The CyberWire

Please enjoy this encore of CISO Perspectives. In the season finale of CISOP, Kim Jones is joined by N2K's own Ethan Cook to reflect on the conversations that shaped this season. Together, they revisit standout moments from Kim's interviews, unpacking their significance and getting Ethan's fresh perspective on the cybersecurity workforce challenge—as someone viewing the industry from the outside. Since the mid-season reflection, Kim has explored a wide range of workforce issues, including skills mapping, talent identification, and the evolving strategies needed to close cybersecurity's talent gap. Survey: We want to hear your perspectives on this season, fill out our audience survey before August 31st. Learn more about your ad choices. Visit megaphone.fm/adchoices

Ivanti zero-days trigger emergency warnings around the globe. Singapore blames a China-linked spy crew for hitting all four major telcos. DHS opens a privacy probe into ICE surveillance. Researchers flag a zero-click RCE lurking in LLM workflows. Ransomware knocks local government payment systems offline in Florida and Texas. Chrome extensions get nosy with your URLs. BeyondTrust scrambles to patch a critical RCE. A Polish data breach suspect is caught eight years later. It's the Monday Business Breakdown. Ben Yelin gives us the 101 on subpoenas. And federal prosecutors say two Connecticut men bet big on fraud, and lost. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Ben Yelin, Program Director for Public Policy & External Affairs at the University of Maryland Center for Cyber Health and Hazard Strategies, talking about weaponized administrative subpoenas. Selected Reading EU, Dutch government announce hacks following Ivanti zero-days (The Record) Singapore says China-linked hackers targeted telecom providers in major spying campaign (The Record) Inspector General Investigating Whether ICE's Surveillance Tech Breaks the Law (404 Media) Critical 0-Click RCE Vulnerability in Claude Desktop Extensions Exposes 10,000+ Users to Remote Attacks (Cyber Security News)  Payment tech provider for Texas, Florida governments working with FBI to resolve ransomware attack (The Record) Chrome extensions can use unfixable time-channel to leak tab URLs (CyberInsider) BeyondTrust warns of critical RCE flaw in remote support software (Bleeping Computer) Hacker Poland's largest data leaks arrested (TVP World) LevelBlue will acquire MDR provider Alert Logic from Fortra. (N2K Pro Business Briefing) Men charged in FanDuel scheme fueled by thousands of stolen identities (Bleeping Computer) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Simone Petrella, CEO of cybersecurity training workforce firm CyberVista, spent her career in the Department of Defense as a threat intelligence analyst before founding CyberVista. She says that running a company has a new set of challenges each day thrown at you. She explains that the way she finds the most success is by letting her team contribute to each matter, and having a say in the decisions made as they pertain to each department. Simone says "I would say is I am a firm firm believer in the idea of empowering people to really own and kind of run with the things that they're passionate about." She notes that people will do amazing things when they are passionate and that faking it until you make it is true, because you will get where you're going by having that passion and that inspiration. We thank Simone for sharing her story. Learn more about your ad choices. Visit megaphone.fm/adchoices

Piotr Wojtyla, Head of Threat Intel and Platform at Abnormal AI, is discussing their work on "InboxPrime AI: New Phishing Kit Fueling Scalable, AI-Powered Cybercrime." A new AI-powered phishing kit called InboxPrime AI is rapidly gaining traction in underground forums, automating the creation and delivery of highly believable phishing emails that mimic legitimate business communications and leverage Gmail's web interface to evade detection. First spotted in October 2025, the kit combines AI-generated content, template variation, sender identity spoofing, and built-in spam checks to maximize inbox placement and dramatically lower the barrier to running large-scale phishing campaigns. Its shift to a one-time $1,000 purchase and growing user base underscore the industrialization of phishing and highlight how quickly AI-driven attack tools are outpacing legacy email defenses. The research can be found here: ⁠⁠⁠InboxPrime AI: New Phishing Kit Fueling Scalable, AI-Powered Cybercrime Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA cracks down on aging edge devices. Congress looks to sure up energy sector security. DHS facial recognition software may fall short. Romania's national oil pipeline operator suffers a cyberattack. The European Commission may fine TikTok for being addictive. DKnife is a China-linked threat actor operating a long-running adversary-in-the-middle framework. Researchers say OpenClaw is being abused at scale. Our guest is Mike Carr, Field CTO at Xona, talking about how Italy should be thinking about protecting the 2026 Winter Olympics. A BASE jumper attempts a daring AI alibi. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Mike Carr, Field CTO at Xona, talking about how Italy should be thinking about protecting the 2026 Winter Olympics. Selected Reading CISA: Remove EOL edge kit before cybercriminals strike (The Register) 5 Bills to Boost Energy Sector Cyber Defenses Clear House Panel (SecurityWeek) ICE and CBP's Face-Recognition App Can't Actually Verify Who People Are (WIRED) Romania's oil pipeline operator confirms cyberattack as hackers claim data theft (The Record)  Flickr discloses potential data breach exposing users' names, emails (Bleeping Computer) 17% of 3rd-Party Add-Ons for OpenClaw Used in Crypto Theft and macOS Malware (Hackread) EU says TikTok faces large fine over "addictive design" (Bleeping Computer) 'DKnife' Implant Used by Chinese Threat Actor for Adversary-in-the-Middle Attacks (SecurityWeek) All gas, no brakes: Time to come to AI church (Talos Intelligence)  Man who videotaped himself BASE jumping in Yosemite arrested, federal officials say. He says it was AI (LA Times) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Cyber weapons knock out Iranian air defenses during strikes on nuclear sites. ShinyHunters dump more than a million stolen records from Harvard and Penn. Betterment confirms a breach exposing data from roughly 1.4 million accounts. Researchers uncover a sprawling scam network impersonating law firms. Italy blocks cyberattacks aimed at Olympics infrastructure. Critical bugs put n8n and Google Looker servers at risk of full takeover. A state-backed Shadow Campaign hits governments worldwide. OpenClaw shows how AI-powered attacks are becoming faster, cheaper, and harder to stop. Our guest is Tony Scott, CEO of Intrusion and former federal CIO, sharing his perspective on evolving regulation and the realities behind critical policy shifts. Your smartphone may testify against you. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest today comes as a segment from our Caveat podcast. Tony Scott, CEO of Intrusion and former federal CIO, joins Dave Bittner to share his perspective on evolving regulation and the realities behind critical policy shifts. You can listen to Tony and Dave's full conversation on this week's episode of Caveat, and catch new episodes of Caveat every Thursday on your favorite podcast app. Selected Reading Exclusive: US used cyber weapons to disrupt Iranian air defenses during 2025 strikes (The Record) Personal data stolen during Harvard and UPenn data breaches leaked online - over a million details, including emails, home addresses and more, all published (TechRadar) Data breach at fintech firm Betterment exposes 1.4 million accounts (Bleeping Computer) Researchers Expose Network of 150 Cloned Law Firm Websites in AI-Powered Scam Campaign (SecurityWeek) Italy Averted Russian-Linked Cyberattacks Targeting Winter Olympics Websites, Foreign Minister Says (SecurityWeek) n8n security woes roll on as new critical flaws bypass December fix (The Register) LookOut: Discovering RCE and Internal Access on Looker (Google Cloud & On-Prem) (Tenable) Cyberspy Group Hacked Governments and Critical Infrastructure in 37 Countries (SecurityWeek) The Rise of OpenClaw (SECURITY.COM) Smartphones Now Involved in Nearly Every Police Investigation (Infosecurity Magazine) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The White House preps a major overhaul of U.S. cybersecurity policy. A key Commerce security office loses staff as regulatory guardrails weaken. Lawmakers Press AT&T and Verizon after months of silence on Salt Typhoon. A vulnerability in the React Native Metro development server is under active exploitation. Amaranth Dragon leverages a WinRAR flaw. A coordinated reconnaissance campaign targets Citrix NetScaler infrastructure. CISA warns a SolarWinds Web Help Desk flaw is under active exploitation. Zach Edwards, Senior Threat Researcher at Silent Push, is discussing a hole in the kill chain leaving law enforcement empty-handed. Cops in Northern Ireland get an unwanted data breach encore.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Zach Edwards, Senior Threat Researcher at Silent Push, discussing a hole in the kill chain leaving law enforcement empty-handed. You can read more from Zach's team here. Selected Reading White House Cyber Director Charts New Course for Digital Defense Through Private Sector Partnership (Web Pro News) Another Misstep in U.S.-China Tech Security Policy (Lawfare) Cantwell claims telecoms blocked release of Salt Typhoon report (Cyberscoop) Hackers exploit critical React Native Metro bug to breach dev systems (Bleeping Computer) New Amaranth Dragon cyberespionage group exploits WinRAR flaw (Bleeping Computer) Wave of Citrix NetScaler scans use thousands of residential proxies (Bleeping Computer) Fresh SolarWinds Vulnerability Exploited in Attacks (SecurityWeek) ‘It defies belief': Names of PSNI officers published on court website in new breach (Belfast Telegraph) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

French police raid X's Paris offices. The Feds take over $400 million from a dark web cryptocurrency mixer. The NSA says zero-trust goes beyond authentication. Researchers warn of a multi-stage phishing campaign targeting Dropbox credentials. A new GlassWorn campaign targets macOS developers. Critical zero-day vulnerabilities in Ivanti Endpoint Manager Mobile are under active exploitation. Researchers disclose a major data exposure on Moltbook, a social network built for AI agents. States bridge the gaps in election security. Nitrogen ransomware has a fatal flaw that permanently destroys data. Supersize your passwords — you want fries with that? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector Aaron Isaksen leads AI Research and Engineering at Palo Alto Networks, where he advances state-of-the-art AI in cybersecurity while overseeing Cortex Xpanse's teams automating attack surface management across some of the world's largest networks. In this episode of Threat Vector, host David Moulton sits down with Dr. Aaron Isaksen to explore why engineering excellence must precede ethical AI debates, how adversarial AI is reshaping cybersecurity, and what it actually takes to build AI systems resilient enough to operate in hostile environments. Selected Reading French cops raid X's Paris office in algorithmic bias probe (The Register) US seizes over $400 million in assets from dark web money laundering operation Helix (SC Media) NSA Tells Feds: Zero Trust Must Go Beyond Login (GovInfo Security) New Password-Stealing Phishing Campaign Targets Corporate Dropbox Credentials (Infosecurity Magazine) New GlassWorm attack targets macOS via compromised OpenVSX extensions (Bleeping Computer) Ivanti Issues Urgent Fix for Critical Zero-Day Flaws Under Active Attack (Hackread) Vibe-Coded Moltbook Exposes User Data, API Keys and More (Infosecurity Magazine) As feds pull back, states look inward for election security support (CyberScoop) Nitrogen Ransomware: ESXi malware has a bug! (Coveware) McDonald's is not lovin' your bigmac, happymeal, and mcnuggets passwords (The Register) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of CISO Perspectives. In this mid-season episode, Kim takes a step back to reflect on the journey so far—revisiting key conversations, standout moments, and recurring themes that have shaped the season. During the episode, Kim sits down with N2K's own Ethan Cook to connect the dots across episodes, uncovering deeper patterns and takeaways. Whether you're catching up or tuning in weekly, this episode offers a thoughtful recap and fresh perspective on where we've been—and what's still to come. Learn more about your ad choices. Visit megaphone.fm/adchoices

Poland says weak security left parts of its power grid exposed. A Russian-linked hacker alliance threatens Denmark with a promised cyber offensive. Fancy Bear moves fast on a new Microsoft Office flaw, hitting Ukrainian and EU targets. Researchers find a sprawling supply chain attack buried in the ClawdBot AI ecosystem. A new report looks at how threats are shaping the work of journalists and security researchers. A stealthy Windows malware campaign blends Pulsar RAT with Stealerv37. A former Google engineer is convicted of stealing AI trade secrets for China. The latest cybersecurity funding and deal news. On our Afternoon Cyber Tea segment, Microsoft's Ann Johnson chats with Dr. Lorrie Cranor from Carnegie Mellon about security design. The AI dinosaur that knew too much.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Afternoon Cyber Tea Dr. Lorrie Cranor⁠, Director of the CyLab Security and Privacy Institute at Carnegie Mellon University joins Ann Johnson, Corporate Vice President, Microsoft, on this month's segment of Afternoon Cyber Tea to discuss the critical gap between security design and real-world usability. They explore why security tools often fail users, the ongoing challenges with passwords and password less authentication, and how privacy expectations have evolved in an era of constant data collection. You can listen to Ann and Lorrie's full conversation here, and catch new episodes Afternoon Cyber Tea every other Tuesday on your favorite podcast app. Selected Reading Russian hackers breached Polish power grid thanks to bad security, report says (TechCrunch) Newly Established Russian Hacker Alliance Threatens Denmark (Truesec) Fancy Bear Exploits Microsoft Office Flaw in Ukraine, EU Cyber-Attacks (Infosecurity Magazine) Notepad++ Hijacked by State-Sponsored Hackers (Notepad++) ClawdBot Skills Just Ganked Your Crypto (OpenSource Malware Blog) Under Pressure: Exploring the effect of legal and criminal threats on security researchers and journalists (DataBreaches.Net) Windows Malware Uses Pulsar RAT for Live Chats While Stealing Data (Hackread) U.S. convicts ex-Google engineer for sending AI tech data to China (Bleeping Computer) Upwind secures $250 million in a Series B round. (N2K Pro Business Briefing)  Don't Buy Internet-Connected Toys For Your Kids (Blackout VPN) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of Career Notes. Richard Melick, Director of Threat Reporting for Zimperium, talks about his journey, from working in the military to moving up to the big screens. He shares that he's been in the business of solving unique cybersecurity problems for so long that he has found his own path that works very well for him. He says, "if I go to a unique problem and try to solve it, I find that I'm solving it the same way that I would've solved it five years ago, because I found my pattern." Richard reflects on his time working in the industry, from moving away from the military and into different roles over the years. He notes that giving credit where credit is due, to those who deserve it, is how you keep the audience engaged as a storyteller. We thank Richard for sharing his story. Learn more about your ad choices. Visit megaphone.fm/adchoices

A popular chatbot exposes millions of private user messages. The White House rescinds Biden-era federal software security guidance. A senior Secret Service official urges more scrutiny of domain registration. The President's NSA pick champions section 702. France looks to reduce reliance on U.S. digital infrastructure. CISA shares guidance on insider threats. Hugging Face infrastructure was abused to distribute an Android RAT. Ivanti discloses a pair of critical zero-days. Popular dating sites suffer a data breach. Our guest is Tim Starks from CyberScoop, discussing how the US looks to push its view of AI cybersecurity standards to the rest of the world. The Nobel Committee blames hackers for a spoiler alert.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Tim Starks from CyberScoop discussing how the US looks to push its view of AI cybersecurity standards to the rest of the world. You can read Tim's coverage here.  Selected Reading Massive AI Chat App Leaked Millions of Users Private Conversations (404 Media) White House Scraps 'Burdensome' Software Security Rules (SecurityWeek) The 'staggering' cybersecurity weakness that isn't getting enough focus, according to a top Secret Service official (CyberScoop) NSA pick champions foreign spying law as nomination advances (The Record) French Government To Replace Zoom and Teams With Visio, a Local Alternative (The New York Times) CISA Urges Critical Infrastructure Organizations to Take Action Against Insider Threats (HSToday) Hugging Face Abused to Deploy Android RAT (SecurityWeek) Ivanti warns of two EPMM flaws exploited in zero-day attacks (Bleeping Computer) Match Group breach exposes data from Hinge, Tinder, OkCupid, and Match (Bleeping Computer) Nobel Hacking Likely Leaked Peace Prize Winner Name, Probe Finds (Bloomberg) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.  Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Google dismantles a huge residential proxy network. Did the FBI take down the notorious RAMP cybercrime forum? A long running North Korea backed cyber operation has splintered into three specialized threat groups. U.S. military cyber operators carried out a covert operation to disrupt Russian troll networks ahead of the 2024 elections. Phishing campaigns target journalists using the Signal app. SolarWinds patches vulnerabilities in its Web Help Desk product. Amazon found CSAM in its AI training data. Initial access brokers switch up their preferred bot. China executes scam center kingpins. Our guest is Tom Pace, CEO of NetRise, explaining how open-source vulnerabilities are opening doors for nation-states.  An unsecured webcam peers into Pyongyang.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, Tom Pace, former DOE cyber analyst and CEO of NetRise, joins the show to explain how open-source vulnerabilities are opening doors for nation-states and why visibility into who maintains code repositories matters. Selected Reading Google Disrupted World's Largest IPIDEA Residential Proxy Network (Cyber Security News) Notorious Russia-based RAMP cybercrime forum apparently seized by FBI (The Record) Long-running North Korea threat group splits into 3 distinct operations (CyberScoop) Secret US cyber operations shielded 2024 election from foreign trolls, but now the Trump admin has gutted protections (CNN Politics) Phishing attack: Numerous journalists targeted in attack via Signal Messenger (Netzpolitik.org) Signal president warns AI agents are making encryption irrelevant (Cyber Insider) SolarWinds Patches Critical Web Help Desk Vulnerabilities (SecurityWeek)  Amazon Found ‘High Volume' Of Child Sex Abuse Material in AI Training Data (Bloomberg) Initial access hackers switch to Tsundere Bot for ransomware attacks (Bleeping Computer) China Executes 11 People Linked to Cyberscam Centers in Myanmar   (Bloomberg) North Korean Hackers' Daily Life Leaked in Video (The Chosun) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA's interim director uploaded sensitive government material into the public version of ChatGPT. The cyberattack on Poland's power grid compromised roughly 30 energy facilities. The EU and India sign a new partnership that includes expanded cyber cooperation. Meta rolls out enhanced WhatsApp security features. Researchers uncover a campaign targeting LLM service endpoints. Fortinet and OpenSSL patch multiple vulnerabilities. A high-severity WinRAR vulnerability continues to see widespread exploitation six months after it was patched. The SoundCloud data breach affected nearly 30 million users. Ben Yelin explains the California lawsuit accusing social media platforms of harming kids. A Spanish resort town gets hit with low-rent ransomware.   Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, Dave is joined by his Caveat co-host Ben Yelin, Program Director for Public Policy & External Affairs at the University of Maryland Center for Cyber Health and Hazard Strategies, to discuss the upcoming trial where Meta and YouTube will make their case against accusations of social media being harmful to children. You can learn more here.  T-Minus Guest Host Our T-Minus Space Daily podcast team is in Orlando, FL this week covering Commercial Space Week. Yesterday while the crew was on travel making their way to the event, Dave Bittner took his first spin behind the mic on T-Minus. Tune in and let us know how Dave did! You can follow along with host Maria Varmazis and producers Alice Carruth and Liz Stokes for event coverage via our LinkedIn profile. Selected Reading Trump's acting cyber chief uploaded sensitive files into a public version of ChatGPT (POLITICO) Cyberattack on Poland's power grid hit around 30 energy facilities, new report says (The Record) Europe/India • Indian 'hackers for hire' to continue to thrive under Brussels-New Dehli trade deal (Intelligence Online) New WhatsApp lockdown feature protects high-risk users from hackers (Bleeping Computer) Hackers hijack exposed LLM endpoints in Bizarre Bazaar operation (Bleeping Computer) Fortinet Patches Exploited FortiCloud SSO Authentication Bypass (SecurityWeek) High-Severity Remote Code Execution Vulnerability Patched in OpenSSL (SecurityWeek) Cybercriminals and nation-state groups are exploiting a six-month old WinRAR defect (CyberScoop) SoundCloud breach added to HIBP, 29.8 million accounts exposed (CyberInsider) Spanish municipality Sanxenxo City Council calls hackers bluff as malware takes over network (Cryptopolitan) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.  Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Microsoft rushes an emergency fix for an actively exploited Office zero-day. A suspected cyberattack halts rail service in Spain. The FBI probes Signal chats in Minnesota. The UK moves to overhaul policing for the cyber age. Romania investigates a hitman-for-hire site. A UK court awards $4.1 million in a Saudi spyware case. Google agrees to a voice assistant settlement. CISA maps post-quantum crypto readiness. Prosecutors charge an Illinois man over a Snapchat hacking scheme targeting hundreds of women. Our guest today is Cynthia Kaiser, SVP of the Ransomware Research Center at Halcyon, sharing some insight into the AI and quantum threats to cybersecurity and the national cyber strategy. A Best Buy guy tries a creative alibi.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest today is Cynthia Kaiser, SVP of the Ransomware Research Center at Halcyon, sharing some insight into the AI and quantum threats to cybersecurity and the national cyber strategy. Selected Reading Microsoft Issues Emergency Patch for Actively Exploited Office Zero-Day (Beyond Machines) Catalonia travel chaos: thousands stranded as suspected cyber attack disrupts rail network (The Olive Press)  FBI is investigating Minnesota Signal groups tracking ICE, Patel says (NBC News) UK plans sweeping overhaul of policing amid surge in online crimes (The Record) Romania probes two suspects over alleged hitman-for-hire website (The Record) Judge awards British critic of Saudis $4.1 million, finds the regime hacked his devices (The Record) Google to pay $68 million over allegations its voice assistant eavesdropped on users (CBS News) CISA releases technology readiness list for post-quantum cryptography (CSO Online) Illinois man charged with hacking Snapchat accounts to steal nude photos (Bleeping Computer) Savannah BSavannah Best Buy employee says 'hacker group' blackmailed him into theft ring scheme (WJCL 22) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.   Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Microsoft granted the FBI access to laptops encrypted with BitLocker. The EU opens an investigation into Grok's creation of sexually explicit images. Glimmers of access pierce Iran's internet blackout. Koi Security warns npm fixes fall short against PackageGate exploits. Some Windows 11 devices fail to boot after installing the January Patch Tuesday updates. CISA warns of active exploitation of  multiple vulnerabilities across widely used enterprise and developer software. ESET researchers have attributed the cyberattack on Poland's energy sector to Russia's Sandworm. This week's business breakdown. Brandon Karpf joins us to talk space and cyber. CISA sits out RSAC.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest today is cybersecurity executive and friend of the show Brandon Karpf with Dave Bittner and T-Minus Space Daily host Maria Varmazis, for our monthly space and cyber segment. Brandon, Maria and Dave discuss “No more free rides: it's time to pay for space safety.” Selected Reading FBI Accessed Windows Laptops After Microsoft Shared BitLocker Recovery Keys (Hackread) European Commission opens new investigation into X's Grok (The Register) Amid Two-Week Internet Blackout, Some Iranians Are Getting Back Online (New York Times) Hackers can bypass npm's Shai-Hulud defenses via Git dependencies (Bleeping Computer) Microsoft investigates Windows 11 boot failures after January updates (Bleeping Computer) CISA says critical VMware RCE flaw now actively exploited (Bleeping Computer) CISA confirms active exploitation of four enterprise software bugs (Bleeping Computer) ESET Research: Sandworm behind cyberattack on Poland's power grid in late 2025 (ESET)  Aikido secures $60 million in Series B funding. (N2K Pro Business Briefing) CISA won't attend infosec industry's biggest conference (The Register) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.   Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of Career Notes. Lauren Van Wazer, Vice President, Global Public Policy and Regulatory Affairs for Akamai Technologies, shares her story as she followed her own North Star and landed where she is today. She describes her career path, highlighting how she went from working at AT&T to being able to work in the White House. She shares how she is a coach and a leader to the team she works with now, saying "my view is I've got their back, if they make a mistake, it's my mistake, and if they do well, they've done well." Lauren hopes she's made an impact in the world by making it a little bit better than before, and discusses how she doesn't let anyone stop her from her goals. Lauren shares her outlook on her experiences, calling attention to different roles in her life that made her journey all the better. We thank Lauren for sharing. Learn more about your ad choices. Visit megaphone.fm/adchoices

Today we have Andrew Northern, Principal Security Researcher at Censys, discussing "From Evasion to Evidence: Exploiting the Funneling Behavior of Injects". This research explains how modern web malware campaigns use multi-stage JavaScript injections, redirects, and fake CAPTCHAs to selectively deliver payloads and evade detection. It shows that these attack chains rely on stable redirect and traffic-distribution chokepoints that can be monitored at scale. Using the SmartApe campaign as a case study, the report demonstrates how defenders can turn those chokepoints into high-confidence detection and tracking opportunities. The research can be found here: From Evasion to Evidence: Exploiting the Funneling Behavior of Injects Learn more about your ad choices. Visit megaphone.fm/adchoices

At long last, a TikTok deal. Officials urge lawmakers to keep an eye on the quantum ball. Fortinet confirms active exploitation of a critical authentication bypass flaw. Ireland plans to authorize spyware for law enforcement. Okta warns customers of sophisticated vishing kits. Under Armour investigates data breach claims. CISA adds a Zimbra Collaboration Suite flaw to the known exploited vulnerabilities list. Poor OpSec enables recovery of data stolen by the INC ransomware gang. The DOJ deports a pair of Venezuelans convicted of ATM jackpotting. Our guest is Chris Nyhuis, Founder and CEO of Vigilant, sharing practical steps to protect money, identity, and devices.  Curl pulls the plug on bug bounties after drowning in AI slop. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Chris Nyhuis, Founder and CEO of Vigilant, sharing "practical steps consumers can take in 2026 to protect their money, identity, and devices." Selected Reading TikTok Strikes Deal to Create New U.S. Entity and Loosen App's Ties to China (New York Times) US Officials Urge Congress to Reauthorize Key Quantum Law (BankInfo Security) Fortinet confirms critical FortiCloud auth bypass not fully patched (Bleeping Computer) Ireland plans law allowing law enforcement to use spyware (The Record) Okta SSO accounts targeted in vishing-based data theft attacks (Bleeping Computer) Under Armour Investigates Data Breach (Infosecurity Magazine) Organizations Warned of Exploited Zimbra Collaboration Vulnerability  (SecurityWeek) INC ransomware opsec fail allowed data recovery for 12 US orgs (Bleeping Computer) 2 Venezuelans Convicted in US for Using Malware to Hack ATMs (SecurityWeek) Curl ending bug bounty program after flood of AI slop reports (Bleeping Computer) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA's acting director assures Congress the agency has “stabilized”. Google and Cisco patch critical vulnerabilities. Fortinet firewalls are being hit by automated attacks that create rogue accounts. A global spam campaign leverages unsecured Zendesk support systems. LastPass warns of attempted account takeovers. Greek authorities make arrests in a sophisticated fake cell tower scam. Executives at Davos express concerns over AI. Pwn2Own Automotive proves profitable. Our guest is Kaushik Devireddy, AI data scientist at Fable Security, with insights on a fake ChatGPT installer. New password, same as the old password.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Kaushik Devireddy, AI data scientist at Fable Security, discussing their work on "How a fake ChatGPT installer tried to steal my password". Selected Reading CISA Is 'Trying to Get Back on Its Mission' After Trump Cuts (CISA) Google Patches High-Severity V8 Race Condition in Chrome 144 published: today (Beyond Machines) Cisco Patches Actively Exploited Flaw in Unified Communications Products (Beyond Machines) Hackers breach Fortinet FortiGate devices, steal firewall configs (Bleeping Computer) Zendesk ticket systems hijacked in massive global spam wave (Bleeping Computer) LastPass Warns of Phishing Campaign Attempting to Steal Master Passwords (Infosecurity Magazine) Greek Police Arrest Scammers in Athens Using Fake Cell Tower for SMS Phishing Operation (TechNadu) Execs at Davos say AI's biggest problem isn't hype — it's security (Business Insider) Hackers exploit 29 zero-days on second day of Pwn2Own Automotive (Bleeping Computer) Analysis of 6 Billion Passwords Shows Stagnant User Behavior (SecurityWeek) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

DOGE staff face scrutiny over possible Hatch Act violations. GitLab fixes a serious 2FA bypass. North Korean hackers target macOS developers through Visual Studio Code. Researchers say the VoidLink malware may be largely AI-built. MITRE rolls out a new embedded systems threat matrix. Oracle drops a massive patch update. Minnesota DHS reports a breach affecting 300,000 people. Germany looks to Israel for cyber defense lessons. A major illicit marketplace goes dark. Our guest is Ashley Jess, Senior Intelligence Analyst from Intel 471, with a “crash course” on underground cyber markets. And auditors emerge as an unlikely line of cyber defense. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we have Ashley Jess, Senior Intelligence Analyst from Intel 471, sharing a “crash course” on how underground cyber markets and emerging trends. Selected Reading Trump administration concedes DOGE team may have misused Social Security data (POLITICO) GitLab warns of high-severity 2FA bypass, denial-of-service flaws (Bleeping Computer) North Korean Hackers Target macOS Developers via Malicious VS Code Projects (SecurityWeek) Voidlink Linux Malware Was Built Using an AI Agent, Researchers Reveal (Infosecurity Magazine) MITRE Launches New Security Framework for Embedded Systems (SecurityWeek) Oracle's First 2026 CPU Delivers 337 New Security Patches (SecurityWeek) Minnesota Agency Notifies 304,000 of Vendor Breach (GovInfo Security) Germany and Israel Pledge Cybersecurity Alliance (BankInfo Security) $12B Scam Market Tudou Guarantee Shuts Down (GovInfo Security) Research reveals a surprising line of defence against cyber attacks: accountants (The Conversation) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Authorities pursue Black Basta. British authorities launch a new national service to fight fraud and cybercrime. LinkedIn private messages get infected with RATs. Researchers uncover a new malicious extension that intentionally crashes the browser. Ingram Micro discloses a ransomware-related data breach. A Jordanian man pleads guilty to selling stolen access to corporate networks. Business Breakdown. Tim Starks from CyberScoop discusses Sean Plankey's renomination to lead CISA.  Grave oversight in the funeral biz.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Tim Starks from CyberScoop as he is discussing Sean Plankey's renomination to lead CISA. You can use Tim's take on it here.   Selected Reading Police raid homes of alleged Black Basta hackers, hunt suspected Russian ringleader (The Record) UK launches landmark 'Report Fraud' service to tackle cybercrime and fraud (The Record) Linkedin Phishing Campaign Exploits Open-Source Pen Testing Tool to Compromise Business Execs (Infosecurity Magazine) Fake ad blocker extension crashes the browser for ClickFix attacks (Bleeping Computer) Ingram Micro reveals ransomware attack hit 42,000 people - here's how to find out more (TechRadar) Jordanian Man Pleads Fake ad blocker extension crashes the browser for ClickFix attacksGuilty to Selling Stolen Logins for 50 Companies (Hackread) CrowdStrike agrees to acquire SGNL for $740 million and Seraphic for $420 million. (N2K Pro) Exclusive: Funeral Industry Faces Security Gaps as Top Firms Lack Key Certifications (The Chosun Daily) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

While our team is away from the mic observing the Martin Luther King, Jr. holiday in the United States, we share this thoughtful discussion from our T-Minus Space Daily team. Signals Intelligence (SIGINT) is the practice of intercepting and analyzing electronic signals, like phone calls, emails, radar, and telemetry, to gather actionable intelligence for national security, defense, and military operations. It's primarily conducted by agencies like NSA, but over the last decade many companies in the commercial sector have grown in this vital area of national defense, especially in space. Our guest is Dave DeWalt, CEO of NightDragon, who shared why his firm is investing in tech and space. Dave joins T-Minus Space Daily host Maria Varmazis for this special edition podcast. You can connect with Dave on LinkedIn, and learn more about NightDragon on their website. Remember to leave us a 5-star rating and review in your favorite podcast app. Be sure to follow T-Minus on LinkedIn and Instagram. Share your feedback. What do you think about T-Minus Space Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at space@n2k.com to request more info. Want to join us for an interview? Please send your pitch to space-editor@n2k.com and include your name, affiliation, and topic proposal. T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

While our team is observing the Martin Luther King, Jr. holiday in the United States, please enjoy this CyberWire-X episode featuring the team from Horizon3.ai. In this CyberWire-X episode, Dave Bittner speaks with Horizon3.ai co-founder and CEO Snehal Antani about how continuous autonomous penetration testing is reshaping security resilience. Antani reflects on his journey from CIO to DoD operator, where he learned that the hardest part of security isn't patching — it's prioritizing what matters and proving defenses work before attackers do. He explains why vulnerability scans fall short, how “AI hackers” simulate adversary behavior at machine speed, and why organizations must shift from compliance thinking to attacker-centric validation. Antani shares real-world findings, warns of 77-second domain compromise, and predicts a future of AI fighting AI, with humans by exception. Resources: Whitepaper: NodeZero® for Pentesters and Red Teams Whitepaper: Traditional vs. Autonomous: Why NodeZero® is the Future of Cyber Risk Assessments Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of Career Notes. Deepen Desai, Global Chief Information Security Officer at Zscaler, shares his story as a doctor that treats computer viruses. He describes how he got into the security field and his work with Zscaler. He says what it's like learning and growing in this field and shares great advice for people who are up and coming in the field. Deepen describes working with an incredible team and how much joy it brings him to see his team learning and growing beyond their roles working with him. He says he want's to be remembered as a mentor among his colleagues. He says "I still remember my first team that I built, 15 years ago. Most of those guys are leading key technologies at many of the major security vendors, and some of them are still with me." We thank Deepen for sharing his story. Learn more about your ad choices. Visit megaphone.fm/adchoices

Today we are joined by Ben Folland, Security Operations Analyst from Huntress, discussing their work on "ClickFix Gets Creative: Malware Buried in Images." This analysis covers a ClickFix campaign that uses fake human verification checks and a realistic Windows Update screen to trick users into manually running malicious commands. The multi-stage attack chain leverages mshta.exe, PowerShell, and .NET loaders, ultimately delivering infostealers like LummaC2 and Rhadamanthys, with payloads hidden inside PNG images using steganography. While technically sophisticated, the campaign hinges on simple user interaction, underscoring the importance of user awareness and controls around command execution. The research can be found here: ClickFix Gets Creative: Malware Buried in Images Learn more about your ad choices. Visit megaphone.fm/adchoices

Who turned out the lights in Venezuela? The European Space Agency confirms a series of cyberattacks. Dutch police nab the alleged operator of a notorious malware testing service. The U.S. and allies issue new guidance on OT security. Researchers warn of automated exploitation of a critical Hewlett-Packard Enterprise OneView flaw. TamperedChef cooks up trojanized PDF documents to deliver backdoor malware. A bluetooth vulnerability puts devices at risk. Cisco patches a maximum-severity zero-day exploited since November. Jen Easterly heads up RSAC. Our guest is Zak Kassas from Ohio State University, discussing GPS alternatives. Vintage phones face modern problems. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today Maria Varmazis from T-Minus pace sits down with Zak Kassas from the Ohio State University to discuss the study “Navigating the Arctic Circle with Starlink and OneWeb LEO Satellites”.This conversation is a preview of tomorrow's Deep Space episode from T-Minus Space Daily. Selected Reading Cyberattack in Venezuela Demonstrated Precision of U.S. Capabilities (The New York Times) Sensitive European Space Agency Data Leaked to the Dark Web by String of Cyberattacks (IBTimes UK) Operation Endgame: Dutch Police Arrest Alleged AVCheck Operator (Hackread) CISA, Allies Sound Alarm on OT Network Exposure (GovInfo Security) RondoDox botnet exploits critical HPE OneView bug (The Register) TamperedChef Malvertising Campaign Drops Malware via Fake PDF Manuals (Infosecurity Magazine) WhisperPair Attack Leaves Millions of Bluetooth Accessories Open to Hijacking (SecurityWeek) Cisco finally fixes AsyncOS zero-day exploited since November (Bleeping Computer) Former CISA Director Jen Easterly Appointed CEO of RSAC (SecurityWeek) iPhone 4 makes comeback — but experts warn of security risks (New York Post) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Verizon hit by a major wireless outage. Poland blocks an attack on its power grid. A massive database of French citizens exposed. Microsoft shuts down a cybercrime-as-a-service operation. The UK backs away from digital ID plans. California probes Grok deepfakes. The FTC settles with GM over location data. Palo Alto Networks patches a serious firewall flaw. Plus, John Serafini of HawkEye on modern signals intelligence, and federal agents seize devices from a Washington Post reporter. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today Maria Varmazis sits down with John Serafini, Founder and CEO of Hawkeye 360, on T-Minus to discuss commercial signals intelligence, advanced RF signal processing, and Hawkeye 360's recent acquisition of Innovative Signal Analysis alongside its Series E funding. To hear the full conversation, check out the episode on T-Minus. Selected Reading Verizon Says Service Restored After Thousands Affected by Outage (Bloomberg) Poland says it repelled major cyberattack on power grid, blames Russia (The Record) Massive breach leaks 45 million French records: demographic, healthcare, and financial data all leaked, here's what we know (TechRadar) Criminal Subscription Service Behind AI-Powered Cyber-Attacks Taken Out By Microsoft (Infosecurity Magazine) Government drops plans for mandatory digital ID to work in UK (BBC News) Attorney General Bonta Launches Investigation into xAI, Grok Over Undressed, Sexual AI Images of Women and Children | State of California (Department of Justice) FTC bans GM from selling drivers' location data for five years (Bleeping Computer) Palo Alto Networks warns of DoS bug letting hackers disable firewalls (Bleeping Computer) FBI executes search warrant at Washington Post reporter's home (Washington Post) US cargo tech company publicly exposed its shipping systems and customer data to the web (TechCrunch) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Patch Tuesday fallout, China sidelines Western security vendors, and a critical flaw puts industrial switches at risk of remote takeover. A ransomware attack disrupts a Belgian hospital, crypto scams hit investment clients, and Eurail discloses a data breach. Analysts press Congress to go on offense in cyberspace, and Sean Plankey gets another shot at leading CISA. In our Threat Vector segment, David Moulton sits down with Ian Swanson, AI Security Leader at Palo Alto Networks about supply chain security. And, an AI risk assessment cites a football match that never happened. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector Segment AI security is no longer optional, it's urgent. In this segment of Threat Vector, David Moulton sits down with Ian Swanson, former CEO of Protect AI and now the AI Security Leader at Palo Alto Networks. Ian shares how securing the AI supply chain has become the next frontier in cybersecurity and why every enterprise building or integrating AI needs to treat it like any other software pipeline—rife with dependencies, blind spots, and adversaries ready to exploit them. You can catch the full conversation here and listen to new episodes of Threat Vector every Thursday on your favorite podcast app. Selected Reading Patch Tuesday, January 2026 Edition (Krebs on Security) Adobe Patches Critical Apache Tika Bug in ColdFusion (SecurityWeek) Chrome 144, Firefox 147 Patch High-Severity Vulnerabilities (SecurityWeek) Fortinet Patches Critical Vulnerabilities in FortiFone, FortiSIEM (SecurityWeek) Exclusive: Beijing tells Chinese firms to stop using US and Israeli cybersecurity software, sources say (Reuters) Critical OpenSSH flaw exposes Moxa industrial switches to remote takeover (Beyond Machines) Cyberattack forces Belgian hospital to transfer critical care patients (The Record) Betterment confirms data breach after wave of crypto scam emails (Bleeping Computer) Passports, bank details compromised in Eurail data breach (The Register) Lawmakers Urged to Let US Take on 'Offensive' Cyber Role (Bank InfoSecurity) Sean Plankey re-nominated to lead CISA (CyberScoop) Police chief admits misleading MPs after AI used in justification for banning Maccabi Tel Aviv fans (BBC News) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Stolen Target source code looks real. CISA pulls the plug on Gogs. SAP rushes patches for critical flaws. A suspected Russian spy emerges in Sweden, while Cloudflare threatens to walk away from Italy. Researchers flag a Wi-Fi chipset bug, a long-running Magecart skimming campaign, and a surge in browser-in-the-browser phishing against Facebook users. Mandiant releases a new Salesforce defense tool, and NIST asks how to secure agentic AI before it secures itself. Our guests are Christine Blake and Madison Farabaugh from Inside the Media Minds. Plus, a Dutch court says seven years is still the going rate for a USB-powered cocaine plot. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Christine Blake and Madison Farabaugh from W2 Communications and hosts of Inside the Media Minds podcast on their show joining the N2K CyberWire network. You can listen to the latest episode of Inside the Media Minds today and catch new installments every month on your favorite podcast app. Selected Reading Target employees confirm leaked code after ‘accelerated' Git lockdown (Bleeping Computer) Fed agencies urged to ditch Gogs as zero-day makes CISA list (The Register) SAP's January 2026 Security Updates Patch Critical Vulnerabilities (SecurityWeek) Sweden detains ex-military IT consultant suspected of spying for Russia (The Record) Cloudflare CEO threatens to pull out of Italy  (The Register) One Simple Trick to Knock Out the Wi-Fi Network (GovInfo Security) Google's Mandiant releases free Salesforce access control checker (iTnews) Global Magecart Campaign Targets Six Card Networks (Infosecurity Magazine) Facebook login thieves now using browser-in-browser trick (Bleeping Computer) NIST Calls for Public to Help Better Secure AI Agents (GovInfo Security) Appeal fails for hacker who opened port to coke smugglers (The Register) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The FBI warns of Kimsuky quishing. Singapore warns of a critical vulnerability in Advantech IoT management platforms. Russia's Fancy Bear targets energy research, defense collaboration, and government communications. Malaysia and Indonesia suspend access to X. Researchers warn a large-scale fraud operation is using AI-generated personas to trap mobile users in a social engineering scam. BreachForums gets breached. The NSA names a new Deputy Director. Monday Biz Brief. Our guest is Sasha Ingber, host of the International Spy Museum's SpyCast podcast. The commuter who hacked his scooter.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Sasha Ingber, host of the International Spy Museum's SpyCast podcast, on the return of SpyCast to the N2K CyberWire network. Selected Reading North Korea–linked APT Kimsuky behind quishing attacks, FBI warns (Security Affairs)  Advantech patches maximum-severity SQL injection flaw in IoT products (Beyond Machines) Russia's APT28 Targeting Energy Research, Defense Collaboration Entities (SecurityWeek) Malaysia and Indonesia block X over deepfake smut (The Register) New OPCOPRO Scam Uses AI and Fake WhatsApp Groups to Defraud Victim (Hackread) BreachForums hacking forum database leaked, exposing 324,000 accounts (Bleeping Computer) Former NSA insider Kosiba brought back as spy agency's No. 2 (The Record) Vega raises $120 million in a Series B round led by Accel. Reverse engineering my cloud-connected e-scooter and finding the master key to unlock all scooters (Rasmus Moorats) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of Career Notes. Laura Hoffner, Executive Vice President at Concentric, shares her story about her time working as a Naval Intelligence Officer and supporting special operations around the globe for 12 years, to now, where she transitioned to the Naval Reserves and joined the Concentric team. Laura has known since she was in the seventh grade that she wanted to work with SEALs and work in intelligence, so she set her goals high and achieved them shortly after graduating college. She credits being a Naval Intelligence Officer to helping her get to where she is today and says how much she is enjoying working with Concentric, saying she's "ultimately just incredibly benefiting from unbelievable mentors at the company itself." We thank Laura for sharing her story. Learn more about your ad choices. Visit megaphone.fm/adchoices

This week, we are joined by Martin Zugec, Technical Solutions Director from Bitdefender, sharing their work and findings on "EggStreme Malware: Unpacking a New APT Framework Targeting a Philippine Military Company." Built for long-term espionage, the campaign uses DLL sideloading, in-memory execution, and abused Windows services to stay stealthy and persistent. We walk through how the multi-stage framework delivers a powerful backdoor with reconnaissance, lateral movement, data theft, and keylogging capabilities—and what this operation reveals about the evolving tactics defenders need to watch for. The research can be found here: EggStreme Malware: Unpacking a New APT Framework Targeting a Philippine Military Company Learn more about your ad choices. Visit megaphone.fm/adchoices

The NSA reshuffles its cybersecurity leadership. A new report unmasks ICE's latest surveillance system. CISA marks a milestone by retiring ten Emergency Directives. Trend Micro patches a critical vulnerability. Grok dials back the nudes, a bit. Cambodia extradites a cybercrime kingpin to China. Ghost Tap malware intercepts payment card data. Researchers disrupt a highly sophisticated VMware ESXi hypervisor exploit. European law enforcement arrest dozens of suspects linked to the international cybercriminal group Black Axe. Our guest is Sonali Shah, CEO of Cobalt, who says 2026 is the year AI stops being a concept and becomes the central battleground of cybersecurity. After firing the experts, DOGE hangs a help wanted sign. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today on our Industry Voices, we are joined by Sonali Shah, CEO of Cobalt, talking about 2026 is the year AI stops being a concept and becomes the central battleground of cybersecurity. Tune into the full conversation here. Selected Reading NSA cyber directorate gets new acting leadership (The Record) Inside ICE's Tool to Monitor Phones in Entire Neighborhoods (404 Media) CISA Retires Ten Emergency Directives, Marking an Era in Federal Cybersecurity (CISA.gov) Trend Micro warns of critical Apex Central RCE vulnerability (Bleeping Computer) X pulls Grok images after UK ban threat over undress tool (The Register) Alleged cyber scam kingpin arrested, extradited to China (The Record) Chinese Hackers Use NFC-Enabled Android Malware to Steal Payment Information (GB Hackers) The Great VM Escape: ESXi Exploitation in the Wild (Huntress) Europol Leads Global Crackdown on Black Axe Cybercrime Gang, 34 Arrest (Infosecurity Magazine) US DOGE Service is hiring following mass workforce losses across the government (Gov Exec) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The US withdraws from global cybersecurity institutions. A maximum-severity vulnerability called Ni8mare allows full compromise of a workflow automation platform. Cisco patches ISE. Researchers uncover a sophisticated multi-stage malware campaign targeting manufacturing and government organizations in Italy, Finland, and Saudi Arabia. The growing rift of defining AI risk. Microsoft gives 365 admins a one-month deadline to enable MFA. The Illinois Department of Human Services inadvertently exposed personal and protected health information of more than 700,000 residents. An Illinois man is charged with hacking Snapchat accounts to steal nudes. Our guest is Caitlin Clarke, Senior Director for Cybersecurity Services at Venable, with insights on CISA 2015. Facial recognition that's bear-ly controversial.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Caitlin Clarke, Senior Director for Cybersecurity Services at Venable, for a conversation on CISA 2015 and its role in today's cybersecurity and policy landscape. If you enjoyed this conversation, be sure to tune into the full interview on the next Caveat. Selected Reading US announces withdrawal from dozens of international treaties (The Record) US To Leave Global Forum on Cyber Expertise (Infosecurity Magazine) Max severity Ni8mare flaw lets hackers hijack n8n servers (Bleeping Computer) Cisco warns of Identity Service Engine flaw with exploit code (Bleeping Computer) CISA tags max severity HPE OneView flaw as actively exploited (Bleeping Computer) Threat Actors Exploit Commodity Loader in Targeted Email Campaigns Against Organizations (GB Hackers) Are Copilot prompt injection flaws vulnerabilities or AI limits? (Bleeping Computer) Microsoft to enforce MFA for Microsoft 365 admin center sign-ins (Bleeping Computer) Illinois state agency exposed personal data of 700,000 people (The Record) Oswego man Kyle Svara, 26, allegedly hired by college coach Steve Waithe to get Snapchat access codes from nearly 600 women: FBI (ABC7 Chicago) How facial recognition for bears can help ecologists manage wildlife (The Conversation) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Jaguar Land Rover reveals the fiscal results of last year's cyberattack. A Texas gas station chain suffers a data spill. Taiwan tracks China's energy-sector attacks. Google and Veeam push patches. Threat actors target obsolete D-Link routers. Sedgwick Government Solutions confirms a data breach. The U.S. Cyber Trust Mark faces an uncertain future. Google looks to hire humans to improve AI search responses. Our guest is Deepen Desai, Chief Security Officer of Zscaler, discussing what's powering enterprise AI in 2026. AI brings creative cartography to the weather forecast. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today's Industry Voices, we are joined by Deepen Desai, Chief Security Officer of Zscaler, discussing what's powering enterprise AI in 2026. To learn more on this topic, be sure to check out Zscaler's report here. Listen to the full conversation here. Selected Reading Jaguar Land Rover wholesale volumes plummet 43% in cyberattack aftermath (The Register) Major Data Breach Hits Company Operating 150 Gas Stations in the US (Hackread) Taiwan says China's attacks on its energy sector increased tenfold (Bleeping Computer) Google Patches High-Severity Chrome WebView Flaw CVE-2026-0628 in the Tag Component (Tech Nadu) Several Code Execution Flaws Patched in Veeam Backup & Replication (SecurityWeek) New D-Link flaw in legacy DSL routers actively exploited in attacks (Bleeping Computer) Sedgwick confirms breach at government contractor subsidiary (Bleeping Computer) FCC Loses Lead Support for Biden-Era IoT Security Labeling (GovInfoSecurity) Google Search AI hallucinations push Google to hire "AI Answers Quality" engineers (Bleeping Computer) ‘Whata Bod': An AI-generated NWS map invented fake towns in Idaho (The Washington Post) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Grok's non-consensual imagery draws scrutiny from the European Commission.  Researchers link several major data breaches to a single threat actor. The UK unveils a new Cyber Action Plan. A stealthy ClickFix campaign targets the hospitality sector. VVS Stealer malware targets Discord users. Covenant Health and AFLAC report data leaks. Google silences a critical Dolby flaw. Ilona Cohen, Chief Legal and Policy Officer at HackerOne discusses “What the SolarWinds Dismissal Really Means for CISOs: Less Personal Risk, More Scrutiny on Disclosures.” UK students enjoy a digital snow day.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Ilona Cohen, Chief Legal and Policy Officer at HackerOne and former senior lawyer to President Obama, as she is discussing “What the SolarWinds Dismissal Really Means for CISOs: Less Personal Risk, More Scrutiny on Disclosures.” Selected Reading EU looking ‘very seriously' at taking action against X over Grok (The Record) Grok's AI CSAM Shitshow (404 Media) Dozens of Major Data Breaches Linked to Single Threat Actor (SecurityWeek) UK Launches New Cyber Unit to Bolster Defences Against Cyber Threats (Infosecurity Magazine) Sophisticated ClickFix Campaign Targeting Hospitality Sector (SecurityWeek) New VVS Stealer Malware Targets Discord Users via Fake System Errors (Hackread) Covenant Health Notifying 480K Patients of 2025 Data Theft (Infosecurity) Aflac Notifies 22.6 Million People of June Data Theft Attack (Infosecurity) Critical Dolby leak in Android patched by Google (Techzine Global) Students bag extended Christmas break after cyber hit on school IT (The Register) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Venezuela blames physical attacks for blackout as cyber questions swirl. Trump reverses a chip technology sale over national security issues, and removes sanctions linked to Predator spyware. Greek officials say an air traffic shutdown was not a cyberattack. The U.S. Army launches a new officer specialization in AI and machine learning. The Kimwolf botnet infects more than two million devices worldwide. ZoomStealer uses browser extensions to grab sensitive online meeting data. The European Space Agency confirms a cybersecurity incident. Former lawmakers and cyber policy leaders warn that U.S. cyber defenses are slipping. On today's Afternoon Cyber Tea host Ann Johnson welcomes Troy Hunt, founder of Have I Been Pwned. A researcher swipes left on white supremacy. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On this segment of Afternoon Cyber Tea with host Ann Johnson, Ann is joined by Troy Hunt, founder of Have I Been Pwned, to explore what billions of breached records reveal about attacker behavior, human weakness, and the state of breach disclosure. To listen to Ann and Troy's full conversation, visit the episode page. You can catch new episodes of Afternoon Cyber Tea every other Tuesday on your favorite podcast app.  Selected Reading Trump suggests US used cyberattacks to turn off lights in Venezuela during strikes (POLITICO) US Action in Venezuela Provokes Cyberattack Speculation (GovInfosecurity) COMUNICADO | CORPOELEC denuncia ataque perpetrado contra el Sistema Eléctrico Nacional (MPPEE) President Trump Orders Divestment in $2.9 Million Chips Deal to Protect US Security Interests (SecurityWeek) Treasury removes sanctions for three executives tied to spyware maker Intellexa (The Record) Greece says a radio failure that grounded flights is unlikely to be a cyberattack (WRAL.com) US Army to Establish AI Officer Corps for High-Tech Military Management (ForkLog) The Kimwolf Botnet is Stalking Your Local Network (Krebs on Security) Zoom Stealer browser extensions harvest corporate meeting intelligence (Bleeping Computer) European Space Agency Confirms Server Breach (Infosecurity Magazine) Time to restore America's cyberspace security system (CyberScoop) Researcher Wipes White Supremacist Dating Sites, Leaks Data on okstupid.lol (Hackread) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of Career Notes. Chief Information Security Officer at Immuta, Michael Scott shares his story from working at a forgotten internet service provider to leading the security fight for major food chain restaurants. Michael explains how the different roles at various companies he has worked with paved his way to where he is now at Immuta. He works with a group of colleagues and he leads in a different style, describing that "It really is just a collection of a lot of, we call humble intellects" working with him. Michael attributes adversity to being a cornerstone of existence in the security community, and explains how that helps him keep up the fight. We thank Michael for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

While our team is out on winter break, please enjoy this episode of Research Saturday. Today we are joined by ⁠⁠Selena Larson⁠⁠, co-host of ⁠⁠Only Malware in the Building⁠⁠ and Staff Threat Researcher and Lead Intelligence Analysis and Strategy at ⁠⁠Proofpoint⁠⁠, sharing their work on "Microsoft OAuth App Impersonation Campaign Leads to MFA Phishing." Proofpoint researchers have identified campaigns where threat actors use fake Microsoft OAuth apps to impersonate services like Adobe, DocuSign, and SharePoint, stealing credentials and bypassing MFA via attacker-in-the-middle phishing kits, mainly Tycoon. These attacks redirect users to fake Microsoft login pages to capture credentials, 2FA tokens, and session cookies, targeting nearly 3,000 Microsoft 365 accounts across 900 environments in 2025. Microsoft's upcoming security changes and strengthened email, cloud, and web defenses, along with user education, are recommended to reduce these risks. The research can be found here: ⁠⁠⁠⁠Microsoft OAuth App Impersonation Campaign Leads to MFA Phishing Learn more about your ad choices. Visit megaphone.fm/adchoices

While our team is out on winter break, please enjoy this episode of Cyber Things from our partners at Armis. Welcome to Episode 2 of Cyber Things, a special edition podcast produced in partnership by Armis and N2K CyberWire in an homage to Stranger Things. Host ⁠Rebecca Cradick⁠, VP of Global Communications at ⁠Armis⁠, is joined by ⁠Curtis Simpson⁠, CISO at Armis, to dive deep into the rise of the “Hive Mind”: the collective, connected threat ecosystem where attackers share tools, data, and tactics across the dark web, evolving faster than ever through AI-powered reconnaissance and automation. This is essential listening for anyone seeking to better understand how today's adversaries no longer operate alone, but as a distributed learning network that observes, adapts, and strikes with speed and precision. Tune in now to learn how organizations can think upside down, harness AI, and build defenses that move at the speed of today's threats - before the shadows reach your network. Learn more about your ad choices. Visit megaphone.fm/adchoices

While our team is out on winter break, please enjoy this episode of Threat Vector from our partners at Palo Alto Networks. In this episode of Threat Vector, host David Moulton talks with Wendi Whitmore, Chief Security Intelligence Officer at Palo Alto Networks, about the increasing scale of China-linked cyber threats and the vulnerabilities in outdated OT environments.  Wendi shares critical insights on how nation-state threats have evolved, why AI must be part of modern defense strategies, and the importance of real-time intelligence sharing. They also dive into scenario planning as a key to resilience. If you want to know how cybersecurity leaders are preparing for the next wave of threats, this episode is a must-listen. From the show: ASEAN Entities in the Spotlight: Chinese APT Group Targeting Preparing for a Secure Paris 2024 Unit 42 Predicts the Year of Disruption and Other Top Threats in 2025 FBI talks about how China is testing AI in cyberattacks Hear more from Wendi Whitmore on Threat Vector: Episode 5: From Nation States to Cybercriminals Join the conversation on our social media channels: Website:⁠ ⁠⁠⁠⁠https://www.paloaltonetworks.com/⁠ Threat Research:⁠ ⁠⁠⁠⁠https://unit42.paloaltonetworks.com/⁠⁠⁠⁠⁠ Facebook:⁠ ⁠⁠⁠⁠https://www.facebook.com/LifeatPaloAltoNetworks/⁠⁠⁠⁠⁠ LinkedIn:⁠ ⁠⁠⁠⁠https://www.linkedin.com/company/unit42/⁠⁠⁠⁠⁠ YouTube:⁠ ⁠⁠@paloaltonetworks⁠ Twitter:⁠ ⁠⁠⁠⁠⁠⁠https://twitter.com/PaloAltoNtwks⁠⁠⁠⁠⁠ About Threat Vector Threat Vector by Palo Alto Networks is your premier podcast for security thought leadership. Join us as we explore pressing cybersecurity threats, robust protection strategies, and the latest industry trends. The podcast features in-depth discussions with industry leaders, Palo Alto Networks experts, and customers, providing crucial insights for security decision-makers. Whether you're looking to stay ahead of the curve with innovative solutions or understand the evolving cybersecurity landscape, Threat Vector equips you with the knowledge needed to safeguard your organization. Palo Alto Networks Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile.⁠ ⁠http://paloaltonetworks.com⁠ Learn more about your ad choices. Visit megaphone.fm/adchoices

While our team is out on winter break, please enjoy this episode of Afternoon Cyber Tea with Ann Johnson from our partners at Microsoft Security. Dr. Lorrie Cranor, Director of the CyLab Security and Privacy Institute at Carnegie Mellon University joins Ann Johnson, Corporate Vice President, Microsoft, on this week's episode of Afternoon Cyber Tea to discuss the critical gap between security design and real-world usability. They explore why security tools often fail users, the ongoing challenges with passwords and password less authentication, and how privacy expectations have evolved in an era of constant data collection. Dr. Cranor emphasizes the importance of user-centered design, practical research, behavioral insights, and simpler, more transparent systems to help CISOs build security programs that truly work for people.    Resources:   View Lorrie Cranor on LinkedIn             View Ann Johnson on LinkedIn       Related Microsoft Podcasts:   Microsoft Threat Intelligence Podcast   The BlueHat Podcast    Uncovering Hidden Risks   Discover and follow other Microsoft podcasts at microsoft.com/podcasts      Afternoon Cyber Tea with Ann Johnson is produced by Microsoft, Hangar Studios and distributed as part of N2K media network.  Learn more about your ad choices. Visit megaphone.fm/adchoices

While our team is out on winter break, please enjoy this episode of The Microsoft Threat Intelligence Podcast from our partners at Microsoft. In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by Chloé Messdaghi and Crane Hassold to unpack the key findings of the 2025 Microsoft Digital Defense Report; a comprehensive look at how the cyber threat landscape is accelerating through AI, automation, and industrialized criminal networks.  They explore how nation-state operations and cybercrime have fused into a continuous cycle of attack and adaptation, with actors sharing tooling, infrastructure, and even business models. The conversation also examines AI's growing impact, from deepfakes and influence operations to the defensive promise of AI-powered detection, and how identity compromise has become the front door to most intrusions, accounting for over 99% of observed attacks.  Listeners will gain perspective on:  How AI is shaping both attacker tradecraft and defensive response.  Why identity remains the cornerstone of global cyber risk.  What Microsoft's telemetry—spanning 600 million daily attacks—reveals about emerging threats and evolving defender strategies.  Questions explored:  How are threat actors using AI to scale deception and influence operations?  What does industrialized cybercrime mean for organizations trying to defend at scale?  How can defenders harness AI responsibly without overreliance or exposure?    Resources:   Download the report and executive summary  Register for Microsoft Ignite  View Chloé Messdaghi on LinkedIn  View Crane Hassold on LinkedIn  View Sherrod DeGrippo on LinkedIn   Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider    The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  Learn more about your ad choices. Visit megaphone.fm/adchoices

In the season finale of CSO Perspectives, Ethan Cook and Kim Jones reflect on a season of conversations exploring what it means to lead security in a rapidly evolving “brave new world.” From the realities behind AI hype and the slow-burn impact of quantum computing to the business forces shaping cybersecurity innovation, they revisit key lessons and lingering challenges facing today's CISOs. The episode closes with an optimistic—but candid—look at why fundamentals, critical thinking, and leadership still matter as the industry moves forward. Want more CISO Perspectives? Check out companion ⁠⁠blog post⁠⁠s by our very own Ethan Cook, where he breaks down key insights, shares behind-the-scenes context, and highlights research that complements episodes throughout the season. Learn more about your ad choices. Visit megaphone.fm/adchoices

While our team is out on winter break, please enjoy this episode of Data Security Decoded from our partners at Rubrik. In this episode of Data Security Decoded, host Caleb Tolin sits down with Hayden Smith, CEO of Hunted Labs, as he breaks down how software supply chain attacks really work, why open source dependencies create unseen exposure, and what modern threat actors are doing to exploit trust at scale. Caleb and Hayden dive deep into real-world attacks, emerging TTPs, AI-powered threat hunting, and what organizations must do today to keep pace. Listeners walk away with a clear picture of the problem—and a practical blueprint for reducing supply chain risk. What You'll Learn  How modern attackers infiltrate open source ecosystems through fake accounts and counterfeit package contributions. Why dependency chains dramatically amplify both exposure and attacker leverage. How to use threat intelligence and threat hunting to proactively evaluate upstream packages before adoption. Where AI-powered code analysis is changing the ability to discover hidden vulnerabilities and suspicious patterns. Why dependency pinning, SBOM discipline, and continuous monitoring now define a strong supply chain posture. Episode Highlights 00:00 — Welcome + Why Software Supply Chain Risk Matters 02:00 — Hayden's Non-Cyber Passion + Framing Today's Topic 03:00 — Why Open Source Powers Everything—and Why That Creates Exposure 06:00 — The Real Attack Vector: Contribution as Initial Access 08:00 — Inside the Indonesian “Fake Package” Campaign 10:30 — How to Evaluate Code + Contributor Identity Together 12:00 — Threat Hunting and AI-Enabled Code Interrogation 15:00 — The Challenge of Undisclosed Vulnerabilities in Widely Used Components 16:30 — How Recovery Works When Malware Is Already in Your Stack 19:00 — Continuous Monitoring as the Foundation of Modern Supply Chain Security 22:00 — Pinning, Maintainer Analysis, and Code Interrogation Best Practices 24:00 — Where to Learn More About Hunted Labs Episode Resources Hunted Labs — https://huntedlabs.com Hunted Labs Entercept Hunted Labs “Hunting Ground” research blog Open Source Malware (Paul McCarty) Learn more about your ad choices. Visit megaphone.fm/adchoices

While our team is out on winter break, please enjoy this episode of Career Notes. Threat intelligence analyst at Recorded Future, Charity Wright, shares her story from the army to her career today. Transitioning from the army to cybersecurity was an exciting change for her. During college she was recruited by the U.S. army where she started her journey and learned new skills paving her pathway to threat intelligence where she is now. She shares that she works with a great team of junior analysts who are constantly checking each others' biases which helps keep Charity grounded in her work. Charity spends her days keeping an eye on threats around the world where she says there is never a dull day in her line of work. We thank Charity for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

While our team is out on winter break, please enjoy this episode of Research Saturday. This week, we are joined by ⁠Tom Hegel⁠, Principal Threat Researcher from ⁠SentinelLabs⁠ research team, to discuss their work on "Ghostwriter | New Campaign Targets Ukrainian Government and Belarusian Opposition." The latest Ghostwriter campaign, linked to Belarusian government espionage, is actively targeting Ukrainian military and government entities as well as Belarusian opposition activists using weaponized Excel documents. SentinelLabs identified new malware variants and tactics, including obfuscated VBA macros that deploy malware via DLL files, with payload delivery seemingly controlled based on a target's location and system profile. The campaign, which began preparation in mid-2024 and became active by late 2024, appears to be an evolution of previous Ghostwriter operations, combining disinformation with cyberattacks to further political and military objectives. The research can be found here: ⁠Ghostwriter | New Campaign Targets Ukrainian Government and Belarusian Opposition Learn more about your ad choices. Visit megaphone.fm/adchoices

While our team is out on winter break, please enjoy this Special Edition episode. Cybersecurity is no longer confined to the digital world or just a technical challenge, it's a global imperative. The ⁠NightDragon Innovation Summit⁠ convened a group of industry leaders to discuss how public and private entities can work together to address emerging threats and harness the power of AI, cybersecurity, and innovation to strengthen national defense. In this special edition podcast, we capture a glimpse into the knowledge and expertise shared at the NightDragon Innovation Summit. We are joined by ⁠NightDragon⁠ Founder and CEO ⁠Dave DeWalt⁠, ⁠DataBee⁠ CEO ⁠Nicole Bucala⁠, ⁠Liberty Mutual Insurance⁠ EVP and CISO ⁠Katie Jenkins⁠, Sophos CEO ⁠Joe Levy⁠, and ⁠Dataminr⁠ VP of Sales Engineering ⁠Michael Mastrole⁠. Learn more about your ad choices. Visit megaphone.fm/adchoices

While our team is out on winter break, please enjoy this episode of Only Malware in the Building. Welcome in! You've entered, Only Malware in the Building. Wrap yourself in a warm blanket, pour your favorite mug of tea, and join us each month as we unwrap the season's juiciest cyber mysteries. Your host is ⁠⁠⁠⁠⁠⁠Selena Larson⁠⁠⁠⁠⁠⁠, ⁠⁠⁠⁠⁠⁠Proofpoint⁠⁠⁠⁠⁠⁠ intelligence analyst and host of their podcast ⁠⁠⁠⁠⁠⁠DISCARDED⁠⁠⁠⁠⁠⁠. Inspired by the residents of a building in New York's exclusive upper west side, Selena is joined by her co-hosts ⁠⁠⁠⁠⁠⁠N2K Networks⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠⁠ and ⁠⁠⁠⁠⁠Keith Mularski⁠⁠⁠⁠⁠, former FBI cybercrime investigator and now Chief Global Ambassador at ⁠⁠⁠⁠⁠Qintel⁠⁠⁠⁠⁠. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we explore Remote access, real cargo: cybercriminals targeting trucking and logistics. From clever schemes to protect shipments to the tools cybercriminals use, our guests discuss how organizations can safeguard physical goods in an increasingly connected world—because even during the season of hustle and bustle, the threats don't take a holiday. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's episode, we dig into the Electronic Frontier Foundation's annual Breachies, highlighting some of the year's most avoidable, eye-opening, and sometimes head-shaking data breaches. From companies collecting far more data than they need to third-party missteps and quiet misconfigurations, the Breachies offer a revealing look at how familiar privacy failures keep repeating—and why they matter for users. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today's we have a CyberWire holiday favorite: The 12 Days of Malware — with Dave and a lineup of cybersecurity friends gleefully rewriting The 12 Days of Christmas to celebrate malware, mishaps, and life online, one verse at a time. Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices