Podcasts about cisa

Creepy chatbots, Fortinet, CISA, Agentic AI, FIDO, EDR, Aaran Leyland, and More on this episode of the Security Weekly News. Show Notes: https://securityweekly.com/swn-503

Creepy chatbots, Fortinet, CISA, Agentic AI, FIDO, EDR, Aaran Leyland, and More on this episode of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-503

CISA's Emergency Directive to ALL Federal agencies re: SharePoint. NVIDIA firmly says "no" to any embedded chip gimmicks. Dashlane is terminating its (totally unusable) free tier. Malicious repository libraries are becoming even more hostile. The best web filter (uBlock Origin) comes to Safari. The very popular SonicWall firewall is being compromised. >100 models of Dell Latitude and Precision laptops are in danger. The significant challenge of patching SharePoint (for example). A quick look at my DNS Benchmark progress. Does InControl prevent an important update. An venerable Sci-Fi franchise may be getting a great new series. What to do about the problem of AI "website sucking" Show Notes - https://www.grc.com/sn/SN-1038-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: zscaler.com/security canary.tools/twit - use code: TWIT uscloud.com go.acronis.com/twit

On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news, including: CISA warns about the path from on-prem Exchange to the cloud Microsoft awards a crisp zero dollar bill for a report about what a mess its internal Entra-authed apps are Everyone and their dog seems to have a shell in US Federal Court information systems Google pays $250k for a Chrome sandbox escape Attackers use javascript in adult SVG files to … farm facebook likes?! SonicWall says users aren't getting hacked with an 0day… this time. This week's episode is sponsored by SpecterOps. Chief product officer Justin Kohler talks about how the flagship Bloodhound tool has evolved to map attack paths anywhere. Bring your own applications, directories and systems into the graph, and join the identity attacks together. This episode is also available on Youtube. Show notes CISA, Microsoft issue alerts on ‘high-severity' Exchange vulnerability | The Record from Recorded Future News Advanced Active Directory to Entra ID lateral movement techniques Consent & Compromise: Abusing Entra OAuth for Fun and Access to Internal Microsoft Applications Cartels may be able to target witnesses after major court hack Federal judiciary tightens digital security as it deals with ‘escalated cyberattacks' | The Record from Recorded Future News Citrix NetScaler flaws lead to critical infrastructure breaches | Cybersecurity Dive DARPA touts value of AI-powered vulnerability detection as it announces competition winners | Cybersecurity Dive Buttercup is now open-source! HTTP/1.1 must die: the desync endgame US confirms takedown of BlackSuit ransomware gang that racked up $370 million in ransoms | The Record from Recorded Future News North Korean cyber-espionage group ScarCruft adds ransomware in recent attack | The Record from Recorded Future News Adult sites are stashing exploit code inside racy .svg files - Ars Technica Google pays 250k for Chromium sandbox escape SonicWall says recent attack wave involved previously disclosed flaw, not zero-day | Cybersecurity Dive Two groups exploit WinRAR flaws in separate cyber-espionage campaigns | The Record from Recorded Future News Tornado Cash cofounder dodges money laundering conviction, found guilty of lesser charge | The Record from Recorded Future News Hackers Hijacked Google's Gemini AI With a Poisoned Calendar Invite to Take Over a Smart Home | WIRED Malware in Open VSX: These Vibes Are Off How attackers are using Active Directory Federation Services to phish with legit office.com links Introducing our guide to phishing detection evasion techniques The State of Attack Path Management

CISA's Emergency Directive to ALL Federal agencies re: SharePoint. NVIDIA firmly says "no" to any embedded chip gimmicks. Dashlane is terminating its (totally unusable) free tier. Malicious repository libraries are becoming even more hostile. The best web filter (uBlock Origin) comes to Safari. The very popular SonicWall firewall is being compromised. >100 models of Dell Latitude and Precision laptops are in danger. The significant challenge of patching SharePoint (for example). A quick look at my DNS Benchmark progress. Does InControl prevent an important update. An venerable Sci-Fi franchise may be getting a great new series. What to do about the problem of AI "website sucking" Show Notes - https://www.grc.com/sn/SN-1038-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: zscaler.com/security canary.tools/twit - use code: TWIT uscloud.com go.acronis.com/twit

CISA's Emergency Directive to ALL Federal agencies re: SharePoint. NVIDIA firmly says "no" to any embedded chip gimmicks. Dashlane is terminating its (totally unusable) free tier. Malicious repository libraries are becoming even more hostile. The best web filter (uBlock Origin) comes to Safari. The very popular SonicWall firewall is being compromised. >100 models of Dell Latitude and Precision laptops are in danger. The significant challenge of patching SharePoint (for example). A quick look at my DNS Benchmark progress. Does InControl prevent an important update. An venerable Sci-Fi franchise may be getting a great new series. What to do about the problem of AI "website sucking" Show Notes - https://www.grc.com/sn/SN-1038-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: zscaler.com/security canary.tools/twit - use code: TWIT uscloud.com go.acronis.com/twit

CISA's Emergency Directive to ALL Federal agencies re: SharePoint. NVIDIA firmly says "no" to any embedded chip gimmicks. Dashlane is terminating its (totally unusable) free tier. Malicious repository libraries are becoming even more hostile. The best web filter (uBlock Origin) comes to Safari. The very popular SonicWall firewall is being compromised. >100 models of Dell Latitude and Precision laptops are in danger. The significant challenge of patching SharePoint (for example). A quick look at my DNS Benchmark progress. Does InControl prevent an important update. An venerable Sci-Fi franchise may be getting a great new series. What to do about the problem of AI "website sucking" Show Notes - https://www.grc.com/sn/SN-1038-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: zscaler.com/security canary.tools/twit - use code: TWIT uscloud.com go.acronis.com/twit

CISA's Emergency Directive to ALL Federal agencies re: SharePoint. NVIDIA firmly says "no" to any embedded chip gimmicks. Dashlane is terminating its (totally unusable) free tier. Malicious repository libraries are becoming even more hostile. The best web filter (uBlock Origin) comes to Safari. The very popular SonicWall firewall is being compromised. >100 models of Dell Latitude and Precision laptops are in danger. The significant challenge of patching SharePoint (for example). A quick look at my DNS Benchmark progress. Does InControl prevent an important update. An venerable Sci-Fi franchise may be getting a great new series. What to do about the problem of AI "website sucking" Show Notes - https://www.grc.com/sn/SN-1038-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: zscaler.com/security canary.tools/twit - use code: TWIT uscloud.com go.acronis.com/twit

CISA's Emergency Directive to ALL Federal agencies re: SharePoint. NVIDIA firmly says "no" to any embedded chip gimmicks. Dashlane is terminating its (totally unusable) free tier. Malicious repository libraries are becoming even more hostile. The best web filter (uBlock Origin) comes to Safari. The very popular SonicWall firewall is being compromised. >100 models of Dell Latitude and Precision laptops are in danger. The significant challenge of patching SharePoint (for example). A quick look at my DNS Benchmark progress. Does InControl prevent an important update. An venerable Sci-Fi franchise may be getting a great new series. What to do about the problem of AI "website sucking" Show Notes - https://www.grc.com/sn/SN-1038-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: zscaler.com/security canary.tools/twit - use code: TWIT uscloud.com go.acronis.com/twit

CISA's Emergency Directive to ALL Federal agencies re: SharePoint. NVIDIA firmly says "no" to any embedded chip gimmicks. Dashlane is terminating its (totally unusable) free tier. Malicious repository libraries are becoming even more hostile. The best web filter (uBlock Origin) comes to Safari. The very popular SonicWall firewall is being compromised. >100 models of Dell Latitude and Precision laptops are in danger. The significant challenge of patching SharePoint (for example). A quick look at my DNS Benchmark progress. Does InControl prevent an important update. An venerable Sci-Fi franchise may be getting a great new series. What to do about the problem of AI "website sucking" Show Notes - https://www.grc.com/sn/SN-1038-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: zscaler.com/security canary.tools/twit - use code: TWIT uscloud.com go.acronis.com/twit

CISA issues an Emergency Directive to urgently patch a critical vulnerability in Microsoft Exchange hybrid configurations. SoupDealer malware proves highly evasive. Google patches a Gemini calendar flaw. A North Korean espionage group pivots to financial crime. Russia's RomCom exploits a WinRAR zero-day. Researchers turn Linux-based webcams into persistent threats. The Franklin Project enlists volunteer hackers to strengthen cybersecurity at U.S. water utilities. DoD announces the winner of DARPA's two-year AI Cyber Challenge. The U.S. extradites Ghanaian nationals for their roles in a massive fraud ring. Our guest is Steve Deitz, President of MANTECH's Federal Civilian Sector, with a look at cell-based Security Operations Centers (SOC). AI advice turns dinner into a medical mystery. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today's Industry Voices, we are joined by Steve Deitz, President of MANTECH's Federal Civilian Sector, as he is  discussing  the cell-based Security Operations Center (SOC) approach. Check out the full conversation from Steve here. Selected Reading Understanding and Mitigating CVE-2025-53786: A Critical Microsoft Exchange Vulnerability (The DefendOps Diaries) CISA Issues Urgent Advisory to Address Microsoft Exchange Flaw (GB Hackers) SoupDealer Malware Evades Sandboxes, AVs, and EDR/XDR in Real-World Attacks (GB Hackers) Google Calendar invites let researchers hijack Gemini to leak user data (Bleeping Computer) North Korean Group ScarCruft Expands From Spying to Ransomware Attacks (Hackread) Russian Hackers Exploited WinRAR Zero-Day in Attacks on Europe, Canada (SecurityWeek) BadCam: New BadUSB Attack Turns Linux Webcams Into Persistent Threats (SecurityWeek) DEF CON hackers plug security holes in US water systems (The Register) DARPA announces $4 million winner of AI code review competition at DEF CON (The Record) 'Chairmen' of $100 million scam operation extradited to US (Bleeping Computer) Guy Gives Himself 19th Century Psychiatric Illness After Consulting With ChatGPT (404 Media)  Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.At Black Hat USA in Las Vegas, three security researchers demonstrated how Google's Gemini AI could be hijacked to take control of smart home devices using a novel form of indirect prompt injection.Two separate security teams - NeuralTrust and SPLX - have conducted red teaming evaluations of the newly released GPT-5, and both report serious deficiencies in the model's security posture.Another Black Hat story, security researchers Milenko Starcik and Andrzej Olchawa from VisionSpace Technologies presented a compelling case that hacking satellites is not only more cost-effective than deploying anti-satellite missiles, but alarmingly easy due to widespread software vulnerabilities.Our final Black Hat story, Cisco Talos researchers disclosed five critical vulnerabilities in Broadcom's BCM5820X series chips, used in Dell's ControlVault3 secure enclave hardware.CISA and FEMA have jointly announced over $100 million in cybersecurity grant funding for the 2025 fiscal year, targeting state, local, and tribal governments.Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform.This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io.

Researchers uncover multiple vulnerabilities in a popular open-source secrets manager. Software bugs threaten satellite safety. Columbia University confirms a cyberattack. Researchers uncover malicious NPM packages posing as WhatsApp development tools.A new EDR killer tool is being used by multiple ransomware gangs. Home Improvement stores integrate AI license plate readers into their parking lots. The U.S. federal judiciary announces new cybersecurity measures after cyberattacks compromised its case management system. CISA officials reaffirm their commitment to the CVE Program. Our guest is David Wiseman, Vice President of Secure Communications at BlackBerry, discussing the challenges of secure communications. AI watermarking breaks under spectral pressure. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by David Wiseman, Vice President of Secure Communications at BlackBerry, who is discussing the challenges and misconceptions around secure communications. Selected Reading HashiCorp Vault 0-Day Flaws Enable Remote Code Execution Attacks (GB Hackers) Yamcs v5.8.6 Vulnerability Assessment (VisionSpace) Columbia University says hacker stole SSNs and other data of nearly 900,000 (The Record) Fake WhatsApp developer libraries hide destructive data-wiping code (Bleeping Computer) New EDR killer tool used by eight different ransomware groups (Bleeping Computer) Home Depot and Lowe's Share Data From Hundreds of AI Cameras With Cops (404 Media) US Federal Judiciary Tightens Security Following Escalated Cyber-Attacks (Infosecurity Magazine) CISA pledges to continue backing CVE Program after April funding fiasco  (The Record) CISA Issues 10 ICS Advisories Detailing Vulnerabilities and Exploits (GB Hackers) AI Watermark Remover Defeats Top Techniques  (IEEE Spectrum) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Federal agencies told to patch a new Exchange flaw, millions of sites are vulnerable to HTTP desync attacks, Trend Micro patches a zero-day, and the Salesforce data breaches continue. Show notes Risky Bulletin: CISA tells federal agencies to mitigate on-prem-to-cloud Exchange attack

Two Chinese nationals are arrested for allegedly exporting sensitive Nvidia AI chips. A critical security flaw has been discovered in Microsoft's new NLWeb protocol. Vulnerabilities in Dell laptop firmware could let attackers bypass Windows logins and install malware. Trend Micro warns of an actively exploited remote code execution flaw in its endpoint security platform. Google confirms a data breach involving one of its Salesforce databases. A lack of MFA leaves a Canadian city on the hook for ransomware recovery costs. Nvidia's CSO denies the need for backdoors or kill switches in the company's GPUs. CISA flags multiple critical vulnerabilities in Tigo Energy's Cloud Connect Advanced (CCA) platform. DHS grants funding cuts off the MS-ISAC. Helicopter parenting officially hits the footwear aisle. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Sarah Powazek from UC Berkeley's Center for Long-Term Cybersecurity (CLTC) discussing her proposed nationwide roadmap to scale cyber defense for community organizations. Black Hat Women on the street Live from Black Hat USA 2025, it's a special “Women on the Street” segment with Halcyon's Cynthia Kaiser, SVP Ransomware Research Center, and CISO Stacey Cameron. Hear what's happening on the ground and what's top of mind in cybersecurity this year. Selected Reading Two Arrested in the US for Illegally Exporting Microchips Used in AI Applications to China (TechNadu) Microsoft's plan to fix the web with AI has already hit an embarrassing security flaw  (The Verge) ReVault flaws let hackers bypass Windows login on Dell laptops (Bleeping Computer) Trend Micro warns of Apex One zero-day exploited in attacks (Bleeping Computer) Google says hackers stole its customers' data in a breach of its Salesforce database (TechCrunch) Hamilton taxpayers on the hook for full $18.3M cyberattack repair bill after insurance claim denied (CP24) Nvidia rejects US demand for backdoors in AI chips (The Verge) Critical vulnerabilities reported in Tigo Energy Cloud connect advanced solar management platform (Beyond Machines) New state, local cyber grant rules prohibit spending on MS-ISAC (StateScoop) Skechers skewered for adding secret Apple AirTag compartment to kids' sneakers — have we reached peak obsessive parenting? (NY Post) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.More than 90 state and local government organizations have been targeted in a recent wave of cyberattacks exploiting a vulnerability in Microsoft SharePoint, according to the Center for Internet Security (CIS).Traditional cyber attack methodologies - exploiting endpoints, moving laterally, escalating privileges - are increasingly outdated as enterprise IT shifts toward SaaS and browser-based access.The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2023-2533 - a high-severity Cross-Site Request Forgery (CSRF) vulnerability in PaperCut NG/MF print management software - to its Known Exploited Vulnerabilities (KEV) catalog.Researchers at Nozomi Networks have disclosed over a dozen security flaws in Tridium's Niagara Framework, a vendor-agnostic building management platform used in sectors ranging from industrial automation to energy and smart infrastructure.Between April 2024 and April 2025, ransomware attacks on the oil and gas industry increased by an unprecedented 935%, according to new research from cybersecurity firm Zscaler.Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform.This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io.

This episode covers three critical cybersecurity developments affecting healthcare organizations. First, FBI warnings about Scattered Spider ransomware group targeting employees through Slack and Microsoft Teams, including their alarming tactic of creating fake identities to join incident response calls and monitor remediation efforts. Second, leaked chat logs from the Conti ransomware group reveal these criminal organizations operate like structured tech startups with HR policies, management layers, and performance reviews - highlighting the sophisticated nature of modern cyber threats. Finally, CrowdStrike intelligence reveals over 900 North Korean operatives have quietly embedded themselves in US companies using deepfakes and fake identities, wiring paychecks back to the regime. The episode also mentions CISA's new free Thorium tool for malware analysis and forensic investigations.X: This Week Health LinkedIn: This Week Health Donate: Alex's Lemonade Stand: Foundation for Childhood Cancer

Struggling with CISA Domain 3? You're not alone. This episode breaks down the complex world of Information Systems Acquisition, Development, and Implementation—so you can master it with ease.From SDLC fundamentals to audit roles in implementation, we simplify every essential concept you need for the CISA exam and IT audit excellence. Perfect for first-time candidates or pros brushing up on governance and controls.

Tisíce ChatGPT konverzací byly veřejně indexovány Googlem. Jak k tomu došlo a co to znamená pro bezpečnost firem i jednotlivců?V této epizodě se podíváme i na to, jak se dá zneužít Raspberry Pi v síti bankomatu, proč kyberpodvody v Česku lámou rekordy, a jaké nové open-source nástroje uvádí CISA a Proton.A pozor – Ministerstvo pro místní rozvoj spouští vůbec první státní bug bounty program.

A critical vulnerability in SUSE [SOO-suh] Manager allows attackers to run commands with root privilege. A joint CISA and U.S. Coast Guard threat hunt at a critical infrastructure site reveals serious cybersecurity issues. Healthcare providers across the U.S. report recent data breaches. Cybercriminals infiltrate a bank by physically planting a Raspberry Pi on a network switch. Russian state-backed hackers target Moscow diplomats to deploy ApolloShadow malware. Luxembourg investigates a major telecom outage tied to Huawei equipment. China's cyberspace regulator summons Nvidia over alleged security risks linked to its H20 AI chips. A new report examines early indicators of system compromise. Today we are joined by Ryan Whelan, Managing Director and Global Head of Accenture Cyber Intelligence, with their analysis of Scattered Spider. Pwn2Own puts a million dollar bounty on WhatsApp zero-clicks. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire GuestOur guest today is Ryan Whelan, Managing Director and Global Head of Accenture Cyber Intelligence, discussing the possibilities of Scattered Spider. Selected Reading Critical flaw in SUSE Manager exposes enterprise deployments to compromise (Beyond Machines) CISA identifies OT configuration flaws during cyber threat hunt at critical infrastructure organization, lists cyber hygiene (Industrial Cyber) CISA Issues ICS Advisories for Rockwell Automation Using VMware, and Güralp Seismic Monitoring Systems (Cyber Security News) Florida Internal Medicine Practices Discloses November 2024 Data Breach (HIPAA Journal) Cybercrooks use Raspberry Pi to steal ATM cash (The Register) Russian Cyberspies Target Foreign Embassies in Moscow via AitM Attacks: Microsoft (SecurityWeek) Luxembourg probes reported attack on Huawei tech that caused nationwide telecoms outage (The Record) Nvidia summoned by China's cyberspace watchdog over risks in H20 chips (CGTN) Hackers Regularly Exploit Vulnerabilities Before Public Disclosure (Infosecurity Magazine) Pwn2Own hacking contest pays $1 million for WhatsApp exploit (Bleeping Computer) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Scattered Spider Related Domain Names A quick demo of our domain feeds and how they can be used to find Scattered Spider related domains https://isc.sans.edu/diary/Scattered+Spider+Related+Domain+Names/32162 Excel External Workbook Links to Blocked File Types Will Be Disabled by Default Excel will discontinue allowing links to dangerous file types starting as early as October. https://support.microsoft.com/en-us/topic/external-workbook-links-to-blocked-file-types-will-be-disabled-by-default-6dd12903-0592-463d-9e68-0741cf62ee58 CISA Releases Thorium CISA announced that it released its malware analysis platform, Thorium, as open-source software. https://www.cisa.gov/news-events/alerts/2025/07/31/thorium-platform-public-availability

In this episode, the host Jim Love discusses the increasing sophistication of supply chain attacks, starting with an account of a blockchain developer who lost $500,000 due to a malicious extension in a popular AI-powered coding tool. The episode also covers a significant cyber emergency in St. Paul, Minnesota, which required National Guard support, and the City's struggle to comprehend the full scope of the hack. Additionally, the US Cybersecurity and Infrastructure Security Agency (CISA) has released a new eviction strategies tool to help cybersecurity teams remove persistent threats. The episode concludes with an update on the Ingram Micro breach, where the Safe Pay ransomware gang has threatened to leak 35 terabytes of stolen data. Listeners are encouraged to focus on preventative measures even when ransomware attacks do not involve encryption. 00:00 Introduction and Headlines 00:25 The $500,000 Crypto Heist 01:26 Supply Chain Attack on Open VSX 04:50 Lessons from the Attack 06:16 Oyster Backdoor Threat 07:54 Cyber Attack on St. Paul 09:09 CISA's New Eviction Strategies Tool 10:43 Ingram Micro Data Breach Update 12:18 Conclusion and Contact Information

In this conversation, Dr. Chase Cunningham, also known as Dr. Zero Trust, discusses significant developments in cybersecurity, including Palo Alto's $25 billion acquisition of CyberArk, the implications of rising AI threats, and the ongoing challenges posed by data breaches and ransomware. He emphasizes the need for a more robust cybersecurity framework, particularly in light of recent trends in fraud and the consolidation of the cybersecurity industry. The discussion also touches on the political influences affecting cybersecurity education and the importance of adopting Zero Trust principles.TakeawaysPalo Alto's acquisition of CyberArk is a significant move in the cybersecurity landscape.The consolidation of cybersecurity firms raises concerns about market competition.Data breaches linked to Shiny Hunters highlight vulnerabilities in CRM systems.AI is increasingly being used in sophisticated cyberattacks.The AI fraud crisis is already impacting various sectors, including government programs.Political influences are affecting hiring practices in cybersecurity education.CISA's new guidance on Zero Trust emphasizes the importance of microsegmentation.Ransomware attacks are evolving, with a notable increase in targeting the oil and gas sector.The volume of data stolen in ransomware attacks is on the rise.Cybersecurity requires continuous adaptation to emerging threats and technologies.

Ameet Dhillon explains why the BIOS layer is the next cybersecurity frontier at GTIA ChannelCon “You protect the OS and application layer—why not protect the BIOS that launches them?” — Ameet Dhillon, FirmGuard by Phoenix At GTIA ChannelCon 2025, Ameet Dhillon of FirmGuard joined Doug Green, Publisher of Technology Reseller News, to introduce a vital but often overlooked part of the MSP security stack: remote BIOS management. FirmGuard, a solution by Phoenix Technologies, allows MSPs to remotely update, configure, and monitor BIOS firmware across mixed hardware environments—Dell, HP, Lenovo, and more. “Most MSPs know BIOS is critical,” Dhillon explained, “but they lack an efficient, cross-manufacturer way to manage it.” As endpoint protection at the OS and application levels improves, attackers have begun targeting the firmware layer below the operating system. Agencies like CISA have issued warnings that BIOS vulnerabilities are an emerging threat vector—and FirmGuard is built to fill that gap. With FirmGuard, MSPs gain immediate visibility into BIOS vulnerabilities, outdated firmware, and legacy-mode systems that may need replacement. The platform operates fully remotely, eliminating truck rolls and improving technician efficiency. At just $1.50 per endpoint per month, FirmGuard's pricing makes it easy for MSPs to add to their security offering while preserving margin. “We're not just a monitoring tool,” Dhillon emphasized. “We give MSPs actionable insight—and the ability to act.” To learn more or request access to the MSP program, visit firmguard.com.

If you like what you hear, please subscribe, leave us a review and tell a friend!

A sweeping malware campaign by North Korea's Lazarus Group targets open source ecosystems. President Trump announces a new electronic health records system. A new report reveals deep ties between Chinese state-sponsored hackers and Chinese tech companies. Researchers describe a new prompt injection threat targeting LLMs via browser extensions. Palo Alto Networks' Unit 42 proposes a new Attribution Framework. Honeywell patches six vulnerabilities in its Experion Process Knowledge System. Researchers track the rapid evolution of a sophisticated Android banking trojan. Scattered Spider goes quiet following recent arrests. Our guests are Jermaine Roebuck and Ann Galchutt from CISA, discussing "Open-Source Eviction Strategies Tool for Cyber Incident Response." A Polish trainmaker sues hackers for fixing trains. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Jermaine Roebuck, Associate Director for Threat Hunting at CISA and Ann Galchutt, Technical Lead at CISA, who will be discussing "Open-Source Eviction Strategies Tool for Cyber Incident Response." Selected Reading Sonatype uncovers global espionage campaign in open source ecosystems (Sonatype) Trump administration is launching a new private health tracking system with Big Tech's help (AP News) Report Links Chinese Companies to Tools Used by State-Sponsored Hackers (SecurityWeek) Top 5 GenAI Tools Vulnerable to Man-in-the-Prompt Attack, Billions Could Be Affected (LayerX) Introducing Unit 42's Attribution Framework (Unit42) Honeywell Experion PKS Flaws Allow Manipulation of Industrial Processes (SecurityWeek) Behind Random Words: DoubleTrouble Mobile Banking Trojan Revealed Cybercriminals ‘Spooked' After Scattered Spider Arrests (Infosecurity Magazine) Polish Train Maker Is Suing the Hackers Who Exposed Its Anti-Repair Tricks (iFixit) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Officials in St. Paul, Minnesota declare a state of emergency following a cyberattack. Hackers disrupt a major French telecom. A power outage causes widespread service disruptions for cloud provider Linode. Researchers reveal a critical authentication bypass flaw in an AI-driven app development platform. A new study shows AI training data is chock full of PII. Fallout continues for the Tea dating safety app. Hackers are actively exploiting a critical SAP NetWeaver vulnerability to deploy malware. CISA and the FBI update their Scattered Spider advisory. A Florida prison exposes personal information of visitors to all of its inmates. Our guest today is Keith Mularski, Chief Global Ambassador at Qintel, retired FBI Special Agent, and co-host of Only Malware in the Building. CISA and Senator Wyden come to terms —mostly— over the long-buried US Telecommunications Insecurity Report.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest today is Keith Mularski, Chief Global Ambassador at Qintel, retired FBI Special Agent, and co-host of Only Malware in the Building discussing what it's like to be the new host on the N2K CyberWire network and giving a glimpse into some upcoming episodes. You can catch Keith and his co-hosts Selena Larson, Staff Threat Researcher and Lead, Intelligence Analysis and Strategy at Proofpoint, and our own Dave Bittner the first Tuesday of each month on your favorite podcast app with new episodes of Only Malware. Selected Reading Major cyberattack hits St. Paul, shuts down many services (Star Tribune) French telecom giant Orange discloses cyberattack (Bleeping Computer) Power Outage at Newark Data Center Disrupts Linode, Took LWN Offline (FOSS Force) Critical authentication bypass flaw reported in AI coding platform Base44 (Beyond Machines) A major AI training data set contains millions of examples of personal data (MIT Technology Review) Dating safety app Tea suspends messaging after hack (BBC) Hackers exploit SAP NetWeaver bug to deploy Linux Auto-Color malware (Bleeping Computer) CISA and FBI Release Tactics, Techniques, and Procedures of the Scattered Spider Hacker Group (gb hackers) Florida prison data breach exposes visitors' contact information to inmates (Florida Phoenix) CISA to release long-buried US telco security report (The Register) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The Cybersecurity and Infrastructure Security Agency is out with some new guidance on how agencies can adopt zero trust security architectures. CISA's latest guide focuses on a security concept called micro segmentation. It's considered critical to containing hackers and malware before they wreak havoc across networks and steal sensitive data. For more, Federal News Network's Justin Doubleday spoke with Shelley Hartsook, an Acting Associate Director in CISA cybersecurity division.See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

Things get worse in the Tea dating app breach. CISA adds three vulnerabilities to its Known Exploited Vulnerabilities catalog. Researchers uncover a critical flaw in Google's AI coding assistant. A Missouri Health System agrees to a $9.25 million settlement over claims it used web tracking tools. “Sploitlight” could let attackers bypass Apple's TCC framework to steal sensitive data. Malware squeaks its way into a mouse configuration tool. Threat actors hide the Oyster backdoor in popular IT tools. The FBI nabs over $2.4 million in Bitcoin from the Chaos ransomware gang. Our guest is Jaeson Schultz, Technical Leader for Cisco Talos Security Intelligence & Research Group, to talk about their work on the security of PDF files.  The unintended privacy paradox of data brokers. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Jaeson Schultz, Technical Leader for Cisco Talos Security Intelligence & Research Group, to talk about their work on "PDFs: Portable documents, or perfect deliveries for phish?" Selected Reading A Second Tea Breach Reveals Users' DMs About Abortions and Cheating (404 Media) CISA warns of active exploitation of critical PaperCut flaw, mandates immediate patching (Beyond Machines) CISA Warns of Exploited Critical Vulnerabilities in Cisco Identity Services Engine (Infosecurity Magazine) Researchers flag flaw in Google's AI coding assistant that allowed for ‘silent' code exfiltration (CyberScoop) Health System Settles Web Tracker Lawsuit for Up to $9.25M (GovInfo Security) Microsoft: macOS Sploitlight flaw leaks Apple Intelligence data (Bleeping Computer) Endgame Gear mouse config tool infected users with malware (Bleeping Computer) Oyster Backdoor Disguised as PuTTY and KeyPass Targets IT Admins via SEO Poisoning (GB Hackers) FBI Seizes $2.4m in Crypto from Chaos Ransomware Gang (Infosecurity Magazine) Hundreds of registered data brokers ignore user requests around personal data (CyberScoop) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of Word Notes. A condition announced by the US Cybersecurity and Infrastructure Security Agency (CISA) to draw attention to a temporary period of high alert, associated with expectation of a connected wave of cyberattacks prompted by either a widespread vulnerability or an unusually active and capable threat actor. CyberWire Glossary link: ⁠⁠https://thecyberwire.com/glossary/shields-up⁠⁠ Audio reference link: “⁠⁠Star Trek II Wrath of Khan - Reliant vs Enterprise; First Clash⁠⁠” YouTube, YouTube, 11 Apr. 2015,  

NASCAR announces data breach following March cyberattack Plankey appears to be on track to lead CISA Microsoft investigates another outage affecting 365 admin center Huge thanks to our sponsor, Dropzone AI Today's sponsor is Dropzone AI, the leader in AI-powered SOC automation. Major companies like Zapier and UiPath are using Dropzone to give their security teams superpowers. Imagine your analysts focusing on real threats while AI handles every routine investigation—in minutes, not hours. If you're heading to BlackHat, stop by their booth in Startup City. But you don't have to wait—check out their self-guided demo at dropzone.ai and see why Fortune 500s are making the switch. Find the stories behind the headlines at CISOseries.com.

International law enforcement arrest the suspected operator of a major Russian dark web cybercrime forum. DHS is said to be among the agencies hit by the Microsoft SharePoint zero-day. The Fire Ant cyberespionage group targets global enterprise infrastructure. A Steam game is compromised to distribute info-stealing malware. Mitel Networks issues security patches for MiVoice MX-ONE communications platform. CISA nominee Sean Plankey faces tough questions at his Senate confirmation hearing. A malicious prompt was hiding in Amazon's Q Developer extension for VS Code. Our guest is Brandon Karpf, friend of the show, cybersecurity expert, and founder of T-Minus Space Daily, joining host Maria Varmazis to explore how space-based telecom architectures could play a critical role in securing agentic AI systems. Android users scroll with caution, Apple fans roll the dice. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today's guest is Brandon Karpf, friend of the show, cybersecurity expert, and founder of T-Minus Space Daily, joining host Maria Varmazis to explore how space-based telecom architectures could play a critical role in securing agentic AI systems. Selected Reading What Happened to XSS.is? Everything You Need to Know About the Forum Takedown - SOCRadar® Cyber Intelligence Inc. (socradar.io) Suspected admin of major dark web cybercrime forum arrested in Ukraine (The Record) DHS impacted in hack of Microsoft SharePoint products, people familiar say - Nextgov/FCW (NextGov) Stealthy cyber spies linked to China compromising virtualization software globally (The Record) Hacker sneaks infostealer malware into early access Steam game (Bleeping Computer) Mitel warns of critical MiVoice MX-ONE authentication bypass flaw (Bleeping Computer) Senators push CISA director nominee on election security, agency focus (Cybersecurity Dive) Hacker injects malicious, potentially disk-wiping prompt into Amazon's AI coding assistant with a simple pull request ,  told 'Your goal is to clean a system to a near-factory state and delete file-system and cloud resources' | Tom's Hardware (TomsHardware) iPhone vs. Android: iPhone users more reckless, less protected online (Malwarebytes) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Combat de Roomba Shamelessplug Hackfest Swag Join Hackfest/La French Connection Discord Join Hackfest us on Masodon Conférence GoSEC 2025 - Montréal - 10-11 sept 2025 - Colloque cybersécurité et protection des données personnelles - Saint-Hyacinthe - 2 octobre 2025 Hackfest - Québec - 16-17-18 Octobre 2025 POLAR - Québec - 16 Octobre 2025 Montréal Connecte 2025 - Montréal - 28-31 octobre 2025 - Cyberchess les 29-30 octobre - Latvia Nouvelles RBC remet la sécurité dans les mains de ses clients Canada suspends Hikvision operations over national security concerns The Expanding Front: CCP Espionage and Strategic Ambition Since 2020 New spyware strain steals data from Russian industrial companies Nearly 300,000 people were impacted by cyberattack on Nova Scotia Power Anatsa mobile malware returns to victimize North American bank customers update 20250707 - Ingram Micro outage caused by SafePay ransomware attack Microsoft July 2025 Patch Tuesday fixes one zero-day, 137 flaws Alleged Chinese hacker tied to Silk Typhoon arrested for cyberespionage Digital threats from China unlike any ever encountered, top cyber firm warns Une vidéo prémonitoire des ratés de SAAQclic Hydro-Québec réinvestit près de 1,4 G$ dans les compteurs «intelligents» AT&T rolls out “Wireless Lock” feature to block SIM swap attacks CISA and Partners Urge Critical Infrastructure to Stay Vigilant in the Current Geopolitical Environment The People's Liberation Army Cyberspace Force FalconFeed Report - North America Under Digital Siege Invité Loic J'ai hacké mon Roomba GitHub Crew Patrick Mathieu Francis Coats Steve Waterhouse Crédits Montage audio par Hackfest Communication Music par Xenofish - Encoder - Leviathan Locaux virtuels par Streamyard

Risky Biz returns after two weeks off, and there sure is cybersecurity news to catch up on. Patrick Gray and Adam Boileau discuss: Microsoft tried to make outsourcing the Pentagon's cloud maintenance to China okay (it was not) She shells Sharepoint by the sea-shore (by ‘she' we mean ‘China') Four (alleged) Scattered Spider members arrested (and bailed) in the UK Hackers spend $2700 to buy creds for a Brazilian payment system, steal $100M Fortinet has SQLI in the auth header, Citrix mem leak is weaponised, HP hardcodes creds and Sonicwalls get user-moderootkits. Just security vendor things! This week's episode is sponsored by Airlock Digital. CEO David Cottingham talks through what it takes to build a mature, resilient management platform for a security critical system. This episode is also available on Youtube. Show notes Update on DOD's cloud services Microsoft to stop using engineers in China for tech support of US military, Hegseth orders review A Little-Known Microsoft Program Could Expose the Defense Department to Chinese Hackers While DOD policy bans unauthorized apps like TikTok from being on employees phones over national security risks Microsoft Fix Targets Attacks on SharePoint Zero-Day – Krebs on Security National Guard was hacked by China's 'Salt Typhoon' group, DHS says Suspected contractor for China's Hafnium group arrested in in Italy | Cybersecurity Dive Singapore accuses Chinese state-backed hackers of attacking critical infrastructure networks | The Record from Recorded Future News UK Arrests Four in ‘Scattered Spider' Ransom Group – Krebs on Security Four people bailed after arrests over cyber attacks on M&S, Co-op and Harrods Brazilian police arrest IT worker over $100 million cyber theft | The Record from Recorded Future News At Least 750 US Hospitals Faced Disruptions During Last Year's CrowdStrike Outage, Study Finds | WIRED Hacker returns cryptocurrency stolen from GMX exchange after $5 million bounty payment | The Record Indian crypto exchange CoinDCX says $44 million stolen from reserves | The Record Chainalysis: $2.17 billion in crypto stolen in first half of 2025, driven by North Korean hacks | The Record PoisonSeed bypassing FIDO keys to ‘fetch' user accounts Risky Bulletin: Browser extensions hijacked for web scraping botnet A Startup is Selling Data Hacked from Peoples' Computers to Debt Collectors A surveillance vendor was caught exploiting a new SS7 attack to track people's phone locations | TechCrunch Ukrainian hackers wipe databases at Russia's Gazprom in major cyberattack, intelligence source says File transfer company CrushFTP warns of zero-day exploit seen in the wild | The Record HPE warns of hardcoded passwords in Aruba access points Pre-Auth SQL Injection to RCE - Fortinet FortiWeb Fabric Connector (CVE-2025-25257) Researchers, CISA confirm active exploitation of critical Citrix Netscaler flaw | Cybersecurity Dive Google finds custom backdoor being installed on SonicWall network devices - Ars Technica Hackers Can Remotely Trigger the Brakes on American Trains and the Problem Has Been Ignored for Years

Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com00:00 - PreShow Banter™ — PaintBallers03:55 - BHIS - Talkin' Bout [infosec] News 2025-07-2104:21 - Story # 1: Microsoft 0-day Mass Exploitation09:39 - Story # 2: Replit AI went rogue, deleted a company's entire database, then hid it and lied about it13:15 - Story # 3: ‘All US forces must now assume their networks are compromised' after Salt Typhoon breach18:08 - Story # 4: After FBI Warning, Alaska Airlines Grounded; Salt Typhoon Suspected20:45 - Story # 5: FBI Cybersecurity Breach Led to Murders of Informants in El Chapo Case21:54 - Story # 5b: FBI's Report29:57 - Story # 6: Google fixes actively exploited sandbox escape zero day in Chrome31:30 - Story # 7: Exploited Wing file transfer bug risks ‘total server compromise,' CISA warns32:33 - Story # 8: CitrixBleed 2 situation update — everybody already got owned33:01 - Story # 9: At Least 750 US Hospitals Faced Disruptions During Last Year's CrowdStrike Outage, Study Finds46:14 - Story # 10: Amazon Ring Doorbell May 28 Mass Hacking Claim Goes Viral48:56 - jdbgmgr.exe virus hoax51:52 - Story # 11: HPE warns of hardcoded passwords in Aruba access points

Confusion persists over the Microsoft Sharepoint zero-days. CrushFTP confirms a zero-day under active exploitation. The UK government proposes a public sector ban on ransomware payments. A new ransomware group is using an AI chatbot to handle victim negotiations. Australia's financial regulator accuses a wealth management firm of failing to manage cybersecurity risks. Researchers uncover a WordPress attack that abuses Google Tag Manager. Arizona election officials question CISA following a state portal cyberattack.  Hungarian police arrest a man accused of launching DDoS attacks on independent media outlets. On our Threat Vector segment guest host ⁠Michael Sikorski⁠ ⁠and Michael Daniel⁠ of the Cyber Threat Alliance (CTA) explore cybersecurity collaboration. A Spyware kingpin wants back in. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector Segment On our Threat Vector segment, host David Moulton turns the mic over to guest host ⁠Michael Sikorski⁠ and his guest ⁠Michael Daniel⁠ of the Cyber Threat Alliance (CTA) for a deep dive into cybersecurity collaboration. You can hear Michael and Michael's full discussion on Threat Vector ⁠⁠⁠here⁠⁠⁠ and catch new episodes every Thursday on your favorite podcast app. Selected Reading ToolShell Zero-Day Attacks on SharePoint: First Wave Linked to China, Hit High-Value Targets (SecurityWeek) Microsoft: Windows Server KB5062557 causes cluster, VM issues (Bleeping Computer)  File transfer company CrushFTP warns of zero-day exploit seen in the wild (The Record) UK to lead crackdown on cyber criminals with ransomware measures (GOV.UK) Ransomware Group Uses AI Chatbot to Intensify Pressure on Victims (Infosecurity Magazine) Australian Regulator Alleges Financial Firm Exposed Clients to Unacceptable Cyber Risks (Infosecurity Magazine) WordPress spam campaign abuses Google Tag Manager scripts (SC Media) After website hack, Arizona election officials unload on Trump's CISA (CyberScoop) Hungarian police arrest suspect in cyberattacks on independent media (The Record) Serial spyware founder Scott Zuckerman wants the FTC to unban him from the surveillance industry (TechCrunch) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The Monday Microsegment for the week of July 21st. All the cybersecurity news you need to stay ahead, from Illumio's The Segment podcast.Is Salt Typhoon's nine-month hack of a National Guard network the tip of the iceberg?CISA issues a rare 24-hour deadline to patch CitrixBleed 2 vulnerability.And a zero-day vulnerability in SharePoint is being used to breach dozens of organizations.And John Kindervag joins us for a "Kindervag's Compass" segment. Head to The Zero Trust Hub: hub.illumio.comIntroducing Illumio Insights: AI Cloud Detection and Response Webinar: https://lp.illumio.com/Introducing-Illumio-Insights-Webinar.On-Demand

Podcast: Critical Assets PodcastEpisode: Vulnerability Overload: Making Prioritization Work in the Real WorldPub date: 2025-07-20Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, Patrick Miller speaks with Kylie McClanahan, CTO at Bastazo, about the practical (and often messy) realities of patch and vulnerability management in operational technology (OT) environments. Kylie shares grounded insights into patching challenges, the gaps between IT and OT remediation cycles, and the real-world implications of relying too heavily on scoring systems like CVSS.The conversation covers CISA's Known Exploited Vulnerabilities (KEV) catalog, exploring how it's being used (and possibly misused) in prioritization workflows, and where the disconnects lie between policy directives and operational feasibility. Kylie also critiques the current state of vendor responsiveness, machine-readable vulnerability disclosure (CSAF), and the importance of asset and exposure awareness.This episode is essential listening for practitioners wrestling with patching fatigue, program prioritization, and the tradeoffs between theoretical vulnerability data and applied security outcomes in critical infrastructure environments.Links:CISA KEV: https://www.cisa.gov/known-exploited-vulnerabilitiesCISA vulnrichment: https://github.com/cisagov/vulnrichmentVulnrichment, Year One: https://www.youtube.com/watch?v=g5pSVMnWD7kCISA SSVC: https://www.cisa.gov/stakeholder-specific-vulnerability-categorization-ssvcCarnegie Mellon SSVC: https://certcc.github.io/SSVC/CSAF: https://www.csaf.io/VulnCheck KEV: https://vulncheck.com/kevKylie McLanahan on LinkedIn: https://www.linkedin.com/in/kyliemcclanahan/Bastazo: https://bastazo.comThe podcast and artwork embedded on this page are from Patrick Miller, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Google and Microsoft issue critical updates. CISA warns of active exploitation of a critical flaw in Wing FTP Server. Cloudflare restores their DNS Resolver service following a brief outage. A critical vulnerability in a PHP documentation tool allows attackers to execute code on affected servers. NSA and FBI officials say they've disrupted Chinese cyber campaigns targeting U.S. critical infrastructure. A UK data breach puts Afghan soldiers and their families at risk. Researchers find malware hiding in DNS records. A former U.S. Army soldier pleads guilty to charges of hacking and extortion. Ben Yelin joins us with insights on the Senate Armed Services Committee's response to rising threats to critical infrastructure.The large print giveth and the small print taketh away.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Ben Yelin, co host of our Caveat podcast and Program Director for Public Policy & External Affairs at the University of Maryland Center for Cyber Health and Hazard Strategies, discussing the Senate Armed Services Committee's and Trump administration nominees' recent conversation about rising threats to critical infrastructure. You can find the article Ben discusses here. Selected Reading Google fixes actively exploited sandbox escape zero day in Chrome (Bleeping Computer) Windows KB5064489 emergency update fixes Azure VM launch issues (Bleeping Computer) Exploited Wing file transfer bug risks ‘total server compromise,' CISA warns (The Record) Cloudflare 1.1.1.1 incident on July 14, 2025 (Cloudflare) Critical template Injection flaw in LaRecipe Documentation Package enables remote code execution (Beyond Machines) NSA: Volt Typhoon was ‘not successful' at persisting in critical infrastructure (The Record) Defence secretary 'unable to say' if anyone killed after Afghan data breach  (BBC News) Hackers exploit a blind spot by hiding malware inside DNS records (Ars Technica) 21-year-old former US soldier pleads guilty to hacking, extorting telecoms  (The Record) WeTransfer says files not used to train AI after backlash (BBC News) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The Department of Veterans Affairs' acting chief information officer doubled down on the agency's reshaping of its IT workforce, telling lawmakers in a Monday hearing that change is “challenging” but “necessary.” Eddie Pool told members of the House VA's subcommittee on technology modernization that the agency's Office of Information and Technology (OIT) is pushing forward with workforce reductions as the division increasingly turns to automation and other technology modernization efforts. “This reorganization, reallocation of positions, is designed to cut bureaucratic overhead, accelerate decision making and focus every OIT position on delivering secure, reliable and modern IT solutions to improve veterans' lives,” Pool said in opening remarks at the hearing. Subcommittee Chair Tom Barrett, R-Mich., lauded the VA OIT's “smarter, not bigger” strategy in its fiscal 2026 budget request, asking Pool if technology improvements can alleviate the need for manual, human processes. “Absolutely,” Pool responded. “It is about automating what we can automate.” In its fiscal 2026 budget, the VA OIT requested funding to support approximately 7,000 full-time equivalent employees, marking an 11.7% decrease from its fiscal 2025 budget request, according to Carol Harris, the director of information technology and cybersecurity for the Government Accountability Office. Former White House national security adviser Mike Waltz brushed aside criticisms Tuesday that he put sensitive military operations at risk by holding discussions about military strikes in a Signal group chat, claiming the app's use was authorized by the federal government's top civilian cyber agency. In a Senate Foreign Relations Committee hearing, Waltz — who has been nominated to represent the U.S. at the United Nations — was pressed about his short tenure as President Donald Trump's top national security official. In particular, he was grilled by Sen. Chris Coons, D-Del., for his use of the end-to-end encrypted messaging application Signal to coordinate with other officials over airstrikes on Houthi rebels.While much of the initial attention was focused on Waltz adding journalist Jeffrey Goldberg to the chat, national security experts were also aghast by government officials at the highest levels coordinating highly sensitive military operations using a free application. The incident is widely viewed as contributing to Waltz's departure just months after leaving Congress to take the role, and his subsequent shuffling to a new nomination at the U.N. “The use of Signal is not only … authorized; it was recommended in the Biden-era CISA guidance,” he said. Waltz was referencing a piece of 2024 guidance put out by CISA on mobile security. He later read from a portion of the guidance, which recommended using “only end-to-end encrypted communication” and to “adopt a free messaging application to secure communications that guarantees end to end encryption, particularly if you are a highly targeted individual, such as Signal or other apps.” The Daily Scoop Podcast is available every Monday-Friday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast  on Apple Podcasts, Soundcloud, Spotify and YouTube.

British and Romanian authorities make arrests in a major tax fraud scheme. The Interlock ransomware gang has a new RAT. A new vulnerability in Google Gemini for Workspace allows attackers to hide malicious instructions inside emails. Suspected Chinese hackers breach a major DC law firm.  Multiple firmware vulnerabilities affect products from Taiwanese manufacturer Gigabyte Technology. Nvidia warns against Rowhammer attacks across its product line. Louis Vuitton joins the list of breached UK retailers. Indian authorities dismantle a cyber fraud gang. CISA pumps the brakes on a critical vulnerability in American train systems. Our guest is Cynthia Kaiser, SVP of Halcyon's Ransomware Research Center and former Deputy Assistant Director at the FBI's Cyber Division, with insights on Scattered Spider. Hackers ransack Elmo's World.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Cynthia Kaiser, SVP of Halcyon's Ransomware Research Center and former Deputy Assistant Director at the FBI's Cyber Division, discussing "Scattered Spider and Other Criminal Compromise of Outsourcing Providers Increases Victim Attacks." You can check out more from Halcyon here. Selected Reading Romanian police arrest 13 scammers targeting UK's tax authority (The Record) Interlock Ransomware Unleashes New RAT in Widespread Campaign (Infosecurity Magazine) Google Gemini flaw hijacks email summaries for phishing (Bleeping Computer) Chinese hackers suspected in breach of powerful DC law firm (CNN Politics) Flaws in Gigabyte Firmware Allow Security Bypass, Backdoor Deployment (Security Week) Nvidia warns of Rowhammer attacks on GPUs (The Register) Louis Vuitton UK Latest Retailer Hit by Data Breach (Infosecurity Magazine) Indian Police Raid Tech Support Scam Call Center (Infosecurity Magazine) Security vulnerability on U.S. trains that let anyone activate the brakes on the rear car was known for 13 years — operators refused to fix the issue until now (Tom's Hardware) End-of-Train and Head-of-Train Remote Linking Protocol (CISA) Hacker Makes Antisemitic Posts on Elmo's X Account (The New York Times) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode of 'Cybersecurity Today,' hosted by David Shipley from the Exchange Security 2025 conference, urgent updates are provided on critical cybersecurity vulnerabilities and threats. CISA mandates a 24-hour patch for Citrix NetScaler due to a severe vulnerability actively being exploited, dubbed 'Citrix Bleed.' Fortinet's FortiWeb also faces a critical pre-auth remote code execution flaw that demands immediate patching. Additionally, significant vulnerabilities in AI-driven developments are highlighted, including shortcomings in Jack Dorsey's BitChat app and a method to extract Windows keys from ChatGPT-4. The episode emphasizes the importance of timely updates, robust security measures, and the potential risks involved with AI-generated code. 00:00 Introduction and Overview 00:35 Urgent Citrix Vulnerability Alert 03:26 Fortinet FortiWeb Exploit Details 06:23 Ingram Micro Ransomware Recovery 09:26 AI Coding and Security Risks 14:03 ChatGPT Security Flaw Exposed 17:20 Conclusion and Contact Information

CISA gives one day for Citrix Bleed 2 fix Google Gemini flaw hijacks email summaries for phishing Louis Vuitton says UK customer data stolen in cyber-attack Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.

Fortinet patches a critical flaw in its FortiWeb web application firewall.  Hackers are exploiting a critical vulnerability in Wing FTP Server. U.S. Cyber Command's fiscal 2026 budget includes a new AI project.  Czechia's cybersecurity agency has issued a formal warning about Chinese AI company DeepSeek. The DoNot APT group targets Italy's Ministry of Foreign Affairs. Mexico's former president is under investigation for alleged bribes to secure spyware contracts. The FBI seizes a major Nintendo Switch piracy site. CISA releases 13 ICS advisories.  A retired US Army lieutenant colonel pleads guilty to oversharing classified information on a dating app. Our guest is Catherine Woneis, VP of Product at Fingerprint, to discuss how bots are being used to facilitate music royalty fraud. A federal judge is not impressed with a crypto-thief's lack of restitution. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Catherine Woneis, VP of Product at Fingerprint, to discuss how bots are being used to facilitate music royalty fraud and how companies can protect themselves. Selected Reading Critical SQL injection vulnerability in Fortinet FortiWeb enables unauthenticated remote code execution (Beyond Machines) Critical Wing FTCritical Wing FTP Server Vulnerability Exploited - SecurityWeekP Server Vulnerability Exploited (SecurityWeek) Cyber Command creates new AI program in fiscal 2026 budget (DefenseScoop) DeepSeek a threat to national security, warns Czech cyber agency (The Record) Indian Cyber Espionage Group Targets Italian Government (Infosecurity Magazine) Former Mexican president investigated over allegedly taking bribes from spyware industry (The Record) Major Nintendo Switch Piracy Website Seized By FBI (Kotaku) CISA Releases Thirteen Industrial Control Systems Advisories (CISA) Lovestruck US Air Force worker admits leaking secrets on dating app (The Register) Crypto Scammer Truglia Gets 12 Years Prison, Up From 18 Months (Bloomberg) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

¿Problemas de adicción al #alcohol, #drogas…? ☎️ 915 630 447 ¡LLAMANOS 24H! 🌐 https://bienestar.neurosalus.com/ Solicita ahora mismo información sobre tratamientos de desintoxicación, precios, disponibilidad de plazas… HA SIDO POSIBLE CREAR EL PROGRAMA “LA REUNIÓN SECRETA” GRACIAS A TU AYUDA COMO GUARDIÁN MECENAS. ***** HAZTE MECENAS EN https://www.patreon.com/lareunionsecreta Esta noche vive un nuevo directo de #LaReuniónSecreta​ desde la 22:00​ hora española. Te decimos lo que nadie dice: sin anestesia y sin edulcorantes. ¡La Reunión Secreta somos todos! No se lo digas a nadie… ¡PÁSALO! 🔁💪🤫 🎸 CARLITOS TÍNEZ https://www.youtube.com/channel/UC0eeuxpQ70z-Pe0rHhOq9Fg Conexiones en directo con: - 🎖️ Dr. Guillermo Rocafort (Doctor en Ciencias Económicas por la Universidad San Pablo. Profesor de Economía Pública y Economía de la Empresa en la Universidad Carlos III de Madrid. Profesor del Departamento de Derecho Económico y Social de la Universidad Pontificia Comillas. Abogado) - Rayco Pérez (Exmilitar. Director de DREAM Project Group. Especialista en Gestión de Seguridad. Ha redactado el Plan de Emergencias de El Paso, en la isla de La Palma) - 🎖️ Alfredo Perdiguero (Subinspector de la Policía Nacional. Delegado de ASP) - Álex N. Lachhein (Naturalista. Divulgador medioambiental) - Gabriel Araújo (Secretario general de la Asociación Nacional de Tasadores y Peritos Judiciales Informáticos - ANTPJI. Perito en informática forense. Auditor de sistemas CISA. Hacker ético CEHv7) - Francisco Vaquero (Realizador extremeño. Director del documental “Vidas irrenovables” donde da voz a los afectados por la implantación de infraestructuras de energías renovables en toda España) - César Sallén (Inventor de Ecofire, una innovadora solución para combatir el fuego) Con el equipo habitual de La Reunión Secreta: Dr. José Miguel Gaona, Joan Miquel MJ, Carlos Martínez, Lourdes Martínez, Marta Vim, Olga Ralló, Luna de María, Tatiana y Piluca. _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ SÍGUENOS EN REDES Twitter: https://twitter.com/lrsecreta Instagram: https://www.instagram.com/lareunionsecreta/ Facebook: https://www.facebook.com/LRsecreta REDES SOCIALES DEL EQUIPO | DR. JOSÉ MIGUEL GAONA | - https://twitter.com/doctorgaona | DIRECTOR | - Joan Miquel MJ - https://www.instagram.com/official_joan_miquel_mj/ | PRODUCTORA | - Lourdes Martínez - https://twitter.com/chicadelaradio | AYUDANTE DE DIRECCIÓN | - Olga Ralló - https://twitter.com/olgarallo | AYUDANTE DE PRODUCCIÓN | - Carlos Martínez - https://twitter.com/Carlitos_Tinez _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

Researchers release proof-of-concept exploits for CitrixBleed2. Grafana patches four high-severity vulnerabilities. A hacker claims to have breached Spanish telecom giant Telefónica. Italian police arrest a Chinese man wanted by U.S. authorities for alleged industrial espionage. Beware of a new ransomware group called Bert. Call of Duty goes offline after reports of RCE vulnerabilities. President Trump's spending bill allocates hundreds of millions for cybersecurity. Nearly 26 million job seekers' resumes and personal data are leaked. CISA adds four actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog. Outsmarting AI scraper bots with math. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector Segment Cyber attackers are increasingly targeting the very tools developers trust—integrated development environments (IDEs), low-code platforms, and public code repositories. In this segment of Threat Vector, host ⁠David Moulton⁠ speaks with ⁠Daniel Frank⁠ and ⁠Tom Fakterman⁠ from Palo Alto Networks' threat research team about “Hunting Threats in Developer Environments.” You can hear David and Tyler's full discussion on Threat Vector ⁠⁠here⁠⁠ and catch new episodes every Thursday on your favorite podcast app. Selected Reading Public exploits released for Citrix Bleed 2 NetScaler flaw, patch now (Bleeping Computer) Grafana Patches Chromium Bugs, Including Zero-Day Exploited in the Wild (SecurityWeek) Hacker leaks Telefónica data allegedly stolen in a new breach (Bleeping Computer) Italian police arrest Chinese national wanted by FBI for alleged industrial espionage (Reuters) Beware of Bert: New ransomware group targets healthcare, tech firms (The Record) Call of Duty takes PC game offline after multiple reports of RCE attacks on players (CyberScoop) GOP domestic policy bill includes hundreds of millions for military cyber (CyberScoop) TalentHook leaks resumes of 26 Million job seekers (Beyond Machines) CISA Adds Four Known Exploited Vulnerabilities to Catalog (CISA) The Open-Source Software Saving the Internet From AI Bot Scrapers (404 Media) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Watch The X22 Report On Video No videos found (function(w,d,s,i){w.ldAdInit=w.ldAdInit||[];w.ldAdInit.push({slot:17532056201798502,size:[0, 0],id:"ld-9437-3289"});if(!d.getElementById(i)){var j=d.createElement(s),p=d.getElementsByTagName(s)[0];j.async=true;j.src="https://cdn2.decide.dev/_js/ajs.js";j.id=i;p.parentNode.insertBefore(j,p);}})(window,document,"script","ld-ajs");pt> Click On Picture To See Larger PictureCanada tried to put pressure on Trump and the US, it backfired, and Canada has now bowed to Trump. If they followed through Canada would have been a disaster. Inflation is not showing up in the tariffs, Powell running out of time. BBB is on its way, and once the President signs it, the economy is going to take off.Stage is set for the Federal Reserve.The [DS] is panicking, they thought they would be able to start WWIII, strings were cut and now their power is lost. CISA has now issued a cyber attack warning, right on schedule. The stage is set. All roads lead to Obama and Trump and team are bringing the [DS] down the path they want them to follow. This will not end well for the [DS].   Economy    are hereby terminating ALL discussions on Trade with Canada, effective immediately. We will let Canada know the Tariff that they will be paying to do business with the United States of America within the next seven day period. Thank you for your attention to this matter! https://twitter.com/disclosetv/status/1939522597550518357 If Canada had kept the Digital Services Tax (DST) in place, the financial and economic consequences would have been significant, primarily due to potential U.S. retaliation and disruptions to the Canada-U.S. trade relationship.   Lost Tax Revenue vs. Retaliatory Tariffs: The DST was projected to generate approximately C$5.9 billion (about US$4.3 billion) over five years, or roughly C$1.2 billion (US$870 million) annually, according to Canada's 2024 federal budget However, U.S. President Donald Trump threatened to impose new tariffs on Canadian goods in response to the DST, which could have far exceeded the tax revenue. For context, Canada exports over US$400 billion in goods annually to the U.S., representing 75% of its total goods exports. If the U.S. imposed tariffs (e.g., 10-50% as suggested by Trump's April 2025 tariff levels), the cost to Canadian exporters could have ranged from US$40 billion to US$200 billion annually, depending on the tariff rate and scope. Specific sectors like automobiles, energy, steel, and aluminum (already facing 50% U.S. tariffs) would have been hit hardest, with ripple effects across supply chains. Increased Costs for Canadian Consumers and Businesses: The DST would have imposed a 3% tax on digital services revenue from Canadian users, affecting U.S. tech giants like Amazon, Google, Meta, and Apple. Some companies, like Google, had already introduced surcharges (e.g., a 2.5% “Canada DST Fee” on ads starting October 2024) to offset compliance costs, which would have raised prices for Canadian consumers and businesses reliant on digital services. Canadian business groups warned that these costs would be passed on, increasing the price of digital subscriptions, online marketing, and e-commerce. Economic Impact of Retaliation: The U.S. could have targeted Canadian pension funds and investments through retaliatory measures, as warned by the Canadian Chamber of Commerce. A trade war could have exacerbated Canada's economic slowdown, with unemployment already at 7% in 2025, potentially leading to job losses in export-dependent industries like manufacturing and energy.   Sector-Specific Impacts: Automotive and Manufacturing: Tariffs on automobiles and parts would have disrupted integrated North American supply chains, increasing costs for Canadian manufacturers and potentially le...

CISA warns organizations of potential cyber threats from Iranian state-sponsored actors.Scattered Spider targets aviation and transportation. Workforce cuts at the State Department raise concerns about weakened cyber diplomacy. Canada bans Chinese security camera vendor Hikvision over national security concerns.Cisco Talos reports a rise in cybercriminals abusing Large Language Models. MacOS malware Poseidon Stealer rebrands.Researchers discover multiple vulnerabilities in Bluetooth chips used in headphones and earbuds. The FDA issues new guidance on medical device cybersecurity. Our guest is  Debbie Gordon, Co-Founder of Cloud Range, looking “Beyond the Stack - Why Cyber Readiness Starts with People.” An IT worker's revenge plan backfires. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today's Industry Voices segment, Debbie Gordon, Co-Founder of Cloud Range, shares insights on looking “Beyond the Stack - Why Cyber Readiness Starts with People.” Learn more about what Debbie discusses in Cloud Range's blog: Bolstering Your Human Security Posture. You can hear Debbie's full conversation here. Selected Reading CISA and Partners Urge Critical Infrastructure to Stay Vigilant in the Current Geopolitical Environment (CISA) Joint Statement from CISA, FBI, DC3 and NSA on Potential Targeted Cyber Activity Against U.S. Critical Infrastructure by Iran (CISA, FBI, DOD Cyber Crime Center, NSA)  Prolific cybercriminal group now targeting aviation, transportation companies (Axios) U.S. Cyber Diplomacy at Risk Amid State Department Shakeup (GovInfo Security) Canada Bans Chinese CCTV Vendor Hikvision Over National Security Concerns (Infosecurity Magazine) Malicious AI Models Are Behind a New Wave of Cybercrime, Cisco Talos (Hackread) MacOS malware Poseidon Stealer rebranded as Odyssey Stealer (SC Media) Airoha Chip Vulnerabilities Expose Headphones to Takeover (SecurityWeek) FDA Expands Premarket Medical Device Cyber Guidance (GovInfo Security) 'Disgruntled' British IT worker jailed for hacking employer after being suspended (The Record) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Cybercriminals target financial institutions across Africa using open-source tools. Threat actors are using a technique called Authenticode stuffing to abuse ConnectWise remote access software. A fake version of SonicWall's NetExtender VPN app steals users' credentials. CISA and the NSA publish a guide urging the adoption of Memory Safe Languages. Researchers identify multiple security vulnerabilities affecting Brother printers. Fake AI-themed websites spread malware. Researchers track a sharp rise in signup fraud. A new Common Good Cyber Fund has been launched to support nonprofits that provide essential cybersecurity services. Tim Starks from CyberScoop joins us to discuss calls for a federal cyberinsurance backstop. A Moscow court says ‘nyet' to more jail time for cyber crooks. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest We are again joined by Tim Starks, Senior Reporter from CyberScoop. Tim discusses his recent piece on “Federal cyber insurance backstop should be tied to expiring terrorism insurance law, report recommends.” Selected Reading Cybercriminals Abuse Open-Source Tools To Target Africa's Financial Sector (Unit 42) Hackers Abuse ConnectWise to Hide Malware (SecurityWeek) Fake SonicWall VPN app steals user credentials (The Register) CISA Publishes Guide to Address Memory Safety Vulnerabilities in Modern Software Development (GB Hackers) New Vulnerabilities Expose Millions of Brother Printers to Hacking (SecurityWeek) Black Hat SEO Poisoning Search Engine Results For AI (ThreatLabz) Half of Customer Signups Are Now Fraudulent  (Infosecurity Magazine) Common Good Cyber Fund Launched to Support Non-Profit Security Efforts (Infosecurity Magazine) Russia releases REvil members after convictions for payment card fraud (The Record) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

A House oversight committee requests DOGE documents from Microsoft. Predatory Sparrow claims a cyberattack on an Iranian bank. Microsoft says data that happens in Europe will stay in Europe. A complex malware campaign is using heavily obfuscated Visual Basic files to deploy RATs. A widely used CMS platform suffers potential RCE bugs.  North Korea's Kimsuky targets academic institutions using password-protected research documents. Asus patches a high-severity vulnerability in its Armoury Crate software. CISA's new leader remains in confirmation limbo. Our guest is Brian Downey, VP of Product Management from Barracuda, talking about how security sprawl increases risk. Operation Fluffy Narwhal thinks it's time to rethink adversary naming. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.  CyberWire Guest We are joined by Brian Downey, VP of Product Marketing and Product Management from Barracuda, talking about how security sprawl increases risk. You can find more information about what Brian discussed here. Selected Reading Following Whistleblower Reports, Acting Ranking Member Lynch Demands Microsoft Hand Over Information on DOGE's Misconduct at NLRB | The Committee on Oversight and Accountability Democrats (House Committee on Oversight and Government Reform) Pro-Israel hackers claim breach of Iranian bank amid military escalation (The Record) Microsoft lays out data protection plans for European cloud customers (Reuters) New Sophisticated Multi-Stage Malware Campaign Weaponizes VBS Files to Execute PowerShell Script (Cyber Security News) Chained Flaws in Enterprise CMS Provider Sitecore Could Allow RCE (Infosecurity Magazine) Beware of Weaponized Research Papers That Delivers Malware Via Password-Protected Documents (Cyber Security News) Organizations Warned of Vulnerability Exploited Against Discontinued TP-Link Routers (SecurityWeek) Asus Armoury Crate Vulnerability Leads to Full System Compromise (SecurityWeek) Trump's Pick to Lead CISA is Stuck in Confirmation Limbo (Gov Infosecurity) Call Them What They Are: Time to Fix Cyber Threat Actor Naming (Just Security) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices