The CyberWire

Patch Tuesday. CISA directs furloughed employees back to work.  Experts warn Anthropic's Glasswing signals a new era of AI-driven vulnerability discovery. Federal prosecutors crack down on chip smuggling. Sweden says a pro-Russian cyber group attempted to disrupt power plant operations. A fake app in Apple's App Store drains crypto wallets. Virginia bans the sale of precise geolocation data. Our guest is Johnny Hand, VP for AI Excellence at TrendAI, discussing AI operational discipline. Do you need to buy a separate seat for your AI agent? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today on our Industry Voices segment, we are joined by ⁠Johnny Hand⁠, VP for AI Excellence at ⁠TrendAI⁠, discussing AI operational discipline and real-world cyber impact. If you enjoyed this conversation, check out the full interview here. Selected Reading Microsoft Patch Tuesday for April 2026 fixed actively exploited SharePoint zero-day (Security Affairs) ICS Patch Tuesday: 8 Industrial Giants Publish New Security Advisories (SecurityWeek) Adobe Patches 55 Vulnerabilities Across 11 Products (SecurityWeek) CISA Workers Recalled Despite Shutdown (GovInfoSecurity) CISA cancels summer internships for cyber scholarship students amid DHS funding lapse (CyberScoop) Anthropic's Mythos signals a structural cybersecurity shift (CSO Online) We're only seeing the tip of the chip-smuggling iceberg (CyberScoop) Swedish power plant targeted by pro-Russian group in 2025, government says (Reuters) Exclusive: Russia-linked hackers compromised scores of Ukrainian prosecutors' email accounts, data shows (Reuters) Users lose $9.5 million to fake Ledger wallet app on the Apple App Store (web3isgoinggreat) Virginia enacts ban on precise geolocation data sales as momentum for similar prohibitions builds (The Record) Microsoft exec suggests AI agents will need to buy software licenses, just like employees (Business Insider) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

France pushes digital sovereignty. Adobe rushes an Acrobat Reader patch. Booking.com confirms a targeted breach. SAP fixes a critical SQL injection bug. A sanctions-dodging fraud network resurfaces. ViperTunnel infiltrates U.S. and U.K. firms. GlassWorm spreads across developer tools. Researchers dissect Predator spyware's kernel engine. A lawsuit challenges AI transcription in hospitals. Ted Shorter from Keyfactor unpacks quantum computing at scale. On our Threat Vector segment, David Moulton and ⁠Elad Koren⁠ pull back the curtain on agentic-first security. Preparing for post-quantum perils.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Ted Shorter, CTO and Co-Founder of Keyfactor, discussing the advent of quantum computing at scale, known as "Q-Day". Threat Vector Host David Moulton speaks with returning guest ⁠Elad Koren⁠, Vice President of Product Management for Cortex Cloud at ⁠Palo Alto Networks⁠ on this Threat Vector segment. Together they pull back the curtain on what an agentic-first security experience actually looks like in practice. This isn't a vision deck. The agents are already running. To listen to the full conversation, check it out here. Catch new episodes of Threat Vector every Thursday on your favorite podcast app. Selected Reading France Tees Up Big Public Sector Move Away From US Tech (BankInfo Security) Adobe rolls out emergency fix for Acrobat, Reader zero-day flaw (Bleeping Computer) Booking.com Confirms Data Breach as Hackers Access Customer Details (Hackread) SAP Patches Critical ABAP Vulnerability (SecurityWeek) Triad Nexus Evades Sanctions to Fuel Cybercrime (SecurityWeek) Ransomware-Linked ViperTunnel Malware Hits UK and US Businesses (Hackread) GlassWorm evolves with Zig dropper to infect multiple developer tools (Security Affairs) Predator Spyware's iOS Kernel Exploitation Engine: PAC Bypass, NEON R/W & More (Jamf Threat Labs) Lawsuit: AI Illegally Recorded Doctor-Patient Encounters (BankInfo Security) World Quantum Day (WorldQuantimDay) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The FBI disrupts a multi-million-dollar phishing ring. A North Korea-linked supply chain attack hits OpenAI. Developers face a Slack phishing campaign. A critical Python notebook flaw is exploited in hours. ShinyHunters target Rockstar Games. A Japanese shipping firm reports a breach. Tracking the cybersecurity winners and losers in Trump's 2027 budget, plus a claimed cyberattack on UAE infrastructure. Business breakdown. Our guest is Justin Kohler, Chief Product Officer at SpecterOps, discussing Identity Attack Path Management. Crackdowns at home push scam networks abroad.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today's Industry Voices, we are joined by Justin Kohler, Chief Product Officer at SpecterOps, discussing Identity Attack Path Management. If you enjoyed this conversation, tune into the full interview here. Selected Reading FBI Dismantles $20m Phishing Operation W3LL (Infosecurity Magazine) The cyber winners and losers in Trump's 2027 budget (CSO Online) Handala carries out unprecedented cyberattack against critical UAE Infrastructure (PressTV) OpenSSF Flags Malware Campaign on Slack Posing as Linux Foundation Figures (HackRead) OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack (SecurityWeek) Critical Marimo pre-auth RCE flaw now under active exploitation (Bleeping Computer) GTA-maker Rockstar Games hacked again but downplays impact (BBC) NYK alerts on data breach in bunker fuel procurement system (Manifold Times) Business Briefing for 04.08.26 (The CyberWire)  China Is Cracking Down on Scams. Just Not the Ones Hitting Americans (WIRED) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of Career Notes. Mark Logan, CEO of One Identity, sits down to share his story, explaining how he fit into different roles growing up in different companies. Mark has nearly two decades of C-Suite experience at an array of different organizations, finally landing on his current position as the CEO at One Identity. Sharing his different roles, he also gives a quote from Steve Jobs, saying "it's not what I say yes to, it's what I say no to." He believes that's a key area for his workers because when he is able to make up his mind, his team and his customers have someone they can rely on. Mark says that as a CEO he wants to share the advice of always marching towards your goals, and identifying that different people have different goals because they work in different fields, but that's what makes a company work best. He says "I've found that the more you can delegate, provided you've got the right folks in place the better." We thank Mark for sharing his story. Learn more about your ad choices. Visit megaphone.fm/adchoices

What does a modern cyberattack really look like from the inside? In this CyberWire-X episode, Dave Bittner speaks with John Anthony Smith, Founder and Chief Security Officer of Fenix24. This conversation takes us step by step as an attacker breaks into a target environment – probing for weaknesses, exploiting entry points, escalating privileges, and moving laterally until they reach their objective. While the attack unfolds, listeners are privy to a behind-the-scenes commentary that reveals the tradecraft: the scripts, misconfigurations, overlooked alerts, and the moments defenders could have stopped the intrusion and, most importantly, prepared for the day through a defense that locks down data and enables a quick and full recovery. This is not a theoretical review or a highlight reel. It's a candid, technical, and eye-opening journey through the full kill chain that will reshape listeners think about detection, incident readiness, and resilience. Learn more about your ad choices. Visit megaphone.fm/adchoices

Today we are joined by Selena Larson, Threat Researcher from Proofpoint research team and co-host of Only Malware in the Building, talking about their work on "(Don't) TrustConnect: It's a RAT in an RMM hat." Proofpoint uncovered TrustConnect, a malware-as-a-service platform posing as a legitimate remote monitoring and management (RMM) tool, but actually functioning as a remote access trojan (RAT) sold to cybercriminals for $300/month. The operation used a fake business website, legitimate-looking certificates, and branded installers (like fake Microsoft Teams or Zoom apps) to trick victims, while providing attackers with full remote control, file transfer, and surveillance capabilities. Although parts of its infrastructure were disrupted, the threat actor quickly rebounded with new variants, highlighting both the resilience of the operation and its deep ties to the broader cybercriminal ecosystem abusing RMM tools. The research and executive brief can be found here: (Don't) TrustConnect: It's a RAT in an RMM hat Learn more about your ad choices. Visit megaphone.fm/adchoices

The Treasury Secretary and Fed Chair summon bankers over AI concerns. A hacker claims more than 10 petabytes stolen from China's National Supercomputing Center. Recalibrating the quantum timeline. Researchers demo prompt injection against Apple Intelligence. Payroll Pirates target Canadians. Gmail gets end-to-end encryption on mobile devices. A Chrome update fixes critical vulnerabilities. A Pennsylvania cop admits creating more than 3,000 AI-generated pornographic deepfakes. Our guest is Henry Comfort, Co-Founder and CEO of Geordie AI, winner of this year's RSAC Innovation Sandbox.  FCC floats firmer filters for fraudulent phone calls. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, Dave shares coverage of the RSAC 2026 Innovation Sandbox and his conversation with Henry Comfort, Co-Founder and CEO  from the winner of “Most Innovative Startup” Geordie AI. We tip our hats to this year's finalists. Selected Reading Bessent and Powell's A.I. Anxiety  (The New York Times) Court Backs Pentagon Anthropic Ban - But the Fight Continues (GovInfo Security) A hacker has allegedly breached one of China's supercomputers and is attempting to sell a trove of stolen data (CNN) Why is the timeline to quantum-proof everything constantly shrinking? (CyberScoop) Microsoft: Canadian employees targeted in payroll pirate attacks (Bleeping Computer) Google rolls out Gmail end-to-end encryption on mobile devices (Bleeping Computer) Chrome 147 Patches 60 Vulnerabilities, Including Two Critical Flaws Worth $86,000  (SecurityWeek) Police corporal created AI porn from driver's license pics (Ars Technica) FCC proposes new rule to further crackdown on illegal robocalls (The Record) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Iran-linked hackers signal cyberattacks will continue despite the cease-fire. Microsoft restores access after suspending open-source developer accounts. John Deere settles its right-to-repair fight. A suspected Adobe Reader zero-day surfaces. Palo Alto Networks and SonicWall patch high-severity flaws. New macOS malware targets crypto wallets. A threat cluster abuses live chat to bypass MFA. CISA orders urgent Ivanti patching. Researchers track a stealthy DDoS-for-hire botnet. Our guest is Edgard Capdevielle, CEO of Nozomi Networks, sharing insights on threats posed by nation-states and AI on OT security. macOS has a 49 day time limit.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today's Industry Voices, we are joined by Edgard Capdevielle, CEO of Nozomi Networks, sharing insights on threats posed by nation-states and AI on OT security. If you enjoyed this conversation, check out the full interview here. Selected Reading Shaky Ceasefire Unlikely to Stop Cyberattacks From Iran-Linked Hackers for Long (SecurityWeek) Microsoft suspends dev accounts for high-profile open source projects (Bleeping Computer) John Deere to Pay $99 Million in Monumental Right-to-Repair Settlement (The Drive) Adobe Reader Zero-Day Exploited for Months: Researcher (SecurityWeek) Palo Alto Networks, SonicWall Patch High-Severity Vulnerabilities (SecurityWeek) New macOS Malware notnullOSX Targets Crypto Wallets Over $10K (Hackread) Google Warns of New Threat Group Targeting BPOs and Helpdesks (Infosecurity Magazine) Masjesu Rising: The Commercial IoT Botnet Built for Stealth, DDoS, and IoT Evasion (Trellix) CISA orders feds to patch exploited Ivanti EPMM flaw by Sunday (Bleeping Computer) We Found a Ticking Time Bomb in macOS TCP Networking - It Detonates After Exactly 49 Days (Photon Blog) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Federal agencies warn Iranian-linked hackers are probing U.S. critical infrastructure, while the DOJ disrupts a Russian router hijacking campaign. Cyberattacks hit Minnesota government systems and force a Massachusetts hospital to divert ambulances. Anthropic limits access to its new AI bug-hunting model, hackers leak terabytes of LAPD data, and researchers warn of a rise in AI recommendation poisoning. Our guest is Benny Czarny, Founder and CEO of OPSWAT, discussing his book "Cybersecurity Upside Down: Rethink Your Cybersecurity Strategy." Japan trades red tape for training data.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today's Industry Voices, we are joined by Benny Czarny, Founder and CEO of OPSWAT, discussing his book "Cybersecurity Upside Down: Rethink Your Cybersecurity Strategy." If you enjoyed this interview, check out the full conversation here. Selected Reading Iran-Linked Hackers Are Sabotaging US Energy and Water Infrastructure (WIRED) Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure (FBI Internet Crime Complaint Center (IC3)) Pro-Iran Group Takes Credit for Cyberattacks on Chime, Pinterest (Bloomberg) US disrupts Russian military-run DNS hijacking network, Justice Department says (Reuters) Frostarmada forest blizzard dns hijacking (Lumen Technologies Black Lotus Labs)  Minnesota governor orders emergency support for cyberattack disrupting county's 'critical systems' (StateScoop) Massachusetts hospital turning ambulances away after cyberattack (The Record) What Anthropic Glasswing reveals about the future of vulnerability discovery (CSO Online) Sensitive LAPD records leaked in hack of L.A. city attorney's office (LA Times)  Manipulating AI memory for profit: The rise of AI Recommendation Poisoning (Microsoft Security Blog) Japan relaxes privacy laws to make AI development easy (The Register) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA faces a $700 million budget cut. Russian and Iranian cyber cooperation raises concerns. New BPFDoor variants emerge. Cybercrime losses climb again. Researchers advance a GPU Rowhammer attack. Northern Ireland schools go offline after a breach. An alleged hacker-for-hire faces U.S. charges. And German police name the suspected REvil mastermind. Our guest is John Anthony Smith, Founder and Chief Security Officer at Fenix24, explaining why more technology hasn't made us more secure. A frustrated researcher drops the hammer.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today's Industry Voices segment, John Anthony Smith, Founder and Chief Security Officer at Fenix24, discusses why more technology hasn't made us more secure. Check out the full conversation here. Selected Reading White House Seeks to Slash CISA Funding by $707 Million (SecurityWeek) Exclusive: Russia supplies Iran with cyber support, spy imagery to hone attacks, Ukraine says (Reuters) New Whitepaper: Stealthy BPFDoor Variants are a Needle That Looks Like Hay (Rapid7)  FBI Internet Crime Complaint Center (IC3) Report 2025 (FBI Internet Crime Complaint Center (IC3)) GPUBreach: Root Shell Access Achieved via GPU Rowhammer Attack (SecurityWeek) Cyberattack hits Northern Ireland's centralized school network, disrupting access for thousands (The Record) Suspect in Hacking of Climate Activists Is Extradited to New York (New York Times)  German Police Unmask REvil Ransomware Leader (SecurityWeek) Disgruntled researcher leaks “BlueHammer” Windows zero-day exploit (Bleeping Computer) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Fortinet releases an emergency update for a critical vulnerability. A major outage disrupts Russian banking apps. A new report highlights critical skills gaps. CyberCorp scholars struggle to secure jobs. Scammers use QR codes in fake traffic violation schemes. A proposed lawsuit accuses Perplexity of oversharing users' AI transcripts. Cambodia outlaws scam centers. Scammers impersonate Harvard IT staff. With “wrench attack” threats of violence, life imitates art. Kevin Magee from Microsoft for Startups describes emerging trends. On Afternoon Cyber Tea with Ann Johnson, Ann speaks with Allie Mellen about her new book "Code War: How Nations Hack, Spy, and Shape the Digital Battlefield." Users find Copilot's terms of use highly entertaining. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today on our Industry Voices segment, we are joined by Kevin Magee from Microsoft for Startups discussing how cybersecurity startups can succeed by focusing on real problems and navigating emerging trends. Tune into the full conversation here. Afternoon Cyber Tea On this segment of Afternoon Cyber Tea with Ann Johnson, Ann speaks with Allie Mellen about her new book "Code War: How Nations Hack, Spy, and Shape the Digital Battlefield." You can listen to the full conversation here and catch new episodes of Afternoon Cyber Tea every other Tuesday on your favorite podcast app. Selected Reading New FortiClient EMS flaw exploited in attacks, emergency patch released (Bleeping Computer) Major outage hits Russian banking apps, metro payments across regions (The Record) SANS 2026 report flags cybersecurity skills crisis, putting critical infrastructure and OT sectors at measurable breach risk (Industrial Cyber) CyberCorps grads consider private sector as fed hiring challenges persist (Federal News Network) Traffic violation scams switch to QR codes in new phishing texts (Bleeping Computer) Perplexity's "Incognito Mode" is a "sham," lawsuit says (Ars Technica) Cambodian parliament passes landmark cybercrime law after scam centre scrutiny (Reuters) Harvard Warns of Active Cyberattack Impersonating IT Staff and Targeting Affiliates (The Crimson) Wealthy California crypto holders targeted in violent ‘wrench attacks' (KTLA) Security (xkcd) Censys raises $70 million in a Series D round. (N2K Pro Business Briefing)   Even Microsoft know Copilot can't be trusted (The Register) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our ⁠brief listener survey⁠. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at ⁠sponsor.thecyberwire.com⁠. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of Career Notes. Anjali Hansen, a Senior Privacy Counselor from Noname Security shares her story as she climbed through the ranks to get to where she is today. When Anjali started, she wanted to do international law. She started working for the International Trade Commission after law school, where she was able to gain most of her experience and real world abilities. Working with online fraud and abuse, she shares, concerned her, because it felt like governments could not protect organizations from threats occurring, which is how she got interested in cybercrime. From there, she moved to Noname Security, and in working there, she found that she is working with every group in the organization, creating a cross team collaboration, saying how much she admires that type of model. She says "We have to help other departments protect the data because the data's throughout an organization, it's in HR, it's in sales and marketing, it's in IT, it's in finance. So you have to be able to work with all these teams." We thank Anjali for sharing her story. Learn more about your ad choices. Visit megaphone.fm/adchoices

This week, we are joined by Santiago Pontiroli, Threat Intelligence Research Lead from Acronis TRU team, discussing their work on "New year, new sector: Transparent Tribe targets India's startup ecosystem." The Acronis Threat Research Unit uncovered a new campaign by Transparent Tribe showing the group has expanded beyond traditional government and defense targets to India's startup ecosystem, especially cybersecurity and OSINT-focused firms. The attackers use startup-themed lures delivered via ISO files and malicious shortcuts to deploy Crimson RAT, a highly obfuscated tool capable of surveillance, data theft, and system control. Despite this shift, the campaign closely mirrors the group's long-standing espionage tactics, suggesting startups are being targeted for their connections to government, law enforcement, and sensitive intelligence networks. The research and executive brief can be found here: New year, new sector: Transparent Tribe targets India's startup ecosystem Learn more about your ad choices. Visit megaphone.fm/adchoices

Cloud data centers come under fire in wartime. A massive dark web intelligence database is exposed. Chinese hackers exploit a video conferencing zero-day. The intelligence community rolls out cyber modernization plans. React2Shell attacks spread at scale. Iowa sues UnitedHealth over the Change Healthcare breach. France moves to bar kids from social media. Researchers warn about hidden risks in power regulation. An insider extortion plot locks admins out of hundreds of servers. Our guest Brandon Karpf, friend of the show, with insights on the war in Iran. Espresso exploit exposes executive emails.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Brandon Karpf, friend of the show, discussing defending critical infrastructure against Iran. Selected Reading What Happens When Data Centers Become Military Targets? (GovInfo Security) Shared EnemShared Enemy: Inside a Chinese Dark Web Monitoring Database | UpGuardy: Inside a Chinese Dark Web Monitoring Database (UpGuard) TrueConf Zero-Day Exploited in Asian Government Attacks (SecurityWeek) ODNI tackles AI, threat hunting, app cybersecurity in year-one tech review (CyberScoop) React2Shell Exploited in Large-Scale Credential Harvesting Campaign (SecurityWeek) State AG Sues Change Healthcare in 2024 Ransomware Attack (GovInfo Security) French Senate passes bill that would ban children under 15 from social media (The Record) The silent dependency: DC power regulation in cyber‑physical security (NCC Group) Man admits to locking thousands of Windows devices in extortion plot (Bleeping Computer) The company's biggest security hole lived in the breakroom (The Register) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

A fake WhatsApp spreads spyware. The State Department pushes embassies to counter influence ops. Cisco patches critical bugs. CrystalRAT hits Telegram. A Texas hospital breach affects 250,000. HHS reshuffles IT oversight. China-linked spies target Europe. EvilTokens hijacks Microsoft accounts. Ransomware hits a North Dakota water plant. Sumedh Thakar, President and CEO of Qualys, discusses how cybersecurity is shifting toward managing real business risk. Tales of a tortoise's termination have been greatly exaggerated.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest We will be sharing a series of interviews we held at RSAC 2026 over the next few weeks. Sumedh Thakar, President and CEO of Qualys, discusses how cybersecurity is shifting toward managing real business risk amid rapid technological change. If you enjoyed this interview, check out the full conversation here. Selected Reading WhatsApp notifies hundreds of users who installed a fake app made by government spyware maker (TechCrunch) Trump Officials Try to Fight Foreign Disinformation They Once Dismissed (The New York Times) Cisco Patches Critical and High-Severity Vulnerabilities (SecurityWeek) New CrystalRAT malware adds RAT, stealer and prankware features (Bleeping Computer) 250,000 Affected by Data Breach at Nacogdoches Memorial Hospital (SecurityWeek) HHS Shuffles Internal Cyber, AI Oversight Back to CIO Office (GovInfo Security) European-Chinese geopolitical issues drive renewed cyberespionage campaign (CyberScoop) New EvilTokens service fuels Microsoft device code phishing attacks (Bleeping Computer) North Dakota water treatment plant reports March ransomware attack (The Record)  World's oldest tortoise caught in viral crypto death scam | St Helena (The Guardian) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Iran's cyber campaign continues. North Korea targets the axios NPM package. Cisco suffers a Trivy-related breach. Claude's code leak unveils broad capabilities. The DOD's zero-trust efforts are slow-going. A proposed class action suit accuses Perplexity of oversharing. Google patches another Chrome zero-day. The FBI warns against using foreign-developed mobile apps. Christy Wyatt, CEO from Absolute Security, discussing why cyber risk is now a business continuity problem. A city circulates cameras to cultivate crime control.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest We will be sharing a series of interviews we held at RSAC 2026 over the next few weeks. Christy Wyatt, CEO from Absolute Security, discussing why cyber risk is now a business continuity problem. If you enjoyed this conversation, tune in here to listen to the full interview. Selected Reading Iran's hackers are on the offensive against the US and Israel (Ars Technica) Cisco Source Code and AWS Keys Stolen in Trivy Supply Chain Attack (Beyond Machines) Claude Code's source reveals extent of system access (The Register) Pentagon's Zero Trust Push Faces a 2027 Reality Check (GovInfo Security) Perplexity AI Machine Accused of Sharing Data With Meta, Google (Bloomberg) Google fixes fourth Chrome zero-day exploited in attacks in 2026 (Bleeping Computer) FBI warns against using Chinese mobile apps due to privacy risks (Bleeping Computer) North Korea-Nexus Threat Actor Compromises Widely Used Axios NPM Package in Supply Chain Attack (Google Cloud Blog)  Silicon Valley city to give residents doorbells equipped with cameras (The Guardian) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Iranian-linked hackers warn of possible “irreparable” attacks on U.S. water systems. CISA pushes urgent fixes for a critical Citrix flaw. The Dutch Finance Ministry takes systems offline after a breach. Space Force may scrap next-gen GPS control software. Attackers exploit a Fortinet server bug. Lloyds exposes customer transaction data. AI and regulation reshape cyber careers. The FTC settles with a dating app over data sharing. Sam Rubin, SVP, Palo Alto Networks Unit 42 Consulting and Threat Intelligence, discusses Iran's shift to identity weaponization. Wikipedia wrestles with a wayward writer. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest We will be sharing a series of interviews we held at RSAC 2026 over the next few weeks. Sam Rubin, SVP, Palo Alto Networks Unit 42 Consulting and Threat Intelligence, discussing Iran's shift to identity weaponization. If you enjoyed this conversation, tune in here to listen to the full conversation. Selected Reading Iranian Cyberthreats Test US Infrastructure Defenses (BankInfo Security) CISA tells federal agencies to patch Citrix NetScaler bug by Thursday (The Record) Dutch Ministry of Finance takes treasury systems offline amid cyber incident investigation (Security Affairs) After 16 years and $8 billion, the military's new GPS software still doesn't work (Ars Technica) Exploitation of Critical Fortinet FortiClient EMS Flaw Begins (SecurityWeek) Lloyds IT Glitch Exposed Data of Nearly 500,000 Banking Customers (Infosecurity Magazine) SANS Research: The Cybersecurity Talent Shortage Narrative Is Wrong. The Real Crisis Is Skills, and AI Just Rewrote the List. (Yahoo Finance) FTC Takes Action Against Match and OkCupid for Deceiving Users by Sharing Personal Data with Third Party (FTC) Business Briefing (N2K Pro)  An AI Agent Was Banned From Creating Wikipedia Articles, Then Wrote Angry Blogs About Being Banned (404 Media) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of CISO Perspectives. In the season finale of CISOP, Kim Jones is joined by N2K's own Ethan Cook to reflect on the conversations that shaped this season. Together, they revisit standout moments from Kim's interviews, unpacking their significance and getting Ethan's fresh perspective on the cybersecurity workforce challenge—as someone viewing the industry from the outside. Since the mid-season reflection, Kim has explored a wide range of workforce issues, including skills mapping, talent identification, and the evolving strategies needed to close cybersecurity's talent gap. Learn more about your ad choices. Visit megaphone.fm/adchoices

Iran-linked hackers claim a breach of the FBI director's personal email. ShinyHunters hit the European Commission. F5 and Citrix warn of actively exploited flaws. A WordPress plugin exposes hundreds of thousands of sites. Infinity Stealer targets macOS users. A Russian APT adopts a new iOS exploit kit. Treasury weighs a cyber insurance backstop. DHS clears suspended CISA staff. Our guest is Brian Long, CEO and Co-Founder of Adaptive Security, discussing deepfake job hires and the new identity attack surface. Bureaucrats bless a black-box behemoth. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest We will be sharing a series of interviews we held at RSAC 2026 over the next few weeks. Today, Dave Bittner is joined by Brian Long, CEO and Co-Founder of Adaptive Security, discussing deepfake job hires and the new identity attack surface. AI-generated identities are turning the hiring process into a new entry point for attackers. The solution isn't spotting perfect fakes — it's building stronger identity verification into hiring. Tune into the full conversation here. Selected Reading Iran-linked hackers breach FBI director's personal email, publish photos and documents European Commission confirms data breach after Europa.eu hack Hackers now exploit critical F5 BIG-IP flaw in attacks, patch now Critical Citrix NetScaler Vulnerability Exploited in the Wild - Infosecurity Magazine File read flaw in Smart Slider plugin impacts 500K WordPress sites New Infinity Stealer malware grabs macOS data via ClickFix lures Russian APT Star Blizzard Adopts DarkSword iOS Exploit Kit - SecurityWeek US Treasury Weighs Cyber Insurance Backstop - GovInfoSecurity DHS drops investigation into former acting CISA chief's failed polygraph exam - Nextgov/FCW Federal Cyber Experts Thought Microsoft's Cloud Was “a Pile of Shit.” They Approved It Anyway Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of Career Notes. David Nosibor, Product Lead for SafeCyber at UL Solutions, started his career in a unique way by not letting himself be pigeonholed. Within his company, David was able to grow to the position he is in now and says that his position feels like a lot of roles tied into one. He says that on any given day he is tackling all sorts of elements, such as marketing, operations, working with the engineering team, figuring out ways to acquire customers, retain them, and also working on sales and business development capabilities. He also says that constantly learning and getting new opportunities was how he ended up being where he is today. David states that staying focused and being on the lookout for ways to accomplish the mission is the best way for him in his company to democratize product security. He quotes the famous singer Sean Carter in saying that he firmly believes in taking calculated risks to get where you need to be going. We thank David for sharing his story. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this special edition of CyberWire Daily's 10th anniversary series, N2K CyberWire's Maria Varmazis and Dave Bittner discuss the biggest breaches over the past 10 years. The foundational 2014 Sony hack kicks off our conversation, then Maria and Dave highlight: the 2015 OPM breach, which exposed sensitive security-clearance data and was attributed to long-term access by China amid outdated government systems and security 2017's WannaCry and NotPetya's global disruption and Equifax's ongoing fallout the 2020 SolarWinds breach underscored supply-chain risks and raised concerns about potential personal criminal liability for CISOs. The conversation illustrates two main threat-actor categories—nation-state espionage and financially motivated criminals—and the increasingly blurred lines between them. Join us as we reflect on how the industry and cybercrime have evolved over the past decade. Learn more about your ad choices. Visit megaphone.fm/adchoices

Omer Ninburg, CTO of Novee Security, joins us on this episode of Research Saturday to discuss their work on "From PDF to Pwn: Scalable 0day Discovery in PDF Engines and Services Using Multi-Agent LLMs." Historically, Portable Document Formats – the immutable, localized PDF – was once considered a “safe” component inside enterprise environments. That is no longer the case. To demonstrate how PDF services and engines can be exploited, the team at Novee used their proprietary, multi-agent LLM system to uncover vulnerability patterns, and systematically scale them into a broad discovery campaign across two PDF vendor ecosystems. The research uncovered 16 verified vulnerabilities across client-side PDF viewers, embedded plugins, and server-side PDF services. The research and executive brief can be found here: ⁠From PDF to Pwn: Scalable 0day Discovery in PDF Engines and Services Using Multi-Agent LLMs Hacker-Trained AI Discovers 16 New 0-Day Vulnerabilities in PDF Engines Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA warns of actively exploited Langflow vulnerability. CISA flags critical PTC Windchill vulnerability. Phishing activity surges amid war in Iran. Google moves up their post-quantum timeline. Alleged RedLine infostealer developer faces thirty years in a US prison. Bearlyfy hacktivists launch disruptive ransomware campaign in Russia. FCC moves to crack down on robocallers and foreign call centers. Anti-piracy group takes down AnimePlay streaming platform. N2K's  Maria Varmazis and Dave Bittner are previewing the biggest breaches in the past 10 years. And what happens when hackers call the game? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Daily at 10: The breaches we still talk about.   This installment celebrating 10 years of the CyberWire Daily podcast finds N2K's  Maria Varmazis and Dave Bittner previewing the biggest breaches in the past 10 years. You can tune in Sunday to your CyberWire Daily podcast feed to hear their full conversation. Selected Reading CISA: New Langflow flaw actively exploited to hijack AI workflows (Bleeping Computer)  CISA Flags Critical PTC Vulnerability That Had German Police Mobilized (SecurityWeek) War in the Middle East Triggers Surge in Phishing and Malware Campaigns Targeting Gulf Countries (Bitdefender) Google moves post-quantum encryption timeline up to 2029 (CyberScoop) Alleged RedLine malware developer extradited to US, faces up to 30 years (The Record) Pro-Ukraine hacker group Bearlyfy targets Russian companies with custom ransomware (The Record) FCC pushes new rules to crack down on robocallers, foreign call centers (CyberScoop) Anti-piracy coalition takes down AnimePlay app with 5 million users (Bleeping Computer)  AFC Ajax drops ball as hackers transfer tickets, lift bans (The Register) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

As the emphasis on improving cybersecurity has continued to grow, so has the number of vendors offering a range of cybersecurity services. However, despite the value many of these vendors bring, the relationship between vendors and clients has become strained. In this episode, Kim explores this relationship, offering his thoughts on this relationship and what both sides can do to better to improve this dynamic. Want more CISO Perspectives? Check out a companion ⁠⁠blog post⁠⁠ by our very own Ethan Cook, where he breaks down key insights, shares behind-the-scenes context, and highlights research that complements this episode. It's the perfect follow-up if you're curious about the cyber talent crunch and how we can reshape the ecosystem for future professionals. Learn more about your ad choices. Visit megaphone.fm/adchoices

RSAC wraps. CISA warns shutdown furloughs are weakening cyber defenses. China-linked actors burrow into global telecom infrastructure. Iran's Pay2Key resurfaces. India probes suspected Pakistan-linked CCTV spying. Florida suspends a firm over offshore medical data exposure. Cisco patches fresh flaws. Russian police arrest the alleged LeakBase operator. Intern Kevin files his latest man-on-the street report. Google gets grabby with your homepage.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest aka Intern Kevin Intern Kevin is back from the floor at RSAC 2026. By day, he's Global Director of Cybersecurity Startups at Microsoft for Startups, but this week, Kevin Magee is trolling the floor at RSAC to get the pulse of what is really happening in and around the Moscone Center. Kevin chats with Ann Johnson, Corporate Vice President and Executive Security Advisor at Microsoft, David Shipley, Chief Executive Officer and Field CISO at Beauceron Security , and Dr. Jessica Barker and FC, Co-Founders and Co-CEOs at Cygenta. Selected Reading RSAC Cryptographers' Panel Highlights AI Defense Challenges (GovInfo Security) Only Trump can decide when cyberwar turns into real war (The Register) Jen Easterly, cybersecurity's 'relentless optimist' (The Register) CISA Forced Into 'Reactive' Cyber Posture Amid Shutdown (GovInfo Security) Chinese Hackers Caught Deep Within Telecom Backbone Infrastructure (SecurityWeek) Iran-Linked Pay2Key Ransomware Group Re-Emerges (Infosecurity Magazine) Indian government probes CCTV espionage operation linked to Pakistan (The Register) Florida Suspends Firm for Unlawfully Offshoring Claims Data (GovInfo Security) Cisco Patches Multiple Vulnerabilities in IOS Software (SecurityWeek) Russia arrests suspected owner of LeakBase cybercrime forum (Bleeping Computer) Google Just Patented The End Of Your Website (Forbes) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.  Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The UK's cyber security chief urges a “full court press” against threats. RSAC highlights. The U.S. State Department has launched a Bureau of Emerging Threats. The TeamPCP cybercriminal group targets an open source library. TP-Link patches multiple router vulnerabilities. A critical vulnerability hits Windchill and FlexPLM platforms. A phishing campaign impersonates Palo Alto Networks recruiters. Malicious Chrome extensions are harvesting users' conversations with AI tools. Intern Kevin files his latest report from the RSAC show floor. Your “private” zoom call may already have a podcast deal.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest aka Intern Kevin Intern Kevin joins us from the floor at RSAC 2026. By day, he's Global Director of Cybersecurity Startups at Microsoft for Startups, but this week, Kevin Magee is trolling the floor at RSAC to get the pulse of what is really going on in San Francisco. Kevin caught up with Dale Hoak, CISO at RegScale, David DellaPelle, CEO at Dune Security, and Jason Williams, Senior Director Global Solutions Architecture at Arms Cyber.  Selected Reading UK cyber chief urges ‘full court press' to counter rising cyber threats (The Record) Operation Henhouse Nets Over 500 Arrests in UK Fraud Crackdown (Infosecurity Magazine) State Department launches effort to counter cyberattacks, AI risks from Iran, others (ABC News) LiteLLM PyPI packages compromised in expanding TeamPCP supply chain attacks (Help Net Security) TP-Link warns users to patch critical router auth bypass flaw (Bleeping Computer) PTC warns of imminent threat from critical Windchill, FlexPLM RCE bug (Bleeping Computer) Palo Alto Networks Phishing Scam Targets Professionals (TechNadu) Experts Sound Alarm Over “Prompt Poaching” Browser Extensions (Infosecurity Magazine) This Company Is Secretly Turning Your Zoom Meetings into AI Podcasts (404 Media) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.   Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

RSAC spotlights public-private partnership gaps. DarkSword leaks to GitHub. The FCC blocks new foreign-made routers. Citrix patches a critical NetScaler flaw. DOE rolls out an energy-sector cyber strategy. CanisterWorm spreads through npm. Researchers flag suspected KACE SMA exploitation. QualDerm reports a 3.1-million-record breach. A Russian access broker gets 81 months. Intern Kevin checks in from RSAC. Maria Varmazis speaks with Jake Braun, longtime DEF CON organizer and former White House official about the DEF CON 33 Hackers' Almanack. Slow down, you vibe too fast.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Maria Varmazis speaks with today's guest Jake Braun, longtime DEF CON organizer, former White House official, and lead on DEF CON Franklin, about the DEF CON 33 Hackers' Almanack. You can read more about it here. Selected Reading Public-private partnerships vital in disrupting China's Typhoons, says RSA panel with no government speakers (The Register) Someone has publicly leaked an exploit kit that can hack millions of iPhones (TechCrunch) US bans any new consumer-grade routers not made in America (The Register) Critical Citrix NetScaler Vulnerability Poised for Exploitation, Security Firms Warn (SecurityWeek) DOE Sets 5-Year Plan to Harden US Grid Against Cyberattacks (GovInfo Security) New CanisterWorm Targets Kubernetes Clusters, Deploys “Kamikaze” Wiper (Hackread) CVE-2025-32975 (Arctic Wolf) 3.1 Million Impacted by QualDerm Data Breach (SecurityWeek) Russian hacker who helped Yanluowang ransomware gang gets nearly 7-year prison sentence (The Record) This Web Tool Sabotages AI Chatbots By Making Them Really, Really Slow (404 Media) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Despite being adopted and prioritized by many organizations, cybersecurity still faces a significant challenge where leaders still cannot articulate their needs, and find and develop talent. Rather, organizations oftentimes follow the same strategy many others are utilizing, which involves poaching talent with enticing salaries. In this episode of CISO Perspectives, host ⁠Kim Jones⁠ sits down with Ed Vasko, the CEO at High Wire Networks, to discuss this approach and the impacts it is having on the cyber talent ecosystem. Throughout the conversation, Ed and Kim discuss their experience when assessing talent and some of the mistakes made by the industry, and what can be done to begin correcting this approach. Want more CISO Perspectives? Check out a companion ⁠⁠blog post⁠⁠ by our very own Ethan Cook, where he breaks down key insights, shares behind-the-scenes context, and highlights research that complements this episode. It's the perfect follow-up if you're curious about the cyber talent crunch and how we can reshape the ecosystem for future professionals. Learn more about your ad choices. Visit megaphone.fm/adchoices

The White House rolls out its AI legislative framework. The FBI warns Iranian actors are using Telegram for command and control, while Russian operators phish Signal users. Authorities dismantle a massive fake CSAM network, Tycoon 2FA rebounds after disruption, VoidStealer debuts a stealthy Chrome key-theft trick, QNAP patches Pwn2Own flaws, and CISA orders urgent fixes for a critical Cisco firewall bug. Plus, our Monday business breakdown. Brandon Karpf and Maria Varmazis ponder the practicality of orbital data centers. One radio to rule the range.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, N2K CyberWire's Dave BIttner and Maria Varmazis are joined by Brandon Karpf to discuss the practicality of orbital data centers. Selected Reading President Donald J. Trump Unveils National AI Legislative Framework (The White House) FBI warns of Handala hackers using Telegram in malware attacks (Bleeping Computer) Russian hackers target Signal users in phishing campaign, FBI and CISA warn (Cybernews) Police Shut Down 373,000 Dark Web Sites in Single-Operator CSAM Network (Hackread) Tycoon 2FA Fully Operational Despite Law Enforcement Takedown (SecurityWeek) VoidStealer Steals Chrome Secrets Without Injection or Privilege Escalation (GB Hackers) QNAP Patches Four Vulnerabilities Exploited at Pwn2Own (SecurityWeek) CISA Orders US Government to Patch Maximum Severity Cisco Flaw (Infosecurity Magazine) Surf AI has emerged from stealth with $57 million in funding led by Accel. (N2K Pro Business Briefing) Military ‘Smartphone': Comms, Jammer, Drone Control And More In One (Forbes) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.  Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this special edition of CyberWire Daily's 10th anniversary series, Maria Varmazis hosts a thoughtful and engaging conversation with N2K CyberWire CEO Peter Kilpe and CyberWire Daily host Dave Bittner, exploring the origin story of the podcast that started it all. From early ambitions to behind-the-scenes turning points, they trace how the show found its voice and evolved from a startup experiment into a trusted cornerstone of the cybersecurity community. Along the way, they share candid anecdotes, hard-earned lessons, and reflections on how both the industry and CyberWire Daily have transformed over the past decade. Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of Career Notes. Roya Gordon, a Security Research Evangelist at ICS cybersecurity firm Nozomi Networks, started her career as an intelligence specialist in the U.S. Navy. After her time serving, Roya spent time as a Control Systems Cybersecurity Analyst at the Idaho National Laboratory and then took the role of Cyber Threat Intelligence Manager at Accenture. She shares her story after the NSA accepted her and then quickly diverted, creating a new path for Roya to follow. She shares the jobs she went after along the way, leading up to Nozomi Networks and how she wishes to be a trailblazer for young black women everywhere. She hopes to shape young women's minds on what the cybersecurity industry is actually like, in hopes that she can be a figure people look up to. We thank Roya for sharing her story. Learn more about your ad choices. Visit megaphone.fm/adchoices

Yuval Avrahami from Wiz joins to share their work on "CodeBreach: Infiltrating the AWS Console Supply Chain and Hijacking AWS GitHub Repositories via CodeBuild." Wiz Research uncovered “CodeBreach,” a critical supply chain vulnerability caused by a subtle misconfiguration in AWS CodeBuild pipelines that allowed attackers to take over key GitHub repositories, including the widely used AWS JavaScript SDK that powers the AWS Console. By exploiting an unanchored regex filter, unauthenticated attackers could trigger privileged builds, steal credentials, and potentially inject malicious code into software used across a majority of cloud environments. AWS has since remediated the issue and introduced stronger safeguards, but the incident highlights a growing trend of attackers targeting CI/CD pipelines where small misconfigurations can lead to massive downstream impact. The research can be found here: CodeBreach: Infiltrating the AWS Console Supply Chain and Hijacking AWS GitHub Repositories via CodeBuild Learn more about your ad choices. Visit megaphone.fm/adchoices

Feds take down major IoT botnets. The FBI seizes hacktivist infrastructure. A data breach hits Kaplan, while a hacker claims access to millions of law enforcement tips. Fake Zoom calls deliver malware. A crypto “security” tool turns out to be spyware. A critical AI framework flaw gets exploited in hours. An insider extortion case ends in conviction. And a streaming scam pulls in over $10 million. A look back at ten years of Cyberwire podcasts. Intern Kevin gets ready for RSAC. A cyberattack leaves breathalyzers offline.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Celebrating CyberWire Daily Maria Varmazis leads a conversation with Peter Kilpe and Dave Bittner reflecting on the origins of the CyberWire Daily podcast as part of the 10th anniversary series, sharing behind-the-scenes insights and how it all got started. CyberWire Guest Today we are joined by Intern Kevin—also known as Kevin Magee—as he gets ready for RSA Conference 2026 next week. Selected Reading Feds disrupt IoT botnets behind record-breaking DDoS attacks (The Register) FBI seizes Handala data leak site after Stryker cyberattack (Bleeping Computer) Kaplan North America Reports Data Breach Impacting Nearly 195,000 Individuals (Beyond Machines) Hacker says they compromised millions of confidential police tips held by US company (Reuters) Fake interactive Zoom call leads to malicious ScreenConnect download | news (SC Media) Crypto Scam "ShieldGuard" Dismantled After Malware Discovery (Infosecurity Magazine) Hackers Exploit Critical Langflow Bug in Just 20 Hours (Infosecurity Magazine) Ex-data analyst stole company data in $2.5M extortion scheme (Bleeping Computer) Musician admits to $10M streaming royalty fraud using AI bots (Bleeping Computer) Cyberattack leaves Maine drivers with breathalyzer test systems unable to start vehicles (WGME) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Even as cybersecurity has grown and become universially accepted, the field has continued to struggle when attempting to assess and aquire talent. Oftentimes, there is a disconnect between what organizations need and what they interview for leading vague job postings and ineffective hirings. In this episode of CISO Perspectives, host ⁠Kim Jones⁠ sits down with Jeff Welgan, the Chief Strategist and CEO at SkillRex, to discuss how we assess talent. Throughout the conversation, Jeff and Kim will discuss the problems associated with traditional workforce management and how modernizing this approach can provide a strategic advantage. Want more CISO Perspectives? Check out a companion ⁠⁠blog post⁠⁠ by our very own Ethan Cook, where he breaks down key insights, shares behind-the-scenes context, and highlights research that complements this episode. It's the perfect follow-up if you're curious about the cyber talent crunch and how we can reshape the ecosystem for future professionals. Learn more about your ad choices. Visit megaphone.fm/adchoices

DarkSword targets iPhones for indiscriminate exploitation. Cybercrime and the Iran war. The FBI confirms purchasing commercially available location data. The DHS secretary nominee gets grilled on CISA funding. A Zimbra Collaboration Suite vulnerability is being used in targeted espionage. A new Android malware targets sensitive data stored in user notes. AWS warns of ongoing Interlock ransomware activity. Tracking pixels grab more than they should. Perry Carpenter and Mason Amadeus from The FAIK Files podcast speak with Hany Farid about the real-world harms of synthetic media. Do Boomers balance breaches better?  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Perry Carpenter and Mason Amadeus, hosts of The FAIK Files podcast, speaking with Hany Farid about the real-world harms of synthetic media. Last week, the FAIK Files team sat down with Hany Farid -- digital forensics expert, professor at UC Berkeley, and co-founder of Get Real Security ( getrealsecurity.com ) -- to discuss deepfakes, authenticity metadata (C2PA), and forensic deepfake detection approaches. And here's a link to the youtube video:  https://www.youtube.com/watch?v=RSpmRb2O7Xc Selected Reading Hundreds of Millions of iPhones Can Be Hacked With a New Tool Found in the Wild (WIRED) Cybercrime has skyrocketed 245% since the start of the Iran war (The Register) CISA official says agency has not seen uptick in cyber threats amid Iran war (The Record) FBI is buying data that can be used to track people, Patel says (POLITICO) DHS nominee Mullin pressed on restoring CISA staffing (The Record) CISA Adds Exploited Zimbra Collaboration Suite Flaw to Warning List (GB Hackers) Russian hackers exploit Zimbra flaw to breach Ukrainian maritime agency (The Record) New ‘Perseus' Android malware checks user notes for secrets (Bleeping Computer) AWS Warns Hackers Have Abused Cisco Firewall Zero-Day Since January (Infosecurity Magazine) The Collection of Commercial Intelligence: TikTok & Meta Ad Pixels (Jscrambler) Forget Millennials: why those over 65 are the real cyber security pros (The Senior) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Iran's cyber ops stay resilient. U.S. lawmakers press Big Tech on EU rules. Researchers expose a Fancy Bear server. Japan moves toward offensive cyber. CISA calls for cross-agency teamwork. New malware targets network infrastructure. AI fooled by font-based attacks. Schneider Electric warns of critical flaws. Quantum cryptography earns top honors. Guest Bradon Rogers, Chief Customer Officer at Island, discusses making AI browsers safe for enterprises. Smart glasses on the witness stand. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, guest Bradon Rogers, Chief Customer Officer at Island, discusses making AI browsers safe for enterprises. You can dig into the details of what Bradon discussed in Gartner's “Cybersecurity Must Block AI Browsers for Now.” You can hear the full interview here. Selected Reading U.S Strikes Killed Iranian Cyber Chiefs, But The Hacks Continued (Forbes) US committee demands Big Tech share private comms with EU officials (POLITICO) FancyBear Exposed: Major OPSEC Blunder Inside Russian Espionage Ops (Ctrl-Alt-Intel) Japan to allow ‘proactive cyber-defense' from October 1st (The Register) CISA official advises agencies not to get too hung up on who takes lead in critical infrastructure sectors (CyberScoop) New Malware Highlights Increased Systematic Targeting of Network Infrastructure (Eclypsium) Poisoned Typeface: How Simple Font Rendering Poisons Every AI Assistant, And Only Microsoft Cares (LayerX) Schneider Electric Patches Critical RCE Vulnerability in SCADAPack RTUs (Beyond Machines) Turing Award Goes to Inventors of Quantum Cryptography (The New York Times) Witness Caught Using Smartglasses in Court Blames it all on ChatGPT (404 Media) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.   Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The EU imposes sanctions after cyberattacks. DHS boosts surveillance spending. AI firms recruit weapons-risk experts. Stryker disruption, no patient impact. LeakNet leans on ClickFix. Sears chatbot data spills. A Chinese security firm leaks a private key. Tech giants team up on scams. Teens sue xAI over alleged AI-generated abuse. On today's Threat Vector segment, David Moulton and guest Erica L. Shoemate, founder of The EN Strategy Group, explore how AI is fundamentally reshaping the security landscape. Cyber crooks cause a complimentary curbside convenience.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector What if the choices we make about AI security today determine who holds power tomorrow? On this Threat Vector segment, David Moulton and guest Erica L. Shoemate, founder of The EN Strategy Group, explore how AI is fundamentally reshaping the security landscape, from compressed decision-making timelines and asymmetric threat capabilities to the erosion of trust that creates strategic vulnerabilities. You can listen to David and Erica's full conversation here and catch new episodes of Threat Vector from Palo Alto Networks each Thursday on your favorite podcast app. Selected Reading EU Sanctions Iranian and Chinese Firms for Cyberattacks Against European Networks (TechNadu) DHS-built surveillance apparatus to surge in year ahead, documents show (FedScoop) AI firm Anthropic seeks weapons expert to stop users from 'misuse' (BBC) Stryker attack wiped tens of thousands of devices, no malware needed (Bleeping Computer) LeakNet ransomware uses ClickFix and Deno runtime for stealthy attacks (Bleeping Computer) Sears Exposed AI Chatbot Phone Calls and Text Chats to Anyone on the Web (WIRED) China's biggest cybersecurity firm accidentally leaked an SSL key in a public installer (Neowin) Google has signed the Industry Accord Against Online Scams and Fraud. (Google) Teenage girls sue Musk's xAI, accusing Grok tool of creating child sexual abuse material (The Guardian) Free parking in Russia after Distributed Denial-of-Service attack knocks city's parking system offline (Bitdefender) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this mid-season episode, Kim takes a step back to reflect on the journey so far—revisiting key conversations, standout moments, and recurring themes that have shaped the season. During the episode, Kim sits down with N2K's own Ethan Cook to connect the dots across episodes, uncovering deeper patterns and takeaways. Whether you're catching up or tuning in weekly, this episode offers a thoughtful recap and fresh perspective on where we've been—and what's still to come. Learn more about your ad choices. Visit megaphone.fm/adchoices

Drone strikes hit a key chip supply chain. China-linked hackers target Southeast Asian militaries. Attackers race ahead with AI. ShinyHunters claim a massive Telus breach. Microsoft issues a hotpatch. Malware turns up on Steam. Fileless attacks grow. Airline miles become cybercrime currency. Monday business breakdown. Tim Starks from CyberScoop unpacks the Stryker attack and the nebulous nature of Iranian cyber activity. AI playmates puzzle preschoolers.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Tim Starks from CyberScoop discussing how the Stryker attack highlights the nebulous nature of Iranian cyber activity amid joint U.S.-Israel conflict. You can read more in Tim's article here.  Selected Reading Drone strikes halt a third of the world's helium supply, threatening chip production (TechSpot) China-Linked Hackers Hit Asian Militaries in Patient Espionage Operation (SecurityWeek) Attackers are exploiting AI faster than defenders can keep up, new report warns (CyberScoop) Telus Digital confirms breach after hacker claims 1 petabyte data theft (Bleeping Computer) Microsoft releases Windows 11 OOB hotpatch to fix RRAS RCE flaw (Bleeping Computer) The FBI is investigating malware hidden inside games hosted on Steam (TechCrunch) New XWorm 7.1 and Remcos RAT Attacks Abuse Windows Tools to Evade Detection (Hackread) Airline miles become underground currency in loyalty fraud schemes | brief (SC Media) Kevin Mandia-founded Armadin launches with $190 million. (N2K Pro Business Briefing) AI toys for young children need tighter rules, researchers warn (BBC News) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.   Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of Career Notes. Christian Lees, CTO at Resecurity, shares his story and insight on coming into the cybersecurity world. He considers himself a late bloomer because he did not go to college until he was 23. He wasn't sure of what he wanted to do, and a family friend gave him a computer and the rest was history, he says. He fell in love with computers and started working at different companies trying to get ahead. He says it's not always textbook, and sometimes you just need to cut your teeth on something to get where you're going. Throughout his journey, he was constantly questioning whether he made the right decision, and in the end he says you have to be willing to "define friction points in it, you may join security field, not knowing what you're gonna do, but by being that curious person and breaking things and putting it back together, you'll find the right way and just never stop being curious." We thank Christian for sharing his story. Learn more about your ad choices. Visit megaphone.fm/adchoices

This week, we are joined by Or Eshed, Co-Founder and CEO from LayerX Security, discussing their work on "How We Discovered A Campaign of 16 Malicious Extensions Built to Steal ChatGPT Accounts." Researchers uncovered a coordinated campaign of 16 malicious browser extensions posing as ChatGPT productivity tools while secretly stealing user accounts. The extensions intercept ChatGPT session authentication tokens and send them to attacker-controlled servers, allowing threat actors to impersonate users and access their conversations, files, and connected services like Google Drive or Slack. The findings highlight how AI-focused browser extensions are creating a new attack surface, emphasizing the need for organizations to closely monitor and restrict third-party AI tools. The research can be found here: ⁠⁠⁠How We Discovered A Campaign of 16 Malicious Extensions Built to Steal ChatGPT Accounts Learn more about your ad choices. Visit megaphone.fm/adchoices

Europol dismantles the SocksEscort proxy service. Cyber operations highlight imbalance in the war in Iran. Google rushes Chrome zero-day patches. Veeam fixes critical backup flaws. A former incident responder faces ransomware charges. Thomson Reuters staff push back on an ICE contract. Attackers abuse backup tools for data theft. CISA flags a critical n8n vulnerability. Maria Varmazis is joined by Jack R. Bialik, engineer and author, to discuss the hidden risks of a fully-digital society, and talk about his book "In Lost in Time: Our Forgotten and Vanishing Knowledge." A Phony photo fuels a phantom flight fiasco. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest N2K CyberWire's Maria Varmazis is joined by Jack R. Bialik, engineer and author, to discuss the hidden risks of a fully-digital society, and talk about his book "In Lost in Time: Our Forgotten and Vanishing Knowledge." Selected Reading Europol and international partners disrupt ‘SocksEscort' proxy service - Joint operation targeted malicious proxy service exploiting residential routers worldwide (Europol) War in Iran – asymmetry in cyberspace (IISS) Google fixes two new Chrome zero-days exploited in attacks (Bleeping Computer)  Veeam warns of critical flaws exposing backup servers to RCE attacks (Bleeping Computer) Former Employee of Cybersecurity Companies Charged in ALPHV (BlackCat) Ransomware Extortion Case (TechNadu) They Don't Want Their Company's Surveillance Tool Used by ICE (The New York Times) Data Exfiltration and Threat Actor Infrastructure Exposed (Huntress) CISA adds n8n RCE flaw to list of known exploited vulnerabilities (SC Media) Cyber National Mission Force to get new commander amid broader leadership turnover (The Record) AI Used to Promote Non-Existent Evacuation Flights From the Middle East (Bellingcat) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.  Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Show Notes: As cybersecurity has matured, the field has become more formalized within businesses with CISOs leading the way. However, despite the value of the CISO and its widespread adoption, the role has continued to lose agency with other board members. In this episode of CISO Perspectives, host ⁠Kim Jones⁠ sits down with Patty Ryan, the CISO at QuidelOrtho, to assess the value of the role. Throughout the conversation, Patty and Kim will discuss the challenges facing CISOs, why the role has lost its agency, and what can be done to reverse the current trajectory. Want more CISO Perspectives?: Check out a companion ⁠⁠blog post⁠⁠ by our very own Ethan Cook, where he breaks down key insights, shares behind-the-scenes context, and highlights research that complements this episode. It's the perfect follow-up if you're curious about the cyber talent crunch and how we can reshape the ecosystem for future professionals. Learn more about your ad choices. Visit megaphone.fm/adchoices

Iran threatens tech firms as hackers strike Stryker. The EU advances efforts toward digital sovereignty. A foreign hacker stumbles upon the FBI's Epstein files. DOGE used ChatGPT to cull humanities grants. Meta claims increased efforts against scams. A Wisconsin ambulance provider discloses a data breach. CISA shortens the patch deadline for a critical SolarWinds vulnerability. We preview this year's RSAC 2026 Innovation Sandbox with Cecilia Marinier and Paul Kocher. Dangerous digital diets miss the mark.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, we share a RSAC 2026 Conference innovation preview with Cecilia Marinier and Innovation Sandbox judge Paul Kocher talking about this year's Top 10 Finalists. Selected Reading Iran-linked hackers claim responsibility for attack on US medical device maker Stryker (Reuters) 'Legitimate targets': Iran issues warning to US tech firms including Google, Amazon, Microsoft, Nvidia (The Times of India) Iranian trolls are flooding social media with pro-Tehran, anti-war propaganda (MS Now) Commission announces €75 million EURO-3C Project to build a federated Telco-Edge-Cloud infrastructure for digital sovereignty (European Commission) Hacker broke into FBI and compromised Epstein files, report says (TechCrunch) When DOGE Unleashed ChatGPT on the Humanities (The New York Times) Meta says it culled millions of scam ads amid accusations that it profits from them (The Record) Bell Ambulance Ransomware Attack Impacts Over 237,000 Individuals (Beyond Machines) CISA Mandates Emergency Patching for SolarWinds Web Help Desk Vulnerabilities (Beyond Machines) AI Chatbots Are Giving Teens Absolutely Terrible Diet Advice, Study Warns (Gizmodo) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo is joined by Greg Schlomer and Vlad Honyanyy to discuss new research on Jasper Sleet, a North Korean–aligned threat actor incorporating AI into active operations.  The conversation examines how AI is being integrated across the attack lifecycle — from highly tailored phishing lures and fabricated job applicant personas to accelerating malware development and refining operational workflows. Rather than treating AI as a novelty, Jasper Sleet is using it to increase speed, scale, and adaptability while reducing many of the friction points that once slowed campaigns.  They also explore what this shift means for defenders. As AI compresses iteration cycles and lowers barriers to entry, traditional attribution signals evolve, influence operations become more convincing, and defensive teams must tighten the loop between intelligence, detection, and response. This is less about experimentation and more about the operationalization of AI as part of modern tradecraft.  In this episode you'll learn:       How AI is changing the speed at which cyber operations evolve  Why jailbreaking AI models is often trivial for motivated adversaries   The strategic implications of AI leveling the playing field between threat actors  Some questions we ask:      Is there resistance among experienced malware authors to adopting AI?  Are we seeing fully AI-written malware in the wild?  What stands out about Jasper Sleet's use of AI?    Resources:   View Greg Schloemer on LinkedIn   View Sherrod DeGrippo on LinkedIn     Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks      Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Get the latest threat intelligence insights and guidance at Microsoft Security Insider    The Microsoft Threat Intelligence Podcast is produced by Microsoft, Hangar Studios and distributed as part of N2K media network.  Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo is joined by Greg Schlomer and Vlad H. to discuss new research on Jasper Sleet, a North Korean–aligned threat actor incorporating AI into active operations.  The conversation examines how AI is being integrated across the attack lifecycle — from highly tailored phishing lures and fabricated job applicant personas to accelerating malware development and refining operational workflows. Rather than treating AI as a novelty, Jasper Sleet is using it to increase speed, scale, and adaptability while reducing many of the friction points that once slowed campaigns.  They also explore what this shift means for defenders. As AI compresses iteration cycles and lowers barriers to entry, traditional attribution signals evolve, influence operations become more convincing, and defensive teams must tighten the loop between intelligence, detection, and response. This is less about experimentation and more about the operationalization of AI as part of modern tradecraft.  In this episode you'll learn:       How AI is changing the speed at which cyber operations evolve  Why jailbreaking AI models is often trivial for motivated adversaries   The strategic implications of AI leveling the playing field between threat actors  Some questions we ask:      Is there resistance among experienced malware authors to adopting AI?  Are we seeing fully AI-written malware in the wild?  What stands out about Jasper Sleet's use of AI?    Resources:   View Greg Schloemer on LinkedIn   View Sherrod DeGrippo on LinkedIn     Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks      Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Get the latest threat intelligence insights and guidance at Microsoft Security Insider    The Microsoft Threat Intelligence Podcast is produced by Microsoft, Hangar Studios and distributed as part of N2K media network.  Learn more about your ad choices. Visit megaphone.fm/adchoices

Rudd takes the helm at NSA and Cyber Command. A watchdog probes alleged Social Security data mishandling. Patch Tuesday lands. Governments brace for cyber fallout from Iran. BeatBanker spreads via a fake Starlink app. InstallFix targets developers. ZombieZIP hides malware in archives. And DHS reassigns CBP officials in a FOIA secrecy dispute. Ben Yelin unpacks Anthropic's lawsuit against the Pentagon. AI eyewear leads to awkward exposures. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest today is Ben Yelin from University of Maryland Center for Cyber Health and Hazard Strategies and Caveat cohost talking about Anthropic suing the Pentagon. You can read more on the topic here.  Selected Reading Senate approves Joshua Rudd as dual-hat leader of Cyber Command, NSA (POLITICO) Whistleblower claims ex-DOGE member says he took Social Security data to new job (Washington Post) Microsoft Patches 83 Vulnerabilities (SecurityWeek) Adobe Patches 80 Vulnerabilities Across Eight Products (SecurityWeek) Fortinet, Ivanti, Intel Patch High-Severity Vulnerabilities (SecurityWeek) ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Schneider, Moxa, Mitsubishi Electric (SecurityWeek) Iran war will bring wave of 'low-level cyber activity,' says intelligence group (StateScoop) New BeatBanker Android malware poses as Starlink app to hijack devices (Bleeping Computer) Fake Claude Code install guides push infostealers in InstallFix attacks (Bleeping Computer) New 'Zombie ZIP' technique lets malware slip past security tools (Bleeping Computer) DHS Ousts CBP Privacy Officers Who Questioned ‘Illegal' Orders (WIRED) Meta sued over AI smart glasses' privacy concerns, after workers reviewed nudity, sex, and other footage (TechCrunch) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Russian hackers target Signal and WhatsApp. Permit scammers impersonate local officials. Anthropic sues over a Pentagon blacklist. The White House moves to restore fraud victims. ShinyHunters target Salesforce data. Ericsson reports a breach. macOS users face ClickFix malware. AWS credentials are phished. And CISA warns of an exploited Ivanti flaw. Our guest is Brian Baskin, Threat Researcher at Sublime Security, discussing tax season employee impersonation scams. Who fact-checks the fact-checkers?  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest today is Brian Baskin, Threat Researcher at Sublime Security, discussing how tax season employee impersonation scams are conducted and what to look out for as we prepare our returns. Selected Reading Russia targets Signal and WhatsApp accounts in cyber campaign (AIVD) FBI warns of phishing attacks impersonating US city, county officials (Bleeping Computer) Anthropic sues Trump administration over Pentagon blacklist (CNBC) White House floats Victims Restoration Program for millions affected by cyber fraud (The Record) CybercrimeHundreds of Salesforce Customers Allegedly Targeted in New Data Theft Campaign (SecurityWeek) Ericsson US discloses data breach after service provider hack (Bleeping Computer) Fake CleanMyMac Site Uses ClickFix Trick to Install SHub Stealer on macOS (Hackread) Behind the console: Active phishing campaign targeting AWS console credentials (Datadog Security Labs) CISA: Recently patched Ivanti EPM flaw now actively exploited (Bleeping Computer) AI fake-news detectors may look accurate but fail in real use, study finds (Tech Xplore) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.  Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Show Notes: Cybersecurity has continued to grow and mature as a field over the past decade which has given rise to numerous degree pathways across dozens of collegiate institutions; however, the value of these degrees has continued to be a topic of debate. In this episode of CISO Perspectives, host ⁠Kim Jones⁠ sits down with Dr. Lara Ferry, the Vice President of Research at Arizona State University, to explore higher education's role in cyber. Throughout the conversation, Lara and Kim will discuss the challenges facing degree programs, the disconnects between organizations and institutions, and how the gap can be better addressed. Want more CISO Perspectives?: Check out a companion ⁠⁠blog post⁠⁠ by our very own Ethan Cook, where he breaks down key insights, shares behind-the-scenes context, and highlights research that complements this episode. It's the perfect follow-up if you're curious about the cyber talent crunch and how we can reshape the ecosystem for future professionals. Learn more about your ad choices. Visit megaphone.fm/adchoices

Israel claims a strike on Iran's cyber warfare headquarters. The Trump administration releases a new national cyber strategy.  DHS shakes up its IT and cybersecurity leadership. Velvet Tempest uses ClickFix to drop loaders and RATs. Researchers uncover a Linux cryptocurrency clipboard hijacker. The DOJ brings a Ghanaian romance scammer to justice. Online advertising enables government tracking. Monday business breakdown. Our guest is Jon France, CISO from ISC2, sharing some insights and findings from their 2025 ISC2 Cybersecurity Workforce Study. An Apple II app gets audited by AI.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Joining us today is Jon France, CISO from ISC2, sharing some insights and findings from their 2025 ISC2 Cybersecurity Workforce Study. For further detail, you can also check out ISC2's just released Women in Cybersecurity report. Selected Reading Iranian cyber warfare HQ allegedly hit by Israel | brief (SC Media) Iran internet blackout reaches 6th day as rights groups call for end to digital shutdown (The Record) The long-awaited Trump cyber strategy has arrived (CyberScoop) DHS CISO, deputy CISO exit amid reported IT leadership overhaul (FedScoop) Termite ransomware breaches linked to ClickFix CastleRAT attacks (Bleeping Computer) ClipXDaemon: Autonomous X11 Clipboard Hijacker Delivered Via Bincrypter-Based Loader (Cyble) Ghanaian Pleads Guilty to Role in $100m Romance Scam (Infosecurity Magazine) The Government Uses Targeted Advertising to Track Your Location. Here's What We Need to Do. (Electronic Frontier Foundation) Zurich Insurance Group intends to acquire UK cyber insurer Beazley for approximately $11 billion. (N2K Pro Business Briefing) Microsoft Azure CTO says Claude found vulns in Apple II code (The Register) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.   Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this special Reporter's Notebook, Maria Varmazis⁠⁠⁠⁠, host here at N2K CyberWire, takes listeners behind the scenes of our three-part series on Cyber Coalition 2025 in Tallinn, Estonia. After exploring real-time incident response, cross-border coordination, and the broader stakes of collective cyber defense, this episode offers a more personal, behind-the-scenes look at how the reporting came together. Hosted by the NATO Cooperative Cyber Defense Centre of Excellence, the exercise brought together allied military, government, and industry teams inside NATO's secure cyber range. Here, Maria reflects on moments that didn't make the final cut — the atmosphere inside the facilities, the pace of covering a live exercise, and the small, human details that added texture to the larger story. If you haven't yet, be sure to listen to all three episodes of the series to hear the full story from the ground at Cyber Coalition 2025. Episode one can be found ⁠⁠here⁠⁠. Episode two can be found ⁠here⁠.  Episode three can be found ⁠⁠here⁠⁠.  Learn more about your ad choices. Visit megaphone.fm/adchoices