The CyberWire

International operation disrupts Amadey and StealC malware infrastructure. Australian spy chief warns nation-state hackers are prepositioning for future sabotage. Stealthy new backdoor may be tied to initial access broker. Researchers uncover "Cordyceps" supply chain flaw. Iran-linked MuddyWater disguises espionage as ransomware attack. Cal Water says Handala's hacking claims were overstated. Report says Russia continued using Cellebrite phone-cracking tools after the ban. Chinese cybersecurity firm unveils AI tools to rival Anthropic's Mythos. DraftKings hacker is sentenced to eighteen months. Our guest is Erich Kron, CISO Advisor at KnowBe4, sharing the details of the CAPY program. And more Than Meets the Eye-P. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Erich Kron, CISO Advisor at KnowBe4, sharing the details of the CAPY (Cyber Awareness Program for You) program that offers free cybersecurity training for families. Selected Reading Three ‘cybercrime as a service' operations undercut by Microsoft, law enforcement (The Record) Scaling cybercrime disruption through innovation and AI (Microsoft) Nation-state actors cracked critical Australian infrastructure to ‘cripple it at a time of their choosing' (The Register)  Backdoor.Mistic: New Backdoor May be Linked to Ransomware Access Broker (Security.com) Cordyceps: The Silent Parasite Consuming Your Supply Chain (Novee)  Iran-Linked MuddyWater Poses as Ransomware Gang to Mask Cyber Espionage (Infosecurity Magazine) Cal Water Finds No Evidence of OT Activity After Hackers Claimed They Could Disrupt Water Supply (SecurityWeek) Russia used Cellebrite phone-hacking tool to crack down on dissident after firm cut off country (The Record) China's 360 says it has developed tools to match Anthropic's Mythos (Reuters) DraftKings hacker 'Snoopy' sentenced to 18 months in prison (BleepingComputer) Nearly Half of LG Smart TV Apps Contain Residential Proxy SDKs (Spur Intelligence) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

LastPass says Klue breach affected customer information, but passwords remain secure. Attackers begin exploiting Cisco Unified CM vulnerability. CISA flags actively exploited Ubiquiti and Lantronix flaws, urges rapid patching. DifyTap flaws could expose private AI conversations across tenants. Researchers find AI plugin registry let unofficial tools masquerade as trusted software. xpl0itrs launches leak site, signaling shift toward full-service cyber extortion. Ransomware attack hits Indian auto giant Bajaj Auto. U.S. presses Meta to submit AI models for national security reviews. Alleged criminal marketplace administrator extradited to the US. U.S. expands sanctions against Cambodian scam network tied to cyber fraud operations. On today's Industry Voices segment, we are joined by Mike Masciulli, Managing Director, Migration Products and Services at Semperis, discussing RC4 and AD Migration: The Break Scenarios Hiding in Your Source Domain. And a lesson in access control. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today's Industry Voices segment, we are joined by Mike Masciulli, Managing Director, Migration Products and Services at Semperis, discussing RC4 and AD Migration: The Break Scenarios Hiding in Your Source Domain. If you enjoyed this conversation, check out the full interview here. Selected Reading Password manager maker LastPass says hackers stole customer support case data during Klue breach (TechCrunch) Klue says hackers stole credential from 2022 that led to customer data breaches (TechCrunch) Cisco Unified CM flaw CVE-2026-20230 now exploited in attacks (BleepingComputer) U.S. CISA adds Ubiquiti UniFi OS and Lantronix EDS5000 plugin flaws to its Known Exploited Vulnerabilities catalog (SecurityAffairs)  DifyTap: Zafran discovers how attackers can silently wiretap AI data across tenants on a platform powering 1M+ apps  (Zafran)  23 ClawHub Plugins Squat Official Org Scopes (Manifold Security)  Cyber Intel Brief: xpl0itrs Leak Site Launch (Dataminr)  Indian auto giant Bajaj Auto hit by ransomware incident (The Record)  U.S. Presses Meta to Agree to A.I. Reviews as Security Concerns Rise (NY Times) Algerian Man Extradited to US for Running Cybercrime Marketplaces (SecurityWeek) US adds sanctions against accused Cambodian scammers Prince Group (Reuters) Ushering in the Next Frontier of Quantum Innovation (The White House)  Meta Exposed Data Internally From Its Controversial Employee-Tracking Program (WIRED)  Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Five Eyes warns AI could supercharge cyberattacks within months. Tata Electronics confirms breach as stolen data allegedly includes Apple and Tesla documents. Researchers publish new analysis of FortiBleed. Gizmodo breach exposes readers to ClickFix malware campaign. BootROM exploit can bypass Apple's SecureROM. Scattered Spider members plead guilty in the UK. Attackers exploit Gravity SMTP flaw to harvest secrets From WordPress sites. Executive Order accelerates federal shift to post-quantum cryptography. Dave Bittner sits down with Ellen Boehm, the Senior Vice President of IoT Strategy & Operations at Keyfactor, to discuss NIST's progress in its PQC efforts. Keeping tabs on the tab-keepers. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today Dave Bittner sits down with Ellen Boehm, the Senior Vice President of IoT Strategy & Operations at Keyfactor, to discuss NIST's progress in its PQC efforts and where more effort needs to be made to get the U.S. and its critical infrastructure quantum-ready. Selected Reading 'Five Eyes' intelligence alliance warns that new AI models pose urgent cyber risk (Reuters) Intel agencies: Frontier AI models will reshape cybersecurity faster than expected (CyberScoop) Anthropic's Mythos AI broke into almost all NSA classified systems in hours (SecurityAffairs)  Tata Electronics, a major tech supplier to Apple and Tesla, confirms data breach (TechCrunch) FortiBleed campaign used custom FortiGate sniffer to steal credentials (BleepingComputer) Gizmodo readers hit with ClickFix malware prompts after account compromise (The Register) New Exploit Bypasses Apple's Boot Defenses, Affects Millions of iPhones (SecurityWeek) TFL Hackers Admit Carrying Out Cyberattack That Cost £39M (Law360) Attackers Actively Exploiting Sensitive Information Exposure Vulnerability in Gravity SMTP Plugin (Wordfence)  Trump Signs Executive Order Accelerating Post-Quantum Cryptography Migration (Security Week) Madison Square Garden Made Dossier on Activists Who Opposed Facial Recognition (404 Media) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Klue supply-chain attack impacts cybersecurity firms. Brand-new Prinz Eugen ransomware is surprisingly polished. ShinyHunters leak exposes sensitive data of 10,000 Council of Europe employees. Security agencies sound alarm over FortiBleed credential harvesting operation. Texas data breach affects hunting and fishing licensees. Microsoft ties Mastra AI supply chain attack to North Korean hackers. Vidar infostealer unveils new technique to defeat Chrome's encryption protections. Brazil investigates suspected hack of emergency alert system. We got your Monday business brief. On today's Industry Voices, Dave Bittner sits down with Mike Britton, CIO of Abnormal AI, as they discuss "AI-Powered Attacks Are Now a Commodity.” And not the kind of beats you want to drop. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today's Industry Voices, we are joined by Mike Britton, CIO of Abnormal AI, discussing "AI-Powered Attacks Are Now a Commodity — And Most Organizations Don't Know It Yet." If you enjoyed this conversation and want to hear the full interview, listen here. Selected Reading Klue OAuth breach victim list grows as Icarus hackers claim attack (BleepingComputer) Prinz Eugen ransomware: a deep dive into a new Go-based encryptor (ThreatDown by Malwarebytes) Council of Europe Data Breach: ShinyHunters Makes 10,000 Employees' Records Permanent (Tech Times) Global cybersecurity agencies warn of credential exposure in FortiBleed campaign targeting Fortinet firewalls, VPN gateways (Industrial Cyber) Everything's bigger and better in Texas – even data breaches (The Register) Microsoft links Mastra AI supply chain attack to North Korean hackers (BleepingComputer) Inside Vidar's ABE Bypass: From Memory Scanning to APC Injections (Gen Digital) Brazil probes emergency warning system after nationwide rogue alert (The Register) Ent emerges from stealth with $100 million in seed funding. (N2K Pro Business Briefing)  Apple patches Beats Studio Buds flaw that could turn earbuds into a wiretap (Malwarebytes) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Traditionally, GPS jamming attacks have been confined to the ground; however, new data shows that these attacks could be moving to target signals before they even reach the ground. In this week's episode, host Maria Varmazis sits down with Dave Bittner and Brandon Karpf to discuss recent research that suggests the attack landscape for GPS attacks is expanding. If this research is accurate, these attacks represent a significant evolution for how defenders think about this critical technology. Key sources: Something is jamming GPS over Europe. Here's what we found. Chasing Lightning: Detecting, Characterizing, and Identifying a Powerful Space-Based GNSS Interference Source. EKS 5. Like what you heard? Be sure to subscribe to our free Signals and Space Briefing⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠, our Sunday newsletter covering the intersection of cybersecurity and space. Subscribe at: https://thecyberwire.com/newsletters/signals-and-space  Is there a topic or person you'd like to hear on our show? You can send your questions and feedback to space@n2k.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠. You can also fill our our audience survey: https://www.surveymonkey.com/r/NJYCN2P  T-Minus: Space-Cyber Briefing is a production of N2K CyberWire. N2K is your nexus for discovery and connection for people, technology, and ideas shaping the future of secure innovation. Learn how at n2k.com. Learn more about your ad choices. Visit megaphone.fm/adchoices

For years, security teams had time between discovery and exploitation. Time to triage. Time to validate. Time to prioritize what to fix first. AI has compressed that window. Frontier models now discover and chain vulnerabilities faster than human analysts can confirm them, and the gap between finding and fixing is shrinking in both directions. In this episode of CyberWire-X, N2K's ⁠Dave Bittner⁠ and Federico Kirschbaum, Head of XBOW Security Lab, explore what it actually means to run autonomous offensive security, why validation workflows built for quarterly testing cycles struggle to keep up, and how practitioners are redefining what a tested application looks like when the pace of offense has fundamentally changed. Learn more about your ad choices. Visit megaphone.fm/adchoices

This week, we are joined by Tom Kellermann, Trend Micro's VP of AI Security and Threat Research, discussing their work on "Inside SHADOW-WATER-063's Banana RAT: From Build Server to Banking Fraud." Researchers from Trend Micro's MDR team uncovered the full operation behind Banana RAT, a sophisticated banking trojan they track as SHADOW-WATER-063, by analyzing both attacker infrastructure and infected victim systems. The malware uses fileless PowerShell execution, layered obfuscation, and remote-control capabilities to steal credentials, manipulate banking sessions, intercept Pix QR code payments, and facilitate financial fraud targeting Brazilian banks. The campaign appears to be operated by a Brazilian Portuguese-speaking cybercriminal group with ties to the broader Tetrade banking malware ecosystem and may be evolving toward a malware-as-a-service model. The research and executive brief can be found here: ⁠Inside SHADOW-WATER-063's Banana RAT: From Build Server to Banking Fraud Learn more about your ad choices. Visit megaphone.fm/adchoices

In this special edition of CyberWire Daily's 10th anniversary series, N2K CyberWire's Maria Varmazis and Dave Bittner discuss leaks, espionage and influence operations over the past 10 years. Together they reflect on a decade of cybersecurity developments, focusing on the pivotal year 2016 where a shift occurred. Join N2K as we cover the rise of nation-state cyber operations, major leaks like the Panama Papers and DNC email hacks, and the evolving landscape of cyber norms, trust, and threat perception. Learn more about your ad choices. Visit megaphone.fm/adchoices

International law enforcement disrupts the SocGholish botnet. The UK's cyber chief says cybersecurity is a contest, not a risk register. Ukraine joins the EU's cyber reserve. The Gentlemen gang sharpens its ransomware toolkit. A WordPress supply chain attack spreads malware. Critical patches land from F5, Atlassian, and Splunk. Agentjacking targets AI coding assistants. And Kodak confirms a breach claimed by ShinyHunters. Our guest is Ben Yelin from University of Maryland Center for Cyber Health and Hazard Strategies on the failure of FISA section 702 to reauthorize. Criminal coders face automation anxiety. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Ben Yelin from University of Maryland Center for Cyber Health and Hazard Strategies, and coh-host of Caveat, as he discusses the failure of FISA section 702 to reauthorize. Selected Reading Police cleans nearly 15,000 SocGholish-infected sites tied to Evil Corp (Bleeping Computer) Hostile States Behind 75% of Cyber-Attacks on UK CNI, NCSC Warns (Infosecurity Magazine) Cyberspace Locked in a Nation-State Contest, Says NCSC CEO (BankInfo Security) EU grants Ukraine access to cybersecurity reserve for major attacks (The Record) Killing me gently: Inside Gentlemen's EDR killer framework (ESET) ShapedPlugin update flow hacked to infect WordPress sites (Bleeping Computer) F5 issues out-of-band patches for critical NGINX vulnerabilities (Bleeping Computer) Atlassian, Splunk Patch Critical Vulnerabilities (SecurityWeek) Agentjacking: Researchers Show How One Fake Bug Report Can Hijack AI Coding Agents (HackRead) Kodak Admits Data Breach After ShinyHunters Hack Claims (SecurityWeek) Cybercriminals Are Worried About AI Taking Their Jobs Too (Infosecurity Magazine) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

President Trump halts a key intelligence nomination. The FBI warns of a new Microsoft 365 phishing threat. France cuts ties with Palantir. A new Android banking trojan emerges. Fortinet firewalls come under attack. CISA orders emergency Joomla patching. Plus, Madison Square Garden data leaks and malware hidden in Steam wallpapers. Our guest is Christy Wyatt, CEO from Absolute Security, discussing their new ebook. The DOJ claims pollution is mission-critical.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today's Industry Voices we are joined by Christy Wyatt, CEO from Absolute Security, discussing their ebook. If you enjoyed this conversation, check out the full interview here. Selected Reading President Trump calls to delay nomination of intel pick Jay Clayton (NPR) Warner warns of CISA cuts, staffing gaps in letter to acting chief (The Record) French spies drop AI giant Palantir over US overreliance fears (The Local) Rokarolla : Android Banker with Complete Device Takeover Capabilities (Zimperium) FortiBleed: 75,000 Fortinet Firewalls Compromised: Global Enterprises Exposed – Claim Your Ethical Disclosure (InfoStealers) CISA orders feds to patch max severity Joomla plugin flaw by Friday (Bleeping Computer) Hackers Publish Knicks and Madison Square Garden Data Online (404 Media) Gamers beware: malicious wallpapers on Steam found stealing accounts (Securelist) DHS S&T Highlights New SPARTA Resources for Defending Spacecraft Against Cyberattacks (ExecutiveGov) DOJ Lawyers Argue xAI Is ‘Vital' for National Security in NAACP Lawsuit (WIRED) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Emergency talks fail to free Anthropic's Fable 5. Trump moves to strengthen national security systems. Microsoft patches a critical Copilot flaw. ShinyHunters weaponize a PeopleSoft zero-day. DragonForce hides in Microsoft Teams for months. Plus, Amos Stealer targets Macs, CISA issues a three-day patch deadline, Delta avoids penalties, and researchers show just how easy it is to manipulate AI search. Our guest is Mike Fey, Co-Founder & CEO at Island, discussing the architectural differences between network and modern SASE. Consulting meets confabulation. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today's Industry Voices, we are joined by Mike Fey, Co-Founder & CEO at Island, discussing the architectural differences between network and modern SASE. If you enjoyed this conversation, check out the full interview here.  Selected Reading Anthropic Is Still at Odds With the White House Over Claude Fable 5 (WIRED) Feds freaked over Fable 5 after simple 'fix this code' prompt, not jailbreak, says researcher (The Register) White House Issues Memo to Bolster NSS Cybersecurity (SecurityWeek) Microsoft Patches Critical SearchLeak Vulnerability in Copilot Enterprise (Beyond Machines) ShinyHunters Hits Universities Via Oracle Zero-Day (GovInfo Security) DragonForce Ransomware Exploited Microsoft Teams to Hide Attack (Infosecurity Magazine) Inside Amos Stealer: How This Threat Targets macOS Credentials and Keychains (CyberProof) CISA warns of another cPanel plugin flaw exploited in attacks (Bleeping Computer) US closes probe into 2024 Delta Air Lines meltdown sparked by CrowdStrike outage (Reuters) It Is Trivially Easy to Use Reddit to Manipulate AI Search, Research Suggests (404 Media) KPMG pulls report on AI usage due to apparent hallucinations (TechCrunch) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Anthropic pulls Fable 5. OpenAI faces a multistate probe. Handala targets a California water utility. ShinyHunters claims another victim. The FBI and Google take down a major phishing platform. The latest cybersecurity business news. Our guest is Bogdan Botezatu,  Senior Director, Threat Research and Reporting at Bitdefender, discussing a rampant global transportation smishing campaign. A deepfake detective has doubts.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, Bogdan Botezatu,  Senior Director, Threat Research and Reporting at Bitdefender, is discussing a rampant global transportation smishing campaign. You can read more about Operation Road Trap here. Selected Reading Anthropic disables access to Fable 5 and Mythos 5 to comply with government directive (CNBC) Cyber leaders defend Anthropic's banned model (Axios) State Attorneys General Are Investigating OpenAI (The New York Times) Handala Hacking Group Claims Breach of California Water Service (Hackread) Maine Takes Breach Reporting Portal Offline After Fake Entries (Infosecurity Magazine) Warner introduces bill to restore MS-ISAC funding, bolster critical infrastructure cyber defense (Industry Cyber) Infinite Campus data breach affects 137,000 school staff accounts (Bleeping Computer) FBI, Google Dismantle 'Outsider Enterprise' Phishing Service (SecurityWeek) Ex-school district employee jailed for hacks on former employer (Bleeping Computer) Cyera raises $600 million in a Series G round led by Evolution Equity Partners. (N2K Pro Business Briefing) In Age of AI, World's Leading Deepfake Expert No Longer Trusts His Own Eyes (The New York Times) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

For years, space cybersecurity has been a long sought after goal, but due to operational constraints, it was largely unfeasible. In this week's episode, host Maria Varmazis sits down with journalist Shaun Waterman to discuss his recent article “The Newest Space Race is Cyber.” As space has increasingly become a critical infrastructure component, industry leaders and security agencies alike have begun to launch new initiatives to improve capabilities both on the ground and in orbit. Key sources: The Newest Space Race is Cyber. DHS Wants Satellite Volunteers to Test New Cyber Tools. Five Teams of Hackers will Compete to Breach US Satellite in Space. Like what you heard? Be sure to subscribe to our free Signals and Space Briefing⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠, our Sunday newsletter covering the intersection of cybersecurity and space. Subscribe at: ⁠https://thecyberwire.com/newsletters/signals-and-space⁠  Is there a topic or person you'd like to hear on our show? You can send your questions and feedback to ⁠space@n2k.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠. You can also fill our our audience survey: ⁠https://www.surveymonkey.com/r/NJYCN2P⁠  T-Minus: Space-Cyber Briefing is a production of N2K CyberWire. ⁠N2K⁠ is your nexus for discovery and connection for people, technology, and ideas shaping the future of secure innovation. Learn how at n2k.com. Learn more about your ad choices. Visit megaphone.fm/adchoices

In large enterprise software companies, vulnerability management teams are facing unprecedented speed and scale as AI accelerates both discovery and exploitation of security issues. In this episode of CyberWire-X, N2K's Dave Bittner is joined by Adobe's Daniel Ventura, Senior Manager of the Vulnerability Operations Center, and Sangeeta Arora, Director of Vulnerability Management, to discuss how Adobe is evolving its vulnerability management strategy to keep pace with AI-driven threats. They share real world insights on prioritization, crossteam partnership, and how modern programs can balance speed with meaningful risk reduction. Learn more about your ad choices. Visit megaphone.fm/adchoices

Martin Zugec, Technical Solutions Director at Bitdefender, discussing their work on "FamousSparrow APT Targets Azerbaijani Oil and Gas Industry." Bitdefender researchers uncovered a sustained cyber espionage campaign by the China-linked FamousSparrow group targeting an Azerbaijani oil and gas company, highlighting the growing focus on critical energy infrastructure in the South Caucasus. The attackers repeatedly exploited the same vulnerable Microsoft Exchange server over multiple months, deploying evolving versions of Deed RAT and Terndoor malware through sophisticated DLL sideloading techniques designed to evade detection and maintain persistence. The operation underscores FamousSparrow's adaptability and persistence, demonstrating how advanced threat actors continually refine their tooling and return to compromised environments until vulnerabilities are fully remediated and access is cut off. The research and executive brief can be found here: FamousSparrow APT Targets Azerbaijani Oil and Gas Industry Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA directs agencies to “patch smarter, not harder.” The House fails to extend FISA. Europol pulls over AudiA6. GitHub announces npm security updates. Anthropic rejects Fable 5 jailbreak claims. CISA gives feds three days to patch a critical Ivanti Sentry vulnerability. Google confirms ShinyHunters exploited a critical Oracle PeopleSoft vulnerability. FancyBear shifts part of its infrastructure to compromised edge devices. Pundits push for CyberCorps scholarship budgets. Our guest is Dr. Renée Burton, VP of Threat Intelligence at Infoblox, to discuss scams targeting the World Cup. Amazon drivers sweat through a software update.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Dr. Renée Burton, VP of Threat Intelligence at Infoblox, to discuss the World Cup and fans possibly getting caught out if they use SuperBox to view it. Selected Reading CISA directive orders agencies to prioritize vulnerability patching in a new way (CyberScoop) House votes against extending controversial wiretapping law set to lapse Friday (The Washington Post) Ransomware gangs cut off from EUR 336 million ‘AudiA6' crypto laundering pipeline - Europol analysis links the criminal service to over 15 international cybercrime investigations (Europol) GitHub to Update npm to Thwart Software Supply Chain Attacks (Infosecurity Magazine) Anthropic Disputes Fable 5 AI Jailbreak (SecurityWeek) CISA orders feds to patch actively exploited Ivanti flaw by Sunday (Bleeping Computer) Google Confirms Exploitation of Oracle PeopleSoft Zero-Day by ShinyHunters (SecurityWeek) GRU-Linked APT28 Uses MooBot Botnet and Compromised EdgeRouters for Cyber Operations (GB Hackers) CyberCorps is adapting to AI. The budget isn't keeping up. (CyberScoop) Software Update Automatically Turns off Amazon Delivery Drivers' AC During Dangerous Summer Heat (404 Media) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Google faces liability for AI-generated claims. Washington pauses public AI model assessments. Anthropic ships a safer AI model. OpenAI disrupts influence operations. Ransomware operators get a powerful new backdoor. Urgent patches land for Ivanti and Veeam. PyPI supply chain attacks evolve. And a massive data breach triggers a record fine in South Korea. Our guest is Peter Barker, Chief Product Officer at Ping Identity, sharing how identity increasingly becomes the control plane for how work gets done. AI analyzes the FIFA World cup, one cliché at a time.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today's Industry Voices, we are joined by Peter Barker, Chief Product Officer at Ping Identity, sharing how identity increasingly becomes the control plane for how work gets done across humans, automation, and AI agents. You can read more from Ping Identity here. If you enjoyed this conversation, be sure to check out the full interview here. Selected Reading Landmark German ruling declares Google's AI Overviews are Google's own words and makes it liable for false answers (The Decoder) White House Reins In AI-Testing Unit as National-Security Concerns Grow (Wall Street Journal) Anthropic Releases ‘Safe' Version of Its Mythos A.I. Technology (The New York Times) PRC-linked influence operations are targeting AI debates in the US (OpenAI) Technical Analysis of MLTBackdoor (ThreatLabz) CVE-2026-10520, CVE-2026-10523 - Multiple critical vulnerabilities affecting Ivanti Sentry (Rapid7) Mini Shai-Hulud, Miasma, and Hades Worms Target Bioinformatics and MCP Developers via Malicious PyPI Wheels (Socket) Veeam Patches Critical RCE Vulnerability in Backup & Replication published: yesterday (Beyond Machines) ‘Amazon.com of South Korea' Is Fined a Record $409 Million (The New York Times) The 2026 big soccer tournament, in clichés. (Sinch) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Patch Tuesday goes big. Congress looks to harden critical infrastructure. A new Windows zero-day drops. Mobile AI creates security blind spots. AI agents fall for phishing. Browser extensions expose millions. Spammers hide behind Google Cloud Storage. CISA crowns its cyber champions. Our guest is Joe Sykora, CEO from Coro, discussing the MSP space and how to address it. Relentless robocalls retreat. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today's Industry Voices segment, we are joined by Joe Sykora, CEO from Coro, discussing the MSP space and how to address it. If you enjoyed this conversation be sure to check out the full interview here.  Selected Reading Microsoft's biggest-ever Patch Tuesday fixes 206 bugs, including 3 zero-days (Malwarebytes) ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Schneider, Phoenix Contact (SecurityWeek) Adobe Patches 123 Vulnerabilities (SecurityWeek) Warner proposes overhaul of critical infrastructure cyber plans as AI threats rise (Nextgov/FCW) New Windows Zero-Day Exploit 'RoguePlanet' Released (SecurityWeek) Lookout Study Reveals 93% of CISOs Blinded by False AI Confidence as 59% of Mobile AI Traffic Flows "Dark" (Lookout) Phishing for Lobsters: How We Tricked OpenClaw into Spilling Secrets (Varonis) MaXSS & Spyder: How two Chrome extensions allow websites to compromise over 10 million browsers (Rebora) How Spammers Are Hiding Behind Google and the New York Times (Comparitech) CISA names winners of seventh annual President's Cup cybersecurity competition (Industrial Cyber) U.S. Consumers Received Just Over 4.1 Billion Robocalls in May, According to YouMail Robocall Index (PR Newswire) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Miasma malware meddles with Microsoft. SAP fixes critical flaws, Google patches an exploited Chrome zero-day, CanisterWorm spreads through npm, Mac users face a new malvertising threat, France investigates a breach of its secure messaging platform, insurers rethink AI risk, the FBI launches a Most Wanted Fraudsters list, and a U.S. citizen admits to spying for China. Our guest is Steve Winterfeld, Advisory CISO from Akamai, discussing how AI-powered bots are driving financial services attacks. Unpacking a million dollar hotel fee.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Steve Winterfeld, Advisory CISO from Akamai, discussing how AI-powered bots are driving financial services attacks. Selected Reading For the 2nd time in weeks, Microsoft packages laced with credential stealer (Ars Technica) SAP Patches Critical NetWeaver, Commerce Vulnerabilities (SecurityWeek)  Google fixes fifth actively exploited Chrome zero-day of 2026 (Security Affairs) CanisterWorm: How TeamPCP Turned the npm Ecosystem Into a Weapon (Picussecurity) Operation FlutterBridge Uses Fake Google Ads to Spread macOS Backdoor (Hackread) French govt messaging service breached in account hijacking attack (Bleeping Computer) AI Exclusions in Insurance Policies: Broad Language, Uncertain Impact (Policyholder Pulse) FBI Announces New Wanted List Dedicated to Fraudsters (FBI) American citizen pleads guilty to spying for China | brief (SC Media) Teacher's $1 million AR hotel bill reversed after cyber-attack (WREG.com) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our ⁠brief listener survey⁠. Thank you for helping us continue to improve our show.   Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at ⁠sponsor.thecyberwire.com⁠. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Meta exposes 20,000 Instagram accounts through a support tool bug. CISA warns of active attacks on SolarWinds Serv-U. WordPress sites face takeover through a widely used plugin. A new Gafgyt variant broadens its reach. Pink extortionists steal cloud data with vishing and legitimate tools. Plus, allegations against IBM and AT&T, a dark web drug dealer gets 26 years, and the Monday business brief. Tim Starks from CyberScoop discusses the ongoing debate over staffing and budget cuts at CISA. NATO lets Ukraine play the bad guy.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest We are joined by Tim Starks from CyberScoop, who is discussing the ongoing debate over staffing and budget cuts at CISA, the political battles surrounding the agency's future, and what the Trump administration's plans could mean for U.S. cybersecurity efforts. Selected Reading Meta AI Bug Exposes Over 20,000 Instagram Accounts (Infosecurity Magazine) NSO Group back in Meta's crosshairs after alleged WhatsApp targeting (The Register) CISA: Patch actively exploited SolarWinds Serv-U DoS vulnerability (CVE-2026-28318) (Help Net Security) Everest Forms Vulnerability Exploited to Hack WordPress Sites (SecurityWeek) C0XMO botnet spreads via DD-WRT router flaw, kills rival malware (Bleeping Computer) New Pink Extortion Group Targets Microsoft 365 Cloud Data Via Vishing Scams (Hackread) Ex-Threat Intel Exec Accuses IBM and AT&T of Hiding Hacks (GovInfo Security)  California man sentenced to over 26 years for dark web drug trafficking (SC Media) AI observability platform Coralogix raises $200 million in a Series F round. (N2K Pro Business Briefing)   Nato narrowly beats Russia-style enemy in cyber attack simulation (Financial Times) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.   Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

GPS constellations have become foundational in modern society supporting everything from navigation to financial services, making the impacts of GPS disruptions all the more concerning. As reliance on these systems have grown, so too have efforts by threat actors to disrupt them through techniques such as jamming and spoofing. As these attacks have become more effective, they are becoming increasingly common, especially in conflict zones where disruption and confusion can prove exceedingly valuable. Key sources: Information about GPS Jamming What is GPS Spoofing? GPS jamming: The invisible battle in the Middle East Like what you heard? Be sure to subscribe to our free Signals and Space Briefing⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠, our Sunday newsletter covering the intersection of cybersecurity and space. Subscribe at: https://thecyberwire.com/newsletters/signals-and-space  Is there a topic or person you'd like to hear on our show? You can send your questions and feedback to space@n2k.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠. You can also fill our our audience survey: https://www.surveymonkey.com/r/NJYCN2P  T-Minus: Space-Cyber Briefing is a production of N2K CyberWire. N2K is your nexus for discovery and connection for people, technology, and ideas shaping the future of secure innovation. Learn how at n2k.com. Learn more about your ad choices. Visit megaphone.fm/adchoices

Ismael Valenzuela, Arctic Wolf's VP of Labs, Threat Research and Intelligence, discusses their work on "BlueNoroff Uses ClickFix, Fileless PowerShell, and AI-Generated Fake Zoom Meetings to Target Web3 Sector." Arctic Wolf researchers uncovered a sophisticated campaign by North Korean threat group Lazarus Group subgroup BlueNoroff that targets cryptocurrency and Web3 executives through fake Zoom and Microsoft Teams meetings, using typo-squatted links, ClickFix-style attacks, and AI-generated deepfakes to steal credentials and cryptocurrency-related data. The attackers built a self-reinforcing operation that captures victims' webcam footage and Telegram sessions, then repurposes those assets alongside AI-generated images to create increasingly convincing fake meeting participants for future attacks. Researchers identified more than 100 victims across 20 countries, with the campaign primarily targeting CEOs, founders, investors, and senior leaders in the cryptocurrency, blockchain, and financial sectors as part of a long-running effort to steal digital assets and gain access to high-value networks. The research and executive brief can be found here: BlueNoroff Uses ClickFix, Fileless PowerShell, and AI-Generated Fake Zoom Meetings to Target Web3 Sector Learn more about your ad choices. Visit megaphone.fm/adchoices

Anthropic brings Mythos to the NSA. A Palantir executive emerges as a possible CISA pick. A Linux flaw is under active attack. Minecraft malware goes commercial. An npm package gets caught in the Miasma worm campaign. Researchers document the first AI-driven container escape. A browser supply-chain compromise and a university breach with unexpected victims. Our guest is Ashu Savani, Co-Founder at TryHackMe, discussing building high performing SOC & IR teams. The web becomes machine majority. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today's Industry Voices segment, we are joined by Ashu Savani, Co-Founder from TryHackMe, discussing building high performing SOC & IR teams. You can listen to the full conversation here. Selected Reading US National Security Agency using Anthropic's Mythos for cyber attacks (Financial Times) Trump considers Palantir exec to lead CISA (The Record) CISA Warns of Active Exploitation of Linux Container Escape Flaw (Beyond Machines) Game Over: WeedHack - The Rise of Minecraft Malware-as-a-Service Campaigns (McAfee Blog) Detecting Claude Cowork Insider Threat Activity (DTEX) Trojanized ai-sdk-ollama Delivers Miasma, a Self-Replicating npm Worm via binding.gyp (Endor Labs) Agentic threat actor hits the orchestration plane: AI agent-driven container escape (Sysdig) You do surprise me.exe: An unexpected executable in Hola Browser (SOPHOS) My SSN was exposed in a breach at Columbia—a school I have no connection with (Ars Technica) ‘Bots have now passed human traffic online,' Cloudflare boss laments — says agentic traffic wasn't expected to eclipse real people until next year (Tom's Hardware) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The Five Eyes issue a rare joint warning on China. Jen Easterly weighs in on Trump's AI EO. Researchers warn everyday notifications can become AI attack vectors. IronWorm is a sophisticated Rust-based infostealer targeting software developers. Cisco patches a critical vulnerability in its Unified Communications Manager platform. Anthropic maps AI-enabled cyber activity to the MITRE ATT&CK framework. Authorities dismantle an online counterfeit identity marketplace. Our guest is Jason Kikta, CTO from Automox, discussing AI vulnerabilities, real risk, and the speed problem. An extortion crew is forced to open a customer support ticket. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today on our Industry Voices segment, we are joined by Jason Kikta, CTO from Automox, who is discussing AI vulnerabilities, real risk, and the speed problem. If you enjoyed this conversation, check out the full interview here.  Selected Reading⁠ U.S. and intelligence allies issue rare joint warning about China (Washington Post) Safeguarding Our Secrets (MI5) Opinion | The Government Is Finally Taking A.I. Risk Seriously (New York Times) CISA directive for AI executive order to be released this week, Andersen says (The Record) Gemini Voice Assistant Hijacked via Messaging Notifications (SecurityWeek) IronWorm: Shai-Hulud's rustier cousin (JFrog Security Research) Cisco warns of critical Unified CM flaw with PoC exploit code (Bleeping Computer) Mapping AI-enabled cyber threats: Insights from the LLM ATT&CK Navigator (Anthropic) Police dismantles fake ID marketplace used by migrant smugglers (Bleeping Computer) Over 1.4 Million Accounts Disrupted in Cybercrime Crackdown (SecurityWeek)  'Dumbass' criminal breaks the 'first rule of ransomware club' (The Register) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.   Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

AI oversight arrives at the White House. A Cyber Force gains momentum. Critical infrastructure comes under cyberattack. Acer faces zero-day trouble. A stock exchange executive gets spied on for months. HTTP/2 Bomb threatens web servers. Quantum's classical side grows bigger. Britain's military chooses Starshield. Spain's infamous hacker gets sentenced. Our guest is Benjamin Morrell, Vice President, Security Strategy at Coro Cybersecurity, discussing the role of MSPs. Meta's productivity panopticon pauses for personal pitstops.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today's Industry Voices, we are joined by Benjamin Morrell, Vice President, Security Strategy at Coro Cybersecurity, discussing the role MSPs are playing in cybersecurity. If you enjoyed this conversation be sure to check out the full conversation here.  Selected Reading Trump Signs Executive Order Seeking Oversight of A.I. Models (The New York Times) New cyber force would cost up to $11 billion to start, commission says (The Record) CISA Warns of Cyberattacks Targeting U.S. Tank Gauge Systems (GB Hackers) Acer working to patch max severity zero-days in Wave 7 routers (Bleeping Computer) Espionage Campaign Targeted Stock Exchange Executive for Five Months (Security.com) 'HTTP/2 Bomb' Exploit Knocks Web Servers Offline in Seconds (SecurityWeek) The Classical Advances Needed to Make Quantum Computers Tick (IEEE) Alcasec, "Robin Hood of Spanish Hackers," Jailed for 31 Months Over Data Theft (Hackread) Exclusive: UK adopts SpaceX's Starshield for military operations, sources say (Reuters) Meta will reportedly let employees take 30-minute breaks from its tracking program (Engadget) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.   Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

A federal watchdog questions NIST over its vulnerability database backlog. Google patches an Android zero-day. Citizen Lab exposes a powerful location-tracking platform. Malware hides commands in Steam comments. Researchers spot AI-assisted malware development. Attackers compromise Red Hat's npm namespace. DriveSurge spreads malware through ClickFix and fake updates. FreePBX patches a critical flaw. And Dashlane responds to a brute-force attack. Our guest is ⁠Laure Lydon⁠, Opening Chair for Infosecurity Europe and VP of Security and Infrastructure, Flo Health, sharing her expertise on digital health platforms. Meta's AI support bot proves a bit too eager to help. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, Maria Varmazis speaks with ⁠Laure Lydon⁠, Opening Chair for Infosecurity Europe and VP of Security and Infrastructure, Flo Health, sharing her expertise on privacy, security, and trust in digital health platforms, especially in sensitive areas like women's health. This interview is part of our partnership with Infosecurity Europe. Selected Reading Inspector general finds NIST mistakes have made vulnerability database ineffective (The Record) Google fixes one actively exploited Android zero-day, 124 flaws (Bleeping Computer) Uncovering Webloc: An Analysis of Penlink's Ad-based Geolocation Surveillance Tech (The Citizen Lab) GoDaddy found malware on 1,980 WordPress sites using Steam as C2 infrastructure (Security Affairs) Threat Actor Uses AI to Build EDR Evasion Tools (Infosecurity Magazine) Attackers Hijack Red Hat npm Scope to Steal Cloud Secrets (Infosecurity Magazine) Hackers hijack thousands of sites for ClickFix and FakeUpdate attacks (Bleeping Computer) Critical Hard-Coded Credentials Vulnerability in FreePBX User Control Panel (Beyond Machines) Dashlane password manager users locked out by brute force attacks (Bleeping Computer) Hackers Simply Asked Meta AI to Give Them Access to High-Profile Instagram Accounts. It Worked (404 Media) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Battlefield AI sparks debate. Election cyber threats rise. A critical Windows flaw is under active attack. CISA weighs new reporting rules. Russian targets face a stealthy hacking campaign. A 19-year-old Linux bug gets its day in the sun. Today's business update. Our guest is Heather Ceylan,  CISO at Box, discussing how governed AI starts with solving the unstructured data problem. Microsoft hits refresh on research relations.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today's Industry Voices we are joined by Heather Ceylan,  CISO at Box, discussing how governed AI starts with solving the unstructured data problem. If you enjoyed this conversation, you can catch the full interview here. Selected Reading As the Pentagon Pushes for Battlefield AI, Some Military Leaders Urge Caution (SecurityWeek) Why a surge of election-related websites could spell rising cyber threats for the midterms (PBS News) Election threats are focused on campaign systems, not voting machines (CyberScoop) Critical Windows Netlogon RCE flaw now exploited in attacks (Bleeping Computer) U.S. CISA adds Palo Alto Networks PAN-OS flaw to its Known Exploited Vulnerabilities catalog (Security Affairs) CISA Town Halls Set Final Stage for CIRCIA Debate (BankInfo Security) Unknown hacker group targeted Russian maritime universities, diplomats for nearly two years (The Record) 19-Year-Old Linux Kernel Vulnerability Exposes Systems to Root Access (SecurityWeek) Indian Exam Board Admits to Cybersecurity Holes Found by Teen (Bloomberg) Zscaler intends to acquire identity mapping company Symmetry Systems. (N2K Pro Business Briefing) Microsoft says it will not pursue security researchers after zero-day backlash (The Record) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this special edition of CyberWire Daily's 10th anniversary series, N2K CyberWire's Maria Varmazis and Dave Bittner consider the tactics, trends, and turning points that shaped the threat landscape over the last decade of ransomware. Ransomware has evolved from small-scale extortion and opportunistic attacks to sprawling, sophisticated, organized crime and state-sponsored attacks. Cryptocurrency plays a pivotal role in enabling ransomware's growth by providing untraceable payment methods. Join us as we explore key incidents like WannaCry and NotPetya, the shift from street crime to organized and nation-state cyber threats, and AI's impact on the future of ransomware. Learn more about your ad choices. Visit megaphone.fm/adchoices

Since its original creation in the 1970s, GPS has evolved from a technology primarily used by the military to a foundation for modern society.  After the removal of selective availability for civilians in 2000, GPS's value has significantly expanded. In the past two decades, nearly every critical infrastructure sector–telecommunications, transportation, energy, agriculture, emergency services, and financial services–relies on GPS constellations to ensure that timing and location accuracy are precise. Though many do not see its utility in day-to-day efforts, GPS has become entrenched in modern networks and services. Key sources: Removal of selective availability. Satellite Navigation - GPS - How It Works. What can GPS do? Like what you heard? Be sure to subscribe to our free Signals and Space Briefing⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠, our Sunday newsletter covering the intersection of cybersecurity and space. Subscribe at: https://thecyberwire.com/newsletters/signals-and-space Is there a topic or person you'd like to hear on our show? You can send your questions and feedback to space@n2k.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠. You can also fill our our audience survey: https://www.surveymonkey.com/r/NJYCN2P T-Minus: Space-Cyber Briefing is a production of N2K CyberWire. N2K is your nexus for discovery and connection for people, technology, and ideas shaping the future of secure innovation. Learn how at n2k.com. Learn more about your ad choices. Visit megaphone.fm/adchoices

Today we are joined by Marco Giuliani, Vice President & Head of Research at ThreatDown, discussing their work on "GachiLoader adopts AI skill lure." Threat actors are now using fake AI agent “skills” as highly convincing social engineering lures, with a new campaign disguising the GachiLoader malware as a legitimate OpenClaw tool for automated Polymarket betting. Victims are tricked through fake installation guides and polished Electron apps into downloading malware that deploys the Rhadamanthys infostealer using fileless injection and blockchain-based command-and-control infrastructure. Researchers say the campaign marks an evolution in cybercrime, turning AI skill ecosystems into a new phishing-style attack surface. The research and executive brief can be found here: ⁠GachiLoader adopts AI skill lure Learn more about your ad choices. Visit megaphone.fm/adchoices

Iranian hackers hit LA transit. Chinese cyber operators target Middle East infrastructure. Dutch police take down a 17-million-device botnet. Researchers uncover a phishing risk in ChatGPT. Anthropic prepares its Mythos model for release. Chrome patches 22 critical bugs. Zapier fixes a dangerous vulnerability chain. ShinyHunters claims a Charter breach. A data broker who fueled scams against millions of seniors heads to prison. Maria Varmazis joins Dave Bittner for a look back at a decade of ransomware. A Google insider allegedly went from threat hunting to bet hunting. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today CyberWire hosts Maria Varmazis and Dave Bittner take a look at how ransomware has evolved over the past decade, from opportunistic attacks to today's sprawling criminal enterprises, and discuss the tactics, trends, and turning points that shaped the threat landscape. You can catch the full conversation on Sunday in the CyberWire Daily podcast feed. We hope you'll join us!  Selected Reading Iranian hackers behind March's LA transport cyberattack, Gambit finds (The Jerusalem Post) Chinese Hackers Exploit Iran War to Target Maritime and Energy Firms (Infosecurity Magazine) Dutch cops wrest 17M devices from mystery botnet's clutches (The Register) ChatGPT blindly trusts browser content, turning the page into a payload (The Register) Anthropic confirms Claude Mythos-class models will roll out to the public (Bleeping Computer) Chrome 148 Update Patches 151 Vulnerabilities (SecurityWeek) Zapier fixes bug chain that researchers say risked widespread account takeover (CyberScoop) Charter Communications data breach affects 4.9 million accounts (Bleeping Computer) Man sent to prison for selling data of 7 millions elderly Americans (Bleeping Computer) US charges Google security engineer with Polymarket insider trading (Bleeping Computer) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our ⁠brief listener survey⁠. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at ⁠sponsor.thecyberwire.com⁠. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Cyber Command's new chief pushes modernization as lawmakers warn commercial location data is exposing U.S. troops. A third-party UK visa site leaks passports and selfies. Microsoft slams unpatched zero-day disclosures. Researchers uncover a new macOS malware campaign targeting crypto developers, while SEO poisoning and AI chatbots spread cryptojacking malware. Carnival confirms a massive breach tied to ShinyHunters. Plus, the alleged VenomRAT developer is extradited to France, and a Romanian hacker is sentenced for breaching Oregon state systems. Our guest is Courtney Guss, Crisis Management Director at Semperis, discussing crisis response planning. The surveillance on the bus goes round and round. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, ⁠Daily Briefing⁠, and you'll never miss a beat. And be sure to follow CyberWire Daily on ⁠LinkedIn⁠. Industry Voices  On our Industry Voices segment, guest ⁠Courtney Guss⁠, Crisis Management Director at ⁠Semperis⁠, discusses crisis response planning. Some resources related to today's discussion: ⁠The State of Enterprise Cyber Crisis Readiness⁠  ⁠Rethinking Cyber Crisis Management: Why Plans Fail⁠  ⁠The Modern Model for Cyber Crisis Management⁠  ⁠The Missing Layer in Cyber Incident Response: Crisis Orchestration⁠ If you enjoyed this conversation and want to hear the full interview, tune in here. Selected Reading Rudd orders Cyber Command reviews as Pentagon presses reform agenda (The Record) Exclusive: Pentagon says US military personnel are reportedly being targeted using location data (Reuters) A Fake UK Visa Site Left 100,000 Passports Wide Open. Then Sent Lawyers Instead of a Fix. (Security Affairs) Microsoft Condemns "Uncoordinated" Zero Day Disclosures (Infosecurity Magazine) A shared responsibility: Protecting customers through Coordinated Vulnerability Disclosure (Microsoft) New Threat Actor Jinx-0164 Targets Crypto Developers on macOS (Infosecurity Magazine) GPU mining malware spreads via SEO poisoning, AI chatbots (Bleeping Computer) Carnival confirms ShinyHunters cruised off with 6M customer records after April breach (The Register) Malware seller hunted across three continents (eKathimerini.com) Romanian gets 5 years in prison for hacking Oregon govt network (Bleeping Computer) ‘BusPatrol' Put AI Cameras in Tens of Thousands of School Buses. Now They Want to Give Cops Access (404 Media) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

A major takedown disrupts the GlassWorm botnet. The White House rewrites federal cyber logging rules as CISA faces cuts amid rising AI threats. Federal agencies ramp up scrutiny of so-called anti-tech extremism. GCHQ warns Russia is targeting UK infrastructure. Researchers uncover stealthy new malware, AI coding agent supply chain risks, and in-person extortion tactics targeting U.S. law firms. Europe grabs satellite spectrum. Ben Yelin joins us to discuss the bipartisan push for more support of CISA. Hacking your way to the main stage.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our Caveat co-host and Program Director for Public Policy & External Affairs at the University of Maryland Center for Cyber Health and Hazard Strategies, Ben Yelin, joins Dave to talk about the bipartisan push for more support of CISA. Selected Reading GlassWorm Botnet Disrupted (SecurityWeek) OMB Scraps Biden-Era Cyber Logging Rules (BankInfoSecurity) US law enforcement warns of "anti-tech extremism" as AI hatred grows (Ars Technica) Russia 'relentlessly targeting' critical infrastructure and democracy, GCHQ says (BBC) Trump hobbled top cyber agency just as AI learned to hack (Axios) EU to squeeze US space tech out of prized satellite airwaves (Politico)  Phishing Campaign Deploys JavaScript-Driven PureLogs Variant to Steal Sensitive Data (FortiGuard Labs) FBI warns of in-person data theft attacks from extortion gang (Bleeping Computer) ‘SymJack' Attack Turns AI Coding Agents Into Supply Chain Attack Delivery Systems (SecurityWeek) How to guarantee a speaker gig: Hack the system. Literally (The Register) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The FBI warns attackers are abusing Microsoft OAuth authentication. India pushes faster patching as AI speeds up cyberattacks. Iranian hackers blend phishing with SEO poisoning. Anthropic's AI finds thousands of open source flaws, while AI also reshapes bug bounties and fuels supply-chain attacks hitting thousands of GitHub repos. Plus, a new LMS zero-day, bulletproof hosting arrests in the Netherlands, FTC action over bogus “active listening” claims, and another busy week for cyber funding and M&A. Our guest is Kurtis Minder, author, joining us to discuss his book "Cyber Recon: My Life in Cyber Espionage and Ransomware Negotiation.” Please disregard all searches for disregard. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Kurtis Minder, author, joining us to discuss his book "Cyber Recon: My Life in Cyber Espionage and Ransomware Negotiation." Selected Reading FBI warns of Kali365 phishing service targeting Microsoft 365 accounts (Bleeping Computer) India's CERT-In Sets 12-Hour Patch Deadline for Exposed Flaws (Infosecurity Magazine) Iran-Linked Hackers Target US Aviation with Phishing and SEO Poisoning Campaign (Infosecurity Magazine) Anthropic: Mythos Detected 23,000 Potential Vulnerabilities Across 1,000 OSS Projects (SecurityWeek)  HackerOne takes an axe to its bug bounty rewards (The Register) Automated 'Megalodon' Campaign Spreads GitHub Repo Backdoors (GovInfo Security) Hackers Exploited KnowledgeDeliver Zero-Day for Web Shell Deployment (SecurityWeek) Admins of Bulletproof Hosting Service Used by Russian Hackers Arrested in Netherlands (SecurityWeek) FTC to Require Cox Media Group, Two Other Firms to Pay Nearly $1 Million to Settle Charges They Deceived Customers About “Active Listening” AI-Powered Marketing Service (Federal Trade Commission) Socket raises $60 million in Series C funding. (N2K Pro Business Briefing) You can no longer Google the word 'disregard' (TechCrunch) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Authors Paul J. Maurer and Ed Skoudis join Caveat podcast co host Ben Yelin to discuss their new book: "The Code of Honor: Embracing Ethics in Cybersecurity." The book is a comprehensive and practical framework for ethical practices in contemporary cybersecurity. Listen to Ben's discussion with Paul and Ed as they explore the ethical dimensions of cybersecurity, the influence of AI, and the responsibilities of cyber professionals. Consider joining Paul and Ed in upholding the highest standards of cybersecurity ethics by signing the Cybersecurity Code they share as part of The Code of Honor. Learn more about the book here. Learn more about your ad choices. Visit megaphone.fm/adchoices

Despite being an indispensable technology, traditional GPS remains vulnerable to exploitation and is needed for an update. In this week's episode, host Maria Varmazis sits down with Dr. Sean Gorman, CEO of Zephr.xyz, to discuss the current state of GPS. For decades, GPS has been a cornerstone technology for private, public, and military entities; however, through new technological advancements, companies and governments are looking to modernize this technology. Key sources: Next Generation Operational Control Systems. Why GPS III, and what comes after it, still falls short in modern war. Like what you heard? Be sure to subscribe to our free Signals and Space Briefing⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠, our Sunday newsletter covering the intersection of cybersecurity and space. Subscribe at: https://thecyberwire.com/newsletters/signals-and-space⁠  Is there a topic or person you'd like to hear on our show? You can send your questions and feedback to space@n2k.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠. You can also fill our our audience survey: https://www.surveymonkey.com/r/NJYCN2P T-Minus: Space-Cyber Briefing is a production of N2K CyberWire. N2K is your nexus for discovery and connection for people, technology, and ideas shaping the future of secure innovation. Learn how at n2k.com. Learn more about your ad choices. Visit megaphone.fm/adchoices

Today we are joined by ⁠Sasi Levi⁠, Security Research Lead at ⁠Noma Security⁠, sharing their team's work on "GrafanaGhost: The Phantom Stealing Your Data." Researchers at Noma Security disclosed “GrafanaGhost,” a vulnerability that could allow attackers to silently exfiltrate sensitive business data from Grafana dashboards using indirect prompt injection techniques. The attack chains together multiple bypasses, including protocol-relative URLs and AI guardrail manipulation, to trick Grafana into sending sensitive data to attacker-controlled servers without requiring user interaction. Researchers say the flaw highlights growing risks tied to AI-integrated enterprise platforms, where attackers increasingly target AI behavior and weak security controls instead of traditional software bugs. The research and executive brief can be found here: ⁠GrafanaGhost: The Phantom Stealing Your Data⁠ Learn more about your ad choices. Visit megaphone.fm/adchoices

Trump hits pause on an AI executive order. Lawmakers sound alarms over CISA cuts. A sophisticated scareware campaign traps users in fake tech support scams. Ubiquiti patches critical UniFi flaws. The U.S. pours billions into quantum computing. Researchers uncover delayed Google API key revocation. Canadian authorities arrest the alleged Kimwolf botnet operator. Two Americans plead guilty in a global tech support fraud scheme. Our guest is Ankit Kumar Honey, Senior Engineering Manager for Dependabot at GitHub, discussing closing the agentic gap between alert and patch at a global scale. AI generated reports still come up short.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Ankit Kumar Honey, Senior Engineering Manager for Dependabot at GitHub, joins us to discuss closing the agentic gap between alert and patch at a global scale. Selected Reading Why Trump's AI executive order was pulled (Axios) Restoring CISA is one issue many lawmakers can agree on (Federal News Network) U.S. CISA adds Trend Micro Apex One and Langflow to its Known Exploited Vulnerabilities catalog (Security Affairs) Threat Spotlight: CypherLoc, an advanced browser-locking scareware targeting millions (Barracuda Networks Blog) Ubiquiti patches three max severity UniFi OS vulnerabilities (Bleeping Computer) Department of Commerce Announces Letters of Intent With 9 Companies for $2 Billion to Accelerate U.S. Leadership in Quantum Computing (NIST) Google API keys keep working after you delete them (Akido) Alleged Kimwolf Botmaster ‘Dort' Arrested, Charged in U.S. and Canada (Krebs on Security) Two Americans plead guilty to assisting India-based tech support scam centers (The Record) AI-generated reporting: Lessons learned from Cisco Talos Incident Response (Cisco) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Microsoft confirms active exploitation of two Defender flaws. Europol dismantles a VPN service tied to ransomware gangs. A nine-year-old Linux kernel bug exposes SSH keys and password hashes. Cisco patches a critical Secure Workload vulnerability, while Drupal fixes a highly critical SQL injection flaw. Android malware quietly signs victims up for premium SMS scams. Webworm upgrades its espionage toolkit with Discord and Microsoft Graph backdoors. Plus, China and Russia deepen cooperation on AI, cybersecurity, and satellite systems. Our guest is Jake Moore, Global Cybersecurity Advisor for ESET, sharing a glimpse into his Infosecurity Europe keynote "The Deepfake Interview." Greg doesn't even work here anymore… Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, Maria Varmazis speaks with Jake Moore, Keynote speaker for the upcoming Infosecurity Europe conference and Global Cybersecurity Advisor for ESET, getting a glimpse into his session "The Deepfake Interview: Breaking In From the Inside." This interview is part of our partnership with Infosecurity Europe.  Selected Reading Microsoft Defender vulnerabilities exploited in the wild (Help Net Security) Europol Seizes First VPN Used by Ransomware Gangs, Arrests Administrator (Hackread) Nine-Year-Old Linux Kernel Flaw Leaks SSH Keys and Password Hashes (Infosecurity Magazine) Cisco Patches Critical Vulnerability in Secure Workload (SecurityWeek) Android Malware Spotted Subscribing Victims to Paid Services Without Consent (Hackread) Drupal Patches Highly Critical Vulnerability Exposing Websites to Hacking (SecurityWeek) Webworm: New burrowing techniques (We Live Security) Xi and Putin pledge closer cooperation on AI, cyberspace and satellite systems (The Record) Zombie user account let hackers control the city's water (The Register) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

GitHub confirms a breach tied to a malicious VS Code extension. Anthropic fights a Pentagon blacklist as the White House weighs new AI security rules. Drupal scrambles to patch a critical flaw. Cisco Talos tracks the evolution of BadIIS malware-for-hire. Signal adds anti-phishing safeguards, Microsoft cracks down on malware-signing services, and China says foreign spies hijacked domestic routers for phishing operations. Wireless carriers collaborate to kill dead zones. Our guest is Rob T. Lee, Chief AI Officer, Chief of Research, SANS Institute, discussing The Cloud Security Alliance's “AI Vulnerability Storm” report. A book about misinformation contains helpful examples. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Rob T. Lee, Chief AI Officer, Chief of Research, SANS Institute, sharing Cloud Security Alliance's The “AI Vulnerability Storm”: Building a “Mythos-ready” Security Program. Selected Reading GitHub confirms breach of 3,800 repos via malicious VSCode extension (Bleeping Computer) Trump AI executive order seeks early government access to frontier models (Axios) DC Circuit slams Pentagon blacklisting of Anthropic as overreach (Courthouse News Service) Drupal Issues Urgent Warning for Highly Critical Core Vulnerability (Beyond Machines) From PDB strings to MaaS: Tracking a commodity BadIIS ecosystem used by Chinese-speaking threat (Cisco Talos) Signal adds security warnings for social engineering, phishing attacks (Bleeping Computer) Disrupting Fox Tempest: A cybercrime service that turned “verified” software into a pathway for ransomware (Microsoft)   China's state security authorities uncover foreign agency using domestic routers as cyberattack proxies; users notice only slower speeds (Global Times) ‘The Future of Truth' Contains Quotes Made Up by A.I. (The New York Times) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

A CISA contractor leaks GovCloud credentials on GitHub. INTERPOL cracks down on phishing infrastructure across the Middle East and North Africa. Microsoft patches a critical Authenticator flaw, while Poland moves officials off Signal after targeted phishing campaigns. A stealthier SHub macOS infostealer emerges. Universal Robots fixes a critical vulnerability. A Dark Web marketplace dumps millions of stolen payment cards. Echo Protocol loses $76 million in a synthetic Bitcoin breach. Our guest is Chris Cochran, Field CISO & Vice President of AI Security at SANS, discussing their AI maturity model. Nathan Detroit rolls malware snake eyes.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Chris Cochran, Field CISO & Vice President of AI Security at SANS, discussing their SANS AI Security Maturity Model™. Selected Reading CISA Admin Leaked AWS GovCloud Keys on Github (Krebs on Security) INTERPOL Operation Ramz: 201 Apprehended in MENA Cybercrime Disruption (TechNadu) Microsoft Patches Critical Token Theft Vulnerability in Authenticator App (Beyond Machines) Poland shifts away from Signal following cyberattacks on officials' accounts (Security Affairs) SHub macOS infostealer variant spoofs Apple security updates (Bleeping Computer) Critical Vulnerability Exposes Industrial Robot Fleets to Hacking (SecurityWeek) B1ack's Stash Releases 4.6 Million Stolen Credit Cards for Free (SOC Radar) Echo Protocol Hit by $76M eBTC Minting Exploit (SOC Radar) Chanhassen Dinner Theatres cancels more Guys and Dolls performances due to illness and cyberattack (KARE11) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Researchers crack Apple's M5 memory protections with a kernel exploit. An IBM Security executive emerges as a possible CISA pick. Researchers uncover four malicious npm packages.  AI-generated “slop” floods bug bounty programs. Major healthcare breaches hit the HHS tracker, 7-Eleven confirms a breach, and chained OpenClaw AI flaws could enable full host compromise. Santa Clara County sues Meta over alleged scam ads on Facebook and Instagram. Monday business breakdown. Our guest is Jason Madigan, Director of Commercial Cloud Security at Booz Allen, discussing the tension between resilience and data residency laws. A fond farewell for a security pioneer.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today's Industry Voices segment we are joined by Jason Madigan, Director of Commercial Cloud Security at Booz Allen, discussing the tension between resilience and data residency laws. If you enjoyed this conversation, check out the full interview here. Selected Reading First public macOS kernel memory corruption exploit on Apple M5 (Calif) IBM executive floated for CISA director as concerns persist for agency (SC Media) Former CISA nominee Sean Plankey named US CEO of defense startup (CyberScoop) New Actors Deploy Shai-Hulud Clones: TeamPCP Copycats Are Here (OX Security) ‘Never-ending' AI slop strains corporate hacking reward schemes (Financial Times) Millions Impacted Across Several US Healthcare Data Breaches (SecurityWeek) 7-Eleven Data Breach Confirmed After ShinyHunters Ransom Demand (SecurityWeek) 'Claw Chain' OpenClaw Flaws Allow Sandbox Escape, Backdoor Delivery (SecurityWeek) Santa Clara County sues Meta over alleged scam ads (San José Spotlight) Exaforce raises $125 million in Series B funding. (N2K Pro Business Briefing) Peter G. Neumann, Who Warned of Computer Security Risks, Dies at 93 (The New York Times) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

For years, in-space internet capabilities were rarely worth the hassle. Now, that's changing. In today's episode, Maria Varmazis and Ethan Cook sit down to discuss how internet data moves through space systems and its recent advancements. For decades, GEO satellites made up most of the marketplace; however, LEO satellites are changing the landscape improving connectivity and speeds. Key sources: In-space relay and WiFi services. Space Development Agency On Orbit. Like what you heard? Be sure to subscribe to our free Signals and Space Briefing⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠, our Sunday newsletter covering the intersection of cybersecurity and space. Subscribe at: https://thecyberwire.com/newsletters/signals-and-space  Is there a topic or person you'd like to hear on our show? You can send your questions and feedback to space@n2k.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠. T-Minus: Space-Cyber Briefing is a production of N2K CyberWire. N2K is your nexus for discovery and connection for people, technology, and ideas shaping the future of secure innovation. Learn how at n2k.com. Learn more about your ad choices. Visit megaphone.fm/adchoices

⁠⁠⁠Thomas Elkins⁠⁠⁠, SOC L3 Analyst from ⁠⁠⁠BlueVoyant⁠⁠⁠, is discussing "Unpacking Augmented Marauder's Multi-Pronged Casbaneiro Campaigns." BlueVoyant researchers uncovered a large-scale phishing campaign by a Brazil-linked threat group targeting Spanish-speaking users across Latin America and Europe, using fake judicial summons emails, WhatsApp attacks, ClickFix tactics, and email phishing to spread the Casbaneiro banking trojan through the Horabot malware framework. The campaign uses sophisticated evasion methods including password-protected PDFs, dynamically generated ZIP filenames, anti-sandbox checks, fileless execution, and customized phishing lures to bypass security tools while turning infected systems into self-propagating botnets that hijack Outlook and webmail accounts to spread further attacks. Researchers say the operation highlights how the Augmented Marauder group (also known as Water Saci) is rapidly evolving its malware ecosystem, combining WhatsApp automation, dynamic phishing infrastructure, and advanced banking malware delivery into a highly adaptable, multi-pronged cybercrime operation. The research and executive brief can be found here: ⁠Unpacking Augmented Marauder's Multi-Pronged Casbaneiro Campaigns⁠ Learn more about your ad choices. Visit megaphone.fm/adchoices

Microsoft sounds the alarm on a critical Exchange zero-day, OpenAI and Mistral AI deal with fallout from a widening supply-chain attack campaign, and researchers uncover a thriving underground market for unlocking stolen iPhones. A stealthy macOS infostealer spreads through ClickFix scams, healthcare braces for major HIPAA security changes, and hackers cash in big at Pwn2Own Berlin after burning through two dozen zero-days. Maria Varmazis joins us with the latest from the T-Minus space cyber podcast. Researchers roll their eyes at ransomware reassurances. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, ⁠Daily Briefing⁠, and you'll never miss a beat. And be sure to follow CyberWire Daily on ⁠LinkedIn⁠. CyberWire Guest Today we are joined by Maria Varmazis, host of T-Minus: Space-Cyber Briefing, talking about the evolution of the show. Join us on Sunday, May 17th for the first episode of T-Minus and tune in each Sunday for new episodes.  Selected Reading ⁠Microsoft Reports Severe Zero-Day Flaw in On-Prem Exchange Servers⁠ (Infosecurity Magazine) ⁠OpenAI Hit by TanStack Supply Chain Attack⁠ (SecurityWeek) ⁠Mustang Panda Linked to New Modular FDMTP Backdoor⁠ (BankInfo Security) ⁠TeamPCP hackers advertise Mistral AI code repos for sale⁠ (Bleeping Computer) ⁠What's Next for the Proposed HIPAA Security Rule Overhaul?⁠ (GovInfo Security) ⁠American Lending Center Data Breach Affects 123,000 Individuals⁠ (SecurityWeek) ⁠Why AMOS matters: The macOS malware stealing data at scale⁠ (SOPHOS) ⁠Inside the Underground Market That Unlocks Stolen iPhones⁠ (Infoblox) ⁠Windows 11 and Microsoft Edge hacked at Pwn2Own Berlin 2026⁠ (Bleeping Computer) ⁠Nobody believes the 'criminals and scumbags' who hacked Canvas really deleted stolen student data⁠ (The Register) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our ⁠brief listener survey⁠. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at ⁠sponsor.thecyberwire.com⁠. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Google says AI-powered cybercrime has gone industrial scale. Two new Windows zero-days emerge. Signal threatens to leave Canada over lawful access legislation. Pentagon-linked influence operations shift to paid ads. Linux admins scramble to patch a new root-level flaw. FamousSparrow targets Azerbaijan's energy sector. Cisco announces layoffs despite record revenue. An alleged Dream Market administrator faces cryptocurrency money laundering charges. Our guest is Cynthia Kaiser, SVP of Ransomware Research Center at Halcyon, discussing "Akira Ransomware Attacks in Under an Hour." The surveillance will continue until employee sentiment improves. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Cynthia Kaiser, SVP of Ransomware Research Center at Halcyon, is discussing "Akira Ransomware Attacks in Under an Hour." Selected Reading Adversaries Leverage AI for Vulnerability Exploitation, Augmented Operations, and Initial Access (Google Cloud Blog) Mystery Microsoft bug leaker keeps the zero-days coming (The Register)  Signal warns it would pull out of Canada if made to comply with lawful access bill (The Globe and Mail) Fewer Bots, More Ads: The Pentagon's Evolving Online Influence Campaigns (Lawfare) New Fragnesia Linux flaw lets attackers gain root privileges (Bleeping Computer)  FamousSparrow Targeted Oil and Gas Industry via MS Exchange Server Exploit (Hackread)  KongTuke hackers now use Microsoft Teams for corporate breaches (Bleeping Computer) Our Path Forward (Cisco Blogs) German citizen charged with laundering funds linked to prominent darknet marketplace “Dream Market” (United States Department of Justice) The Rise of Emotional Surveillance (The Atlantic) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Patch Tuesday. Global agencies update SBOM guidance. Iran-linked espionage group Seedworm breached a major South Korean electronics manufacturer. A telehealth platform breach affects 716,000. Foxconn confirms a cyberattack. Maria Varmazis has an update on orbital data centers. A lawmaker questions surveillance pricing. Brandon Karpf, friend of the show, is talking with Dave about "Japan's space systems face growing cybersecurity threats." Robotic lawnmowers on the cutting edge. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today Brandon Karpf, friend of the show, is talking with Dave about "Japan's space systems face growing cybersecurity threats." Selected Reading Microsoft Fixes 17 Critical Flaws in May Patch Tuesday (Infosecurity Magazine) Microsoft Patches Critical Zero-Click Outlook Vulnerability Threatening Enterprises (SecurityWeek) Adobe Patches 52 Vulnerabilities in 10 Products (SecurityWeek) Fortinet, Ivanti Patch Critical Vulnerabilities (SecurityWeek) Chipmaker Patch Tuesday: Intel and AMD   70 Vulnerabilities (SecurityWeek) ICS Patch Tuesday: New Security Advisories From Siemens, Schneider, CISA (SecurityWeek) Global Cyber Agencies Issue New SBOMs for AI Guidance to Tackle AI Supply Chain Risks (Infosecurity Magazine) Seedworm: Iran-Linked Hackers Breached Korean Electronics Maker in Global Spying Campaign (SECURITY.COM) 716,000 Impacted by OpenLoop Health Data Breach (SecurityWeek) Foxconn confirms cyberattack after ransomware crew claims it stole confidential Apple, Nvidia files (The Register) Congressman launches inquiry into how food retailers use surveillance pricing (The Record) Orbital Inference Data Center Bets On Space GPUs (IEEE Spectrum) Cowboy Space raises $275 million to launch AI data centers on brand-new rocket (Space.com) Yarbo responds to robot flaws that could mow down their owners (Malwarebytes) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Former NSA chief says the U.S. can beat China in cyberspace. Canvas cuts a deal with hackers. The FCC proposes KYC rules for phone users. SAP patches critical flaws. A poisoned TanStack npm supply chain attack spreads malware. Humanitarian aid lures deliver spyware. Japan launches an AI-driven cyber review. Texas sues Netflix over data practices. And Harvard experts debate the future of agentic AI security. On our Threat Vector segment David Moulton welcomes, Assaf Keren, CSO at Qualtrics and author of Lessons from the Frontlines. Our guest is Tim Starks from CyberScoop discussing changes to the CyberCorps Scholarship program. The Gentleman's guide to awful OPSEC.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector AI is the most powerful tool defenders have ever had. It's also the most dangerous weapon attackers have ever had. Assaf Keren, CSO at Qualtrics and author of Lessons from the Frontlines, has seen AI reshape both sides of the threat equation. In this conversation, he gets specific about what happens when powerful tools fall into the wrong hands, and what leaders need to do before they get caught off-guard. You can listen to the full conversation here, and catch new episodes of Threat Vector with host David Moulton every Thursday on your favorite podcast app. CyberWire Guest Today we are joined by Tim Starks from CyberScoop discussing changes to the CyberCorps Scholarship program. You can read more in Tim's article “Trump officials are steering a cybersecurity scholarship program toward AI.” Selected Reading I Ran the N.S.A. This Is How to Defeat China's Hacker Army. (The New York Times) Canvas hack: company pays criminals to delete students' stolen data (BBC News) FCC Attempts to Solve Robocall Problem by Potentially Creating Even Bigger Privacy Problem (Gizmodo) SAP Patches Critical S/4HANA, Commerce Vulnerabilities (SecurityWeek) Cache-poisoning caper turns TanStack npm packages toxic (The Register) Operation HumanitarianBait Uses Fake Aid Documents to Deploy Python Spyware (Hackread) Japan's PM orders cybersecurity review to stop Mythos going full CyberZilla (The Register) Texas sues Netflix over alleged data practices that create ‘surveillance machinery' without user consent (The Record) Time for government, business leaders to figure out AI cybersecurity regulation (Harvard Gazette) Tables Turned: Gentlemen Ransomware Group Suffers Data Leak (BankInfo Security) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The FCC eases restrictions on foreign-made routers. Shiny Hunters hit Canvas and Zara. SailPoint discloses unauthorized access to its GitHub repositories. TrickMo Android banking malware has more tricks up its sleeve. Polish officials warn of increased targeting of ICS and public infrastructure. A federal judge orders $10 million in restitution for stolen zero days. German authorities takedown the Crimenetwork marketplace, again. Monday business breakdown. Dan Lorenc, Chainguard CEO and co-founder, is talking about a recent wave of supply chain attacks. Malware gets signed, sealed and delivered.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Dan Lorenc, Chainguard CEO and co-founder, is talking about how the recent wave of supply chain attacks is fundamentally different – and more dangerous –than previous incidents, as well as immediate steps organizations should take as this continues to unfold. Selected Reading US: FCC Relaxes Foreign-Made Router Ban to Allow for Security Updates (Infosecurity Magazine) ShinyHunters Escalates Canvas Extortion (Infosecurity Magazine) Zara Data Breach Impacts Nearly 200,000 Customers (Infosecurity Magazine) SailPoint Discloses GitHub Repository Hack (SecurityWeek) TrickMo Android banker adopts TON blockchain for covert comms (Bleeping Computer) Polish ABW warns cyberattacks shifting from espionage and data theft toward physical disruption of critical infrastructure (Industrial Cyber) Trenchant Exec Who Sold Zero Days to Russian Buyer Ordered to Pay $10 Million in Restitution to Former Employers (Zero Day) Resurrected 'Crimenetwork' Marketplace Taken Down, Administrator Arrested (SecurityWeek) XBOW secures an additional $35 million in Series C funding. (N2K Pro Business Briefing) Hackers Trick DigiCert Into Issuing Certificates Used to Sign Malware (Hackread) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of Career Notes. Payal Chakravarty, Head of Product for Security and Risk from Coalition, sits down to share her story of working at several different organizations, including interning for IBM and Microsoft. After obtaining her master's degree, she worked with IBM a bit more closely and fell in love with one of the projects she was working on. Payal had a very interesting career path going from physical to virtual, virtual to cloud now, cloud to containers. She says that there is still some bias she has dealt with as a woman in her field, she says, "I think the way you handle it is you negotiate or you kind of calmly handle the situation, there's no ego involved." Payal shares that in working in this field you need to be in love with it, giving the advice that don't just choose a job because of the money or because it's cool, but because you feel connected to it as a profession. We thank Payal for sharing her story. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this special edition of CyberWire Daily's 10th anniversary series, N2K CyberWire's Maria Varmazis and Dave Bittner discuss cybersecurity geopolitics and warfare that have been in the news over the past 10 years. We begin our conversation around the supply chain malware from the destructive NotPetya campaign out of Russia, then Maria and Dave highlight: Olympic Destroyer disrupting the Pyeongchang Games, CozyBear's SolarWinds espionage campaign, the Colonial Pipeline ransomware disruption, Russia's full invasion of Ukraine paired with Viasat hack, Iranian hackers attacking ICS devices at water treatment plants in Israel, and China's VoltTyphoon and SaltTyphoon intrusions in critical sectors. Join us as we reflect on the escalation from election interference and disruption, to espionage and ransomware as national security crises, to integration in kinetic war,and now expansion into space, with AI-driven defenses and NATO codifying cyber as a collective defense domain. Learn more about your ad choices. Visit megaphone.fm/adchoices