The CyberWire

The White House bans foreign-made drones. African law enforcement agencies crackdown on cybercrime. A new phishing campaign targets Russian military personnel and defense-related organizations. A University of Phoenix data breach affects about 3.5 million people. A pair of Chrome extensions covertly hijack user traffic. Romania's national water authority suffered a ransomware attack. A cyberattack in France disrupts postal, identity, and banking services for millions of customers. NIST and MITRE announce a $20 million partnership for AI research centers. A think-tank says the U.S. needs to go on the cyber offensive. Tim Starks from CyberScoop discusses the passage of the defense Authorization Bill and a look back at 2025. In high school, it's no child left unscanned. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Tim Starks from CyberScoop discussing the passage of the Defense Authorization Bill and a look back at 2025. Selected Reading Trump Administration Declares Foreign-Made Drones a Security Threat (The New York Times) Hundreds of Arrests as Operation Sentinel Recovers $3m (Infosecurity Magazine) Cyber spies use fake New Year concert invites to target Russian military (The Record) University of Phoenix Data Breach - 3.5 Million+ Individuals Affected (CybersecurityNews) Malicious extensions in Chrome Web store steal user credentials (BleepingComputer) Ransomware Hits Romanian Water Authority, 1000 Systems Knocked Offline (Hackread) Cyberattack knocks offline France's postal, banking services (BleepingComputer) NIST, MITRE announce $20 million research effort on AI cybersecurity (CyberScoop) US Must Go on Offense in Cyberspace, Report Warns (Govifosecurity) AI Bathroom Monitors? Welcome To America's New Surveillance High Schools (Forbes) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this CISOP episode of CSO Perspectives, Host Kim Jones sits down with John Funge, venture capitalist at DataTribe, to explore how investors view the cybersecurity landscape. Kim reflects on the tension between innovation, profit motives, and the real needs of security practitioners—raising questions about whether the industry prioritizes mitigation over true solutions. John offers a candid look inside the VC decision-making process, breaking down how teams, market fit, and long-term defensibility shape investment choices. Together, they examine how founders, investors, and CISOs can better align to drive meaningful, effective security innovation. Want more CISO Perspectives? Check out a companion ⁠⁠blog post⁠⁠ by our very own Ethan Cook, where he breaks down key insights, shares behind-the-scenes context, and highlights research that complements this episode. Learn more about your ad choices. Visit megaphone.fm/adchoices

NATO suspects Russia is developing a new anti-satellite weapon to disrupt the Starlink network. A failed polygraph sparks a DHS probe and deepens turmoil at CISA. A look back at Trump's cyber policy shifts. MacSync Stealer adopts a stealthy new delivery method.  Researchers warn a popular open-source server monitoring tool is being abused. Cyber criminals are increasingly bypassing technical defenses by recruiting insiders. Scripted Sparrow sends millions of BEC emails each month. Federal prosecutors take down a global fake ID marketplace. Monday business brief. Our guest is Eric Woodruff, Chief Identity Architect at Semperis, discussing "NoAuth Abuse Alert: Full Account Takeover." Atomic precision meets Colorado weather. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today on our Industry Voices, we are joined by Eric Woodruff, Chief Identity Architect at Semperis, discussing "NoAuth Abuse Alert: Full Account Takeover." Tune into the full conversation here. Selected Reading Starlink in the crosshairs: How Russia could attack Elon Musk's conquering of space (AP News) Project West Ford (Wikipedia) Acting CISA director failed a polygraph. Career staff are now under investigation (POLITICO) Dismantling Defenses: Trump 2.0 Cyber Year in Review (Krebs on Security) MacSync macOS Malware Distributed via Signed Swift Application (SecurityWeek) From ClickFix to code signed: the quiet shift of MacSync Stealer malware (Jamf)  Hackers Abuse Popular Monitoring Tool Nezha as a Stealth Trojan (Hackread) Cyber Criminals Are Recruiting Insiders in Banks, Telecoms, and Tech (Check Point) Scripted Sparrow Sends Millions of BEC Emails Each Month (Infosecurity Magazine) FBI Seizes Fake ID Template Domains Operating from Bangladesh (Hackread) Adaptive Security raises $81 million in a Series B round led by Bain Capital Ventures. (N2K Pro) NIST tried to pull the pin on NTP servers after blackout caused atomic clock drift (The Register) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of Career Notes. Principal consultant and pen tester at Secureworks, Eric Escobar, shares his career path translating his childhood favorite Legos to civil engineering and pivoting to cybersecurity. Eric was always headed toward engineering and got both his bachelor and master degrees in civil engineering. Upon breaking into a network with a friend, he was bitten by the cybersecurity bug. Making the switch to the red team and basically becoming a bankrobber for hire, Eric tests the security of many companies' networks. He feels that curiosity is an essential trait for cybersecurity and collaboration is key as no one person knows everything. He advises those interested in cybersecurity to just start. We thank Eric for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

Darren Meyer, Security Research Advocate at Checkmarx, is sharing their work on "Bypassing AI Agent Defenses with Lies-in-the-Loop." Checkmarx Zero researchers introduce “lies-in-the-loop,” a new attack technique that bypasses human‑in‑the‑loop AI safety controls by deceiving users into approving dangerous actions that appear benign. Using examples with AI code assistants like Claude Code, the research shows how prompt injection and manipulated context can trick both the agent and the human reviewer into enabling remote code execution. The findings highlight a growing risk as AI agents become more common in developer workflows, underscoring the limits of human oversight as a standalone security control. The research can be found here: ⁠Bypassing AI Agent Defenses With Lies-In-The-Loop Learn more about your ad choices. Visit megaphone.fm/adchoices

Trump signs the National Defense Authorization Act for 2026. Danish intelligence officials accuse Russia of orchestrating cyberattacks against critical infrastructure.  LongNosedGoblin targets government institutions across Southeast Asia and Japan. A new Android botnet infects nearly two million devices. WatchGuard patches its Firebox firewalls. Amazon blocks more than 1,800 North Korean operatives from joining its workforce. CISA releases nine new Industrial Control Systems advisories. The U.S. Sentencing Commission seeks public input on deepfakes. Prosecutors indict 54 in a large-scale ATM jackpotting conspiracy. Our guest is Nitay Milner, CEO of Orion Security, discussing the issue with data leaking into AI tools, and how CISOs must prioritize DLP. Riot Games finds cheaters hiding in the BIOS. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Nitay Milner, CEO of Orion Security, discusses the issue with data leaking into AI tools, and how CISOs must prioritize DLP. Selected Reading Trump signs defense bill allocating millions for Cyber Command, mandating Pentagon phone security (The Record) Denmark blames Russia for destructive cyberattack on water utility (Bleeping Computer) New China-linked hacker group spies on governments in Southeast Asia, Japan (The Record) 'Kimwolf' Android Botnet Ensnares 1.8 Million Devices (SecurityWeek) New critical WatchGuard Firebox firewall flaw exploited in attacks (Bleeping Computer) Amazon blocked 1,800 suspected DPRK job applicants (The Register) CISA Releases Nine Industrial Control Systems Advisories (CISA.gov) U.S. Sentencing Commission seeks input on criminal penalties for deepfakes (CyberScoop) US Charges 54 in Massive ATM Jackpotting Conspiracy (Infosecurity Magazine) Riot Games found a motherboard security flaw that helps PC cheaters (The Verge) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Hewlett Packard Enterprise patches a maximum-severity vulnerability in its OneView infrastructure management software. Cisco warns a critical zero-day is under active exploitation. An emergency Chrome update fixes two high-severity vulnerabilities. French authorities make multiple arrests. US authorities dismantle an unlicensed crypto exchange accused of money laundering. SonicWall highlights an exploited zero-day. Researchers earn $320,000 for demonstrating critical remote code execution flaws in cloud infrastructure components. A U.S. Senator urges electronic health record vendors to give patients greater control over who can access their medical data. Our guest is Larry Zorio, CISO from Mark43, discussing first responders and insider cyber risks. A right-to-repair group puts cash on the table.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Larry Zorio, CISO from Mark43, to discuss first responders sounding the alarm on insider cyber risks. To see the full report, check it out here. Selected Reading HPE warns of maximum severity RCE flaw in OneView software (Bleeping Computer) China-Linked Hackers Exploiting Zero-Day in Cisco Security Gear (SecurityWeek) Google Chrome patches two high severity vulnerabilities in emergency update (Beyond Machines) France arrests 22-year-old over Interior Ministry hack (The Record) France arrests Latvian for installing malware on Italian ferry  (Bleeping Computer) FBI dismantles alleged $70M crypto laundering operation (The Register) SonicWall Patches Exploited SMA 1000 Zero-Day (SecurityWeek) Zeroday Cloud hacking event awards $320,0000 for 11 zero days (Bleeping Computer) Senator Presses EHR Vendors on Patient Privacy Controls (Govinfosecurity) A nonprofit is paying hackers to unlock devices companies have abandoned (TechSpot) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Researchers detail a years-long Russian state-sponsored cyber espionage campaign. Israel's cyber chief warns against complacency. Vulnerabilities affect products from Fortinet and Hitachi Energy. Studies show AI models are rapidly improving at offensive cyber tasks. MITRE expands its D3FEND cybersecurity ontology to cover operational technology. Texas sues smart TV manufacturers, alleging illegal surveillance. A fraudulent gift card locks an Apple user out of their digital life. Our guest is Doron Davidson from CyberProof Israel discussing agentic SOCs and agentic transformation of an MDR. Fat racks crack the stacks. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, we are joined by ⁠Doron Davidson⁠, GM at ⁠CyberProof⁠ Israel, MD Security Operations, discussing agentic SOC and agentic transformation of an MDR. If you'd like to learn more be sure to check out ⁠CyberProof⁠. Tune into the full conversation here. Selected Reading Amazon Exposes Years-Long GRU Cyber Campaign Targeting Energy and Cloud Infrastructure (Live Threat Intelligence) IDF warns future cyberattacks may dwarf past threats (The Jerusalem Post) CISA reports active exploitation of critical Fortinet authentication bypass flaw (Beyond Machines) Hitachi Energy reports BlastRADIUS flaw in AFS, AFR and AFF Series product families (Beyond Machines) AI models are perfecting their hacking skills (Axios) AI Hackers Are Coming Dangerously Close to Beating Humans (WSJ) MITRE Extends D3FEND Ontology to Operational Technology Cybersecurity (Mitre) Texas sues biggest TV makers, alleging smart TVs spy on users without consent (Ars Technica) Locked out: How a gift card purchase destroyed an Apple account (Apple Insider) Racks of AI chips are too damn heavy (The Verge) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.  Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Venezuela's state oil company blames a cyberattack on the U.S. An Iranian hacker group offers cash bounties for doxing Israelis. Germany's lower house of parliament suffers a major email outage. South Korea's e-commerce breach exposes personal information of nearly all of that nation's adults. Researchers report active exploitation of two critical Fortinet authentication bypass vulnerabilities, and three critical vulnerabilities in the FreePBX VoIP platform. An auto-industry credit reporting agency suffers a data breach. Google is shutting down its dark web reporting service. European law enforcement dismantles a Ukrainian fraud network. Our guest is Christiaan Beek, Senior Director Threat Intelligence & Analytics from Rapid7, discussing how attackers are accelerating exploitation, refining ransomware, and expanding nation-state operations. A Pornhub breach proves the internet never forgets.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today's Industry Voices segment, guest Christiaan Beek, Senior Director Threat Intelligence & Analytics from Rapid7, discusses how attackers are accelerating exploitation, refining ransomware, and expanding nation-state operations. Dive into the details in Rapid7's report. Tune into Christiaan's full conversation here. Selected Reading Venezuela Says Oil Export System Down After Weekend Cyberattack (Bloomberg) Iran-linked hackers dox Israelis, offer cash bounties (The Jerusalem Post) German Parliament Allegedly Hit by Email Outage During US-Ukraine Talks Amid Cyberattack Suspicions (TechNadu) Breach at South Korea's Equivalent of Amazon Exposed Data of Almost Every Adult (Wall Street Journal) Arctic Wolf Observes Malicious SSO Logins on FortiGate Devices Following Disclosure of CVE-2025-59718 and CVE-2025-59719 (Arctic Wolf) Critical authentication bypass and multiple flaws discovered in FreePBX VoIP platform (Beyond Machines) Millions Affected by Massive 700Credit Data Breach (Tech.co) Google Is Shutting Down Its Dark Web Monitoring Tool (Technology.org)  European authorities dismantle call center fraud ring in Ukraine (Bleeping Computer) Porn User Data Stolen—Pornhub ‘Search, Watch And Download' Activity (Forbes) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode, host Kim Jones tacks a topic that is rapidly moving from theoretical to operational reality: quantum computing. While classical computing will remain the backbone of our systems for years to come, quantum technologies are advancing fast enough that CISOs must begin preparing today. Kim explores what quantum computing really means, why it matters for cybersecurity, and how leaders should begin planning for its inevitable impact. To help demystify the subject, Kim is joined by longtime colleague and cybersecurity practitioner Michael Sottile—now the CSO of a quantum computing firm—who brings decades of hands-on experience across industries and a front-row seat to quantum's evolution. Want more CISO Perspectives? Check out a companion ⁠⁠blog post⁠⁠ by our very own Ethan Cook, where he breaks down key insights, shares behind-the-scenes context, and highlights research that complements this episode. Learn more about your ad choices. Visit megaphone.fm/adchoices

Apple and Google issue emergency updates to patch zero-days.  Google links five additional Chinese state-backed hacking groups to “React2Shell.” France's Ministry of the Interior was hit by a cyberattack. Atlassian patches roughly 30 third-party vulnerabilities. Microsoft says its December 2025 Patch Tuesday updates are breaking Message Queuing. Researchers uncovered a massive exposed database with nearly 4.3 billion professional records openly accessible online. Britain's new MI6 chief warns of an “aggressive, expansionist, and revisionist” Russia. Monday Business Brief. On today's Threat Vector, ⁠Michael Heller⁠ from Unit 42 chats with security leaders ⁠Greg Conti⁠ and ⁠Tom Cross⁠ to unpack the hacker mindset and the idea of “dark capabilities”. A cyber holiday gift guide for the rest of us.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector Segment In this segment of Threat Vector, host ⁠Michael Heller⁠, Managing Editor for Cortex and Unit 42 and Executive Producer of the podcast, sits down with long-time security leaders ⁠Greg Conti⁠ and ⁠Tom Cross⁠ to unpack the hacker mindset and the idea of “dark capabilities” inside modern technology companies. You can listen to their full discussion here. Be sure to catch new episodes of Threat Vector by Palo Alto Networks every Thursday on your favorite podcast app. Selected Reading Apple, Google forced to issue emergency 0-day patches (The Register) Google links more Chinese hacking groups to React2Shell attacks (Bleeping Computer) French Interior Ministry confirms cyberattack on email servers (Bleeping Computer) Atlassian Patches Critical Apache Tika Flaw (SecurityWeek) Microsoft: December security updates cause Message Queuing failures (Bleeping Computer) 16TB of MongoDB Database Exposes 4.3 Billion Lead Gen Records (Hackread) MI6 chief warns 'front line is everywhere' and signals intent to pressure Putin (The Record) Saviynt raises $700 million in Series B growth equity financing. (The CyberWire Business Brief) Last-minute cybersecurity and privacy gifts your friends and family won't hate (This Week In Security) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.  Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of Career Notes. Chief security officer and chief information officer at Relativity, Amanda Fennell shares her story from archeology to cybersecurity. She shares the path that lead her towards becoming an archeologist and how it turned out not being exactly what she expected. She then shares how she got into the cyber business and how her past has impacted what she's doing now. She describes how she would like to be remembered in the cyber world, she says "I do hope that I left things better than I found them, not just the security of a product or a company, but I believe strongly that every person has a little cyber warrior inside of them." We thank Amanda for sharing her story. Learn more about your ad choices. Visit megaphone.fm/adchoices

Daniel Schwalbe, DomainTools Head of Investigations and CISO, is sharing their work on "Inside the Great Firewall." This two-part research project analyzes an extraordinary 500–600GB leak that exposes the internal architecture, tooling, and human ecosystem behind China's Great Firewall. Across both parts, you break down thousands of leaked documents, source code repositories, diagrams, packet captures, and telemetry that reveal how systems like the Traffic Secure Gateway, MAAT, Redis-based analytics, and modular DPI engines work together to censor, surveil, and fingerprint users at scale. Taken together, the research shows how the Great Firewall functions not just as a technical system, but as a living censorship-industrial complex that adapts, learns, and coordinates across government, telecoms, and security vendors. The research can be found here: Inside the Great Firewall Part 1: The Dump Inside the Great Firewall Part 2: Technical Infrastructure Learn more about your ad choices. Visit megaphone.fm/adchoices

A new executive order targets states' AI regulations, while the White House shifts course on an NSA deputy director pick. The UK fines LastPass over inadequate security measures. Researchers warn of active attacks against Gladinet CentreStack instances. OpenAI outlines future cybersecurity plans. MITRE ranks the top 25 vulnerabilities of 2025. CISA orders U.S. federal agencies to urgently patch a critical GeoServer vulnerability. An anti-piracy coalition shuts down one of India's most popular illegal streaming services. Our guest Mark Lance, Vice President, DFIR & Threat Intelligence, GuidePoint Security, unpacks purple team table top exercises to prepare for AI-generated attacks. Hackers set their sights on DNA. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Mark Lance, Vice President, DFIR & Threat Intelligence, GuidePoint Security, is discussing purple team table top exercises to prepare for AI-generated attacks. Selected Reading Trump Signs Executive Order to Block State AI Regulations (SecurityWeek) Announced pick for No. 2 at NSA won't get the job as another candidate surfaces (The Record) LastPass Data Breach — Insufficient Security Exposed 1.6 Million Users (Forbes) Gladinet CentreStack Flaw Exploited to Hack Organizations (SecurityWeek) OpenAI lays out its plan for major advances in AI cybersecurity features (SC Media) MITRE Releases 2025 List of Top 25 Most Dangerous Software Vulnerabilities (SecurityWeek) CISA orders feds to patch actively exploited Geoserver flaw (Bleeping Computer) MKVCinemas streaming piracy service with 142M visits shuts down (Bleeping Computer) The Unseen Threat: DNA as Malware (BankInfoSecurity) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA warns that pro-Russia hacktivist groups are targeting US critical infrastructure. Google patches three new Chrome zero-day vulnerabilities. North Korean actors exploit React2Shell to deploy a new backdoor.  Researchers claim Docker Hub secret leakage is now a systemic problem. Attackers exploit an unpatched zero-day in Gogs, the self-hosted Git service. IBM patches more than 100 vulnerabilities across its product line. Storm-0249 abuses endpoint detection and response tools. The DOJ indicts a former Accenture employee for allegedly misleading federal customers about cloud security. Our guest is Kavitha Mariappan, Chief Transformation Officer at Rubrik, talking about understanding & building resilience against identity-driven threats. A malware tutor gets schooled by the law. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today's Industry Voices segment, we are joined by Kavitha Mariappan, Chief Transformation Officer at Knowledge Partner Rubrik, talking about understanding and building resilience against identity-driven threats. Tune into Kavitha's full conversation here.  New Rubrik Research Finds Identity Resilience is Imperative as AI Wave Floods the Workplace with AI Agents (Press release) The Identity Crisis: Understanding and Building Resilience Against Identity-Driven Threats (Report)  Agentic AI and Identity Sprawl (Data Security Decoded podcast episode) Host Caleb Tolin and guest ⁠Joe Hladik⁠, Head of Rubrik Zero Labs, to unpack the findings from their the report Kavitha addresses.  Resources: Rubrik's Data Security Decoded podcast airs semi-monthly on the N2K CyberWire network with host Caleb Tolin. You can catch new episodes twice a month on Tuesdays on your favorite podcast app. Selected Reading CISA: Pro-Russia Hacktivists Target US Critical Infrastructure New cybersecurity guidance paves the way for AI in critical infrastructure | CyberScoop Google Releases Critical Chrome Security Update to Address Zero-Days - Infosecurity Magazine North Korea-linked ‘EtherRAT' backdoor used in React2Shell attacks | SC Media Thousands of Exposed Secrets Found on Docker Hub - Flare Hackers exploit unpatched Gogs zero-day to breach 700 servers IBM Patches Over 100 Vulnerabilities - SecurityWeek Ransomware IAB abuses EDR for stealthy malware execution US charges former Accenture employee with misleading feds on cloud platform's security - Nextgov/FCW Man gets jail for filming malware tutorials for syndicate; 129 Singapore victims lost S$3.2m - CNA Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Patch Tuesday. Federal prosecutors charge a Houston man with smuggling Nvidia chips to China, a Ukrainian woman for targeting critical infrastructure, and an Atlanta activist for wiping his phone. The power sector sees cyber threats doubling. The new Spiderman phishing kit slings its way across the dark web. Our guest is Dick O'Brien, Principal Intelligence Analyst from Symantec and Carbon Black Threat Hunter Team, discussing “Unwanted Gifts: Major Campaign Lures Targets with Fake Party Invites.” The Pentagon unveils a killer chatbot.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Dick O'Brien, Principal Intelligence Analyst from Symantec and Carbon Black Threat Hunter Team, is discussing “Unwanted Gifts: Major Campaign Lures Targets with Fake Party Invites." Selected Reading Microsoft Patches 57 Vulnerabilities, Three Zero-Days (SecurityWeek) Google Patches Gemini Enterprise Vulnerability Exposing Corporate Data (SecurityWeek) Adobe Patches Nearly 140 Vulnerabilities (SecurityWeek) ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Rockwell, Schneider (SecurityWeek) Fortinet Patches Critical Authentication Bypass Vulnerabilities (SecurityWeek) Smuggling Ring Charged as Trump Okays Nvidia Sales to China (Gov Infosecurity) Cybersecurity in power: supply chain most vulnerable, varying confidence in resilience (Power Technology) Spiderman Phishing Kit Targets European Banks with Real-Time Credential Theft (Hackread) Hospice Firm, Eye Care Practice Notifying 520,000 of Hacks (Bank Infosecurity) Ukrainian hacker charged with helping Russian hacktivist groups (Bleeping Computer) Man Charged for Wiping Phone Before CBP Could Search It (404 Media) Pete Hegseth Says the Pentagon's New Chatbot Will Make America 'More Lethal' (404 Media) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Organizations worldwide scramble to address the critical React2Shell vulnerability.  Major insurers look to exclude artificial intelligence risks from corporate policies. Three Chinese hacking groups converge on the same Sharepoint flaws. Ransomware crews target hypervisors. A UK hospital asks the High Court to block publication of data stolen by the Clop gang. The White House approves additional Nvidia AI chip exports to China. The ICEBlock app creator sues the feds over app store removal. The FBI warns of virtual kidnapping scams. The FTC upholds a ban on a stalkerware maker. Dave Lindner, CISO of Contrast Security, discusses nation-state adversaries targeting source code to infiltrate the government and private sector. Craigslist's founder pledges support for cybersecurity, veterans and pigeons. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest ⁠Dave Lindner⁠, CISO of ⁠Contrast Security⁠, discusses nation-state adversaries targeting source code to infiltrate the government and private sector. Selected Reading Researchers track dozens of organizations affected by React2Shell compromises tied to China's MSS (The Record) Insurers retreat from AI cover as risk of multibillion-dollar claims mounts (Financial Times) Three hacking groups, two vulnerabilities and all eyes on China (The Record) Researchers spot 700 percent increase in hypervisor ransomware attacks (The Register) UK Hospital Asks Court to Stymie Ransomware Data Leak (Bank Infosecurity) Trump says Nvidia can sell more powerful AI chips to China (The Verge) ICEBlock developer sues Trump administration over App Store removal (The Verge) New FBI alert urges vigilance on virtual kidnapping schemes (SC Media) FTC upholds ban on stalkerware founder Scott Zuckerman (TechCrunch) Craigslist founder signs the Giving Pledge, and his fortune will go to military families, fighting cyberattacks—and a pigeon rescue (Fortune) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode, host Kim Jones examines the rapid rise of enterprise AI and the tension between innovation and protection, sharing an RSA anecdote that highlights both excitement and concern. He outlines the benefits organizations hope to gain from AI while calling out often-overlooked risks like data quality, governance, and accountability. Kim is joined by technologist Tony Gauda to discuss why AI represents a fundamental shift in how systems and decisions are designed. Together, they explore AI-driven operations, cultural barriers to experimentation, and how CISOs can adopt AI responsibly without compromising security. Want more CISO Perspectives? Check out a companion ⁠⁠blog post⁠⁠ by our very own Ethan Cook, where he breaks down key insights, shares behind-the-scenes context, and highlights research that complements this episode. Learn more about your ad choices. Visit megaphone.fm/adchoices

How might Trump's new National Security Strategy impact cyber? The UK's NCSC warns LLMs may never get over prompt injection. At least 18 U.S. universities were hit by a months-long phishing campaign. Russia blocks FaceTime. A bipartisan group of senators reviving efforts to strengthen protections across the health sector. Portugal provides legal safe harbor for good-faith security research. A large-scale campaign targets Palo Alto GlobalProtect portals. A Maryland man gets 15 months in prison for his part in a North Korean IT worker scam. Business Brief. Tim Starks from CyberScoop unpacks the President's pending cybersecurity strategy release. An AI image sends UK train schedules off the rails.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Tim Starks, senior reporter  from CyberScoop, discussing President Trump's pending cybersecurity strategy release and the end of Sean Plankey's nomination process. Selected Reading National Security Strategy (The White House) The National Security Strategy: The Good, the Not So Great, and the Alarm Bells (CSIS) UK intelligence warns AI 'prompt injection' attacks might never go away (The Record) Over 70 Domains Used in Months-Long Phishing Spree Against US Universities (Hackread) Russia restricts FaceTime, its latest step in controlling online communications (AP News) Bipartisan health care cybersecurity legislation returns to address a cornucopia of issues (CyberScoop) Portugal updates cybercrime law to exempt security researchers (Bleeping Computer) New wave of VPN login attempts targets Palo Alto GlobalProtect portals (Bleeping Computer) Maryland man sentenced for N. Korea IT worker scheme involving US government contracts (The Record) ServiceNow reportedly intends to acquire Veza for more than $1 billion (N2K Pro Business Briefing) Trains cancelled over fake bridge collapse image (BBC News) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of Career Notes. Chief security strategist from Analyst1, Jon DiMaggio shares his story on how he grew to become a part of the cybersecurity world. He describes different jobs that paved the way to the knowledge he has in the industry right now, and he even shares about an experience that led him to a path that split and which decision he would make, would be crucial in his career. He explains which way he ended up going and how a critical part of his career helped to determine that path. He says "there's two paths when you have that happen, you can either let it defeat you, or you know, you come back swinging." We thank Jon for sharing his story. Learn more about your ad choices. Visit megaphone.fm/adchoices

Jaron Bradley, Director of Jamf Threat Labs, is sharing their work on "ChillyHell: A Deep Dive into a Modular macOS Backdoor." Jamf Threat Labs uncovers a newly notarized macOS backdoor called ChillyHell, tied to past UNC4487 activity and disguised as a legitimate applet. The malware showcases robust host profiling, multiple persistence mechanisms, timestomping, and flexible C2 communications over both DNS and HTTP. Its modular design includes reverse shells, payload delivery, self-updates, and a brute-force component targeting user credentials. The research can be found here: ⁠ChillyHell: A Deep Dive into a Modular macOS Backdoor Learn more about your ad choices. Visit megaphone.fm/adchoices

Chinese threat actors deploy Brickstorm malware. The critical React2Shell vulnerability is under active exploitation. Cloudflare's emergency patch triggered a brief global outage. Phishing kits pivot to fake e-commerce sites. The European Commission fines X(Twitter) €120 million for violating the Digital Services Act. Predator spyware has a new bag of tricks. A Russian physicist gets 21 years in prison for cybercrimes. Twin brothers are arrested for allegedly stealing and destroying government data. Our guest is Blair Canavan, Director of Alliances - PKI & PQC Portfolio from Thales, discussing post quantum cryptography. Smart toilet encryption claims don't hold water.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today on our Industry Voices segment, we are joined by Blair Canavan, Director of Alliances - PKI & PQC Portfolio from Thales, discussing post quantum cryptography (PQC). Listen to Blair's full conversation here. Selected Reading Chinese hackers used Brickworm malware to breach critical US infrastructure (TechRadar) React2Shell critical flaw actively exploited in China-linked attacks (BleepingComputer) Cloudflare blames today's outage on emergency React2Shell patch (Bleeping Computer) SMS Phishers Pivot to Points, Taxes, Fake Retailers (Krebs on Security) Threat Spotlight: Introducing GhostFrame, a new super stealthy phishing kit (Barracuda) EU issues €120 million fine to Elon Musk's X under rules to tackle disinformation  (The Record) Predator spyware uses new infection vector for zero-click attacks (Bleeping Computer) Russian scientist sentenced to 21 years on treason, cyber sabotage charges (The Record) Twins with hacking history charged in insider data breach affecting multiple federal agencies (Cyberscoop) ‘End-to-end encrypted' smart toilet camera is not actually end-to-end encrypted (TechCrunch)- kicker Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA staff may see pay cuts in 2026. Threat actors advertise a full chain zero-day exploit for iOS. A US-led international coalition releases joint guidance on integrating AI into operational technology. Microsoft lowers sales growth targets for its agentic AI products. A major fintech provider suffers a ransomware-linked breach. Arizona's Attorney General sues Temo over data collection practices. Lessons learned from Capita's handling of Black Basta. The UK sanctions Russia's GRU. My guest is Dave Baggett, co-founder and CEO of INKY (recently acquired by Kaseya), about the challenges of email security. A U.S. Bankruptcy Court insists on AI transparency. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, Dave Bittner speaks with Dave Baggett, co-founder and CEO of INKY (recently acquired by Kaseya), about the need to update email security that was built on a 1971 design. Selected Reading US Slashes Pay Incentives at Already Weakened Cyber Agency (Bloomberg) Zero-Day Alert: Alleged iOS 26 Full Chain Exploit for Sale (Dataminr) Principles for the Secure Integration of Artificial Intelligence in Operational Technology (CISA) Microsoft drops AI sales targets in half after salespeople miss their quotas (Ars Technica) Marketing and Compliance Software Vendor to Banks Breached (Data Breach Today) Arizona attorney general sues Chinese online retailer Temu over data theft claims (AP News) What organisations can learn from the record breaking fine over Capita's ransomware incident (DoublePulsar) UK cracks down on Russian intelligence agency authorised by Putin to target Skripals (GOV.UK) General Order 210: Filings Using Generative Artificial Intelligence (Southern District of California, United States Bankruptcy Court) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The DOJ shuts down another scam center in Myanmar. OpenAI confirms a Mixpanel data breach. A new phishing campaign targets company executives. A bipartisan bill looks to preserve the State and Local Cybersecurity Grant Program. Universities suffer Oracle EBS data breaches. India reports GPS jamming at eight major airports. Kaiser Permanente settles a class action suit over tracking pixels. The FTC plans to require a cloud provider to delete unnecessary student data. An international initiative is developing guidelines for commercial spyware. Our N2K Producer Liz Stokes speaks with Kristiina Omri, Director of Special Programs for CybExer Technologies about the cyber ranges for NATO and ESA. Iranian hackers give malware a retro reboot.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, we bring you a conversation our N2K Producer Liz Stokes and Kristiina Omri, Director of Special Programs for CybExer Technologies, had during Liz's  visit to Tallinn, Estonia about the cyber ranges for NATO and ESA. We are pleased to share that our N2K colleagues Liz Stokes and Maria Varmazis were in Tallinn, Estonia this week for the NATO Cyber Coalition 2025 Cyber Range Exercise. Their visit marks the CyberWire as the only United States podcasters invited to attend. We'll be sharing interviews and insights from the event, starting today with our producer Liz Stokes' conversation with  Kristiina Omri, Director of Special Programs for CybExer Technologies. Selected ReadingDOJ takes down Myanmar scam center website spoofing TickMill trading platform (The Record) OpenAI Confirms Mixpanel Data Breach—Was Your Data Stolen? (KnowTechie) New “Executive Award” Scam Exploits ClickFix to Deliver Stealerium Malware (GB Hackers) Hassan and Cornyn bring in bipartisan bill to keep state and local cyber grant program alive (Industrial Cyber) Penn and Phoenix Universities Disclose Data Breach After Oracle Hack (SecurityWeek) Indian government reveals GPS spoofing at eight major airports (The Register) Kaiser Permanente to Pay Up to $47.5M in Web Tracker Lawsuit (BankInfo Security) FTC settlement requires Illuminate to delete unnecessary student data (Bleeping Computer) Pall Mall Process to Define Responsible Commercial Cyber Intrusion (Infosecurity Magazine) Iran Hackers Take Inspiration From Snake Video Game (GovInfo Security) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.   Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Enjoy this episode of Cyber things from Armis. Catch the next episode on your favorite podcast app on December 15th. Welcome to Cyber Things, a special edition podcast produced in partnership by Armis and N2K CyberWire that plunges into the hidden world beneath our connected reality. Inspired by Stranger Things, we explore the digital realm's own Upside Down - a space teeming with unseen devices, silent intruders, and invisible threats that quietly impact our everyday lives. In this first episode, we tackle the core challenge of modern defense: seeing the unseen. Rebecca Cradick, VP of Global Communications at Armis, is joined by Kam Chumley-Soltani, Director of OT Solutions Engineering at Armis. They discuss what it truly takes for cybersecurity professionals to achieve full visibility and how early intelligence acts as a crucial barrier, stopping a devastating cyber storm before it breaks through the gate. Tune in now to hear how defenders are fighting back against the digital demons that lurk in the shadows. Learn more about your ad choices. Visit megaphone.fm/adchoices

ShadyPanda plays the long game. India mandates tracking software on mobile devices. Korea weighs punitive damages after a massive breach. Qualcomm patches a critical boot flaw impacting millions. OpenAI patches a Codex CLI vulnerability. Google patches Android zero-days. Cybersecurity issues prompt an FDA permanent recall for an at-home ventilator system. Switzerland questions the security of hyperscale clouds and SaaS services. One of the world's largest cyber insurers pulls back from the market. On our Threat Vector segment, ⁠David Moulton⁠ sits down with ⁠Stav Setty to unpack the Jingle Thief campaign.  In Russia, Porsches take a holiday.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector segment In today's Threat Vector segment, host ⁠David Moulton⁠, Senior Director of Thought Leadership for Unit 42, sits down with ⁠Stav Setty⁠, Principal Researcher at Palo Alto Networks, to unpack Jingle Thief a cloud-only, identity-driven campaign that turned Microsoft 365 into a gift card printing press. Stav explains how the Morocco-based group known as Atlas Lion lived off the land inside M365 for months at a time, using tailored phishing and smishing pages, URL tricks, and internal phishing to compromise one user and quietly pivot to dozens more. To listen to the full conversation on Threat Vector, listen here. You can catch new episodes of Threat Vector every Thursday on your favorite podcast app.  Selected Reading Browser extensions pushed malware to 4.3M Chrome, Edge users (The Register) India plans to verify and record every smartphone in circulation (TechCrunch) Apple to Resist India's Order to Preload Government App on iPhones (MacRumors) President orders probe into Coupang breach (The Korea Herald) Qualcomm Alerts Users to Critical Flaws That Compromise the Secure Boot Process (GB Hackers) Vulnerability in OpenAI Coding Agent Could Facilitate Attacks on Developers (SecurityWeek) Google Releases Patches for Android Zero-Day Flaws Exploited in the Wild (Infosecurity Magazine) 'Cyber Issue' Leads to FDA Recall of Baxter Respiratory Gear (GovInfoSecurity) Swiss government bans SaaS and cloud for sensitive info (The Register) Publication: Resolution on outsourcing data processing to the cloud (Privatim) Insurer Beazley Steps Back From Cyber Market as Attacks Surge (PYMNTS.com) Hundreds of Porsche Owners in Russia Unable to Start Cars After System Failure (The Moscow Times) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.  Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode, Kim Jones sits down with Eric Nagel, a former CISO with a rare blend of engineering, legal, and patent expertise, to unpack what responsible AI really looks like inside a modern enterprise. Eric breaks down the difference between traditional machine learning and generative AI, why nondeterministic outputs can be both powerful and risky, and how issues like bias, hallucinations, and data leakage demand new safeguards—including AI firewalls. He also discusses what smaller organizations can do to manage AI risk, how tools like code-generation models change expectations for developers, and the evolving regulatory landscape shaping how companies must deploy AI responsibly. Want more CISO Perspectives? Check out a companion ⁠⁠blog post⁠⁠ by our very own Ethan Cook, where he breaks down key insights, shares behind-the-scenes context, and highlights research that complements this episode. Learn more about your ad choices. Visit megaphone.fm/adchoices

European authorities take down an illegal cryptomixer. An Australian man is sentenced for running an airport evil twin WiFi campaign. Researchers unmask a Scattered LAPSUS$ Hunters impresario. CISA flags a cross-site scripting flaw in OpenPLC ScadaBR. A major South Korean retailer suffers a data breach affecting over 33 million customers. Threat actors abuse digital calendar subscription features. New York's new hospital cybersecurity mandates may raise the bar nationwide. Scammers target Cyber Monday shoppers. Monday business brief. Ann Johnson speaks with Microsoft's Amy Hogan-Burney on the Afternoon Cyber Tea segment. Google gets caught reheating someone else's holiday recipe.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, ⁠Daily Briefing⁠, and you'll never miss a beat. And be sure to follow CyberWire Daily on ⁠LinkedIn⁠. Afternoon Cyber Tea segment Afternoon Cyber Tea host Ann Johnson speaks with Amy Hogan-Burney, Corporate Vice President of Customer Trust and Security at Microsoft, about how Microsoft Is redefining global cyber defense. Ann and Amy discuss Microsoft's evolving approach to combating global cybercrime and the importance of collaboration across the private and public sectors. You can listen to their full conversation here and catch new episodes of Afternoon Cyber Tea every other Tuesday on your favorite podcast app.  Selected Reading Cryptomixer crypto laundering service taken down by law enforcement (Help Net Security) Man behind in-flight Evil Twin WiFi attacks gets 7 years in prison (Bleeping Computer) Meet Rey, the Admin of ‘Scattered Lapsus$ Hunters' (Krebs on Security) U.S. CISA adds an OpenPLC ScadaBR flaw to its Known Exploited Vulnerabilities catalog (Security Affairs) Data breach hits 'South Korea's Amazon,' potentially affecting 65% of country's population (The Record) Threat Actors Exploit Calendar Subscriptions for Phishing and Malware (Infosecurity Magazine) New York Hospital Cyber Rules to 'Raise the Bar' Nationwide (GovInfo Security) Over 2,000 Fake Shopping Sites Spotted Before Cyber Monday (Hackread) Guardio secures $80 million in new funding. (N2K Pro Business Briefing) Google deletes X post after getting caught using a ‘stolen' AI recipe infographic (Bleeping Computer) Share your feedback.What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.   Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Join us for a timely and insightful live discussion on the evolving role of artificial intelligence in governance, risk, and compliance. Host Dave Bittner from N2K | CyberWire is joined by Kayne McGladrey from Hyperproof, Matthew Cassidy, PMP, CISA from Grant Thornton (US), and Alam Ali from Hyperproof to explore the current state of artificial intelligence in governance, risk, and compliance. The panel will discuss what AI is truly doing well today, the risks and challenges organizations need to watch for, and how AI is poised to influence the future of GRC. They will also share practical insights and real-world guidance for teams looking to adopt AI responsibly and effectively. Don't miss this timely conversation as our experts break down what's real, what's risky, and what's next in AI for GRC. Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of Career Notes. Operational technology cybersecurity strategist from Nozomi Networks, Danielle Jablanski shares her story of building a target map to end up where she is today. She shares how she started in college and how different paths in life got her to be on the target of success where she is today. She says " you build out that kind of target of where you want to be, and understand that getting to that point might mean doing things you don't enjoy for a number of years, but figuring that out is another way to get to that target without having like a clear bullseye" She goes on to explain how this target map is helping her to create real change and ultimately makes an impact. We thank Danielle for sharing her story. Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of Research Saturday. This week, we are joined by ⁠Michael Gorelik⁠, Chief Technology Officer from ⁠Morphisec⁠, discussing their work on "New Noodlophile Stealer Distributes Via Fake AI Video Generation Platforms." A new threat dubbed Noodlophile Stealer is exploiting the popularity of AI-powered content tools by posing as fake AI video generation platforms, luring users into uploading media in exchange for malware-laced downloads. Distributed through convincing Facebook groups and viral campaigns, the malware steals browser credentials, cryptocurrency wallets, and can deploy a remote access trojan like XWorm. The campaign uses a layered, obfuscated delivery chain disguised as legitimate video editing software, making it both deceptive and difficult to detect. The research can be found here: ⁠⁠⁠New Noodlophile Stealer Distributes Via Fake AI Video Generation Platforms Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of Only Malware in the Building. Welcome in! You've entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today's most interesting threats. Your host is ⁠⁠⁠⁠⁠Selena Larson⁠⁠⁠⁠⁠, ⁠⁠⁠⁠⁠Proofpoint⁠⁠⁠⁠⁠ intelligence analyst and host of their podcast ⁠⁠⁠⁠⁠DISCARDED⁠⁠⁠⁠⁠. Inspired by the residents of a building in New York's exclusive upper west side, Selena is joined by her co-hosts ⁠⁠⁠⁠⁠N2K Networks⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠ and ⁠⁠⁠⁠Keith Mularski⁠⁠⁠⁠, former FBI cybercrime investigator and now Chief Global Ambassador at ⁠⁠⁠⁠Qintel⁠⁠⁠⁠. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we explore what makes information sharing actually work. From public-private partnerships to actionable intelligence, our guests discuss how organizations can prioritize, process, and operationalize shared cyber threat data to stay ahead of emerging risks. Plus, catch Dave, Selena, and Keith on their road trip adventure in our video on ⁠⁠YouTube⁠⁠ — full of laughs, unexpected detours, and plenty of sleuthing! Learn more about your ad choices. Visit megaphone.fm/adchoices

We dive into a nostalgic yet revealing journey through classic hacker films, from WarGames to The Net and beyond, to assess what they got right, what they wildly imagined, and what those stories say about culture, fears, and cyber reality today. David Moulton, Senior Director of Thought Leadership for Unit 42  talks with Ben Hasskamp, Global Content Leader at Palo Alto Networks, who has been writing deeply on this intersection of media, tech, and risk. Together, we'll examine how cinematic depictions of hacking have shaped public perception, influenced policy, and sometimes eerily foreshadowed modern cyber threats. Expect a blend of film critique, security insight, and cultural reflection. Join the conversation on our social media channels: Website:⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠https://www.paloaltonetworks.com/⁠⁠⁠⁠⁠⁠ Threat Research:⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠https://unit42.paloaltonetworks.com/⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Facebook:⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠https://www.facebook.com/LifeatPaloAltoNetworks/⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ LinkedIn:⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠https://www.linkedin.com/company/unit42/⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ YouTube:⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@paloaltonetworks⁠⁠⁠⁠⁠ Twitter:⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/PaloAltoNtwks⁠⁠⁠⁠⁠⁠⁠⁠⁠ About Threat Vector Threat Vector by Palo Alto Networks is your premier podcast for security thought leadership. Join us as we explore pressing cybersecurity threats, robust protection strategies, and the latest industry trends. The podcast features in-depth discussions with industry leaders, Palo Alto Networks experts, and customers, providing crucial insights for security decision-makers. Whether you're looking to stay ahead of the curve with innovative solutions or understand the evolving cybersecurity landscape, Threat Vector equips you with the knowledge needed to safeguard your organization. Palo Alto Networks Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile.⁠⁠⁠⁠⁠⁠ ⁠http://paloaltonetworks.com.⁠ Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of T-Minus Deep Space. BigBear.ai is at the forefront of innovation for national security, and is committed to supporting the critical infrastructure driving America's competitive edge. The company deploys cutting-edge Al, machine learning, and computer vision solutions to defend critical operations and win with decision advantage. Our guests are ⁠Eric Conway,⁠ Vice President of Technology, and ⁠Joe Davis⁠, Cybersecurity Research Scientist  at ⁠Bigbear.ai.⁠  Remember to leave us a 5-star rating and review in your favorite podcast app. Be sure to follow T-Minus on ⁠LinkedIn⁠ and ⁠Instagram⁠. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our ⁠media kit⁠. Contact us at ⁠space@n2k.com⁠ to request more info. Want to join us for an interview? Please send your pitch to ⁠space-editor@n2k.com⁠ and include your name, affiliation, and topic proposal. T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Report sheds light on cyber activity targeting space-related organizations during the Gaza War. Russian threat actor targets US civil engineering firm. FBI says $262 million has been stolen in account takeover scams this year. HashJack attack tricks AI browser assistants. London councils disrupted by cyberattacks. Russia's Gamaredon and North Korea's Lazarus Group appear to be sharing infrastructure. Canon says subsidiary was breached by Oracle EBS flaw. Dave Bittner was joined by Cynthia Kaiser, SVP of the Ransomware Research Center at Halcyon, sharing a deep dive on Akira ransomware. And Campbell's Soup CISO placed on leave following lawsuit. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Dave Bittner was joined by Cynthia Kaiser, SVP of the Ransomware Research Center at Halcyon, sharing a deep dive on Akira ransomware. Learn more on Halcyon's threat actor profile of Akira, and how they fit into their latest Malicious Quartile Report. Selected Reading New Report Warns Space Sector Faces Rising Cyber Threats Amid Modern Conflicts (Orbital Today)  Russian RomCom Utilizing SocGholish to Deliver Mythic Agent to U.S. Companies Supporting Ukraine (Arctic Wolf) FBI says $262 million has been stolen in account takeover scams this year (IC3) HashJack – Novel Indirect Prompt Injection Against AI Browser Assistants (Cato Networks) Multiple London councils 'hit by cyber-attacks' (BBC) London Cyberattacks Confirmed — Security Experts Issue Multiple Warnings (Forbes) Russian and North Korean Hackers Forge Global Cyberattack Alliance (GB Hackers) Canon Allegedly Breached by Clop Ransomware via Oracle E-Business Suite 0-Day Hack (Cyber Security News)   A Campbell Soup VP is on leave after secret recording appears to show him mocking 'poor' customers, '3D-printed chicken' (Business Insider) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA warns of spyware targeting messaging apps. CodeRED, this is not a test. Infostealer campaign spreads via malicious Blender files. Shai-Hulud's second coming. Real estate finance firm SitusAMC investigates breach. Dartmouth College discloses Oracle EBS breach. Dave Bittner is joined by Tim Starks, Senior reporter from CyberScoop, to discuss the Trump administration's upcoming cyber strategy. And tis the season for deals — and digital deception. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Dave Bittner is joined by Tim Starks, Senior reporter from CyberScoop, to discuss the Trump administration's upcoming cyber strategy. Read Tim's piece on the topic “Completed draft of cyber strategy emphasizes imposing costs, industry partnership”. Selected Reading ​​Spyware Allows Cyber Threat Actors to Target Users of Messaging Applications​ (CISA) CodeRED cyber attack leaves emergency notification system down, exposes user data (First Alert 4) Morphisec Thwarts Russian-Linked StealC V2 Campaign Targeting Blender Users via Malicious .blend Files (Morphisec) Shai-Hulud's Second Coming: NPM Malware Attack Evolved (Checkmarx) SitusAMC confirms breach of client data after cyberattack (The Register) Clop's Oracle EBS rampage reaches Dartmouth College (The Register) 2025 Retail Holiday Threat Report: Scams and Impersonation Attacks Targeting Retailers (BforeAI) The data privacy costs of Black Friday bargains: 100 Black Friday apps analyzed (Comparitech) 2025 Ransomware Holiday Risk Report (Semperis) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this mid-season episode, Kim takes a step back to reflect on the conversations he has had so far. During the episode, Kim sits down with N2K's own Ethan Cook to connect the dots across episodes, diving into how new technologies are impacting longstanding challenges, both from a security standpoint and from an attacker's view. Whether you're catching up or tuning in weekly, this episode offers a thoughtful recap and fresh perspective on where we've been—and what's still to come. Learn more about your ad choices. Visit megaphone.fm/adchoices

CrowdStrike fires an insider who allegedly shared screenshots with hackers. Google agrees, it wasn't Salesforce. Cox Enterprises confirms Oracle EBS breach. Alleged Transport for London hackers plead not guilty. Hackers exploit new WSUS bug to deploy ShadowPad backdoor. Iberia discloses breach of customer data. Harvard discloses voice-phishing breach exposing alumni and donor data. We have our Monday Business Briefing. Our guest today is Brandon Karpf, friend of the show discussing maritime GPS jamming and spoofing. And the launderers who wanted a bank for Christmas. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Brandon Karpf, friend of the show discussing maritime GPS jamming and spoofing. Selected Reading CrowdStrike fires 'suspicious insider' who passed information to hackers (TechCrunch) Google says hackers stole data from 200 companies following Gainsight breach (TechCrunch) Cox Confirms Oracle EBS Hack as Cybercriminals Name 100 Alleged Victims (SecurityWeek) Teens plead not guilty over TfL cyber-attack (BBC) Attackers deliver ShadowPad via newly patched WSUS RCE bug (Security Affairs)  Iberia discloses customer data leak after vendor security breach (Bleeping Computer)  Harvard University discloses data breach affecting alumni, donors (Bleeping Computer)  Doppel secures $70 million in a Series C round. (N2K Pro Business Briefing)  Russia-linked crooks bought a bank for Christmas to launder cyber loot (The Register) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The new Netflix movie A House of Dynamite, chronicles what happens when the unthinkable unfolds. How realistic is it? We ask the movie's advisor and expert, Lieutenant General Daniel Karbler (Ret.). Remember to leave us a 5-star rating and review in your favorite podcast app. Be sure to follow T-Minus on LinkedIn and Instagram. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at space@n2k.com to request more info. Want to join us for an interview? Please send your pitch to space-editor@n2k.com and include your name, affiliation, and topic proposal. T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of Career Notes. Co-founder and CTO of Virsec, Satya Gupta shares his story of how he has over 25 years of expertise in embedded systems, network security and systems architecture. He also talks about how a colleague of his told him something that resinated with him, he said " that was really a remarkable statement that I heard from that person. You rise to the point where you can actually contribute." He also discusses how he got into the startup atmosphere and how different scenarios in his life helped to lead him to the successful man he has become in the cyber community. We thank Satya for sharing his story. Learn more about your ad choices. Visit megaphone.fm/adchoices

On this Special Edition podcast, we share a panel from DataTribe's Cyber Innovation Day 2025, "Cyber: The Wake of Tech Innovation." The podcast tech host panel included Dave Bittner, host of  CyberWire Daily podcast, Maria Varmazis, host of T-Minus Space Daily podcast, and Daniel Whitenack, co-host of Practical AI podcast, sharing a wide-ranging discussion. Together, Dave, Maria and Dan examine the intersection of frontier innovation and cyber innovation through the lens of cyber, space, and AI. Learn more about your ad choices. Visit megaphone.fm/adchoices

Alex Berninger, Senior Manager of Intelligence at Red Canary, and Mike Wylie, Director, Threat Hunting at Zscaler, join to discuss four phishing lures in campaigns dropping RMM tools. Red Canary and Zscaler uncovered phishing campaigns delivering legitimate remote monitoring and management (RMM) tools—like ITarian, PDQ, SimpleHelp, and Atera—to gain stealthy access to victim systems. Attackers used four main lures (fake browser updates, meeting invites, party invitations, and fake government forms) and often deployed multiple RMM tools in quick succession to establish persistent access and deliver additional malware. The report highlights detection opportunities, provides indicators of compromise, and stresses the importance of monitoring authorized RMM usage, scrutinizing trusted services like Cloudflare R2, and enforcing strict network and endpoint controls. The research can be found here: You're invited: Four phishing lures in campaigns dropping RMM tools Learn more about your ad choices. Visit megaphone.fm/adchoices

Cyber Command names a new head of AI. The UK introduces its long-delayed Cyber Security and Resilience Bill. Researchers highlight a critical Oracle Identity Manager flaw. Salesforce warns customers of a third-party data breach. Italy's state-owned railway operator leaks sensitive information. SonicWall patches firewalls and email security devices. The US charges four individuals with conspiring to illegally export restricted Nvidia AI chips to China. The SEC drops its lawsuit against SolarWinds. NSO group claims a permanent injunction could cause irreparable and potentially existential harm. Maria Varmazis of the T-Minus Space Daily show sits down with General Daniel Karbler (Ret.) to discuss his consulting work for A House of Dynamite, the newly released Netflix film. Roses are red, violets are blue, this poem just jailbroke your AI too. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Maria Varmazis of the T-Minus Space Daily show sits down with Lt. General Daniel Karbler (Ret.) to discuss his consulting work for A House of Dynamite, the newly released Netflix film. This is an excerpt of T-Minus Deep Space airing tomorrow in all of your favorite podcast app. Selected Reading Cyber Command Taps Reid Novotny as New AI Chief (MeriTalk) UK's New Cybersecurity Bill Takes Aim at Ransomware Gangs and State-Backed Hackers (Fortra) Critical Oracle Identity Manager Flaw Possibly Exploited as Zero-Day (SecurityWeek) Salesforce alerts customers of data breach traced to a supply chain partner (CXOtoday) Massive data leak hits Italian railway operator Ferrovie dello Stato via Almaviva hack (Security Affairs) SonicWall Patches High-Severity Flaws in Firewalls, Email Security Appliance (SecurityWeek) Four charged with plotting to sneak Nvidia chips into China (The Register) SEC voluntarily dismisses SolarWinds lawsuit (The Record) NSO Group argues WhatsApp injunction threatens existence, future U.S. government work (CyberScoop) Adversarial Poetry as a Universal Single-Turn Jailbreak Mechanism in Large Language Models (Arxiv) Freesound Music Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this special episode of Threat Vector, host David Moulton, Senior Director of Thought Leadership for Unit 42, sits down with Stav Setty, Principal Researcher at Palo Alto Networks, to unpack Jingle Thief a cloud-only, identity-driven campaign that turned Microsoft 365 into a gift card printing press. Stav explains how the Morocco based group known as Atlas Lion lived off the land inside M365 for months at a time, using tailored phishing and smishing pages, URL tricks, and internal phishing to compromise one user and quietly pivot to dozens more. Together, David and Stav walk through how the attackers abused legitimate identity features like device registration, MFA resets, inbox forwarding rules, and ServiceNow style access requests to blend into normal business workflows and monetize “digital cash” in the form of gift cards. They dig into why MFA alone is not safety, why identity is now the real perimeter, and how behavioral analytics, UEBA, and ITDR can piece together small signals into a clear story of compromise. You'll come away with practical steps to harden identity posture, spot early warning signs in cloud environments, and protect high value systems where trust can be turned directly into profit. To go deeper on this campaign and the Atlas Lion threat actor, read the Unit 42 article Jingle Thief Inside a Cloud-Based Gift Card Fraud Campaign at https://unit42.paloaltonetworks.com/cloud-based-gift-card-fraud-campaign/ Join the conversation on our social media channels: Website:⁠⁠⁠⁠⁠ ⁠⁠⁠⁠https://www.paloaltonetworks.com/⁠⁠⁠⁠⁠ Threat Research:⁠⁠⁠⁠⁠ ⁠⁠⁠⁠https://unit42.paloaltonetworks.com/⁠⁠⁠⁠⁠⁠⁠⁠⁠ Facebook:⁠⁠⁠⁠⁠ ⁠⁠⁠⁠https://www.facebook.com/LifeatPaloAltoNetworks/⁠⁠⁠⁠⁠⁠⁠⁠⁠ LinkedIn:⁠⁠⁠⁠⁠ ⁠⁠⁠⁠https://www.linkedin.com/company/unit42/⁠⁠⁠⁠⁠⁠⁠⁠⁠ YouTube:⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠@paloaltonetworks⁠⁠⁠⁠ Twitter:⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/PaloAltoNtwks⁠⁠⁠⁠⁠⁠⁠⁠ About Threat Vector Threat Vector by Palo Alto Networks is your premier podcast for security thought leadership. Join us as we explore pressing cybersecurity threats, robust protection strategies, and the latest industry trends. The podcast features in-depth discussions with industry leaders, Palo Alto Networks experts, and customers, providing crucial insights for security decision-makers. Whether you're looking to stay ahead of the curve with innovative solutions or understand the evolving cybersecurity landscape, Threat Vector equips you with the knowledge needed to safeguard your organization. Palo Alto Networks Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile.⁠⁠⁠⁠⁠ ⁠http://paloaltonetworks.com.⁠ Learn more about your ad choices. Visit megaphone.fm/adchoices

The US and allies sanction Russian bulletproof hosting providers. The White House looks to sue states over AI regulations. The US Border Patrol flags citizens' “suspicious” travel patterns. Lawmakers seek to strengthen the SEC's cybersecurity posture. A new Android banking trojan captures content from end-to-end encrypted apps. A hidden browser API raises security concerns. Fortinet patches a zero-day. A Philippine former mayor gets life in prison for scam center human trafficking. Our guest is Cliff Crosland, CEO and Co-founder at Scanner.dev, discussing why security data lakes are ideal for AI in the SOC. Green energy gets hijacked for a blockchain side-hustle.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, we are joined by Cliff Crosland, CEO and Co-founder at Scanner.dev, discussing why security data lakes are ideal for AI in the SOC. Listen to Cliff's full conversation here. Selected Reading Russian bulletproof hosting provider sanctioned over ransomware ties (Bleeping Computer) White House drafts order directing Justice Department to sue states that pass AI regulations (Washington Post) Border Patrol is monitoring US drivers and detaining those with 'suspicious' travel patterns (Associated Press) Lawmakers reintroduce bill to bolster cybersecurity at Securities and Exchange Commission (The Record) Multi-threat Android malware Sturnus steals Signal, WhatsApp messages (Bleeping Computer) Hidden API in Comet AI browser raises security red flags for enterprises (CSO Online) Eternidade Stealer Trojan Fuels Aggressive Brazil Cybercrime (Infosecurity Magazine) Fortinet Patches Actively Exploited FortiWeb Zero Day Flaw (HIPAA Journal) Ex-Philippine mayor Alice Guo given life sentence for human trafficking (Reuters) Wind farm worker sentenced after turning turbines into a secret crypto mine (Bitdefender) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Cloudflare's outage is rooted in an internal configuration error. The Trump administration is preparing a new national cyber strategy. CISA gives federal agencies a week to secure a new Fortinet flaw. MI5 warns that China is using LinkedIn headhunters and covert operatives to target lawmakers. Experts question the national security risks of TP-Link routers. The China-aligned PlushDaemon threat group hijacks software updates. Researchers discover WhatsApp's entire global member directory accessible online without protection. LG Energy Solution confirms a ransomware attack. ShinySp1d3r makes its debut. Rotem Tsadok, Director of Security Operations and Forensics at Varonis, is sharing lessons learned from thousands of forensics investigations. A judge says Google's claims to water use secrecy are all wet.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, we are joined by Rotem Tsadok, Director of Security Operations and Forensics at Varonis, sharing lessons learned from thousands of forensics investigations. Listen to Rotem's full conversation here. Selected Reading Cloudflare blames this week's massive outage on database issues (Bleeping Computer) National cyber strategy will include focus on ‘shaping adversary behavior,' White House official says (The Record) CISA gives govt agencies 7 days to patch new Fortinet flaw (Bleeping Computer) Chinese Spies Are Using LinkedIn to Target U.K. Lawmakers, MI5 Warns (The New York Times) No evidence that TP-Link routers are a Chinese security threat (CSO Online) PlushDaemon compromises network devices for adversary-in-the-middle attacks (welivesecurity) 3.5 Billion Accounts: Complete WhatsApp Directory Retrieved and Evaluated (heise online) LG Energy Solution reports ransomware attack, hackers claim theft of 1.7 terabytes of data (beyondmachines) Meet ShinySp1d3r: New Ransomware-as-a-Service created by ShinyHunters (Bleeping Computer) Google Strives To Keep Data Center Water Use Secret After Judge Orders Records Released (Roanoke Rambler) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Cloudflare suffers a major outage. Google issues an emergency Chrome update. Logitech discloses a data breach. CISA plans a major hiring push. The House renews the State and Local Cybersecurity Grant Program. The GAO warns military personnel are oversharing online. Tech groups urge governments worldwide to reject proposals that weaken or bypass encryption. Australian authorities blame outdated software for the death of a telecom customer. An alleged Void Blizzard hacker faces extradition to the US. Our guest is Kevin Kennedy from ManTech discussing the future battlefield and the importance of integrating non-kinetic effects. AI meets the IRS. What could possibly go wrong? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, we are joined by ⁠Kevin Kennedy⁠ from ⁠ManTech⁠ discussing the future battlefield and the importance of integrating non-kinetic effects. You can hear Kevin's full conversation here. Selected Reading Cloudflare outage causes error messages across the internet (The Guardian) Google releases emergency Chrome update to patch actively exploited vulnerability (Beyond Machines) Logitech discloses data breach after Clop claims (The Record) CISA, eyeing China, plans hiring spree to rebuild its depleted ranks (Cybersecurity Dive) Full renewal of state and local cyber grants program passes in House (The Record) Pentagon and soldiers let too many secrets slip on socials (The Register) Dozens of groups call for governments to protect encryption (CyberScoop) Australia's TPG Telecom links customer's death to outdated Samsung phone (Reuters) Alleged Void Blizzard hacker arrested in Thailand (SC Media) Intuit signs $100M+ deal with OpenAI to bring its apps to ChatGPT (TechCrunch) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Managing identity has been an evolving challenge as networks have only continued to grow and become more sophisticated. In this current landscape, these challenges have only become further exacerbated with new emerging technologies. In this episode of CISO Perspectives, host ⁠Kim Jones⁠ sits down with Richard Bird from Singular AI to discuss this evolving paradigm. Throughout this conversation, Kim and Richard tackle how managing identity has evolved and how security leaders can get ahead of AI to better secure their systems and networks. Want more CISO Perspectives? Check out a companion ⁠⁠blog post⁠⁠ by our very own Ethan Cook, where he breaks down key insights, shares behind-the-scenes context, and highlights research that complements this episode. Learn more about your ad choices. Visit megaphone.fm/adchoices

The Pentagon is spending millions on AI hacking. The New York Times investigates illicit crypto funds. Researchers uncover widespread remote code execution flaws in AI inference engines. Police in India arrest CCTV hackers. Payroll Pirates use Google Ads to steal credentials and redirect salaries. A  large-scale brand impersonation campaign delivers Gh0st RAT to Chinese-speaking users.A bitcoin mining company CEO gets scammed. Monday biz brief. On our Industry Voices segment with our Knowledge Partner SpecterOps, Chief Technology Officer Jared Atkinson is discussing Attack Path Management: Identities in Transit. Bitcoin big wigs learn to bite through plastic. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment with our Knowledge Partner SpecterOps, Chief Technology Officer Jared Atkinson is discussing Attack Path Management: Identities in Transit. Hear more from Jared here. Cyber Things podcast Something strange has landed in all the cool podcast apps… Cyber Things is a new three-part series from Armis that decodes real-world cyber threats through the lens of a certain Hawkins-based sci-fi phenomenon. Just in time for the show's final season, Rebecca Cradick leads us through a world where fiction meets cybersecurity. Because sometimes the scariest villains aren't in the Upside Down — they're online. You can check out Cyber Things on your favorite podcast app and on our website. On the site, you will find the trailer and Episode 1: The Unseen World available today! Selected Reading The Pentagon Is Spending Millions On AI Hacking From Startup Twenty (Forbes) The Crypto Industry's $28 Billion in ‘Dirty Money' (The New York Times) The Coin Laundry, a global cryptocurrency investigation (International Consortium of Investigative Journalism) "ShadowMQ" exploit pattern reported in major AI frameworks, enables remote code execution (Beyond Machines) Gujarat: Hackers steal maternity ward CCTV videos in India cybercrime racket (BBC News) Payroll Pirates: One Network, Hundreds of Targets (Check Point) Digital Doppelgangers: Anatomy of Evolving Impersonation Campaigns Distributing Gh0st RAT (Unit 42, Palo Alto Networks) Inside a Wild Bitcoin Heist: Five-Star Hotels, Cash-Stuffed Envelopes, and Vanishing Funds (WIRED) UK prosecutors seize £4.11M in crypto from Twitter mega-hack culprit (The Register) Tenzai emerges from stealth with $75 million in seed funding led by Greylock Partners.  (N2K Pro) How to Not Get Kidnapped for Your Bitcoin (The New York Times) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of Career Notes. Founder and general partner of Rain Capital, Chenxi shares her story and how she conquered and got over the obstacle of fear to reach her goals in life. " I realized a lot of times my obstacle is my own fear rather than a real obstacle" Wang states, she also shares her story of breaking glass ceilings as a female founder and working in the field of cybersecurity. She hopes to be remembered for being a kind person and developing her own venture fund, as she shares her story to the top, she states what she does and how she got to be where she is today. We thank Chenxi for sharing her story. Learn more about your ad choices. Visit megaphone.fm/adchoices

Dr. Renée Burton, Vice President of Threat Intelligence from Infoblox, is sharing the team's work on "Deniability by Design: DNS-Driven Insights into a Malicious Ad Network." Infoblox returns with new threat actor research uncovering Vane Viper, a Cyprus-based holding company behind PropellerAds—one of the world's largest advertising networks. The report reveals that Vane Viper isn't just being exploited by criminals but operates as a criminal infrastructure itself, built to profit from fraud, malware, and disinformation through offshore entities and complex ownership structures. The findings highlight the growing convergence between adtech, cybercrime, and state-linked influence operations, suggesting that elements of the global digital advertising ecosystem are now functioning as infrastructure for large-scale cyber and disinformation campaigns. The research can be found here: Deniability by Design: DNS-Driven Insights intoa Malicious Ad Network Learn more about your ad choices. Visit megaphone.fm/adchoices