The CyberWire

Please enjoy this encore of Career Notes. Payal Chakravarty, Head of Product for Security and Risk from Coalition, sits down to share her story of working at several different organizations, including interning for IBM and Microsoft. After obtaining her master's degree, she worked with IBM a bit more closely and fell in love with one of the projects she was working on. Payal had a very interesting career path going from physical to virtual, virtual to cloud now, cloud to containers. She says that there is still some bias she has dealt with as a woman in her field, she says, "I think the way you handle it is you negotiate or you kind of calmly handle the situation, there's no ego involved." Payal shares that in working in this field you need to be in love with it, giving the advice that don't just choose a job because of the money or because it's cool, but because you feel connected to it as a profession. We thank Payal for sharing her story. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this special edition of CyberWire Daily's 10th anniversary series, N2K CyberWire's Maria Varmazis and Dave Bittner discuss cybersecurity geopolitics and warfare that have been in the news over the past 10 years. We begin our conversation around the supply chain malware from the destructive NotPetya campaign out of Russia, then Maria and Dave highlight: Olympic Destroyer disrupting the Pyeongchang Games, CozyBear's SolarWinds espionage campaign, the Colonial Pipeline ransomware disruption, Russia's full invasion of Ukraine paired with Viasat hack, Iranian hackers attacking ICS devices at water treatment plants in Israel, and China's VoltTyphoon and SaltTyphoon intrusions in critical sectors. Join us as we reflect on the escalation from election interference and disruption, to espionage and ransomware as national security crises, to integration in kinetic war,and now expansion into space, with AI-driven defenses and NATO codifying cyber as a collective defense domain. Learn more about your ad choices. Visit megaphone.fm/adchoices

Mark Kelly, Staff Threat Researcher at Proofpoint, is discussing their work on "I'd come running back to EU again: TA416 resumes European government espionage campaigns." China-linked threat group TA416 has resumed large-scale phishing and malware campaigns targeting European governments, diplomatic missions tied to the EU and NATO, and more recently Middle Eastern entities following the outbreak of conflict in Iran. The group has continually evolved its tactics between mid-2025 and early 2026, using techniques like fake Cloudflare verification pages, Microsoft OAuth redirect abuse, and malicious C# project files to deliver customized PlugX malware through spearphishing campaigns. Researchers say the renewed activity reflects shifting geopolitical priorities tied to EU-China tensions, the Russia-Ukraine war, and instability in the Middle East, while highlighting TA416's ongoing focus on intelligence gathering against diplomatic networks. The research and executive brief can be found here: I'd come running back to EU again: TA416 resumes European government espionage campaigns Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA orders rapid patching of actively exploited Ivanti zero-day. Canvas gets hacked during finals week. Dirty Frag is a new Linux zero-day. Researchers document a serious Claude Chrome extension bug. Meta ends Instagram encryption. PCPJack malware clean house before moving in. A new report highlights quantum-era cryptographic threats. Cloudflare announces layoffs amidst AI deployment. Sri Lankan police shut down a scam center. Maria Varmazis joins me to look back at ten years of geopolitics in cyber. Vibe coding reveals valuable data.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we're previewing a special edition of CyberWire Daily's 10th anniversary series, where N2K CyberWire's Maria Varmazis and Dave Bittner revisit a decade of cyber geopolitics and warfare. Selected Reading CISA gives feds four days to patch Ivanti flaw exploited as zero-day (Bleeping Computer) ​​Hackers ate my homework: Educational SaaS Canvas down after cyberattack (The Register) New Linux 'Dirty Frag' zero-day gives root on all major distros (Bleeping Computer) Flaw in Claude's Chrome extension allowed ‘any' other plugin to hijack victims' AI (CyberScoop) Meta U-turns on encryption push for Instagram as DMs go plaintext (The Register) ‘PCPJack' Worm Removes TeamPCP Infections, Steals Credentials (Security Week) Quantum Risk Explained (Recorded Future) Building for the future (Cloudflare) Sri Lanka makes 37 arrests as it raids another scam centre (Bitdefender) Thousands of Vibe-Coded Apps Expose Corporate and Personal Data on the Open Web (WIRED) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA pushes critical infrastructure to prepare for offline operations during cyberattacks. Questions grow over a shared U.S.-China AI threat. A Russian university is accused of feeding talent into GRU cyber units. Researchers warn poisoned data could quietly corrupt enterprise AI. LinkedIn faces a GDPR fight over monetizing user data. Millions downloaded fake Android call-history apps before Google pulled them. Dragos reports AI-assisted targeting of OT systems. A California man is sentenced in a $250 million crypto theft ring. Our guest is Asdrúbal Pichardo, CEO of Squalify, who wonders if banks are ready for worst-case cyber disruptions. A bandwidth bandit brakes bullet trains. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Asdrúbal Pichardo, CEO of Squalify, sharing insights on  “Are banks ready for worst-case cyber disruptions amidst geopolitical tensions?" Selected Reading New CISA initiative aims for critical infrastructure to operate offline during cyberattacks (The Record) The U.S. and China Have a Common Foe. Hint: It's Not the U.S.S.R. (New York Times) Revealed: Russia's top secret spy school teaching hacking and election meddling (The Guardian) Poisoned truth: The quiet security threat inside enterprise AI (CSO Online) Noyb cries foul on LinkedIn withholding profile visitor data (The Register) Fake call logs, real payments: How CallPhantom tricks Android users (We Live Security) AI in the Breach: How an Adversary Leveraged AI to Target a Water Utility's OT (Dragos) Polish intelligence warns hackers attacked water treatment control systems (The Record) Crypto gang member gets 6.5 years for role in $230 million heist (Bleeping Computer) Student hacked Taiwan high-speed rail to trigger emergency brakes (Bleeping Computer) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA warns CopyFail is under active exploitation. Attackers compromise installers for a widely used disk imaging utility. MuddyWater masks cyberespionage as ransomware. Attackers spread malware through a fake OpenClaw plugin. Researchers ID a new Linux RAT. Vimeo blames a third party provider for a recent breach. Palo Alto's Captive Portal is under attack. The FTC settles with a data broker over location sharing. A former Conti gang member gets jail time. Our guest is Dov Yoran, CEO of Command Zero, discussing how cybersecurity teams are fighting AI with AI. Geotargeting turns creepy. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Dov Yoran, CEO of Command Zero, discussing how cybersecurity teams are fighting AI with AI. Selected Reading Attackers are cashing in on fresh 'CopyFail' Linux flaw (The Register) Hackers compromise Daemon Tools in global supply-chain attack, researchers say (The Record) Iranian APT Intrusion Masquerades as Chaos Ransomware Attack (SecurityWeek) Malicious OpenClaw Skill Targets DeepSeek Agentic AI Workflows (Cyber Press) Sophisticated Quasar Linux RAT Targets Software Developers (SecurityWeek) ShinyHunters claims dump puts 119K Vimeo emails in the wild (The Register) Palo Alto Networks warns of firewall RCE zero-day exploited in attacks (Bleeping Computer) FTC bans data broker Kochava from selling sensitive location info (The Record) Conti, Akira Affiliate Sentenced to 102 Months in Prison for Ransomware and Extortion Operations Targeting over 50 Organizations (TechNadu) A college student is suing a dating app that allegedly used her TikTok videos to target men in her dormitory (CyberScoop) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Brace for an AI-driven patch surge. Google fixes a critical Android flaw. Trellix confirms a source code breach. Apache Software Foundation ships urgent fixes. Data tied to Liberty Mutual leaks. CloudZ evolves to steal OTPs. Ouroboros persistence raises the stakes. A vishing suspect faces U.S. charges. Our guest is Markus Rauschecker, Executive Director for the University of Maryland Center for Cyber, Health and Hazard Strategies (CHHS), on the importance of the non-technical aspects of good cybersecurity preparedness and response. Our Threat Vector segment focuses on incident response. If you think UK age verification is working, I mustache you a question. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Industry Voices Markus Rauschecker, Executive Director for the University of Maryland Center for Cyber, Health and Hazard Strategies (CHHS), discussing the importance of the non-technical aspects of good cybersecurity preparedness and response. If you enjoyed this conversation check out the full interview here. Threat Vector Segment On this segment of Threat Vector by Palo Alto Networks, host David Moulton speaks with guest Steve Elovitz. In this conversation, Steve reflects on what two decades of incident response actually teaches you about the people on the other side of a breach. You can listen to the full conversation here, and catch new episodes of Threat Vector every Thursday on your favorite podcast app. Selected Reading NCSC Warns of an AI-Fuelled “Vulnerability Patch Wave” (Infosecurity Magazine) AI Adoption Outpaces Safety Policies, Leaving Organizations Exposed (Infosecurity Magazine) Critical Remote Code Execution Vulnerability Patched in Android (SecurityWeek) Trellix Reveals Unauthorized Access to Source Code (Infosecurity Magazine) Critical, High-Severity Vulnerabilities Patched in Apache MINA, HTTP Server (SecurityWeek) Everest Group Begins Leaking Alleged Liberty Mutual Data (GovInfo Security) CloudZ malware abuses Microsoft Phone Link to steal SMS and OTPs (Bleeping Computer) dMSA Ouroboros: Self-Sustaining Credential Extraction in Windows Server 2025 (Huntress) Western District of North Carolina | Romanian National Appears in Federal Court Following Extradition from Romania on Bank Fraud Charges Stemming From “Vishing” Scheme (United States Department of Justice) Kids can bypass some age checks with a drawn-on mustache (The Register) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Progress Software urges customers to patch a critical MOVEit authentication bypass. Washington worries about limited access to advanced AI tools. Paid influencers promote pro-American AI. CISA warns Copy Fail is under active exploitation. The Canvas educational platform suffers a data breach. The Lazarus Group uses ClickFix to target high-value enterprise users. U.S. and Chinese authorities raid scam centers in Dubai. Monday Business Brief. On Afternoon Cyber Tea with Ann Johnson: Tony Sager, Senior VP & Chief Evangelist, Center for Internet Security, joins Ann to discuss the accelerating pace of technology, AI, and global software dependencies. May the Fourth be with your firewall.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Afternoon Cyber Tea On this segment of Afternoon Cyber Tea with Ann Johnson: Tony Sager, Senior VP & Chief Evangelist, Center for Internet Security, joins Ann to discuss how the accelerating pace of technology, AI, and global software dependencies are reshaping the cybersecurity landscape. To hear the full conversation, check out the episode and subscribe where you get your favorite podcasts to listen to past episodes. The show is going on hiatus. Stay tuned for the next chapter soon. Selected Reading ⁠Progress warns of critical MOVEit Automation auth bypass flaw⁠ (Bleeping Computer) ⁠What Was Discussed at Google's White House Meeting About A.I. ⁠(The New York Times) ⁠US Military Reaches Deals With 7 Tech Companies to Use Their AI on Classified Systems ⁠(SecurityWeek) ⁠A Dark-Money Campaign Is Paying Influencers to Frame Chinese AI as a Threat⁠ (WIRED) ⁠CISA says ‘Copy Fail' flaw now exploited to root Linux systems⁠ (Bleeping Computer) ⁠Edtech Firm Instructure Discloses Data Breach Amid Hacker Leak Threats⁠ (SecurityWeek) ⁠Lazarus Targets macOS Users With New “Mach-O Man” Malware Kit⁠ (GB Hackers) ⁠US, China partner on scam center takedown in Dubai⁠ (The Record) ⁠Cloudsmith raises $72 million in Series C funding.⁠ (N2K Pro Business Briefing) Microsoft for Startups (N2K Networks) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of Career Notes. Kayla Williams, CISO of Devo, sits down to share her story, from graduating with a finance degree to rising to where she is now. She quickly learned that finance was not for her and changed paths, working towards gaining an information security certificate. From there she was able to excel and was offered the opportunity to move to England which changed her life. Working in her new role, she really enjoys thriving with her team. She says "We really try to be the department of no problem versus the department of no." She mentions how her and her team work on a day to day basis together solving issues and yet she says not everything related to cybersecurity needs to be a fire drill. She would rather her and her team build bridges in the face of adversity and in the face of people who may be naysayers. We thank Kayla for sharing her story. Learn more about your ad choices. Visit megaphone.fm/adchoices

Today we are joined by Justin Albrecht, Principal Researcher at Lookout, discussing "Attackers Wielding DarkSword Threaten iOS Users." DarkSword is a highly sophisticated iOS exploit chain discovered by Lookout that targets iPhones (iOS 18.4–18.6.2), enabling near zero-click compromise and rapid theft of sensitive data, including credentials and cryptocurrency wallet information. Likely deployed by a Russia-linked threat actor (UNC6353) against Ukrainian users, it uses watering hole attacks on compromised websites and operates in a “hit-and-run” fashion—exfiltrating data within minutes before wiping traces. The campaign highlights a growing secondary market for advanced exploits, allowing financially motivated groups to access powerful tools once reserved for state actors, significantly expanding the mobile threat landscape. The research and executive brief can be found here: ⁠Attackers Wielding DarkSword Threaten iOS Users Learn more about your ad choices. Visit megaphone.fm/adchoices

Five Eyes agencies issue agentic AI guidance. A federal database leaks Social Security numbers. A stealthy worm poisons open source packages. OT firms are sidelined from frontier cyber models. The FBI warns of a surge in cyber-enabled cargo theft. Officials flag likely election interference as security programs face cuts. Researchers uncover a covert Python backdoor. Ubuntu's site takes Iranian-linked DDoS fire. Cyber pros are sentenced in a ransomware case. Our guest is Andrew Carr, Global Head of Threat Management at Booz Allen, discussing how AI is accelerating cyberattacks. OpenAI joins the invitation-only club. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today's Industry Voices we are joined by ⁠Andrew Carr⁠, Global Head of Threat Management at ⁠Booz Allen Hamilton⁠, discussing how AI is accelerating cyberattacks and reshaping cybersecurity defenses. If you enjoyed this conversation be sure to check out the full interview here. Selected Reading Careful Adoption of Agentic AI Services (CISA)  Careful adoption of agentic AI services (Cyber.gov.au) Medicare portal exposed health providers' Social Security numbers (The Washington Post) Open-source registries hit by 'Mini Shai-Hulud' supply chain attacks (Developer) OT Cybersecurity Frozen Out by Frontier Labs (OTToday) FBI Warns of Surge in Hacker-Enabled Cargo Theft (SecurityWeek) Breach Roundup: US Cyber Command Flags Election Threats (Gov Infosecurity) Sophisticated Deep#Door Backdoor Enables Espionage, Disruption (SecurityWeek) Pro-Iran group turns Ubuntu DDoS into shakedown (The Register) Two Americans Who Attacked Multiple U.S. Victims Using ALPHV BlackCat Ransomware Sentenced to Prison (United States Department of Justice) OpenAI locks GPT-5.5-Cyber behind velvet rope (The Register) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

A critical Linux flaw dubbed “Copy Fail” raises alarm. The House moves to extend Section 702. The White House pushes back on expanded Mythos access. cPanel and SonicWall rush out security patches. Researchers warn AI agents may leak credentials. Smishing targets key industries. Ukrainian police arrest suspects in a massive Roblox account theft scheme. Our guest is Jamie Moles, technical manager at ExtraHop, discussing how the pace of vibe coding is creating major AI blind spots. Honeypot hijinks get halted by curious clicks.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Jamie Moles, technical manager at ExtraHop, discussing how the pace of vibe coding is creating major AI blind spots. Selected Reading Copy Fail (Copy.Fail) House extends a controversial spy tool, but Senate path is unclear ahead of deadline (NPR) White House Opposes Anthropic's Plan to Expand Access to Mythos Model (WSJ) Critical Authentication Vulnerability in cPanel and WHM (Beyond Machines) Security Advisory: Firmware Update Required — Gen 6, Gen 7, and Gen 8 Firewalls (Sonic Wall) Phishing the agent: Why AI guardrails aren't enough (Okta) Phoenix Rising: Exposing the PhaaS Kit Behind Global Mass Phishing Campaigns (Group-IB Blog) Ukrainian police detain hackers suspected of stealing thousands of Roblox accounts for resale (The Record) I accidentally made law enforcement shut down their stresser honeypot (lina's blog) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

OpenAI and Anthropic brief Congress on cyber-capable AI. The GAO flags improper DOGE access to Treasury payment systems. Greece moves to end online anonymity. CISA orders agencies to patch an exploited Windows zero-day. Researchers uncover ransomware that destroys data instead of encrypting it. State CISOs report falling confidence. Neurodivergent cyber pros cite inclusion gaps. Police arrest a 19-year-old alleged Scattered Spider member. Our guest is Chris Boehm, Zero Networks' Field Chief Technology Officer, on minimizing your blast radius. AI lowers the bar and lengthens the line in the courtroom.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Chris Boehm, Zero Networks' Field Chief Technology Officer, discussing "One Compromised System and BOOM, Meet Your Blast Radius." Selected Reading OpenAI, Anthropic brief House Homeland Security on AI cyber threats (Axios) Scoop: White House workshops plan to bring back Anthropic (Axios) GAO report on DOGE payments access ‘just the tip of the iceberg' (Federal News Network) Greece to ban anonymity on social media (Euractiv) CISA orders feds to patch Windows flaw exploited as zero-day (Bleeping Computer) Broken VECT 2.0 ransomware acts as a data wiper for large files (Bleeping Computer) State CISOs Report Lower Confidence Across the Public Sector Cyber Ecosystem, 2026 NASCIO-Deloitte Survey Finds (NASCIO) Neurodivergence in the Cybersecurity Workforce (ISC2) Teen charged in Chicago was part of international ‘Scattered Spider' hacker group, feds say (Chicago Tribune) People Using AI to Represent Themselves in Court Are Clogging the System (404 Media) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Conflict in the Middle East disrupts the circuit board supply chain. The Supreme Court considers arguments on geofence searches. A new report highlights Chinese digital transnational repression. The NCSC protects HDMI and DisplayPort links. Tennessee bans cryptocurrency ATMs. Researchers expose a financially motivated subgroup of North Korea's Lazarus Group. Medtronic confirms a ShinyHunters data breach. Tim Starks, from CyberScoop discusses telecom vulnerabilities. A helpful AI deletes everything.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest We welcome back Tim Starks, Senior Reporter for CyberScoop, discussing telecom vulnerabilities. Selected Reading Iran war disrupts the circuit board supply chain, raises costs for tech firms (Reuters) Iranian hackers expose personal details of thousands of US Marines in Middle East (Metro) Supreme Court signals location data searches should require a warrant (The Record) Tall Tales: How Chinese Actors Use Impersonation and Stolen Narratives to Perpetuate Digital Transnational Repression (The Citizen Lab) NCSC launches SilentGlass, a plug-in device to secure HDMI and DisplayPort links (Security Affairs) Tennessee becomes second state to ban cryptocurrency ATMs over scam concerns (The Record) BlueNoroff Uses ClickFix, Fileless PowerShell, and AI-Generated Fake Zoom Meetings to Target Web3 Sector (Arctic Wolf) Medtronic Hack Confirmed After ShinyHunters Threatens Data Leak (SecurityWeek) Claude-powered AI coding agent deletes entire company database in 9 seconds — backups zapped, after Cursor tool powered by Anthropic's Claude goes rogue (Tom's Hardware) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The race for AI dominance has created a dangerous imbalance between business velocity and cyber resilience. In this episode, host Caleb Tolin is joined by Joe Hladik, Head of Rubrik Zero Labs, and Staff Security Researcher Amit Malik to break down the findings of their latest report on agentic adoption. The discussion centers on the Agentic Paradox. This is the technical reality that tools designed to automate high-level tasks are inherently built to find the most efficient path around obstacles, including existing security policies. A primary focus is implementing a three-layer framework for AI Operations. This model targets the Tool Layer, where agents interact with databases; the Cognitive Layer, which serves as the LLM brain; and the critical Identity Layer. The conversation explores stories in which agents, without malicious intent, have caused catastrophic data loss simply by following an optimized logic path. These instances prove that agents need not be sentient to be destructive when they lack proper human-in-the-loop checkpoints. Technical hurdles of Identity Resilience are also addressed, specifically the explosion of non-human identities that spin up and down like elastic cloud infrastructure. The episode examines the fear index regarding job security, noting that 92% of leaders fear for their roles post-breach. Joe and Amit join Caleb to explore the evolution of personal liability for CISOs and the urgent need to move from basic visibility to deep observability. This is a forward-looking briefing for leaders who recognize that, in an era of autonomous routines, the human must remain the ultimate command-and-control center. What You'll Learn Define the agentic paradox to understand why AI efficiency naturally compromises traditional security guardrails. Implement a three-layer framework to secure the tool, cognitive, and identity components of AI. Transition from basic visibility to deep observability to track autonomous decision-making in real time. Mitigate prompt injection risks by auditing the input and output flows of the cognitive layer. Utilize ephemeral containers to sandbox agentic tools and prevent unauthorized database alterations. Manage the elasticity of non-human identities to maintain control over rapidly spinning AI agents. Anchor AI operations with human-in-the-loop checkpoints to ensure integrity during high-stakes executions. Episode Highlights Defining the Agentic Identity and Autonomous Routines Revenue vs. Resilience: The Drivers of AI Urgency The Three-Layer Framework for Agentic Defense Shadow AI and the Rise of Invisible Insider Threats The Context Gap: Why Rolling Back AI Actions is Hard The CISO Fear Index and Personal Liability Post-Breach Visibility vs. Observability in Elastic Identity Environments Learn more about your ad choices. Visit megaphone.fm/adchoices

The Supreme Court weighs geofence warrants. Iran leans toward quieter cyber ops. Researchers unpack Fast16 sabotage malware. Microsoft tracks an Outlook outage. Snow malware moves deep inside networks. Itron reports a breach. SMS blasters hit Canada. Italy extradites an accused hacker to the U.S. Monday business brief. Our guest is Mick Coady, Field CTO of Elisity, on how hospitals can best defend against ransomware attacks. Meta's relentlessly watchful eye turns inward.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest We are joined by Mick Coady, former head of cybersecurity for hospitals and Field CTO of Elisity, on how hospitals can defend against ransomware attacks, both online and through devices, including patient monitors, HVAC systems, and any device connected to the Internet. Selected Reading Ingenious? Orwellian? Or both? Supreme Court considers constitutionality of 'geofence' warrants (NPR) Iran's cyber threat may be less ‘shock and awe' than ‘low and slow,' officials say (The Record) Newly Deciphered Sabotage Malware May Have Targeted Iran's Nuclear Program—and Predates Stuxnet | WIRED (Wired) Microsoft says Outlook.com outage is causing sign‑in failures (Bleeping Computer) Threat actor uses Microsoft Teams to deploy new “Snow” malware (Bleeping Computer) American utility firm Itron discloses breach of internal IT network (Bleeping Computer) Toronto police seize 'SMS blasters,' a cybercrime weapon never before seen in Canada (National Post) Italy Decides to Extradite Chinese Man Wanted by US for Hacking (Bloomberg) Artemis emerges from stealth with $70 million in funding. (The Cyber Wire) Meta staff protest surveillance software on work PCs • The Register (The Register) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.   Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of Career Notes. Adam Marrè, CISO from Arctic Wolf, sits down to share his story of rising through the ranks. After 9/11 he decided he wanted to make a difference in the world, and so he chose to go into the FBI. There he learned the skills that got him to where he is today. In his time at the FBI, he was able to do what he loved, which was working with computers while gaining more knowledge on cybersecurity, and he became computer forensic certified. Ultimately, he needed a change in the end and decided to leave the FBI. He was able to learn the leadership skills he needed to move past that career path and follow a new dream. He is now able to share his passion with the world and help people understand security to help protect themselves as well as helping people finding success in their careers and in their lives. We thank Adam for sharing his story. Learn more about your ad choices. Visit megaphone.fm/adchoices

This week, we are joined by Juliana Testa, Senior Security Engineer from 7AI, sharing their work on "Quish Splash - When the QR Code Is the Weapon: A Multi-Wave Phishing Campaign That Slipped Past Every Filter." A large-scale “quishing” campaign used QR codes embedded in image attachments to hide phishing URLs, allowing 28 out of 33 emails to bypass SPF, DKIM, DMARC, and Microsoft Defender and land directly in inboxes. Each recipient received a unique QR code and tracking ID, defeating traditional detection methods and enabling attackers to scale the campaign to over 1.6 million emails across multiple organizations while shifting execution to less-secure mobile devices. The attack was ultimately uncovered through AI-driven alerting combined with human analysis and threat hunting, highlighting a major blind spot in email security and the need for QR code inspection, mobile protections, and tighter auto-reply controls. The research and executive brief can be found here: Quish Splash - When the QR Code Is the Weapon: A Multi-Wave Phishing Campaign That Slipped Past Every Filter. Learn more about your ad choices. Visit megaphone.fm/adchoices

Locked Shields wraps another year. Open models challenge Mythos. CISA tracks FIRESTARTER inside a federal agency. The White House targets foreign AI model extraction. Microsoft lets admins remove Copilot. Treasury sanctions a Cambodian scam-compound senator. Breeze Cache rushes a patch. Researchers downplay OT malware hype, while NIST pushes for better OT visibility. Our guest is Eric Russo, Director, SOC Defensive Security at Barracuda, discussing the risks posed by employees downloading pirated software. Con artists charge crypto for counterfeit clearance. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Eric Russo, Director, SOC Defensive Security at Barracuda, discussing the risks posed by employees downloading pirated or cracked software onto corporate devices. You can learn more here. Selected Reading Locked Shields 2026: 41 Nations Strengthen Cyber Resilience in World's Biggest Exercise (SecurityWeek) Open source models can find bugs as well as Mythos (The Register) CISA: US agency breached through Cisco vulnerability, FIRESTARTER backdoor allowed access through March (The Record) Trump Administration Vows Crackdown on Chinese Companies 'Exploiting' AI Models Made in US (SecurityWeek) Microsoft now lets admins uninstall Copilot on enterprise devices (Bleeping Computer) US sanctions Cambodian senator for millions earned through scam compounds (The Record) Cloudways Patches Actively Exploited File Upload Flaw in Breeze Cache Plugin (Beyond Machines) Dragos: Despite AI use, new malware targeting water plants is ‘hype' (CyberScoop) NIST cyber center to launch OT ‘visibility' project (Federal News Network) Crypto scam lures ships into Strait of Hormuz, falsely promising safe passage (Ars Technica) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Researchers expose covert telecom surveillance campaigns. Lawmakers push new national privacy rules. China-linked actors hide inside compromised device networks. A ransomware forum leak reveals a criminal marketplace. GopherWhisper blends into cloud services for espionage. Attackers poison AI with hidden web prompts. Apple patches lingering notification data. macOS admin tools become attacker pathways. CISA orders urgent fixes for a Microsoft Defender zero-day, and their Director nominee withdraws. Our guests today are Johnny Hand and Dustin Childs, hosts of TrendAI's AI Security Brief podcast. A meteorological mystery meets market manipulation. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Introducing the AI Security Brief podcast. Our guests today are Johnny Hand and Dustin Childs, hosts of TrendAI's AI Security Brief podcast. They join Dave to introduce their new show on the N2K CyberWire Network. You can find their first episode here and catch new episodes every other Thursday on your favorite podcast app. Selected Reading Surveillance vendors caught abusing access to telcos to track people's phone locations, researchers say (TechCrunch) Committees on Energy and Commerce and Financial Services Introduce Pair of Privacy Bills to Establish Comprehensive Data Protections for All Americans (Energy Commerce) International cyber agencies share fresh advice to defend against China-linked covert networks (NCSC) RAMP Uncovered: Anatomy of Russia's Ransomware Marketplace (Security Affairs) New GopherWhisper APT group abuses Outlook, Slack, Discord for comms (Bleeping Computer) Hackers Use Hidden Website Instructions in New Attacks on AI Assistants (Hackread) Apple fixes iPhone bug that let FBI retrieve deleted Signal messages(CVE-2026-28950) (Help Net Security) Bad Apples: Weaponizing native macOS primitives for movement and execution (Talos Intelligence) CISA orders feds to patch BlueHammer flaw exploited as zero-day (Bleeping Computer) Trump's pick to lead CISA withdraws nomination after months of political impasse (POLITICO) A Hair Dryer May Have Gamed a Paris Weather Sensor for $34,000 on Polymarket (Bitcoin News) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Mythos leaks. The DOD preps a more aggressive cyber strategy. A former FBI cyber official urges homicide charges for hospital ransomware deaths. Lotus Wiper targeted the Venezuelan energy and utilities sector. Over 1,300 SharePoint servers remain unpatched against a spoofing vulnerability. The Harvester APT group deploys a new Linux version of its GoGra backdoor. A new LOTUSLITE backdoor targets India's banking sector. The Mirai botnet exploits discontinued routers. Our guest is Brian Vecci, Field CTO at Varonis, discussing how organizations can safely adopt AI and autonomous agents. A satirical startup sells clean-room clones.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today's Industry Voices, Brian Vecci, Field CTO at Varonis, discusses how organizations can safely adopt AI and autonomous agents by securing data, managing risk, and focusing on measurable outcomes. If you enjoyed this conversation, tune into the full interview here. Selected Reading Anthropic's Mythos Model Is Being Accessed by Unauthorized Users (Bloomberg) Claude Mythos Finds 271 Firefox Vulnerabilities (SecurityWeek) New Defense Department cyber strategy imminent, official says (The Record) Pentagon Cyber Leaders Back $1.5T Budget Request (GovInfo Security) Ex-FBI lead urges homicide charges against ransomware scum (The Register) New Wiper Malware Targeted Venezuelan Energy Sector Prior to US Intervention (SecurityWeek) Over 1,300 Microsoft SharePoint servers vulnerable to spoofing attacks (Bleeping Computer) Harvester: APT Group Expands Toolset With New GoGra Linux Backdoor (SecurityWeek) Same packet, different magic: Mustang Panda hits India's banking sector and Korea geopolitics (Acronis) Mirai Botnet Targets Flaw in Discontinued D-Link Routers (SecurityWeek) This AI Tool Rips Off Open Source Software Without Violating Copyright (404 Media) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Anthropic's Mythos proves irresistible despite claimed supply chain risks.Iran claims U.S. backdoors hit its networks. New Coast Guard rules target maritime OT security. A fresh NGate Android malware variant emerges. Thousands of ActiveMQ servers face active exploitation risk. CISA adds eight flaws to its KEV list. Progress patches MOVEit and LoadMaster bugs. Attackers impersonate IT staff over Microsoft Teams. A ransomware negotiator admits working with BlackCat. Google Gemini asks, “May we see your photos please?” Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today's Industry Voices Elad Koren, Vice President, Product Management, Cortex Cloud at Palo Alto Networks, discusses building AI natively into platforms, managing complexity and trust, and taking a measured, experimental approach during the industry's “messy middle” phase. If you enjoyed this conversation, tune into the full interview here. Selected Reading The US NSA is using Anthropic's Claude Mythos despite supply chain risk (Security Affairs) Anthropic secretly installs spyware when you install Claude Desktop (That Privacy Guy) Iran claims US used backdoors in networking equipment (The Register) Maritime Cybersecurity Rules Make Waves (GovInfoSecurity) New NGate variant hides in a trojanized NFC payment app (We Live Security) Actively exploited Apache ActiveMQ flaw impacts 6,400 servers (Bleeping Computer) CISA flags another Cisco Catalyst SD-WAN Manager bug as exploited (CVE-2026-20133) (Help Net Security) Progress Patches Multiple Vulnerabilities in MOVEit WAF, LoadMaster (SecurityWeek) Microsoft: Teams increasingly abused in helpdesk impersonation attacks (Bleeping Computer) Florida Man Working as a Ransomware Negotiator Pleads Guilty to Conspiracy to Deploy Ransomware and Extort U.S. Victims (United States Department of Justice) Google Starts Scanning All Your Photos As New Update Goes Live (Forbes) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Cloud platform Vercel confirms a data breach. Microsoft releases emergency updates to fix Windows Server restart loops. Bluesky gets DDoSed. Insurers keep close watch on an AI hiring discrimination suit. Cybersecurity workforce turnover rises. Scammers abuse Apple's email notification system. A Scattered Spider member pleads guilty to SMS phishing and cryptocurrency theft. Monday business brief. Our guest is Melissa K. Smith, SVP, Global Strategic Partnerships and Initiatives at SentinelOne, discussing building a unified defense through strategic partnerships. A budget beacon briefly betrays a boat's bearing.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today on our Industry Voices segment, we are joined by Melissa K. Smith, SVP, Global Strategic Partnerships and Initiatives at SentinelOne discussing building a unified defense through strategic partnerships. If you enjoyed this conversation, be sure to check out the full interview here. Selected Reading Vercel confirms breach as hackers claim to be selling stolen data (Bleeping Computer) Microsoft releases emergency updates to fix Windows Server issues (Bleeping Computer) Bluesky Disrupted by Sophisticated DDoS Attack (SecurityWeek) Who is liable when artificial intelligence makes mistakes? (Financial Times) Insurance carriers quietly back away from covering AI outputs (CSO Online) Compensation vs. Burnout: The New Retention Calculus for Cybersecurity Leaders (Security Boulevard) Watch out, hackers are abusing Apple account notifications to distribute malware, steal money and data (TechRadar) British Scattered Spider Hacker Pleads Guilty in the US (SecurityWeek) Business Briefing for 04.15.26 (CyberWire Pro) Dutch navy frigate tracked by mailing it a Bluetooth tracker (The Register) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of Career Notes. Jaya Baloo, a Chief Information Security Officer from Avast sits down to share her story, sharing how she got into the technology field at a younger age with being introduced to computers and games on her PS 24. She started off going to college for political science and after not knowing what to do after that, she got her first start in cybersecurity. After falling in love with cybersecurity she kept moving up the ranks in different organizations before finding herself at Avast. She shares that at Avast she leans on her team quite a bit and you should never be afraid to bounce ideas off of your teammates. She says "The best ideas come from like bouncing ideas off of each other, sharing within the group and then if I can't figure it out myself, that's why I hire these amazing individuals it's to help me figure it out." We thank Jaya for sharing her story. Learn more about your ad choices. Visit megaphone.fm/adchoices

Today we are joined by Dr. Darren Williams, Founder and CEO of BlackFog, to discuss his team's work on "Steaelite RAT Enables Double Extortion Attacks from a Single Panel." A new remote access trojan, Steaelite, is being marketed on underground forums as an all-in-one platform that combines remote access, credential theft, surveillance, and ransomware deployment through a single browser-based dashboard. Unlike traditional cybercrime toolchains, it merges data exfiltration and ransomware capabilities into one interface, with automated credential harvesting beginning as soon as a victim is infected. The tool signals a growing shift toward streamlined “double extortion” attacks, where data theft and encryption happen within the same system—raising the stakes for defenders to stop threats before data is exfiltrated. The research and executive brief can be found here: Steaelite RAT Enables Double Extortion Attacks from a Single Panel Learn more about your ad choices. Visit megaphone.fm/adchoices

The House extends Section 702, for now. Mythos raises fresh cyber risk concerns. CISA warns of reduced capacity. ZionSiphon targets Israeli water systems. Operation PowerOFF hits DDoS-for-hire networks. CISA flags an actively exploited ActiveMQ flaw. WordPress plugin supply chain attacks spread. China tests deep-sea cable-cutting tech. Our guest is Arvind Nithrakashyap, CTO and Co-Founder of Rubrik, discussing AI as the next frontier. Tim Starks from CyberScoop takes us Inside the FBI's recent router takedown. A DraftKings data dealer meets his downfall.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, ⁠Daily Briefing⁠, and you'll never miss a beat. And be sure to follow CyberWire Daily on ⁠LinkedIn⁠. Industry Voices On today's Industry Voices segment, we are joined by ⁠Arvind Nithrakashyap⁠, CTO and Co-Founder of ⁠Rubrik⁠, discussing AI as the next frontier. If you enjoyed this conversation, check out the full interview here.  CyberWire Guest Today we have ⁠Tim Starks⁠ from ⁠CyberScoop⁠ discussing Inside the FBI's router takedown that cut off APT28's ‘tremendous access'.  Selected Reading ⁠House extends surveillance powers for 10 days⁠ (NPR) ⁠White House Works to Give US Agencies Anthropic Mythos AI⁠ (Bloomberg) ⁠Lawmakers Gathered Quietly to Talk About AI. Angst and Fears of ‘Destruction' Followed⁠ (SecurityWeek) ⁠How Anthropic Discovered Mythos AI Was Too Dangerous For Release⁠ (Bloomberg) ⁠CISA Warns of 'Detrimental Capacity Impacts' Amid Shutdown⁠ (BankInfo Security) ⁠New ZionSiphon Malware Discovered Targeting Israeli Water Systems⁠ (Hackread) ⁠Europol-supported global operation targets over 75 000 users engaged in DDoS attacks⁠ (Europol) ⁠CISA flags Apache ActiveMQ flaw as actively exploited in attacks⁠ (Bleeping Computer) ⁠30+ WordPress plugins bought on Flippa and backdoored in supply chain attack⁠ (TNW) ⁠New undersea cable cutter risks Internet's backbone⁠ (Ars Technica) ⁠Man gets 30 months for selling thousands of hacked DraftKings accounts⁠ (Bleeping Computer) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our ⁠brief listener survey⁠. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at ⁠sponsor.thecyberwire.com⁠. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

NIST struggles with an NVD backlog. Cisco and Splunk ship critical patches. Researchers flag a systemic flaw in Anthropic's MCP. ShinyHunters leak 13.5 million McGraw Hill accounts. Cargo theft goes cyber. A Tennessee hospital breach hits 337,000 patients. Two Americans are sentenced in a North Korean fake-IT-worker scheme. Our guest is Rob Allen, Chief Product Officer at ThreatLocker, describing security gaps addressed by zero trust. OpenAI lets security teams take off the training wheels.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today's Industry Voices segment we are joined by Rob Allen, Chief Product Officer at ThreatLocker, security gaps addressed by zero trust. If you enjoyed this conversation check out the full interview here. Selected Reading NIST Drops NVD Enrichment for Pre-March 2026 Vulnerabilities (Infosecurity Magazine) Cisco says critical Webex Services flaw requires customer action (Bleeping Computer) Splunk Enterprise Update Patches Code Execution Vulnerability (SecurityWeek) Systemic Flaw in MCP Protocol Could Expose 150 Million Downloads (Infosecurity Magazine) Data breach at edtech giant McGraw Hill affects 13.5 million accounts (Bleeping Computer) Freight Hacker Wields Code-Signing Service to Evade Defenses (GovInfo Security) Data Breach at Tennessee Hospital Affects 337,000 (SecurityWeek) US nationals behind DPRK IT worker 'laptop farm' sent to prison (Bleeping Computer) OpenAI Launches GPT-5.4 Cyber And It's Built Specifically for Defenders (TechGlow) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Patch Tuesday. CISA directs furloughed employees back to work.  Experts warn Anthropic's Glasswing signals a new era of AI-driven vulnerability discovery. Federal prosecutors crack down on chip smuggling. Sweden says a pro-Russian cyber group attempted to disrupt power plant operations. A fake app in Apple's App Store drains crypto wallets. Virginia bans the sale of precise geolocation data. Our guest is Johnny Hand, VP for AI Excellence at TrendAI, discussing AI operational discipline. Do you need to buy a separate seat for your AI agent? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today on our Industry Voices segment, we are joined by ⁠Johnny Hand⁠, VP for AI Excellence at ⁠TrendAI⁠, discussing AI operational discipline and real-world cyber impact. If you enjoyed this conversation, check out the full interview here. Selected Reading Microsoft Patch Tuesday for April 2026 fixed actively exploited SharePoint zero-day (Security Affairs) ICS Patch Tuesday: 8 Industrial Giants Publish New Security Advisories (SecurityWeek) Adobe Patches 55 Vulnerabilities Across 11 Products (SecurityWeek) CISA Workers Recalled Despite Shutdown (GovInfoSecurity) CISA cancels summer internships for cyber scholarship students amid DHS funding lapse (CyberScoop) Anthropic's Mythos signals a structural cybersecurity shift (CSO Online) We're only seeing the tip of the chip-smuggling iceberg (CyberScoop) Swedish power plant targeted by pro-Russian group in 2025, government says (Reuters) Exclusive: Russia-linked hackers compromised scores of Ukrainian prosecutors' email accounts, data shows (Reuters) Users lose $9.5 million to fake Ledger wallet app on the Apple App Store (web3isgoinggreat) Virginia enacts ban on precise geolocation data sales as momentum for similar prohibitions builds (The Record) Microsoft exec suggests AI agents will need to buy software licenses, just like employees (Business Insider) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

France pushes digital sovereignty. Adobe rushes an Acrobat Reader patch. Booking.com confirms a targeted breach. SAP fixes a critical SQL injection bug. A sanctions-dodging fraud network resurfaces. ViperTunnel infiltrates U.S. and U.K. firms. GlassWorm spreads across developer tools. Researchers dissect Predator spyware's kernel engine. A lawsuit challenges AI transcription in hospitals. Ted Shorter from Keyfactor unpacks quantum computing at scale. On our Threat Vector segment, David Moulton and ⁠Elad Koren⁠ pull back the curtain on agentic-first security. Preparing for post-quantum perils.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Ted Shorter, CTO and Co-Founder of Keyfactor, discussing the advent of quantum computing at scale, known as "Q-Day". Threat Vector Host David Moulton speaks with returning guest ⁠Elad Koren⁠, Vice President of Product Management for Cortex Cloud at ⁠Palo Alto Networks⁠ on this Threat Vector segment. Together they pull back the curtain on what an agentic-first security experience actually looks like in practice. This isn't a vision deck. The agents are already running. To listen to the full conversation, check it out here. Catch new episodes of Threat Vector every Thursday on your favorite podcast app. Selected Reading France Tees Up Big Public Sector Move Away From US Tech (BankInfo Security) Adobe rolls out emergency fix for Acrobat, Reader zero-day flaw (Bleeping Computer) Booking.com Confirms Data Breach as Hackers Access Customer Details (Hackread) SAP Patches Critical ABAP Vulnerability (SecurityWeek) Triad Nexus Evades Sanctions to Fuel Cybercrime (SecurityWeek) Ransomware-Linked ViperTunnel Malware Hits UK and US Businesses (Hackread) GlassWorm evolves with Zig dropper to infect multiple developer tools (Security Affairs) Predator Spyware's iOS Kernel Exploitation Engine: PAC Bypass, NEON R/W & More (Jamf Threat Labs) Lawsuit: AI Illegally Recorded Doctor-Patient Encounters (BankInfo Security) World Quantum Day (WorldQuantimDay) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The FBI disrupts a multi-million-dollar phishing ring. A North Korea-linked supply chain attack hits OpenAI. Developers face a Slack phishing campaign. A critical Python notebook flaw is exploited in hours. ShinyHunters target Rockstar Games. A Japanese shipping firm reports a breach. Tracking the cybersecurity winners and losers in Trump's 2027 budget, plus a claimed cyberattack on UAE infrastructure. Business breakdown. Our guest is Justin Kohler, Chief Product Officer at SpecterOps, discussing Identity Attack Path Management. Crackdowns at home push scam networks abroad.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today's Industry Voices, we are joined by Justin Kohler, Chief Product Officer at SpecterOps, discussing Identity Attack Path Management. If you enjoyed this conversation, tune into the full interview here. Selected Reading FBI Dismantles $20m Phishing Operation W3LL (Infosecurity Magazine) The cyber winners and losers in Trump's 2027 budget (CSO Online) Handala carries out unprecedented cyberattack against critical UAE Infrastructure (PressTV) OpenSSF Flags Malware Campaign on Slack Posing as Linux Foundation Figures (HackRead) OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack (SecurityWeek) Critical Marimo pre-auth RCE flaw now under active exploitation (Bleeping Computer) GTA-maker Rockstar Games hacked again but downplays impact (BBC) NYK alerts on data breach in bunker fuel procurement system (Manifold Times) Business Briefing for 04.08.26 (The CyberWire)  China Is Cracking Down on Scams. Just Not the Ones Hitting Americans (WIRED) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of Career Notes. Mark Logan, CEO of One Identity, sits down to share his story, explaining how he fit into different roles growing up in different companies. Mark has nearly two decades of C-Suite experience at an array of different organizations, finally landing on his current position as the CEO at One Identity. Sharing his different roles, he also gives a quote from Steve Jobs, saying "it's not what I say yes to, it's what I say no to." He believes that's a key area for his workers because when he is able to make up his mind, his team and his customers have someone they can rely on. Mark says that as a CEO he wants to share the advice of always marching towards your goals, and identifying that different people have different goals because they work in different fields, but that's what makes a company work best. He says "I've found that the more you can delegate, provided you've got the right folks in place the better." We thank Mark for sharing his story. Learn more about your ad choices. Visit megaphone.fm/adchoices

What does a modern cyberattack really look like from the inside? In this CyberWire-X episode, Dave Bittner speaks with John Anthony Smith, Founder and Chief Security Officer of Fenix24. This conversation takes us step by step as an attacker breaks into a target environment – probing for weaknesses, exploiting entry points, escalating privileges, and moving laterally until they reach their objective. While the attack unfolds, listeners are privy to a behind-the-scenes commentary that reveals the tradecraft: the scripts, misconfigurations, overlooked alerts, and the moments defenders could have stopped the intrusion and, most importantly, prepared for the day through a defense that locks down data and enables a quick and full recovery. This is not a theoretical review or a highlight reel. It's a candid, technical, and eye-opening journey through the full kill chain that will reshape listeners think about detection, incident readiness, and resilience. Learn more about your ad choices. Visit megaphone.fm/adchoices

Today we are joined by Selena Larson, Threat Researcher from Proofpoint research team and co-host of Only Malware in the Building, talking about their work on "(Don't) TrustConnect: It's a RAT in an RMM hat." Proofpoint uncovered TrustConnect, a malware-as-a-service platform posing as a legitimate remote monitoring and management (RMM) tool, but actually functioning as a remote access trojan (RAT) sold to cybercriminals for $300/month. The operation used a fake business website, legitimate-looking certificates, and branded installers (like fake Microsoft Teams or Zoom apps) to trick victims, while providing attackers with full remote control, file transfer, and surveillance capabilities. Although parts of its infrastructure were disrupted, the threat actor quickly rebounded with new variants, highlighting both the resilience of the operation and its deep ties to the broader cybercriminal ecosystem abusing RMM tools. The research and executive brief can be found here: (Don't) TrustConnect: It's a RAT in an RMM hat Learn more about your ad choices. Visit megaphone.fm/adchoices

The Treasury Secretary and Fed Chair summon bankers over AI concerns. A hacker claims more than 10 petabytes stolen from China's National Supercomputing Center. Recalibrating the quantum timeline. Researchers demo prompt injection against Apple Intelligence. Payroll Pirates target Canadians. Gmail gets end-to-end encryption on mobile devices. A Chrome update fixes critical vulnerabilities. A Pennsylvania cop admits creating more than 3,000 AI-generated pornographic deepfakes. Our guest is Henry Comfort, Co-Founder and CEO of Geordie AI, winner of this year's RSAC Innovation Sandbox.  FCC floats firmer filters for fraudulent phone calls. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, Dave shares coverage of the RSAC 2026 Innovation Sandbox and his conversation with Henry Comfort, Co-Founder and CEO  from the winner of “Most Innovative Startup” Geordie AI. We tip our hats to this year's finalists. Selected Reading Bessent and Powell's A.I. Anxiety  (The New York Times) Court Backs Pentagon Anthropic Ban - But the Fight Continues (GovInfo Security) A hacker has allegedly breached one of China's supercomputers and is attempting to sell a trove of stolen data (CNN) Why is the timeline to quantum-proof everything constantly shrinking? (CyberScoop) Microsoft: Canadian employees targeted in payroll pirate attacks (Bleeping Computer) Google rolls out Gmail end-to-end encryption on mobile devices (Bleeping Computer) Chrome 147 Patches 60 Vulnerabilities, Including Two Critical Flaws Worth $86,000  (SecurityWeek) Police corporal created AI porn from driver's license pics (Ars Technica) FCC proposes new rule to further crackdown on illegal robocalls (The Record) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Iran-linked hackers signal cyberattacks will continue despite the cease-fire. Microsoft restores access after suspending open-source developer accounts. John Deere settles its right-to-repair fight. A suspected Adobe Reader zero-day surfaces. Palo Alto Networks and SonicWall patch high-severity flaws. New macOS malware targets crypto wallets. A threat cluster abuses live chat to bypass MFA. CISA orders urgent Ivanti patching. Researchers track a stealthy DDoS-for-hire botnet. Our guest is Edgard Capdevielle, CEO of Nozomi Networks, sharing insights on threats posed by nation-states and AI on OT security. macOS has a 49 day time limit.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today's Industry Voices, we are joined by Edgard Capdevielle, CEO of Nozomi Networks, sharing insights on threats posed by nation-states and AI on OT security. If you enjoyed this conversation, check out the full interview here. Selected Reading Shaky Ceasefire Unlikely to Stop Cyberattacks From Iran-Linked Hackers for Long (SecurityWeek) Microsoft suspends dev accounts for high-profile open source projects (Bleeping Computer) John Deere to Pay $99 Million in Monumental Right-to-Repair Settlement (The Drive) Adobe Reader Zero-Day Exploited for Months: Researcher (SecurityWeek) Palo Alto Networks, SonicWall Patch High-Severity Vulnerabilities (SecurityWeek) New macOS Malware notnullOSX Targets Crypto Wallets Over $10K (Hackread) Google Warns of New Threat Group Targeting BPOs and Helpdesks (Infosecurity Magazine) Masjesu Rising: The Commercial IoT Botnet Built for Stealth, DDoS, and IoT Evasion (Trellix) CISA orders feds to patch exploited Ivanti EPMM flaw by Sunday (Bleeping Computer) We Found a Ticking Time Bomb in macOS TCP Networking - It Detonates After Exactly 49 Days (Photon Blog) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Federal agencies warn Iranian-linked hackers are probing U.S. critical infrastructure, while the DOJ disrupts a Russian router hijacking campaign. Cyberattacks hit Minnesota government systems and force a Massachusetts hospital to divert ambulances. Anthropic limits access to its new AI bug-hunting model, hackers leak terabytes of LAPD data, and researchers warn of a rise in AI recommendation poisoning. Our guest is Benny Czarny, Founder and CEO of OPSWAT, discussing his book "Cybersecurity Upside Down: Rethink Your Cybersecurity Strategy." Japan trades red tape for training data.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today's Industry Voices, we are joined by Benny Czarny, Founder and CEO of OPSWAT, discussing his book "Cybersecurity Upside Down: Rethink Your Cybersecurity Strategy." If you enjoyed this interview, check out the full conversation here. Selected Reading Iran-Linked Hackers Are Sabotaging US Energy and Water Infrastructure (WIRED) Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure (FBI Internet Crime Complaint Center (IC3)) Pro-Iran Group Takes Credit for Cyberattacks on Chime, Pinterest (Bloomberg) US disrupts Russian military-run DNS hijacking network, Justice Department says (Reuters) Frostarmada forest blizzard dns hijacking (Lumen Technologies Black Lotus Labs)  Minnesota governor orders emergency support for cyberattack disrupting county's 'critical systems' (StateScoop) Massachusetts hospital turning ambulances away after cyberattack (The Record) What Anthropic Glasswing reveals about the future of vulnerability discovery (CSO Online) Sensitive LAPD records leaked in hack of L.A. city attorney's office (LA Times)  Manipulating AI memory for profit: The rise of AI Recommendation Poisoning (Microsoft Security Blog) Japan relaxes privacy laws to make AI development easy (The Register) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA faces a $700 million budget cut. Russian and Iranian cyber cooperation raises concerns. New BPFDoor variants emerge. Cybercrime losses climb again. Researchers advance a GPU Rowhammer attack. Northern Ireland schools go offline after a breach. An alleged hacker-for-hire faces U.S. charges. And German police name the suspected REvil mastermind. Our guest is John Anthony Smith, Founder and Chief Security Officer at Fenix24, explaining why more technology hasn't made us more secure. A frustrated researcher drops the hammer.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today's Industry Voices segment, John Anthony Smith, Founder and Chief Security Officer at Fenix24, discusses why more technology hasn't made us more secure. Check out the full conversation here. Selected Reading White House Seeks to Slash CISA Funding by $707 Million (SecurityWeek) Exclusive: Russia supplies Iran with cyber support, spy imagery to hone attacks, Ukraine says (Reuters) New Whitepaper: Stealthy BPFDoor Variants are a Needle That Looks Like Hay (Rapid7)  FBI Internet Crime Complaint Center (IC3) Report 2025 (FBI Internet Crime Complaint Center (IC3)) GPUBreach: Root Shell Access Achieved via GPU Rowhammer Attack (SecurityWeek) Cyberattack hits Northern Ireland's centralized school network, disrupting access for thousands (The Record) Suspect in Hacking of Climate Activists Is Extradited to New York (New York Times)  German Police Unmask REvil Ransomware Leader (SecurityWeek) Disgruntled researcher leaks “BlueHammer” Windows zero-day exploit (Bleeping Computer) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Fortinet releases an emergency update for a critical vulnerability. A major outage disrupts Russian banking apps. A new report highlights critical skills gaps. CyberCorp scholars struggle to secure jobs. Scammers use QR codes in fake traffic violation schemes. A proposed lawsuit accuses Perplexity of oversharing users' AI transcripts. Cambodia outlaws scam centers. Scammers impersonate Harvard IT staff. With “wrench attack” threats of violence, life imitates art. Kevin Magee from Microsoft for Startups describes emerging trends. On Afternoon Cyber Tea with Ann Johnson, Ann speaks with Allie Mellen about her new book "Code War: How Nations Hack, Spy, and Shape the Digital Battlefield." Users find Copilot's terms of use highly entertaining. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today on our Industry Voices segment, we are joined by Kevin Magee from Microsoft for Startups discussing how cybersecurity startups can succeed by focusing on real problems and navigating emerging trends. Tune into the full conversation here. Afternoon Cyber Tea On this segment of Afternoon Cyber Tea with Ann Johnson, Ann speaks with Allie Mellen about her new book "Code War: How Nations Hack, Spy, and Shape the Digital Battlefield." You can listen to the full conversation here and catch new episodes of Afternoon Cyber Tea every other Tuesday on your favorite podcast app. Selected Reading New FortiClient EMS flaw exploited in attacks, emergency patch released (Bleeping Computer) Major outage hits Russian banking apps, metro payments across regions (The Record) SANS 2026 report flags cybersecurity skills crisis, putting critical infrastructure and OT sectors at measurable breach risk (Industrial Cyber) CyberCorps grads consider private sector as fed hiring challenges persist (Federal News Network) Traffic violation scams switch to QR codes in new phishing texts (Bleeping Computer) Perplexity's "Incognito Mode" is a "sham," lawsuit says (Ars Technica) Cambodian parliament passes landmark cybercrime law after scam centre scrutiny (Reuters) Harvard Warns of Active Cyberattack Impersonating IT Staff and Targeting Affiliates (The Crimson) Wealthy California crypto holders targeted in violent ‘wrench attacks' (KTLA) Security (xkcd) Censys raises $70 million in a Series D round. (N2K Pro Business Briefing)   Even Microsoft know Copilot can't be trusted (The Register) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our ⁠brief listener survey⁠. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at ⁠sponsor.thecyberwire.com⁠. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of Career Notes. Anjali Hansen, a Senior Privacy Counselor from Noname Security shares her story as she climbed through the ranks to get to where she is today. When Anjali started, she wanted to do international law. She started working for the International Trade Commission after law school, where she was able to gain most of her experience and real world abilities. Working with online fraud and abuse, she shares, concerned her, because it felt like governments could not protect organizations from threats occurring, which is how she got interested in cybercrime. From there, she moved to Noname Security, and in working there, she found that she is working with every group in the organization, creating a cross team collaboration, saying how much she admires that type of model. She says "We have to help other departments protect the data because the data's throughout an organization, it's in HR, it's in sales and marketing, it's in IT, it's in finance. So you have to be able to work with all these teams." We thank Anjali for sharing her story. Learn more about your ad choices. Visit megaphone.fm/adchoices

This week, we are joined by Santiago Pontiroli, Threat Intelligence Research Lead from Acronis TRU team, discussing their work on "New year, new sector: Transparent Tribe targets India's startup ecosystem." The Acronis Threat Research Unit uncovered a new campaign by Transparent Tribe showing the group has expanded beyond traditional government and defense targets to India's startup ecosystem, especially cybersecurity and OSINT-focused firms. The attackers use startup-themed lures delivered via ISO files and malicious shortcuts to deploy Crimson RAT, a highly obfuscated tool capable of surveillance, data theft, and system control. Despite this shift, the campaign closely mirrors the group's long-standing espionage tactics, suggesting startups are being targeted for their connections to government, law enforcement, and sensitive intelligence networks. The research and executive brief can be found here: New year, new sector: Transparent Tribe targets India's startup ecosystem Learn more about your ad choices. Visit megaphone.fm/adchoices

Cloud data centers come under fire in wartime. A massive dark web intelligence database is exposed. Chinese hackers exploit a video conferencing zero-day. The intelligence community rolls out cyber modernization plans. React2Shell attacks spread at scale. Iowa sues UnitedHealth over the Change Healthcare breach. France moves to bar kids from social media. Researchers warn about hidden risks in power regulation. An insider extortion plot locks admins out of hundreds of servers. Our guest Brandon Karpf, friend of the show, with insights on the war in Iran. Espresso exploit exposes executive emails.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Brandon Karpf, friend of the show, discussing defending critical infrastructure against Iran. Selected Reading What Happens When Data Centers Become Military Targets? (GovInfo Security) Shared EnemShared Enemy: Inside a Chinese Dark Web Monitoring Database | UpGuardy: Inside a Chinese Dark Web Monitoring Database (UpGuard) TrueConf Zero-Day Exploited in Asian Government Attacks (SecurityWeek) ODNI tackles AI, threat hunting, app cybersecurity in year-one tech review (CyberScoop) React2Shell Exploited in Large-Scale Credential Harvesting Campaign (SecurityWeek) State AG Sues Change Healthcare in 2024 Ransomware Attack (GovInfo Security) French Senate passes bill that would ban children under 15 from social media (The Record) The silent dependency: DC power regulation in cyber‑physical security (NCC Group) Man admits to locking thousands of Windows devices in extortion plot (Bleeping Computer) The company's biggest security hole lived in the breakroom (The Register) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

A fake WhatsApp spreads spyware. The State Department pushes embassies to counter influence ops. Cisco patches critical bugs. CrystalRAT hits Telegram. A Texas hospital breach affects 250,000. HHS reshuffles IT oversight. China-linked spies target Europe. EvilTokens hijacks Microsoft accounts. Ransomware hits a North Dakota water plant. Sumedh Thakar, President and CEO of Qualys, discusses how cybersecurity is shifting toward managing real business risk. Tales of a tortoise's termination have been greatly exaggerated.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest We will be sharing a series of interviews we held at RSAC 2026 over the next few weeks. Sumedh Thakar, President and CEO of Qualys, discusses how cybersecurity is shifting toward managing real business risk amid rapid technological change. If you enjoyed this interview, check out the full conversation here. Selected Reading WhatsApp notifies hundreds of users who installed a fake app made by government spyware maker (TechCrunch) Trump Officials Try to Fight Foreign Disinformation They Once Dismissed (The New York Times) Cisco Patches Critical and High-Severity Vulnerabilities (SecurityWeek) New CrystalRAT malware adds RAT, stealer and prankware features (Bleeping Computer) 250,000 Affected by Data Breach at Nacogdoches Memorial Hospital (SecurityWeek) HHS Shuffles Internal Cyber, AI Oversight Back to CIO Office (GovInfo Security) European-Chinese geopolitical issues drive renewed cyberespionage campaign (CyberScoop) New EvilTokens service fuels Microsoft device code phishing attacks (Bleeping Computer) North Dakota water treatment plant reports March ransomware attack (The Record)  World's oldest tortoise caught in viral crypto death scam | St Helena (The Guardian) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Iran's cyber campaign continues. North Korea targets the axios NPM package. Cisco suffers a Trivy-related breach. Claude's code leak unveils broad capabilities. The DOD's zero-trust efforts are slow-going. A proposed class action suit accuses Perplexity of oversharing. Google patches another Chrome zero-day. The FBI warns against using foreign-developed mobile apps. Christy Wyatt, CEO from Absolute Security, discussing why cyber risk is now a business continuity problem. A city circulates cameras to cultivate crime control.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest We will be sharing a series of interviews we held at RSAC 2026 over the next few weeks. Christy Wyatt, CEO from Absolute Security, discussing why cyber risk is now a business continuity problem. If you enjoyed this conversation, tune in here to listen to the full interview. Selected Reading Iran's hackers are on the offensive against the US and Israel (Ars Technica) Cisco Source Code and AWS Keys Stolen in Trivy Supply Chain Attack (Beyond Machines) Claude Code's source reveals extent of system access (The Register) Pentagon's Zero Trust Push Faces a 2027 Reality Check (GovInfo Security) Perplexity AI Machine Accused of Sharing Data With Meta, Google (Bloomberg) Google fixes fourth Chrome zero-day exploited in attacks in 2026 (Bleeping Computer) FBI warns against using Chinese mobile apps due to privacy risks (Bleeping Computer) North Korea-Nexus Threat Actor Compromises Widely Used Axios NPM Package in Supply Chain Attack (Google Cloud Blog)  Silicon Valley city to give residents doorbells equipped with cameras (The Guardian) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Iranian-linked hackers warn of possible “irreparable” attacks on U.S. water systems. CISA pushes urgent fixes for a critical Citrix flaw. The Dutch Finance Ministry takes systems offline after a breach. Space Force may scrap next-gen GPS control software. Attackers exploit a Fortinet server bug. Lloyds exposes customer transaction data. AI and regulation reshape cyber careers. The FTC settles with a dating app over data sharing. Sam Rubin, SVP, Palo Alto Networks Unit 42 Consulting and Threat Intelligence, discusses Iran's shift to identity weaponization. Wikipedia wrestles with a wayward writer. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest We will be sharing a series of interviews we held at RSAC 2026 over the next few weeks. Sam Rubin, SVP, Palo Alto Networks Unit 42 Consulting and Threat Intelligence, discussing Iran's shift to identity weaponization. If you enjoyed this conversation, tune in here to listen to the full conversation. Selected Reading Iranian Cyberthreats Test US Infrastructure Defenses (BankInfo Security) CISA tells federal agencies to patch Citrix NetScaler bug by Thursday (The Record) Dutch Ministry of Finance takes treasury systems offline amid cyber incident investigation (Security Affairs) After 16 years and $8 billion, the military's new GPS software still doesn't work (Ars Technica) Exploitation of Critical Fortinet FortiClient EMS Flaw Begins (SecurityWeek) Lloyds IT Glitch Exposed Data of Nearly 500,000 Banking Customers (Infosecurity Magazine) SANS Research: The Cybersecurity Talent Shortage Narrative Is Wrong. The Real Crisis Is Skills, and AI Just Rewrote the List. (Yahoo Finance) FTC Takes Action Against Match and OkCupid for Deceiving Users by Sharing Personal Data with Third Party (FTC) Business Briefing (N2K Pro)  An AI Agent Was Banned From Creating Wikipedia Articles, Then Wrote Angry Blogs About Being Banned (404 Media) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of CISO Perspectives. In the season finale of CISOP, Kim Jones is joined by N2K's own Ethan Cook to reflect on the conversations that shaped this season. Together, they revisit standout moments from Kim's interviews, unpacking their significance and getting Ethan's fresh perspective on the cybersecurity workforce challenge—as someone viewing the industry from the outside. Since the mid-season reflection, Kim has explored a wide range of workforce issues, including skills mapping, talent identification, and the evolving strategies needed to close cybersecurity's talent gap. Learn more about your ad choices. Visit megaphone.fm/adchoices

Iran-linked hackers claim a breach of the FBI director's personal email. ShinyHunters hit the European Commission. F5 and Citrix warn of actively exploited flaws. A WordPress plugin exposes hundreds of thousands of sites. Infinity Stealer targets macOS users. A Russian APT adopts a new iOS exploit kit. Treasury weighs a cyber insurance backstop. DHS clears suspended CISA staff. Our guest is Brian Long, CEO and Co-Founder of Adaptive Security, discussing deepfake job hires and the new identity attack surface. Bureaucrats bless a black-box behemoth. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest We will be sharing a series of interviews we held at RSAC 2026 over the next few weeks. Today, Dave Bittner is joined by Brian Long, CEO and Co-Founder of Adaptive Security, discussing deepfake job hires and the new identity attack surface. AI-generated identities are turning the hiring process into a new entry point for attackers. The solution isn't spotting perfect fakes — it's building stronger identity verification into hiring. Tune into the full conversation here. Selected Reading Iran-linked hackers breach FBI director's personal email, publish photos and documents European Commission confirms data breach after Europa.eu hack Hackers now exploit critical F5 BIG-IP flaw in attacks, patch now Critical Citrix NetScaler Vulnerability Exploited in the Wild - Infosecurity Magazine File read flaw in Smart Slider plugin impacts 500K WordPress sites New Infinity Stealer malware grabs macOS data via ClickFix lures Russian APT Star Blizzard Adopts DarkSword iOS Exploit Kit - SecurityWeek US Treasury Weighs Cyber Insurance Backstop - GovInfoSecurity DHS drops investigation into former acting CISA chief's failed polygraph exam - Nextgov/FCW Federal Cyber Experts Thought Microsoft's Cloud Was “a Pile of Shit.” They Approved It Anyway Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of Career Notes. David Nosibor, Product Lead for SafeCyber at UL Solutions, started his career in a unique way by not letting himself be pigeonholed. Within his company, David was able to grow to the position he is in now and says that his position feels like a lot of roles tied into one. He says that on any given day he is tackling all sorts of elements, such as marketing, operations, working with the engineering team, figuring out ways to acquire customers, retain them, and also working on sales and business development capabilities. He also says that constantly learning and getting new opportunities was how he ended up being where he is today. David states that staying focused and being on the lookout for ways to accomplish the mission is the best way for him in his company to democratize product security. He quotes the famous singer Sean Carter in saying that he firmly believes in taking calculated risks to get where you need to be going. We thank David for sharing his story. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this special edition of CyberWire Daily's 10th anniversary series, N2K CyberWire's Maria Varmazis and Dave Bittner discuss the biggest breaches over the past 10 years. The foundational 2014 Sony hack kicks off our conversation, then Maria and Dave highlight: the 2015 OPM breach, which exposed sensitive security-clearance data and was attributed to long-term access by China amid outdated government systems and security 2017's WannaCry and NotPetya's global disruption and Equifax's ongoing fallout the 2020 SolarWinds breach underscored supply-chain risks and raised concerns about potential personal criminal liability for CISOs. The conversation illustrates two main threat-actor categories—nation-state espionage and financially motivated criminals—and the increasingly blurred lines between them. Join us as we reflect on how the industry and cybercrime have evolved over the past decade. Learn more about your ad choices. Visit megaphone.fm/adchoices

Omer Ninburg, CTO of Novee Security, joins us on this episode of Research Saturday to discuss their work on "From PDF to Pwn: Scalable 0day Discovery in PDF Engines and Services Using Multi-Agent LLMs." Historically, Portable Document Formats – the immutable, localized PDF – was once considered a “safe” component inside enterprise environments. That is no longer the case. To demonstrate how PDF services and engines can be exploited, the team at Novee used their proprietary, multi-agent LLM system to uncover vulnerability patterns, and systematically scale them into a broad discovery campaign across two PDF vendor ecosystems. The research uncovered 16 verified vulnerabilities across client-side PDF viewers, embedded plugins, and server-side PDF services. The research and executive brief can be found here: ⁠From PDF to Pwn: Scalable 0day Discovery in PDF Engines and Services Using Multi-Agent LLMs Hacker-Trained AI Discovers 16 New 0-Day Vulnerabilities in PDF Engines Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA warns of actively exploited Langflow vulnerability. CISA flags critical PTC Windchill vulnerability. Phishing activity surges amid war in Iran. Google moves up their post-quantum timeline. Alleged RedLine infostealer developer faces thirty years in a US prison. Bearlyfy hacktivists launch disruptive ransomware campaign in Russia. FCC moves to crack down on robocallers and foreign call centers. Anti-piracy group takes down AnimePlay streaming platform. N2K's  Maria Varmazis and Dave Bittner are previewing the biggest breaches in the past 10 years. And what happens when hackers call the game? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Daily at 10: The breaches we still talk about.   This installment celebrating 10 years of the CyberWire Daily podcast finds N2K's  Maria Varmazis and Dave Bittner previewing the biggest breaches in the past 10 years. You can tune in Sunday to your CyberWire Daily podcast feed to hear their full conversation. Selected Reading CISA: New Langflow flaw actively exploited to hijack AI workflows (Bleeping Computer)  CISA Flags Critical PTC Vulnerability That Had German Police Mobilized (SecurityWeek) War in the Middle East Triggers Surge in Phishing and Malware Campaigns Targeting Gulf Countries (Bitdefender) Google moves post-quantum encryption timeline up to 2029 (CyberScoop) Alleged RedLine malware developer extradited to US, faces up to 30 years (The Record) Pro-Ukraine hacker group Bearlyfy targets Russian companies with custom ransomware (The Record) FCC pushes new rules to crack down on robocallers, foreign call centers (CyberScoop) Anti-piracy coalition takes down AnimePlay app with 5 million users (Bleeping Computer)  AFC Ajax drops ball as hackers transfer tickets, lift bans (The Register) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

As the emphasis on improving cybersecurity has continued to grow, so has the number of vendors offering a range of cybersecurity services. However, despite the value many of these vendors bring, the relationship between vendors and clients has become strained. In this episode, Kim explores this relationship, offering his thoughts on this relationship and what both sides can do to better to improve this dynamic. Want more CISO Perspectives? Check out a companion ⁠⁠blog post⁠⁠ by our very own Ethan Cook, where he breaks down key insights, shares behind-the-scenes context, and highlights research that complements this episode. It's the perfect follow-up if you're curious about the cyber talent crunch and how we can reshape the ecosystem for future professionals. Learn more about your ad choices. Visit megaphone.fm/adchoices