Computer)

Wiz Research Uncovers Exposed DeepSeek Database Leaking Sensitive Information, Including Chat History (Wiz)

Time Bandit ChatGPT jailbreak bypasses safeguards on sensitive topics(Bleeping Computer)

US blood donation giant warns of disruption after ransomware attack (TechCrunch)

South Africa’s government-run weather service knocked offline by cyberattack (The Record)

Syncjacking Attack Enables Full Browser and Device Takeover (Infosecurity Magazine)

TeamViewer Patches High-Severity Vulnerability in Windows Applications (SecurityWeek)

Industry groups call on Congress to enact federal data privacy law (The Record)

US Cyber Agency’s Future Role in Elections Remains Murky Under the Trump Administration (SecurityWeek)

OpenAI Furious DeepSeek Might Have Stolen All the Data OpenAI Stole From Us (404 Media)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Cats and RATS are all the rage.

Wed, 29 Jan 2025 21:00:00 -0000

Hackers linked to China and Iran are using AI to enhance cyberattacks. An AI-powered messaging tool for Slack and Discord is reportedly leaking user data. British engineering giant Smiths Group suffers a cyberattack. Rockwell Automation details critical and high-severity vulnerabilities. Researchers warn of new side-channel vulnerabilities in Apple CPUs. The Hellcat ransomware gang looks to humiliate its victims. SparkRAT targets macOS users and government entities. Flashpoint looks at FleshStealer malware. Cybercriminals leverage trust in government websites. Our guest is Ivan Novikov, CEO at Wallarm, sharing insights on the recent United States ruling that bars certain Chinese and Russian connected car tech from being imported into the US. QR code shenanigans.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Our guest is Ivan Novikov, CEO at Wallarm, sharing insights on the recent United States ruling that bars certain Chinese and Russian connected car tech from being imported into the US and its impact.

Selected Reading

Chinese and Iranian Hackers Are Using U.S. AI Products to Bolster Cyberattacks (Wall Street Journal)

Update: Cybercriminals still not fully on board the AI train (yet) (Sophos)

Unprotected AI service streams private Slack messages for 30 bucks a month (Cybernews)

Engineering giant Smiths Group discloses security breach (Bleeping Computer)

Rockwell Patches Critical, High-Severity Vulnerabilities in Several Products (SecurityWeek)

New Apple CPU side-channel attacks steal data from browsers (Bleeping Computer)

SLAP (Predictors Fail)

Meow-ware gang: the cyber cats who humiliate their prey (Cybernews)

Hackers Attacking Windows, macOS, and Linux systems With SparkRAT (GB Hackers)

Unmasking FleshStealer: A New Infostealer Threat in 2025 (Flashpoint)

Threat Actors Exploit Government Websites for Phishing (Infosecurity Magazine)

Christian Walther: "@gvy_dvpont Got me thinking… c…" (Mastodon)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

It was DDoS, not us.

Tue, 28 Jan 2025 21:00:00 -0000

DeepSeek blames DDoS for recent outages. Hackers behind last year’s AT&T data breach targeted members of the Trump family, Kamala Harris, and Marco Rubio’s wife.The EU sanctions Russians for cyberattacks against Estonia. ENGlobal confirms personal information was taken in last year’s ransomware attack. CISA issues a critical warning about a SonicWall vulnerability actively exploited. A large-scale phishing campaign exploits users’ trust in PDF files and the USPS. Apple patches a zero-day affecting many of their products. A ransomware attack on an Ohio-based operator of skilled nursing and rehabilitation facilities affects over 70,000. President Trump has a tumultuous first week back in office. Our guest is Bogdan Botezatu, Director, Threat Research and Reporting at Bitdefender, to discuss the dark market subculture and its parallels to holiday shopping. A nonprofit aims to clean up the AI industry’s mess.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

We are joined by Bogdan Botezatu, Director, Threat Research and Reporting at Bitdefender, to discuss the dark market subculture and its parallels to holiday shopping. Check out Bitdefender’s research on the topic here.

Selected Reading

DeepSeek Blames Disruption on Cyberattack as Vulnerabilities Emerge (SecurityWeek)

DeepSeek FAQ (Stratechery)

We tried out DeepSeek. It worked well, until we asked it about Tiananmen Square and Taiwan (The Guardian)

Hackers Mined AT&T Breach for Data on Trump's Family, Kamala Harris (404 Media)

European Union Sanctions Russian Nationals for Hacking Estonia (SecurityWeek)

ENGlobal Says Personal Information Accessed in Ransomware Attack (SecurityWeek)

CISA Warns of SonicWall 0-day RCE Vulnerability Exploited in Wild (Cyber Security News)

Hackers Use Malicious PDFs, pose as USPS in Mobile Phishing Scam (Security Boulevard)

Amazon Prime Security Warning As Hackers Strike—What You Need To Know (Forbes)

Apple plugs exploited security hole in iOS, updates macOS (The Register)

Nursing Home, Rehab Chain Says Hack Affects Nearly 70,000 (GovInfo Security)

A Tumultuous Week for Federal Cybersecurity Efforts (Krebs on Security)

Initiative Aims to Enable Ethical Coding LLMs (IEEE Spectrum)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

China's chatbot sends tech stocks into tailspin.

Mon, 27 Jan 2025 21:53:00 -0000

Chinese AI startup DeepSeek shakes up the market. Trump freezes cyber diplomacy funding and puts a vital U.S.-EU data-sharing agreement at risk. A trojanized RAT targets script kiddies. U.K. telecom giant TalkTalk investigates a data breach. Researchers uncover a critical flaw in Meta’s Llama Stack AI framework. Attackers leverage hidden text salting in emails. The “FlowerStorm” phishing framework targets multiple brands to steal customer credentials. A critical zero-day hits SonicWall VPN appliances. Swedish authorities seized a cargo ship suspected of damaging a key fiber optic cable. Freezing out crypto-kidnappers. Our guest is Jon Miller, CEO and Co-founder from Halcyon, sharing trends in ransomware and insights on Brain Cipher. The British Museum defends its artefacts from IT attacks.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Our guest today is Jon Miller, CEO and Co-founder from Halcyon, sharing trends in ransomware along with some insights on Brain Cipher. For more detail, check out Halcyon’s Power Rankings: Ransomware Malicious Quartile Q4-2024.

Selected Reading

A shocking Chinese AI advancement called DeepSeek is sending US stocks plunging (CNN Business)

Politicization of intel oversight board could threaten key US-EU data transfer agreement (The Record)

Cyber diplomacy funding halted as US issues broad freeze on foreign aid (The Record)

Weaponised XWorm RAT builder Attacking script kiddies to Steal Sensitive Data (GB Hackers)

Change Healthcare Breach Almost Doubles in Size to 190 Million Victims (Infosecurity Magazine)

TalkTalk investigating data breach after hacker claims theft of customer data (TechCrunch)

Meta rushes to fix critical Llama Stack AI flaw (Cybernews)

Seasoning email threats with hidden text salting (Cisco Talos)

New Phishing Framework Attacking Multiple Brands To Steal Customer Logins (Cyber Security News)

More than 2,000 SonicWall devices vulnerable to critical zero-day (The Record)

Sweden seizes vessel after another undersea cable damaged (The Register)

Nicolas Bacca: "We have invented a unique organisational model for intervening in cryptocurrency ransom" (The Big Whale)

British Museum hit by alleged IT attack by ex-worker (BBC News)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Dave Farrow: The guy that enabled the business. [Security leadership] [Career Notes]

Sun, 26 Jan 2025 08:00:00 -0000

Please enjoy this encore episode with VP of Information Security at Barracuda Dave Farrow, and how he shares how a teenage surfer fell in love with software development and made his way in the cybersecurity field. Dave chose to study electrical engineering in college because he wanted to learn something that didn't make sense to him. He says he's done things in his career that he said he'd never do: for example, he went into and fell in love with software development. Taking on leadership of a bug bounty program at Barracuda blossomed into the creation of an internal security team. Dave wants to be the guy who enables the business and not the one who prevented it. He hopes all will come to recognize that there are other threats besides cybersecurity threats to business. We thank Dave for sharing his story with us.

Learn more about your ad choices. Visit megaphone.fm/adchoices

LightSpy's dark evolution. [Research Saturday]

Sat, 25 Jan 2025 06:00:00 -0000

This week, we are joined by Ismael Valenzuela, VP of Threat Research & Intelligence, and Jacob Faires, Principal Threat Researcher, from Blackberry discussing the team's work on "LightSpy: APT41 Deploys Advanced DeepData Framework In Targeted Southern Asia Espionage Campaign." In April 2024, BlackBerry uncovered a significant evolution of the LightSpy malware campaign, attributed to Chinese cyber-espionage group APT41.

The newly introduced DeepData framework, a modular Windows-based surveillance tool, expands data theft capabilities with 12 specialized plugins for tasks like communication surveillance, credential theft, and system intelligence gathering. The campaign targets a wide range of communication platforms, including WhatsApp, Signal, and WeChat, with advanced techniques for monitoring and stealing sensitive information from victims across the Asia-Pacific region.

The research can be found here:

LightSpy: APT41 Deploys Advanced DeepData Framework In Targeted Southern Asia Espionage Campaign

Learn more about your ad choices. Visit megaphone.fm/adchoices

The end of warrantless searches?

Fri, 24 Jan 2025 21:40:00 -0000

A federal court finds the FBI’s warrantless section 702 searches unconstitutional. The DOJ charges five in a fake IT worker scheme. The Texas Attorney General expands his investigation into automakers’ data sharing. CISA highlights vulnerabilities in the aircraft collision avoidance system. Estonia will host Europe's new space cybersecurity testing ground. Hackers use hardware breakpoints to evade EDR detection. Subaru’s Starlink connected vehicle service exposed sensitive customer and vehicle data. Asian nations claim progress against criminal cyber-scam camps. Our guest today is Dr. Chris Pierson, Founder and CEO of BlackCloak, with his outlook on 2025. Sticking AI crawlers in the tar pit.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Our guest today is Dr. Chris Pierson, Founder and CEO of BlackCloak, joining us to share trends he sees coming our way in 2025.

Selected Reading

Court rules FBI’s warrantless searches violated Fourth Amendment (Ars Technica)

US Charges Five People Over North Korean IT Worker Scheme (SecurityWeek)

Texas probes four more car companies over how they collect and sell consumer data (The Record)

CISA Warns of Flaws in Aircraft Collision Avoidance Systems (BankInfo Security)

ESA - Estonia to host Europe's new space cybersecurity testing ground (European Space Agency)

Bypassing EDR Detection by Exploiting Hardware Breakpoints at CPU Level (Cyber Security News)

Subaru Starlink Vulnerability Exposed Cars to Remote Hacking (SecurityWeek)

China and friends say they're hurting cyber-slave scam camps (The Register)

Developer Creates Infinite Maze That Traps AI Training Bots (404 Media)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

A warning from the cloud.

Thu, 23 Jan 2025 21:10:00 -0000

CISA and FBI detail exploit chains used by Chinese hackers to compromise Ivanti Cloud Service Appliances. Energy systems in Central Europe use unencrypted radio signals. A critical SonicWall vulnerability is under active exploitation. The Nnice ransomware strain isn’t. Cisco discloses a critical vulnerability in its Meeting Management tool. GhostGPT is a new malicious generative AI chatbot. ClamAV patches critical vulnerabilities in the open-source anti-virus engine. A new report questions the effectiveness of paying ransomware demands. DOGE piggybacks on the United States Digital Service. On our Industry Voices segment, we are joined by Joe Gillespie, Senior Vice President at Booz Allen, discussing Cyber AI. Jen Easterly leaves CISA a legacy of resilience and dedication.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

Industry Voices

Today on our Industry Voices segment, we are joined by Joe Gillespie, Senior Vice President at Booz Allen, discussing Cyber AI.

Selected Reading

FBI/CISA Share Details on Ivanti Exploits Chains: What Network Defenders Need to Know (SecurityWeek)

Researchers say new attack could take down the European power grid (Ars Technica)

Critical SonicWall Vulnerability Exploited In Attacks Execute Arbitrary OS Commands (Cyber Security News)

Nnice Ransomware Attacking Windows Systems With Advanced Encryption Techniques (GB Hackers)

Cisco Fixes Critical Vulnerability in Meeting Management (Infosecurity Magazine)

New GhostGPT AI Chatbot Facilitates Malware Creation and Phishing (Infosecurity Magazine)

Open-Source ClamAV Releases Critical Security Patch Updates – What’s Inside! (Cyber Security News)

Companies who pay off ransomware attackers rarely get their data back, survey shows (Cybernews)

Elon Musk Plays DOGE Ball—and Hits America’s Geek Squad (WIRED)

Under Trump, US Cyberdefense Loses Its Head (WIRED)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

The uncertain future of cyber safety oversight.

Wed, 22 Jan 2025 21:10:00 -0000

The latest cyber moves from the Trump White House. Pompompurin faces resentencing. An attack on a government IT contractor impacts Medicaid, child support, and food assistance programs. Helldown ransomware targets unpatched Zyxel firewalls. Murdoc is a new Mirai botnet variant. Cloudflare maps the DDoS landscape. North Korea’s Lazarus group uses fake job interviews to deploy malware. Hackers are abusing Google ads to spread AmosStealer malware. Pwn2Own Automotive awards over $382,000 on its first day. In our CertByte segment, Chris Hare and Steven Burnley take on a question from N2K’s Agile Certified Practitioner (PMI-ACP)® Practice Test. NYC Restaurant week tries to keep bots off the menu.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CertByte Segment

Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare, a content developer and project management specialist at N2K, we share practice questions from N2K’s suite of industry-leading certification resources, and a study tip to help you achieve the professional certifications you need to fast-track your career growth in IT, cyber security, or project management.

In each segment, Chris is joined by an N2K Content Developer to help illustrate the learning. This week, Chris is joined by Steven Burnley to break down a question targeting the CC - Certified in Cyber Security certification by ISC2®. Today’s question comes from N2K’s Agile Certified Practitioner (PMI-ACP)® Practice Test.

Have a question that you’d like to see covered? Email us at certbyte@n2k.com. If you're studying for a certification exam, check out N2K’s full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify. To get the full news to knowledge experience, learn more about our N2K Pro subscription at https://thecyberwire.com/pro.

Please note: The questions and answers provided here, and on our site, are not actual current or prior questions and answers from these certification publishers or providers.

Additional sources:

https://www.pmi.org/certifications/agile-acp

https://www.pmi.org/-/media/pmi/documents/public/pdf/certifications/agile-certified-exam-outline.pdf

Selected Reading

Trump Fires DHS Board Probing Salt Typhoon Hacks (Dark Reading)

TSA chief behind cyber directives for aviation, pipelines and rail ousted by Trump team (The Record)

Trump pardons Silk Road dark web market creator Ross Ulbricht (BBC)

BreachForums Admin Conor Fitzpatrick (Pompompurin) to Be Resentenced (Hackread)

Government IT contractor Conduent says 'third-party compromise’ caused outages (The Record)

Helldown Ransomware Exploiting Zyxel Devices Using Zero-Day Vulnerability (Cyber Security News)

New Mirai botnet variant Murdoc Botnet targets AVTECH IP cameras and Huawei HG532 routers (Security Affairs)

Record-Breaking DDoS Attack Reached 5.6 Tbps (SecurityWeek)

InvisibleFerret Malware Attacking Windows Users Through Fake Job Interview Tactics (Cyber Security News)

Fake Homebrew Google ads target Mac users with malware (Bleeping Computer)

Over $380,000 Paid Out on First Day of Pwn2Own Automotive 2025 (SecurityWeek)

Security Alert: Bots Target NYC Restaurant Week (DataDome)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Trump’s opening moves.

Tue, 21 Jan 2025 21:10:00 -0000

President Trump rolls back AI regulations and throws TikTok a lifeline. Attackers pose as Ukraine’s CERT-UA tech support. A critical vulnerability is found in the Brave browser. Sophos observes hacking groups abusing Microsoft 365 services and exploiting default Microsoft Teams settings. Researchers uncover critical flaws in tunneling protocols. A breach exposes personal information of thousands of students and educators. Oracle patches 320 security vulnerabilities. Kaspersky reveals over a dozen vulnerabilities in a Mercedes-Benz infotainment system. Tim Starks from CyberScoop discusses executive orders on cybersecurity and the future of CISA. We preview coming episodes of Threat Vector. Honesty isn’t always the best policy.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

Threat Vector Segment

On our Threat Vector podcast preview today:

IoT devices are everywhere, with billions deployed globally in industries like healthcare, manufacturing, and critical infrastructure. But this explosion of connectivity brings unprecedented security challenges. Host David Moulton speaks with Dr. May Wang, CTO of IoT Security at Palo Alto Networks, about how AI is transforming IoT security. Stay tuned for the full conversation this Thursday.

CyberWire Guest

Our guest is Tim Starks from CyberScoop discussing executive orders on cybersecurity and the future of CISA. You can read Tim’s article on the recent Biden EO here.

Selected Reading

Trump revokes Biden executive order on addressing AI risks (Reuters)

TikTok is back up in the US after Trump says he will extend deadline (Bleeping Computer)

Hackers impersonate Ukraine’s CERT to trick people into allowing computer access (The Record)

Brave Browser Vulnerability Let Malicious Website Mimic as Legitimate One (Cyber Security News)

Ransomware Groups Abuse Microsoft Services for Initial Access (SecurityWeek)

Tunneling Flaws Put VPNs, CDNs and Routers at Risk Globally (Hackread)

Students, Educators Impacted by PowerSchool Data Breach (SecurityWeek)

Oracle To Address 320 Vulnerabilities in January Patch Update (Infosecurity Magazine)

Details Disclosed for Mercedes-Benz Infotainment Vulnerabilities (SecurityWeek)

Washington Man Admits to Role in Multiple Cybercrime, Fraud Schemes (SecurityWeek)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

AWS in Orbit: Data Automation and Space Domain Awareness with Kayhan Space. [AWS in Orbit]

Mon, 20 Jan 2025 10:00:00 -0000

You can learn more about AWS in Orbit at space.n2k.com/aws.

Our guests today are Araz Feyzi, Co-founder and CTO at Kayhan Space and Tim Sills, Lead Security Solutions Architect at AWS for Aerospace and Satellite.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Be sure to follow T-Minus on LinkedIn and Instagram.

Selected Reading

AWS Aerospace and Satellite

Audience Survey

We want to hear from you! Please complete our short survey. It’ll help us get better and deliver you the most mission-critical space intel every day.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at space@n2k.com to request more info.

Want to join us for an interview?

Please send your pitch to space-editor@n2k.com and include your name, affiliation, and topic proposal.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Baan Alsinawi: Trust ourselves and be courageous. [Compliance] [Career Notes]

Sun, 19 Jan 2025 08:00:00 -0000

Please enjoy this encore of the Managing Director at Cerberus Sentinel, Chief Compliance Officer and the President of TalaTek, Baan Alsinawi as she shares her cybersecurity journey from a teenager who wanted to understand computers and held several positions in IT from help desk to systems engineering and cybersecurity. Founding her own business focusing on compliance, Baan says she spends maybe only 20% of her day on technical tasks and that there is always so more to do. Finding the right people for her team is a marker of success for Baan. She talks of the importance of sharing the sense of community of women in technology and nurturing women in the field. We thank Baan for sharing her story with us.

Learn more about your ad choices. Visit megaphone.fm/adchoices

A cute cover for a dangerous vulnerability. [Research Saturday]

Sat, 18 Jan 2025 08:00:00 -0000

Nati Tal, Head of Guardio Labs, sits down to share their work on “CrossBarking” — Exploiting a 0-Day Opera Vulnerability with a Cross-Browser Extension Store Attack. Guardio Labs has uncovered a critical vulnerability in the Opera browser, enabling malicious extensions to exploit Private APIs for actions like screen capturing, browser setting changes, and account hijacking.

Highlighting the ease of bypassing extension store security, researchers demonstrated how a puppy-themed extension exploiting this flaw could infiltrate both Chrome and Opera's extension stores, potentially reaching millions of users. This case underscores the delicate balance between enhancing browser productivity and ensuring robust security measures, revealing the alarming tactics modern threat actors employ to exploit trusted platforms.

The research can be found here:

“CrossBarking” — Exploiting a 0-Day Opera Vulnerability with a Cross-Browser Extension Store Attack

Learn more about your ad choices. Visit megaphone.fm/adchoices

Hacking the bureau.

Fri, 17 Jan 2025 21:10:00 -0000

The FBI warns agents of hacked call and text logs. The US Treasury sanctions entities tied to North Korea’s fake IT worker operations. Russian hacking group Star Blizzard attempted to infiltrate WhatsApp accounts of nonprofits supporting Ukraine. Yubico discloses a critical vulnerability in its Pluggable Authentication Module)software. Google releases an open-source library for software composition analysis. CISA hopes to close the software understanding gap. Pumakit targets critical infrastructure. Simplehelp patches multiple flaws in their remote access software. The FTC bans GM from selling driver data. HHS outlines their efforts to protect hospitals and healthcare. Our guest Maria Tranquilli, Executive Director at Common Mission Project, speaks with N2K’s Executive Editor Brandon Karpf about the origins and impact of Hacking for Defense. Even the best of red teamers are humbled by AI.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Our guest Maria Tranquilli, Executive Director at Common Mission Project, speaks with N2K’s Executive Editor Brandon Karpf about the origins and impact of Hacking for Defense, and how universities can get involved.

Selected Reading

FBI Has Warned Agents It Believes Hackers Stole Their Call Logs (Bloomberg)

US Announces Sanctions Against North Korean Fake IT Worker Network (SecurityWeek)

Russian Star Blizzard hackers exploit WhatsApp accounts to spy on nonprofits aiding Ukraine (The Record)

Yubico PAM Module Vulnerability Let Attackers Bypass Authentications In Certain Configurations (Cyber Security News)

Google Releases Open Source Library for Software Composition Analysis (SecurityWeek)

Closing the Software Understanding Gap (CISA)

Pumakit - A Sophisticated Linux Rootkit Attack Critical Infrastructure (Cyber Security News)

Vulnerabilities in SimpleHelp Remote Access Software May Lead to System Compromise (SecurityWeek)

FTC hands GM a 5-year ban on selling sensitive driver info to data brokers (The Record)

How HHS has strengthened cybersecurity of hospitals and health care systems (CyberScoop)

Microsoft AI Red Team says security work will never be done (The Register)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Bolstering the digital shield.

Thu, 16 Jan 2025 21:10:00 -0000

President Biden issues a comprehensive cybersecurity executive order. Updates on Silk Typhoon’s US Treasury breach. A Chinese telecom hardware firm is under FBI investigation. A critical vulnerability has been found in the UEFI Secure Boot mechanism. California-based cannabis brand Stiiizy suffers a data breach. North Korea’s Lazarus Group lures freelance developers. The FTC highlights major security failures at web hosting giant GoDaddy. Veeam patches a critical vulnerability in their Backup for Microsoft Azure product. Hackers leak sensitive data from over 15,000 Fortinet firewalls. Our guest today is Oren Koren, Veriti's Co-founder and CPO, sharing insights about the state of healthcare cybersecurity. Shiver me timbers! Meta’s AI trains on a treasure chest of pirated books.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Our guest today is Oren Koren, Veriti's Co-founder and CPO, sharing insights about the state of healthcare cybersecurity. You can read more in their “The State of Healthcare Cybersecurity 2025” report.

Selected Reading

Biden to sign executive order on AI and software security (Axios)

Treasury Breach by Chinese Sponsored Hackers Focused on Sanctions, Report Says (Bloomberg)

Exclusive: Chinese tech firm founded by Huawei veterans in the FBI's crosshairs (Reuters)

New UEFI Secure Boot Bypass Vulnerability Exposes Systems to Malicious Bootkits (Cyber Security News)

380,000 Impacted by Data Breach at Cannabis Retailer Stiiizy (SecurityWeek)

North Korean Hackers Targeting Freelance Software Developers (SecurityWeek)

GoDaddy Accused of Serious Security Failings by FTC (Infosecurity Magazine)

Veeam Azure Backup Solution Vulnerability Allows Attackers To Enumerate Network (Cyber Security News)

Hacking group leaks Fortinet users’ details on dark web (Computing)

Meta Secretly Trained Its AI on a Notorious Piracy Database, Newly Unredacted Court Docs Reveal (WIRED)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Massive malware cleanup.

Wed, 15 Jan 2025 21:10:00 -0000

The FBI deletes PlugX malware from thousands of U.S. computers. Researchers uncover vulnerabilities in Windows 11 allowing attackers to bypass protections and execute code at the kernel level. A look at (a busy) Patch Tuesday. Researchers uncovered six critical vulnerabilities in a popular Linux file transfer tool. Texas sues Allstate for allegedly collecting, using, and selling driving data without proper consent. An executive order enables AI developers to build data centers on federal lands. On our Industry Voices segment, we are joined by Mike Hamilton, Chief Information Officer at Cloudflare, discussing how tech sprawl emulates the snake game. Meta profits while users suffer.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

Industry Voices Segment

On our Industry Voices segment, we are joined by Mike Hamilton, Chief Information Officer at Cloudflare, discussing how tech sprawl emulates the snake game. You can read Mike’s thoughts here.

Selected Reading

FBI deletes Chinese PlugX malware from thousands of US computers (Bleeping Computer)

Windows 11 Security Features Bypassed to Obtain Arbitrary Code Execution in Kernel Mode (Cyber Security News)

Microsoft Patches Eight Zero-Days to Start the Year (Infosecurity Magazine)

Chrome 132 Patches 16 Vulnerabilities (SecurityWeek)

Nvidia, Zoom, Zyxel Patch High-Severity Vulnerabilities (SecurityWeek)

Ivanti Patches Critical Vulnerabilities in Endpoint Manager (SecurityWeek)

Zoom Patches Multiple Vulnerabilities That Let Attackers Escalate Privileges (Cyber Security News)

Apple Patches Flaw That Allows Kernel Security Bypassing (GovInfo Security)

ICS Patch Tuesday: Security Advisories Published by Schneider, Siemens, Phoenix Contact, CISA (SecurityWeek)

Linux Rsync File Transfer Tool Vulnerability Let Attackers Execute Arbitrary Code (Cyber Security News)

Allstate car insurer sued for tracking drivers without permission (Bleeping Computer)

Biden Opens US Federal Sites for AI Data Center Growth (BankInfo Security)

Instagram Ads Send This Nudify Site 90 Percent of Its Traffic (404 Media)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

National security in the digital age.

Tue, 14 Jan 2025 21:10:00 -0000

A draft cybersecurity executive order from the Biden administration seeks to bolster defenses. Researchers identify a “mass exploitation campaign” targeting Fortinet firewalls. A Chinese-language illicit online marketplace is growing at an alarming rate. CISA urges patching of a second BeyondTrust vulnerability. The UK proposes banning ransomware payments by public sector and critical infrastructure organizations. A critical flaw in Google’s authentication flow exposes millions to unauthorized access.OWASP releases its first Non-Human Identities (NHI) Top 10. A Microsoft lawsuit targets individuals accused of bypassing safety controls in its Azure OpenAI tools. Our guest is Chris Pierson, Founder and CEO of BlackCloak, discussing digital executive protection. The feds remind the health care sector that AI must first do no harm.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Our guest is Chris Pierson, Founder and CEO of BlackCloak, discussing digital executive protection.

Selected Reading

Second Biden cyber executive order directs agency action on fed security, AI, space (CyberScoop)

Snoops exploited Fortinet firewalls with 'probable' 0-day (The Register)

The ‘Largest Illicit Online Marketplace’ Ever Is Growing at an Alarming Rate, Report Says (WIRED)

CISA Warns of Second BeyondTrust Vulnerability Exploited in Attacks (SecurityWeek)

UK Considers Ban on Ransomware Payments by Public Bodies (Infosecurity Magazine)

Google OAuth "Sign in with Google" Vulnerability Exposes Millions of Accounts to Data Theft (Cyber Security News)

OWASP Publishes First-Ever Top 10 “Non-Human Identities (NHI) Security Risks (Cyber Security News)

Microsoft Sues Harmful Fake AI Image Crime Ring (GovInfo Security)

Feds Tell Health Sector to Watch for Bias in AI Decisions (BankInfo Security)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Multi-factor frustration.

Mon, 13 Jan 2025 21:10:00 -0000

An MFA outage affects Microsoft 365 Office apps. The Biden administration introduces new export controls to block adversaries from accessing advanced AI chips. A Dutch university cancels lectures after a cyberattack. Three Russian nationals have been indicted for operating cryptocurrency mixers. Juniper Networks releases security updates for Junos OS. Spain’s largest telecommunications company confirms a data breach. The “Banshee” infostealer leverages a stolen Apple encryption algorithm. Researchers uncover a novel ransomware campaign targeting Amazon S3 buckets. A major data broker suffers a major data breach. Our guest Philippe Humeau, CEO and Founder of CrowdSec, shares the biggest issues currently facing cybersecurity and how open-source cybersecurity platforms combat them. The weirdness of AI.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Our guest Philippe Humeau, CEO and Founder of CrowdSec, shares the biggest issues currently facing cybersecurity and how open-source cybersecurity platforms combat them.

Selected Reading

Microsoft MFA outage blocking access to Microsoft 365 apps (Bleeping Computer)

White House Moves to Restrict AI Chip Exports (GovInfo Security)

New Ransomware Group Uses AI to Develop Nefarious Tools (Infosecurity Magazine)

Cyberattack forces Dutch university to cancel lectures (The Record)

3 Russians Indicted for Operating Blender.io and Sinbad.io Crypto Mixers (Hackread)

Juniper Networks Fixes High-Severity Vulnerabilities in Junos OS (SecurityWeek)

Aviatrix Controller RCE Vulnerability Exploited In The Wild (Cyber Security News)

Hackers Exploiting YouTube to Spread Malware That Steals Browser Data (GB Hackers)

Banshee 2.0 Malware Steals Apple's Encryption to Hide on Macs (Dark Reading)

A breach of a data broker's trove of location data threatens the privacy of millions (TechCrunch)

Abusing AWS Native Services: Ransomware Encrypting S3 Buckets with SSE-C (Halcyon)

AI Mistakes Are Very Different Than Human Mistakes (IEEE Spectrum)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Michael Bishop Jr.: Good, bad or indifferent. [Security] [Career Notes]

Sat, 11 Jan 2025 08:00:00 -0000

Please enjoy this encore episode, where we are joined by Senior Security Officer at Centers for Medicare and Medicaid Services Michael Bishop Jr. as he shares his journey from Army infantryman deployed to Iraq to working in cybersecurity. After 12 years in the U.S. Army, Mike found himself in a rough spot. Looking for work and having some personal challenges, Mike's mentor, an Army officer he met while enlisted, recognized Mike's struggles and helped to nudge him toward cybersecurity. Mike credits his mentor with helping him transition to where he is today. Undergoing training for cybersecurity, he was tested in many areas and found the route he wanted to go. We thank Michael for sharing his story with us.

Learn more about your ad choices. Visit megaphone.fm/adchoices

The hidden cost of data hoarding. [Research Saturday]

Sat, 11 Jan 2025 08:00:00 -0000

This week, we are joined by Kyla Cardona and Aurora Johnson from SpyCloud discussing their research "China’s Surveillance State Is Selling Citizen Data as a Side Hustle." Chinese technology companies, under CCP mandate, collect vast amounts of data on citizens, creating opportunities for corrupt insiders to steal and resell this information on dark markets. These stolen datasets, aggregated into "Social Work Libraries" (SGKs), mirror lower-tech versions of CCP internal security databases.

Kyla and Aurora discuss how Chinese cybercriminals use these SGKs and their implications compared to Western, European, and Russian cybercrime ecosystems. With expertise in Chinese OSINT and cybersecurity policy, both researchers bring deep insights into the geopolitical and technical dynamics of China's digital landscape.

The research can be found here:

Learn more about your ad choices. Visit megaphone.fm/adchoices

When retaliation turns digital.

Fri, 10 Jan 2025 21:40:00 -0000

New details emerge about Chinese hackers breaching the US Treasury Department. The Supreme Court considers the TikTok ban. Chinese hackers exploit a zero-day flaw in Ivanti Connect Secure VPN. A new credit card skimmer malware targets WordPress checkout pages. The Banshee macOS info-stealer has been updated. A California health services organization reports a data breach. A Florida firm pays a $337,750 HIPAA settlement following a 2018 breach. Samsung patches Android devices. A Proton Mail outage hits users worldwide. A popular e-card site recovers from malware. CertByte segment host Chris Hare interviews our guest Casey Marks, ISC2's Chief Qualifications Officer, about the future of certifications. That’s a feature, not a hack.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

CertByte segment host Chris Hare interviews our guest Casey Marks, ISC2's Chief Qualifications Officer, about certifications and where they could be heading. You can check out their 2024 ISC2 Cybersecurity Workforce study here.

Selected Reading

Chinese hackers breached US government office that assesses foreign investments for national security risks (CNN)

Supreme Court considers whether to allow TikTok ban to take effect (NBC News)

Ivanti VPN zero-day exploited by Chinese hackers (SC Media)

New Skimmer Malware Hijacking WordPress Websites to Steal Credit Cards (Cyber Security News)

Banshee macOS Malware Expands Targeting (SecurityWeek)

BayMark Health Services Reports Data Breach, Exposing Patient Information (The Cyber Express)

Florida Firm Fined $337K by Feds for Data Deleted in Hack (BankInfo Security)

Samsung Patches Multiple Vulnerabilities That Let Attackers Execute Arbitrary Code (Cyber Security News)

Proton Mail still down as Proton recovers from worldwide outage (Bleeping Computer)

GroupGreeting e-card site attacked in “zqxq” campaign (Malwarebytes)

Microsoft DRM Hacking Raises Questions on Vulnerability Disclosures (SecurityWeek)

Facebook awards researcher $100,000 for finding bug that granted internal access (RocketNews)

Developers sent into security panic by 'useful feature' (The Register)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Biden’s final cyber order tackles digital weaknesses.

Thu, 09 Jan 2025 21:10:00 -0000

The Biden administration is finalizing an executive order to bolster U.S. cybersecurity. Ivanti releases emergency updates to address a critical zero-day vulnerability. A critical vulnerability is discovered in Kerio Control firewall software. Palo Alto Networks patches multiple vulnerabilities in its retired migration tool. Fake exploits for Microsoft vulnerabilities lure security researchers. A medical billing company data breach affects over 360,000. A cyberattack disrupts the city of Winston-Salem. CrowdStrike identifies a phishing campaign exploiting its recruitment branding. Our guest is Danny Allen, CTO from Snyk, sharing how a balanced approach between AI and human oversight can strengthen cybersecurity. The worst of the worst from CES.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Our guest is Danny Allen, CTO from Snyk, sharing how a balanced approach between AI and human oversight can strengthen cybersecurity. Learn more in Snyk’s AI Readiness Report about how some companies are still hesitant to adopt AI, despite its clear benefits in addressing human error and keeping up with fast-evolving technology.

Selected Reading

White House Rushes to Finish Cyber Order After China Hacks (Bloomberg)

Zero-Day Patch Alert: Ivanti Connect Secure Under Attack (GovInfo Security)

GFI KerioControl Firewall Vulnerability Exploited in the Wild (SecurityWeek)

Palo Alto Networks Patches High-Severity Vulnerability in Retired Migration Tool (SecurityWeek)

Security pros baited by fake Windows LDAP exploits (The Register)

Major US medical billing firm breached, 360K+ customers' healthcare data leaked (Cybernews)

Recruitment Phishing Scam Imitates CrowdStrike Hiring Process (CrowdStrike)

Some Winston-Salem city services knocked offline by cyberattack (The Record)

Excelsior Orthopaedics Data Breach Impacts 357,000 People (SecurityWeek)

The 'Worst in Show' CES Products Put Your Data at Risk and Cause Waste, Privacy Advocates Say (SecurityWeek)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

A new Mirai-based botnet.

Wed, 08 Jan 2025 21:10:00 -0000

Researchers ID a new Mirai-based botnet. Android devices get their first round of updates for the new year. Criminals exploit legitimate Apple and Google services in sophisticated voice phishing attacks. Japan attributes over 200 cyberattacks to the Chinese hacking group MirrorFace. A PayPal phishing scam exploits legitimate platform functionality. SonicWall addresses critical vulnerabilities in its SonicOS software. CISA warns of active exploitation of vulnerabilities in Mitel MiCollab. A new government backed labelling program hopes to help consumers choose more secure devices. On today’s CertByte segment, Chris Hare and Steven Burnley unpack a question from N2K’s ISC2® Certified in Cyber Security (CC) Practice Test. Streaming license plate readers - no password required.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CertByte Segment

Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare, a content developer and project management specialist at N2K.

In each segment, Chris is joined by an N2K Content Developer to help illustrate the learning. This week, Chris is joined by Steven Burnley to break down a question targeting the CC - Certified in Cyber Security certification by ISC2®. Today’s question comes from N2K’s ISC2® Certified in Cyber Security (CC) Practice Test.

The CC(SM) - Certified in Cyber Security is an entry-level, ANAB accredited exam geared towards anyone who wants to prove their foundational skills, knowledge, and abilities. To learn more about this and other related topics under this objective, please refer to the following resource: ISC2 (n.d.). https://www.isc2.org/landing/cc-etextbook

Have a question that you’d like to see covered? Email us at certbyte@n2k.com. If you're studying for a certification exam, check out N2K’s full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify. To get the full news to knowledge experience, learn more about our N2K Pro subscription at https://thecyberwire.com/pro.

Please note: The questions and answers provided here, and on our site, are not actual current or prior questions and answers from these certification publishers or providers.

Additional source: https://www.isc2.org/certifications/cc

Selected Reading

New Mirai Botnet Exploits Zero-Days in Routers and Smart Devices (Infosecurity Magazine)

First Android Update of 2025 Patches Critical Code Execution Vulnerabilities (SecurityWeek)

A Day in the Life of a Prolific Voice Phishing Crew (Krebs on Security)

Japan links Chinese hacker MirrorFace to dozens of cyberattacks targeting security and tech data (AP News)

Casio says hackers stole personal data of 8,500 people during October ransomware attack (TechCrunch)

New PayPal Phishing Scam Exploits MS365 Tools and Genuine-Looking Emails (Hackread)

Multiple Sonicwall VPN Vulnerabilities Let Attackers Bypass Authentication (Cyber Security News)

CISA Warns of Mitel MiCollab Vulnerabilities Exploited in Attacks (SecurityWeek)

New Labels Will Help People Pick Devices Less at Risk of Hacking (SecurityWeek)

Researcher Turns Insecure License Plate Cameras Into Open Source Surveillance Tool (404 Media)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

U.S. sanctions spark cyber showdown with China.

Tue, 07 Jan 2025 21:10:00 -0000

China criticizes U.S. sanctions. School districts face cyberattacks over the holiday season. The U.N.’s International Civil Aviation Organization (ICAO) is investigating a potential data breach. Eagerbee malware targets government organizations and ISPs in the Middle East. A major New York medical center notifies 674,000 individuals of a data breach. Hackers infiltrate Argentina’s Airport Security Police (PSA) payroll system. An industrial networking firm identifies critical vulnerabilities in its cellular routers, secure routers, and network security appliances. Phishing click rates among enterprise users surged in 2024. A California man is suing three banks for allegedly enabling criminals to steal nearly $1 million from him. On our Threat Vector segment, we preview this week’s episode where host David Moulton speaks with Margaret Kelley about the evolving landscape of cloud breaches. Microsoft’s Bing demonstrates imitation is the sincerest form of flattery.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

Threat Vector Segment

On our Threat Vector segment, we preview this week’s episode where host David Moulton speaks with Margaret Kelley about the evolving landscape of cloud breaches and how organizations can defend against sophisticated attacks. You can catch new episodes of Threat Vector every Thursday here and on your favorite podcast app.

Selected Reading

China Protests US Sanctions for Its Alleged Role in Hacking, Complains of Foreign Hacker Attacks (SecurityWeek)

Tencent added to US list of 'Chinese military companies' (The Register)

School districts in Maine, Tennessee respond to holiday cyberattacks (The Record)

UN aviation agency 'actively investigating' cybercriminal’s claimed data breach (The Record)

Eagerbee backdoor deployed against Middle Eastern govt orgs, ISPs (Bleeping Computer)

Staten Island Hospital Notifying 674,000 of May 2023 Hack (BankInfo Security)

Industrial networking manufacturer Moxa reports 'critical' router bugs (CyberScoop)

Phishing Click Rates Triple in 2024 (Infosecurity Magazine)

Pig butchering victim sues banks for allowing scammers to open accounts (The Record)

Hackers Compromised Argentina’s Airport Security Payroll System (GB Hackers)

Microsoft is using Bing to trick people into thinking they’re on Google (The Verge)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

China’s shadow over U.S. telecom networks.

Mon, 06 Jan 2025 21:10:00 -0000

New reports shed light on both Volt and Salt Typhoons. Tenable updates faulty Nessus Agents and resumes plugin updates. A new infostealer campaign targets gamers on Discord. A fake version of a popular browser extension has been discovered stealing login credentials and conducting phishing attacks. ESET warns Windows 10 users of a potential “security fiasco.” A vulnerability in Nuclei allows attackers to bypass template signature verification and inject malicious code. An Indiana dental practice pays a $350,000 settlement over an alleged ransomware coverup. Tim Starks, Senior Reporter from CyberScoop, joins us today to discuss a new United Nations cybercrime treaty and his outlook for 2025. Farewell to a visionary leader.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Tim Starks, Senior Reporter from CyberScoop, joins us today to discuss a new United Nations cybercrime treaty and his outlook for 2025. Read Tim’s article on the UN cybercrime treaty here.

Selected Reading

The US’s Worst Fears of Chinese Hacking Are on Display in Guam (Bloomberg)

How Chinese Hackers Graduated From Clumsy Corporate Thieves to Military Weapons (Wall Street Journal)

China protests US sanctions for its alleged role in hacking, complains of foreign hacker attacks (AP News)

Tenable Disables Nessus Agents Over Faulty Updates (SecurityWeek)

New Infostealer Campaign Uses Discord Videogame Lure (Infosecurity Magazine)

Beware! Malicious EditThisCookie Chrome Extension Steals Login Credentials (Cyber Security News)

Windows 10 users urged to upgrade to avoid "security fiasco" (Bleeping Computer)

Nuclei flaw lets malicious templates bypass signature verification (Bleeping Computer)

Dental Practice Pays State in Alleged Data Breach 'Cover Up' (GovInfo Security)

Tenable CEO Amit Yoran Dead at 54 (SecurityWeek)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Dominique West: Security found me. [Strategy] [Career Notes]

Sat, 04 Jan 2025 08:00:00 -0000

Technical account manager Dominique West takes us on her career journey from engineering to cybersecurity. Even though her undergraduate degree was in information systems, Dominique did not learn about cybersecurity until she personally experienced credit card fraud. She had a range of positions from working the help desk in an art museum to vulnerability management and cloud security. Dominique mentions remembering feeling isolated as the only black person and one of few women in many situations. These experiences spurred her into action to create Security in Color to help others navigate their way into cybersecurity and share resources are available to them. Dominique recommends those interested in cybersecurity to go ahead and get your hands dirty out there; figure out what you like and what you don't like and do community. We thank Dominique for sharing her story with us.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Crypto client or cyber trap? [Research Saturday]

Sat, 04 Jan 2025 08:00:00 -0000

Karlo Zanki, Reverse Engineer at ReversingLabs, discussing their work on "Malicious PyPI crypto pay package aiocpa implants infostealer code." ReversingLabs' machine learning-based threat hunting system identified a malicious PyPI package, aiocpa, designed to exfiltrate cryptocurrency wallet information.

Unlike typical attacks involving typosquatting, the attackers published a seemingly legitimate crypto client tool to build trust before introducing malicious updates. ReversingLabs used its Spectra Assure platform to detect behavioral anomalies and worked with PyPI to remove the package, highlighting the growing need for advanced supply chain security tools to counter increasingly sophisticated threats.

The research can be found here:

Malicious PyPI crypto pay package aiocpa implants infostealer code

Learn more about your ad choices. Visit megaphone.fm/adchoices

AI-powered propaganda.

Fri, 03 Jan 2025 21:10:00 -0000

The U.S. sanctions Russian and Iranian groups over election misinformation. Apple settles a class action lawsuit over Siri privacy allegations. DoubleClickjacking exploits a timing vulnerability in browser behavior. FireScam targets sensitive info on Android devices. ASUS issues a critical security advisory for several router models. A former crypto boss faces extradition amidst allegations of defrauding investors out of more than $40 billion. HHS unveils proposed updates to HIPAA. Millions of email servers have yet to enable encryption. Our guest is Joe Saunders, Co-Founder & CEO of RunSafe Security discussing the complexities of safeguarding critical infrastructure. Using Doom to prove you’re human.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Our guest is Joe Saunders, Co-Founder & CEO of RunSafe Security. Joe joins us to discuss the complexities of safeguarding critical infrastructure amid the looming threat of cyber attacks and military conflict.

Selected Reading

US Imposes Sanctions on Russian and Iranian Groups Over Disinformation Targeting American Voters (SecurityWeek)

Apple Agrees $95M Settlement Over Siri Privacy Violations (Infosecurity Magazine)

SysBumps - New Kernel Break Attack Bypassing macOS Systems Security (Cyber Security News)

'DoubleClickjacking' Threatens Major Websites’ Security (GovInfo Security)

FireScam Android Malware Packs Infostealer, Spyware Capabilities (SecurityWeek)

ASUS Routers Vulnerabilities Allows Arbitrary Code Execution (Cyber Security News)

Crypto Boss Extradited to Face $40bn Fraud Charges (Infosecurity Magazine)

What's in HHS' Proposed HIPAA Security Rule Overhaul? (GovInfo Security)

Over 3 million mail servers without encryption exposed to sniffing attacks (Bleeping Computer)

CAPTCHAs now run Doom – on nightmare mode (The Register)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

A breach in the U.S. Treasury.

Thu, 02 Jan 2025 21:10:00 -0000

Chinese hackers breach the U.S. Treasury Department. At least 35 Chrome extensions are compromised. Federal authorities arrest a U.S. Army soldier over accusations of sensitive data stolen from AT&T and Verizon. A misconfigured Amazon cloud server exposes sensitive data from over 800,000 VW EV owners. Rhode Island confirms a data breach linked to ransomware group Brain Cipher. Ascension healthcare confirms the exposure of the personal and medical data of 5.6 million customers. A recent patch to Windows BitLocker encryption proves inadequate. A suspected Chinese hacking campaign is exploiting a vulnerability in Palo Alto firewalls for espionage. The DOJ bans the sale of Americans’ sensitive data to adversarial nations. HHS proposes a HIPAA update to address cybersecurity. Our guest is Mick Baccio, Global Security Advisor at Splunk, with insights on the cybersecurity resilience gap. CISA Director Easterly looks back at 2024.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Our guest is Mick Baccio, Global Security Advisor at Splunk’s security research team SURGe, sharing some insights on the cybersecurity resilience gap and top cyber challenges/priorities for the public sector. You can read more about this in SURGe’s blog and whitepaper.

Selected Reading

US Treasury Department breached through remote support platform (Bleeping Computer)

New details reveal how hackers hijacked 35 Google Chrome extensions (Bleeping Computer)

U.S. Army Soldier Arrested in AT&T, Verizon Extortions (Krebs on Security)

AT&T and Verizon Say Chinese Hackers Ejected From Networks (GovInfo Security)

Volkswagen leak exposes private information of 800,000 EV owners, including location data (TechSpot)

Hackers Leak Rhode Island Citizens' Data on Dark Web (Infosecurity Magazine)

Ascension cyberattack exposed medical data of 5.6M customers (Healthcare IT News)

Patched BitLocker Flaw Still Susceptible to Hack (GovInfo Security)

Palo Alto Firewalls Backdoored by Suspected Chinese Hackers (BankInfo Security)

US prohibits data sales to adversarial nations (SC Media)

Massive healthcare breaches prompt US cybersecurity rules overhaul (Bleeping Computer)

CISA's 2024 Review Highlights Major Efforts in Cybersecurity Industry Collaboration (Infosecurity Magazine)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Scotland’s position to lead cyber and space. [Deep Space]

Wed, 01 Jan 2025 08:00:00 -0000

Sharon Lemac-Vincere is an academic that focuses her research on the intersection of space and cyber. She has released a report on space and cybersecurity which outlines how Scotland can lead the way in both industries.

You can connect with Sharon on LinkedIn, and read her paper on The Cyber-Safe Gateway : Unlocking Scotland's Space Cybersecurity Potential on this website.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Be sure to follow T-Minus on LinkedIn and Instagram.

T-Minus Crew Survey

We want to hear from you! Please complete our 4 question survey. It’ll help us get better and deliver you the most mission-critical space intel every day.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at space@n2k.com to request more info.

Want to join us for an interview?

Please send your pitch to space-editor@n2k.com and include your name, affiliation, and topic proposal.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Disrupting Cracked Cobalt Strike [The Microsoft Threat Intelligence Podcast]

Wed, 01 Jan 2025 07:00:00 -0000

While we are on our winter publishing break, please enjoy an episode of our N2K CyberWire network show, The Microsoft Threat Intelligence Podcast by Microsoft Threat Intelligence. See you in 2025!

On this week's episode of The Microsoft Threat Intelligence Podcast, we discuss the collaborative effort between Microsoft and Fortra to combat the illegal use of cracked Cobalt Strike software, which is commonly employed in ransomware attacks. To break down the situation, our host, Sherrod DeGrippo, is joined by Richard Boscovich, Assistant General Counsel at Microsoft, Jason Lyons, Principal Investigator with the DCU, and Bob Erdman, Associate VP Research and Development at Fortra. The discussion covers the creative use of DMCA notifications tailored by geographic region to combat cybercrime globally. The group express their optimism about applying these successful techniques to other areas, such as phishing kits, and highlight ongoing efforts to make Cobalt Strike harder to abuse.

In this episode you’ll learn:

The impact on detection engineers due to the crackdown on cracked Cobalt Strike
Extensive automation used to detect and dismantle large-scale threats
How the team used the DMCA creatively to combat cybercrime

Some questions we ask:

Do you encounter any pushback when issuing DMCA notifications?
How do you plan to proceed following the success of this operation?
Can you explain the legal mechanisms behind this take-down?

Resources:

View Jason Lyons on LinkedIn

View Bob Erdman on LinkedIn

View Richard Boscovich on LinkedIn

View Sherrod DeGrippo on LinkedIn

Related Microsoft Podcasts:

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Get the latest threat intelligence insights and guidance at Microsoft Security Insider

The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Future-proofing finance: FS-ISAC’s blueprint for cryptographic agility. [Special Edition]

Tue, 31 Dec 2024 08:00:00 -0000

Brandon Karpf sits down with Mike Silverman, Chief Strategy and Innovation Officer at FS-ISAC, to discuss the white paper Building Cryptographic Agility in the Financial Sector.

Authored by experts from FS-ISAC’s Post-Quantum Cryptography Working Group, the paper addresses the vulnerabilities posed by quantum computing to current cryptographic algorithms. It provides financial institutions with strategies to safeguard sensitive data and maintain trust as these emerging threats evolve.

Discover the challenges and actionable steps to build cryptographic agility in this insightful conversation.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Navigating AI Safety and Security Challenges with Yonatan Zunger [The BlueHat Podcast]

Mon, 30 Dec 2024 07:00:00 -0000

While we are on our winter publishing break, please enjoy an episode of our N2K CyberWire network show, The BlueHat Podcast by Microsoft and MSRC. See you in 2025!

Yonatan Zunger, CVP of AI Safety & Security at Microsoft joins Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. Yonatan explains the distinction between generative and predictive AI, noting that while predictive AI excels in classification and recommendation, generative AI focuses on summarizing and role-playing. He highlights how generative AI's ability to process natural language and role-play has vast potential, though its applications are still emerging. He contrasts this with predictive AI's strength in handling large datasets for specific tasks. Yonatan emphasizes the importance of ethical considerations in AI development, stressing the need for continuous safety engineering and diverse perspectives to anticipate and mitigate potential failures. He provides examples of AI's positive and negative uses, illustrating the importance of designing systems that account for various scenarios and potential misuses.

In This Episode You Will Learn:

How predictive AI anticipates outcomes based on historical data
The difficulties and strategies involved in making AI systems safe and secure from misuse
How role-playing exercises help developers understand the behavior of AI systems

Some Questions We Ask:

What distinguishes predictive AI from generative AI?
Can generative AI be used to improve decision-making processes?
What is the role of unit testing and test cases in policy and AI system development?

Resources:

View Yonatan Zunger on LinkedIn

View Wendy Zenone on LinkedIn

View Nic Fillingham on LinkedIn

Related Microsoft Podcasts:

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Learn more about your ad choices. Visit megaphone.fm/adchoices

Streamlining the US Navy's innovation process: A conversation with Acting CTO Justin Fanelli.

Mon, 30 Dec 2024 06:00:00 -0000

Please enjoy this encore episode of a Special Edition.

N2K’s Brandon Karpf speaks with guest Justin Fanelli, Acting CTO of the US Navy, about the US Navy streamlining the innovation process. For some background, you can refer to this article.

Additional resources:

PEO Digital Innovation Adoption Kit
Atlantic Council’s Commission on Defense Innovation Adoption
For industry looking to engage with PEO Digital: Industry Engagement

Learn more about your ad choices. Visit megaphone.fm/adchoices

Yatia (Tia) Hopkins: Grit and right place, right time. [Solutions Architecture] [Career Notes]

Sun, 29 Dec 2024 08:00:00 -0000

VP of Global Solutions Architecture at eSentire Tia Hopkins shares her career journey and talks about its beginnings in engineering and pivots into cybersecurity leadership. Tia shares how she liked to take things apart when she was young, including the brand new computer her mother bought her and how she was fascinated by all the pieces of it spread all across her bedroom floor. As she started studying engineering, Tia learned she was more of a technologist than an engineer. Tia got her start in technology without completing her formal education by what she says is "grit and right place, right time." Once she was in a management role, Tia wanted to validate her knowledge, experience, and ability and not only completed her bachelor's degree, but also two master's degrees. Tia recently started an organization to encourage and grow interest, confidence, and leaders of women of color in the field of cybersecurity. We thank Tia for sharing her story with us.

Learn more about your ad choices. Visit megaphone.fm/adchoices

On the prowl for mobile malware. [Research Saturday]

Sat, 28 Dec 2024 08:00:00 -0000

This week, we are joined by Asheer Malhotra and Vitor Ventura from Cisco Talos, and they are discussing "Operation Celestial Force employs mobile and desktop malware to target Indian entities." Cisco Talos revealed Operation Celestial Force, an espionage campaign by the Pakistani threat group "Cosmic Leopard," targeting Indian defense, government, and technology sectors.

Active for at least six years, the operation has recently increased its use of mobile malware and commercial spyware for surveillance.

The research can be found here:

Operation Celestial Force employs mobile and desktop malware to target Indian entities

Learn more about your ad choices. Visit megaphone.fm/adchoices

A cyber carol.

Fri, 27 Dec 2024 06:00:00 -0000

Please enjoy this encore episode of Only Malware in the Building.

Welcome in! You’ve entered, Only Malware in the Building. Grab your eggnog and don your coziest holiday sweater as we sleuth our way through cyber mysteries with a festive twist! Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and Rick Howard to uncover the stories behind notable cyberattacks. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, our cyber ghosts delve into the past, present, and future of some of the season’s most pressing threats: two-factor authentication (2FA), social engineering scams, and the return to consumer-targeted attacks.

Together, Rick, Dave, and Selena deliver a ghostly—but insightful—message about the state of cybersecurity, past, present, and future. Can their advice save your holiday season from digital disaster? Tune in and find out.

May your holidays be merry, bright, and free of cyber fright!

Learn more about your ad choices. Visit megaphone.fm/adchoices

Putting a dent in the cybersecurity workforce gap.

Thu, 26 Dec 2024 06:00:00 -0000

Please enjoy this encore episode of Solution Spotlight.

In this special edition of Solution Spotlight, N2K President, Simone Petrella is talking with ISC2 CEO Clar Rosso about putting a dent in the cybersecurity workforce gap through empowerment, breaking down barriers and expanding DE&I initiatives.

Learn more about your ad choices. Visit megaphone.fm/adchoices

The CyberWire: The 12 Days of Malware. [Special edition]

Wed, 25 Dec 2024 08:00:00 -0000

Merry Christmas and Happy Holidays from the CyberWire and our friends! Enjoy our rendition of the 12 Days of Malware created by Dave Bittner and performed by Dave and friends: Rachel Tobac, Jayson Street, Ron Eddings & Chris Cochran, Ray [Redacted], Dinah Davis, Camille Stewart, Rick Howard, Michelle Dennedy, Jack Rhysider, Johannes Ullrich, and Charity Wright. Ba dum bum bum. Sing along if you are game! Check out our video for the full effect!

The 12 Days of Malware lyrics

On the first day of Christmas, my malware gave to me:

A keylogger logging my keys.

On the second day of Christmas, my malware gave to me:

2 Trojan Apps...

And a keylogger logging my keys.

On the third day of Christmas, my malware gave to me:

3 Web shells...

2 Trojan Apps...

And a keylogger logging my keys.

On the fourth day of Christmas, my malware gave to me:

4 Crypto scams...

3 Web shells...

2 Trojan Apps...

And a keylogger logging my keys.

On the fifth day of Christmas, my malware gave to me:

5 Zero Days!

4 Crypto scams...

3 Web shells...

2 Trojan Apps...

And a keylogger logging my keys.

On the sixth day of Christmas, my malware gave to me:

6 Passwords spraying...

5 Zero Days!

4 Crypto scams...

3 Web shells...

2 Trojan Apps...

And a keylogger logging my keys.

On the seventh day of Christmas, my malware gave to me:

7 Scripts a scraping...

6 Passwords spraying...

5 Zero Days!

4 Crypto scams...

3 Web shells...

2 Trojan Apps...

And a keylogger logging my keys.

On the eighth day of Christmas, my malware gave to me:

8 Worms a wiping...

7 Scripts a scraping...

6 Passwords spraying...

5 Zero Days!

4 Crypto scams...

3 Web shells...

2 Trojan Apps...

And a keylogger logging my keys.

On the ninth day of Christmas, my malware gave to me:

9 Rootkits rooting...

8 Worms a wiping...

7 Scripts a scraping...

6 Passwords spraying...

5 Zero Days!

4 Crypto scams...

3 Web shells...

2 Trojan Apps...

And a keylogger logging my keys.

On the tenth day of Christmas, my malware gave to me:

10 Darknet markets...

9 Rootkits rooting...

8 Worms a wiping...

7 Scripts a scraping...

6 Passwords spraying...

5 Zero Days! (Bah-dum-dum-dum!)

4 Crypto scams...

3 Web shells...

2 Trojan Apps...

And a keylogger logging my keys.

On the eleventh day of Christmas, my malware gave to me:

11 Phishers phishing...

10 Darknet markets...

9 Rootkits rooting...

8 Worms a wiping...

7 Scripts a scraping...

6 Passwords spraying...

5 Zero Days! (Bah-dum-dum-dum!)

4 Crypto scams...

3 Web shells...

2 Trojan Apps...

And a keylogger logging my keys.

On the twelfth day of Christmas, my malware gave to me:

12 Hackers hacking...

11 Phishers phishing...

10 Darknet markets...

9 Rootkits rooting...

8 Worms a wiping...

7 Scripts a scraping...

6 Passwords spraying...

5 Zero Days!

4 Crypto scams...

3 Web shells...

2 Trojan Apps...

And a keylogger logging my keys.

Learn more about your ad choices. Visit megaphone.fm/adchoices

A social engineering carol.

Wed, 25 Dec 2024 06:00:00 -0000

Gather 'round for a holiday treat like no other! In this festive edition of Only Malware in the Building, we present A Social Engineering Carol—a cunning twist on the classic Dickens tale, penned and created by our very own Dave Bittner. Follow a modern-day Scrooge as they navigate the ghostly consequences of phishing, vishing, and smishing in this holiday cybersecurity fable.

Don't miss the accompanying video, packed with holiday cheer and cyber lessons to keep you safe this season! Check it out now!

Learn more about your ad choices. Visit megaphone.fm/adchoices

Lessons from the Viasat cybersecurity attack. [T-Minus]

Tue, 24 Dec 2024 21:10:00 -0000

Please enjoy this encore of T-Minus Space Daily.

A few hours prior to the Russian invasion of Ukraine on February 24, 2022, Russia’s military intelligence launched a cyberattack against ViaSat’s KA-SAT satellite network, which was used by the Ukrainian Armed Forces. It prevented them from using satellite communications to respond to the invasion. After the ViaSat hack, numerous cyber operations were conducted against the space sector from both sides of the conflict. What have we learnt from the Viasat attack? Clémence Poirier has written a report on the Viasat cybersecurity attack during the war in Ukraine. Hacking the Cosmos: Cyber operations against the space sector.

You can connect with Clémence Poirier on LinkedIn, and read her report on this website.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our weekly intelligence roundup, Signals and Space, and you’ll never miss a beat. And be sure to follow T-Minus on LinkedIn and Instagram.

T-Minus Crew Survey

We want to hear from you! Please complete our 4 question survey. It’ll help us get better and deliver you the most mission-critical space intel every day.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at space@n2k.com to request more info.

Want to join us for an interview?

Please send your pitch to space-editor@n2k.com and include your name, affiliation, and topic proposal.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Decoding XDR: Allie Mellen on What’s Next [Threat Vector]

Tue, 24 Dec 2024 07:00:00 -0000

While we are on our winter publishing break, please enjoy an episode of our N2K CyberWire network show, Threat Vector *by Palo Alto Networks**. See you in 2025!*

Announcement: We are pleased to share an exciting announcement about Cortex XDR at the top of our show. You can learn more here. Check out our episode on "Cyber Espionage and Financial Crime: North Korea’s Double Threat" with Assaf Dahan, Director of Threat Research at Palo Alto Networks Cortex team.

Join host David Moulton on Threat Vector, as he dives deep into the rapidly evolving XDR landscape with Allie Mellen, Principal Analyst at Forrester. With expertise in security operations, nation-state threats, and the application of AI in security, Allie offers an inside look at how XDR is reshaping threat detection and response. From tackling the SIEM market’s current challenges to optimizing detection engineering, Allie provides invaluable insights into the people, processes, and tools central to an effective SOC. This episode offers listeners a thoughtful exploration of how to navigate today's complex threat landscape and separate XDR hype from reality. Perfect for cybersecurity professionals looking to stay ahead in the field, tune in to hear expert perspectives on the next steps in cybersecurity resilience.

Ready to go deeper? Join Josh Costa, Director of Product Marketing, Allie Mellen, Principal Analyst at Forrester and David Moulton, Director of Content and Thought Leadership for Unit 42 as they discuss the State of XDR https://start.paloaltonetworks.com/State-of-XDR-with-Forrester.

Join the conversation on our social media channels:

Website: http://www.paloaltonetworks.com
Threat Research: ⁠⁠⁠⁠https://unit42.paloaltonetworks.com/⁠⁠⁠⁠
Facebook: ⁠⁠⁠⁠https://www.facebook.com/LifeatPaloAltoNetworks/⁠⁠⁠⁠
LinkedIn: ⁠⁠⁠⁠https://www.linkedin.com/company/palo-alto-networks/
YouTube: ⁠⁠⁠⁠@paloaltonetworks
Twitter: ⁠⁠⁠⁠https://twitter.com/PaloAltoNtwks⁠⁠⁠⁠

About Threat Vector

The podcast features in-depth discussions with industry leaders, Palo Alto Networks experts, and customers, providing crucial insights for security decision-makers.

Palo Alto Networks

Learn more about your ad choices. Visit megaphone.fm/adchoices

Court puts the ‘spy’ in spyware.

Mon, 23 Dec 2024 21:10:00 -0000

A federal judge finds NSO Group liable for hacking WhatsApp. China accuses the U.S. government of cyberattacks. The UK’s Operation Destabilise uncovers a vast criminal network. An alleged LockBit developer says he did it for the money. Apache releases a security update for their Tomcat web server. Siemens issues a security advisory for their User Management Component. Italy’s data protection authority fines OpenAI $15.6 million. Researchers demonstrate a method to bypass the latest Wi-Fi security protocol. Apple sends potential spyware victims to a nonprofit for help. Our guest is Sven Krasser, CrowdStrike's Senior Vice President Data Science and Chief Scientist, talking about balancing AI and human intervention. Hackers supersize their McDonald’s delivery orders.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today, our guest is Sven Krasser, CrowdStrike's Senior Vice President Data Science and Chief Scientist, talking about balancing AI and human intervention.

Selected Reading

Judge rules NSO Group is liable for spyware hacks targeting 1,400 WhatsApp user devices (Recorded Future)

Chinese cyber center points finger at U.S. over alleged cyberattacks to steal trade secrets (CyberScoop)

Inside Operation Destabilise: How a ransomware investigation linked Russian money laundering and street-level drug dealing (Recorded Future)

Suspected LockBit dev faces extradition to the US (The Register)

Apache fixes remote code execution bypass in Tomcat web server (Bleeping Computer)

Siemens Warn of Critical Vulnerability in UMC (GovInfoSecurity)

Italy's Privacy Watchdog Fines OpenAI for ChatGPT's Violations in Collecting Users Personal Data (SecurityWeek)

WPA3 Network Password Bypassed via MITM Attack & Social Engineering (CyberSecurityNews.com)

Apple Warns Users Of iPhone Spyware Attacks—What You Need To Know (Forbes)

McDonald’s Delivery App Vulnerability Let Anyone Place an Order for Just $0.01 (CyberSecurityNews.com)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Jim Zufoletti: Building your experience portfolio. [Entrepreneur] [Career Notes]

Sun, 22 Dec 2024 08:00:00 -0000

CEO and co-founder of SafeGuard Cyber Jim Zufoletti shares his journey starting out as an intrepreneur and transformation into a serial entrepreneur in cybersecurity. Jim shares how he got his feet wet working for others as an intrepreneur and catching the entrepreneurial bug in the mid-90s. He has co-founded a number of companies starting with FreeMarkets, a B2B ecommerce company. After that went public and Jim moved on, he went to business school at the University of Virginia and crossed paths with his future co-founder of SafeGuard Cyber. At UVA, Jim was inspired by a professor who exposed him to the effectuation approach to entrepreneurship, Along those lines, Jim recommends those looking to start a business in cyber build their experience portfolio. Jim took what he learned to help build where he is today. His company helps protect the humans in this new digital world with the current work from home environment. And, we thank Jim for sharing his story with us.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Quishing for trouble. [Research Saturday]

Sat, 21 Dec 2024 08:00:00 -0000

Adam Khan, VP of Security Operations at Barracuda, joins to discuss his team's work on "The evolving use of QR codes in phishing attacks." Cybercriminals are evolving phishing tactics by embedding QR codes, or “quishing,” into PDF documents attached to emails, tricking recipients into scanning them to access malicious websites that steal credentials.

Barracuda researchers found over half a million such emails from June to September 2024, with most impersonating brands like Microsoft, DocuSign, and Adobe to exploit urgency and trust. To counter these attacks, businesses should deploy multilayered email security, use AI-powered detection tools, educate employees on QR code risks, and enable multifactor authentication to safeguard accounts.

The research can be found here:

Threat Spotlight: The evolving use of QR codes in phishing attacks

Learn more about your ad choices. Visit megaphone.fm/adchoices

Ukraine’s fight to restore critical data.

Fri, 20 Dec 2024 21:10:00 -0000

Russian hackers attack Ukraine’s state registers. NotLockBit is a new ransomware strain targeting macOS and Windows. Sophos discloses three critical vulnerabilities in its Firewall product. The BadBox botnet infects over 190,000 Android devices. BeyondTrust patches two critical vulnerabilities. Hackers stole $2.2 billion from cryptocurrency platforms in 2024. Officials dismantle a live sports streaming piracy ring. Rockwell Automation patches critical vulnerabilities in a device used for energy control in industrial systems. A new report from Dragos highlights ransomware groups targeting industrial sectors. A Ukrainian national is sentenced to 60 months in prison for distributing the Raccoon Infostealer malware. We bid a fond farewell to our colleague Rick Howard, who’s retiring after years of inspiring leadership, wisdom, and camaraderie. The LockBit gang tease what’s yet to come.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today’s guest segment is bittersweet as we bid farewell to our beloved Rick Howard, who’s retiring after years of inspiring leadership, wisdom, and camaraderie. Join us in celebrating his incredible journey, sharing heartfelt memories, and letting him know just how deeply he’ll be missed by all of us here at N2K.

Selected Reading

Ukraine’s state registers hit with one of Russia’s largest cyberattacks, officials say (The Record)

NotLockBit - Previously Unknown Ransomware Attack Windows & macOS (GB Hackers)

Critical Sophos Firewall Vulnerabilities Let Attackers Execute Remote Code (Cyber Security News)

Botnet of 190,000 BadBox-Infected Android Devices Discovered (SecurityWeek)

BeyondTrust Security Incident — Command Injection and Escalation Weaknesses (CVE-2024-12356, CVE-2024-12686) (SOCRadar)

Crypto-Hackers Steal $2.2bn as North Koreans Dominate (Infosecurity Magazine)

Massive live sports piracy ring with 812 million yearly visits taken offline (Bleeping Computer)

Rockwell PowerMonitor Vulnerabilities Allow Remote Hacking of Industrial Systems (SecurityWeek)

Ransomware Attackers Target Industries with Low Downtime Tolerance (Infosecurity Magazine)

Ukrainian Raccoon Infostealer Operator Sentenced to Prison in US (SecurityWeek)

NetWalker Ransomware Operator Sentenced For Hacking Hundreds Of Organizations (Cyber Security News)

LockBit Admins Tease a New Ransomware Version (Infosecurity Magazine)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Breached but not broken.

Thu, 19 Dec 2024 21:10:00 -0000

CISA urges senior government officials to enhance mobile device security. Russian state-sponsored hacker group Sandworm is targeting Ukrainian soldiers. A website bug in GPS tracking firm Hapn is exposing customer information. Multiple critical vulnerabilities have been identified in Sharp branded routers. Ireland’s Data Protection Commission fines Meta $263 million for alleged GDPR violations. Google releases an urgent Chrome security update to address four high-rated vulnerabilities. Cyberattacks on India-based organizations surged 92% year-over-year. Cybercriminals target Google Calendar to launch phishing attacks. Fortinet patches a critical vulnerability in FortiWLM. Juniper Networks warns of a botnet infection targeting routers with default credentials. Our guest is Jeff Krull, principal and practice leader of Baker Tilly's cybersecurity practice, with advice on using employee access controls to limit internal cyber threats. When is “undesirable” a badge of honor?

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Our guest is Jeff Krull, principal and practice leader of Baker Tilly's cybersecurity practice, talking about using employee access controls to limit internal cyber threats.

Selected Reading

CISA urges senior government officials to lock down mobile devices amid ongoing Salt Typhoon breach (The Record)

Sandworm-linked hackers target users of Ukraine’s military app in new spying campaign (The Record)

Tracker firm Hapn spilling names of thousands of GPS tracking customers (TechCrunch)

Multiple security flaws reported in SHARP routers (Beyond Machines)

Meta fined $263 million for alleged GDPR violations that led to data breach (The Record)

Update Google Chrome Now—4 New Windows, Mac, Linux Security Warnings (Forbes)

India Sees Surge in Banking, Utilities API Attacks (Dark Reading)

Google Calendar Phishing Scam Targets Users with Malicious Invites (Hackread)

Fortinet Patches Critical FortiWLM Vulnerability (SecurityWeek)

Juniper Warns of Mirai Botnet Targeting Session Smart Routers (SecurityWeek)

Recorded Future CEO Calls Russia’s “Undesirable” Listing a “Compliment” (Infosecurity Magazine)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Hacking allegations and antitrust heat.

Wed, 18 Dec 2024 21:10:00 -0000

The U.S. considers a ban on Chinese made routers. More than 200 Cleo managed file-transfer servers remain vulnerable. The Androxgh0st botnet expands. Schneider Electric reports a critical vulnerability in some PLCs. A critical Apache Struts 2 vulnerability is being actively exploited. Malicious campaigns are targeting Chinese-branded IoT devices. A Nebraska-based healthcare insurer discloses a data breach affecting over 225,000 individuals. IntelBroker leaks 2.9GB of data from Cisco’s DevHub environment. CISA issues a Binding Operational Directive requiring federal agencies to enhance cloud security. On today’s CERTByte segment, Chris Hare and Dan Neville unpack a question targeting the Network+ certification. INTERPOL says, “Enough with the pig butchering.“

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CertByte Segment

This week, Chris is joined by Dan Neville to break down a question targeting the Network+ certification (N10-008 expires on 12/20/24 and the N10-009 update launched on June 20th of this year). Today’s question comes from N2K’s CompTIA® Network+ Practice Test, both exam versions of which are offered on our site.

Have a question that you’d like to see covered? Email us at certbyte@n2k.com. If you're studying for a certification exam, check out N2K’s full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify. To get the full news to knowledge experience, learn more about our N2K Pro subscription at https://thecyberwire.com/pro.

Please note: The questions and answers provided here and on our site are not actual current or prior questions and answers from these certification publishers or providers.

Selected Reading

U.S. Weighs Ban on Chinese-Made Router in Millions of American Homes (Wall Street Journal)

Attack Exposure: Unpatched Cleo Managed File-Transfer Software (BankInfo Security)

Androxgh0st Botnet Targets IoT Devices, Exploiting 27 Vulnerabilities (Hackread)

Schneider Electric reports critical flaw in Modicon Programmable Logic Controllers (Beyond Machines)

RATs can sniff out your Chinese-made web cameras: here’s how to defend yourself (Cybernews)

Regional Care Data Breach Impacts 225,000 People (SecurityWeek)

Hacker IntelBroker Leaked 2.9GB of Data Stolen From Cisco DevHub Instance (Cyber Security News)

New critical Apache Struts flaw exploited to find vulnerable servers (Bleeping Computer)

CISA Issues Binding Operational Directive for Improved Cloud Security (SecurityWeek)

Playbook for Strengthening Cybersecurity in Federal Grant Programs for Critical Infrastructure (CISA)

INTERPOL urges end to 'Pig Butchering' term, cites harm to online victims (INTERPOL)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

The cost of peeking at U.S. traffic.

Tue, 17 Dec 2024 21:10:00 -0000

The Biden administration takes its first step to retaliate against China for the Salt Typhoon cyberattack. The Feds release a draft National Cyber Incident Response Plan. Telecom Namibia suffers a cyberattack. The Australian Information Commissioner has reached a $50 million settlement with Meta over the Cambridge Analytica scandal. CISA releases its 2024 year in review. LastPass hackers nab an additional five millions dollars. Texas Tech University notifies over 1.4 million individuals of a ransomware attack. Researchers discover a new DarkGate RAT attack vector using vishing. A fraudster gets 69 months in prison. On our Threat Vector segment, David Moulton speaks with Nir Zuk, Founder and CTO of Palo Alto Networks about predictions for 2025. Surveillance tweaks our brains in unexpected ways.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

Threat Vector Segment

On our Threat Vector segment, we preview this week’s episode where host David Moulton talks with Nir Zuk, Founder and CTO of Palo Alto Networks. They talk about Palo Alto Networks' predictions for 2025, focusing on the shift to unified data security platforms and the growing importance of AI in cybersecurity. You can catch new episodes of Threat Vector every Thursday here and on your favorite podcast app.

Selected Reading

Biden Administration Takes First Step to Retaliate Against China Over Hack (The New York Times)

US Unveils New National Cyber Incident Response Plan (Infosecurity Magazine)

Telecom Namibia Cyberattack: 400,000 Files Leaked (The Cyber Express)

Landmark settlement of $50m from Meta for Australian users impacted by Cambridge Analytica incident (OAIC)

CISA Warns of New Windows Vulnerability Used in Hacker Attacks (CyberInsider)

CISA 2024 Year in review (CISA)

LastPass threat actor steals $5.4M from victims just a week before Xmas (Cointelegraph)

Texas Tech University Data Breach Impacts 1.4 Million People (SecurityWeek)

Microsoft Teams Vishing Spreads DarkGate RAT (Dark Reading)

Man Accused of SQL Injection Hacking Gets 69-Month Prison Sentence (SecurityWeek)

The psychological implications of Big Brother’s gaze (SCIMEX)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Rhode Island cyberattack exposes sensitive data.

Mon, 16 Dec 2024 21:10:00 -0000

A cyberattack in Rhode Island targets those who applied for government assistance programs. U.S. Senators propose a three billion dollar budget item to “rip and replace” Chinese telecom equipment. The Clop ransomware gang confirms exploiting vulnerabilities in Cleo’s managed file transfer platforms. A major Southern California healthcare provider suffers a ransomware attack. A leading US auto parts provider discloses a cyberattack on its Canadian business unit.SRP Federal Credit Union notifies over 240,000 individuals of cyberattack. A sophisticated phishing campaign targets YouTube creators. Researchers identify a high-severity vulnerability in Mullvad VPN. A horrific dark web forum moderator gets 30 years in prison. Our guests are Perry Carpenter and Mason Amadeus, hosts of the new FAIK Files podcast. Jailbreaking your license plate.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Our guests are Perry Carpenter and Mason Amadeus, hosts of The FAIK Files podcast, talking about their new show. You can find new episodes of The FAIK Files every Friday on the N2K CyberWire network.

Selected Reading

Personal Data of Rhode Island Residents Breached in Large Cyberattack (The New York Times)

Senators, witnesses: $3B for ‘rip and replace’ a good start to preventing Salt Typhoon-style breaches ( CyberScoop)

Clop ransomware claims responsibility for Cleo data theft attacks (Bleeping Computer)

Hackers Steal 17M Patient Records in Attack on 3 Hospitals (BankInfo Security)

Major Auto Parts Firm LKQ Hit by Cyberattack (Securityweek)

SRP Federal Credit Union Ransomware Attack Impacts 240,000 (Securityweek)

ConnectOnCall Announces 914K-Record Data Breach (HIPAA Journal)

Malware Hidden in Fake Business Proposals Hits YouTube Creators (Hackread)

Critical Mullvad VPN Vulnerabilities Let Attackers Execute Malicious Code (Cyber Security News)

Texan man gets 30 years in prison for running CSAM exchange (The Register)

Hackers Can Jailbreak Digital License Plates to Make Others Pay Their Tolls and Tickets (WIRED)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Marcelle Lee: Cyber sleuth detecting emerging threats. [Research] [Career Notes]

Sun, 15 Dec 2024 08:00:00 -0000

Please enjoy this encore episode of Career Notes.

Senior security researcher from Secureworks Marcelle Lee shares her career journey into cybersecurity and how she helps solve hard problems in her daily work. Marcelle came into cybersecurity not through any traditional path. She describes her route from a different field and starting in cyber at her local community college through a grant program. Marcelle took full advantage of the opportunities she had and grew her career from there. She recommends finding your specialty, but continue to build other skills. As a woman in the field, she is a strong proponent of diversity and encouraging others to find what excites them. And, we thank Marcelle for sharing her story with us.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Watching the watchers. IoT vulnerabilities exposed by AI. [Research Saturday]

Sat, 14 Dec 2024 08:00:00 -0000

This week, we are joined by Andrew Morris, Founder and CTO of GreyNoise, to discuss their work on "GreyNoise Intelligence Discovers Zero-Day Vulnerabilities in Live Streaming Cameras with the Help of AI." GreyNoise discovered two critical zero-day vulnerabilities in IoT-connected live streaming cameras, used in sensitive environments like healthcare and industrial operations, by leveraging its AI-powered detection system, Sift.

The vulnerabilities, CVE-2024-8956 (insufficient authentication) and CVE-2024-8957 (OS command injection), could allow attackers to take full control of affected devices, manipulate video feeds, or integrate them into botnets for broader attacks. This breakthrough underscores the transformative role of AI in identifying threats that traditional systems might miss, highlighting the urgent need for robust cybersecurity measures in the expanding IoT landscape.

The research can be found here:

GreyNoise Intelligence Discovers Zero-Day Vulnerabilities in Live Streaming Cameras with the Help of AI

Learn more about your ad choices. Visit megaphone.fm/adchoices

Hackers in handcuffs.

Fri, 13 Dec 2024 21:10:00 -0000

The U.S. dismantles the Rydox criminal marketplace. File-sharing provider Cleo urges customers to immediately patch a critical vulnerability. A Japanese media giant reportedly paid nearly $3 million to a Russia-linked ransomware group. The largest Bitcoin ATM operator in the U.S. confirms a data breach. Microsoft quietly patches two potentially critical vulnerabilities. Researchers at Claroty describe a malware tool used by nation-state actors to target critical IoT and OT systems. Dell releases patches for a pair of critical vulnerabilities. A federal court indicts 14 North Korean nationals for a scheme funding North Korea’s weapons programs. Texas accuses a data broker of sharing sensitive driving data without consent. Tim Starks, senior reporter at CyberScoop, joins Dave to explore the FCC's groundbreaking proposal to introduce cybersecurity rules linked to wiretapping laws. How the bots stole Christmas.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Tim Starks, senior reporter at CyberScoop, joins Dave to explore the FCC's groundbreaking proposal to introduce cybersecurity rules linked to wiretapping laws. Read more about it in Tim’s article.

Selected Reading

Rydox Cybercrime Marketplace Disrupted, Administrators Arrested (SecurityWeek)

Cleo urges customers to ‘immediately’ apply new patch as researchers discover new malware (The Record)

Japanese game and anime publisher reportedly pays $3 million ransom to Russia-linked hackers (The Record)

Bitcoin ATM Giant Byte Federal Hit by Hackers, 58,000 Users Impacted (Hackread)

Microsoft Patches Vulnerabilities in Windows Defender, Update Catalog (SecurityWeek)

Researchers Discover Malware Used by Nation-Sates to Attack OT Systems (Infosecurity Magazine)

Critical Dell Security Vulnerabilities Let Attackers Compromise Affected Systems (Cyber Security News)

14 North Korean IT Workers Charged, US to Offer $5 Million Rewards for Info (Cyber Security News)

Texas adds data broker specializing in driver behavior to list of alleged privacy law violators (The Record)

UK Shoppers Frustrated as Bots Snap Up Popular Christmas Gifts (Infosecurity Magazine)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

When AI goes offline.

Thu, 12 Dec 2024 21:10:00 -0000

ChatGPT and Meta face widespread outages. Trump advisors explore splitting NSA and CyberCom leadership roles. A critical vulnerability in Apache Struts 2 has been disclosed. “AuthQuake” allowed attackers to bypass Microsoft MFA protections. Researchers identify Nova, a sophisticated variant of the Snake Keylogger malware. Adobe addresses critical vulnerabilities across their product line. Chinese law enforcement has been using spyware to collect data from Android devices since 2017. A new report highlights the gaps in hardware and firmware security management. A Krispy Kreme cyberattack creates a sticky situation. N2K’s Executive Editor Brandon Karpf speaks with guest Mike Silverman, Chief Strategy and Innovation Officer at the FS-ISAC discussing cryptographic agility. Do Not Track bids a fond farewell.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today, N2K’s Executive Editor Brandon Karpf speaks with guest Mike Silverman, Chief Strategy and Innovation Officer at the FS-ISAC discussing cryptographic agility. You can learn more in their new white paper "Building Cryptographic Agility in the Financial Sector." We will share the extended version of this conversation over our winter break. Stay tuned.

Selected Reading

ChatGPT Down Globally, Services Restored After Hours Of Outage (Cyber Security News)

Facebook, Instagram and other Meta apps go down due to 'technical issue' (CNBC)

Unfinished business for Trump: Ending the Cyber Command and NSA 'dual hat' (The Record)

Apache issues patches for critical Struts 2 RCE bug (The Register)

Microsoft MFA Bypassed via AuthQuake Attack (SecurityWeek)

Nova Keylogger – A Snake Malware Steal Credentials and Capture Screenshorts From Windows (Cyber Security News)

Adobe releases December 2024 patches for flaws in multiple products, including critical (Beyond Machines)

Mobile Surveillance Tool EagleMsgSpy Used by Chinese Law Enforcement (SecurityWeek)

Three-Quarters of Security Leaders Admit Gaps in Hardware Knowledge (Infosecurity Magazine)

Krispy Kreme cyberattack impacts online orders and operations (Bleeping Computer)

Firefox, one of the first “Do Not Track” supporters, no longer offers it (Ars Technica)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

When exploits go wild and patches race the clock.

Wed, 11 Dec 2024 21:10:00 -0000

Microsoft confirms a critical Windows zero-day vulnerability. Global law enforcement agencies dismantle 27 DDoS platforms. Researchers compromise memory in AMD virtual machines. Ivanti reports multiple critical vulnerabilities in its Cloud Services Application. Group-IB researchers expose a sophisticated global phishing campaign. A zero-day vulnerability in Cleo’s managed file transfer software is under active exploitation. The U.S. sanctions a Chinese firm for a 2020 firewall exploit. Congress looks to require the FCC to regulate telecom cybersecurity. Our guest is Malachi Walker, Security Strategist at DomainTools, discussing their role in ODNI's newly established Sentinel Horizon Program. SpartanWarriorz dodge a Telegram crackdown.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Our guest is Malachi Walker, Security Strategist at DomainTools, about their role in ODNI's newly established Sentinel Horizon Program.

Selected Reading

New Windows 0Day Attack Confirmed—Homeland Security Says Update Now (Forbes)

Microsoft Fixes 71 CVEs Including Actively Exploited Zero-Day (Infosecurity Magazine)

Atlassian, Splunk Patch High-Severity Vulnerabilities (SecurityWeek)

Chrome Security Update, Patch for 3 High-severity Vulnerabilities (Cyber Security News)

ICS Patch Tuesday: Security Advisories Released by Siemens, Schneider, CISA, Others (SecurityWeek)

Operation PowerOFF Takes Down DDoS Boosters (Infosecurity Magazine)

AMD Chip VM Memory Protections Broken by BadRAM (Security Boulevard)

Three more vulns spotted in Ivanti CSA, all critical, one 10/10 (The Register)

Global Ongoing Phishing Campaign Targets Employees Across 12 Industries (Hackread)

New Cleo zero-day RCE flaw exploited in data theft attacks (Bleeping Computer)

US Sanctions Chinese Firm at Center of Global Firewall Hack (Infosecurity Magazine)

Wyden legislation would mandate FCC cybersecurity rules for telecoms (CyberScoop)

Scam Kit Maker Rebuilding Business After Telegram Channel Shut Down (Security Boulevard)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Buckets of trouble.

Tue, 10 Dec 2024 21:10:00 -0000

Researchers uncover a large-scale hacking operation tied to the infamous ShinyHunters. A Dell Power Manager vulnerability lets attackers execute malicious code. TikTok requests a federal court injunction to delay a U.S. ban. Radiant Capital attributed a $50 million cryptocurrency heist to North Korea. Japanese firms report ransomware attacks affecting their U.S. subsidiaries. WhatsApp’s “ViewOnce” feature faces continued scrutiny. SpyLoan malware targets Android users through deceptive loan apps. A major Romanian electricity distributor is investigating an ongoing ransomware attack. A critical flaw in OpenWrt Sysupgrade has been fixed. Contenders for top cyber roles in the next Trump administration visit Mar-a-Lago. On our Industry Voices segment, Jason Lamar, Cobalt’s Senior Vice President of Product, joins us to share insights on offensive security: staying ahead of cyber threats. Google’s new quantum chip promises scaling without failing.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On our Industry Voices segment, Jason Lamar, Cobalt’s Senior Vice President of Product, joins us to share insights on offensive security: staying ahead of cyber threats. Check out Cobalt’s GigaOm Radar Report for PTaaS 2024 to learn more.

Selected Reading

ShinyHunters, Nemesis Linked to Hacks After Leaking Their AWS S3 Bucket (Hackread)

Dell Power Manager Vulnerability Let Attackers Execute Malicious Code (Cyber Security News)

TikTok Asks Court To Suspend Ban Ahead of Supreme Court Appeal (The Information)

Radiant links $50 million crypto heist to North Korean hackers (Bleeping Computer)

US subsidiaries of Japanese water treatment company, green tea maker hit with ransomware (The Record)

WhatsApp View Once Vulnerability Let Attackers Bypass The Privacy Feature (Cyber Security News)

SpyLoan Malware: A Growing Threat to Android Users (Security Boulevard)

Romanian energy supplier Electrica hit by ransomware attack (Bleeping Computer)

OpenWrt Sysupgrade flaw let hackers push malicious firmware images (Bleeping Computer)

Homeland Security veteran to be interviewed for Trump administration cyber role (The Record)

Google claims ‘breakthrough’ with new quantum chip (Silicon Republic)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Router security in jeopardy.

Mon, 09 Dec 2024 21:10:00 -0000

A critical zero-day is confirmed by a Japanese router maker. Romania annuls the first round of its 2024 presidential election over concerns of Russian interference. A sophisticated malware campaign targets macOS users. Mandiant uncovers a method to bypass browser isolation using QR codes. Belgian and Dutch authorities arrest eight individuals linked to online fraud schemes. A medical device company discloses a ransomware attack. A community hospital in Massachusetts confirms a ransomware attack affecting over three hundred thousand. The Termite ransomware gang claims responsibility for the attack on Blue Yonder. Synology patches multiple vulnerabilities in its Router Manager (SRM) software. The head of U.S. Cyber Command outlines the challenges of keeping decision makers up to date. Our guest is Anna Pobletts, Head of Passwordless at 1Password, discussing the state of passkeys and what she sees on the road to a truly passwordless future. Robot rats join the mischief.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Our guest is Anna Pobletts, Head of Passwordless at 1Password, discussing the state of passkeys and what she sees on the road to a truly passwordless future.

Selected Reading

I-O Data Confirms Zero-Day Attacks on Routers, Full Patches Pending (SecurityWeek)

Romania’s top court annuls presidential election result (CNN)

MacOS Passwords Alert—New Malware Targets Keychain, Chrome, Brave, Opera (Forbes)

QR codes bypass browser isolation for malicious C2 communication (Bleeping Computer)

Eight Suspected Phishers Arrested in Belgium, Netherlands (SecurityWeek)

Medical Device Maker Artivion Scrambling to Restore Systems After Ransomware Attack (SecurityWeek)

Anna Jaques Hospital ransomware breach exposed data of 300K patients (Bleeping Computer)

Blue Yonder SaaS giant breached by Termite ransomware gang (Bleeping Computer)

Synology Router Vulnerabilities Let Attackers Inject Arbitrary Web Script (Cyber Security News)

Cyber Command Chief Discusses Challenges of Getting Intel to Users (Defense.gov)

Robot Rodents: How AI Learned To Squeak And Play (Hackaday)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Aviv Grafi: There needs to be fundamental changes in security. [CEO] [Career Notes]

Sun, 08 Dec 2024 08:00:00 -0000

CEO and Founder of Votiro Aviv Grafi shares his story from serving as a member of the IDF's intelligence forces to leading his own venture. Aviv says his service in the IDF shaped a lot of his thinking and problem solving. Following his military service, Aviv worked to gain more real world and business experience. Starting his own business as a pentester was where the seeds for what would become Votiro would form. Aviv talks about the roller coaster that you experience when starting your own venture and offers some advice. And, we thank Aviv for sharing his story with us.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Digital Mindhunters: a novel look at cybersecurity and artificial intelligence. [Special Edition]

Sun, 08 Dec 2024 07:00:00 -0000

In this special edition podcast, N2K's Executive Editor Brandon Karpf talks with author, CEO and cybersecurity advisor Dr. Bilyana Lilly about her new novel "Digital Mindhunters."

Book Overview

In a high-stakes game of espionage and deception, a female analyst uncovers Russia's plot to wield artificial intelligence, espionage, and disinformation as weapons of chaos against the United States. As she races against time to thwart an assassination plot, she finds herself entangled in a web of international intrigue and discovers a parallel threat from a Chinese spy network aiming to steal data, manipulate American voters, and harness technology to dismantle the very foundations of U.S. democracy. In a world where lies are a weapon and trust is a luxury, she navigates the treacherous worlds of arms dealers, hackers, and spies to protect her country.

About the author

Dr. Bilyana Lilly is a cybersecurity and information warfare expert. She advises senior executives in the private and public sector on how to mitigate cybersecurity risk across their enterprises. Dr. Lilly serves on the Advisory Boards of the venture capital firm Night Dragon and the cybersecurity firm RunSafe Security. She chairs the Democratic Resilience Track of the Warsaw Security Forum and is an adjunct senior advisor for critical infrastructure and resilience at the Institute for Security and Technology. Her previous roles include a manager at Deloitte's Financial Cybersecurity Practice and a fellow at the RAND Corporation. Dr. Lilly holds a PhD in policy analysis and cyber security, and three master's degrees, including an honors degree from Oxford University. Her book "Russian Information Warfare" became a bestseller and is on display at the Pentagon. Dr. Lilly is a mentor and a speaker at RSA, DefCon, CyCon, and the Executive Women's Forum. She has been denounced by Russia's Ministry of Foreign Affairs and called cyber expert by Tom Hanks.

Learn more about your ad choices. Visit megaphone.fm/adchoices

The JPHP loader breaking away from the pack. [Research Saturday]

Sat, 07 Dec 2024 08:00:00 -0000

Shawn Kanady, Global Director of Trustwave SpiderLabs, to discuss their work on "Pronsis Loader: A JPHP-Driven Malware Diverging from D3F@ck Loader." Trustwave SpiderLabs has uncovered Pronsis Loader, a new malware variant using the rare programming language JPHP and stealthy installation tactics to evade detection.

The malware is capable of delivering high-risk payloads like Lumma Stealer and Latrodectus, posing a significant threat. Researchers highlight its unique capabilities and infrastructure, offering insights for bolstering cybersecurity defenses.

The research can be found here:

Pronsis Loader: A JPHP-Driven Malware Diverging from D3F@ck Loader

Learn more about your ad choices. Visit megaphone.fm/adchoices

The NTLM bug that sees and steals.

Fri, 06 Dec 2024 21:10:00 -0000

Researchers uncover a critical Windows zero-day. An alleged Ukrainian cyberattack targets one of Russia’s largest banks. Russian group BlueAlpha exploits CloudFlare services. Microsoft flags Chinese hacking group Storm-0227 for targeting critical infrastructure and U.S. government agencies. SonicWall patches high-severity vulnerabilities in its secure access gateway. Atrium Health reports a data breach affecting over half a million individuals. Rockwell Automation discloses four critical vulnerabilities in its Arena software. U.S. authorities arrest an alleged member of the Scattered Spider gang. Our guest is Hugh Thompson, RSAC program committee chair, discussing the 2025 Innovation Sandbox Contest and its new investment component. C3PO gets caught in the crypto mines.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Joining Dave today is Hugh Thompson, RSAC program committee chair, discussing the 2025 Innovation Sandbox Contest and its new investment component. Read more details in the press release.

Selected Reading

New Windows 7 To 11 Warning As Zero-Day With No Official Fix Confirmed (Forbes)

Russian users report Gazprombank outages amid alleged Ukrainian cyberattack (The Record)

BlueAlpha Russian hackers caught abusing CloudFlare services (SC Media)

U.S. org suffered four month intrusion by Chinese hackers (Bleeping Computer)

Microsoft: Another Chinese cyberspy crew targeting US critical orgs 'as of yesterday' (The Register)

SonicWall Patches 6 Vulnerabilities in Secure Access Gateway (SecurityWeek)

Mitel MiCollab zero-day and PoC exploit unveiled (Help Net Security)

Atrium Health Data Breach Impacts 585,000 People (SecurityWeek)

Rockwell Automation Vulnerabilities Let Attackers Execute Remote Code (Cyber Security News)

US arrests Scattered Spider suspect linked to telecom hacks (Bleeping Computer)

Nebraska Man pleads guilty to $3.5 million cryptojacking scheme (Bleeping Computer)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Dismantling the Manson cybercrime market.

Thu, 05 Dec 2024 20:00:00 -0000

Europol dismantles the Manson cybercrime market. Operation Destabilise stops two major Russian-speaking money laundering networks. New details emerge on China’s attacks on U.S. telecoms. Black Lotus Labs uncovers a covert campaign by the Russian-based threat actor “Secret Blizzard”. Cisco issues patches for a high impact bootloader vulnerability. Trend Micro researchers uncovered Earth Minotaur targeting Tibetan and Uyghur communities. Payroll Pirates target HR payroll systems to redirect employee funds .Pegasus spyware may be more prevalent than previously believed. Our guest today is Jon France, CISO at ISC2, with insights from the ISC2 2024 Workforce Study. How businesses can lose customers one tip at a time.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Our guest today is Jon France, CISO at ISC2, sharing the ISC2 2024 Workforce Study. You can read the press release about the report here and dig into the details of the report itself here.

Selected Reading

50 Servers Linked to Cybercrime Marketplace and Phishing Sites Seized by Law Enforcement (SecurityWeek)

UK’s NCA Disrupts Multibillion-Dollar Russian Money Launderers (Infosecurity Magazine)

The White House reveals at least 8 U.S. telecom firms impacted by China’s Salt Typhoon cyberattack (Fast Company)

Senators implore Department of Defense to expand the use of Matrix (Element)

Snowblind: The Invisible Hand of Secret Blizzard (Lumen)

Frequent freeloader part I: Secret Blizzard compromising Storm-0156 infrastructure for espionage (Microsoft Security)

Russian Hackers Exploit Rival Attackers’ Infrastructure for Espionage (Infosecurity Magazine)

Bootloader Vulnerability Impacts Over 100 Cisco Switches (SecurityWeek)

MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks (Trend Micro)

Hunting Payroll Pirates: Silent Push Tracks HR Redirect Phishing Scam (Silent Push)

iVerify Mobile Threat Investigation Uncovers New Pegasus Samples (iVerify)

How a Russian man’s harrowing tale shows the physical dangers of spyware (CyberScoop)

Share your feedback.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices