POPULARITY
Categories
SentinelOne suffers a global service outage. A major DDoS attack hits a Russian internet provider. U.S. banking groups urge the SEC to scrap cybersecurity disclosure rules. Australia mandates reporting of ransomware payments. Researchers uncover a new Browser-in-the-Middle (BitM) attack targeting Safari users. A Florida health system pays over $800,000 to settle insider breach concerns. CISA issues five urgent ICS advisories. Our guest is Matt Covington, VP of Product at BlackCloak, discussing the emergence of advanced impersonation techniques like deepfakes and the importance of digital executive protection. The feds are putting all our digital data in one basket. CyberWire Guest On our Industry Voices segment, at the 2025 RSA Conference, we were joined by Matt Covington, VP of Product at BlackCloak, discussing the emergence of advanced impersonation techniques like deepfakes and digital executive protection. Listen to Matt's conversation here. Selected Reading Cybersecurity Firm SentinelOne Suffers Major Outage (Bank Infosecurity) DDoS incident disrupts internet for thousands in Moscow (The Record) Banks Want SEC to Rescind Cyberattack Disclosure Requirements (PYMNTS.com) Australian ransomware victims now must tell the government if they pay up (The Record) New BitM Attack Exploits Safari Vulnerability to Steal Login Credentials (Cyber Security News) Florida Health System Pays $800K for Insider Record Snooping (Bank Infosecurity) UTG-Q-015 Hackers Launched Large Scale Brute-Force Attacks Against Govt Web Servers (Cyber Security News) CISA Releases Five ICS Advisories Targeting Vulnerabilities and Exploits (Cyber Security News) Trump Taps Palantir to Compile Data on Americans (The New York Times) Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
The Czech Republic accuses Chinese state-backed hackers of cyber-espionage. CISA's leaders head for the exits. Cybercriminals are using fake AI video generator websites to spread malware. A stealthy phishing campaign delivers the Remcos RAT via DBatLoader. A fake Bitdefender website spreads malware targeting financial data. Medusa ransomware claims to have breached global real estate firm RE/MAX. An Iranian national faces up to 30 years in prison for ransomware targeting US cities. Our guest is Tony Velleca, CyberProof's CEO, discussing exposure management and a more risk-focused approach to prioritize threats. Mind reading for fun and profit. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today's Industry Voices segment, at the 2025 RSA Conference we were joined by Tony Velleca, CyberProof's CEO, who is discussing exposure management and moving towards a more risk-focused approach to prioritize threats. Listen to Tony's interview here. Selected Reading Chinese spies blamed for attempted hack on Czech government network (The Record) CISA loses nearly all top officials as purge continues- (Cybersecurity Dive) Google warns of Vietnam-based hackers using bogus AI video generators to spread malware (The Record) Chrome 137, Firefox 139 Patch High-Severity Vulnerabilities (SecurityWeek) New Phishing Campaign Uses DBatLoader to Drop Remcos RAT: What Analysts Need to Know (Hack Read) Hackers Mimic Popular Antivirus Site to Deliver VenomRAT & Steal Finance Data (Cybersecurity News) RE/MAX deals with alleged 150GB data theft: Medusa ransomware demands $200K (Cyber News) CISA Releases ICS Advisories Covering Vulnerabilities & Exploits (Cybersecurity News) Iranian pleads guilty to launching Baltimore ransomware attack, faces 30 years behind bars (The Record) Neural Privacy Under Threat: The Battle for Neural Data (tsaaro consulting) Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
In this week's edition of Risky Business Dmitri Alperovitch and Adam Boileau join Patrick Gray to talk through the week's news, including: EXCLUSIVE: A Scattered Spider-style crew is hijacking DNS MX entries and compromising enterprises within minutes The SVG format brings the all horrors of HTML+JS to image files, and attackers have noticed Brian Krebs eats a 6.3Tbps DDoS … ‘cause that's how you demo your packet cannon Law enforcement takes out Lumma Stealer, Qakbot, Danabot and some dark web drug traffickers Iranian behind 2019 Baltimore ransomware mysteriously appears in North Carolina and pleads guilty CISA's leadership is fleeing in droves, even though the US needs them more than ever. This week's episode is sponsored by Thinkst Canary. Long time friend of the show Haroon Meer joins and talks through where he feels the industry is at, having just returned home from the AI-fueled hype at this year's RSA conference. This episode is also available on Youtube. Show notes China-linked ‘Silk Typhoon' hackers accessed Commvault cloud environments, person familiar says - Nextgov/FCW Risky Bulletin: SVG use for phishing explodes in 2025 - Risky Business Media KrebsOnSecurity Hit With Near-Record 6.3 Tbps DDoS – Krebs on Security Midwestern telco Cellcom confirms cyber incident after days of service outages | The Record from Recorded Future News Microsoft leads international takedown of Lumma Stealer | Cybersecurity Dive Who said what? on X: "Message from the administrator of Lumma Stealer on the forums about the recent events
If you like what you hear, please subscribe, leave us a review and tell a friend!
CISA warns Commvault clients of campaign targeting cloud applications Russian hacker group Killnet returns with slightly adjusted mandate Fake VPN and browser NSIS installers used to deliver Winos 4.0 malware Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.
Three Buddy Problem - Episode 47: We unpack a multi-agency report on Russia's APT28/Fancy Bear hacking and spying on Ukraine war supply lines, CISA's sloppy YARA rules riddled with false positives, the ethics of full-disclosure after Akamai dropped Windows Server “BadSuccessor” exploit details, and Sekoia's discovery of thousands of hijacked edge devices repurposed as honeypots. The back half veers into Microsoft's resurrected Windows Recall, Signal's new screenshot-blocking countermeasure, Japan's fresh legal mandate for pre-emptive cyber strikes, and why appliance vendors like Ivanti keep landing in the headlines. Along the way you get hot takes on techno-feudalism, Johnny Ive's rumored AI gadget, and a lively debate over whether publishing exploit code ever helps defenders. Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Ryan Naraine (https://twitter.com/ryanaraine) and Costin Raiu (https://twitter.com/craiu).
In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.A report from Google on how to defend against UNC3944, better known as Scattered Spider.North Korea-backed threat actor TA406 has shifted its focus to targeting Ukrainian government agencies, according to new research from Proofpoint.Since October 2024, urlscan.io has been tracking a phishing campaign known as Oriental Gudgeon, which is targeting over 40 Japanese commercial entities—mostly in the financial services sector.Apple has released a substantial batch of security updates across its software ecosystem, including iOS 18.5, iPadOS, and the latest versions of macOS. And the article Matt mentions about CISA shifting their alert distribution strategy: https://www.infosecurity-magazine.com/news/cisa-alert-strategy-email-social/
If you like what you hear, please subscribe, leave us a review and tell a friend!
President Trump signs the Take It Down Act into law. A UK grocer logistics firm gets hit by ransomware. Researchers discover trojanized versions of the KeePass password manager. Researchers from CISA and NIST promote a new metric to better predict actively exploited software flaws. A new campaign uses SEO poisoning to deliver Bumblebee malware. A sophisticated phishing campaign is impersonating Zoom meeting invites to steal user credentials. CISA has added six actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog. A bipartisan bill aims to strengthen the shrinking federal cybersecurity workforce. Our guest is Chris Novak, Vice President of Global Cybersecurity Solutions at Verizon, sharing insights on their 2025 DBIR. DOGE downsizes, and the UAE recruits. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Chris Novak, Vice President of Global Cybersecurity Solutions at Verizon, sharing insights on their 2025 Data Breach Investigations Report (DBIR).Selected Reading Trump signs the Take It Down Act into law |(The Verge) Supplier to Tesco, Aldi and Lidl hit with ransomware (Computing) Fake KeePass password manager leads to ESXi ransomware attack (Bleeping Computer) Vulnerability Exploitation Probability Metric Proposed by NIST, CISA Researchers (Security Week) Threat Actors Deliver Bumblebee Malware Poisoning Bing SEO (Cybersecurity News) New Phishing Attack Poses as Zoom Meeting Invites to Steal Login Credentials (GB Hackers) CISA Adds Six Known Exploited Vulnerabilities to Catalog (CISA) Federal cyber workforce training institute eyed in bipartisan House bill (CyberScoop) UAE Recruiting US Personnel Displaced by DOGE to Work on AI for its Military (Zetter Sero Day) Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
If you like what you hear, please subscribe, leave us a review and tell a friend!
In this week's Security Sprint, Dave and Andy talked about the following topics:Warm Opening:• Gate 15 - Blueprints Before Breaches: Planning for Ransomware Resilience. This blog is part of Gate 15's Summer of Security: Ransomware Resilience Series, highlighting the essential considerations for organizational leaders and cybersecurity professionals. Planning for a ransomware attack is a vital component of any organization's cybersecurity strategy. Having a ransomware plan is important because it helps organizations prepare for, respond to, and recover from ransomware attacks effectively.• H2OSecConPalm Springs Bombingo FBI links California fertility clinic bombing to anti-natalist ideologyo Online manifesto threatened clinic attack; FBI probes Palm Springs bomb suspect's motiveo 25-year-old suspect in fertility clinic bombing left behind ‘anti-pro-life' writings, officials sayo What we know about the Palm Springs bombero Palm Springs IVF clinic bomber ID'd as Guy Edward Bartkus, a ‘pro-mortalist' who opposed people being born ‘without their consent'o Palm Springs Bombing Suspect Burned Down Family Home Aged 9, Father Says• Hate Amplified: Online Posts About U.S. Judges Take Increasingly Violent Turn• Michigan Man Arrested and Charged with Attempting to Attack Military Base on Behalf of ISIS• The Delirious, Violent, Impossible True Story of the Zizians• The world's largest incel forum reacts to Netflix's Adolescence with hate and conspiracies• First Responders Toolbox: Large Public Gatherings Attractive Targets for Violent ExtremistsCoinbase & Insider Threat• Protecting Our Customers - Standing Up to Extortionists • Coinbase Global, Inc. & 8-K filed on 2025-05-15• Coinbase flips $20M extortion demand into bounty for info on attackers; The largest cryptocurrency exchange in the U.S. said cybercriminals bribed insiders to steal data on customers, some of whom were duped into handing over crypto assets.• Coinbase says customers' personal information stolen in data breach• Insider Bribes Behind Coinbase Hack Exposing Customer Data• Coinbase responds to USD 400 million insider threat attack | Cyber Intelligence Briefing: 16 May 2025Weather. 28 dead, half a million without power as deadly storms, tornadoes sweep across central, eastern US. At least 28 people have died and dozens more were injured after a devastating wave of severe weather swept across the central United States late Friday into Saturday, leaving a trail of catastrophic destruction. Large tornadoes have been reported in Missouri, Kentucky, Illinois and Indiana with hard-hit southeastern Kentucky reporting a majority of the fatalities. According to Kentucky Governor Andy Beshear, there were 18 confirmed deaths in the state connected to the severe weather. The fatalities include 17 people in Laurel County and one in Pulaski County. Quick Hits: • FBI PSA: Senior US Officials Impersonated in Malicious Messaging Campaign• FBI PSA: Impersonation Scheme Targeting Middle Eastern Students in the United States• Update to How CISA Shares Cyber-Related Alerts and Notifications• Securing Critical Infrastructure: GitGuardian Partners with ONE-ISAC to Protect Oil & Natural Energy Operations• AMWA throws support behind CISA reauthorization• Major Crypto Firms Spending Millions on Personal Security• Crypto elite increasingly worried about their personal safety• France Launches Crypto Security Measures After Targeted Kidnapping Surge• The US hasn't seen a human bird flu case in 3 months
The Institute of Internal Auditors Presents: All Things Internal Audit Tech In this episode, Charles King talks with Debbie Lew about the transformative role of artificial intelligence in internal auditing. They discuss the integration of AI tools like Copilot, the importance of prompt writing, and how AI is enhancing audit processes. The conversation also covers training strategies, real-world applications, and the impact of AI on stakeholder engagement. HOST: Charles King, CIA, CPA, CFE, CIPP Partner, AI in Internal Controls Leader, KPMG US GUEST: Debbie Lew, CISA, CRISC, CHIAP Senior Vice President and Chief Audit Executive, Kaiser Permanente Key Points: Introduction [00:00-00:38] Inside Kaiser Permanente's Internal Audit Team [00:39-02:14] AI Adoption at Kaiser Permanente [02:15-03:21] Prompt Writing as a Core Skill [03:22-04:10] Guidance Manuals and Prompt Libraries [04:11-05:02] Building AI Agents to Support Audits [05:03-05:51] Training, Communication, and Driving Adoption [05:52-07:23] Innovative Applications of GenAI in Audit [07:24-08:28] Inspiring a Tech-Forward Culture [08:29-10:06] Final Thoughts [10:07-10:31] IIA Related Content: Interested in this topic? Visit the links below for more resources. 2025 International Conference Knowledge Centers: Artificial Intelligence Auditing the Cybersecurity Program Certificate Cybersecurity Topical Requirement “Undercover AI,” Internal Auditor Magazine The IIA's Updated AI Auditing Framework Visit The IIA's website or YouTube channel for related topics and more. Follow All Things Internal Audit: Apple Podcasts Spotify Libsyn Deezer
Cyber attacks against public safety agencies are rising, with 324 confirmed globally in 2024, including 25 complete system shutdowns. The Public Safety Threat Alliance, established by Motorola Solutions, is a cyber threat Information Sharing and Analysis Organization (ISAO) recognized by CISA that provides actionable intelligence to public safety agencies across the globe to improve their resilience and defense capabilities. Membership in the PSTA is open to all public safety agencies, and there is no cost to join for public sector organizations. In this episode of the Policing Matters podcast, part of a special report from Motorola Solutions Summit 2025, host Jim Dudley speaks with William DeCoste, STARS Program Manager and Telecommunications Engineer Manager with the Virginia State Police Communications Division and Jay Kaine, the Director of Threat Intelligence at Motorola Solutions. They tackle the direct effect cyber attacks can have on public safety agencies and the collaborative efforts underway to combat them. About our sponsor This episode of the Policing Matters podcast is sponsored by Motorola Solutions.
This week on Caveat, Dave and Ben welcome back N2K's own Ethan Cook for our latest policy deep dive segment. As a trusted expert in law, privacy, and surveillance, Ethan is joining the show regularly to provide in-depth analysis on the latest policy developments shaping the cybersecurity and legal landscape. While this show covers legal topics, and Ben is a lawyer, the views expressed do not constitute legal advice. For official legal advice on any of the topics we cover, please contact your attorney. Please take a moment to fill out an audience survey! Let us know how we are doing! Policy Deep Dive In this Caveat Policy Deep Dive, our conversation and analysis revolve around critical infrastructure policy. Throughout this conversation, we break down how critical infrastructure policy has evolved over the past fifteen years and what policies have been behind some of these advancements. Some key topics focused on during this conversation center on some of the centralization of infrastructure management policies, the creation of CISA, and how the second Trump administration is changing the federal government's approach when managing critical infrastructure. Get the weekly Caveat Briefing delivered to your inbox. Like what you heard? Be sure to check out and subscribe to our Caveat Briefing, a weekly newsletter available exclusively to N2K Pro members on N2K CyberWire's website. N2K Pro members receive our Thursday wrap-up covering the latest in privacy, policy, and research news, including incidents, techniques, compliance, trends, and more. This week's Caveat Briefing a new bill that is gaining traction in Congress where Senators Merkley and Kennedy are looking to limit the TSA's facial scanning program. This law comes after the DHS announced an audit regarding how the TSA has used this technology. Curious about the details? Head over to the Caveat Briefing for the full scoop and additional compelling stories. Got a question you'd like us to answer on our show? You can send your audio file to caveat@thecyberwire.com. Hope to hear from you. Learn more about your ad choices. Visit megaphone.fm/adchoices
Steel producer disrupted by cyberattack European Vulnerability Database (EUVD) is online CISA pauses advisory overhaul Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines.
A busy Patch Tuesday. Investigators discover undocumented communications devices inside Chinese-made power inverters. A newly discovered Branch Privilege Injection flaw affects Intel CPUs. A UK retailer may claim up to £100mn from its cyber insurers after a major cyberattack. A Kosovo national has been extradited to the U.S. for allegedly running an illegal online marketplace. CISA will continue alerts on its website following industry backlash. On our Industry Voices segment, Neil Hare-Brown, CEO at STORM Guidance, discusses Cyber Incident Response (CIR) retainer service provision. Shoring up the future of the CVE program. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today's Industry Voices segment, we are joined by Neil Hare-Brown, CEO at STORM Guidance, discussing Cyber Incident Response (CIR) retainer service provision. You can learn more here. Selected Reading Microsoft Patch Tuesday security updates for May 2025 fixed 5 actively exploited zero-days (Security Affairs) SAP patches second zero-day flaw exploited in recent attacks (Bleeping Computer) Ivanti fixes EPMM zero-days chained in code execution attacks (Bleeping Computer) Fortinet fixes critical zero-day exploited in FortiVoice attacks (Bleeping Computer) Vulnerabilities Patched by Juniper, VMware and Zoom (SecurityWeek) ICS Patch Tuesday: Vulnerabilities Addressed by Siemens, Schneider, Phoenix Contact (SecurityWeek) Adobe Patches Big Batch of Critical-Severity Software Flaws (SecurityWeek) Ghost in the machine? Rogue communication devices found in Chinese inverters (Reuters) New Intel CPU flaws leak sensitive data from privileged memory (Bleeping Computer) M&S cyber insurance payout to be worth up to £100mn (Financial Times) US extradites Kosovo national charged in operating illegal online marketplace (The Record) CISA Planned to Kill .Gov Alerts. Then It Reversed Course. (Data BreachToday) CVE Foundation eyes year-end launch following 11th-hour rescue of MITRE program (CyberScoop) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.Since March 2025, Volexity has tracked an escalation in sophisticated phishing campaigns executed by two suspected Russian threat actors, UTA0352 and UTA0355, targeting the Microsoft 365 accounts of individuals connected to Ukraine and human rights organizations. A recent security assessment by watchTowr uncovered a pre-authenticated Remote Code Execution (RCE) vulnerability in Commvault's on-premise Backup and Recovery solution (Innovation Release 11.38.20). CISA has added two SonicWall vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, indicating an escalation in exploitation activity against the vendor's SMA series of secure remote access appliances. Bot traffic has overtaken legitimate human use on the internet, with the latest data showing that automated traffic now accounts for 51% of all internet activity—of which 37% is classified as malicious.
House Republicans look to limit state regulation of AI. Spain investigates potential cybersecurity weak links in the April 28 power grid collapse. A major security flaw has been found in ASUS mainboards' automatic update system. A new macOS info-stealing malware uses PyInstaller to evade detection. The U.S. charges 14 North Korean nationals in a remote IT job scheme. Europe's cybersecurity agency launches the European Vulnerability Database. CISA pares back website security alerts. Moldovan authorities arrest a suspect in DoppelPaymer ransomware attacks. On today's Threat Vector segment, David Moulton speaks with Noelle Russell, CEO of the AI Leadership Institute, about how to scale responsible AI in the enterprise. Dave & Buster's invites vanish into the void. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector Recorded Live at the Canopy Hotel during the RSAC Conference in San Francisco, David Moulton speaks with Noelle Russell, CEO of the AI Leadership Institute and a leading voice in responsible AI on this Threat Vector segment. Drawing from her new book Scaling Responsible AI, Noelle explains why early-stage AI projects must move beyond hype to operational maturity—addressing accuracy, fairness, and security as foundational pillars. Together, they explore how generative AI models introduce new risks, how red teaming helps organizations prepare, and how to embed responsible practices into AI systems. You can hear David and Noelle's full discussion on Threat Vector here and catch new episodes every Thursday on your favorite podcast app. Selected Reading Republicans Try to Cram Ban on AI Regulation Into Budget Reconciliation Bill (404 Media) Spain investigates cyber weaknesses in blackout probe (The Financial Times) Critical Security flaw in ASUS mainboard update system (Beyond Machines) Hackers Exploiting PyInstaller to Deploy Undetectable macOS Infostealer (Cybersecurity News) Researchers Uncover Remote IT Job Fraud Scheme Involving North Korean Nationals (GB Hackers) European Vulnerability Database Launches Amid US CVE Chaos (Infosecurity Magazine) Apple Security Update: Multiple Vulnerabilities in macOS & iOS Patched (Cybersecurity News) CISA changes vulnerabilities updates, shifts to X and emails (The Register) Suspected DoppelPaymer Ransomware Group Member Arrested (Security Week) Cracking The Dave & Buster's Anomaly (Rambo.Codes) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Vaccination is one of the best ways to prevent diseases. Over the past 50 years, essential vaccines saved at least 154 million lives (1). During the same period, vaccination has reduced infant deaths by 40%. Together with governments, vaccine manufacturers, scientists and medical experts, WHO's vaccine safety program is constantly helping monitor the safety of vaccines. This helps ensure that vaccines are safe for you and your family. In the United States, a number of safeguards are required by law to help ensure that the vaccines we receive are safe. Because vaccines are given to millions of healthy people—including children—to prevent serious diseases, they're held to very high safety standards. Every authorized or approved vaccine goes through safety testing, including: Testing and evaluation of the vaccine before it's licensed by the Food and Drug Administration (FDA) and recommended for use by the Centers for Disease Control and Prevention (CDC) Monitoring the vaccine's safety after it is recommended for infants, children, or adults Before a vaccine is ever recommended for use, it's tested in labs. This process can take several years. FDA uses the information from these tests to decide whether to test the vaccine with people. During a clinical trial, a vaccine is tested on people who volunteer to get vaccinated. Clinical trials usually start with 20 to 100 volunteers, but eventually include thousands of volunteers. These tests can take several years and answer important questions like: Is the vaccine safe? What dose (amount) works best? How does the immune system react to it? Throughout the process, FDA works closely with the company producing the vaccine to evaluate the vaccine's safety and effectiveness. All safety concerns must be addressed before FDA licenses or authorizes a vaccine. Once a vaccine is approved or authorized, it continues to be tested. The company that makes the vaccine tests batches to make sure the vaccine is: Potent (It works like it's supposed to) Pure (Certain ingredients used during production have been removed) Sterile (It doesn't have any outside germs) FDA reviews the results of these tests and inspects the factories where the vaccine is made. This helps make sure the vaccines meet standards for both quality and safety. Once a vaccine is recommended for use, FDA, CDC, and other federal agencies continue to monitor its safety. The United States has one of the most advanced systems in the world for tracking vaccine safety. Each of the systems below supplies a different type of data for researchers to analyze. Together, they help provide a full picture of vaccine safety. Vaccine Adverse Events Reporting System (VAERS): VAERS is an early warning system managed by CDC and FDA that is designed to find possible vaccine safety issues. Patients, health care professionals, vaccine companies, and others can use VAERS to report side effects that happen after a patient received a vaccine. Some side effects might be related to vaccination while others might be a coincidence (happen by chance). VAERS helps track unusual or unexpected patterns of reporting that could mean there's a possible vaccine safety issue that needs further evaluation. The Vaccine Safety Datalink (VSD): VSD is a collaboration between CDC and several health care organizations across the nation. VSD uses databases of medical records to track vaccine safety and do research in large populations. By using medical records instead of self-reports, VSD can quickly study and compare data to find out if reported side effects are linked to a vaccine. Post-licensure Rapid Immunization Safety Monitoring System (PRISM), links to an external website, opens in a new tab: PRISM is part of the Sentinel Initiative, which is FDA's national system for monitoring medical products after they're licensed for use. PRISM focuses on vaccine safety—it uses a database of health insurance claims to identify and evaluate possible safety issues for licensed vaccines. Clinical Immunization Safety Assessment Project (CISA): CISA is a collaboration between CDC and a national network of vaccine safety experts from medical research centers. CISA does clinical vaccine safety research and—at the request of providers—evaluates complex cases of possible vaccine side effects in specific patients. Biologics Effectiveness and Safety (BEST) System: A system that uses multiple data sources and rapid queries to detect or evaluate adverse events or study specific safety questions. Additional research and testing: The Department of Defense (DoD), the U.S. Department of Veterans Affairs (VA), and the Indian Health Service (IHS) have systems to monitor vaccine safety and do vaccine safety research. The National Institutes of Health (NIH) and the Office of Infectious Disease and HIV/AIDS Policy (OIDP) also support ongoing research on vaccines and vaccine safety. During emergencies, such as the COVID-19 pandemic, additional safety activities are utilized to help evaluate the data in quickly and with special populations. For example, a new smartphone tool called V-safe uses text messaging and surveys to check in with COVID-19 vaccine recipients after vaccination. (CREDITS)
Remote work is driving a significant startup boom, reshaping the IT services market. A recent study indicates that companies with higher levels of remote work during the COVID-19 pandemic have seen a notable increase in employee startups, with an estimated 11.6% of new business formations attributed to this trend. Despite major corporations reinstating return-to-office mandates, remote work adoption in the U.S. has risen from 19.9% in late 2022 to 23.6% in early 2025, highlighting a growing demand for tools and services that support distributed teams. This shift presents both opportunities and challenges for employers, as they risk losing key talent to new ventures while also facing higher employee attrition rates.The insurance industry is beginning to address the risks associated with artificial intelligence (AI) by offering new products to cover potential losses from AI-related errors. Lloyds of London has introduced a policy that protects businesses from legal claims arising from malfunctioning AI systems, reflecting a growing recognition of AI as an operational risk. This development raises important questions about accountability and liability when AI systems fail, as seen in recent incidents involving customer service chatbots. As insurers start to underwrite AI risks, companies must adapt their service level agreements and governance structures to meet new requirements.The Cybersecurity and Infrastructure Security Agency (CISA) has announced a significant change in how it shares information, focusing on urgent alerts related to emerging threats while reducing routine updates. This shift, coupled with budget cuts that could reduce CISA's funding by 17%, raises concerns about the agency's capacity to respond to increasing cyber threats. IT services firms and cybersecurity vendors must adapt to this new landscape, as the responsibility for threat detection and response shifts more towards the private sector. Organizations that previously relied on CISA for support may find themselves facing increased operational risks due to reduced visibility and slower response times.In a related development, Microsoft has extended support for its Office applications on Windows 10 until October 2028, allowing users more time to transition to Windows 11. This decision reflects a broader trend in the technology sector, where companies are adapting their support strategies to meet user needs. By decoupling the upgrade cycles for Windows and Office, Microsoft acknowledges the resistance to forced upgrades and the importance of maintaining enterprise customer relationships. This extension provides IT service providers with additional time for operational planning while emphasizing the ongoing need for modernization in the long term. Four things to know today 00:00 Remote Work Fuels Startup Surge, Alters IT Talent Strategies Amid Growing Demand for Flexibility05:07 From Chatbot Lawsuits to Pontifical Warnings: AI Errors Now Seen as Business and Social Risk07:57 CISA Alert Shift and Budget Cuts Signal Rising Cybersecurity Burden for Private Sector10:08 Office Gets a Lifeline on Windows 10: Microsoft Decouples OS and App Upgrades Through 2028 Supported by: https://syncromsp.com/ All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech
Forecast = Expect scattered AI layoffs, a flurry of bogus bug bounties, and a persistent workforce drought-so keep your firewalls up and your résumés handy! On this episode of GreyNoise Storm⚡️Watch, we kick things off with our usual round of introductions before diving into the latest cyber weather and threat landscape. If you're new here, Storm⚡️Watch is where we break down what's moving the needle in cybersecurity, spotlighting the people, tools, and trends shaping the field. For today's poll, we're feeling nostalgic and asking: What do you miss most from the Slow Internet days? Whether it's the wild west of Myspace, the quirky chaos of Fark, the creative playground of Wattpad, or the endless flash animations on Albino Blacksheep, we want to know what old-school internet experience you'd revive if you could. We're also talking about the pitfalls of AI in bug bounty programs. The open-source project curl has had enough of users flooding them with AI-generated “slop” vulnerabilities that waste maintainers' time and don't actually move security forward. It's a reminder that, despite the hype, AI isn't a silver bullet for finding real bugs and can actually create more noise than signal. Speaking of AI, the conversation shifts to how major companies are reshaping their workforce in the name of artificial intelligence. CrowdStrike just announced it's cutting 5% of its jobs, citing AI-driven restructuring and the need for efficiency. It's not just CrowdStrike-Duolingo is pushing AI into every corner of its product and workflow, with leadership urging engineers to “start with AI for every task,” even as they admit the tech is still error-prone and often less effective than human effort. The end result? Workers are being asked to manage and troubleshoot clumsy AI tools instead of using their expertise, and users are left with content that's sometimes flat-out wrong or just less engaging than before. But while AI is shaking up tech jobs, the cybersecurity workforce shortage isn't going away. The PIVOTT Act has been revived in Congress to address the growing gap, offering full scholarships for two-year degrees in cyber fields in exchange for government service. It's aimed at making it easier for people to pivot into cyber careers, especially as professionals in other sectors worry about AI-driven job cuts. The Act is being administered by CISA and is designed to streamline the path into government cyber roles, including those requiring security clearances. As always, we spotlight some of the latest developments from Censys, VulnCheck, runZero, and GreyNoise; then wrap up with some quick goodbyes and reminders to check out the latest from all our partners and contributors. Thanks for tuning in to Storm⚡️Watch-where the only thing moving faster than the threats is the conversation. Storm Watch Homepage >> Learn more about GreyNoise >>
On this week's Security Sprint, Dave and Andy covered the following topics:Warm Open:• ICYMI: REGISTER NOW! WaterISAC's 2025 H2OSecCon! (20 May) From cybersecurity to climate resilience, operational continuity to public trust, we must collaborate across sectors to build smarter, stronger, and more adaptive systems. That's why we're inviting leaders like you to join the WaterISAC's 2025 H2OSecCon. Connect with peers and leaders committed to enhancing the resilience of our nation's critical systems.Main Topics:Ransomware & Data Breaches: • Monday was Anti-Ransomware Day 2025! What a great time to invest in ransomware resilience! Contact Gate 15 today to get to work building your Cyber Incident Response Plan and ransomware procedures, to start planning your next ransomware workshop or tabletop exercise, to plan for post-incident analysis or to take advantage of our new very price-friendly ransomware exercise for executives – designed especially for small and medium businesses! • Explore the latest cyber risks and claims trends from Coalition. LockBit ransomware gang hacked, victim negotiations exposed• Reminder! Criminals lie and NEVER DELETE YOUR DATA! School boards hit with ransom demands linked to PowerSchool cyberattack• M&S 'had no plan' for cyber attacks, insider claims, with 'staff left sleeping in the office amid paranoia and chaos' • The Very Real Costs of Ransomware: IT warning after hackers close 160-year-old firm. Extremism:• Ohio Man Charged with Threatening State Public Officials • Texas Man Convicted of Making Threats to Kill Nashville District Attorney Glenn Funk • FBI has opened 250 investigations tied to violent online network '764' that preys on teens, top official says• Teenage Terrorists Are a Growing Threat to Europe's SecurityUSG Transitions• Trump's 2026 budget proposes $163 billion cut to non-defense spending, slashes CISA and FEMA funding• White House Proposes $500 Million Cut to CISA• Hegseth orders Pentagon to cut number of senior generals by 20%• Lawmakers question Noem over cuts to CISA, FEMA, TSA• Lawmakers grill Noem over CISA funding cuts, demand Trump cyber plan• NSA to cut up to 2,000 civilian roles as part of intel community downsizing• NIST loses key cyber experts in standards and researchIndia strikes Pakistan over tourist killings, Pakistan says it will retaliate• Kashmir crisis live: Pakistan PM authorises armed forces to undertake ‘corresponding action' after India strikes kill 26• Pakistan vows to respond after India launches strikes in wake of Kashmir massacre• Pakistan claims to have downed Indian warplanes, vows response to strikes• China urges restraint as India-Pakistan tensions escalate with military strikes• A Timeline of Tensions Between India and Pakistan Over Kashmir• India, Pakistan accuse each other of attacks as hostilities rise• AlQaeda Statement On Indian Strikes In PakistanQuick Hits:• Crypto millionaires targeted in brutal kidnappings across France and Europe; Attackers' modus operandi: cutting off victims' fingers to pressure payments. • The father of a cryptocurrency entrepreneur was kidnapped in Paris and found held captive with his finger severed. (article in French)• Assessing the U.S. Climate in April 2025Assessing the U.S. Climate in April 2025• FBI PSA - Cyber Criminal Proxy Services Exploiting End of Life Routers• FBI FLASH: Cyber Criminal Services Target End-of-Life Routers to Launch Attacks and Hide Their Activities (PDF)• Risky Bulletin: France says Russian influence operations are getting better, achieving results• Unsophisticated Cyber Actor(s) Targeting Operational Technology • Primary Mitigations to Reduce Cyber Threats to Operational Technology• US Warns of Hackers Targeting ICS/SCADA at Oil and Gas Organizations• Primary Mitigations to Reduce Cyber Threats to Operational Technology• UK NCSC: UK pioneering global move away from passwords• Classic Rock - Hunting A Botnet That Preys On The Old
Podcast: Nexus: A Claroty Podcast (LS 32 · TOP 5% what is this?)Episode: Danielle Jablanski on Critical Infrastructure ProtectionPub date: 2025-05-11Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationDanielle Jablanski, Industrial Control Systems Strategist & Subject Matter Expert at CISA, joins the Nexus podcast to discuss her perspectives on critical infrastructure protection and government's role as a cybersecurity partner on implementation guidance and enablement. Danielle touches on a number of areas of CI security and protection, ranging from the challenges arising from the high percentage of private sector ownership of critical infrastructure, to the assistance available from CISA and other agencies to lesser-resourced entities in the 16 CI sectors. Listen and subscribe to the Nexus Podcast on your favorite platform.The podcast and artwork embedded on this page are from Claroty, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
The Institute of Internal Auditors Presents: All Things Internal Audit Tech In this episode, George Barham talks with Mike Callino about how agile methodologies and artificial intelligence are transforming internal audit functions. Mike shares practical insights on implementing agile auditing, the challenges and benefits of this approach, and how AI is being used throughout the audit lifecycle. HOST:George Barham, CIA, CISA, CRMA Director, Standards & Professional Guidance, The IIA GUEST:Mike Callino, CIA, CISA Senior Director, Internal Audit, Braze Key Points Introduction [00:00-00:00:27] Defining Agile Auditing [00:00:28-00:01:12] Applying Agile in Practice [00:01:13-00:03:03] Metrics for Agile Success [00:03:04-00:04:15] How Agile Auditing Has Evolved [00:04:16-00:06:06] Getting Started with Agile [00:06:07-00:07:28] Roles and Responsibilities in Agile [00:07:29-00:09:12] Measuring Agile Success [00:09:13-00:10:04] Training for Agile Adoption [00:10:05-00:11:20] AI Use Cases in the Audit Lifecycle [00:11:21-00:14:51] Common Misconceptions About Agile [00:14:52-00:16:12] The Future of Agile and AI in Auditing [00:16:13-00:18:48] IIA Related Content: Interested in this topic? Visit the links below for more resources: 2025 International Conference Agile Auditing Course Building a Better Auditor: Embracing Agile Audit Agile Auditing: Transforming the Internal Audit Process. Debunking Agile Myths Visit The IIA's website or YouTube channel for related topics and more. Follow All Things Internal Audit: Apple PodcastsSpotify LibsynDeezer
A major student engagement platform falls victim to the ClickFix social engineering attack. Google settles privacy allegations with Texas for over one point three billion dollars. Stores across the UK face empty shelves due to an ongoing cyberattack. Ascension Health reports that over 437,000 patients were affected by a third-party data breach. A critical zero-day vulnerability in SAP NetWeaver is being actively exploited. Researchers uncover two major cybersecurity threats targeting IT admins and cloud systems. U.S. prosecutors charge three Russians and one Kazakhstani in connection with the takedown of two major botnets. A new tool disables Microsoft Defender by tricking Windows into thinking a legitimate antivirus is installed. Tim Starks, Senior Reporter from CyberScoop, discusses congressional reactions to White House budget cut proposals for CISA. Fair use faces limits in generative AI. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest We welcome back Tim Starks, Senior Reporter from CyberScoop, discussing congressional reactions to White House budget cut proposals for CISA. You can find background information in these articles: House appropriators have reservations — or worse — about proposed CISA cuts Sen. Murphy: Trump administration has ‘illegally gutted funding for cybersecurity' Selected Reading iClicker website compromised with fake ClickFix CAPTCHA installing malware (BeyondMachines.net) Google Agrees to $1.3 Billion Settlement in Texas Privacy Lawsuits (SecurityWeek) Fears 'hackers still in the system' leave Co-op shelves running empty across UK (The Record) 437,000 Impacted by Ascension Health Data Breach (SecurityWeek) SAP NetWeaver Vulnerability Exploited in Wild by Chinese Hackers (Cyber Security News) New SEO Poisoning Campaign Targeting IT Admins With Malware (Hackread) Three Russians, one Kazakhstani charged in takedown of Anyproxy and 5socks botnets (The Record) Defendnot — A New Tool That Disables Windows Defender by Posing as an Antivirus Solution (Cyber Security News) Five Takeaways from the Copyright Office's Controversial New AI Report (Copyright Lately) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Take a Network Break! We start with follow-up from a listener on the best way to listen to our podcast that helps the most. The answer? Any listen on any platform helps. Even better is to tell a friend! We discuss two critical security issues. First, CISA adds active exploits against known SonicWall vulnerabilities to... Read more »
Take a Network Break! We start with follow-up from a listener on the best way to listen to our podcast that helps the most. The answer? Any listen on any platform helps. Even better is to tell a friend! We discuss two critical security issues. First, CISA adds active exploits against known SonicWall vulnerabilities to... Read more »
Take a Network Break! We start with follow-up from a listener on the best way to listen to our podcast that helps the most. The answer? Any listen on any platform helps. Even better is to tell a friend! We discuss two critical security issues. First, CISA adds active exploits against known SonicWall vulnerabilities to... Read more »
Danielle Jablanski, Industrial Control Systems Strategist & Subject Matter Expert at CISA, joins the Nexus podcast to discuss her perspectives on critical infrastructure protection and government's role as a cybersecurity partner on implementation guidance and enablement. Danielle touches on a number of areas of CI security and protection, ranging from the challenges arising from the high percentage of private sector ownership of critical infrastructure, to the assistance available from CISA and other agencies to lesser-resourced entities in the 16 CI sectors. Listen and subscribe to the Nexus Podcast on your favorite platform.
Link to episode page This week's Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Dan Holden, CISO, BigCommerce Thanks to our show sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. All links and the video of this episode can be found on CISO Series.com
This week, Ben and Dave tackle two major policy stories making headlines. Ben unpacks the Fourth Circuit's long-awaited ruling in United States v. Chatrie, where the court failed to reach a majority decision on whether geofence warrants violate the Fourth Amendment. Instead, the panel affirmed the lower court's decision based solely on the good-faith exception, leaving key constitutional questions unanswered. Then, Dave covers the latest twist in the Epic Games v. Apple saga: a federal judge ruled that Apple willfully defied a court order to open up iOS app payment options—referring the company and a senior executive for potential criminal investigation. While this show covers legal topics, and Ben is a lawyer, the views expressed do not constitute legal advice. For official legal advice on any of the topics we cover, please contact your attorney. Please take a moment to fill out an audience survey! Let us know how we are doing! Links related to our show this week: The Fourth Circuit's Geofencing Case Ends Not With a Bang But A Whimper Apple violated court's order to loosen app store rules, judge says Get the weekly Caveat Briefing delivered to your inbox. Like what you heard? Be sure to check out and subscribe to our Caveat Briefing, a weekly newsletter available exclusively to N2K Pro members on N2K CyberWire's website. N2K Pro members receive our Thursday wrap-up covering the latest in privacy, policy, and research news, including incidents, techniques, compliance, trends, and more. This week's Caveat Briefing covers the story of how a proposed bipartisan U.S. law aims to crack down on semiconductor chip smuggling by mandating location-tracking technology, while President Trump's 2026 budget proposes major cuts to CISA's cybersecurity efforts, signaling shifting federal priorities amid growing concerns over national security and tech competition with China. Curious about the details? Head over to the Caveat Briefing for the full scoop and additional compelling stories. Got a question you'd like us to answer on our show? You can send your audio file to caveat@thecyberwire.com. Hope to hear from you. Learn more about your ad choices. Visit megaphone.fm/adchoices
A jury orders NSO Group to pay $167 millions dollars to Meta over spyware allegations. CISA warns of hacktivists targeting U.S. ICS and SCADA systems. Researcher Micah Lee documents serious privacy risks in the TM SGNL app used by high level Trump officials. The NSA plans significant workforce cuts. Nations look for alternatives to U.S. cloud providers. A medical device provider discloses a cyberattack disrupting its ability to ship customer orders. The Panda Shop smishing kit impersonates trusted brands. Accenture's CFO thwarts a deepfake attempt. Our temporary intern Kevin Magee from Microsoft wraps up his reporting from the RSAC show floor. Server room shenanigans, with romance, retaliation, and root access. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Wrapping up RSAC 2025, we're joined by our partner Kevin Magee, Global Director of Cybersecurity Startups at Microsoft for Startups. Kevin brings the energy with a high-octane medley of interviews directly from the show floor, featuring sharp insights and bold ideas from some of cybersecurity's most influential voices. It's the perfect, fast-paced finale to our RSAC coverage—check out the show notes for links to all the guests featured! In this segment, you'll hear from Eoin Wickens, Director of Threat Intelligence of HiddenLayer, Jordan Shaw-Young, Chief of Staff for Security Services at BlueVoyant, Gil Barak, co-founder and CEO of Blink Ops, and Paul St Vil, VP of Field Engineering at Zenity. You can also catch Kevin on our Microsoft for Startups Spotlight, brought to you by N2K CyberWire and Microsoft, where we shine a light on innovation, ambition, and the tech trailblazers building the future right from the startup trenches. Kevin and Dave talk with startup veteran and Cygenta co-founder FC about making the leap from hacker to entrepreneur, then speak with three Microsoft for Startups members: Matthew Chiodi of Cerby, Travis Howerton of RegScale, and Karl Mattson of Endor Labs. Whether you are building your own startup or just love a good innovation story, listen and learn more here. Selected Reading Spyware-maker NSO ordered to pay $167 million for hacking WhatsApp (The Washington Post) CISA Warns of Hackers Attacking ICS/SCADA Systems in Oil and Natural Gas Companies (Cyber Security News) Despite misleading marketing, Israeli company TeleMessage, used by Trump officials, can access plaintext chat logs (Micha Flee) NSA to cut up to 2,000 civilian roles as part of intel community downsizing' (The Record) NIST loses key cyber experts in standards and research (Cybersecurity Dive) A coherent European/non-US cloud strategy: building railroads for the cloud economy (Bert Hubert) Medical device giant Masimo says cyberattack is limiting ability to fill customer orders (The Record) New Chinese Smishing Kit Dubbed 'Panda Shop' Steal Google, Apple Pay & Credit Card Details (Cyber Security News) Accenture: What we learned when our CEO got deepfaked (Computing) IT Worker from Computacenter Let Girlfriend Into Deutsche Bank's Restricted Areas (GB Hackers) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Python InfoStealer with Embedded Phishing Webserver Didier found an interesting infostealer that, in addition to implementing typical infostealer functionality, includes a web server suitable to create local phishing sites. https://isc.sans.edu/diary/Python%20InfoStealer%20with%20Embedded%20Phishing%20Webserver/31924 Android Update Fixes Freetype 0-Day Google released its monthly Android update. As part of the update, it patched a vulnerability in Freetype that is already being exploited. Android is not alone in using Freetype. Freetype is a very commonly used library to parse fonts like Truetype fonts. https://source.android.com/docs/security/bulletin/2025-05-01 CISA Warns of Unsophistacted Cyber Actors CISA released an interesting title report warning operators of operational technology networks of ubiquitous attacks by unsophisticated actors. It emphasizes how important it is to not forget basic security measures to defend against these attacks. https://www.cisa.gov/news-events/alerts/2025/05/06/unsophisticated-cyber-actors-targeting-operational-technology
On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news: White House's off-brand Israeli Signal fork logs cleartext messages with hard coded creds while getting hacked (twice). Just … Wow. Ransomware attacks on UK retailers are linked, and Marks & Spencer has it extra bad After six years dormant, a Magento eCommerce platform backdoor comes to life The North Korean IT worker scam is truly webscale NSO group owes Meta $168m for hacking WhatsApp This week's episode is sponsored by vulnerability management wranglers, Nucleus Security. Aaron Unterberger joins to talk through the complexities of tracking vulnerabilities in cloud components - left to the source, right to the deployments, and …sideways into the sidecars? This week's show also features an excerpt from Pat's interview with Senator Mark Warner - Scoot back one in your podcast feed to check out the full chat, or find it on Youtube. This episode is available on Youtube too. Show notes Mike Waltz Accidentally Reveals Obscure App the Government Is Using to Archive Signal Messages Despite misleading marketing, Israeli company TeleMessage, used by Trump officials, can access plaintext chat logs The Signal Clone the Trump Admin Uses Was Hacked App used by Mike Waltz suspends services after hacking claims Senator Demands Investigation into Trump Admin Signal Clone After 404 Media Investigation MG on X: "Looks like TeleMessage was probably procured and rolled out under Biden. There are public records for it. https://t.co/XCuZpi8PL3" / X Harrods becomes latest retailer to announce attempted cyberattack | The Record from Recorded Future News Co-op DragonForce cyber attack includes customer data, firm admits Co-op cyber attack: Staff told to keep cameras on in meetings Hundreds of e-commerce sites hacked in supply-chain attack - Ars Technica Microsoft's new “passwordless by default” is great but comes at a cost - Ars Technica Windows RDP lets you log in using revoked passwords. Microsoft is OK with that. - Ars Technica North Korean operatives have infiltrated hundreds of Fortune 500 companies | CyberScoop US wants to cut off key player in Southeast Asian cybercrime industry | The Record from Recorded Future News Myanmar militia leader sanctioned by US over cyber scam connections | The Record from Recorded Future News Trump proposes major cut to CISA's budget, citing false ‘censorship' claims | Cybersecurity Dive NSA to cut up to 2,000 civilian roles as part of intel community downsizing | The Record from Recorded Future News NSO Group owes $168M in damages to WhatsApp over spyware infections, jury says | CyberScoop
Congress challenges Noem over proposed CISA cuts Texas school district breach impacts over 47,000 people NSO Group to pay WhatsApp $167 million in damages Thanks to today's episode sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.
A critical flaw in a Samsung's CMS is being actively exploited. President Trump's proposed 2026 budget aims to slash funding for CISA. “ClickFix” malware targets both Windows and Linux systems through advanced social engineering. CISA warns of a critical Langflow vulnerability actively exploited in the wild. A new supply-chain attack targets Linux servers using malicious Go modules found on GitHub. The Venom Spider threat group targets HR professionals with fake resume submissions. The Luna Moth group escalates phishing attacks on U.S. legal and financial institutions. The U.S. Treasury aims to cut off a Cambodia-based money laundering operation. Our guest is Monzy Merza, Co-Founder and CEO of Crogl, discussing the CISO's conundrum in the face of AI. Malware, mouse ears, and mayhem: Disney hacker pleads guilty. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, we are joined by Monzy Merza, Co-Founder and CEO of Crogl, who is discussing the CISO's conundrum—the growing challenge of securing organizations in a world where AI rapidly expands both the number of users and potential adversaries.Selected Reading Samsung MagicINFO Vulnerability Exploited Days After PoC Publication (SecurityWeek) Trump would cut CISA budget by $491M amid ‘censorship' claim (The Register) New ClickFix Attack Mimics Ministry of Defense Website to Attack Windows & Linux Machines (Cyber Security News) Critical Vulnerability in AI Builder Langflow Under Attack (SecurityWeek) Linux wiper malware hidden in malicious Go modules on GitHub (Bleeping Computer) Malware scammers target HR professionals with Venom Spider malware (SC Media) Luna Moth extortion hackers pose as IT help desks to breach US firms (Bleeping Computer) US Readies Huione Group Ban Over Cybercrime Links (GovInfo Security) Hacker 'NullBulge' pleads guilty to stealing Disney's Slack data (Bleeping Computer) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
From elections to ransomware, CISA Director Jen Easterly breaks down the threats to America's critical infrastructure and what's being done to stop them, sharing along the way her journey from the real-life battlefield to the frontlines of cybersecurity. This is a rare glimpse into the most pressing threats America faces—and a compelling story about Director Easterly's own experience being targeted.. Learn more about your ad choices. Visit megaphone.fm/adchoices
Deepfake Porn Bots, Skype, dd, Venom Spider, CISA, IT Helpdesk, Rob Allen, and more on the Security Weekly News. Segment Resources: https://cybersecuritynews.com/cyber-security-company-ceo-arrested/ This segment is sponsored by ThreatLocker. Visit https://www.securityweekly.com/threatlocker to learn more about them! Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-474
As generative AI increasingly takes hold across the federal government, a class of that greater tech discipline called agentic AI is also gaining momentum. Think of it like an AI sidekick. Agentic AI moves beyond rules-based AI assistants of the past to act autonomously to accomplish something without the need for constant human intervention. According to Jonathan Alboum, federal CTO of ServiceNow and a former federal CIO at USDA, agentic AI holds massive potential for the future of the federal government, particularly amid the Trump administration's slashing of the federal workforce and placing a premium on efficiency. Alboum joins the podcast to discuss that, some exciting news from ServiceNow's Knowledge conference this week in Las Vegas and his thoughts on how federal CIOs are managing ongoing consolidation of federal IT programs. President Donald Trump's fiscal 2026 budget proposal would slash $491 million from the budget of the Cybersecurity and Infrastructure Security Agency, according to a summary released Friday. That would amount to a nearly 17% reduction to the agency's approximately $3 billion budget. The administration did not release a detailed itemization of the cuts, only an outline. “The Budget refocuses CISA on its core mission — Federal network defense and enhancing the security and resilience of critical infrastructure — while eliminating weaponization and waste,” a summary reads. In broad strokes, if approved by Congress, the budget would target for reduction what it identified as “so-called” disinformation and misinformation programs and offices; “duplicative” programs of other programs at the state and federal level; “external engagement offices such as international affairs”; and consolidate “redundant security advisors and programs.” A startup founder and Department of Government Efficiency associate named Sam Corcos is the new chief information officer of the Treasury Department, according to a person within the agency. Corcos was introduced with that title at a recent meeting for Treasury bureau chief information officers, the person added. Corcos, who most recently helped create a health company called Levels, had been representing DOGE in the Treasury Department, with the official title of special advisor. Corcos, who has appeared on Fox News with Treasury Secretary Scott Bessent, has said his top priority is looking at the operations and maintenance budget, as well as modernization, at the IRS. He's also sought access to government data and, according to Wired, was involved in an effort to organize an IRS hackathon. The Daily Scoop Podcast is available every Monday-Friday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast on Apple Podcasts, Soundcloud, Spotify and YouTube.
Judge Blasts Apple For Violating Antitrust Ruling Google's Sundar Pichai Calls US Remedies 'De Facto' Spinoff of Search - Slashdot Firefox could be doomed without Google search deal, says executive Visa Announces Plans to Give AI Agents Your Credit Card Information The Age of Realtime Deepfake Fraud Is Here The TAKE IT DOWN Act: A Flawed Attempt to Protect Victims That Will Lead to Censorship Congress Moving Forward On Unconstitutional Take It Down Act White House Slams Amazon After Report it Will Highlight Tariff Costs The Kickstarter you backed may soon ask for more money to cover Trump's tariffs Microsoft Raises Xbox Prices 20% as Tariffs Drive Up Cost of Development UPS will cut 20,000 jobs because fewer Amazon packages are coming Elon Musk's DOGE ties could get his companies out of $2 billion in potential liability President Trump's fiscal 2026 budget proposal suggests slashing $491M from CISA's ~$3B budget, claiming the cut "refocuses CISA on its core mission" Government Actually Threatens Wikipedia's Editorial Freedom; Self-Proclaimed Free Speech Warriors Suddenly Have Other Plans Mark Zuckerberg Sailed 5,300 Miles With Two Superyachts Only to Helicopter Up a Mountain and Ski Down in Billionaire Style - Sustainability Times Massive power outage in Spain, Portugal leaves millions in dark Wall Street Banks Sell Final Slug of Elon Musk's X Debt Elon Musk's SpaceX gets a company town in Texas Amazon deploys the first Project Kuiper internet satellites Researchers Secretly Ran a Massive, Unauthorized AI Persuasion Experiment on Reddit Users How Badly Did ChatGPT and Copilot Fail to Predict the Winners of the Kentucky Derby? - Slashdot Quantum message travels record distance over fiber optic network Photo appears to show Mike Waltz using Signal-like app that can archive messages Chinese university designed 'world's first silicon-free 2D GAAFET transistor,' claims new bismuth-based tech is both the fastest and lowest-power transistor yet The one interview question that will protect you from North Korean fake workers Host: Leo Laporte Guests: Owen Thomas, Iain Thomson, and Gary Rivlin Download or subscribe to This Week in Tech at https://twit.tv/shows/this-week-in-tech Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: canary.tools/twit - use code: TWIT outsystems.com/twit drata.com/weekintech coda.io/twit zscaler.com/security
Researchers uncover serious vulnerabilities in the Signal fork reportedly used by top government officials. CISA adds a second Commvault flaw to its Known Exploited Vulnerabilities catalog. xAI exposed a private API key on GitHub for nearly two months. FortiGuard uncovers a cyber-espionage campaign targeting critical national infrastructure in the Middle East. Threat brokers advertise a new SS7 zero-day exploit on cybercrime forums. The StealC info-stealer and malware loader gets an update. Passkeys blaze the trail to a passwordless future. On our Afternoon Cyber Tea segment with Ann Johnson, Ann speaks with Christina Morillo, Head of Information Security at the New York Giants. Cubism meets computing: the Z80 goes full Picasso. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.CyberWire GuestOn our Afternoon Cyber Tea segment with Ann Johnson, Ann speaks with Christina Morillo, Head of Information Security at New York Football Giants, as they discuss how she approaches cybersecurity with curiosity, business alignment, and strong collaboration across the NFL community. Selected Reading The Signal Clone the Trump Admin Uses Was Hacked (404 Media) Critical Commvault Vulnerability in Attacker Crosshairs (SecurityWeek) xAI Dev Leaked API Key on GitHub for Private SpaceX, Tesla & Twitter/X (Cyber Security News) FortiGuard Incident Response Team Detects Intrusion into Middle East Critical National Infrastructure (Fortinet) Hackers Selling SS7 0-Day Vulnerability on Hacker Froums for $5000 (Cyber Security News) StealC malware enhanced with stealth upgrades and data theft tools (Bleeping Computer) Sick of 15-character passwords? Microsoft is going password-less, starting now. (Mashable) Passkeys for Normal People (Troy Hunt) Single-Board Z80 Computer Draws Inspiration From Picasso (Hackaday) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Judge Blasts Apple For Violating Antitrust Ruling Google's Sundar Pichai Calls US Remedies 'De Facto' Spinoff of Search - Slashdot Firefox could be doomed without Google search deal, says executive Visa Announces Plans to Give AI Agents Your Credit Card Information The Age of Realtime Deepfake Fraud Is Here The TAKE IT DOWN Act: A Flawed Attempt to Protect Victims That Will Lead to Censorship Congress Moving Forward On Unconstitutional Take It Down Act White House Slams Amazon After Report it Will Highlight Tariff Costs The Kickstarter you backed may soon ask for more money to cover Trump's tariffs Microsoft Raises Xbox Prices 20% as Tariffs Drive Up Cost of Development UPS will cut 20,000 jobs because fewer Amazon packages are coming Elon Musk's DOGE ties could get his companies out of $2 billion in potential liability President Trump's fiscal 2026 budget proposal suggests slashing $491M from CISA's ~$3B budget, claiming the cut "refocuses CISA on its core mission" Government Actually Threatens Wikipedia's Editorial Freedom; Self-Proclaimed Free Speech Warriors Suddenly Have Other Plans Mark Zuckerberg Sailed 5,300 Miles With Two Superyachts Only to Helicopter Up a Mountain and Ski Down in Billionaire Style - Sustainability Times Massive power outage in Spain, Portugal leaves millions in dark Wall Street Banks Sell Final Slug of Elon Musk's X Debt Elon Musk's SpaceX gets a company town in Texas Amazon deploys the first Project Kuiper internet satellites Researchers Secretly Ran a Massive, Unauthorized AI Persuasion Experiment on Reddit Users How Badly Did ChatGPT and Copilot Fail to Predict the Winners of the Kentucky Derby? - Slashdot Quantum message travels record distance over fiber optic network Photo appears to show Mike Waltz using Signal-like app that can archive messages Chinese university designed 'world's first silicon-free 2D GAAFET transistor,' claims new bismuth-based tech is both the fastest and lowest-power transistor yet The one interview question that will protect you from North Korean fake workers Host: Leo Laporte Guests: Owen Thomas, Iain Thomson, and Gary Rivlin Download or subscribe to This Week in Tech at https://twit.tv/shows/this-week-in-tech Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: canary.tools/twit - use code: TWIT outsystems.com/twit drata.com/weekintech coda.io/twit zscaler.com/security
Judge Blasts Apple For Violating Antitrust Ruling Google's Sundar Pichai Calls US Remedies 'De Facto' Spinoff of Search - Slashdot Firefox could be doomed without Google search deal, says executive Visa Announces Plans to Give AI Agents Your Credit Card Information The Age of Realtime Deepfake Fraud Is Here The TAKE IT DOWN Act: A Flawed Attempt to Protect Victims That Will Lead to Censorship Congress Moving Forward On Unconstitutional Take It Down Act White House Slams Amazon After Report it Will Highlight Tariff Costs The Kickstarter you backed may soon ask for more money to cover Trump's tariffs Microsoft Raises Xbox Prices 20% as Tariffs Drive Up Cost of Development UPS will cut 20,000 jobs because fewer Amazon packages are coming Elon Musk's DOGE ties could get his companies out of $2 billion in potential liability President Trump's fiscal 2026 budget proposal suggests slashing $491M from CISA's ~$3B budget, claiming the cut "refocuses CISA on its core mission" Government Actually Threatens Wikipedia's Editorial Freedom; Self-Proclaimed Free Speech Warriors Suddenly Have Other Plans Mark Zuckerberg Sailed 5,300 Miles With Two Superyachts Only to Helicopter Up a Mountain and Ski Down in Billionaire Style - Sustainability Times Massive power outage in Spain, Portugal leaves millions in dark Wall Street Banks Sell Final Slug of Elon Musk's X Debt Elon Musk's SpaceX gets a company town in Texas Amazon deploys the first Project Kuiper internet satellites Researchers Secretly Ran a Massive, Unauthorized AI Persuasion Experiment on Reddit Users How Badly Did ChatGPT and Copilot Fail to Predict the Winners of the Kentucky Derby? - Slashdot Quantum message travels record distance over fiber optic network Photo appears to show Mike Waltz using Signal-like app that can archive messages Chinese university designed 'world's first silicon-free 2D GAAFET transistor,' claims new bismuth-based tech is both the fastest and lowest-power transistor yet The one interview question that will protect you from North Korean fake workers Host: Leo Laporte Guests: Owen Thomas, Iain Thomson, and Gary Rivlin Download or subscribe to This Week in Tech at https://twit.tv/shows/this-week-in-tech Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: canary.tools/twit - use code: TWIT outsystems.com/twit drata.com/weekintech coda.io/twit zscaler.com/security
Judge Blasts Apple For Violating Antitrust Ruling Google's Sundar Pichai Calls US Remedies 'De Facto' Spinoff of Search - Slashdot Firefox could be doomed without Google search deal, says executive Visa Announces Plans to Give AI Agents Your Credit Card Information The Age of Realtime Deepfake Fraud Is Here The TAKE IT DOWN Act: A Flawed Attempt to Protect Victims That Will Lead to Censorship Congress Moving Forward On Unconstitutional Take It Down Act White House Slams Amazon After Report it Will Highlight Tariff Costs The Kickstarter you backed may soon ask for more money to cover Trump's tariffs Microsoft Raises Xbox Prices 20% as Tariffs Drive Up Cost of Development UPS will cut 20,000 jobs because fewer Amazon packages are coming Elon Musk's DOGE ties could get his companies out of $2 billion in potential liability President Trump's fiscal 2026 budget proposal suggests slashing $491M from CISA's ~$3B budget, claiming the cut "refocuses CISA on its core mission" Government Actually Threatens Wikipedia's Editorial Freedom; Self-Proclaimed Free Speech Warriors Suddenly Have Other Plans Mark Zuckerberg Sailed 5,300 Miles With Two Superyachts Only to Helicopter Up a Mountain and Ski Down in Billionaire Style - Sustainability Times Massive power outage in Spain, Portugal leaves millions in dark Wall Street Banks Sell Final Slug of Elon Musk's X Debt Elon Musk's SpaceX gets a company town in Texas Amazon deploys the first Project Kuiper internet satellites Researchers Secretly Ran a Massive, Unauthorized AI Persuasion Experiment on Reddit Users How Badly Did ChatGPT and Copilot Fail to Predict the Winners of the Kentucky Derby? - Slashdot Quantum message travels record distance over fiber optic network Photo appears to show Mike Waltz using Signal-like app that can archive messages Chinese university designed 'world's first silicon-free 2D GAAFET transistor,' claims new bismuth-based tech is both the fastest and lowest-power transistor yet The one interview question that will protect you from North Korean fake workers Host: Leo Laporte Guests: Owen Thomas, Iain Thomson, and Gary Rivlin Download or subscribe to This Week in Tech at https://twit.tv/shows/this-week-in-tech Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: canary.tools/twit - use code: TWIT outsystems.com/twit drata.com/weekintech coda.io/twit zscaler.com/security
DHS Secretary Kristi Noem justifies budget cuts in her RSAC keynote. The EFF pens an open letter to Trump backing Chris Krebs. Scattered Spider is credited with the Marks & Spencer cyberattack. Researchers discover a critical flaw in Apple's AirPlay protocol. The latest CISA advisories. On our Industry Voices segment, we are joined by Neil Gad, Chief Product and Technology Officer at RealVNC, who is discussing a security-first approach in remote access software development. What do you call an AI chatbot that finished at the bottom of its class in med school? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, we are joined by Neil Gad, Chief Product and Technology Officer at RealVNC, who is discussing a security-first approach in remote access software development. Kevin on the Street Joining us this week from RSAC 2025, we have our partner Kevin Magee, Global Director of Cybersecurity Startups at Microsoft for Startups. Stay tuned to the CyberWire Daily podcast for “Kevin on the Street” updates on all things RSAC 2025 from Kevin all week. Today Kevin is joined by Ryan Lasmaili Co-Founder and CEO of Vaultree and Stan Golubchik CEO and co-founder of Contraforce, here are their conversations. You can also catch Kevin on our Microsoft for Startups Spotlight, brought to you by N2K CyberWire and Microsoft, where we shine a light on innovation, ambition, and the tech trailblazers building the future right from the startup trenches. Kevin and Dave talk with startup veteran and Cygenta co-founder FC about making the leap from hacker to entrepreneur, then speak with three Microsoft for Startups members: Matthew Chiodi of Cerby, Travis Howerton of RegScale, and Karl Mattson of Endor Labs. Whether you are building your own startup or just love a good innovation story, https://explore.thecyberwire.com/microsoft-for-startups. Selected Reading DHS Secretary Noem: CISA needs to get back to ‘core mission' (CyberScoop) Noem calls for reauthorization of cyberthreat information sharing law during RSA keynote (The Record) Cyber experts, Democrats urge Trump administration not to break up cyber coordination in State reorg (CyberScoop) Infosec pros rally against Trump's attack on Chris Krebs (The Register) Scattered Spider Suspected in Major M&S Cyberattack (Hackread) AirPlay Zero-Click RCE Vulnerability Enables Remote Device Takeover via Wi-Fi (Cyber Security News) CISA Adds One Known Exploited Vulnerability to Catalog (CISA) CISA Releases Three Industrial Control Systems Advisories (CISA) Instagram's AI Chatbots Lie About Being Licensed Therapists (404 Media) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news: British retail stalwart Marks & Spencer gets cybered South Korean telco sets out to replace all its subscriber SIMs after (we assume) it lost the keymat It's a good exploit week! Bugs in Apple Airplay, SAP webservers, Erlang SSH and CommVault backups Juice jacking! No, really! Some researchers actually did it (so still not in the wild, then) Anti-DOGE whistleblower sure sounds like he has a point This week's episode is sponsored by Knocknoc, who let you glue your firewalls to your single sign on. Knocknoc's CEO Adam Pointon talks about the joy that having end-to-end IPv6 would bring for zero-trust access control. He also touches on people using Knocknoc inside their network to isolate critical systems. Editors Note : Pat also gives Adam (Boileau) stick in the sponsor interview about the Risky Biz webserver not having IPv6 enabled, which fact-checking during the edit says is FAKE NEWS. Just uh, don't look at how fresh that AAAA record in the DNS is, friends
RSAC 2025 is well under way, and Kevin the Intern files his first report. Authorities say Spain and Portugal's massive power outage was not a cyberattack. Concerns are raised over DOGE access to classified nuclear networks. The FS-ISAC launches the Cyberfraud Prevention Framework. Real-time deepfake fraud is here to stay. On today's Threat Vector, host David Moulton speaks with Daniel B. Rosenzweig, a leading data privacy and AI attorney, about the growing complexity of privacy compliance in the era of big data and artificial intelligence. Protecting your company…with a fat joke. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector In this segment of Threat Vector, host David Moulton speaks with Daniel B. Rosenzweig, a leading data privacy and AI attorney, about the growing complexity of privacy compliance in the era of big data and artificial intelligence. Dan explains how businesses can build trust by aligning technical operations with legal obligations—what he calls “say what you do, do what you say.” They explore U.S. state privacy laws, global data transfer regulations, AI compliance, and the role of privacy-enhancing technologies. You can hear David and Daniel's full discussion on Threat Vector here and catch new episodes every Thursday on your favorite podcast app. Kevin on the Street Joining us this week from RSAC 2025, we have our partner Kevin Magee, Global Director of Cybersecurity Startups at Microsoft for Startups. Stay tuned to the CyberWire Daily podcast for “Kevin on the Street” updates on all things RSAC 2025 from Kevin all week. You can also catch Kevin on our Microsoft for Startups Spotlight, brought to you by N2K CyberWire and Microsoft, where we shine a light on innovation, ambition, and the tech trailblazers building the future right from the startup trenches. Kevin and Dave talk with startup veteran and Cygenta co-founder FC about making the leap from hacker to entrepreneur, then speak with three Microsoft for Startups members: Matthew Chiodi of Cerby, Travis Howerton of RegScale, and Karl Mattson of Endor Labs. Whether you are building your own startup or just love a good innovation story, https://explore.thecyberwire.com/microsoft-for-startups. Selected Reading RSA Conference 2025 Announcements Summary (Day 1) (SecurityWeek) ISMG Editors: Day 1 Overview of RSAC Conference 2025 (GovInfo Security) ProjectDiscovery Named “Most Innovative Startup” at RSAC™ 2025 Conference Innovation Sandbox Contest (RSAC) Krebs: People should be ‘outraged' at efforts to shrink federal cyber efforts (The Record) NSA, CISA top brass absent from RSA Conference (The Register) Power Is Restored in Spain and Portugal After Widespread Outage (New York Times) DOGE employees gain accounts on classified networks holding nuclear secrets (NPR) New Framework Targets Rising Financial Crime Threats (GovInfo Security) The Age of Realtime Deepfake Fraud Is Here (404 Media) The one interview question that will protect you from North Korean fake workers (The Register) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
A massive power outage strikes the Iberian Peninsula. Iran says it repelled a “widespread and complex” cyberattack targeting national infrastructure. Researchers find hundreds of SAP NetWeaver systems vulnerable to a critical zero-day. A British retailer tells warehouse workers to stay home following a cyberattack. VeriSource Services discloses a breach exposing personal data of four million individuals. Global automated scanning surged 16.7% in 2024. CISA discloses several critical vulnerabilities affecting Planet Technology's industrial switches and network management products. A Greek court upholds a VPN provider's no-logs policies. Law enforcement dismantles the JokerOTP phishing tool. Our guest is Tim Starks from CyberScoop with developments in the NSO Group trial. How Bad Scans and AI Spread a Scientific Urban Legend. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Special Edition On our Microsoft for Startups Spotlight, brought to you by N2K CyberWire and Microsoft, we are shining a light on innovation, ambition, and the tech trailblazers building the future right from the startup trenches. This episode is part of our exclusive RSAC series where we dive into the real world impact of the Microsoft for Startups Founders Hub. Along with Microsoft's Kevin Magee, Dave Bittner talks with an entrepreneur and startup veteran, and founders from three incredible startups who are part of the Founders Hub, each tackling big problems with even bigger ideas. Dave and Kevin set the stage speaking with startup veteran and Cygenta co-founder FC about making the leap from hacker to entrepreneur. Dave and Kevin then speak with three founders: Matthew Chiodi of Cerby, Travis Howerton of RegScale, and Karl Mattson of Endor Labs. So whether you are building your own startup or just love a good innovation story, listen in. For more information, visit the Microsoft for Startups website. CyberWire Guest We are joined by Tim Starks from CyberScoop who is discussing Judge limits evidence about NSO Group customers, victims in damages trial Selected Reading Nationwide Power Outages in Portugal & Spain Possibly Due to Cyberattack (Cyber Security News) Iran claims it stopped large cyberattack on country's infrastructure (The Record) 400+ SAP NetWeaver Devices Vulnerable to 0-Day Attacks that Exploited in the Wild (Cyber Security News) M&S warehouse workers told not to come to work following cyberattack (The Record) 4 Million Affected by VeriSource Data Breach (SecurityWeek) Researchers Note 16.7% Increase in Automated Scanning Activity (Infosecurity Magazine) Critical Vulnerabilities Found in Planet Technology Industrial Networking Products (SecurityWeek) Court Dismisses Criminal Charges Against VPN Executive, Affirms No-Log Policy (Hackread) JokerOTP Dismantled After 28,000 Phishing Attacks, 2 Arrested (Hackread) A Strange Phrase Keeps Turning Up in Scientific Papers, But Why? (ScienceAlert) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Today on the show, Liz Wheeler interviews Mike Benz, Executive Director of Foundation For Freedom Online about the deep state and the Cybersecurity and Infrastructure Security Agency, better known as CISA. SPONSORS: PREBORN: Your tax-deductible donation of twenty-eight dollars sponsors one ultrasound and doubles a baby's chance at life. How many babies can you save? Please donate your best gift today– just dial #250 and say the keyword, “BABY" or go to https://preborn.com/LIZ. KEKSI COOKIES: Mother's Day is coming up so don't wait—go to https://keksi.com right now and use code LIZ15 for an exclusive 15% discount. Your mom deserves the best—give her something she'll remember! Learn more about your ad choices. Visit megaphone.fm/adchoices