Podcasts about cyberwire

Please enjoy this encore of Career Notes. Lieutenant in the US Navy and Skillbridge Fellow at the CyberWire, Brandon Karpf, knew he wanted to join the military at a young age. He achieved that through the US Naval Academy where he was a member of the men's heavyweight rowing team. Commissioned as a cryptologic warfare officer, Brandon was sent to MIT for a graduate degree where he experienced the exact opposite of the Naval Academy's highly structured life. Brandon's later work with both NSA and US Cyber Command helped him gain experience and cyber operations skills. As he transitions from active duty to civilian life, Brandon shares his personal challenges and struggles during that process. Through the DoD Skillbridge Fellowship program, Brandon's transition has him sharing his skills with the CyberWire. We thank Brandon for sharing his expertise and his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

SentinelOne suffers a global service outage. A major DDoS attack hits a Russian internet provider. U.S. banking groups urge the SEC to scrap cybersecurity disclosure rules. Australia mandates reporting of ransomware payments. Researchers uncover a new Browser-in-the-Middle (BitM) attack targeting Safari users. A Florida health system pays over $800,000 to settle insider breach concerns. CISA issues five urgent ICS advisories. Our guest is  Matt Covington, VP of Product at BlackCloak, discussing the emergence of advanced impersonation techniques like deepfakes and the importance of digital executive protection. The feds are putting all our digital data in one basket. CyberWire Guest On our Industry Voices segment, at the 2025 RSA Conference, we were joined by Matt Covington, VP of Product at BlackCloak, discussing the emergence of advanced impersonation techniques like deepfakes and digital executive protection. Listen to Matt's conversation here. Selected Reading Cybersecurity Firm SentinelOne Suffers Major Outage (Bank Infosecurity) DDoS incident disrupts internet for thousands in Moscow (The Record) Banks Want SEC to Rescind Cyberattack Disclosure Requirements (PYMNTS.com) Australian ransomware victims now must tell the government if they pay up (The Record) New BitM Attack Exploits Safari Vulnerability to Steal Login Credentials (Cyber Security News) Florida Health System Pays $800K for Insider Record Snooping (Bank Infosecurity) UTG-Q-015 Hackers Launched Large Scale Brute-Force Attacks Against Govt Web Servers (Cyber Security News) CISA Releases Five ICS Advisories Targeting Vulnerabilities and Exploits (Cyber Security News) Trump Taps Palantir to Compile Data on Americans (The New York Times) Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Children's DNA in criminal databases. ASUS routers get an unwanted houseguest. New APT41 malware uses Google Calendar for command-and-control. Interlock ransomware gang deploys new Trojan. Estonia issues arrest warrant for suspect in massive pharmacy breach. The enemy within the endpoint. New England hospitals disrupted by cyberattack. Tim Starks from CyberScoop is discussing ‘Whatever we did was not enough': How Salt Typhoon slipped through the government's blind spots. And Victoria's Secrets are leaked. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we have Tim Starks from CyberScoop discussing ‘Whatever we did was not enough': How Salt Typhoon slipped through the government's blind spots. Selected Reading  The US Is Storing Migrant Children's DNA in a Criminal Database (WIRED) GreyNoise Discovers Stealthy Backdoor Campaign Affecting Thousands of ASUS Routers (GreyNoise) Mark Your Calendar: APT41 Innovative Tactics (Google Threat Intelligence Group) Interlock ransomware gang deploys new NodeSnake RAT on universities (BleepingComputer) Estonia issues arrest warrant for Moroccan wanted for major pharmacy data breach (The Record) Israeli company Syngia thwarts North Korean cyberattack (The Jerusalem Post) St. Joseph Hospital owner says company targeted in cybersecurity incident (WMUR) Victoria's Secret Website Taken Offline After Cybersecurity Breach (GB Hackers) Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The Czech Republic accuses Chinese state-backed hackers of cyber-espionage. CISA's leaders head for the exits. Cybercriminals are using fake AI video generator websites to spread malware. A stealthy phishing campaign delivers the Remcos RAT via DBatLoader. A fake Bitdefender website spreads malware targeting financial data. Medusa ransomware claims to have breached global real estate firm RE/MAX. An Iranian national faces up to 30 years in prison for ransomware targeting US cities. Our guest is Tony Velleca, CyberProof's CEO,  discussing exposure management and a more risk-focused approach to prioritize threats. Mind reading for fun and profit.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today's Industry Voices segment, at the 2025 RSA Conference we were joined by Tony Velleca, CyberProof's CEO, who is discussing exposure management and moving towards a more risk-focused approach to prioritize threats. Listen to Tony's interview here. Selected Reading Chinese spies blamed for attempted hack on Czech government network (The Record) CISA loses nearly all top officials as purge continues- (Cybersecurity Dive) Google warns of Vietnam-based hackers using bogus AI video generators to spread malware (The Record) Chrome 137, Firefox 139 Patch High-Severity Vulnerabilities (SecurityWeek) New Phishing Campaign Uses DBatLoader to Drop Remcos RAT: What Analysts Need to Know (Hack Read) Hackers Mimic Popular Antivirus Site to Deliver VenomRAT & Steal Finance Data (Cybersecurity News) RE/MAX deals with alleged 150GB data theft: Medusa ransomware demands $200K (Cyber News) CISA Releases ICS Advisories Covering Vulnerabilities & Exploits (Cybersecurity News) Iranian pleads guilty to launching Baltimore ransomware attack, faces 30 years behind bars (The Record) Neural Privacy Under Threat: The Battle for Neural Data  (tsaaro consulting) Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

“Laundry Bear” airs dirty cyber linen in the Netherlands. AI coding agents are tricked by malicious prompts in a Github MCP vulnerability.Tenable patches critical flaws in Network Monitor on Windows. MathWorks confirms ransomware behind MATLAB outage. Feds audit NVD over vulnerability backlog. FBI warns law firms of evolving Silent Ransom Group tactics. Chinese hackers exploit Cityworks flaw to breach US municipal networks. Everest Ransomware Group leaks Coca-Cola employee data. Nova Scotia Power hit by ransomware.  On today's Threat Vector, ⁠David Moulton⁠ speaks with ⁠his Palo Alto Networks colleagues Tanya Shastri⁠ and ⁠Navneet Singh about a strategy for secure AI by design.  CIA's secret spy site was… a Star Wars fan page? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector In this segment of Threat Vector, host ⁠David Moulton⁠ speaks with ⁠Tanya Shastri⁠, SVP of Product Management, and ⁠Navneet Singh⁠, VP of Marketing - Network Security, at Palo Alto Networks. They explore what it means to adopt a secure AI by design strategy, giving employees the freedom to innovate with generative AI while maintaining control and reducing risk. You can hear their full discussion on Threat Vector ⁠here⁠ and catch new episodes every Thursday on your favorite podcast app. Selected Reading Dutch intelligence unmasks previously unknown Russian hacking group 'Laundry Bear' (The Record) GitHub MCP Server Vulnerability Let Attackers Access Private Repositories (Cybersecurity News) Tenable Network Monitor Vulnerabilities Let Attackers Escalate Privileges (Cybersecurity News) Ransomware attack on MATLAB dev MathWorks – licensing center still locked down (The Register) US Government Launches Audit of NIST's National Vulnerability Database (Infosecurity Magazine) Law Firms Warned of Silent Ransom Group Attacks  (SecurityWeek) Chinese Hackers Exploit Cityworks Flaw to Target US Local Governments (Infosecurity Magazine) Everest Ransomware Leaks Coca-Cola Employee Data Online (Hackread) Nova Scotia Power Suffers Ransomware Attack; 280,000 Customers' Data Compromised (GB Hackers) The CIA Secretly Ran a Star Wars Fan Site (404 Media) Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

In large enterprise software companies, Red and Blue Teams collaborate through Purple Teaming to proactively detect, respond to, and mitigate advanced threats. In this episode of CyberWire-X, N2K's Dave Bittner is joined by Adobe's Justin Tiplitsky, Director of Red Team and Ivan Koshkin, Senior Detection Engineer to discuss how their teams work together daily to strengthen Adobe's security ecosystem. They share real-world insights on how this essential collaboration enhances threat detection, refines security controls, and improves overall cyber resilience.   Learn more about your ad choices. Visit megaphone.fm/adchoices

Operation Endgame dismantles cybercriminal infrastructure. DOGE's use of the Grok AI chatbot raises ethical and privacy concerns. Malware on the npm registry uses malicious packages to quietly gather intelligence on developer environments. Researchers link Careto malware to the Spanish government. Exploring proactive operations via letters of marque. Hackers hesitate to attend the HOPE conference over travel concerns. Our guest is Jeffrey Wheatman, Cyber Risk Expert at Black Kite, warning us to "Beware the silent breach." AI threatens to spill secrets to save itself. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today's Industry Voices, we were joined at the RSAC Conference by Jeffrey Wheatman, Cyber Risk Expert at Black Kite, as he is sharing his thoughts on "Beware the silent breach." Listen to Jeffery's interview here.Selected Reading Operation ENDGAME strikes again: the ransomware kill chain broken at its source (Europol) Russian developer of Qakbot malware indicted by US for global ransomware campaign (CNews) Russian hackers target US and allies to disrupt Ukraine aid, warns NSA (CNews) Exclusive: Musk's DOGE expanding his Grok AI in U.S. government, raising conflict concerns (Reuters) 60 malicious npm packages caught mapping developer networks (Developer Tech) Mysterious hacking group Careto was run by the Spanish government, sources say (TechCrunch) An 18th-century war power resurfaces in cyber policy talks (Next Gov) Hacker Conference HOPE Says U.S. Immigration Crackdown Caused Massive Crash in Ticket Sales (404 Media) Anthropic's new AI model turns to blackmail when engineers try to take it offline (TechCrunch) Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

A joint operation takes down Lumma infrastructure. The FTC finalizes a security settlement with GoDaddy. The Telemessage breach compromised far more U.S. officials than initially known. Twin hackers allegedly breach a major federal software provider from the inside. U.S. telecom providers fail to notify the Senate when law enforcement agencies request data from Senate-issued devices.DragonForce makes its mark on the ransomware front. A data leak threatens survivors of domestic abuse in the UK. Lexmark discloses a critical vulnerability affecting over 120 printer models. Our guest is David Holmes, CTO for Application Security at Imperva, with insights into the role of AI in bot attacks. Scammers ship stolen cash in Squishmallows. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today's guest is David Holmes, CTO for Application Security at Imperva, a Thales company, who is sharing some insights into the role of AI in bot attacks. Selected Reading Lumma infostealer's infrastructure seized during US, EU, Microsoft operation (the Record) FTC finalizes order requiring GoDaddy to secure hosting services (Bleeping Computer) Exclusive: Hacker who breached communications app used by Trump aide stole data from across US government (Reuters) By Default, Signal Doesn't Recall (Signal) Hack of Contractor Was at Root of Massive Federal Data Breach (Bloomberg) Phone companies failed to warn senators about surveillance, Wyden says - Live Updates (POLITICO) DragonForce targets rivals in a play for dominance (Sophos News) ‘Deep concern' for domestic abuse survivors as cybercriminals expected to publish confidential refuge addresses (The Record) Lexmark reporting remote code execution flaw affecting over 120 Printer Models (Beyond Machines) DOJ charges 12 more in $263 million crypto fraud takedown where money was hidden in squishmallow stuffed animals (Bitdefender) Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

A joint advisory warns of Fancy Bear targeting Western logistics and technology firms. A nonprofit hospital network in Ohio suffers a disruptive ransomware attack. The Consumer Financial Protection Bureau (CFPB) drops plans to subject data brokers to tighter regulations. KrebsOnSecurity and Google block a record breaking DDoS attack. A phishing campaign rerouted employee paychecks. Atlassian patches multiple high-severity vulnerabilities. A Wisconsin telecom provider confirms a cyberattack caused a week-long outage.  VMware issues a Security Advisory addressing multiple high-risk vulnerabilities.  Prosecutors say a 19-year-old student from Massachusetts will plead guilty to hacking PowerSchool. Our guest is Rob Allen, Chief Product Officer at ThreatLocker, discussing deliberate simplicity of fundamental controls around zero trust. Oversharing your call location data. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, today we are joined by Rob Allen, Chief Product Officer at ThreatLocker from RSAC 2025. Rob is discussing the deliberate simplicity of fundamental controls around zero trust. Token theft and phishing attacks bypass traditional MFA protections, letting attackers impersonate users and access critical SaaS platforms — without needing passwords. Listen to Rob's interview here. Learn more from the ThreatLocker team here. Selected Reading Russian GRU Targeting Western Logistics Entities and Technology Companies ( CISA) Ransomware attack disrupts Kettering Health Network in Ohio (Beyond Machines) America's CFPB bins proposed data broker crackdown (The Register) Krebs on Security hit by 'test run' DDoS attack that peaked at 6.3 terabits of data per second (Metacurity) SEO poisoning campaign swipes direct deposits from employees (SC Media) Atlassian Warns of Multiple High-Severity Vulnerabilities Hits Data Center Server (Cybersecurity News) Cellcom Service Disruption Caused by Cyberattack (SecurityWeek) VMware releases patches for security flaws in multiple virtualization products (Beyond Machines) Massachusetts man will plead guilty in PowerSchool hack case (CyberScoop) O2 VoLTE: locating any customer with a phone call  (Mast Database) Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

President Trump signs the Take It Down Act into law. A UK grocer logistics firm gets hit by ransomware. Researchers discover trojanized versions of the KeePass password manager. Researchers from CISA and NIST promote a new metric to better predict actively exploited software flaws. A new campaign uses SEO poisoning to deliver Bumblebee malware. A sophisticated phishing campaign is impersonating Zoom meeting invites to steal user credentials. CISA has added six actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog. A bipartisan bill aims to strengthen the shrinking federal cybersecurity workforce. Our guest is Chris Novak, Vice President of Global Cybersecurity Solutions at Verizon, sharing insights on their 2025 DBIR. DOGE downsizes, and the UAE recruits. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Chris Novak, Vice President of Global Cybersecurity Solutions at Verizon, sharing insights on their 2025 Data Breach Investigations Report (DBIR).Selected Reading Trump signs the Take It Down Act into law |(The Verge) Supplier to Tesco, Aldi and Lidl hit with ransomware (Computing) Fake KeePass password manager leads to ESXi ransomware attack (Bleeping Computer) Vulnerability Exploitation Probability Metric Proposed by NIST, CISA Researchers (Security Week) Threat Actors Deliver Bumblebee Malware Poisoning Bing SEO (Cybersecurity News) New Phishing Attack Poses as Zoom Meeting Invites to Steal Login Credentials (GB Hackers) CISA Adds Six Known Exploited Vulnerabilities to Catalog (CISA) Federal cyber workforce training institute eyed in bipartisan House bill (CyberScoop) UAE Recruiting US Personnel Displaced by DOGE to Work on AI for its Military (Zetter Sero Day) Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The UK's Ministry of Justice suffers a major breach. Mozilla patches two critical JavaScript engine flaws in Firefox. Over 200,000 patients of a Georgia-based health clinic see their sensitive data exposed. Researchers track increased malicious targeting of iOS devices. A popular printer brand serves up malware. PupkinStealer targets Windows systems. An Alabama man gets 14 months in prison for a sim-swap attack on the SEC. Our guest is Ian Tien, CEO at Mattermost, sharing insights on enhancing cybersecurity through effective collaboration. Ethical Hackers win the day at Pwn2Own Berlin.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today's Industry Voices segment, we are joined by Ian Tien, CEO at Mattermost at RSAC 2025, who is sharing insights on enhancing cybersecurity through effective collaboration. Check out Ian's blog on “What's Next for Cybersecurity Teams? AI, Automation & Real-Time Workflows.” Listen to Ian's interview here. Selected Reading Hackers steal 'significant amount of personal data' from Ministry of Justice in brazen cyber-attack (Daily Mail Online) M&S and Co-Op: BBC reporter on talking to the hackers (BBC) 210K American clinics‘ patients had their financial data leaked (Cybernews) 480,000 Catholic Health Patients Impacted by Serviceaide Data Leak (SecurityWeek) Over 40,000 iOS Apps Found Exploiting Private Entitlements, Zimperium (Hackread) This printer company served you malware for months and dismissed it as false positives (Neowin) Hack of SEC social media account earns 14-month prison sentence for Alabama man (The Record) Hackers Earn Over $1 Million at Pwn2Own Berlin 2025 (SecurityWeek) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of Career Notes. Host of the CyberWire Podcast, Dave Bittner, wanted to work with the Muppets, so naturally he landed in cybersecurity. Dave and his Cookie Monster puppet spent much of his childhood putting on shows for his parents friends. During one of those performances, he was discovered and got his start at the local PBS station. A radio, television and film major in college, Dave owned his own company and as the most tech-savvy member of the group, handled that side of things. Dave notes his cybersecurity challenges back then consisted of maybe a corrupt floppy disk. It wasn't until he joined the CyberWIre that cybersecurity became Dave's focus. A former boss showed him how to lead a team and treat everyone with kindness regardless of their role. We thank Dave for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of Career Notes. Host of the CyberWire Podcast, Dave Bittner, wanted to work with the Muppets, so naturally he landed in cybersecurity. Dave and his Cookie Monster puppet spent much of his childhood putting on shows for his parents friends. During one of those performances, he was discovered and got his start at the local PBS station. A radio, television and film major in college, Dave owned his own company and as the most tech-savvy member of the group, handled that side of things. Dave notes his cybersecurity challenges back then consisted of maybe a corrupt floppy disk. It wasn't until he joined the CyberWIre that cybersecurity became Dave's focus. A former boss showed him how to lead a team and treat everyone with kindness regardless of their role. We thank Dave for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

NATO hosts the world's largest cyber defense exercise. The DOJ charges a dozen people in a racketeering conspiracy involving the theft of over $230 million in cryptocurrency. Japan has enacted a new Active Cyberdefense Law. Lawmakers push to reauthorize the Cybersecurity Information Sharing Act. Two critical Ivanti Endpoint Manager Mobile vulnerabilities are under active exploitation. Hackers use a new fileless technique to deploy Remcos RAT. The NSA's Director of Cybersecurity hangs up their hat. Our guest is Christopher Cleary, VP of ManTech's Global Cyber Practice, discussing the cyber battlespace of the future. Coinbase flips the script on an extortion attempt.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Joining us on our Industry Voices segment, Christopher Cleary, VP of ManTech's Global Cyber Practice, talks about the battlespace of the future. If you would like to hear the full-length interview between Christopher and Dave, listen here. Learn more about ManTech's cybersecurity work here.  Selected Reading NATO's Locked Shields Reflects Cyber Defense Growth  (SecurityWeek) US charges 12 more suspects linked to $230 million crypto theft (Bleeping Computer) Japan enacts new Active Cyberdefense Law allowing for offensive cyber operations (The Record) Lawmakers push for reauthorization of cyber information sharing bill as deadline looms (The Record) Ban sales of gear from China's TP-Link, Republican lawmakers tell Trump administration (The Record) Scammers are deepfaking voices of senior US government officials, warns FBI (The Register) Multiple Ivanti Endpoint Mobile Manager Vulnerabilities Allows Remote Code Execution (Cyber Security News) Updated Remcos RAT deployed in fileless intrusion (SC Media) NSA cyber director Luber to retire at month's end (The Record) Coinbase offers $20 million bounty after extortion attempt with stolen data (The Record) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Google issues an emergency patch for a high-severity Chrome browser flaw. Researchers bypass BitLocker encryption in minutes. A massive Chinese-language black market has shut down. The CFPB cancels plans to curb the sale of personal information by data brokers. A cyberespionage campaign called Operation RoundPress targets vulnerable webmail servers. Google warns that Scattered Spider is now targeting U.S. retail companies. The largest steelmaker in the U.S. shut down operations following a cybersecurity incident. Our guest is Devin Ertel, Chief Information Security Officer at Menlo Security, discussing redefining enterprise security. The long and the short of layoffs. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment and direct from RSAC 2025, our guest is Devin Ertel, Chief Information Security Officer at Menlo Security, discussing redefining enterprise security. Listen to Devin's interview here. Selected Reading Google fixes high severity Chrome flaw with public exploit (Bleeping Computer) BitLocker Encryption Bypassed in Minutes Using Bitpixie Vulnerability: PoC Released (Cyber Security News) The Internet's Biggest-Ever Black Market Just Shut Down Amid a Telegram Purge (WIRED)  German operation shuts down crypto mixer eXch, seizes millions in assets (The Record) CFPB Quietly Kills Rule to Shield Americans From Data Brokers (WIRED) EU ruling: tracking-based advertising by Google, Microsoft, Amazon, X, across Europe has no legal basis (Irish Council for Civil Liberties) Operation RoundPress targeting high-value webmail servers (We Live Security) Google says hackers that hit UK retailers now targeting American stores (Reuters) Cybersecurity incident forces largest US steelmaker to take some operations offline (The Record) Infosec Layoffs Aren't the Bargain Boards May Think (Dark Reading)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

A busy Patch Tuesday. Investigators discover undocumented communications devices inside Chinese-made power inverters. A newly discovered Branch Privilege Injection flaw affects Intel CPUs. A UK retailer may claim up to £100mn from its cyber insurers after a major cyberattack.  A Kosovo national has been extradited to the U.S. for allegedly running an illegal online marketplace. CISA will continue alerts on its website following industry backlash. On our Industry Voices segment, Neil Hare-Brown, CEO at STORM Guidance, discusses Cyber Incident Response (CIR) retainer service provision. Shoring up the future of the CVE program. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today's Industry Voices segment, we are joined by Neil Hare-Brown, CEO at STORM Guidance, discussing Cyber Incident Response (CIR) retainer service provision. You can learn more here.  Selected Reading Microsoft Patch Tuesday security updates for May 2025 fixed 5 actively exploited zero-days (Security Affairs) SAP patches second zero-day flaw exploited in recent attacks (Bleeping Computer)  Ivanti fixes EPMM zero-days chained in code execution attacks (Bleeping Computer)  Fortinet fixes critical zero-day exploited in FortiVoice attacks (Bleeping Computer)  Vulnerabilities Patched by Juniper, VMware and Zoom (SecurityWeek) ICS Patch Tuesday: Vulnerabilities Addressed by Siemens, Schneider, Phoenix Contact (SecurityWeek) Adobe Patches Big Batch of Critical-Severity Software Flaws (SecurityWeek) Ghost in the machine? Rogue communication devices found in Chinese inverters (Reuters) New Intel CPU flaws leak sensitive data from privileged memory (Bleeping Computer)  M&S cyber insurance payout to be worth up to £100mn (Financial Times) US extradites Kosovo national charged in operating illegal online marketplace (The Record) CISA Planned to Kill .Gov Alerts. Then It Reversed Course. (Data BreachToday) CVE Foundation eyes year-end launch following 11th-hour rescue of MITRE program (CyberScoop) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

House Republicans look to limit state regulation of AI. Spain investigates potential cybersecurity weak links in the April 28 power grid collapse. A major security flaw has been found in ASUS mainboards' automatic update system. A new macOS info-stealing malware uses PyInstaller to evade detection. The U.S. charges 14 North Korean nationals in a remote IT job scheme. Europe's cybersecurity agency launches the European Vulnerability Database. CISA pares back website security alerts. Moldovan authorities arrest a suspect in DoppelPaymer ransomware attacks. On today's Threat Vector segment, David Moulton speaks with ⁠Noelle Russell⁠, CEO of the AI Leadership Institute, about how to scale responsible AI in the enterprise. Dave & Buster's invites vanish into the void. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector  Recorded Live at the Canopy Hotel during the RSAC Conference in San Francisco, ⁠David Moulton⁠ speaks with ⁠Noelle Russell⁠, CEO of the AI Leadership Institute and a leading voice in responsible AI on this Threat Vector segment. Drawing from her new book Scaling Responsible AI, Noelle explains why early-stage AI projects must move beyond hype to operational maturity—addressing accuracy, fairness, and security as foundational pillars. Together, they explore how generative AI models introduce new risks, how red teaming helps organizations prepare, and how to embed responsible practices into AI systems. You can hear David and Noelle's full discussion on Threat Vector here and catch new episodes every Thursday on your favorite podcast app.  Selected Reading Republicans Try to Cram Ban on AI Regulation Into Budget Reconciliation Bill (404 Media) Spain investigates cyber weaknesses in blackout probe (The Financial Times) Critical Security flaw in ASUS mainboard update system (Beyond Machines) Hackers Exploiting PyInstaller to Deploy Undetectable macOS Infostealer (Cybersecurity News) Researchers Uncover Remote IT Job Fraud Scheme Involving North Korean Nationals (GB Hackers) European Vulnerability Database Launches Amid US CVE Chaos (Infosecurity Magazine) Apple Security Update: Multiple Vulnerabilities in macOS & iOS Patched (Cybersecurity News) CISA changes vulnerabilities updates, shifts to X and emails (The Register) Suspected DoppelPaymer Ransomware Group Member Arrested (Security Week) Cracking The Dave & Buster's Anomaly (Rambo.Codes)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

A major student engagement platform falls victim to the ClickFix social engineering attack. Google settles privacy allegations with Texas for over one point three billion dollars. Stores across the UK face empty shelves due to an ongoing cyberattack. Ascension Health reports that over 437,000 patients were affected by a third-party data breach. A critical zero-day vulnerability in SAP NetWeaver is being actively exploited. Researchers uncover two major cybersecurity threats targeting IT admins and cloud systems. U.S. prosecutors charge three Russians and one Kazakhstani in connection with the takedown of two major botnets. A new tool disables Microsoft Defender by tricking Windows into thinking a legitimate antivirus is installed. Tim Starks, Senior Reporter from CyberScoop, discusses congressional reactions to White House budget cut proposals for CISA. Fair use faces limits in generative AI. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest We welcome back Tim Starks, Senior Reporter from CyberScoop, discussing congressional reactions to White House budget cut proposals for CISA. You can find background information in these articles:  House appropriators have reservations — or worse — about proposed CISA cuts⁠ ⁠Sen. Murphy: Trump administration has ‘illegally gutted funding for cybersecurity⁠' Selected Reading iClicker website compromised with fake ClickFix CAPTCHA installing malware (BeyondMachines.net) Google Agrees to $1.3 Billion Settlement in Texas Privacy Lawsuits (SecurityWeek) Fears 'hackers still in the system' leave Co-op shelves running empty across UK (The Record) 437,000 Impacted by Ascension Health Data Breach (SecurityWeek) SAP NetWeaver Vulnerability Exploited in Wild by Chinese Hackers (Cyber Security News) New SEO Poisoning Campaign Targeting IT Admins With Malware (Hackread) Three Russians, one Kazakhstani charged in takedown of Anyproxy and 5socks botnets (The Record) Defendnot — A New Tool That Disables Windows Defender by Posing as an Antivirus Solution (Cyber Security News) Five Takeaways from the Copyright Office's Controversial New AI Report (Copyright Lately)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The messaging app used by CBP and the White House faces continued security scrutiny. Hacktivists breach the airline used for U.S. deportation flights. The FBI warns that threat actors are exploiting outdated, unsupported routers. Education giant Pearson confirms a cyberattack. Researchers report exploitation of Windows Remote Management (WinRM) for stealthy lateral movement in Active Directory (AD) environments. A sophisticated email attack campaign uses malicious PDF invoices to deliver a cross-platform RAT. A zero-day vulnerability in SAP NetWeaver enables remote code execution. An Indiana health system reports a data breach affecting nearly 263,000 individuals. Our guest is Alex Cox, Director of Information Security at LastPass, discussing tax-related lures targeting refunds. AI empowers a murder victim to speak from beyond the grave.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Alex Cox, Director of Information Security at LastPass, to discuss tax-related lures facing both tax preparation agencies and filers expecting refunds. Selected Reading On the state of modern Web Application Security (BrightTalk) Customs and Border Protection Confirms Its Use of Hacked Signal Clone TeleMessage  (Wired) Hackers hit deportation airline GlobalX, leak flight manifests, and leave an unsubtle message for "Donnie" Trump (Bitdefender) FBI Sounds Alarm on Rogue Cybercrime Services Targeting Obsolete Routers (infosecurity magazine) Education giant Pearson hit by cyberattack exposing customer data (Bleeping Computer) Hackers Using Windows Remote Management to Stealthily Navigate Active Directory Network (Cybersecurity News) Hackers Weaponizing PDF Invoices to Attack Windows, Linux & macOS Systems (Cybersecurity News) SAP Zero-Day Targeted Since January, Many Sectors Impacted (Security Week) Indiana Health System Notifies 263,000 of Oracle Hack (Bank of Infosecurity) A Judge Accepted AI Video Testimony From a Dead Man (404 Media) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The LockBit ransomware gang has been hacked. Google researchers identify a new infostealer called Lostkeys. SonicWall is urging customers to patch three critical device vulnerabilities. Apple patches a critical remote code execution flaw. Cisco patches 35 vulnerabilities across multiple products. Iranian hackers cloned a German modeling agency's website to spy on Iranian dissidents. Researchers bypass SentinelOne's EDR protection. Education tech firm PowerSchool faces renewed extortion. CrowdStrike leans into AI amidst layoffs. Our guest is Caleb Barlow, CEO of Cyberbit, discussing the mixed messages of the cyber skills gaps. Honoring the legacy of Joseph Nye. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Caleb Barlow, CEO of Cyberbit, who is discussing the mixed messages of the cyber skills gaps. Selected Reading LockBit ransomware gang hacked, victim negotiations exposed (Bleeping Computer) Russian state-linked Coldriver spies add new malware to operation (The Record) Fake AI Tools Push New Noodlophile Stealer Through Facebook Ads (Hackread) SonicWall urges admins to patch VPN flaw exploited in attacks (Bleeping Computer) Researchers Details macOS Remote Code Execution Vulnerability - CVE-2024-44236 (Cyber Security News) Cisco IOS XE Wireless Controllers Vulnerability Enables Full Device Control for Attackers (Cyber Security News) Cisco Patches 35 Vulnerabilities Across Several Products (SecurityWeek) Iranian Hackers Impersonate as Model Agency to Attack Victims (Cyber Security News) Hacker Finds New Technique to Bypass SentinelOne EDR Solution (Infosecurity Magazine) CrowdStrike trims workforce by 5 percent, aims to rely on AI (The Register) Despite ransom payment, PowerSchool hacker now extorting individual school districts (The Record)  Joseph Nye, Harvard professor, developer of “soft power” theory, and an architect of modern international relations, dies at 88 (Harvard University)  Nye Lauded for Cybersecurity Leadership (The Belfer Center for Science and International Affairs at Harvard University) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

A jury orders NSO Group to pay $167 millions dollars to Meta over spyware allegations. CISA warns of hacktivists targeting U.S. ICS and SCADA systems. Researcher Micah Lee documents serious privacy risks in the TM SGNL app used by high level Trump officials. The NSA plans significant workforce cuts. Nations look for alternatives to U.S. cloud providers. A medical device provider discloses a cyberattack disrupting its ability to ship customer orders. The Panda Shop smishing kit impersonates trusted brands. Accenture's CFO thwarts a deepfake attempt. Our temporary intern Kevin Magee from Microsoft wraps up his reporting from the RSAC show floor.  Server room shenanigans, with romance, retaliation, and root access. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Wrapping up RSAC 2025, we're joined by our partner Kevin Magee, Global Director of Cybersecurity Startups at Microsoft for Startups. Kevin brings the energy with a high-octane medley of interviews directly from the show floor, featuring sharp insights and bold ideas from some of cybersecurity's most influential voices. It's the perfect, fast-paced finale to our RSAC coverage—check out the show notes for links to all the guests featured! In this segment, you'll hear from Eoin Wickens, Director of Threat Intelligence of HiddenLayer, Jordan Shaw-Young, Chief of Staff for Security Services at BlueVoyant, Gil Barak, co-founder and CEO of Blink Ops, and Paul St Vil, VP of Field Engineering at Zenity. You can also catch Kevin on our Microsoft for Startups⁠ Spotlight, brought to you by N2K CyberWire and Microsoft, where we shine a light on innovation, ambition, and the tech trailblazers building the future right from the startup trenches. Kevin and Dave talk with startup veteran and Cygenta co-founder FC about making the leap from hacker to entrepreneur, then speak with three Microsoft for Startups members: Matthew Chiodi⁠ of ⁠Cerby⁠, ⁠Travis Howerton⁠ of ⁠RegScale⁠, and ⁠Karl Mattson⁠ of ⁠Endor Labs⁠. Whether you are building your own startup or just love a good innovation story, listen and learn more here. Selected Reading Spyware-maker NSO ordered to pay $167 million for hacking WhatsApp (The Washington Post) CISA Warns of Hackers Attacking ICS/SCADA Systems in Oil and Natural Gas Companies (Cyber Security News) Despite misleading marketing, Israeli company TeleMessage, used by Trump officials, can access plaintext chat logs (Micha Flee) NSA to cut up to 2,000 civilian roles as part of intel community downsizing' (The Record) NIST loses key cyber experts in standards and research (Cybersecurity Dive) A coherent European/non-US cloud strategy: building railroads for the cloud economy (Bert Hubert) Medical device giant Masimo says cyberattack is limiting ability to fill customer orders (The Record) New Chinese Smishing Kit Dubbed 'Panda Shop' Steal Google, Apple Pay & Credit Card Details (Cyber Security News) Accenture: What we learned when our CEO got deepfaked (Computing) IT Worker from Computacenter Let Girlfriend Into Deutsche Bank's Restricted Areas (GB Hackers) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

A critical flaw in a Samsung's CMS is being actively exploited. President Trump's proposed 2026 budget aims to slash funding for CISA. “ClickFix” malware targets both Windows and Linux systems through advanced social engineering. CISA warns of a critical Langflow vulnerability actively exploited in the wild. A new supply-chain attack targets Linux servers using malicious Go modules found on GitHub. The Venom Spider threat group targets HR professionals with fake resume submissions. The Luna Moth group escalates phishing attacks on U.S. legal and financial institutions. The U.S. Treasury aims to cut off a Cambodia-based money laundering operation. Our guest is  Monzy Merza, Co-Founder and CEO of Crogl, discussing the CISO's conundrum in the face of AI. Malware, mouse ears, and mayhem: Disney hacker pleads guilty. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, we are joined by Monzy Merza, Co-Founder and CEO of Crogl, who is discussing the CISO's conundrum—the growing challenge of securing organizations in a world where AI rapidly expands both the number of users and potential adversaries.Selected Reading Samsung MagicINFO Vulnerability Exploited Days After PoC Publication (SecurityWeek) Trump would cut CISA budget by $491M amid ‘censorship' claim  (The Register) New ClickFix Attack Mimics Ministry of Defense Website to Attack Windows & Linux Machines (Cyber Security News) Critical Vulnerability in AI Builder Langflow Under Attack (SecurityWeek) Linux wiper malware hidden in malicious Go modules on GitHub (Bleeping Computer) Malware scammers target HR professionals with Venom Spider malware (SC Media) Luna Moth extortion hackers pose as IT help desks to breach US firms (Bleeping Computer) US Readies Huione Group Ban Over Cybercrime Links (GovInfo Security) Hacker 'NullBulge' pleads guilty to stealing Disney's Slack data (Bleeping Computer) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Researchers uncover serious vulnerabilities in the Signal fork reportedly used by top government officials. CISA adds a second Commvault flaw to its Known Exploited Vulnerabilities catalog. xAI exposed a private API key on GitHub for nearly two months. FortiGuard uncovers a cyber-espionage campaign targeting critical national infrastructure in the Middle East. Threat brokers advertise a new SS7 zero-day exploit on cybercrime forums. The StealC  info-stealer and malware loader gets an update. Passkeys blaze the trail to a passwordless future. On our Afternoon Cyber Tea segment with Ann Johnson, Ann speaks with Christina Morillo, Head of Information Security at the New York Giants. Cubism meets computing: the Z80 goes full Picasso.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.CyberWire GuestOn our Afternoon Cyber Tea segment with Ann Johnson, Ann speaks with Christina Morillo, Head of Information Security at New York Football Giants, as they discuss how she approaches cybersecurity with curiosity, business alignment, and strong collaboration across the NFL community. Selected Reading The Signal Clone the Trump Admin Uses Was Hacked (404 Media) Critical Commvault Vulnerability in Attacker Crosshairs (SecurityWeek) xAI Dev Leaked API Key on GitHub for Private SpaceX, Tesla & Twitter/X (Cyber Security News) FortiGuard Incident Response Team Detects Intrusion into Middle East Critical National Infrastructure (Fortinet) Hackers Selling SS7 0-Day Vulnerability on Hacker Froums for $5000 (Cyber Security News) StealC malware enhanced with stealth upgrades and data theft tools (Bleeping Computer) Sick of 15-character passwords? Microsoft is going password-less, starting now. (Mashable) Passkeys for Normal People (Troy Hunt) Single-Board Z80 Computer Draws Inspiration From Picasso (Hackaday) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

RSAC 2025 comes to an end. Canadian power company hit by cyberattack. Ascension Health discloses another breach. UK luxury department store Harrods discloses attempted cyberattack. Microsoft fixes bug flagging Gmail as spam. An unofficial version of the Signal app shared in photo. EU fines TikTok for violating GDPR with China data transfer. US Treasury to cut off Southeast Asian cybercrime key player. Passwordless by default coming your way. Our guest is Kevin Magee, from Microsoft, sharing a medley of interviews he gathered on the show floor of RSAC 2025. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Kevin on the Street Joining us this week from RSAC 2025, we have our partner Kevin Magee, Global Director of Cybersecurity Startups at Microsoft for Startups. Kevin closes out RSAC 2025 with a high-energy medley of interviews straight from the show floor, packed with sharp insights and bold ideas from some of cybersecurity's standout voices. It's a dynamic and fast-paced finale to our RSAC coverage—and you can find links to all of the guests featured in the show notes. In this segment, you'll hear from Christopher Simm, CTO at Bulletproof; Dr. Chase Cunningham (aka Dr. Zero Trust), Chief Strategy Officer at Ericom Software; Helen Patton, cybersecurity advisor at Cisco; Jeremy Vaughan, CEO and co-founder of Start Left Security; and Tzvika Shneider, CEO of Pynt. You can also catch Kevin on our Microsoft for Startups⁠ Spotlight, brought to you by N2K CyberWire and Microsoft, where we shine a light on innovation, ambition, and the tech trailblazers building the future right from the startup trenches. Kevin and Dave talk with startup veteran and Cygenta co-founder FC about making the leap from hacker to entrepreneur, then speak with three Microsoft for Startups members: Matthew Chiodi⁠ of ⁠Cerby⁠, ⁠Travis Howerton⁠ of ⁠RegScale⁠, and ⁠Karl Mattson⁠ of ⁠Endor Labs⁠. Whether you are building your own startup or just love a good innovation story, listen and learn more here. Selected Reading Day 4 Recap: Closing Celebration with Alicia Keys, RSAC College Day, and What's Ahead for 2025 (RSAC Conference)  Canadian Electric Utility Hit by Cyberattack (SecurityWeek) Ascension discloses second major cyber attack in a year (The Register) Harrods latest retailer to be hit by cyber attack (BBC) Microsoft fixes Exchange Online bug flagging Gmail emails as spam (Bleeping Computer)  Mike Waltz Accidentally Reveals Obscure App the Government Is Using to Archive Signal Messages (404 Media) TikTok hit with 530 million euro privacy fine in investigation into China data transfer (AP News) Ukrainian extradited to US for alleged Nefilim ransomware attack spree (CyberScoop) US wants to cut off key player in Southeast Asian cybercrime industry (The Record)  Microsoft makes all new accounts passwordless by default (Bleeping Computer) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Updates from RSAC 2025. Former NSA cyber chief Rob Joyce warns that AI is rapidly approaching the ability to develop high-level software exploits. An FBI official warns that China is the top threat to U.S. critical infrastructure. Mandiant and Google raise alarms over widespread infiltration of global companies by North Korean IT workers. France accuses Russia's Fancy Bear of targeting at least a dozen French government and institutional entities. SonicWall has issued an urgent alert about active exploitation of a high-severity vulnerability in its Secure Mobile Access appliances. A China-linked APT group known as “TheWizards” is abusing an IPv6 networking feature. Gremlin Stealer emerges as a serious threat. A 23-year-old Scottish man linked to the Scattered Spider hacking group has been extradited from Spain to the U.S. Senators urge FTC action on consumer neural data. New WordPress malware masquerades as an anti-malware plugin. Our guest is Andy Cao from ProjectDiscovery, the Winner of the 20th Annual RSAC™ Innovation Sandbox Contest. Our intern Kevin returns with some Kevin on the Street interviews from the RSAC floor.  Research reveals the risk of juice jacking isn't entirely imaginary.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Andy Cao from ProjectDiscovery, who is the Winner of the 20th Annual RSAC™ Innovation Sandbox Contest 2025 event. Kevin on the Street Joining us this week from RSAC 2025, we have our partner Kevin Magee, Global Director of Cybersecurity Startups at Microsoft for Startups. Stay tuned to the CyberWire Daily podcast for “Kevin on the Street” updates on all things RSAC 2025 from Kevin all week. Today Kevin is joined by Shane Harding CEO of Devicie and Nathan Ostrowski Co-Founder Petrą Security.  You can also catch Kevin on our Microsoft for Startups⁠ Spotlight, brought to you by N2K CyberWire and Microsoft, where we shine a light on innovation, ambition, and the tech trailblazers building the future right from the startup trenches. Kevin and Dave talk with startup veteran and Cygenta co-founder FC about making the leap from hacker to entrepreneur, then speak with three Microsoft for Startups members: Matthew Chiodi⁠ of ⁠Cerby⁠, ⁠Travis Howerton⁠ of ⁠RegScale⁠, and ⁠Karl Mattson⁠ of ⁠Endor Labs⁠. Whether you are building your own startup or just love a good innovation story, listen and learn more here. Selected Reading Ex-NSA cyber boss: AI will soon be a great exploit dev (The Register)  AI makes China leading threat to US critical infrastructure, says FBI official (SC World) North Korean operatives have infiltrated hundreds of Fortune 500 companies (CyberScoop) France Blames Russia for Cyberattacks on Dozen Entities (SecurityWeek) SonicWall OS Command Injection Vulnerability Exploited in the Wild (Cyber Security News) Hackers abuse IPv6 networking feature to hijack software updates (Bleeping Computer)  New Gremlin Stealer Advertised on Hacker Forums Targets Credit Card Data and Login Credentials (GB Hackers) Alleged ‘Scattered Spider' Member Extradited to U.S. (Krebs on Security) Senators Urge FTC Action on Consumer Neural Data, Signaling Heightened Scrutiny (Cooley) New WordPress Malware as Anti-Malware Plugin Take Full Control of Website (Cyber Security News)  iOS and Android juice jacking defenses have been trivial to bypass for years (Ars Technica)Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

DHS Secretary Kristi Noem justifies budget cuts in her RSAC keynote. The EFF pens an open letter to Trump backing Chris Krebs. Scattered Spider is credited with the Marks & Spencer cyberattack. Researchers discover a critical flaw in Apple's AirPlay protocol. The latest CISA advisories. On our Industry Voices segment, we are joined by Neil Gad, Chief Product and Technology Officer at RealVNC, who is discussing a security-first approach in remote access software development. What do you call an AI chatbot that finished at the bottom of its class in med school? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, we are joined by Neil Gad, Chief Product and Technology Officer at RealVNC, who is discussing a security-first approach in remote access software development. Kevin on the Street Joining us this week from RSAC 2025, we have our partner Kevin Magee, Global Director of Cybersecurity Startups at Microsoft for Startups. Stay tuned to the CyberWire Daily podcast for “Kevin on the Street” updates on all things RSAC 2025 from Kevin all week. Today Kevin is joined by Ryan Lasmaili Co-Founder and CEO of Vaultree and Stan Golubchik CEO and co-founder of Contraforce, here are their conversations. You can also catch Kevin on our Microsoft for Startups⁠ Spotlight, brought to you by N2K CyberWire and Microsoft, where we shine a light on innovation, ambition, and the tech trailblazers building the future right from the startup trenches. Kevin and Dave talk with startup veteran and Cygenta co-founder FC about making the leap from hacker to entrepreneur, then speak with three Microsoft for Startups members: Matthew Chiodi⁠ of ⁠Cerby⁠, ⁠Travis Howerton⁠ of ⁠RegScale⁠, and ⁠Karl Mattson⁠ of ⁠Endor Labs⁠. Whether you are building your own startup or just love a good innovation story, https://explore.thecyberwire.com/microsoft-for-startups. Selected Reading DHS Secretary Noem: CISA needs to get back to ‘core mission' (CyberScoop) Noem calls for reauthorization of cyberthreat information sharing law during RSA keynote (The Record) Cyber experts, Democrats urge Trump administration not to break up cyber coordination in State reorg (CyberScoop) Infosec pros rally against Trump's attack on Chris Krebs (The Register) Scattered Spider Suspected in Major M&S Cyberattack (Hackread) AirPlay Zero-Click RCE Vulnerability Enables Remote Device Takeover via Wi-Fi (Cyber Security News) CISA Adds One Known Exploited Vulnerability to Catalog (CISA) CISA Releases Three Industrial Control Systems Advisories (CISA) Instagram's AI Chatbots Lie About Being Licensed Therapists  (404 Media) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

RSAC 2025 is well under way, and Kevin the Intern files his first report. Authorities say Spain and Portugal's massive power outage was not a cyberattack. Concerns are raised over DOGE access to classified nuclear networks. The FS-ISAC launches the Cyberfraud Prevention Framework. Real-time deepfake fraud is here to stay. On today's Threat Vector, host David Moulton speaks with Daniel B. Rosenzweig, a leading data privacy and AI attorney, about the growing complexity of privacy compliance in the era of big data and artificial intelligence. Protecting your company…with a fat joke.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector  In this segment of Threat Vector, host David Moulton speaks with Daniel B. Rosenzweig, a leading data privacy and AI attorney, about the growing complexity of privacy compliance in the era of big data and artificial intelligence. Dan explains how businesses can build trust by aligning technical operations with legal obligations—what he calls “say what you do, do what you say.” They explore U.S. state privacy laws, global data transfer regulations, AI compliance, and the role of privacy-enhancing technologies. You can hear David and Daniel's full discussion on Threat Vector here and catch new episodes every Thursday on your favorite podcast app.  Kevin on the Street Joining us this week from RSAC 2025, we have our partner Kevin Magee, Global Director of Cybersecurity Startups at Microsoft for Startups. Stay tuned to the CyberWire Daily podcast for “Kevin on the Street” updates on all things RSAC 2025 from Kevin all week.  You can also catch Kevin on our Microsoft for Startups⁠ Spotlight, brought to you by N2K CyberWire and Microsoft, where we shine a light on innovation, ambition, and the tech trailblazers building the future right from the startup trenches. Kevin and Dave talk with startup veteran and Cygenta co-founder FC about making the leap from hacker to entrepreneur, then speak with three Microsoft for Startups members: Matthew Chiodi⁠ of ⁠Cerby⁠, ⁠Travis Howerton⁠ of ⁠RegScale⁠, and ⁠Karl Mattson⁠ of ⁠Endor Labs⁠. Whether you are building your own startup or just love a good innovation story, https://explore.thecyberwire.com/microsoft-for-startups. Selected Reading RSA Conference 2025 Announcements Summary (Day 1) (SecurityWeek) ISMG Editors: Day 1 Overview of RSAC Conference 2025 (GovInfo Security) ProjectDiscovery Named “Most Innovative Startup” at RSAC™ 2025 Conference Innovation Sandbox Contest (RSAC)  Krebs: People should be ‘outraged' at efforts to shrink federal cyber efforts (The Record) NSA, CISA top brass absent from RSA Conference (The Register) Power Is Restored in Spain and Portugal After Widespread Outage (New York Times) DOGE employees gain accounts on classified networks holding nuclear secrets (NPR) New Framework Targets Rising Financial Crime Threats  (GovInfo Security) The Age of Realtime Deepfake Fraud Is Here (404 Media) The one interview question that will protect you from North Korean fake workers (The Register) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

A massive power outage strikes the Iberian Peninsula. Iran says it repelled a “widespread and complex” cyberattack targeting national infrastructure. Researchers find hundreds of SAP NetWeaver systems vulnerable to a critical zero-day. A British retailer tells warehouse workers to stay home following a cyberattack. VeriSource Services discloses a breach exposing personal data of four million individuals. Global automated scanning surged 16.7% in 2024. CISA discloses several critical vulnerabilities affecting Planet Technology's industrial switches and network management products. A Greek court upholds a VPN provider's no-logs policies. Law enforcement dismantles the JokerOTP phishing tool. Our guest is Tim Starks from CyberScoop with developments in the NSO Group trial. How Bad Scans and AI Spread a Scientific Urban Legend. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Special Edition On our ⁠Microsoft for Startups⁠ Spotlight, brought to you by N2K CyberWire and Microsoft, we are shining a light on innovation, ambition, and the tech trailblazers building the future right from the startup trenches. This episode is part of our exclusive RSAC series where we dive into the real world impact of the Microsoft for Startups Founders Hub.  Along with Microsoft's ⁠Kevin Magee⁠, Dave Bittner talks with an entrepreneur and startup veteran, and founders from three incredible startups who are part of the Founders Hub, each tackling big problems with even bigger ideas.  Dave and Kevin set the stage speaking with startup veteran and Cygenta co-founder FC about making the leap from hacker to entrepreneur. Dave and Kevin then speak with three founders: ⁠Matthew Chiodi⁠ of ⁠Cerby⁠, ⁠Travis Howerton⁠ of ⁠RegScale⁠, and ⁠Karl Mattson⁠ of ⁠Endor Labs⁠. So whether you are building your own startup or just love a good innovation story, listen in. For more information, visit the ⁠Microsoft for Startups website⁠. CyberWire Guest We are joined by Tim Starks from CyberScoop who is discussing Judge limits evidence about NSO Group customers, victims in damages trial Selected Reading Nationwide Power Outages in Portugal & Spain Possibly Due to Cyberattack (Cyber Security News) Iran claims it stopped large cyberattack on country's infrastructure (The Record) 400+ SAP NetWeaver Devices Vulnerable to 0-Day Attacks that Exploited in the Wild (Cyber Security News) M&S warehouse workers told not to come to work following cyberattack (The Record) 4 Million Affected by VeriSource Data Breach (SecurityWeek) Researchers Note 16.7% Increase in Automated Scanning Activity (Infosecurity Magazine) Critical Vulnerabilities Found in Planet Technology Industrial Networking Products (SecurityWeek) Court Dismisses Criminal Charges Against VPN Executive, Affirms No-Log Policy (Hackread) JokerOTP Dismantled After 28,000 Phishing Attacks, 2 Arrested (Hackread) A Strange Phrase Keeps Turning Up in Scientific Papers, But Why? (ScienceAlert) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The Defense Department is launching a new fast-track software approval process. A popular employee monitoring tool exposes over 21 million real-time screenshots. The U.S. opens a criminal antitrust investigation into router maker TP-Link. A pair of health data breaches affect over six million people. South Korea's SK Telecom confirms a cyberattack. A critical zero-day puts thousands of SAP applications at potential risk. Researchers raise concerns over AI agents performing unauthorized actions. “Policy Puppetry” can break the safety guardrails of all major generative AI models. New research tallies the high costs of data breaches. A preview of the RSAC Innovation Sandbox with Cecilia Marinier, Vice President at RSAC, and David Chen, Head of Global Technology Investment Banking at Morgan Stanley. Stocking hard drives full of human knowledge, just in case. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn CyberWire Guest Cecilia Marinier, Vice President at RSAC, and David Chen, Head of Global Technology Investment Banking at Morgan Stanley, sit down with Dave to discuss the Innovation Sandbox Contest 2025. Selected Reading Acting Pentagon CIO Signing Off on New, Faster Cyber Rules for Contractors (airandspaceforces) Top employee monitoring app leaks 21 million screenshots on thousands of users (TechRadar)  Router Maker TP-Link Faces US Criminal Antitrust Investigation (bloomberg) Yale New Haven Health Notifying 5.5 Million of March Hack (bankinfosecurity) Frederick Health data breach impacts nearly 1 million patients (BleepingComputer) Hackers access sensitive SIM card data at South Korea's largest telecoms company (bitdefender) SAP Zero-Day Possibly Exploited by Initial Access Broker (SecurityWeek) Chrome Extension Uses AI Engine to Act Without User Input (Infosecurity Magazine) All Major Gen-AI Models Vulnerable to 'Policy Puppetry' Prompt Injection Attack (SecurityWeek) US Data Breach Lawsuits Total $155M Amid Cybersecurity Failures (Infosecurity Magazine) Sales of Hard Drives for the End of the World Boom Under Trump (404media) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Verizon and Mandiant call for layered defenses against evolving threats. Cisco Talos describes ToyMaker and Cactus threat actors. Researchers discover a major Linux security flaw which allows rootkits to bypass traditional detection methods. Ransomware groups are experimenting with new business models. Deputy Assistant Director Cynthia Kaiser from the FBI Cyber Division shares the latest on Salt Typhoon. Global censorship takes a coffee break. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Dave sits down with Deputy Assistant Director Cynthia Kaiser from the FBI Cyber Division who shares  a PSA on Salt Typhoon. Selected Reading 2025 Data Breach Investigations Report (Verizon) Mandiant M-Trends 2025 Report (Mandiant) Introducing ToyMaker, an initial access broker working in cahoots with double extortion gangs (Ciso Talos) Linux 'io_uring' security blindspot allows stealthy rootkit attacks (bleepingcomputer) Ransomware groups test new business models to hit more victims, increase profits (the record) Cloudflare: Government-backed internet shutdowns plummet to zero in first quarter (the record) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The White House's shift of cybersecurity responsibilities to the states is met with skepticism. Baltimore City Public Schools suffer a ransomware attack. Russian state-backed hackers target Dutch critical infrastructure. Microsoft resolves multiple Remote Desktop issues. A new malware campaign is targeting Docker environments for cryptojacking. A new phishing campaign uses weaponized Word documents to steal Windows login credentials. Zyxel Networks issues critical patches for two high-severity vulnerabilities. CISA issues five advisories highlighting critical vulnerabilities in ICS systems. Our guest is Deputy Assistant Director Cynthia Kaiser from the FBI Cyber Division, sharing the findings of their latest IC3 report. So long, Privacy Sandbox.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Deputy Assistant Director Cynthia Kaiser from the FBI Cyber Division, as she is sharing the findings of their latest IC3 report. Selected Reading Trump is shifting cybersecurity to the states, but many aren't prepared (Stateline) Baltimore City Public Schools report data breach (beyondmachines) Russia attempting cyber sabotage attacks against Dutch critical infrastructure (record) Microsoft fixes Remote Desktop freezes caused by Windows updates (bleepingcomputer) New Malware Hijacking Docker Images with Unique Obfuscation Technique (cybersecuritynews) Hackers Exploit Weaponized Word Docs to Steal Windows Login Credentials (gbhackers) Kelly Benefits Data Breach Impacts 260,000 People (SecurityWeek) Data Breach at Onsite Mammography Impacts 350,000 (SecurityWeek) Zyxel Patches Privilege Management Vulnerabilities in USG FLEX H Series Firewalls (cybersecuritynews) CISA Releases Five Advisories Covering ICS Vulnerabilities & Exploits (cybersecuritynews) RIP to the Google Privacy Sandbox (The Register) 2024 IC3 ANNUAL REPORT  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The Russian Proton66 is tied to cybercriminal bulletproof hosting services. A new Rust-based botnet hijacks vulnerable routers. CISA budget cuts limit the use of popular analysis tools. A pair of healthcare providers confirm ransomware attacks. Researchers uncover the Scallywag  ad fraud network. The UN warns of cyber-enabled fraud in Southeast Asia expanding at an industrial scale. Fog ransomware resurfaces and points a finger at DOGE. The cybercrime marketplace Cracked relaunches under a new domain. On our Industry Voices segment, Bob Maley, CSO of Black Kite, shares insights on the growing risk of third-party cyber incidents. Taking the scenic route through Europe's digital landscape. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Kim Jones, the new Host of CISO Perspectives podcast, previewing the latest episode where Kim is joined by Larry Whiteside Jr. discussing “Are we a trade or a profession?” Industry Voices On our Industry Voices segment, Bob Maley, CSO of Black Kite, sharing insights on the growing risk of third-party cyber incidents. Selected Reading Many Malware Campaigns Linked to Proton66 Network (SecurityWeek) New Rust Botnet Hijacking Routers to Inject Commands Remotely (Cyber Security News) CISA Issues Warning Against Using Censys, VirusTotal in Threat Hunting Ops (GB Hackers) Two Healthcare Orgs Hit by Ransomware Confirm Data Breaches Impacting Over 100,000 (SecurityWeek) Scalllywag Ad Fraud Network Generates 1.4 Billion Bid Requests Daily (Infosecurity Magazine) $40bn Southeast Asian Scam Sector Growing “Like a Cancer” (Infosecurity Magazine) Fog ransomware notes troll with DOGE references, bait insider attacks (SC World) Reborn: Cybercrime Marketplace Cracked Appears to Be Back (BankInfo Security) Nemesis darknet market founder indicted for years-long “borderless powerhouse of criminal activity” (Cybernews) Digital Weaning Guide from the United States (Dagbladet Information) Two top cyber officials resign from CISA (The Record) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Adversary nations are using ClickFix in cyber espionage campaigns. Japan's Financial Services Agency issues an urgent warning after hundreds of millions in unauthorized trades. The critical Erlang/OTP's SSH vulnerability now has public exploits. A flawed rollout of a new Microsoft Entra app triggers widespread account lockouts.  The alleged operator of SmokeLoader malware faces federal hacking charges. A new scam blends social engineering, malware, and NFC tech to drain bank accounts. GSA employees may have been oversharing sensitive documents. Yoni Shohet, Co-Founder and CEO of Valence Security, who cautions financial organizations of coming Chinese open source AI. Crosswalks in the crosshairs of satirical hacking. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest We are joined by Yoni Shohet, Co-Founder and CEO of Valence Security, discussing how the onslaught of more open source AI tools coming out of China will be difficult to manage for companies especially those in the financial sector. Selected Reading North Korea, Iran, Russia-Backed Hackers Deploy ClickFix in New Attacks (Hackread) Countries Shore Up Their Digital Defenses as Global Tensions Raise the Threat of Cyberwarfare (SecurityWeek) Japan warns of hundreds of millions of dollars in unauthorized trades from hacked accounts (The Record) Critical Erlang/OTP SSH RCE bug now has public exploits, patch now (Bleeping Computer) Widespread Microsoft Entra lockouts tied to new security feature rollout (Bleeping Computer) Alleged SmokeLoader malware operator facing federal charges in Vermont (The Record) New payment-card scam involves a phone call, some malware and a personal tap (The Record) Sensitive files, including White House floor plans, shared with thousands (The Washington Post) Hacking US crosswalks to talk like Zuck is as easy as 1234 (The Register)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

A critical vulnerability in Erlang/OTP SSH allows unauthenticated remote code execution. There's a bipartisan effort to renew a key cybersecurity info sharing law. A newly discovered Linux kernel vulnerability allows local attackers to escalate privileges. A researcher uncovers 57 risky Chrome extensions with a combined 6 million users. AttackIQ shares StrelaStealer simulations. A major live events service provider notifies employees and customers of a data breach. CISA warns of an actively exploited SonicWall vulnerability. An airport retailer agrees to a multi-million dollar settlement stemming from a ransomware attack. A preview of RSAC 2025 with Linda Gray Martin and Britta Glade. Zoom-a-zoom zoom, it's always DNS.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today Dave sits down with Linda Gray Martin, Chief of Staff, and Britta Glade, SVP of Content and Communities, from RSAC sharing what is new at RSAC 2025. Selected Reading Critical Erlang/OTP SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch now (Bleeping Computer) Bipartisan duo wants to renew 10-year-old cyberthreat information sharing law (The Record) Linux Kernel Vulnerability Let Attackers Escalate Privilege – PoC Released (Cyber Security News) Chrome extensions with 6 million installs have hidden tracking code (Bleeping Computer) Emulating the Stealthy StrelaStealer Malware (AttackIQ) Live Events Giant Legends International Hacked (SecurityWeek) CISA tags SonicWall VPN flaw as actively exploited in attacks (Bleeping Computer) Airport retailer agrees to $6.9 million settlement over ransomware data breach (The Record) Global Zoom Outage Caused by Server Block Imposed from GoDaddy Registry (Cyber Security News) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Microsoft issues emergency updates for Windows Server. Apple releases emergency security updates to patch two zero-days. CISA averts a CVE program disruption. Researchers uncover Windows versions of the BrickStorm backdoor. Atlassian and Cisco patch several high-severity vulnerabilities. An Oklahoma cybersecurity CEO is charged with hacking a local hospital. A Fortune 500 financial firm reports an insider data breach. Researchers unmask IP addresses behind the Medusa Ransomware Group. CISA issues a warning following an Oracle data breach. On our Industry Voices segment, we are joined by Rob Allen, Chief Product Officer at ThreatLocker, to discuss a layered approach to zero trust. Former CISA director Chris Krebs steps down from his role at SentinelOne. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Industry Voices On our Industry Voices segment, we are joined by Rob Allen, Chief Product Officer at ThreatLocker, to discuss a layered approach to zero trust. Selected Reading New Windows Server emergency updates fix container launch issue (Bleeping Computer) Apple fixes two zero-days exploited in targeted iPhone attacks (Bleeping Computer) CISA Throws Lifeline to CVE Program with Last-Minute Contract Extension (Infosecurity Magazine) MITRE Hackers' Backdoor Has Targeted Windows for Years (SecurityWeek) Vulnerabilities Patched in Atlassian, Cisco Products (SecurityWeek) Edmond cybersecurity CEO accused in major hack at hospital (KOCO News) Fortune 500 firm's ex-employee exposes thousands of clients (Cybernews) Researchers Deanonymized Medusa Ransomware Group's Onion Site (Cyber Security News) CISA warns of potential data breaches caused by legacy Oracle Cloud leak (The Record) Krebs Exits SentinelOne After Security Clearance Pulled (SecurityWeek) The top 10 ThreatLocker policies for 2025 (ThreatLocker) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The CVE program gets a last-minute reprieve. A federal whistleblower alleges a security breach at the NLRB. Texas votes to spin up their very own Cyber Command. BreachForums suffers another takedown. A watchdog group sues the federal government over SignalGate allegations. The SEC Chair reveals a 2016 hack. ResolverRAT targets the healthcare and pharmaceutical sectors worldwide. Microsoft warns of blue screen crashes following recent updates. On our CertByte segment, Chris Hare is joined by Troy McMillan to break down a question targeting the EC-Council® Certified Ethical Hacker (CEH) exam. 4chan gets Soyjacked.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CertByte Segment Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare, a content developer and project management specialist at N2K. In each segment, Chris is joined by an N2K Content Developer to help illustrate the learning. This week, Chris is joined by Troy McMillan to break down a question targeting the EC-Council® Certified Ethical Hacker (CEH) exam. Today's question comes from N2K's EC-Council Certified Ethical Hacker CEH (312-50) Practice Test. Have a question that you'd like to see covered? Email us at certbyte@n2k.com. If you're studying for a certification exam, check out N2K's full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify.To get the full news to knowledge experience, learn more about our N2K Pro subscription at https://thecyberwire.com/pro.  Please note: The questions and answers provided here, and on our site, are not actual current or prior questions and answers from these certification publishers or providers. Selected Reading Funding Expires for Key Cyber Vulnerability Database (Krebs on Security) CISA extends funding to ensure 'no lapse in critical CVE services' (Bleeping Computer) CVE Foundation (CVE Foundation) NoVa govcon firm Mitre to lay off 442 employees after DOGE cuts contracts (Virginia Business) Federal employee alleges DOGE activity resulted in data breach at labor board (NBC News) Whistleblower claims DOGE took sensitive data - now he's being hounded by threatening notes (CNN via YouTube) New state agency to deal with cyber threats advances in Texas House (Texarkana Gazette) BreachForums taken down by the FBI? Dark Storm hackers say they did it “for fun” (Cybernews) Here's What Happened to Those SignalGate Messages (WIRED) After breach, SEC says hackers used stolen data to buy stocks (CNET) New ResolverRAT malware targets pharma and healthcare orgs worldwide (Bleeping Computer) Microsoft warns of blue screen crashes caused by April updates (Bleeping Computer) Infamous message board 4chan taken down following major hack (Bleeping Computer)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Some U.S. banks pause electronic communications with the OCC following a major breach of the agency's email system. Uncertainty spreads at CISA. China accuses three alleged U.S. operatives of conducting cyberattacks during February's Asian Games. Microsoft Teams suffers filesharing issues. Fraudsters use ChatGPT to create fake passports. Car rental giant Hertz confirms data stolen in last year's Cleo breach. Researchers describe a novel process injection method called Waiting Thread Hijacking. A new macOS malware-as-a-service threat is being sold on underground forums. A UK man is sentenced to over eight years for masterminding the LabHost phishing platform. Kim Jones joins us with a preview of the newly relaunched CISO Perspective podcast.  David Moulton  from Unit 42 sits down with Rob Wright, Security News Director at Informa TechTarget for the latest Threat Vector. Fighting the flood of AI generated experts.   Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Kim Jones joins Dave to launch the newly rebranded CISO Perspectives—formerly CSO Perspectives. We're excited to welcome a fresh voice to the mic as Kim takes the helm. In this premiere episode, he's joined by Ed Adams for a candid conversation about the evolving role of the CISO and the big question on everyone's mind: Is the cyber talent ecosystem broken? Tune in as Kim kicks off this next chapter—same mission, sharper focus, new perspective. Threat Vector Segment The cybersecurity industry is full of headlines, but are we paying attention to the right ones? In this segment of Threat Vector, host David Moulton, Director of Thought Leadership at Unit 42, sits down with Rob Wright, Security News Director at Informa TechTarget, to discuss the stories the industry overlooks, the overhyped AI security fears, and the real risks posed by certificate authorities. You can listen to the full conversation here and catch new episodes of Threat Vector each Thursday on your favorite podcast app.  Selected Reading OCC Hack: JPMorgan, BNY Limit Information Sharing With Agency After Breach (Bloomberg) CISA Braces for Major Workforce Cuts Amid Security Fears (BankInfo Security) China Pursuing 3 Alleged US Operatives Over Cyberattacks During Asian Games (SecurityWeek) Microsoft Teams File Sharing Outage, Users Unable to Share Files (Cyber Security News) ChatGPT Image Generator Abused for Fake Passport Production (GB Hackers) Hertz says personal, sensitive data stolen in Cleo attacks (The Register) Waiting Thread Hijacking: A Stealthier Version of Thread Execution Hijacking (Check Point Research) macOS Users Beware! Hackers Allegedly Offering Full System Control Malware for Rent (Cyber Security News) LabHost Phishing Mastermind Sentenced to 8.5 Years (Infosecurity Magazine) Virtual reality: The widely-quoted media experts who are not what they seem (Press Gazette)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The Department of the Interior removes top cybersecurity and tech officials. The DOJ looks to block foreign adversaries from acquiring sensitive personal data of U.S. citizens. Microsoft issues emergency updates to fix an Active Directory bug. Hackers are installing stealth backdoors on FortiGate devices. Researchers warn of a rise in “Dangling DNS” attacks. A pair of class action lawsuits allege a major adtech firm secretly tracks users online without consent. Google is fixing a 20-year-old Chrome privacy flaw. The Tycoon2FA phishing-as-a-service platform continues to evolve. My guest is Tim Starks from CyberScoop, discussing the latest from CISA and Chris Krebs. Slopsquatting AI totally harshes the supply chain vibe.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Tim Starks from CyberScoop, and he is discussing the latest with CISA and Chris Krebs. Selected Reading Interior Department Ousts Key Cyber Leaders Amid DOGE Spat (Data Breach Today) US Blocks Foreign Governments from Acquiring Citizen Data (Infosecurity Magazine) Microsoft: New emergency Windows updates fix AD policy issues (Bleeping Origin) Fortinet Issues Fixes After Attackers Bypass Patches to Maintain Access (Hackread) Dangling DNS Attack Let Hackers Gain Control Over Organization's Subdomain (Cyber Security News) Two Lawsuits Allege The Trade Desk Secretly Violates Consumer Privacy Laws (AdTech) Chrome 136 fixes 20-year browser history privacy risk (Bleeping Computer) Tycoon2FA phishing kit targets Microsoft 365 with new tricks (Bleeping Computer) AI Hallucinations Create a New Software Supply Chain Threat (SecurityWeek) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA braces for widespread staffing cuts. Russian hackers target a Western military mission in Ukraine. China acknowledges Volt Typhoon. The U.S. signs on to global spyware restrictions. A lab supporting Planned Parenthood confirms a data breach. Threat actors steal metadata from unsecured Amazon EC2 instances. A critical WordPress plugin vulnerability is under active exploitation. A new analysis details a critical unauthenticated remote code execution flaw affecting Ivanti products. Joining us today is Johannes Ullrich, Dean of Research at SANS Technology Institute, with his take on "Vibe Security." Does AI understand, and does that ultimately matter?  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Joining us today is Johannes Ullrich, Dean of Research at SANS Technology Institute, discussing "Vibe Security," similar to “Vibe Coding” where security teams overly rely on AI to do their job. Selected Reading Trump administration planning major workforce cuts at CISA (The Record) Cybersecurity industry falls silent as Trump turns ire on SentinelOne (Reuters) Russian hackers attack Western military mission using malicious drive (Bleeping Computer) China Admitted to US That It Conducted Volt Typhoon Attacks: Report (SecurityWeek) US to sign Pall Mall pact aimed at countering spyware abuses (The Record) US lab testing provider exposed health data of 1.6 million people (Bleeping Computer) Amazon EC2 instance metadata targeted in SSRF attacks (SC Media) Vulnerability in OttoKit WordPress Plugin Exploited in the Wild (SecurityWeek) Ivanti 0-day RCE Vulnerability Exploitation Details Disclosed (Cyber Security News) Experts Debate: Do AI Chatbots Truly Understand? (IEEE Spectrum) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Trump targets former cybersecurity officials. Senator blocks CISA nominee over telecom security concerns. The acting head of NSA and Cyber Command makes his public debut. Escalation of Cyber Tensions in U.S.-China Trade Relations. Researchers evaluate the effectiveness of Large Language Models (LLMs) in automating Cyber Threat Intelligence. Hackers at Black Hat Asia pown a Nissan Leaf. A smart hub vulnerability exposes WiFi credentials. A new report reveals routers' riskiness. Operation Endgames nabs SmokeLoader botnet users. Our guest is Anushika Babu, Chief Growth Officer at AppSecEngineer, joins us to discuss the creative ways people are using AI. The folks behind the Flipper Zero get busy. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Anushika Babu, Chief Growth Officer at AppSecEngineer, joins us to discuss the creative ways people are using AI. Selected Reading Trump Signs Memorandum Revoking Security Clearance of Former CISA Director Chris Krebs (Zero Day) Senator puts hold on Trump's nominee for CISA director, citing telco security 'cover up' (TechCrunch) Infosec experts fear China could retaliate against tariffs with a Typhoon attack (The Register) New US Cyber Command, NSA chief glides in first public appearance (The Record) LARGE LANGUAGE MODELS ARE UNRELIABLE FOR CYBER THREAT INTELLIGENCE (ARXIG) Nissan Leaf Hacked for Remote Spying, Physical Takeover (SecurityWeek) TP-Link IoT Smart Hub Vulnerability Exposes Wi-Fi Credentials (Cyber Security News) Study Identifies 20 Most Vulnerable Connected Devices of 2025 (SecurityWeek) Authorities Seized Smokeloader Malware Operators & Seized Servers (Cyber Security News) Flipper Zero maker unveils ‘Busy Bar,' a new ADHD productivity tool (Bleeping Computer) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Treasury's OCC reports a major email breach. Patch Tuesday updates. A critical vulnerability in AWS Systems Manager (SSM) Agent allowed attackers to execute arbitrary code with root privileges.  Experts urge Congress to keep strict export controls to help slow China's progress in AI. A critical bug in WhatsApp for Windows allows malicious code execution.CISA adds multiple advisories on actively exploited vulnerabilities. Insider threat allegations rock a major Maryland medical center. Microsoft's Ann Johnson from Afternoon Cyber Tea is joined by Jack Rhysider, the creator and host of the acclaimed podcast Darknet Diaries. Feds Aim to Rewrite Social Security Code in Record Time.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest In this episode of Afternoon Cyber Tea, Ann Johnson is joined by Jack Rhysider, the creator and host of the acclaimed podcast Darknet Diaries. You can hear the full conversation here. Be sure to catch new episodes of Afternoon Cyber Tea every other Tuesday on N2K CyberWIre and your favorite podcast app.  Selected Reading Treasury's OCC Says Hackers Had Access to 150,000 Emails (SecurityWeek) Microsoft Fixes Over 130 CVEs in April Patch Tuesday (Infosecurity Magazine) Vulnerabilities Patched by Ivanti, VMware, Zoom (SecurityWeek) Fortinet Patches Critical FortiSwitch Vulnerability (SecurityWeek) ICS Patch Tuesday: Vulnerabilities Addressed by Rockwell, ABB, Siemens, Schneider (SecurityWeek) AWS Systems Manager Plugin Vulnerability Let Attackers Execute Arbitrary Code (Cyber Security News) Tech experts recommend full steam ahead on US export controls for AI (CyberScoop) Don't open that file in WhatsApp for Windows just yet (The Register) CISA Warns of Microsoft Windows CLFS Vulnerability Exploited in Wild (Cyber Security News) CISA Urges Urgent Patching for Exploited CentreStack, Windows Zero-Days (SecurityWeek) Pharmacist accused of spying on women using work, home cams (The Register) DOGE Plans to Rebuild SSA Code Base in Months, Risking Benefits and System Collapse (WIRED)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Is DOGE using AI to monitor federal employees? Google's latest Android update addresses two zero-days. Scattered Spider continues its phishing and malware campaigns. Ransomware's grip is slipping. ToddyCat exploits a critical flaw in ESET products. Oracle privately confirms a legacy system breach. Over 5,000 Ivanti Connect Secure appliances remain exposed online to a critical remote code execution vulnerability. CISA confirms active exploitation of a critical vulnerability in CrushFTP. In our Industry Voices segment, we are joined by Matt Radolec, VP of Incident Response at Varonis, on turning to gamers to to Build Resilient Cyber Teams. AI outphishes human red teams.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest In our Industry Voices segment, we are joined by Matt Radolec, VP of Incident Response, Cloud Operations & SE EU from Varonis, as he is discussing research on “From Gamer to Leader: How to Build Resilient Cyber Teams.” Catch Matt's keynote at RSAC 2025 on April 30th.  Selected Reading Exclusive: Musk's DOGE using AI to snoop on U.S. federal workers, sources say (Reuters) Tariff Wars: The Technology Impact (BankInfo Security) Google Patched Android 0-Day Vulnerability Exploited in the Wild (Cyber Security News)  Scattered Spider adds new phishing kit, malware to its web (The Register) Ransomware Underground Faces Declining Relevance (BankInfo Security) ESET Vulnerability Exploited for Stealthy Malware Execution (SecurityWeek) Oracle Confirms that Hackers Broke Systems & Stole Client Login Credentials (Cyber Security News)  Exploited Vulnerability Puts 5,000 Ivanti VPN Appliances at Risk (SecurityWeek) CISA Warns of CrushFTP Vulnerability Exploitation in the Wild (Infosecurity Magazine) AI Outsmarts Human Red Teams in Phishing Tests (GovInfo Security) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

UK court blocks government's attempt to keep Apple encryption case secret. Port of Seattle says last year's breach affected 90,000 people. Verizon Call Filter App flaw exposes millions' call records. Hackers hit Australian pension funds. A global threat hiding in plain sight. Cybercriminals are yelling CAPTCH-ya! Meta retires U.S. fact-checking program. Our guest today is Rob Boyce from Accenture and he's discussing Advanced Persistent Teenagers (APTeens). And Google's AI Goes Under the Sea. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Rob Boyce, Global Lead for Cyber Resilience at Accenture, joins to discuss Advanced Persistent Teenagers (APTeens). Advanced Persistent Teenagers (APTeens) have rapidly become a significant enterprise risk by demonstrating capabilities once limited to organized ransomware groups, the threat from juvenile, homegrown threat-actors has risen steadily.  Selected Reading UK Effort to Keep Apple Encryption Fight Secret Blocked in Court (Bloomberg) Port of Seattle says ransomware breach impacts 90,000 people (BleepingComputer) Call Records of Millions Exposed by Verizon App Vulnerability (SecurityWeek) Cybercriminals are trying to loot Australian pension accounts in new campaign (The Record) NEPTUNE RAT Attacking Windows Users to Exfiltrate Passwords from 270+ Apps (Cyber Security News) Threat Actors Using Fake CAPTCHAs and CloudFlare Turnstile to Deliver LegionLoader (Cyber Security News)  Meta ends its fact-checking program in the US later today, replaces it with Community Notes (Techspot) Suspected Scattered Spider Hacker Pleads Guilty (SecurityWeek) This Alphabet Spin-off Brings “Fishal Recognition” to Aquaculture (IEEE Spectrum)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of Career Notes. Chief Security Officer, Chief Analyst, and Senior Fellow at the CyberWire, Rick Howard, shares his travels through the cybersecurity job space. The son of a gold miner who began his career out of West Point in the US Army, Rick worked his way up to being the Commander of the Army's Computer Emergency Response Team. Rick moved to the commercial sector working for Bruce Schneier running Counterpane's global SOC. Rick's first CSO job was for Palo Alto Networks where he was afforded the opportunity to create the Cybersecurity Canon Hall of Fame and the Cyber Threat Alliance. Upon considering retirement, Rick called up on the CyberWire to ask about doing a podcast and he was hired on to the team. Rick shares a proud moment through a favorite story. We thank Rick for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

President Trump fires the head of NSA and Cyber Command. The Health Sector Coordinating Council asks the White House to abandon Biden-era security updates. Senators introduce bipartisan legislation to help fight money laundering. A critical vulnerability has been discovered in the Apache Parquet Java library. The State Bar of Texas reports a ransomware-related data breach. New Android spyware uses a password-protected uninstallation method. A Chinese state-backed threat group exploits a critical Ivanti vulnerability for remote code execution. Today's guest is Dave Dewalt, Founder and CEO of NightDragon, with the latest trends and outlook from cyber leaders.  Malware masquerades as the tax man. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today's guest is Dave Dewalt, Founder and CEO of NightDragon, sharing 2024 trends and a 2025 outlook. Selected Reading Haugh fired from leadership of NSA, Cyber Command (The Record) Defense Sec Hegseth in Signalgate Pentagon watchdog probe (The Register) HSCC Urges White House to Shift Gears on Health Cyber Regs (BankInfo Security) Lawmakers seek to close loophole limiting Secret Service investigations into cyber laundering (The Record) Critical Apache Parquet RCE Vulnerability Lets Attackers Run Malicious Code (Cyber Security News) State Bar of Texas Says Personal Information Stolen in Ransomware Attack (SecurityWeek) New Android Spyware That Asks Password From Users to Uninstall (TechCrunch) Chinese State Hackers Exploiting Newly Disclosed Ivanti Flaw (Infosecurity Magazine) Hackers Leveraging URL Shorteners & QR Codes for Tax-Related Phishing Attacks (Microsoft) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

A joint advisory labels Fast Flux a national security threat. Europol shuts down a major international CSAM platform. Oracle verifies a data breach. A new attack targets Apache Tomcat servers. The Hunters International group pivots away from ransomware. Hackers target Juniper routers using default credentials. A controversy erupts over a critical CrushFTP vulnerability.  Johannes Ullrich, Dean of Research at SANS Technology Institute unpacks Next.js.  Abracadabra, alakazam — poof! Your credentials are gone. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Johannes Ullrich, Dean of Research at SANS Technology Institute, is discussing Next.js and how similar problems have led to vulnerabilities recently. Selected Reading Fast Flux: A National Security Threat (CISA) Don't cut CISA personnel, House panel leaders say, as they plan legislation giving the agency more to do (CyberScoop) CSAM platform Kidflix shut down by international operation (The Record) AI Image Site GenNomis Exposed 47GB of Underage Deepfakes (Hackread) Oracle tells clients of second recent hack, log-in data stolen, Bloomberg News reports (Reuters) Hackers Exploiting Apache Tomcat Vulnerability to Steal SSH Credentials & Gain Server Control (Cyber Security News) Hunters International Ransomware Gang Rebranding, Shifting Focus (SecurityWeek) Hackers Actively Scanning for Juniper's Smart Router With Default Password (Cyber Security News) Details Emerge on CVE Controversy Around Exploited CrushFTP Vulnerability (SecurityWeek)  New Malware Attacking Magic Enthusiasts to Steal Login Credentials (Cyber Security News) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Google and Mozilla patch nearly two dozen security flaws. The UK's Royal Mail Group sees 144GB of data stolen and leaked. A bizarre campaign looks to recruit cybersecurity professionals to hack Chinese websites. PostgreSQL servers with weak credentials have been compromised for cryptojacking. Google Cloud patches a vulnerability affecting its Cloud Run platform. Oracle faces a class-action lawsuit over alleged cloud services data breaches. CISA releases ICS advisories detailing vulnerabilities in Rockwell Automation and Hitachi Energy products. General Paul Nakasone offers a candid assessment of America's evolving cyber threats. On today's CertByte segment,  a look at the Cisco Enterprise Network Core Technologies exam. Are AI LLMs more like minds or mirrors? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CertByte Segment Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare, a content developer and project management specialist at N2K, we share practice questions from N2K's suite of industry-leading certification resources, this week, Chris is joined by Troy McMillan to break down a question targeting the Cisco Enterprise Network Core Technologies (350-401 ENCOR) v1.1 exam. Today's question comes from N2K's Cisco CCNP Implementing and Operating Cisco Enterprise Network Core Technologies ENCOR (350-401) Practice Test. The ENCOR exam enables candidates to earn the Cisco Certified Specialist - Enterprise Core certification, which can also be used to meet exam requirements for several other Cisco certifications. Have a question that you'd like to see covered? Email us at certbyte@n2k.com. If you're studying for a certification exam, check out N2K's full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify.To get the full news to knowledge experience, learn more about our N2K Pro subscription at https://thecyberwire.com/pro.  Please note: The questions and answers provided here, and on our site, are not actual current or prior questions and answers from these certification publishers or providers. Additional source: https://www.cisco.com/site/us/en/learn/training-certifications/exams/encor.html   Selected Reading Chrome 135, Firefox 137 Patch High-Severity Vulnerabilities (SecurityWeek) Royal Mail Group Loses 144GB to Infostealers: Same Samsung Hacker, Same 2021 Infostealer Log (Infostealers) Someone is trying to recruit security researchers in bizarre hacking campaign (TechCrunch) Ongoing cryptomining campaign hits over 1.5K PostgreSQL servers (SC Media) ImageRunner Flaw Exposed Sensitive Information in Google Cloud (SecurityWeek) Google Brings End-to-End Encrypted Emails to All Enterprise Gmail Users (SecurityWeek) Oracle now faces class action amid alleged data breaches (The Register) CISA Releases Two ICS Advisories for Vulnerabilities, & Exploits Surrounding ICS (Cyber Security News) Exclusive: Gen. Paul Nakasone says China is now our biggest cyber threat (The Record) Large AI models are cultural and social technologies (Science) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The UK unveils the full scope of its upcoming Cyber Security and Resilience Bill. Apple warns of critical zero-day vulnerabilities under active exploitation. The InterLock ransomware group claims responsibility for a cyberattack on National Presto Industries. Microsoft flags a critical vulnerability in Canon printer drivers. Check Point Software confirms a data breach. The FTC warns 23andMe's bankruptcy trustees to uphold their privacy obligations. A Canadian hacker has been arrested and charged for allegedly breaching systems tied to the Texas Republican Party. A GCHQ intern pleads guilty to stealing top-secret data. On our Threat Vector segment, host David Moulton from Palo Alto Networks speaks with Richu Channakeshava, Senior Product Manager at Palo Alto Networks, about the urgent need for organizations to prepare for a post-quantum world. The confabulous hallucinations of AI.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector Segment Host David Moulton from Palo Alto Networks Threat Vector podcast asks “Is the Quantum Threat Closer Than You Think?” on the latest segment of Threat Vector. Quantum computing is advancing fast, and with it comes a major cybersecurity risk—the potential to break today's encryption standards. David speaks with Richu Channakeshava, Senior Product Manager at Palo Alto Networks, about the urgent need for organizations to prepare for a post-quantum world. You can catch the full discussion here. Be sure to listen to new episodes of Threat Vector every Thursday on your favorite podcast app.  Selected Reading UK threatens £100K-a-day fines under new cyber bill (The Register) Apple Warns of Three 0-Day Vulnerabilities Actively Exploited in Attacks (Cyber Security News) Ransomware Group Takes Credit for National Presto Industries Attack (SecurityWeek) Critical Vulnerability Found in Canon Printer Drivers (SecurityWeek) Check Point Acknowledges Data Breach, Claims Information is 'Old (Cyber Security News) FTC: 23andMe's Buyer Must Uphold Co.'s Data Privacy Pledge (BankInfo Security) Canadian hacker arrested for allegedly stealing data from Texas Republican Party (The Record) GCHQ intern took top secret spy tool home, now faces prison (The Register) A Peek Into How AI 'Thinks' - and Why It Hallucinates (GovInfo Security) Why Confabulation, Not Hallucination, Defines AI Errors (Integrative Psych) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

A cyberattack targeting Oracle Health compromises patient data. The DOJ nabs over $8 million tied to romance scams. Trend Micro examines a China-linked APT group conducting cyber-espionage. A new Android banking trojan called Crocodilus has emerged. North Korea's Lazarus Group targets job seekers in the crypto industry. CISA IDs a new malware variant targeting Ivanti Connect Secure appliances. Maria Varmazis, host of N2K's T-Minus Space Daily show chats with Jake Braun, former White House Principal Deputy National Cyber Director and chairman of DEF CON Franklin. They discuss designating space as critical infrastructure. Nulling out your pizza payment.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Maria Varmazis, host of N2K's T-Minus Space Daily show sits down with Jake Braun, former White House Principal Deputy National Cyber Director and chairman of DEF CON Franklin, and they discuss designating space as critical infrastructure and sharing an overview of its attack surface. Selected Reading Oracle Health breach compromises patient data at US hospitals (Bleeping Computer) Oracle Warns Health Customers of Patient Data Breach (Bloomberg) Critical Condition: Legacy Medical Devices Remain Easy Targets for Ransomware (SecurityWeek) U.S. seized $8.2 million in crypto linked to 'Romance Baiting' scams (Bleeping Computer) DOJ Seizes USD 8.2M Tied to Pig Butchering Scheme (TRM Labs) Earth Alux Hackers Employ VARGIET Malware to Attack Organizations (Cyber Security News)  'Crocodilus' Android Banking Trojan Allows Device Takeover, Data Theft (SecurityWeek) ClickFake Interview – Lazarus Hackers Exploit Windows and macOS Users Fake Job Campaign (Cyber Security News)  CISA Analyzes Malware Used in Ivanti Zero-Day Attacks (SecurityWeek) How A Null Character Was Used to Bypass Payments (System Weakness on Medium)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Mozilla patches Firefox flaw similar to actively exploited Chrome vulnerability. Russia-based RedCurl gang deploys ransomware for the first time. Ukraine's railway operator recovers from cyberattack. India cracks down on Google's billing monopoly. Morphing Meerkat's phishing kit abuses DNS mail exchange records. 300,000 attacks in three weeks. Our guest is Chris Wysopal, Founder and Chief Security Evangelist of Veracode, who sits down with Dave to discuss the increase in the average fix time for security flaws. And Liz Stokes joins with another Fun Fact Friday.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Chris Wysopal, Founder and Chief Security Evangelist of Veracode, discussing increase in the average fix time for security flaws and percent of organizations that carry critical security debt for longer than a year. Selected Reading After Chrome patches zero-day used to target Russians, Firefox splats similar bug (The Register) Microsoft fixes Remote Desktop issues caused by Windows updates (Bleeping Computer) Firefox fixes flaw similar to Chrome zero-day used against Russian organizations (The Record) RedCurl's Ransomware Debut: A Technical Deep Dive (Bitdefender) Ukraine's state railway restores online ticket sales after major cyberattack (The Record) Google App Store Billing Policy Anti-Competitive, India Court Rules (Bloomberg) Morphing Meerkat PhaaS Platform Spoofs 100+ Brands - Infosecurity Magazine (Infosecurity Magazine) Fresh Grandoreiro Banking Trojan Campaigns Target Latin America, Europe (SecurityWeek) Malware distributed via fake DeepSeek ads on Google (SC Media) GorillaBot Attacks Windows Devices With 300,000+ Attack Commands Across 100+ Countries (Cyber Security News)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices