Podcasts about cisa

Will Daugherty, US Head of Norton Rose Fulbright's Cybersecurity practice, discussing the upcoming expiration of CISA 2015. Ben discusses Apple's decision to remove the ICEBlock app after pressure from the White House. Dave's got the story of the Secretary of Defense dialing back cyber training fro troops. While this show covers legal topics, and Ben is a lawyer, the views expressed do not constitute legal advice. For official legal advice on any of the topics we cover, please contact your attorney.  Links to today's stories: ⁠⁠⁠⁠Apple removes ICE tracking apps after Trump administration says they threaten officers US Department of War reduces cybersecurity training, tells soldiers to focus on their mission ⁠Get the weekly Caveat Briefing delivered to your inbox. Like what you heard? Be sure to check out and subscribe to our ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Caveat Briefing⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠, a weekly newsletter available exclusively to ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠N2K Pro⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ members on ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠N2K CyberWire's⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ website. N2K Pro members receive our Thursday wrap-up covering the latest in privacy, policy, and research news, including incidents, techniques, compliance, trends, and more. This week's ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Caveat Briefing⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ covers ⁠⁠⁠⁠⁠⁠⁠China's covert influence campaign in the Philippines, where a Beijing-funded marketing firm used fake social media accounts to amplify pro-China narratives, attack U.S. alliances, and spread disinformation. The operation aimed to sway public opinion, undermine democratic discourse, and shape the country's political landscape ahead of future elections. Curious about the details? Head over to the ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Caveat Briefing⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ for the full scoop and additional compelling stories. Got a question you'd like us to answer on our show? You can send your audio file to ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠caveat@thecyberwire.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠. Hope to hear from you. Learn more about your ad choices. Visit megaphone.fm/adchoices

The Monday Microsegment for the week of October 6th. All the cybersecurity news you need to stay ahead, from Illumio's The Segment podcast.Hackers hit Oracle customers with extortion emails.CISA's lights are still on, but most of its defenders are home on furlough.And Palo Alto login portals face a flood of suspicious scans.And Christer Swartz joins us for a "Boos and Bravos" segment. Head to The Zero Trust Hub: hub.illumio.comDownload The 2025 Global Cloud Detection and Response Report: https://www.illumio.com/resource-center/global-cloud-detection-and-response-report-2025 

A fast-spreading malware campaign is abusing WhatsApp as both lure and launchpad. Carmaker Renault suffers a data breach. DrayTek patches a critical router flaw. CISA alerts cover a range of vulnerabilities. A new phishing kit lowers the bar for convincing lures. A Catholic hospital network pays $7.6 million to settle data breach litigation. A major breach at FEMA exposes employee data. Google expands Gmail's end-to-end encryption (E2EE) capabilities. On our Industry Voices segment, we are joined by Brian Vecci, Field CTO at Varonis, discussing move fast but don't break things: Innovating at light speed without putting data at risk. The UK's digital ID is a solution in search of a mandate. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, we are joined by Brian Vecci, Field CTO at Varonis, discussing move fast but don't break things: Innovating at light speed without putting data at risk. You can listen to Brian's full conversation here. Selected Reading Threat Actors Leveraging WhatsApp Messages to Attack Windows Systems With SORVEPOTEL Malware (Cybersecurity News) Major car maker confirms customer data stolen in cyber attack (The Independent) Unauthenticated RCE Flaw Patched in DrayTek Routers  (SecurityWeek) Organizations Warned of Exploited Meteobridge Vulnerability (SecurityWeek) CISA Releases Two Industrial Control Systems Advisories (CISA.gov) New ‘point-and-click' phishing kit simplifies malicious attachment creation (SC Media) Hospital Chain to Pay $7.6M to Settle Breach Litigation (Bank Inforsecurity) FEMA cyber breach exposes employee data (SC Media) Gmail business users can now send encrypted emails to anyone (Bleeping Computer) UK government says digital ID won't be compulsory – honest (The Register) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Three Buddy Problem - Episode 66: We discuss drone sightings that shut down airports across Europe and what they reveal about hybrid warfare and the changing nature of conflict; Oracle ransomware/extortion campaign tied to unpatched E-Business Suite vulnerabilities and the company's muted response. Plus, the TikTok–Oracle deal and the strange role Oracle now plays in U.S. national security; OpenAI's Sora 2 launch and its implications for social media and human expression; Palo Alto's “Phantom Taurus” APT report, a follow-up on Cisco's ArcaneDoor disclosures, and the impact of the U.S. government shutdown on CISA. Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Ryan Naraine (https://twitter.com/ryanaraine) and Costin Raiu (https://twitter.com/craiu).

Cybersecurity Today: Red Hat Breach, CLOP Targets Oracle, and CISA Cuts Critical Support In this episode of Cybersecurity Today, host Jim Love covers a recent breach of Red Hat's consulting GitLab server, highlighting concerns over exposed network maps and tokens. The CLOP extortion gang targets Oracle E-Business Suite clients, demanding ransom for sensitive data. Surveys show Canadian businesses are overconfident in their cyber defenses despite frequent attacks. Finally, CISA has ended a crucial cybersecurity support agreement, impacting state and local governments amidst a federal shutdown. Tune in for detailed analysis and urgent action items. 00:00 Red Hat GitLab Server Breach 02:21 CLOP Gang Targets Oracle E-Business Suite 04:29 Canadian Firms' Overconfidence in Cybersecurity 06:31 CISA Ends Critical Support Amid Shutdown 08:38 Conclusion and Upcoming Month in Review

Government shutdown furloughs most CISA staff Microsoft Defender bug triggers erroneous BIOS update alerts Motility RV software company suffers cyberattack Huge thanks to our sponsor, Nudge Security Here's the thing: your employees are signing up for new apps, sharing data, and connecting tools together, often without anyone knowing. And, AI adoption is accelerating this trend. What if you could continuously discover when people start using new apps or sharing data, then prompt them with security guidance right when and where they are working? At Nudge Security, we call that securing the Workforce Edge. Instead of trying to control everything (which, let's face it, is impossible), we give IT and security teams the visibility they need and automation to guide employees toward secure behaviors. The result? Your workforce stays productive, your data stays secure, and you can finally get some sleep at night. Learn more at nudgesecurity.com/workforceedge Find the stories behind the headlines at CISOseries.com.  

Link to episode page This week's Cyber Security Headlines – Week in Review is hosted by Nick Espinosa, nationally syndicated host of The Deep Dive Radio Show, with guest Steve Zalewski, co-host, Defense in Depth Thanks to our show sponsor, Nudge Security Here's the thing: your employees are signing up for new apps, sharing data, and connecting tools together, often without anyone knowing. And, AI adoption is accelerating this trend. What if you could continuously discover when people start using new apps or sharing data, then prompt them with security guidance right when and where they are working? At Nudge Security, we call that securing the Workforce Edge. Instead of trying to control everything (which, let's face it, is impossible), we give IT and security teams the visibility they need and automation to guide employees toward secure behaviors. The result? Your workforce stays productive, your data stays secure, and you can finally get some sleep at night. Learn more at nudgesecurity.com/workforceedge All links and the video of this episode can be found on CISO Series.com  

CISA furloughs most of its workforce due to the government shutdown. The U.S. Air Force confirms it is investigating a SharePoint related breach. Google warns of a large-scale extortion campaign targeting executives. Researchers uncover Android spyware campaigns disguised as popular messaging apps. An extortion group claims to have breached Red Hat's private GitHub repositories. A software provider for recreational vehicle and power sport dealers suffers a ransomware breach. Patchwork APT deploys a new Powershell loader using scheduled tasks for persistence. A Tennessee Senator urges aggressive U.S. action to prepare for a post-quantum future. Cynthia Kaiser,  SVP of Halcyon's Ransomware Research Center and former Deputy Assistant Director at the FBI's Cyber Division, joins us with insights on the government shutdown. A Malaysian man pleads guilty to supporting a massive crypto fraud. Protected health info is not a marketing tool.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Cynthia Kaiser,  SVP of Halcyon's Ransomware Research Center and former Deputy Assistant Director at the FBI's Cyber Division, joins us with insights on the government shutdown. Selected Reading Shutdown guts U.S. cybersecurity agency at perilous time (CISA) Air Force admits SharePoint privacy issue; reports of breach (The Register) Google warns executives are being targeted for extortion with leaked Oracle data (IT Pro) Researchers uncover spyware targeting messaging app users in the UAE (The Record) Red Hat confirms security incident after hackers claim GitHub breach (Bleeping Computer) 766,000 Impacted by Data Breach at Dealership Software Provider Motility (Security Week) Patchwork APT: Leveraging PowerShell to Create Scheduled Tasks and Deploy Final Payload (GB Hackers) GOP senator confirms pending White House quantum push, touts legislative alternatives (CyberScoop) Bitcoin Fixer Convicted for Role in Money Laundering Scheme (Bank Infosecurity) Nursing Home Fined $182K for Posting Patient Photos Online  (Bank Infosecurity) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Chris and Hector kick off Cybersecurity Awareness Month with big news—Hector announces the launch of his new company, SafeHill. The guys dig into continuous threat exposure management, the dangers of malicious Chrome extensions, why ransomware claims are dropping, and how free tools from CISA can strengthen defenses. Join our new Patreon! ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.patreon.com/c/hackerandthefed⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Send HATF your questions at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠questions@hackerandthefed.com

On this week's show Patrick Gray is on holiday so Amberleigh Jack and Adam Boileau hijack the studio to discuss the week's cybersecurity news, including: Hackers learn that trying to coerce a journalist just makes for … a great story? A man in his 40s gets arrested over the European airport chaos. Yep, we're surprised, too. Adam fanboys over Watchtowr Labs while bemoaning Fortra. Academics pick apart Tile trackers and find them lacking CISA tells agencies to patch their damn Cisco gear This episode is also available on YouTube. Show notes 'You'll never need to work again': Criminals offer reporter money to hack BBC Government to guarantee £1.5bn Jaguar Land Rover loan after cyber shutdown Feds Tie ‘Scattered Spider' Duo to $115M in Ransoms – Krebs on Security UK authorities arrest man in connection with cyberattack against aviation vendor | Cybersecurity Dive Chinese scammer pleads guilty after UK seizes nearly $7 billion in bitcoin Cyberattack on Japanese beer giant Asahi limits shipping, call center operations | The Record from Recorded Future News Afghanistan plunged into nationwide internet blackout, disrupting air travel, medical care | The Record from Recorded Future News Tile trackers are a stalker's dream, say Georgia Tech researchers Intel and AMD trusted enclaves, the backbone of network security, fall to physical attacks - Ars Technica Supermicro server motherboards can be infected with unremovable malware - Ars Technica China-linked hackers use ‘BRICKSTORM' backdoor to steal IP | The Record from Recorded Future News Another BRICKSTORM: Stealthy Backdoor Enabling Espionage into Tech and Legal Sectors Federal agencies given one day to patch exploited Cisco firewall bugs | The Record from Recorded Future News Cisco IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution Vulnerability Is This Bad? This Feels Bad. (Fortra GoAnywhere CVE-2025-10035) It Is Bad (Exploitation of Fortra GoAnywhere MFT CVE-2025-10035) - Part 2

A Cybercrime group abuses routers to send SMS spam, CISA announces a new collaboration model for state governments, South Korea raises its cyber threat level after a data center fire, and Tile tracking devices expose their location. Show notes Risky Bulletin: Router APIs abused to send SMS spam waves

CISA issues an urgent warning about active exploitation of a critical vulnerability in the sudo utility. Broadcom patches two high-severity vulnerabilities in VMware NSX. South Korea raises its national cyber threat level after a datacenter fire. Formbricks patches a critical token validation flaw. Microsoft blocks a credential phishing campaign that made use of malicious SVG files. Landlords are accused of scraping sensitive payroll data. Cybercriminals lay the groundwork for large-scale FIFA fraud. Burnout takes a heavy toll on cybersecurity professionals. On our Threat Vector segment, host David Moulton⁠ is joined by⁠ Kyle Wilhoit⁠ talking about the evolution of hacker culture and cybersecurity. London police bag the biggest bitcoin bust. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On this Threat Vector segment, host David Moulton⁠ is joined by⁠ Kyle Wilhoit⁠ of Unit 42 talking about the evolution of hacker culture and cybersecurity. You can listen to the full conversation⁠ here⁠, and catch new episodes of Threat Vector each Thursday in your podcast app of choice. Selected Reading CISA Issues Alert on Active Exploitation of Linux and Unix Sudo Flaw (GB Hackers) Broadcom fixes high-severity VMware NSX bugs reported by NSA (Bleeping Computer) South Korea raises cyber threat level after huge data centre fire sparks hacking fears (The Guardian) JWT signature verification bypass enables account takeover in Formbricks (Beyond Machines) Microsoft Flags AI Phishing Attack Hiding in SVG Files (Hackread) Landlords Demand Tenants' Workplace Logins to Scrape Their Paystubs (404 Media) Playing Offside: How Threat Actors Are Warming Up for FIFA 2026 (Check Point Blog) Why burnout is a growing problem in cybersecurity (BBC) Chinese woman convicted after 'world's biggest' bitcoin seizure (BBC) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this week's Security Sprint, Dave and Andy covered the following topics:Warm Open:• TribalNet 2025: Cybersecurity Is Central to IT Modernization for Tribes • Cyberattacks remain big threat for tribes: survey • CISA to furlough 65% of staff if government shuts down this week• Cyber shutdown showdownMain Topics:Domestic Hostile Events:• Deadly attack on Michigan church leaves investigators searching for motive• Michigan church shooter was Marine veteran who White House official says "hated people of the Mormon faith"• Update from FBI Detroit on Shooting and Fire at a Michigan Church• Michigan church shooting suspect went on anti-LDS tirade, political candidate said• Armed man busted after plowing car through police barricade outside Michigan church day after deadly shooting, blaze• Iraq War veteran Thomas Sanford ID'd as gunman who attacked Grand Blanc LDS church, killing 4 and setting it ablaze• What we know about Michigan church shooter Thomas Sanford. Authorities have provided no motive for the attack.• Who is Michigan church attacker Thomas Jacob Sanford: Iraq war vet 'suffered from PTSD' and wore 'Make Liberals Cry Again' shirt• A List of Notable Shooting Attacks on Houses of Worship in the US in the Past 20 Years• Marine veteran in custody after 3 killed, at least 8 injured in shooting at a waterfront bar in North Carolina, officials say & Southport mass shooting: Suspect identified in gunfire from boat that killed 3, injured 8, officials say• Eagle Pass casino shooting: 2 killed, 5 hurt; suspect in custody, authorities say & Two dead, six hurt in shooting at Texas tribal casino; suspect in custodyRansomware• 'You'll never need to work again': Criminals offer reporter money to hack BBC• Co-op says cyber-attack cost it £206m in lost sales Quick Hits:• CISA Directs Federal Agencies to Identify and Mitigate Potential Compromise of Cisco Devices• Threat Insights: Active Exploitation of Cisco ASA Zero Days • CISA - SonicWall Releases Advisory for Customers after Security Incident• Widespread Supply Chain Compromise Impacting npm Ecosystem• Russia dares NATO to shoot • New Kremlin-Linked Influence Campaign Targeting Moldovan Elections Draws 17 Million Views on X and Infects AI Models• Bot Networks Are Helping Drag Consumer Brands Into the Culture Wars• Outrage Cycle: Cracker Barrel and its CEO Targeted Amidst Logo Controversy• CISA Releases Advisory on Lessons Learned from an Incident Response Engagement• Helping OT Organizations to Establish Defensible Architecture and More Resilient Operations• Designating Antifa as a Domestic Terrorist Organization• Fact Sheet: President Donald J. Trump Designates Antifa as a Domestic Terrorist Organization• Ranking Member Thompson Statement on Trump Incorrectly Designating ‘Antifa' as a Domestic Terrorism Organization• DHS Issues Statement on Targeted Attack on Dallas ICE Facility3 people shot at Dallas ICE field office: ICE official • Trump Says He Is Ordering Troops to Portland, Escalating Domestic Use of Military• Trump Says He's Sending Troops To ‘War Ravaged' America City — Authorizes ‘Full Force'• Pentagon calls up 200 National Guard troops after Trump Portland announcement• Oregon leaders object to Trump's deployment of 200 National Guard troops in the state• Feds march into downtown Chicago; top border agent says people are arrested based on ‘how they look'• ICE tactics inflame tensions in New York, Chicago and other cities• Shane Tamura, gunman in shooting at NFL headquarters, had CTE: Medical examiner

In this episode of the podcast, Ryan Williams Sr. and Shannon Tynes discuss the latest cybersecurity news, including CISA's emergency directive regarding Cisco vulnerabilities, the rise of SIM farms threatening US infrastructure, and the alarming trend of cybercriminals targeting children's data for ransom. They emphasize the importance of cybersecurity awareness and the evolving landscape of cyber threats while also sharing personal updates and reflections on their experiences in the field. Article: CISA orders feds to patch Cisco flaws used in multiple agency hacks https://www.cybersecuritydive.com/news/cisa-emergency-directive-cisco-vulnerabilities-arcanedoor/761150/?fbclid=IwZXh0bgNhZW0CMTAAYnJpZBExd2lleHdWb1RWbEFZTDBJeQEenjZcbYPfTEpDqYpskC1y_ATnQjy8Xs0O_lBm9CqOYVx3jY2IWAuVe19i1Rk_aem_QN5KLONSnHGtBgaVUXEsXw ‘SIM Farms' Are a Spam Plague. A Giant One in New York Threatened US Infrastructure, Feds Say https://www.wired.com/story/sim-farm-new-york-threatened-us-infrastructure-feds-say/?fbclid=IwZXh0bgNhZW0CMTAAYnJpZBExd2lleHdWb1RWbEFZTDBJeQEenLyO6lHFipbOSiGb3VydzS5_tY3hL7Z4kXKi86wzH_Qcfc3tyl4x1uELPgk_aem_KHOxgSVa-qn4XeXt7xdiKQ Nursery hackers threaten to publish more children's profiles online https://www.bbc.com/news/articles/c07vxv8v89lo.amp?fbclid=IwZXh0bgNhZW0CMTAAYnJpZBExd2lleHdWb1RWbEFZTDBJeQEetWzL8TMJE9U0bVS7Uy0EJFnJXxX0Xf7BQRXxJw-U4fatP_ilEnBIKdE6tQc_aem_OaAnjTw17cUrAzhvv9ShRw Buy the guide: www.theothersideofthefirewall.com Please LISTEN

Converting Timestamps in .bash_history Unix shells offer the ability to add timestamps to commands in the .bash_history file. This is often done in the form of Unix timestamps. This new tool converts these timestamps into a more readable format. https://isc.sans.edu/diary/New%20tool%3A%20convert-ts-bash-history.py/32324 Cisco ASA/FRD Compromises Exploitation of the vulnerabilities Cisco patched last week may have bone back about a year. Cisco and CISA have released advisories with help identifying affected devices. https://sec.cloudapps.cisco.com/security/center/resources/asa_ftd_continued_attacks https://www.cisa.gov/news-events/directives/ed-25-03-identify-and-mitigate-potential-compromise-cisco-devices Github Notification Phishing Github notifications are used to impersonate YCombinator and trick victims into installing a crypto drainer. https://www.bleepingcomputer.com/news/security/github-notifications-abused-to-impersonate-y-combinator-for-crypto-theft/

There’s an abundance of vulnerabilities in this week’s Network Break. We start with a red alert on a cluster of Cisco vulnerabilities in its firewall and threat defense products. On the news front, the vulnerability spotlight stays on Cisco as the US Cybersecurity and Infrastructure Security Agency (CISA) issues an emergency directive to all federal... Read more »

There’s an abundance of vulnerabilities in this week’s Network Break. We start with a red alert on a cluster of Cisco vulnerabilities in its firewall and threat defense products. On the news front, the vulnerability spotlight stays on Cisco as the US Cybersecurity and Infrastructure Security Agency (CISA) issues an emergency directive to all federal... Read more »

There’s an abundance of vulnerabilities in this week’s Network Break. We start with a red alert on a cluster of Cisco vulnerabilities in its firewall and threat defense products. On the news front, the vulnerability spotlight stays on Cisco as the US Cybersecurity and Infrastructure Security Agency (CISA) issues an emergency directive to all federal... Read more »

The Monday Microsegment for the week of September 29th. All the cybersecurity news you need to stay ahead, from Illumio's The Segment podcast.CISA orders an emergency patch after attackers weaponize Cisco firewall flaws.AI and malware are working hand-in-hand, but it's not actually romanticAnd a string of new breaches could ruin the friendship between customers and major brands.And Michael Adjei joins us for an "Ask the Expert" segment. Head to The Zero Trust Hub: hub.illumio.comRegister to attend The Illumio World Tour: https://www.illumio.com/illumio-world-tour 

The Cybersecurity and Infrastructure Security Agency is ordering federal civilian agencies to take immediate action against a widespread hacking campaign targeting Cisco firewalls. The emergency directive was issued last Thursday in response to zero day vulnerabilities that hackers have been exploiting for quite some time. Federal News Network's Anastasia. Obis is here with more details. See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

V jubilejní 300. epizodě se podíváme na případ britské logistické firmy, která po 158 letech padla kvůli jedinému špatnému heslu a útoku ransomwaru Akira. Probereme také nové zero-day útoky na firewally Cisco ASA a Firepower, na které musela reagovat americká CISA nouzovou směrnicí, a dramatické odhalení SIM farmy u New Yorku před zasedáním OSN. Nechybí ani aktuální statistiky kyberútoků v Česku, které ukazují nárůst o 15 procent. Na závěr podpoříme projekt týdne Surfuj bezpečne, který učí lidi, jak nenaletět na podvody.

Three Buddy Problem - Episode 65: We zero in on one of the biggest security stories of the year: the discovery of a persistent multi-stage bootkit implanting malware on Cisco ASA firewalls. Details on a new campaign, tied to the same threat actors behind ArcaneDoor, exploiting zero-days in Cisco's 5500-X series appliances, devices that sit at the heart of government and enterprise networks worldwide. Plus, Cisco's controversial handling of these disclosures, CISA's emergency deadlines for patching, the absence of IOCs and samples, and China's long-term positioning. Plus, thoughts on the Secret Service SIM farm discovery in New York and evidence of Russians APTs Turla and Gamaredon collaborating to hit Ukraine targets. Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Ryan Naraine (https://twitter.com/ryanaraine) and Costin Raiu (https://twitter.com/craiu).

CISA gives federal agencies 24 hours to patch a critical Cisco firewall bug. Researchers uncover the first known malicious MCP server used in a supply chain attack. The New York SIM card threat may have been overblown. Microsoft tags a new variant of the XCSSET macOS malware. An exposed auto insurance claims database puts PII at risk. Amazon will pay $2.5 billion to settle dark pattern allegations. Researchers uncover North Korea's hybrid playbook of cybercrime and insider threats. An old Hikvision security camera vulnerability rears its ugly head. Dan Trujillo from the Air Force Research Laboratory's Space Vehicles Directorate joins Maria Varmazis, host of T-Minus Space Daily to discuss how his team is securing satellites and space systems from cyber threats. DOGE delivers dysfunction, disarray, and disappointment. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.CyberWire Guest Dan Trujillo from the Air Force Research Laboratory's Space Vehicles Directorate joins Maria Varmazis, host of T-Minus Space Daily to discuss how his team is securing satellites and space systems from cyber threats and also shares advice for breaking into the fast-growing field of space cybersecurity Selected Reading Federal agencies given one day to patch exploited Cisco firewall bugs (The Record) First malicious MCP Server discovered, stealing data from AI-Powered email systems (Beyond Machines) Secret Service faces backlash over SIM farm bust as experts challenge threat claims (Metacurity) Microsoft warns of new XCSSET macOS malware variant targeting Xcode devs (Bleeping Computer) Microsoft cuts off cloud services to Israeli military unit after report of storing Palestinians' phone calls (CNBC) Auto Insurance Platform Exposed Over 5 Million Records Including Documents Containing PII (Website Planet) Amazon pays $2.5 billion to settle Prime memberships lawsuit (Bleeping Computer) DeceptiveDevelopment: From primitive crypto theft to sophisticated AI-based deception (We Live Security) Critical 8 years old Hikvision Camera flaw actively exploited again (Beyond Machines) The Story of DOGE, as Told by Federal Workers (WIRED) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Episode 233 discusses the newest tensions between AI and schools: teenagers using AI companions and alarming incidents tied to platforms like Character.ai that have drawn federal attention. Josh talks about his student MFA pilot using Clever, how onboarding works (and how MFA can be network-aware to reduce classroom friction), and using student-led help desks to test the rollout. The guys discuss a post from Jay on K12TechPro asking about IT leadership background (educators and non‑educators in K12 tech dept roles). The episode's guest is Peter Kaplan from Fortinet, an E‑Rate expert. He breaks down why E‑Rate matters, outlines the FCC's cybersecurity pilot (challenges with procurement, reporting, and evaluating success), and discusses gaps left by potential MS‑ISAC funding changes. He also highlights CISA's K12 resources and Fortinet's no‑cost cybersecurity awareness materials for schools. Our new Swag Store is OPEN - Buy some swag (tech dept gift boxes, shirts, hoodies...)!!! -------------------- NTP Managed Methods Arista VIZOR Fortinet -------------------- Join the K12TechPro Community (exclusively for K12 Tech professionals) Buy some swag (tech dept gift boxes, shirts, hoodies...)!!! Email us at k12techtalk@gmail.com OR our "professional" email addy is info@k12techtalkpodcast.com Call us at 314-329-0363 X @k12techtalkpod Facebook Visit our LinkedIn Music by Colt Ball Disclaimer: The views and work done by Josh, Chris, and Mark are solely their own and do not reflect the opinions or positions of sponsors or any respective employers or organizations associated with the guys. K12 Tech Talk itself does not endorse or validate the ideas, views, or statements expressed by Josh, Chris, and Mark's individual views and opinions are not representative of K12 Tech Talk. Furthermore, any references or mention of products, services, organizations, or individuals on K12 Tech Talk should not be considered as endorsements related to any employer or organization associated with the guys.

British authorities arrest a man in connection with the Collins Aerospace ransomware attack. CISA says attackers breached a U.S. federal civilian executive branch agency last year. Researchers uncover two high-severity vulnerabilities in Supermicro server motherboards. A Las Vegas casino operator confirms a cyber attack. Analysts track multiple large-scale, automated email phishing campaigns. Libraesva issues an emergency patch for its Email Security Gateway. Our guest is Jason Clark, Chief Strategy Officer (CSO) at Cyera, tackling the security threat of Agentic AI. Robocars get misdirected by mirrors.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, we are joined by Jason Clark, Chief Strategy Officer (CSO) at Cyera, discussing tackling the security industry's biggest threat: Agent AI. If you want to hear the full conversation from Jason, you can check it out here. Selected Reading UK police arrest man over hack that affected European airports (Reuters) AI tool helped recover £500m lost to fraud, government says (BBC) CISA says hackers breached federal agency using GeoServer exploit (Bleeping Computer) Supermicro server motherboards can be infected with unremovable malware (Ars Technica) Boyd Gaming Suffers Cyberattack, Data Breach (Casino.org) Email Threat Radar – September 2025 (Barracuda) Revamped Phishing Techniques: How Telegram and Front-End Hosting Platforms Scale Campaigns (Forescout) GitHub notifications abused to impersonate Y Combinator for crypto theft (Bleeping Computer) Libraesva ESG issues emergency fix for bug exploited by state hackers (Bleeping Computer) Fooling a self-driving car with mirrors on traffic cones (The Register) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

European airports restoring services after system breach CISA deals with GeoServer exploit App for outing Charlie Kirk's critics leaks personal data Huge thanks to our sponsor, Conveyor  Have you been personally victimized by a questionnaire this week? The queue never ends. But Conveyor can change that story. With AI that answers questionnaires of any format, and a trust center that handles document sharing, security reviews get done without the stress. Feel calm in the chaos with Conveyor. Learn more at www.conveyor.com.

In dieser "Passwort"-Folge geht es zunächst um große Pläne, die die US- amerikanische IT-Sicherheitsbehörde CISA für das CVE-System hat. Sylvester ist verhalten hoffnungsvoll, Christopher sieht die Gefahr, dass Macht missbräuchlich zementiert werden könnte. Machtmissbrauch witterten auch viele Kommentatoren beim nächsten Thema: Browserhersteller überlegen, XSLT auszubauen. Die Hosts sehen sich an, was XSLT überhaupt ist und diskutieren, ob es im Browser sinnvoll oder deplatziert scheint. Zum Schluss werfen Christopher und Sylvester einen Blick auf die sich aktuell häufenden Angriffe auf npm und erklären unter anderem, was die Sandwürmer aus Frank Herberts Dune damit zu tun haben. - Darknet Diaries deutsch: https://www.heise.de/news/Darknet-Diaries-heise-online-bringt-deutsche-Version-des-US-Podcasts-10626196.html - Chrome-Sandbox-Exploit: https://googleprojectzero.blogspot.com/2025/08/from-chrome-renderer-code-exec-to-kernel.html - CISA-Positionspapier: https://www.cisa.gov/sites/default/files/2025-09/CISA_Common_Vulnerabilities_and_Exposures_CVE_Program_Vision-v6_CLEAN.pdf - Folgt uns im Fediverse: - @christopherkunz@chaos.social - @syt@social.heise.de Mitglieder unserer Security Community auf heise security PRO hören alle Folgen bereits zwei Tage früher. Mehr Infos: https://pro.heise.de/passwort

CISA Reports Ivanti EPMM Exploit Sightings Two different organizations submitted backdoors to CISA, which are believed to have been installed using Ivanti vulnerabilities patched in May. https://www.cisa.gov/news-events/analysis-reports/ar25-261a Lastpass Observes Impersonation on GitHub Lastpass noted a number of companies being impersonated via fake GitHub repositories in order to trick victims to download Mac malware. https://blog.lastpass.com/posts/attack-targeting-macs-via-github-pages Oracle Scheduler Ransomware Ransomware has been discovered that gained access to systems via an exposed Oracle Database Scheduler service. https://labs.yarix.com/2025/09/elons-proxima-black-shadow-related-ransomware-attack-via-oracle-dbs-external-jobs/

???? Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com 00:00 - PreShow Banter™ — Enter Dark John03:15 - Kerberoasting Goes to Washington – BHIS - Talkin' Bout [infosec] News 2025-09-1503:49 - Story # 1: Senator blasts Microsoft for making default Windows vulnerable to “Kerberoasting”12:46 - Story # 2: How an Attacker's Blunder Gave Us a Rare Look Inside Their Day-to-Day Operations32:42 - Story # 3: Some JLR suppliers ‘face bankruptcy' due to hack crisis41:30 - Story # 4: AI-Powered Villager Pen Testing Tool Hits 11,000 PyPI Downloads Amid Abuse Concerns46:07 - Story # 5: All your vulns are belong to us! CISA wants to maintain gov control of CVE program49:55 - Story # 6: Qantas penalizes executives for July cyberattack51:15 - Story # 7: America's second largest egg producer breached, claim hackers54:55 - Story # 8: Undocumented Radios Found in Solar-Powered Devices

OpenAI patches a ChatGPT flaw that could have exposed Gmail data. CISA documents malware exploiting two Ivanti Endpoint Manager Mobile (EPMM) flaws. WatchGuard patches a critical flaw in its Firebox firewalls. MI6 launches a dark web snitch site. The DoD looks to cut its cybersecurity job hiring time just 25 days. Researchers trick ChatGPT agents into solving CAPTCHAs. A UK teen faces accusations of being part of the Scattered Spider gang. The Senate confirms a new assistant secretary of defense for cyber policy. A former CIA officer is accused of selling classified information to private clients. Karin Ophir Zimet, Torq's Chief People Officer, is speaking with N2K Senior Workforce Analyst Will Markow about their internship program for upleveling AI skills. Russia's AI propaganda goes prime time.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Karin Ophir Zimet, Torq's Chief People Officer, is speaking with N2K Senior Workforce Analyst Will Markow about their internship program for upleveling AI skills. Selected Reading OpenAI Fixed ChatGPT Security Flaw That Put Gmail Data at Risk (Bloomberg) CISA Analyzes Malware From Ivanti EPMM Intrusions (SecurityWeek) WatchGuard Issues Fix for 9.3-Rated Firebox Firewall Vulnerability (HackRead) MI6 upgrades dark web portal to recruit new spies (The Register) DOD official: We need to drop the cybersecurity talent hiring window to 25 days (CyberScoop) ChatGPT Tricked Into Solving CAPTCHAs (SecurityWeek) Scattered Spider teen cuffed after crypto splurge on games (The Register) Senate confirms Sutton as Pentagon cyber policy chief (The Record) Contractor Used Classified CIA Systems as ‘His Own Personal Google' (404 Media) Russian State TV Launches AI-Generated News Satire Show (404 Media) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Link to episode page This week's Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guests Jack Kufahl, CISO, Michigan Medicine, and Nick Espinosa, host, The Deep Dive Radio Show Thanks to our show sponsor, Drata Leading security teams trust SafeBase by Drata to turn trust into a growth engine. Our enterprise-grade Trust Center puts your security posture in one secure, customer-facing portal, giving buyers instant visibility into your company's continuous controls, certifications, and policies. With AI-powered Questionnaire Assistance, blast through inbound security questionnaires in minutes instead of days, automate cross functional workflows, and eliminate friction. That means less manual work, and faster deal cycles. Win with Trust. Learn more at SafeBase.io. All links and the video of this episode can be found on CISO Series.com

Chris and Hector call out Microsoft for “gross cybersecurity negligence,” explain Kerberoasting in plain English, and discuss CISA's CVE overhaul. Plus, hackers on the battlefield, and how U.S. tech helped build China's surveillance state. Join our new Patreon! ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.patreon.com/c/hackerandthefed⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Send HATF your questions at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠questions@hackerandthefed.com

The Cybersecurity Information Sharing Act (CISA) of 2015 is set to expire at the end of this month on September 30, 2025. The Act removes barriers to companies sharing information about cyber threats, addressing privacy concerns and requires the federal government to share threat information. Many consider CISA one of the foundations of U.S. cybersecurity efforts.   As Congress considers whether or not to reauthorize CISA, former Deputy Assistant Director of the FBI cyber division, Cynthia Kaiser, joins David Aaron to discuss the importance of the legislation and highlight the risks of failing to reauthorize it. Show Note: “The Next Cyber Breach Will Not Wait: Why Congress Must Reauthorize CISA 2015” by Simin Kargar for Just Security  Just Security's CISA coverage Just Security's Cybersecurity coverage

Android moving to “risk-based” security updates CISA accused of Cyber Incentive mismanagement  How security practitioners use LLMs Huge thanks to our sponsor, Drata Leading security teams trust SafeBase by Drata to turn trust into a growth engine. Our enterprise-grade Trust Center puts your security posture in one secure, customer-facing portal, giving buyers instant visibility into your company's continuous controls, certifications, and policies. With AI-powered Questionnaire Assistance, blast through inbound security questionnaires in minutes instead of days, automate cross functional workflows, and eliminate friction. That means less manual work, and faster deal cycles. Win with Trust. Learn more at SafeBase.io.

FBI botnet disruption leaves cybercriminals scrambling to pick up the pieces. Notorious ransomware gangs announce their retirement, but don't hold your breath. Hacktivists leak data tied to China's Great Firewall. A new report says DHS mishandled a key program designed to retain cyber talent at CISA. GPUGate malware cleverly evades analysis. WhiteCobra targets developers with malicious extensions. North Korea's Kimsuky group uses AI to generate fake South Korean military IDs. My guest is Tim Starks from CyberScoop, discussing offensive cyber operations. A cyberattack leaves students hung out to dry. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined once again by Tim Starks from CyberScoop discussing offensive cyber operations. You can read Tim's article Google previews cyber ‘disruption unit' as U.S. government, industry weigh going heavier on offense for more background. Selected Reading The FBI Destroyed an Internet Weapon, but Criminals Picked Up the Pieces (Wall Street Journal) 15 ransomware gangs ‘go dark' to enjoy 'golden parachutes' (The Register) 600 GB of Alleged Great Firewall of China Data Published in Largest Leak Yet (HackRead) China Enforces 1-Hour Cybersecurity Incident Reporting (The Cyber Express) ​​DHS watchdog finds mismanagement in critical cyber talent program (FedScoop) GPUGate Malware: Malicious GitHub Desktop Implants Use Hardware-Specific Decryption, Abuse Google Ads to Target Western Europe (Arctic Wolf) 'WhiteCobra' floods VSCode market with crypto-stealing extensions (Bleeping Computer) AI-Forged Military IDs Used in North Korean Phishing Attack (Infosecurity Magazine) Mitsubishi to acquire Nozomi Networks for nearly $1 billion. (N2K CyberWire Business Briefing)  Dutch students denied access to jailbroken laundry machines (The Register) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The Department of Homeland Security failed to effectively implement a critical retention incentive program for cyber talent, according to a new report from the agency's inspector general, which found that federal funds meant for the Cybersecurity and Infrastructure Security Agency were used incorrectly. In 2015, the agency implemented the Cyber Incentive program. The goal, the inspector general said, was to provide extra incentives to employees that might otherwise leave the federal government. More than $100 million has been spent on the program in recent years. The program “was designed to help CISA retain mission-critical cybersecurity talent needed to execute its mission,” the report noted, and was meant to consider a series of qualifications to guide who received the retention benefit. The government hoped to keep in-demand technology experts in government. The watchdog wrote that “CISA's implementation of the program wasted taxpayer funds and invites the risk of attrition of cyber talent, thereby leaving CISA unable to adequately protect the Nation from cyber threats.” Instead of being targeted toward valuable talent likely to transition to the private sector, the payments were disbursed generally, with many ineligible employees receiving tens of thousands of dollars in payment. The Pentagon's chief information officer is undertaking yet another reform of the Defense Department's IT enterprise — this time focusing on streamlining its classified networks to enhance data sharing and interoperability. Katie Arrington, who is performing the duties of CIO, plans to introduce a new program dubbed “Mission Network-as-a-Service” that aims to reduce the number of disparate data fabrics used by combatant commands into a single, unified network. Speaking last week during the Billington Cybersecurity Summit, Arrington said the program will be key to realizing the department's vision for Combined Joint All-Domain Command and Control, or CJADC2. Broadly speaking, CJADC2 seeks to connect the U.S. military's sensors and weapons under a single network, enabling rapid data transfer between warfighting systems and domains. The Pentagon also wants to be able to quickly share relevant information with international partners and allies during conflicts, adding another layer of difficulty to realizing the construct. The Daily Scoop Podcast is available every Monday-Friday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast  on Apple Podcasts, Soundcloud, Spotify and YouTube.

ShinyHunters hits Vietnam National Credit Information Center HybridPetya is a Petya/NotPetya copycat with UEFI Secure Boot bypass CISA seeks control over CVE Huge thanks to our sponsor, Drata Leading security teams trust SafeBase by Drata to turn trust into a growth engine. Our enterprise-grade Trust Center puts your security posture in one secure, customer-facing portal, giving buyers instant visibility into your company's continuous controls, certifications, and policies. With AI-powered Questionnaire Assistance, blast through inbound security questionnaires in minutes instead of days, automate cross functional workflows, and eliminate friction. That means less manual work, and faster deal cycles. Win with Trust. Learn more at SafeBase.io. Find the stories behind the headlines at CISOseries.com.

The Cybersecurity and Infrastructure Security Agency is charting a new path forward for a widely used catalog of software vulnerabilities. Last week, CISA released a roadmap to guide the future of the common vulnerabilities and exposure program, and CISA's top cybersecurity official says the agency is committed to the future of the program Federal News Network's Justin Doubleday joins me with the latest.See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

Samsung patches a critical Android zero-day vulnerability. Microsoft resolves a global Exchange Online outage. CISA reaffirms its commitment to the CVE program. California passes a bill requiring web browsers to let users automatically send opt-out signals. Apple issues spyware attack warnings. The FTC opens an investigation into AI chatbots on how they protect children and teens. A hacker convicted of attempting to extort more than 20,000 psychotherapy patients is free on appeal. Our guest is Dave Lewis, Global Advisory CISO at 1Password, discussing how security leaders can protect M&A deal value and integrity. Schools face insider threats from students. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today's guest is Dave Lewis, Global Advisory CISO at 1Password, discussing how security leaders can protect deal value and integrity.Selected Reading Samsung patches actively exploited zero-day reported by WhatsApp (Bleeping Computer) Microsoft fixes Exchange Online outage affecting users worldwide (Bleeping Computer) CISA looks to partners to shore up the future of the CVE Program (Help Net Security) California legislature passes bill forcing web browsers to let consumers automatically opt out of data sharing (The Record) Apple warns customers targeted in recent spyware attacks (Bleeping Computer) FTC to AI Companies: Tell Us How You Protect Teens and Kids Who Use AI Companions (CNET) Defence, Space and Cybersecurity. Why the General Assembly in Frascati matters (Decode39) DSEI Takeaways: Space and Cyber and the Invisible Front Line (Via Satellite)  Hacker convicted of extorting 20,000 psychotherapy victims walks free during appeal (The Record) Children hacking their own schools for 'fun', watchdog warns (BBC) - kicker Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com00:00 - PreShow Banter™ — If I Were French04:35 - Anthropic 1.5 Billion © Settlement - BHIS - Talkin' Bout [infosec] News 2025-09-0805:48 - Hackers Threaten to Submit Artists' Data to AI Models If Art Site Doesn't Pay Up08:40 - Anthropic Agrees to Pay Authors at Least $1.5 Billion in AI Copyright Settlement23:58 - This Company Turns Dashcams into ‘Virtual CCTV Cameras.' Then Hackers Got In33:38 - Ice obtains access to Israeli-made spyware that can hack phones and encrypted apps40:07 - Cloudflare Blocks Record-Breaking 11.5 Tbps DDoS Attack44:27 - npm Packages With 2 Billion Weekly Downloads Hacked in Major Attack46:38 - Update on Mandiant Drift and Salesloft Application Investigations51:04 - M&S hackers claim to be behind Jaguar Land Rover cyber attack51:55 - New TP-Link zero-day surfaces as CISA warns other flaws are exploited54:52 - ChickenSec: US turns to Russia for chicken eggs for the first time in 32 years, despite sanctions to cripple its economy57:58 - Cybercriminals Exploit X's Grok AI to Bypass Ad Protections and Spread Malware to Millions

The open source community heads off a major npm supply chain attack. The Treasury Department sanctions cyber scam centers in Myanmar and Cambodia. Scammers abuse iCloud Calendar invites to send callback phishing emails. Researchers discover a new malware variant exploiting exposed Docker APIs. Phishing attacks abuse the Axios user agent and Microsoft's Direct Send feature. Plex warns users of a data breach.  Researchers flag a surge in scans targeting Cisco ASA devices. CISA delays finalizing its incident reporting rule. The GAO says federal cyber workforce figures are incomplete and unreliable. Our guest is Kevin Magee, Global Director of Cybersecurity Startups at Microsoft Security, discussing cybersecurity education going back to school. AI earns its own Darwin awards.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Kevin Magee, Global Director of Cybersecurity Startups at Microsoft Security discussing cybersecurity education going back to school. Selected Reading Hackers hijack npm packages with 2 billion weekly downloads in supply chain attack (Bleeping Computer) Open Source Community Thwarts Massive npm Supply Chain Attack (Infosecurity Magazine) US sanctions companies behind cyber scam centers in Cambodia, Myanmar (The Record) New Apple Warning, This iCloud Calendar Invite Is Actually An Attack (Forbes) New Docker Malware Strain Spotted Blocking Rivals on Exposed APIs (HackRead) Axios User Agent Helps Automate Phishing on “Unprecedented Scale” (Infosecurity Magazine) Plex Urges Password Resets Following Data Breach (SecurityWeek) Surge in networks scans targeting Cisco ASA devices raise concerns (Bleeping Computer) CISA pushes final cyber incident reporting rule to May 2026 (CyberScoop) US government lacks clarity into its infosec workforce (The Register) AI Darwin Awards launch to celebrate spectacularly bad deployments (The Register) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Three Buddy Problem - Episode 61: We cover a pair of software supply chain breaches (Salesforce Salesloft Drift and NPM/GitHub) that raises big questions about SaaS integrations and the ripple effects across major security vendors. Plus, Apple's new Memory Integrity Enforcement in iPhone 17 and discussion on commercial spyware infections and the value of Apple notifications; concerns around Chinese hardware and surveillance equipment in US infrastructure; Silicon Valley profiting from China's surveillance ecosystem; and controversy around a Huntress disclosure of an attacker's operations after an EDR agent was mistakenly installed. Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Ryan Naraine (https://twitter.com/ryanaraine) and Costin Raiu (https://twitter.com/craiu).

A cyberattack disrupts Bridgestone's manufacturing operations. CISA warns of critical vulnerabilities in products used across multiple sectors. Additional cybersecurity firms confirm data exposure in the recent Salesforce–Salesloft Drift attack. A configuration vulnerability in Sitecore products leads to remote code execution. HHS promises stricter enforcement of healthcare information access rules. Texas sues an education software provider over a December 2024 data breach. A federal jury orders Google to pay $425 million over improperly collected user data. Nations unite for global guidance on SBOMs. On our Industry Voices segment, we are joined by Aron Anderson, Enterprise Security Manager of Adobe, on embracing the journey to zero trust. Chess.com gets caught in a tricky gambit. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Industry Voices On our Industry Voices segment we are joined by  Aron Anderson, Enterprise Security Manager of Adobe, as he is talking about embracing the journey to zero trust. If you want to hear the full conversation from Aron, you can check it out here. Selected Reading Tire giant Bridgestone confirms cyberattack impacts manufacturing (Bleeping Computer) CISA issues ICS advisories on hardware flaws in Honeywell, Mitsubishi Electric, Delta Electronics, rail communication protocols (Industrial Cyber) More Cybersecurity Firms Hit by Salesforce-Salesloft Drift Breach (SecurityWeek) Unknown miscreants snooping around Sitecore via sample keys (The Register) HHS Says It's 'Cracking Down' on Health Information Blocking (BankInfo Security) Texas sues PowerSchool over breach exposing 62M students, 880k Texans (Bleeping Computer) Google hit with $425 million verdict in privacy class action suit (The Record) US and 14 Allies Release Joint Guidance on Software Bill of Materials (Infosecurity Magazine) Chess.com says 4,500 people had data stolen during June breach  (The Record) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

France fines Google and Shein over cookie misconduct CISA adds more TP-Link routers flaws to its KEV catalog World's largest sports piracy site shut down Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.

Salt Typhoon marks China's most ambitious campaign yet. A major Google outage hit Southeastern Europe.  A critical zero-day flaw in FreePBX gets patched. Scattered Lapsus$ Hunters claim the Jaguar Land Rover hack. Researchers uncover a major evolution in the XWorm backdoor campaign. GhostRedirector is a new China-aligned threat actor. CISA adds a pair of TP-Link router flaws to its Known Exploited Vulnerabilities (KEV) catalog. The feds put a $10 million bounty on three Russian FSB officers. Experts warn sweeping cuts to ODNI could cripple U.S. cyber defense. Our guest is Rick Kaun, Global Director of Cybersecurity Services at Rockwell Automation, discussing IT/OT convergence in securing critical water and wastewater systems. Google says rumors of Gmail's breach are greatly exaggerated. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.CyberWire Guest Today our guest is Rick Kaun, Global Director of Cybersecurity Services at Rockwell Automation, who is talking about "IT/OT Convergence for Critical Water & Wastewater Security." Selected Reading ‘Unrestrained' Chinese Cyberattackers May Have Stolen Data From Almost Every American (The New York Times) Google Down in Eastern Europe (UPDATED) (Novinite Sofia News Agency) Sangoma Patches Critical Zero-Day Exploited to Hack FreePBX Servers (SecurityWeek) M&S hackers claim to be behind Jaguar Land Rover cyber attack (BBC) XWorm's Evolving Infection Chain: From Predictable to Deceptive (Trellix) GhostRedirector poisons Windows servers: Backdoors with a side of Potatoes (welivesecurity by ESET) CISA Flags TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 as Actively Exploited (The Cyber Security News)  US offers $10 million bounty for info on Russian FSB hackers (Bleeping Computer) Cutting Cyber Intelligence Undermines National Security (FDD) No, Google did not warn 2.5 billion Gmail users to reset passwords (Bleeping Computer) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Jaguar Land Rover suffers a major cyberattack. ICE gains access to a powerful spyware tool. Researchers find Fancy Bear snuffling around a new Outlook backdoor. Cloudflare and Palo Alto Networks confirm compromised Salesforce data. A researcher discovers an unsecured Navy Federal Credit Union (NFCU) server. A new ClickFix scam spreads MetaStealer malware. Specialty healthcare providers struggle to protect sensitive patient data.  CISA appoints a new Executive Assistant Director for Cybersecurity. On Afternoon Cyber Tea, Ann Johnson and Harvard's Amy Edmondson discuss how psychological safety helps cybersecurity teams speak up, spot risks, and learn from failure. Our guest today is Tim Starks from CyberScoop discussing China's reliance on domestic firms for hacking. Hackers threaten to feed stolen art to the machines. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Afternoon Cyber Tea On our Afternoon Cyber Tea segment, host Ann Johnson is joined by Amy Edmondson⁠, Harvard Business School professor and psychological safety pioneer. Together they discuss how creating psychologically safe environments allows teams, especially in high-pressure fields like cybersecurity, to speak up about early warnings, embrace the red, and learn from failure. You can listen to Ann and Amy's full conversation here and don't miss new episodes of Afternoon Cyber Tea every other Tuesday on your favorite podcast app. CyberWire Guest Our guest today is Tim Starks from CyberScoop discussing Top FBI official says Chinese reliance on domestic firms for hacking is a weakness. Selected Reading Jaguar Land Rover Operations ‘Severely Disrupted' by Cyberattack (Security Week) Ice obtains access to Israeli-made spyware that can hack phones and encrypted apps (The Guardian) Russian APT28 Expands Arsenal with 'NotDoor' Outlook Backdoor (Infosecurity Magazine) Cloudflare and Palo Alto Networks Victimized in Salesloft Drift Breach (Infosecurity Magazine) Misconfigured Server Leaks 378GB of Navy Federal Credit Union Files (Hack Read) Fake AnyDesk Installer Spreads MetaStealer Through ClickFix Scam (Hack Read) Hacks on Specialty Health Entities Affect Nearly 900,000 (Bank Infosecurity) Python-based infostealer ‘Inf0s3c' combines stealth with broad data theft (SC Media) CISA Names Nicholas Andersen as Executive Assistant Director for Cybersecurity (The Cyber Express) Hackers Threaten to Submit Artists' Data to AI Models If Art Site Doesn't Pay Up (404 Media) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Interesting Technique to Launch a Shellcode Xavier came across malware that PowerShell and the CallWindowProcA() API to launch code. https://isc.sans.edu/diary/Interesting%20Technique%20to%20Launch%20a%20Shellcode/32238 NX Compromised to Steal Wallets and Credentials The popular open source NX build package was compromised. Code was added that uses the help of AI tools like Claude and Gemini to steal credentials from affected systems https://semgrep.dev/blog/2025/security-alert-nx-compromised-to-steal-wallets-and-credentials/ Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed the Global Espionage System Several law enforcement and cybersecurity agencies worldwide collaborated to release a detailed report on the recent Volt Typhoon incident. https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-239a

A cyberattack disrupts state systems in Nevada. A China-linked threat actor targets Southeast Asian diplomats. A new attack method hides malicious prompts inside images processed by AI systems.Experts ponder preventing AI agents from going rogue. A new study finds AI is hitting entry-level jobs hardest. Michigan's Supreme Court upholds limits on cell phone searches. Sen. Wyden accuses the judiciary of cyber negligence. CISA issues an urgent alert on a critical Git vulnerability. Hackers target Maryland's transit services for the disabled. Our guest is Cristian Rodriguez, Field CTO for the Americas from CrowdStrike, examining the escalating three-front war in AI.  A neighborhood crime reporting app gets algorithmically sketchy. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Cristian Rodriguez, Field CTO, Americas from CrowdStrike, as he is examining the escalating three-front war in AI. Selected Reading  Cybercrime Government Leadership News News Briefs  Recorded Future Nevada state websites, phone lines knocked offline by cyberattack (The Record) Chinese UNC6384 Hackers Use Valid Code-Signing Certificates to Evade Detection (GB Hackers) New AI attack hides data-theft prompts in downscaled images (Bleeping Computer) How to stop AI agents going rogue (BBC) AI Makes It Harder for Entry-Level Coders to Find Jobs, Study Says (Bloomberg) Fourth Amendment Victory: Michigan Supreme Court Reins in Digital Device Fishing Expeditions (Electronic Frontier Foundation) Wyden calls for probe of federal judiciary data breaches, accusing it of ‘negligence' (The Record) CISA Alerts on Git Arbitrary File Write Flaw Actively Exploited (GB Hackers) Maryland investigating cyberattack impacting transit service for disabled people (The Record) Citizen Is Using AI to Generate Crime Alerts With No Human Review. It's Making a Lot of Mistakes (404 Media) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Farmers Insurance discloses a data breach affecting over a million people. Agentic AI tools fall for common scams. A new bill in Congress looks to revive letters of marque for the digital age. Cybercriminals target macOS users with the Shamos infostealer. New Android spyware masquerades as antivirus to target Russian business executives. CISA seeks public comments on SBOM updates. A major third party electronics manufacturer reports a ransomware attack. Salesforce patches multiple vulnerabilities in its Tableau products. Over 370,000 user Grok conversations were accidentally indexed by Google. Ben Yelin examines the UK's decision to drop digital backdoor requirements. WIRED gets duped by an AI author. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Ben Yelin from University of Maryland Center for Cyber Health and Hazard Strategies joins to discuss the U.K. dropping ‘back door' demand for Apple user data. Read the article Ben discusses. If you enjoyed this conversation and want to hear more from Ben, check out our Caveat podcast here. Selected Reading Farmers Insurance Data Breach Impacts Over 1 Million People (SecurityWeek) "Scamlexity": When Agentic AI Browsers Get Scammed (Guardio) Bill would give hackers letters of marque against US enemies (The Register) Fake macOS help sites push Shamos infostealer via ClickFix technique (Help Net Security) New Android malware poses as antivirus from Russian intelligence agency (Bleeping Computer) CISA Requests Public Feedback on Updated SBOM Guidance (SecurityWeek) Electronics manufacturer Data I/O reports ransomware attack to SEC (The Record) Salesforce patches multiple flaws in Tableau Server, at least one critical (Beyond Machines) 370,000 Grok AI chats leaked after being indexed on Google (Cyber Daily) How WIRED Got Rolled by an AI Freelancer (WIRED) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices