Podcasts about cyberwire

Feds take down major IoT botnets. The FBI seizes hacktivist infrastructure. A data breach hits Kaplan, while a hacker claims access to millions of law enforcement tips. Fake Zoom calls deliver malware. A crypto “security” tool turns out to be spyware. A critical AI framework flaw gets exploited in hours. An insider extortion case ends in conviction. And a streaming scam pulls in over $10 million. A look back at ten years of Cyberwire podcasts. Intern Kevin gets ready for RSAC. A cyberattack leaves breathalyzers offline.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Celebrating CyberWire Daily Maria Varmazis leads a conversation with Peter Kilpe and Dave Bittner reflecting on the origins of the CyberWire Daily podcast as part of the 10th anniversary series, sharing behind-the-scenes insights and how it all got started. CyberWire Guest Today we are joined by Intern Kevin—also known as Kevin Magee—as he gets ready for RSA Conference 2026 next week. Selected Reading Feds disrupt IoT botnets behind record-breaking DDoS attacks (The Register) FBI seizes Handala data leak site after Stryker cyberattack (Bleeping Computer) Kaplan North America Reports Data Breach Impacting Nearly 195,000 Individuals (Beyond Machines) Hacker says they compromised millions of confidential police tips held by US company (Reuters) Fake interactive Zoom call leads to malicious ScreenConnect download | news (SC Media) Crypto Scam "ShieldGuard" Dismantled After Malware Discovery (Infosecurity Magazine) Hackers Exploit Critical Langflow Bug in Just 20 Hours (Infosecurity Magazine) Ex-data analyst stole company data in $2.5M extortion scheme (Bleeping Computer) Musician admits to $10M streaming royalty fraud using AI bots (Bleeping Computer) Cyberattack leaves Maine drivers with breathalyzer test systems unable to start vehicles (WGME) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

DarkSword targets iPhones for indiscriminate exploitation. Cybercrime and the Iran war. The FBI confirms purchasing commercially available location data. The DHS secretary nominee gets grilled on CISA funding. A Zimbra Collaboration Suite vulnerability is being used in targeted espionage. A new Android malware targets sensitive data stored in user notes. AWS warns of ongoing Interlock ransomware activity. Tracking pixels grab more than they should. Perry Carpenter and Mason Amadeus from The FAIK Files podcast speak with Hany Farid about the real-world harms of synthetic media. Do Boomers balance breaches better?  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Perry Carpenter and Mason Amadeus, hosts of The FAIK Files podcast, speaking with Hany Farid about the real-world harms of synthetic media. Last week, the FAIK Files team sat down with Hany Farid -- digital forensics expert, professor at UC Berkeley, and co-founder of Get Real Security ( getrealsecurity.com ) -- to discuss deepfakes, authenticity metadata (C2PA), and forensic deepfake detection approaches. And here's a link to the youtube video:  https://www.youtube.com/watch?v=RSpmRb2O7Xc Selected Reading Hundreds of Millions of iPhones Can Be Hacked With a New Tool Found in the Wild (WIRED) Cybercrime has skyrocketed 245% since the start of the Iran war (The Register) CISA official says agency has not seen uptick in cyber threats amid Iran war (The Record) FBI is buying data that can be used to track people, Patel says (POLITICO) DHS nominee Mullin pressed on restoring CISA staffing (The Record) CISA Adds Exploited Zimbra Collaboration Suite Flaw to Warning List (GB Hackers) Russian hackers exploit Zimbra flaw to breach Ukrainian maritime agency (The Record) New ‘Perseus' Android malware checks user notes for secrets (Bleeping Computer) AWS Warns Hackers Have Abused Cisco Firewall Zero-Day Since January (Infosecurity Magazine) The Collection of Commercial Intelligence: TikTok & Meta Ad Pixels (Jscrambler) Forget Millennials: why those over 65 are the real cyber security pros (The Senior) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Iran's cyber ops stay resilient. U.S. lawmakers press Big Tech on EU rules. Researchers expose a Fancy Bear server. Japan moves toward offensive cyber. CISA calls for cross-agency teamwork. New malware targets network infrastructure. AI fooled by font-based attacks. Schneider Electric warns of critical flaws. Quantum cryptography earns top honors. Guest Bradon Rogers, Chief Customer Officer at Island, discusses making AI browsers safe for enterprises. Smart glasses on the witness stand. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, guest Bradon Rogers, Chief Customer Officer at Island, discusses making AI browsers safe for enterprises. You can dig into the details of what Bradon discussed in Gartner's “Cybersecurity Must Block AI Browsers for Now.” You can hear the full interview here. Selected Reading U.S Strikes Killed Iranian Cyber Chiefs, But The Hacks Continued (Forbes) US committee demands Big Tech share private comms with EU officials (POLITICO) FancyBear Exposed: Major OPSEC Blunder Inside Russian Espionage Ops (Ctrl-Alt-Intel) Japan to allow ‘proactive cyber-defense' from October 1st (The Register) CISA official advises agencies not to get too hung up on who takes lead in critical infrastructure sectors (CyberScoop) New Malware Highlights Increased Systematic Targeting of Network Infrastructure (Eclypsium) Poisoned Typeface: How Simple Font Rendering Poisons Every AI Assistant, And Only Microsoft Cares (LayerX) Schneider Electric Patches Critical RCE Vulnerability in SCADAPack RTUs (Beyond Machines) Turing Award Goes to Inventors of Quantum Cryptography (The New York Times) Witness Caught Using Smartglasses in Court Blames it all on ChatGPT (404 Media) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.   Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The EU imposes sanctions after cyberattacks. DHS boosts surveillance spending. AI firms recruit weapons-risk experts. Stryker disruption, no patient impact. LeakNet leans on ClickFix. Sears chatbot data spills. A Chinese security firm leaks a private key. Tech giants team up on scams. Teens sue xAI over alleged AI-generated abuse. On today's Threat Vector segment, David Moulton and guest Erica L. Shoemate, founder of The EN Strategy Group, explore how AI is fundamentally reshaping the security landscape. Cyber crooks cause a complimentary curbside convenience.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector What if the choices we make about AI security today determine who holds power tomorrow? On this Threat Vector segment, David Moulton and guest Erica L. Shoemate, founder of The EN Strategy Group, explore how AI is fundamentally reshaping the security landscape, from compressed decision-making timelines and asymmetric threat capabilities to the erosion of trust that creates strategic vulnerabilities. You can listen to David and Erica's full conversation here and catch new episodes of Threat Vector from Palo Alto Networks each Thursday on your favorite podcast app. Selected Reading EU Sanctions Iranian and Chinese Firms for Cyberattacks Against European Networks (TechNadu) DHS-built surveillance apparatus to surge in year ahead, documents show (FedScoop) AI firm Anthropic seeks weapons expert to stop users from 'misuse' (BBC) Stryker attack wiped tens of thousands of devices, no malware needed (Bleeping Computer) LeakNet ransomware uses ClickFix and Deno runtime for stealthy attacks (Bleeping Computer) Sears Exposed AI Chatbot Phone Calls and Text Chats to Anyone on the Web (WIRED) China's biggest cybersecurity firm accidentally leaked an SSL key in a public installer (Neowin) Google has signed the Industry Accord Against Online Scams and Fraud. (Google) Teenage girls sue Musk's xAI, accusing Grok tool of creating child sexual abuse material (The Guardian) Free parking in Russia after Distributed Denial-of-Service attack knocks city's parking system offline (Bitdefender) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Drone strikes hit a key chip supply chain. China-linked hackers target Southeast Asian militaries. Attackers race ahead with AI. ShinyHunters claim a massive Telus breach. Microsoft issues a hotpatch. Malware turns up on Steam. Fileless attacks grow. Airline miles become cybercrime currency. Monday business breakdown. Tim Starks from CyberScoop unpacks the Stryker attack and the nebulous nature of Iranian cyber activity. AI playmates puzzle preschoolers.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Tim Starks from CyberScoop discussing how the Stryker attack highlights the nebulous nature of Iranian cyber activity amid joint U.S.-Israel conflict. You can read more in Tim's article here.  Selected Reading Drone strikes halt a third of the world's helium supply, threatening chip production (TechSpot) China-Linked Hackers Hit Asian Militaries in Patient Espionage Operation (SecurityWeek) Attackers are exploiting AI faster than defenders can keep up, new report warns (CyberScoop) Telus Digital confirms breach after hacker claims 1 petabyte data theft (Bleeping Computer) Microsoft releases Windows 11 OOB hotpatch to fix RRAS RCE flaw (Bleeping Computer) The FBI is investigating malware hidden inside games hosted on Steam (TechCrunch) New XWorm 7.1 and Remcos RAT Attacks Abuse Windows Tools to Evade Detection (Hackread) Airline miles become underground currency in loyalty fraud schemes | brief (SC Media) Kevin Mandia-founded Armadin launches with $190 million. (N2K Pro Business Briefing) AI toys for young children need tighter rules, researchers warn (BBC News) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.   Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Europol dismantles the SocksEscort proxy service. Cyber operations highlight imbalance in the war in Iran. Google rushes Chrome zero-day patches. Veeam fixes critical backup flaws. A former incident responder faces ransomware charges. Thomson Reuters staff push back on an ICE contract. Attackers abuse backup tools for data theft. CISA flags a critical n8n vulnerability. Maria Varmazis is joined by Jack R. Bialik, engineer and author, to discuss the hidden risks of a fully-digital society, and talk about his book "In Lost in Time: Our Forgotten and Vanishing Knowledge." A Phony photo fuels a phantom flight fiasco. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest N2K CyberWire's Maria Varmazis is joined by Jack R. Bialik, engineer and author, to discuss the hidden risks of a fully-digital society, and talk about his book "In Lost in Time: Our Forgotten and Vanishing Knowledge." Selected Reading Europol and international partners disrupt ‘SocksEscort' proxy service - Joint operation targeted malicious proxy service exploiting residential routers worldwide (Europol) War in Iran – asymmetry in cyberspace (IISS) Google fixes two new Chrome zero-days exploited in attacks (Bleeping Computer)  Veeam warns of critical flaws exposing backup servers to RCE attacks (Bleeping Computer) Former Employee of Cybersecurity Companies Charged in ALPHV (BlackCat) Ransomware Extortion Case (TechNadu) They Don't Want Their Company's Surveillance Tool Used by ICE (The New York Times) Data Exfiltration and Threat Actor Infrastructure Exposed (Huntress) CISA adds n8n RCE flaw to list of known exploited vulnerabilities (SC Media) Cyber National Mission Force to get new commander amid broader leadership turnover (The Record) AI Used to Promote Non-Existent Evacuation Flights From the Middle East (Bellingcat) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.  Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Iran threatens tech firms as hackers strike Stryker. The EU advances efforts toward digital sovereignty. A foreign hacker stumbles upon the FBI's Epstein files. DOGE used ChatGPT to cull humanities grants. Meta claims increased efforts against scams. A Wisconsin ambulance provider discloses a data breach. CISA shortens the patch deadline for a critical SolarWinds vulnerability. We preview this year's RSAC 2026 Innovation Sandbox with Cecilia Marinier and Paul Kocher. Dangerous digital diets miss the mark.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, we share a RSAC 2026 Conference innovation preview with Cecilia Marinier and Innovation Sandbox judge Paul Kocher talking about this year's Top 10 Finalists. Selected Reading Iran-linked hackers claim responsibility for attack on US medical device maker Stryker (Reuters) 'Legitimate targets': Iran issues warning to US tech firms including Google, Amazon, Microsoft, Nvidia (The Times of India) Iranian trolls are flooding social media with pro-Tehran, anti-war propaganda (MS Now) Commission announces €75 million EURO-3C Project to build a federated Telco-Edge-Cloud infrastructure for digital sovereignty (European Commission) Hacker broke into FBI and compromised Epstein files, report says (TechCrunch) When DOGE Unleashed ChatGPT on the Humanities (The New York Times) Meta says it culled millions of scam ads amid accusations that it profits from them (The Record) Bell Ambulance Ransomware Attack Impacts Over 237,000 Individuals (Beyond Machines) CISA Mandates Emergency Patching for SolarWinds Web Help Desk Vulnerabilities (Beyond Machines) AI Chatbots Are Giving Teens Absolutely Terrible Diet Advice, Study Warns (Gizmodo) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Rudd takes the helm at NSA and Cyber Command. A watchdog probes alleged Social Security data mishandling. Patch Tuesday lands. Governments brace for cyber fallout from Iran. BeatBanker spreads via a fake Starlink app. InstallFix targets developers. ZombieZIP hides malware in archives. And DHS reassigns CBP officials in a FOIA secrecy dispute. Ben Yelin unpacks Anthropic's lawsuit against the Pentagon. AI eyewear leads to awkward exposures. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest today is Ben Yelin from University of Maryland Center for Cyber Health and Hazard Strategies and Caveat cohost talking about Anthropic suing the Pentagon. You can read more on the topic here.  Selected Reading Senate approves Joshua Rudd as dual-hat leader of Cyber Command, NSA (POLITICO) Whistleblower claims ex-DOGE member says he took Social Security data to new job (Washington Post) Microsoft Patches 83 Vulnerabilities (SecurityWeek) Adobe Patches 80 Vulnerabilities Across Eight Products (SecurityWeek) Fortinet, Ivanti, Intel Patch High-Severity Vulnerabilities (SecurityWeek) ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Schneider, Moxa, Mitsubishi Electric (SecurityWeek) Iran war will bring wave of 'low-level cyber activity,' says intelligence group (StateScoop) New BeatBanker Android malware poses as Starlink app to hijack devices (Bleeping Computer) Fake Claude Code install guides push infostealers in InstallFix attacks (Bleeping Computer) New 'Zombie ZIP' technique lets malware slip past security tools (Bleeping Computer) DHS Ousts CBP Privacy Officers Who Questioned ‘Illegal' Orders (WIRED) Meta sued over AI smart glasses' privacy concerns, after workers reviewed nudity, sex, and other footage (TechCrunch) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Russian hackers target Signal and WhatsApp. Permit scammers impersonate local officials. Anthropic sues over a Pentagon blacklist. The White House moves to restore fraud victims. ShinyHunters target Salesforce data. Ericsson reports a breach. macOS users face ClickFix malware. AWS credentials are phished. And CISA warns of an exploited Ivanti flaw. Our guest is Brian Baskin, Threat Researcher at Sublime Security, discussing tax season employee impersonation scams. Who fact-checks the fact-checkers?  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest today is Brian Baskin, Threat Researcher at Sublime Security, discussing how tax season employee impersonation scams are conducted and what to look out for as we prepare our returns. Selected Reading Russia targets Signal and WhatsApp accounts in cyber campaign (AIVD) FBI warns of phishing attacks impersonating US city, county officials (Bleeping Computer) Anthropic sues Trump administration over Pentagon blacklist (CNBC) White House floats Victims Restoration Program for millions affected by cyber fraud (The Record) CybercrimeHundreds of Salesforce Customers Allegedly Targeted in New Data Theft Campaign (SecurityWeek) Ericsson US discloses data breach after service provider hack (Bleeping Computer) Fake CleanMyMac Site Uses ClickFix Trick to Install SHub Stealer on macOS (Hackread) Behind the console: Active phishing campaign targeting AWS console credentials (Datadog Security Labs) CISA: Recently patched Ivanti EPM flaw now actively exploited (Bleeping Computer) AI fake-news detectors may look accurate but fail in real use, study finds (Tech Xplore) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.  Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Israel claims a strike on Iran's cyber warfare headquarters. The Trump administration releases a new national cyber strategy.  DHS shakes up its IT and cybersecurity leadership. Velvet Tempest uses ClickFix to drop loaders and RATs. Researchers uncover a Linux cryptocurrency clipboard hijacker. The DOJ brings a Ghanaian romance scammer to justice. Online advertising enables government tracking. Monday business breakdown. Our guest is Jon France, CISO from ISC2, sharing some insights and findings from their 2025 ISC2 Cybersecurity Workforce Study. An Apple II app gets audited by AI.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Joining us today is Jon France, CISO from ISC2, sharing some insights and findings from their 2025 ISC2 Cybersecurity Workforce Study. For further detail, you can also check out ISC2's just released Women in Cybersecurity report. Selected Reading Iranian cyber warfare HQ allegedly hit by Israel | brief (SC Media) Iran internet blackout reaches 6th day as rights groups call for end to digital shutdown (The Record) The long-awaited Trump cyber strategy has arrived (CyberScoop) DHS CISO, deputy CISO exit amid reported IT leadership overhaul (FedScoop) Termite ransomware breaches linked to ClickFix CastleRAT attacks (Bleeping Computer) ClipXDaemon: Autonomous X11 Clipboard Hijacker Delivered Via Bincrypter-Based Loader (Cyble) Ghanaian Pleads Guilty to Role in $100m Romance Scam (Infosecurity Magazine) The Government Uses Targeted Advertising to Track Your Location. Here's What We Need to Do. (Electronic Frontier Foundation) Zurich Insurance Group intends to acquire UK cyber insurer Beazley for approximately $11 billion. (N2K Pro Business Briefing) Microsoft Azure CTO says Claude found vulns in Apple II code (The Register) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.   Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Iran's MuddyWater breaches multiple U.S. organizations. The FBI probes a breach of wiretap management systems. A China-linked threat actor targets South American telecoms. Cisco patches critical firewall flaws. CISA flags actively exploited bugs in Hikvision cameras and Rockwell industrial systems. A House committee advances the controversial KIDS online safety bill. The FBI arrests a suspect accused of stealing millions in seized crypto from the U.S. Marshals Service. Ben Yelin and Ethan Cook unpack the dispute between Anthropic and the Pentagon. Wikimedia worm wreaks widespread wiki woes.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, we're bringing you a featured conversation from our Caveat podcast, where Ben Yelin sits down with N2K Lead Analyst Ethan Cook to unpack the fallout between the Pentagon and Anthropic, what led to the deal unraveling, and what it means as the government pivots to a similar AI contracting agreement with OpenAI. You can listen to their full conversation here and catch new episodes of Caveat featuring Dave and Ben every Thursday with special appearances by Ethan. Selected Reading Iranian APT Hacked US Airport, Bank, Software Company (SecurityWeek) Tech Giants, Washington Rally for Anthropic in Pentagon Feud (GovInfo Security) FBI investigates breach of surveillance and wiretap systems (Bleeping Computer) Chinese state hackers target telcos with new malware toolkit (Bleeping Computer) Cisco Patches 48 Firewall Vulnerabilities with Two CVSS 10 Flaws (Hackread) CISA Flags Hikvision Camera & Rockwell Logix Vulnerabilities as Actively Exploited (SOCRadar) House panel marks up kids digital safety act amid Democrat backlash (The Record) US contractor's son arrested over alleged $46M crypto theft (The Register) Wikipedia hit by self-propagating JavaScript worm that vandalized pages (Bleeping Computer) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Hacktivist activity surges in the Middle East. Defense tech firms distance themselves from Claude. International law enforcement take down the Leakbase cybercrime forum. A pair of Cisco SD-WAN vulnerabilities are under active exploitation. Google releases an urgent Chrome security update. Age-verification is put under the microscope. TikTok is leaving end-to-end encryption out of your DMs. Our guest is Daniel Barbu, Director of EMEA Security from Adobe, discussing fostering a human‑centered, enablement‑driven, and collaborative approach to AI. Clever code catches cardiac clues. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today on our Industry Voices segment, we are joined by ⁠Daniel Barbu⁠, Director of EMEA Security from ⁠Adobe⁠, discussing how fostering a human‑centered, enablement‑driven, and collaborative approach to AI through the security guild, trainings, and other initiatives. Tune into the full conversation here. Selected Reading Retaliatory Hacktivist DDoS Activity Following Operation Epic Fury/Roaring Lion (Radware) Threat Brief: March 2026 Escalation of Cyber Risk Related to Iran (Palo Alto Networks) Unit 42's Iran Threat Brief: What We're Seeing (Threat Vector podcast special edition by Palo Alto Networks) Defense tech companies are dropping Claude after Pentagon's Anthropic blacklist (NBC) Sen. Wyden Warns of Mass Surveillance Amid Pentagon's Fight With Anthropic (Gizmodo) Sprawling FBI, European operation takes down Leakbase cybercriminal forum (The Record) Cisco Warns of More Catalyst SD-WAN Flaws Exploited in the Wild (SecurityWeek)  Google Rolls Out Emergency Chrome Update to Patch 10 Critical Security Vulnerabilities (GB Hackers) Hackers Expose The Massive Surveillance Stack Hiding Inside Your “Age Verification” Check (Techdirt) TikTok says it won't encrypt DMs claiming it puts users at risk (BBC) WiFi signals can measure heart rate—no wearables needed - News (UCSC) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

A suspected U.S. exploit kit shows up in global iOS attacks. Facebook goes down briefly worldwide. A critical help-desk flaw enables remote code execution. Juniper PTX routers face a major bug. LastPass warns of phishing. Telegram becomes a cybercrime marketplace. Healthcare groups fight relaxed IT rules. A stolen Gemini API key runs up massive bills. CISA's CIO departs. Our guest is Brian Long, CEO and Co-Founder of Adaptive Security, discussing how AI is reshaping social engineering. The problem of posthumous profiles.  CyberWire Guest Today on our Industry Voices segment we are joined by Brian Long, CEO and Co-Founder of Adaptive Security, discussing how AI is reshaping social engineering. If you want to hear the full conversation, listen to it here. Selected Reading Possible U.S.-developed exploits linked to first known ‘mass' iOS attack (CyberScoop) Facebook accounts unavailable in worldwide outage (Bleeping Computer) Critical FreeScout Vulnerability Leads to Full Server Compromise (SecurityWeek) Juniper PTX Routers at Risk, Critical Takeover Flaw Disclosed (BankInfo Security) LastPass Warns of New Phishing Campaign (SecurityWeek) Telegram Increasingly Used to Sell Access, Malware and Stolen Logs Hackread) Groups Push Back on HHS' Proposed Health IT Rollbacks (BankInfo Security) Dev stunned by $82K Gemini API key bill after theft (The Register) CISA CIO Robert Costello exits agency (CyberScoop) Calls for Global Digital Estate Standard as Posthumous Deepfake Fraud Risk Grows (Infosecurity Magazine) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

News - N2K Networks

GPS jamming hits the Strait of Hormuz. An Iran linked threat actor uses AI to target Iraqi government officials. Hacktivists leak thousands of DHS contract records. A Hawaii cancer center suffers a data breach. Google patches over a hundred Android vulnerabilities. A new report tallies the scale of third party breaches. An MS-Agent AI framework flaw allows full system compromise. On today's Threat Vector segment, Evan Gordenker, Director of AI Security and DPRK Operations at Unit 42, joins David Moulton to unpack North Korea's hiring scams. Tire tech turns tattletale.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest North Korea has turned your hiring pipeline into a revenue machine. And most organizations have no idea. Evan Gordenker, Director of AI Security and DPRK Operations at Unit 42, joins David Moulton on today's Threat Vector segment to unpack how this operation actually works. Listen to their full conversation to get more detail and catch new episodes of Threat Vector every Thursday on your favorite podcast app. Selected Reading Attacks on GPS Spike Amid US and Israeli War on Iran (WIRED) Amazon: Drone strikes damaged AWS data centers in Middle East (Bleeping Computer) Iranian Cyber Threat Actor Targets Iraqi Government Officials in AI-Powered Campaign (Infosecurity Magazine) Hacktivists claim to have hacked Homeland Security to release ICE contract data (TechCrunch) UH Cancer Center data breach affects nearly 1.2 million people (Bleeping Computer) Android gets patches for Qualcomm zero-day exploited in attacks (Bleeping Computer) Chrome Gemini panel became privilege escalator for rogue extensions (The Register) Huge “Shadow Layer” of Organizations Hit by Supply Chain Attacks (Infosecurity Magazine) Vulnerability in MS-Agent AI Framework Can Allow Full System Compromise (SecurityWeek) Researchers Uncover Method to Track Cars via Tire Sensors (SecurityWeek) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Cyberwar shadows the US Israel attack on Iran. Hackers hijack Pakistani news broadcasts. President Trump orders all federal agencies to stop using AI technology from Anthropic. The Health Care Cybersecurity and Resiliency Act clears a hurdle. A new RAT streamlines double extortion attacks against Windows systems. CISA updates warnings on a zero-day targeting Ivanti Connect Secure devices. A North Korea-linked group targets air-gapped systems. Monday business breakdown. On our Afternoon Cyber Tea segment from Microsoft Security, host Ann Johnson speaks with Rob Suárez, Vice President and Chief Information Security Officer at CareFirst BlueCross BlueShield, about cybersecurity in healthcare. Tim Starks from CyberScoop has the latest goings on at CISA. Microsoft says the slop stops here.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Tim Starks from CyberScoop as he is discussing ongoing challenges at CISA. If you are interested in this topic, you can learn more here. Afternoon Cyber Tea On our Afternoon Cyber Tea segment from Microsoft Security, host Ann Johnson speaks with Rob Suárez, Vice President and Chief Information Security Officer at CareFirst BlueCross BlueShield, about cybersecurity in healthcare. You can hear the full conversation here, and catch new episodes of Afternoon Cyber Tea every other Tuesday on your favorite podcast app. Selected Reading US-Israel and Iran Trade Cyberattacks: Pro-West Hacks Cause Disruption as Tehran Retaliates (SecurityWeek) Western Cybersecurity Experts Brace for Iranian Reprisal (BankInfo Security) Pakistan's Top News Channels Hacked and Hijacked With Anti-Military Messages (Hackread) Anthropic confirms Claude is down in a worldwide outage (Bleeping Computer) Trump Orders Government to Stop Using Anthropic After Pentagon Standoff (New York Times) OpenAI Will Deploy AI in US Military Classified Networks (GovInfo Security) Senate Health Cyber Bill Clears Committee Hurdle (GovInfo Security) Double whammy: Steaelite RAT bundles data theft, ransomware (The Register) CISA warns that RESURGE malware can be dormant on Ivanti devices (Bleeping Computer) North Korean APT Targets Air-Gapped Systems in Recent Campaign (SecurityWeek) Astelia secures $35 million in combined seed and Series A funding. (N2K Pro Business Briefing) Microsoft gets tired of “Microslop,” bans the word on its Discord, then locks the server after backlash (Windows Latest) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA's acting director exits. Trump's pick to lead the NSA hits Senate headwinds. The Pentagon pressures Anthropic over AI guardrails. A new WiFi attack sidesteps encryption. CISA flags flaws in EV chargers. Juniper patches a critical router bug. ManoMano discloses a massive breach. Europol cracks down on The Com. Greece delivers verdicts in Predatorgate. An alleged carding kingpin lands in U.S. custody. Jeff Williams, Founder of OWASP and Co-Founder/CTO of Contrast Security, shares how NIST is rethinking its role in analyzing software vulnerabilities as EU launches GCVE. Meta's mischievous monocles meet their match.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we have Jeff Williams, Founder of OWASP and Co-Founder/CTO of Contrast Security, sharing how NIST is rethinking its role in analyzing software vulnerabilities as EU launches GCVE. If you enjoyed this conversation, you can hear the full interview over on the Caveat podcast. Selected Reading Gottumukkala out, Andersen in as acting CISA director (CyberScoop) Senator seeks to block Trump's NSA pick, citing civil liberties concerns (The Washington Post) Anthropic Refuses to Bend to Pentagon on AI Safeguards as Dispute Nears Deadline (SecurityWeek) New AirSnitch attack bypasses Wi-Fi encryption in homes, offices, and enterprises (Ars Technica) Critical Vulnerabilities in SWITCH EV Charging Platform Allow Station Impersonation (Beyond Machines) Juniper Networks PTX Routers Affected by Critical Vulnerability (SecurityWeek) 38 Million Allegedly Impacted by ManoMano Data Breach (SecurityWeek) ‘Project Compass' Cracks Down on ‘The Com': 30 Members Arrested (Infosecurity Magazine) Greek court sentences Predator spyware gang (POLITICO) Chilean Carding Shop Operator Extradited to US (SecurityWeek) This App Warns You if Someone Is Wearing Smart Glasses Nearby  (404 Media) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Five Eyes flags active exploitation of Cisco SD-WAN flaws. Ransomware incidents surge, but fewer victims are paying. The FTC eases its stance on COPPA to encourage age verification. Authorities in Poland and Germany charge 11 in a Facebook credential harvesting scheme. Top UK news outlets unite on AI licensing standards, as the UK touts gains in cyber resilience. Researchers say a hacker abused Anthropic's Claude to breach Mexican government networks. Gamers revolt over AI in game development. On our Industry Voices, we are joined by Linda Gray Martin, Chief of Staff and SVP, and Britta Glade, SVP of Content and Communities, from RSAC sharing what is new at RSAC 2026. In Moscow, a man is accused of impersonating an FSB officer to shake down the Conti ransomware gang.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today on our Industry Voices, we are joined by Linda Gray Martin, Chief of Staff and SVP, and Britta Glade, SVP of Content and Communities, from RSAC sharing what is new at RSAC 2026. Selected Reading Cisco SD-WAN Is Actively Exploited by UAT-8616, Five Eyes Alliance Agencies Issue Warning (TechNadu) Ransomware payments dropped in 2025 as attack numbers reached record levels: Chainalysis (The Record) FTC Softens Enforcement of Rule Protecting Children Online, Ostensibly to Protect Children Online (Gizmodo) Poland Cybercrime Unit Uncovers Scheme Stealing 100,000 Facebook Logins (The 420) UK news giants form 'NATO for news' group to control AI scraping (Press Gazette) Government cuts cyber-attack fix times by 84% and launches new profession to protect public services (GOV.UK) Hacker Used Anthropic's Claude to Steal Sensitive Mexican Data (Bloomberg) AI Mistakes Are Infuriating Gamers as Developers Seek Savings (Bloomberg) Moscow man accused of posing as FSB officer to extort Conti ransomware gang (The Record) AIs can't stop recommending nuclear strikes in war game simulations (New Scientist) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Trump tells diplomats to fight digital sovereignty. DeepSeek allegedly trains on banned Nvidia chips. Google knocks out Gallium. Hackers tamper with patient records in New Zealand. Popular mental health apps leak risk. Wynn confirms a ShinyHunters breach. Telecoms dodge New York cyber rules. Russia targets Telegram's founder. And a defense insider heads to prison for selling cyber weapons to Moscow. Andrew Dunbar, CISO of Shopify, discusses how identity and trust become the new perimeter and how commerce needs both. Barking backlash brews beneath big-game broadcast. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Andrew Dunbar, CISO of Shopify, to discuss how identity and trust become the new perimeter and how commerce needs both to be engineered into the platform. Selected Reading Exclusive: US orders diplomats to fight data sovereignty initiatives (Reuters) Exclusive: China's DeepSeek trained AI model on Nvidia's best chip despite US ban, official says (Reuters) Google disrupts Chinese-linked hackers that attacked 53 groups globally (Reuters) Patient data changed as major NZ health app MediMap hacked (RNZ News) Android mental health apps with 14.7M installs filled with security flaws (Bleeping Computer) Wynn Resorts Confirms Cyberattack & Extortion Threat, Claims Data Deleted (Casino.org) Verizon successfully dodged data security rules from state regulators (Times Union) Russia opens probe of Telegram chief, claiming app has been used for terrorism (Washington Post)  Former Defense Contractor Sentenced to 87 Months in Prison for Selling Secrets to Russia: Peter Williams Trade Secrets Case Concludes (TechNadu) $10,000 bounty offered if you can hack Ring cameras to stop them sharing your data with Amazon (Bitdefender) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

SolarWinds patches four critical remote code execution vulnerabilities. A ransomware attack on Conduant puts the data of over 25 million Americans at risk. RoguePilot enables Github repository takeovers. ZeroDayRat targets Android and iOS devices. North Korea's Lazarus group deploy Medusa ransomware against organizations in the U.S. and the Middle East. Attackers' breakout times drop to under half an hour.  CISA maintains its mission despite staffing challenges. Russian satellites draw fresh scrutiny. Two South Korean teenagers are charged with breaching Seoul's public bike service. Krishna Sai, CTO at SolarWinds, discusses why leaders should focus less on speculating about an AI bubble, and more on how to quantify AI's tangible contributions. The Pope pushes prayerful priests past predictable programs.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Krishna Sai, CTO at SolarWinds, discussing why leaders should focus less on speculating about an AI bubble, and more on how to quantify AI's tangible contributions. Selected Reading Critical SolarWinds Serv-U flaws offer root access to servers (Bleeping Computer) Massive Conduent Data Breach Exfiltrates 8 TB Affects Over 25 Million Americans (GB Hackers) GitHub Issues Abused in Copilot Attack Leading to Repository Takeover (SecurityWeek) New ZeroDayRAT Malware Claims Full Monitoring of Android and iOS Devices (Hackread) North Korean state hackers seen using Medusa ransomware in attacks on US, Middle East (The Record) CrowdStrike says attackers are moving through networks in under 30 minutes (CyberScoop) Shutdown at D.H.S. Extends to Cyber Agency, Adding to Setbacks (The New York Times) From Cold War interceptors to Ukraine: how Russia came to park spy satellites next to the West's most sensitive tech in orbit (Meduza) Korean cops charge two teens over Seoul bike hire breach (The Register) Pope tells priests to use their brains, not AI, to write homilies (EWTN News) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.  Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

A senior FBI cyber official warns Salt Typhoon remains an ongoing threat. Data protection authorities issue a joint statement raising serious concerns about AI image creation. A Japanese semiconductor equipment maker confirms a ransomware attack. New number formats seek to reduce AI overhead. A low-skilled Russian-speaking threat actor compromised more than 600 Fortinet FortiGate firewalls. Spanish authorities have arrested four alleged members of Anonymous. CISA tags a pair of Roundcube Webmail flaws. Cybersecurity stocks fell sharply on news of a new security feature in Claude AI. Monday business breakdown. Brandon Karpf, friend of the show discussing sovereignty in space and cyber. Digital disruption drains drumsticks. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today Dave sits down with Brandon Karpf, friend of the show, and Maria Varmazis, host of T-Minus, as they are discussing sovereignty in space and cyber. Selected Reading FBI: Threats from Salt Typhoon are ‘still very much ongoing' (CyberScoop) Joint Statement on AI-Generated Imagery and the Protection of Privacy (International Enforcement Cooperation Working Group (IEWG)) Japanese chip-testing toolmaker Advantest suffers ransomware attack (Help Net Security) AI's Math Tricks Don't Work for Scientific Computing (IEEE) Russian Cyber Threat Actor Uses GenAI to Compromise Fortinet Firewalls (Infosecurity Magazine) Suspected Anonymous members cuffed in Spain over DDoS attack (The Register) CISA: Recently patched RoundCube flaws now exploited in attacks (Bleeping Computer) Anthropic Unveils 'Claude Code Security,' Sending Cyber Stocks Lower (Bloomberg) RSAC Innovation Sandbox finalists secure $5 million each. (N2K Pro Business Briefing) Cyber attack takes major chicken processor Hazeldenes offline leaving businesses without meat (ABC News) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Dutch authorities warn Russia is escalating hybrid operations across Europe. Ransomware shuts down the University of Mississippi Medical Center. PayPal notifies customers of a data breach. The FBI says ATM jackpotting is on the rise. An FBI confidential informant had a hand in online fentanyl sales. TrustConnect malware masquerades as a legitimate remote monitoring and management tool. Researchers uncover the first Android malware to integrate generative AI. A critical zero-day hits Grandstream VOIP phones. The IRS slashes IT staff and technology executives. Our guest is James Turgal, a 22-year FBI vet and VP of global cyber risk and board relations at Optiv, discussing the latest wave of tax scams and IRS fraud. DOGE dudes deliver DEI deathblows. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by James Turgal, a 22-year FBI vet and VP of global cyber risk and board relations at Optiv, discussing the latest wave of tax scams and IRS fraud. Selected Reading Russia stepping up hybrid attacks, preparing for long standoff with West, Dutch intelligence warns (The Record) University of Mississippi Medical Center Suffers Cyberattack, Closes All Clinics, Cancels Services (Mississippi Free Press) PayPal discloses data breach that exposed user info for 6 months (Bleeping Computer) FBI: Over $20 million stolen in surge of ATM malware attacks in 2025 (Bleeping Computer) An FBI ‘Asset' Helped Run a Dark Web Site That Sold Fentanyl-Laced Drugs for Years (WIRED) (Don't) TrustConnect: It's a RAT in an RMM hat (Proofpoint US) PromptSpy ushers in the era of Android threats using GenAI (We Live Security) CVE-2026-2329: Critical Unauthenticated Stack Buffer Overflow in Grandstream GXP1600 VoIP Phones (FIXED) (Rapid 7) DOGE bites taxman (The Register) DOGE Bro's Grant Review Process Was Literally Just Asking ChatGPT ‘Is This DEI?' (Techdirt) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Starkiller represents a significant escalation in phishing infrastructure. A blockchain lender breach affects nearly a million users. The Kimwolf botnet disrupts a peer-to-peer privacy network. Researchers identifiy vulnerabilities in widely used Visual Studio Code extensions. DEF CON bans three men named in the Epstein files. Texas sues TP-Link over supply chain security. Experts question the impact of cyber versus kinetic damage in Venezuela. African law enforcement arrest hundreds of suspected scammers. Tim Starks from CyberScoop explains CISA's upcoming town hall meetings over ICS reporting rules. Warsaw walls off Wi-Fi-wired wheels.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Tim Starks from CyberScoop discussing “CISA to host industry feedback sessions on cyber incident reporting regulation.” Selected Reading Starkiller: New ‘Commercial-Grade' Phishing Kit Bypasses MFA (Infosecurity Magazine) Nearly 1 Million User Records Compromised in Figure Data Breach (SecurityWeek) Kimwolf Botnet Swamps Anonymity Network I2P (Krebs on Security) Flaws in Popular IDE Extensions Allow Data Exfiltration (Infosecurity Magazine) DEF CON bans three Epstein-linked men from future events (The Register) Texas sues TP-Link over Chinese hacking risks, user deception (Bleeping Computer) The Caracas operation suggests cyber was part of the plan – just not the whole operation (CyberScoop) Police arrests 651 suspects in African cybercrime crackdown (Bleeping Computer) Nigerian man gets eight years in prison for hacking tax firms (Bleeping Computer) Poland bans camera-packing cars made in China from military bases (The Register) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

A China-linked group exploits a critical Dell zero-day for 18 months. A Microsoft 365 Copilot bug risks sensitive email oversharing. A new Linux botnet leans on old-school IRC for command and control. Switzerland tightens critical infrastructure rules with mandatory cyber reporting. AstarionRAT emerges as a custom post-exploitation implant. Researchers find serious flaws in popular PDF platforms. A suspected Iranian-aligned campaign targets protest supporters. Notepad++ rolls out a “double-lock” update fix. And a Spanish court orders NordVPN and ProtonVPN to block illegal football streams. Our guest is Keith Mularski, Former FBI Special Agent and Chief Global Ambassador at Qintel, reflecting on the 25th anniversary of notorious spy Robert Hanssen's arrest. Dutch Defense flaunt F-35 firmware freedom.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Keith Mularski, Former FBI Special Agent and Chief Global Ambassador at Qintel, to talk about the 25th anniversary of Robert Hanssen's arrest. If you enjoyed Keith's conversation, you can hear more from him over on the Only Malware in the Building podcast. Selected Reading Chinese hackers exploited a Dell zero-day for 18 months before anyone noticed (CyberScoop)  Microsoft says bug causes Copilot to summarize confidential emails (Bleeping Computer) New Linux Botnet Discovered (Linux Magazine) Switzerland's NCSC boosts operational capabilities, mandates cyberattack reporting on critical infrastructure (Industrial Cyber) ClickFix Won't Die. Neither Will Matanbuchus. A New RAT and a Hands-on-Keyboard Intrusion (Huntress) Vulnerabilities in Popular PDF Platforms Allowed Account Takeover, Data Exfiltration (SecurityWeek) CRESCENTHARVEST: Iranian protestors and dissidents targeted in cyberespionage campaign (Acronis) Notepad++ boosts update security with ‘double-lock' mechanism (Bleeping Computer) Spain orders NordVPN, ProtonVPN to block LaLiga piracy sites (Bleeping Computer) Dutch defense chief: F-35s can be jailbroken like iPhones (The Register) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The government shutdown leaves CISA at reduced capacity. Ransomware and misconfigured AI threaten cyber-physical infrastructure. Operation DoppelBrand targets Fortune 500 financial and technology firms. Researchers uncover infostealers targeting OpenClaw AI. Identity-based attacks accounted for nearly two-thirds of initial intrusions last year. Researchers compromise popular cloud-based password managers. Authorities have arrested a man suspected of links to Phobos ransomware. Monday business breakdown. On Threat Vector, host David Moulton talks with Steve Elovitz about the 750 major breaches his team analyzed in a single year. Digital detour delivers a Dutchman to detention. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector On today's Threat Vector segment, David Moulton is joined by Steve Elovitz from Unit 42's North America consulting and incident response practice. After analyzing 750+ major breaches in a single year, he's seen exactly which security investments save companies and which ones fail when attackers strike. You can hear David and Steve's full conversation on Thursday's episode of Threat Vector and listen to new episodes each Thursday on your favorite podcast app. Selected Reading CISA Navigates DHS Shutdown With Reduced Staff (SecurityWeek) Significant Rise in Ransomware Attacks Targeting Industrial Operations (Infosecurity Magazine) A Misconfigured AI Could Trigger Infrastructure Collapse (BankInfo Security) Operation DoppelBrand Weaponizes Trusted Brands For Credential Theft (Infosecurity Magazine) Infostealer malware found stealing OpenClaw secrets for first time (Bleeping Computer) Unit 42: Nearly two-thirds of breaches now start with identity abuse (CyberScoop) Password Managers Vulnerable to Vault Compromise Under Malicious Server (SecurityWeek) Poland arrests suspect linked to Phobos ransomware operation (Bleeping Computer) Vega raises $120 million in a Series B round led by existing investor Accel (N2K Pro Business Briefing) Dutch police arrest man who refused to delete confidential files shared by mistake (The Record) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Global leaders call for collaboration at the Munich Cyber Security Conference. Phishing campaigns exploit fake video conference invitations. Italian authorities say cyber attacks on the Winter Olympics have met overall mitigation. AI reshapes the economics of ransomware attacks. CISA tags a critical Microsoft Configuration Manager vulnerability. Foxveil is a new malware loader targeting legitimate platforms. Researchers examine macOS infostealers. California fines Disney $2.75 million for violating the Consumer Privacy Act. Maria Varmazis, host of T-Minus space daily and CyberWire Producer Liz Stokes preview their coverage of the NATO Cyber Coalition 2025 Cyber Exercise in Tallinn, Estonia. When pull requests get personal. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Maria Varmazis, host of T-Minus space daily and CyberWire Producer Liz Stokes as they share  their coverage of the NATO Cyber Coalition 2025 Cyber Exercise in Tallinn, Estonia. Selected Reading US wants cyber partnerships to send ‘coordinated, strategic message' to adversaries (The Record)  Europe must adapt to ‘permanent' cyber and hybrid threats, Sweden warns (The Record)  Attackers Weaponize Signed RMM Tools via Zoom, Meet, & Teams Lures (Netskope) Winter Olympics 2026: Hacktivism Surges Ahead of Protests and Suspected Sabotage (Intel 471) How AI is and is Not Changing Ransomware (Halcyon) CISA flags critical Microsoft SCCM flaw as exploited in attacks (Bleeping Computer) Foxveil malware loader abuses Discord, Cloudflare, Netlify for staging (SC Media) AMOS infostealer targets macOS through a popular AI app (Bleeping Computer) California fines Disney $2.75 million for data privacy violations (The Record) An AI Agent Published a Hit Piece on Me (The Shamblog) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Malicious Chrome extensions pose as AI tools. Google says nation-states are increasingly abusing its Gemini artificial intelligence tool.  Data extortion group World Leaks deploys a new malware tool called RustyRocket. An Atlanta healthcare provider data breach affects over 625,000. Apple patches an iOS zero-day that's been around since version 1.0. A government shutdown would furlough more than half of CISA's staff. Dutch police arrest the alleged seller of the JokerOTP phishing automation service. Our guest is Simon Horswell, Senior Fraud Specialist at Entrust, discussing evolving romance scams for Valentine's Day. Fun with filters provides fuel for phishers.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Simon Horswell, Senior Fraud Specialist at Entrust, discussing evolving romance scams for Valentine's Day. If you enjoyed this conversation, tune into Hacking Humans to hear the full interview. Selected Reading Fake AI Chrome extensions with 300K users steal credentials, emails (Bleeping Computer) Nation-state hackers ramping up use of Gemini for target reconnaissance, malware coding, Google says (The Record) World Leaks Ransomware Adds Custom Malware ‘RustyRocket' to Attacks (Infosecurity Magazine) ApolloMD Data Breach Impacts 626,000 Individuals (SecurityWeek) Apple patches decade-old iOS zero-day exploited in the wild (The Register) CISA: DHS Funding Lapse Would Sideline Federal Cyber Staff (Gov Infosecurity) CISA Shares Lessons Learned from an Incident Response Engagement (CISA.gov) Police arrest seller of JokerOTP MFA passcode capturing tool (Bleeping Computer) What Can the AI Work Caricature Trend Teach Us About the Risks of Shadow AI? (Fortra) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Patch Tuesday. Preliminary findings from the European Commission come down on TikTok. Switzerland's military cancels its contract with Palantir. Social engineering leads to payroll fraud. Google hands over extensive personal data on a British student activist. Researchers unearth a global espionage operation called “The Shadow Campaigns.” Notepad's newest features could lead to remote code execution. Our guest is Hazel Cerra, Resident Agent in Charge of the Atlantic City Office for the United States Secret Service. Ring says it's all about dogs, but critics hear the whistle. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, we're joined by Hazel Cerra, Resident Agent in Charge of the Atlantic City Office for the United States Secret Service, as she discusses the evolution of the Secret Service's investigative mission—from its early focus on financial crimes such as counterfeit currency and credit card fraud to the growing challenges posed by cryptocurrency-related crime. Selected Reading Microsoft February 2026 Patch Tuesday Fixes 58 Vulnerabilities, Six actively Exploited Flaws (Beyond Machines) Adobe Releases February 2026 Patches for Multiple Products (Beyond Machines) ICS Patch Tuesday: Vulnerabilities Addressed by Siemens, Schneider, Aveva, Phoenix Contact (SecurityWeek) Chipmaker Patch Tuesday: Over 80 Vulnerabilities Addressed by Intel and AMD (SecurityWeek) Commission preliminarily finds TikTok's addictive design in breach of the Digital Services Act (European Commission) Palantir's Swiss Exit Highlights Global Data Sovereignty Challenge (NewsCase) Payroll pirates conned the help desk, stole employee's pay (The Register) Google Fulfilled ICE Subpoena Demanding Student Journalist's Bank and Credit Card Numbers (The Intercept) The Shadow Campaigns: Uncovering Global Espionage (Palo Alto Networks Unit 42) Notepad's new Markdown powers served with a side of RCE (The Register) With Ring, American Consumers Built a Surveillance Dragnet (404 Media) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

ZeroDayRAT delivers full mobile compromise on Android and iOS. The UK warns infrastructure operators to act now as severe cyber threats mount. Russia moves to block Telegram. The FTC draws a line on data sales to foreign adversaries. Researchers unpack DeadVax, a stealthy new malware campaign, while an old-school Linux botnet resurfaces. BeyondTrust fixes a critical flaw. And in AI, are we moving too fast? One mild training prompt may be enough to knock down safety guardrails. Our guest is Omer Akgul, Researcher at RSA Conference, discussing his work on "The Case for LLM Consistency Metrics in Cybersecurity (and Beyond)." A pair of penned pentesters provoke a pricey payout.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Omer Akgul, PhD, Researcher at RSA Conference, discussing his work on "The Case for LLM Consistency Metrics in Cybersecurity (and Beyond)." Selected Reading New ‘ZeroDayRAT' Spyware Kit Enables Total Compromise of iOS, Android Devices (SecurityWeek) NCSC Issues Warning Over “Severe” Cyber-Attacks Targeting Critical National Infrastructure (Infosecurity Magazine) Russian Watchdog Starts Limiting Access to Telegram, RBC Reports (Bloomberg) FTC Reminds Data Brokers of Their Obligations to Comply with PADFAA (FTC) Dead#Vax: Analyzing Multi-Stage VHD Delivery and Self-Parsing Batch Scripts to Deploy In-Memory Shellcode (secureonix) New ‘SSHStalker' Linux Botnet Uses Old Techniques (SecurityWeek) BeyondTrust Patches Critical RCE Vulnerability (SecurityWeek) Critics warn America's 'move fast' AI strategy could cost it the global market  (CyberScoop) Microsoft boffins figured out how to break LLM safety guardrails with one simple prompt (The Register) County pays $600,000 to pentesters it arrested for assessing courthouse security (Ars Technica) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Ivanti zero-days trigger emergency warnings around the globe. Singapore blames a China-linked spy crew for hitting all four major telcos. DHS opens a privacy probe into ICE surveillance. Researchers flag a zero-click RCE lurking in LLM workflows. Ransomware knocks local government payment systems offline in Florida and Texas. Chrome extensions get nosy with your URLs. BeyondTrust scrambles to patch a critical RCE. A Polish data breach suspect is caught eight years later. It's the Monday Business Breakdown. Ben Yelin gives us the 101 on subpoenas. And federal prosecutors say two Connecticut men bet big on fraud, and lost. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Ben Yelin, Program Director for Public Policy & External Affairs at the University of Maryland Center for Cyber Health and Hazard Strategies, talking about weaponized administrative subpoenas. Selected Reading EU, Dutch government announce hacks following Ivanti zero-days (The Record) Singapore says China-linked hackers targeted telecom providers in major spying campaign (The Record) Inspector General Investigating Whether ICE's Surveillance Tech Breaks the Law (404 Media) Critical 0-Click RCE Vulnerability in Claude Desktop Extensions Exposes 10,000+ Users to Remote Attacks (Cyber Security News)  Payment tech provider for Texas, Florida governments working with FBI to resolve ransomware attack (The Record) Chrome extensions can use unfixable time-channel to leak tab URLs (CyberInsider) BeyondTrust warns of critical RCE flaw in remote support software (Bleeping Computer) Hacker Poland's largest data leaks arrested (TVP World) LevelBlue will acquire MDR provider Alert Logic from Fortra. (N2K Pro Business Briefing) Men charged in FanDuel scheme fueled by thousands of stolen identities (Bleeping Computer) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA cracks down on aging edge devices. Congress looks to sure up energy sector security. DHS facial recognition software may fall short. Romania's national oil pipeline operator suffers a cyberattack. The European Commission may fine TikTok for being addictive. DKnife is a China-linked threat actor operating a long-running adversary-in-the-middle framework. Researchers say OpenClaw is being abused at scale. Our guest is Mike Carr, Field CTO at Xona, talking about how Italy should be thinking about protecting the 2026 Winter Olympics. A BASE jumper attempts a daring AI alibi. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Mike Carr, Field CTO at Xona, talking about how Italy should be thinking about protecting the 2026 Winter Olympics. Selected Reading CISA: Remove EOL edge kit before cybercriminals strike (The Register) 5 Bills to Boost Energy Sector Cyber Defenses Clear House Panel (SecurityWeek) ICE and CBP's Face-Recognition App Can't Actually Verify Who People Are (WIRED) Romania's oil pipeline operator confirms cyberattack as hackers claim data theft (The Record)  Flickr discloses potential data breach exposing users' names, emails (Bleeping Computer) 17% of 3rd-Party Add-Ons for OpenClaw Used in Crypto Theft and macOS Malware (Hackread) EU says TikTok faces large fine over "addictive design" (Bleeping Computer) 'DKnife' Implant Used by Chinese Threat Actor for Adversary-in-the-Middle Attacks (SecurityWeek) All gas, no brakes: Time to come to AI church (Talos Intelligence)  Man who videotaped himself BASE jumping in Yosemite arrested, federal officials say. He says it was AI (LA Times) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Cyber weapons knock out Iranian air defenses during strikes on nuclear sites. ShinyHunters dump more than a million stolen records from Harvard and Penn. Betterment confirms a breach exposing data from roughly 1.4 million accounts. Researchers uncover a sprawling scam network impersonating law firms. Italy blocks cyberattacks aimed at Olympics infrastructure. Critical bugs put n8n and Google Looker servers at risk of full takeover. A state-backed Shadow Campaign hits governments worldwide. OpenClaw shows how AI-powered attacks are becoming faster, cheaper, and harder to stop. Our guest is Tony Scott, CEO of Intrusion and former federal CIO, sharing his perspective on evolving regulation and the realities behind critical policy shifts. Your smartphone may testify against you. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest today comes as a segment from our Caveat podcast. Tony Scott, CEO of Intrusion and former federal CIO, joins Dave Bittner to share his perspective on evolving regulation and the realities behind critical policy shifts. You can listen to Tony and Dave's full conversation on this week's episode of Caveat, and catch new episodes of Caveat every Thursday on your favorite podcast app. Selected Reading Exclusive: US used cyber weapons to disrupt Iranian air defenses during 2025 strikes (The Record) Personal data stolen during Harvard and UPenn data breaches leaked online - over a million details, including emails, home addresses and more, all published (TechRadar) Data breach at fintech firm Betterment exposes 1.4 million accounts (Bleeping Computer) Researchers Expose Network of 150 Cloned Law Firm Websites in AI-Powered Scam Campaign (SecurityWeek) Italy Averted Russian-Linked Cyberattacks Targeting Winter Olympics Websites, Foreign Minister Says (SecurityWeek) n8n security woes roll on as new critical flaws bypass December fix (The Register) LookOut: Discovering RCE and Internal Access on Looker (Google Cloud & On-Prem) (Tenable) Cyberspy Group Hacked Governments and Critical Infrastructure in 37 Countries (SecurityWeek) The Rise of OpenClaw (SECURITY.COM) Smartphones Now Involved in Nearly Every Police Investigation (Infosecurity Magazine) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The White House preps a major overhaul of U.S. cybersecurity policy. A key Commerce security office loses staff as regulatory guardrails weaken. Lawmakers Press AT&T and Verizon after months of silence on Salt Typhoon. A vulnerability in the React Native Metro development server is under active exploitation. Amaranth Dragon leverages a WinRAR flaw. A coordinated reconnaissance campaign targets Citrix NetScaler infrastructure. CISA warns a SolarWinds Web Help Desk flaw is under active exploitation. Zach Edwards, Senior Threat Researcher at Silent Push, is discussing a hole in the kill chain leaving law enforcement empty-handed. Cops in Northern Ireland get an unwanted data breach encore.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Zach Edwards, Senior Threat Researcher at Silent Push, discussing a hole in the kill chain leaving law enforcement empty-handed. You can read more from Zach's team here. Selected Reading White House Cyber Director Charts New Course for Digital Defense Through Private Sector Partnership (Web Pro News) Another Misstep in U.S.-China Tech Security Policy (Lawfare) Cantwell claims telecoms blocked release of Salt Typhoon report (Cyberscoop) Hackers exploit critical React Native Metro bug to breach dev systems (Bleeping Computer) New Amaranth Dragon cyberespionage group exploits WinRAR flaw (Bleeping Computer) Wave of Citrix NetScaler scans use thousands of residential proxies (Bleeping Computer) Fresh SolarWinds Vulnerability Exploited in Attacks (SecurityWeek) ‘It defies belief': Names of PSNI officers published on court website in new breach (Belfast Telegraph) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

French police raid X's Paris offices. The Feds take over $400 million from a dark web cryptocurrency mixer. The NSA says zero-trust goes beyond authentication. Researchers warn of a multi-stage phishing campaign targeting Dropbox credentials. A new GlassWorn campaign targets macOS developers. Critical zero-day vulnerabilities in Ivanti Endpoint Manager Mobile are under active exploitation. Researchers disclose a major data exposure on Moltbook, a social network built for AI agents. States bridge the gaps in election security. Nitrogen ransomware has a fatal flaw that permanently destroys data. Supersize your passwords — you want fries with that? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector Aaron Isaksen leads AI Research and Engineering at Palo Alto Networks, where he advances state-of-the-art AI in cybersecurity while overseeing Cortex Xpanse's teams automating attack surface management across some of the world's largest networks. In this episode of Threat Vector, host David Moulton sits down with Dr. Aaron Isaksen to explore why engineering excellence must precede ethical AI debates, how adversarial AI is reshaping cybersecurity, and what it actually takes to build AI systems resilient enough to operate in hostile environments. Selected Reading French cops raid X's Paris office in algorithmic bias probe (The Register) US seizes over $400 million in assets from dark web money laundering operation Helix (SC Media) NSA Tells Feds: Zero Trust Must Go Beyond Login (GovInfo Security) New Password-Stealing Phishing Campaign Targets Corporate Dropbox Credentials (Infosecurity Magazine) New GlassWorm attack targets macOS via compromised OpenVSX extensions (Bleeping Computer) Ivanti Issues Urgent Fix for Critical Zero-Day Flaws Under Active Attack (Hackread) Vibe-Coded Moltbook Exposes User Data, API Keys and More (Infosecurity Magazine) As feds pull back, states look inward for election security support (CyberScoop) Nitrogen Ransomware: ESXi malware has a bug! (Coveware) McDonald's is not lovin' your bigmac, happymeal, and mcnuggets passwords (The Register) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Poland says weak security left parts of its power grid exposed. A Russian-linked hacker alliance threatens Denmark with a promised cyber offensive. Fancy Bear moves fast on a new Microsoft Office flaw, hitting Ukrainian and EU targets. Researchers find a sprawling supply chain attack buried in the ClawdBot AI ecosystem. A new report looks at how threats are shaping the work of journalists and security researchers. A stealthy Windows malware campaign blends Pulsar RAT with Stealerv37. A former Google engineer is convicted of stealing AI trade secrets for China. The latest cybersecurity funding and deal news. On our Afternoon Cyber Tea segment, Microsoft's Ann Johnson chats with Dr. Lorrie Cranor from Carnegie Mellon about security design. The AI dinosaur that knew too much.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Afternoon Cyber Tea Dr. Lorrie Cranor⁠, Director of the CyLab Security and Privacy Institute at Carnegie Mellon University joins Ann Johnson, Corporate Vice President, Microsoft, on this month's segment of Afternoon Cyber Tea to discuss the critical gap between security design and real-world usability. They explore why security tools often fail users, the ongoing challenges with passwords and password less authentication, and how privacy expectations have evolved in an era of constant data collection. You can listen to Ann and Lorrie's full conversation here, and catch new episodes Afternoon Cyber Tea every other Tuesday on your favorite podcast app. Selected Reading Russian hackers breached Polish power grid thanks to bad security, report says (TechCrunch) Newly Established Russian Hacker Alliance Threatens Denmark (Truesec) Fancy Bear Exploits Microsoft Office Flaw in Ukraine, EU Cyber-Attacks (Infosecurity Magazine) Notepad++ Hijacked by State-Sponsored Hackers (Notepad++) ClawdBot Skills Just Ganked Your Crypto (OpenSource Malware Blog) Under Pressure: Exploring the effect of legal and criminal threats on security researchers and journalists (DataBreaches.Net) Windows Malware Uses Pulsar RAT for Live Chats While Stealing Data (Hackread) U.S. convicts ex-Google engineer for sending AI tech data to China (Bleeping Computer) Upwind secures $250 million in a Series B round. (N2K Pro Business Briefing)  Don't Buy Internet-Connected Toys For Your Kids (Blackout VPN) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

A popular chatbot exposes millions of private user messages. The White House rescinds Biden-era federal software security guidance. A senior Secret Service official urges more scrutiny of domain registration. The President's NSA pick champions section 702. France looks to reduce reliance on U.S. digital infrastructure. CISA shares guidance on insider threats. Hugging Face infrastructure was abused to distribute an Android RAT. Ivanti discloses a pair of critical zero-days. Popular dating sites suffer a data breach. Our guest is Tim Starks from CyberScoop, discussing how the US looks to push its view of AI cybersecurity standards to the rest of the world. The Nobel Committee blames hackers for a spoiler alert.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Tim Starks from CyberScoop discussing how the US looks to push its view of AI cybersecurity standards to the rest of the world. You can read Tim's coverage here.  Selected Reading Massive AI Chat App Leaked Millions of Users Private Conversations (404 Media) White House Scraps 'Burdensome' Software Security Rules (SecurityWeek) The 'staggering' cybersecurity weakness that isn't getting enough focus, according to a top Secret Service official (CyberScoop) NSA pick champions foreign spying law as nomination advances (The Record) French Government To Replace Zoom and Teams With Visio, a Local Alternative (The New York Times) CISA Urges Critical Infrastructure Organizations to Take Action Against Insider Threats (HSToday) Hugging Face Abused to Deploy Android RAT (SecurityWeek) Ivanti warns of two EPMM flaws exploited in zero-day attacks (Bleeping Computer) Match Group breach exposes data from Hinge, Tinder, OkCupid, and Match (Bleeping Computer) Nobel Hacking Likely Leaked Peace Prize Winner Name, Probe Finds (Bloomberg) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.  Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Google dismantles a huge residential proxy network. Did the FBI take down the notorious RAMP cybercrime forum? A long running North Korea backed cyber operation has splintered into three specialized threat groups. U.S. military cyber operators carried out a covert operation to disrupt Russian troll networks ahead of the 2024 elections. Phishing campaigns target journalists using the Signal app. SolarWinds patches vulnerabilities in its Web Help Desk product. Amazon found CSAM in its AI training data. Initial access brokers switch up their preferred bot. China executes scam center kingpins. Our guest is Tom Pace, CEO of NetRise, explaining how open-source vulnerabilities are opening doors for nation-states.  An unsecured webcam peers into Pyongyang.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, Tom Pace, former DOE cyber analyst and CEO of NetRise, joins the show to explain how open-source vulnerabilities are opening doors for nation-states and why visibility into who maintains code repositories matters. Selected Reading Google Disrupted World's Largest IPIDEA Residential Proxy Network (Cyber Security News) Notorious Russia-based RAMP cybercrime forum apparently seized by FBI (The Record) Long-running North Korea threat group splits into 3 distinct operations (CyberScoop) Secret US cyber operations shielded 2024 election from foreign trolls, but now the Trump admin has gutted protections (CNN Politics) Phishing attack: Numerous journalists targeted in attack via Signal Messenger (Netzpolitik.org) Signal president warns AI agents are making encryption irrelevant (Cyber Insider) SolarWinds Patches Critical Web Help Desk Vulnerabilities (SecurityWeek)  Amazon Found ‘High Volume' Of Child Sex Abuse Material in AI Training Data (Bloomberg) Initial access hackers switch to Tsundere Bot for ransomware attacks (Bleeping Computer) China Executes 11 People Linked to Cyberscam Centers in Myanmar   (Bloomberg) North Korean Hackers' Daily Life Leaked in Video (The Chosun) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA's interim director uploaded sensitive government material into the public version of ChatGPT. The cyberattack on Poland's power grid compromised roughly 30 energy facilities. The EU and India sign a new partnership that includes expanded cyber cooperation. Meta rolls out enhanced WhatsApp security features. Researchers uncover a campaign targeting LLM service endpoints. Fortinet and OpenSSL patch multiple vulnerabilities. A high-severity WinRAR vulnerability continues to see widespread exploitation six months after it was patched. The SoundCloud data breach affected nearly 30 million users. Ben Yelin explains the California lawsuit accusing social media platforms of harming kids. A Spanish resort town gets hit with low-rent ransomware.   Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, Dave is joined by his Caveat co-host Ben Yelin, Program Director for Public Policy & External Affairs at the University of Maryland Center for Cyber Health and Hazard Strategies, to discuss the upcoming trial where Meta and YouTube will make their case against accusations of social media being harmful to children. You can learn more here.  T-Minus Guest Host Our T-Minus Space Daily podcast team is in Orlando, FL this week covering Commercial Space Week. Yesterday while the crew was on travel making their way to the event, Dave Bittner took his first spin behind the mic on T-Minus. Tune in and let us know how Dave did! You can follow along with host Maria Varmazis and producers Alice Carruth and Liz Stokes for event coverage via our LinkedIn profile. Selected Reading Trump's acting cyber chief uploaded sensitive files into a public version of ChatGPT (POLITICO) Cyberattack on Poland's power grid hit around 30 energy facilities, new report says (The Record) Europe/India • Indian 'hackers for hire' to continue to thrive under Brussels-New Dehli trade deal (Intelligence Online) New WhatsApp lockdown feature protects high-risk users from hackers (Bleeping Computer) Hackers hijack exposed LLM endpoints in Bizarre Bazaar operation (Bleeping Computer) Fortinet Patches Exploited FortiCloud SSO Authentication Bypass (SecurityWeek) High-Severity Remote Code Execution Vulnerability Patched in OpenSSL (SecurityWeek) Cybercriminals and nation-state groups are exploiting a six-month old WinRAR defect (CyberScoop) SoundCloud breach added to HIBP, 29.8 million accounts exposed (CyberInsider) Spanish municipality Sanxenxo City Council calls hackers bluff as malware takes over network (Cryptopolitan) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.  Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Microsoft rushes an emergency fix for an actively exploited Office zero-day. A suspected cyberattack halts rail service in Spain. The FBI probes Signal chats in Minnesota. The UK moves to overhaul policing for the cyber age. Romania investigates a hitman-for-hire site. A UK court awards $4.1 million in a Saudi spyware case. Google agrees to a voice assistant settlement. CISA maps post-quantum crypto readiness. Prosecutors charge an Illinois man over a Snapchat hacking scheme targeting hundreds of women. Our guest today is Cynthia Kaiser, SVP of the Ransomware Research Center at Halcyon, sharing some insight into the AI and quantum threats to cybersecurity and the national cyber strategy. A Best Buy guy tries a creative alibi.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest today is Cynthia Kaiser, SVP of the Ransomware Research Center at Halcyon, sharing some insight into the AI and quantum threats to cybersecurity and the national cyber strategy. Selected Reading Microsoft Issues Emergency Patch for Actively Exploited Office Zero-Day (Beyond Machines) Catalonia travel chaos: thousands stranded as suspected cyber attack disrupts rail network (The Olive Press)  FBI is investigating Minnesota Signal groups tracking ICE, Patel says (NBC News) UK plans sweeping overhaul of policing amid surge in online crimes (The Record) Romania probes two suspects over alleged hitman-for-hire website (The Record) Judge awards British critic of Saudis $4.1 million, finds the regime hacked his devices (The Record) Google to pay $68 million over allegations its voice assistant eavesdropped on users (CBS News) CISA releases technology readiness list for post-quantum cryptography (CSO Online) Illinois man charged with hacking Snapchat accounts to steal nude photos (Bleeping Computer) Savannah BSavannah Best Buy employee says 'hacker group' blackmailed him into theft ring scheme (WJCL 22) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.   Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Microsoft granted the FBI access to laptops encrypted with BitLocker. The EU opens an investigation into Grok's creation of sexually explicit images. Glimmers of access pierce Iran's internet blackout. Koi Security warns npm fixes fall short against PackageGate exploits. Some Windows 11 devices fail to boot after installing the January Patch Tuesday updates. CISA warns of active exploitation of  multiple vulnerabilities across widely used enterprise and developer software. ESET researchers have attributed the cyberattack on Poland's energy sector to Russia's Sandworm. This week's business breakdown. Brandon Karpf joins us to talk space and cyber. CISA sits out RSAC.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest today is cybersecurity executive and friend of the show Brandon Karpf with Dave Bittner and T-Minus Space Daily host Maria Varmazis, for our monthly space and cyber segment. Brandon, Maria and Dave discuss “No more free rides: it's time to pay for space safety.” Selected Reading FBI Accessed Windows Laptops After Microsoft Shared BitLocker Recovery Keys (Hackread) European Commission opens new investigation into X's Grok (The Register) Amid Two-Week Internet Blackout, Some Iranians Are Getting Back Online (New York Times) Hackers can bypass npm's Shai-Hulud defenses via Git dependencies (Bleeping Computer) Microsoft investigates Windows 11 boot failures after January updates (Bleeping Computer) CISA says critical VMware RCE flaw now actively exploited (Bleeping Computer) CISA confirms active exploitation of four enterprise software bugs (Bleeping Computer) ESET Research: Sandworm behind cyberattack on Poland's power grid in late 2025 (ESET)  Aikido secures $60 million in Series B funding. (N2K Pro Business Briefing) CISA won't attend infosec industry's biggest conference (The Register) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.   Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

At long last, a TikTok deal. Officials urge lawmakers to keep an eye on the quantum ball. Fortinet confirms active exploitation of a critical authentication bypass flaw. Ireland plans to authorize spyware for law enforcement. Okta warns customers of sophisticated vishing kits. Under Armour investigates data breach claims. CISA adds a Zimbra Collaboration Suite flaw to the known exploited vulnerabilities list. Poor OpSec enables recovery of data stolen by the INC ransomware gang. The DOJ deports a pair of Venezuelans convicted of ATM jackpotting. Our guest is Chris Nyhuis, Founder and CEO of Vigilant, sharing practical steps to protect money, identity, and devices.  Curl pulls the plug on bug bounties after drowning in AI slop. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Chris Nyhuis, Founder and CEO of Vigilant, sharing "practical steps consumers can take in 2026 to protect their money, identity, and devices." Selected Reading TikTok Strikes Deal to Create New U.S. Entity and Loosen App's Ties to China (New York Times) US Officials Urge Congress to Reauthorize Key Quantum Law (BankInfo Security) Fortinet confirms critical FortiCloud auth bypass not fully patched (Bleeping Computer) Ireland plans law allowing law enforcement to use spyware (The Record) Okta SSO accounts targeted in vishing-based data theft attacks (Bleeping Computer) Under Armour Investigates Data Breach (Infosecurity Magazine) Organizations Warned of Exploited Zimbra Collaboration Vulnerability  (SecurityWeek) INC ransomware opsec fail allowed data recovery for 12 US orgs (Bleeping Computer) 2 Venezuelans Convicted in US for Using Malware to Hack ATMs (SecurityWeek) Curl ending bug bounty program after flood of AI slop reports (Bleeping Computer) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA's acting director assures Congress the agency has “stabilized”. Google and Cisco patch critical vulnerabilities. Fortinet firewalls are being hit by automated attacks that create rogue accounts. A global spam campaign leverages unsecured Zendesk support systems. LastPass warns of attempted account takeovers. Greek authorities make arrests in a sophisticated fake cell tower scam. Executives at Davos express concerns over AI. Pwn2Own Automotive proves profitable. Our guest is Kaushik Devireddy, AI data scientist at Fable Security, with insights on a fake ChatGPT installer. New password, same as the old password.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Kaushik Devireddy, AI data scientist at Fable Security, discussing their work on "How a fake ChatGPT installer tried to steal my password". Selected Reading CISA Is 'Trying to Get Back on Its Mission' After Trump Cuts (CISA) Google Patches High-Severity V8 Race Condition in Chrome 144 published: today (Beyond Machines) Cisco Patches Actively Exploited Flaw in Unified Communications Products (Beyond Machines) Hackers breach Fortinet FortiGate devices, steal firewall configs (Bleeping Computer) Zendesk ticket systems hijacked in massive global spam wave (Bleeping Computer) LastPass Warns of Phishing Campaign Attempting to Steal Master Passwords (Infosecurity Magazine) Greek Police Arrest Scammers in Athens Using Fake Cell Tower for SMS Phishing Operation (TechNadu) Execs at Davos say AI's biggest problem isn't hype — it's security (Business Insider) Hackers exploit 29 zero-days on second day of Pwn2Own Automotive (Bleeping Computer) Analysis of 6 Billion Passwords Shows Stagnant User Behavior (SecurityWeek) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

DOGE staff face scrutiny over possible Hatch Act violations. GitLab fixes a serious 2FA bypass. North Korean hackers target macOS developers through Visual Studio Code. Researchers say the VoidLink malware may be largely AI-built. MITRE rolls out a new embedded systems threat matrix. Oracle drops a massive patch update. Minnesota DHS reports a breach affecting 300,000 people. Germany looks to Israel for cyber defense lessons. A major illicit marketplace goes dark. Our guest is Ashley Jess, Senior Intelligence Analyst from Intel 471, with a “crash course” on underground cyber markets. And auditors emerge as an unlikely line of cyber defense. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we have Ashley Jess, Senior Intelligence Analyst from Intel 471, sharing a “crash course” on how underground cyber markets and emerging trends. Selected Reading Trump administration concedes DOGE team may have misused Social Security data (POLITICO) GitLab warns of high-severity 2FA bypass, denial-of-service flaws (Bleeping Computer) North Korean Hackers Target macOS Developers via Malicious VS Code Projects (SecurityWeek) Voidlink Linux Malware Was Built Using an AI Agent, Researchers Reveal (Infosecurity Magazine) MITRE Launches New Security Framework for Embedded Systems (SecurityWeek) Oracle's First 2026 CPU Delivers 337 New Security Patches (SecurityWeek) Minnesota Agency Notifies 304,000 of Vendor Breach (GovInfo Security) Germany and Israel Pledge Cybersecurity Alliance (BankInfo Security) $12B Scam Market Tudou Guarantee Shuts Down (GovInfo Security) Research reveals a surprising line of defence against cyber attacks: accountants (The Conversation) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Authorities pursue Black Basta. British authorities launch a new national service to fight fraud and cybercrime. LinkedIn private messages get infected with RATs. Researchers uncover a new malicious extension that intentionally crashes the browser. Ingram Micro discloses a ransomware-related data breach. A Jordanian man pleads guilty to selling stolen access to corporate networks. Business Breakdown. Tim Starks from CyberScoop discusses Sean Plankey's renomination to lead CISA.  Grave oversight in the funeral biz.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Tim Starks from CyberScoop as he is discussing Sean Plankey's renomination to lead CISA. You can use Tim's take on it here.   Selected Reading Police raid homes of alleged Black Basta hackers, hunt suspected Russian ringleader (The Record) UK launches landmark 'Report Fraud' service to tackle cybercrime and fraud (The Record) Linkedin Phishing Campaign Exploits Open-Source Pen Testing Tool to Compromise Business Execs (Infosecurity Magazine) Fake ad blocker extension crashes the browser for ClickFix attacks (Bleeping Computer) Ingram Micro reveals ransomware attack hit 42,000 people - here's how to find out more (TechRadar) Jordanian Man Pleads Fake ad blocker extension crashes the browser for ClickFix attacksGuilty to Selling Stolen Logins for 50 Companies (Hackread) CrowdStrike agrees to acquire SGNL for $740 million and Seraphic for $420 million. (N2K Pro) Exclusive: Funeral Industry Faces Security Gaps as Top Firms Lack Key Certifications (The Chosun Daily) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

While our team is observing the Martin Luther King, Jr. holiday in the United States, please enjoy this CyberWire-X episode featuring the team from Horizon3.ai. In this CyberWire-X episode, Dave Bittner speaks with Horizon3.ai co-founder and CEO Snehal Antani about how continuous autonomous penetration testing is reshaping security resilience. Antani reflects on his journey from CIO to DoD operator, where he learned that the hardest part of security isn't patching — it's prioritizing what matters and proving defenses work before attackers do. He explains why vulnerability scans fall short, how “AI hackers” simulate adversary behavior at machine speed, and why organizations must shift from compliance thinking to attacker-centric validation. Antani shares real-world findings, warns of 77-second domain compromise, and predicts a future of AI fighting AI, with humans by exception. Resources: Whitepaper: NodeZero® for Pentesters and Red Teams Whitepaper: Traditional vs. Autonomous: Why NodeZero® is the Future of Cyber Risk Assessments Learn more about your ad choices. Visit megaphone.fm/adchoices

Who turned out the lights in Venezuela? The European Space Agency confirms a series of cyberattacks. Dutch police nab the alleged operator of a notorious malware testing service. The U.S. and allies issue new guidance on OT security. Researchers warn of automated exploitation of a critical Hewlett-Packard Enterprise OneView flaw. TamperedChef cooks up trojanized PDF documents to deliver backdoor malware. A bluetooth vulnerability puts devices at risk. Cisco patches a maximum-severity zero-day exploited since November. Jen Easterly heads up RSAC. Our guest is Zak Kassas from Ohio State University, discussing GPS alternatives. Vintage phones face modern problems. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today Maria Varmazis from T-Minus pace sits down with Zak Kassas from the Ohio State University to discuss the study “Navigating the Arctic Circle with Starlink and OneWeb LEO Satellites”.This conversation is a preview of tomorrow's Deep Space episode from T-Minus Space Daily. Selected Reading Cyberattack in Venezuela Demonstrated Precision of U.S. Capabilities (The New York Times) Sensitive European Space Agency Data Leaked to the Dark Web by String of Cyberattacks (IBTimes UK) Operation Endgame: Dutch Police Arrest Alleged AVCheck Operator (Hackread) CISA, Allies Sound Alarm on OT Network Exposure (GovInfo Security) RondoDox botnet exploits critical HPE OneView bug (The Register) TamperedChef Malvertising Campaign Drops Malware via Fake PDF Manuals (Infosecurity Magazine) WhisperPair Attack Leaves Millions of Bluetooth Accessories Open to Hijacking (SecurityWeek) Cisco finally fixes AsyncOS zero-day exploited since November (Bleeping Computer) Former CISA Director Jen Easterly Appointed CEO of RSAC (SecurityWeek) iPhone 4 makes comeback — but experts warn of security risks (New York Post) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Verizon hit by a major wireless outage. Poland blocks an attack on its power grid. A massive database of French citizens exposed. Microsoft shuts down a cybercrime-as-a-service operation. The UK backs away from digital ID plans. California probes Grok deepfakes. The FTC settles with GM over location data. Palo Alto Networks patches a serious firewall flaw. Plus, John Serafini of HawkEye on modern signals intelligence, and federal agents seize devices from a Washington Post reporter. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today Maria Varmazis sits down with John Serafini, Founder and CEO of Hawkeye 360, on T-Minus to discuss commercial signals intelligence, advanced RF signal processing, and Hawkeye 360's recent acquisition of Innovative Signal Analysis alongside its Series E funding. To hear the full conversation, check out the episode on T-Minus. Selected Reading Verizon Says Service Restored After Thousands Affected by Outage (Bloomberg) Poland says it repelled major cyberattack on power grid, blames Russia (The Record) Massive breach leaks 45 million French records: demographic, healthcare, and financial data all leaked, here's what we know (TechRadar) Criminal Subscription Service Behind AI-Powered Cyber-Attacks Taken Out By Microsoft (Infosecurity Magazine) Government drops plans for mandatory digital ID to work in UK (BBC News) Attorney General Bonta Launches Investigation into xAI, Grok Over Undressed, Sexual AI Images of Women and Children | State of California (Department of Justice) FTC bans GM from selling drivers' location data for five years (Bleeping Computer) Palo Alto Networks warns of DoS bug letting hackers disable firewalls (Bleeping Computer) FBI executes search warrant at Washington Post reporter's home (Washington Post) US cargo tech company publicly exposed its shipping systems and customer data to the web (TechCrunch) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Patch Tuesday fallout, China sidelines Western security vendors, and a critical flaw puts industrial switches at risk of remote takeover. A ransomware attack disrupts a Belgian hospital, crypto scams hit investment clients, and Eurail discloses a data breach. Analysts press Congress to go on offense in cyberspace, and Sean Plankey gets another shot at leading CISA. In our Threat Vector segment, David Moulton sits down with Ian Swanson, AI Security Leader at Palo Alto Networks about supply chain security. And, an AI risk assessment cites a football match that never happened. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector Segment AI security is no longer optional, it's urgent. In this segment of Threat Vector, David Moulton sits down with Ian Swanson, former CEO of Protect AI and now the AI Security Leader at Palo Alto Networks. Ian shares how securing the AI supply chain has become the next frontier in cybersecurity and why every enterprise building or integrating AI needs to treat it like any other software pipeline—rife with dependencies, blind spots, and adversaries ready to exploit them. You can catch the full conversation here and listen to new episodes of Threat Vector every Thursday on your favorite podcast app. Selected Reading Patch Tuesday, January 2026 Edition (Krebs on Security) Adobe Patches Critical Apache Tika Bug in ColdFusion (SecurityWeek) Chrome 144, Firefox 147 Patch High-Severity Vulnerabilities (SecurityWeek) Fortinet Patches Critical Vulnerabilities in FortiFone, FortiSIEM (SecurityWeek) Exclusive: Beijing tells Chinese firms to stop using US and Israeli cybersecurity software, sources say (Reuters) Critical OpenSSH flaw exposes Moxa industrial switches to remote takeover (Beyond Machines) Cyberattack forces Belgian hospital to transfer critical care patients (The Record) Betterment confirms data breach after wave of crypto scam emails (Bleeping Computer) Passports, bank details compromised in Eurail data breach (The Register) Lawmakers Urged to Let US Take on 'Offensive' Cyber Role (Bank InfoSecurity) Sean Plankey re-nominated to lead CISA (CyberScoop) Police chief admits misleading MPs after AI used in justification for banning Maccabi Tel Aviv fans (BBC News) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Stolen Target source code looks real. CISA pulls the plug on Gogs. SAP rushes patches for critical flaws. A suspected Russian spy emerges in Sweden, while Cloudflare threatens to walk away from Italy. Researchers flag a Wi-Fi chipset bug, a long-running Magecart skimming campaign, and a surge in browser-in-the-browser phishing against Facebook users. Mandiant releases a new Salesforce defense tool, and NIST asks how to secure agentic AI before it secures itself. Our guests are Christine Blake and Madison Farabaugh from Inside the Media Minds. Plus, a Dutch court says seven years is still the going rate for a USB-powered cocaine plot. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Christine Blake and Madison Farabaugh from W2 Communications and hosts of Inside the Media Minds podcast on their show joining the N2K CyberWire network. You can listen to the latest episode of Inside the Media Minds today and catch new installments every month on your favorite podcast app. Selected Reading Target employees confirm leaked code after ‘accelerated' Git lockdown (Bleeping Computer) Fed agencies urged to ditch Gogs as zero-day makes CISA list (The Register) SAP's January 2026 Security Updates Patch Critical Vulnerabilities (SecurityWeek) Sweden detains ex-military IT consultant suspected of spying for Russia (The Record) Cloudflare CEO threatens to pull out of Italy  (The Register) One Simple Trick to Knock Out the Wi-Fi Network (GovInfo Security) Google's Mandiant releases free Salesforce access control checker (iTnews) Global Magecart Campaign Targets Six Card Networks (Infosecurity Magazine) Facebook login thieves now using browser-in-browser trick (Bleeping Computer) NIST Calls for Public to Help Better Secure AI Agents (GovInfo Security) Appeal fails for hacker who opened port to coke smugglers (The Register) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The FBI warns of Kimsuky quishing. Singapore warns of a critical vulnerability in Advantech IoT management platforms. Russia's Fancy Bear targets energy research, defense collaboration, and government communications. Malaysia and Indonesia suspend access to X. Researchers warn a large-scale fraud operation is using AI-generated personas to trap mobile users in a social engineering scam. BreachForums gets breached. The NSA names a new Deputy Director. Monday Biz Brief. Our guest is Sasha Ingber, host of the International Spy Museum's SpyCast podcast. The commuter who hacked his scooter.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Sasha Ingber, host of the International Spy Museum's SpyCast podcast, on the return of SpyCast to the N2K CyberWire network. Selected Reading North Korea–linked APT Kimsuky behind quishing attacks, FBI warns (Security Affairs)  Advantech patches maximum-severity SQL injection flaw in IoT products (Beyond Machines) Russia's APT28 Targeting Energy Research, Defense Collaboration Entities (SecurityWeek) Malaysia and Indonesia block X over deepfake smut (The Register) New OPCOPRO Scam Uses AI and Fake WhatsApp Groups to Defraud Victim (Hackread) BreachForums hacking forum database leaked, exposing 324,000 accounts (Bleeping Computer) Former NSA insider Kosiba brought back as spy agency's No. 2 (The Record) Vega raises $120 million in a Series B round led by Accel. Reverse engineering my cloud-connected e-scooter and finding the master key to unlock all scooters (Rasmus Moorats) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices