Podcasts about scattered spider

In this episode of Reimagining Cyber, cybersecurity expert Tyler Moffitt unpacks one of the most shocking cybercrime stories in recent years—the rise and supposed shutdown of Scattered Spider. From social engineering mastery and high-profile breaches to teenage ringleaders and sudden “retirements,” this group has rewritten the playbook on digital extortion.Tyler walks us through:Who Scattered Spider really is and how they operated as elite access brokersThe group's role in major incidents like MGM Resorts, Caesars, UK retailers, telecoms, and even government agenciesThe arrests spanning the UK, US, and Spain—including suspects as young as 17The bizarre shutdown announcement promising apologies, rehab, and deleted dataWhy most experts expect rebrands, not retirementThe episode closes with practical takeaways for CISOs: protecting identity, hardening help desks, modernizing MFA, and preparing for the next wave of copycats. Whether the group is gone for good or merely regrouping, their tactics will continue to echo across the threat landscape.Follow or subscribe to the show on your preferred podcast platform.Share the show with others in the cybersecurity world.Get in touch via reimaginingcyber@gmail.com As featured on Million Podcasts' Best 100 Cybersecurity Podcast and Best 70 Chief Information Security Officer CISO Podcasts rankings.

Tom Uren and Amberleigh Jack talk about how the funnel that turns kids into cyber criminals has evolved over the last decade. Cybercrime's reach has broadened, it is more lucrative and more violent. They also talk about new thinking about deterring America's cyber adversaries. This episode is also available on YouTube Show notes CSIS's Playbook for Winning the Cyber War Bloomberg reporting on Scattered Spider

On this week's show Patrick Gray and special guest Rob Joyce discuss the week's cybersecurity news, including: Secret Service raids a SIM farm in New York MI6 launches a dark web portal Are the 2023 Scattered Spider kids finally getting their comeuppance? Production halt continues for Jaguar Land Rover GitHub tightens its security after Shai-Hulud worm This week's episode is sponsored by Sublime Security. In this week's sponsor interview, Sublime founder and CEO Josh Kamdjou joins host Patrick Gray to chat about the pros and cons of using agentic AI in an email security platform. This episode is also available on YouTube Show notes U.S. Secret Service disrupts telecom network that threatened NYC during U.N. General Assembly MI6 launches darkweb portal to recruit foreign spies | The Record from Recorded Future News One Token to rule them all - obtaining Global Admin in every Entra ID tenant via Actor tokens | dirkjanm.io Github npm changes Flights across Europe delayed after cyberattack targets third-party vendor | Cybersecurity Dive Major European airports work to restore services after cyberattack on check-in systems | The Record from Recorded Future News When “Goodbye” isn't the end: Scattered LAPSUS$ Hunters hack on | DataBreaches.Net UK arrests 2 more alleged Scattered Spider hackers over London transit system breach | Cybersecurity Dive Alleged Scattered Spider member turns self in to Las Vegas police | The Record from Recorded Future News Las Vegas police arrest minor accused of high-profile 2023 casino attacks | CyberScoop DOJ: Scattered Spider took $115 million in ransoms, breached a US court system | The Record from Recorded Future News vx-underground on X: "Scattered Spider ransoms company for 964BTC - wtf_thats_alot.jpeg - Document says "Cost of BTC at time was $36M" - $36M / 964BTC = $37.5K - BTC value was $37.5K in November, 2023 - Google "Ransomware, November, 2023" - omfg.exe https://t.co/uv2EzbL5HT" | X JLR ‘cyber shockwave ripping through UK industry' as supplier share price plummets by 55% | The Record from Recorded Future News Jaguar Land Rover to extend production pause into October following cyberattack | Cybersecurity Dive New plan would give Congress another 18 months to revisit Section 702 surveillance powers | The Record from Recorded Future News AI-powered vulnerability detection will make things worse, not better, former US cyber official warns | Cybersecurity Dive

Is strapping notifications to your face the next frontier, or just tech gone too far? Dive into a lively, sometimes skeptical discussion on Meta's AR glasses, social media's shifting power, the fate of TikTok, and how AI is quietly rewriting the rules, whether we like it or not. Seeing Through the Reality of Meta's Smart Glasses I regret to inform you Meta's new smart glasses are the best I've ever tried Parents outraged as Meta uses photos of schoolgirls in ads targeting man Windows 10 EOL coming soon Trump's $100,000 Visa Fee Spurs Confusion and Chaos 4Chan, MAGAs unite in 'clog the toilet' op to block H-1B workers flying back iPhone Air review: Thinness with a point Phone batteries are getting more compact, but the US is missing out A MacBook Pro touchscreen? About damn time TikTok deal will be signed soon, with U.S. control of algorithm, White House says By some measures, TikTok has grown bigger than Facebook or Instagram in the US Two UK teens charged in connection to Scattered Spider ransomware attacks Teen Suspect Surrenders in 2023 Las Vegas Casino Cyberattack Case - Casino.org Jaguar Land Rover extends its production shutdown after a cyberattack discovered in late August, and says efforts to reboot production safely "will take time" ctrl/tinycolor and 40+ NPM Packages Compromised - StepSecurity Never steal a hacker's girlfriend's phone: How an expert exposed a global network of thieves Revealed: the huge growth of Myanmar scam centres that may hold 100,000 trafficked people Pope Leo XIV Rejects a proposal by a Catholic organization to create an "AI Pope Leo" avatar Ig Winners Host: Leo Laporte Guests: Devindra Hardawar, Fr. Robert Ballecer, SJ, and Nicholas De Leon Download or subscribe to This Week in Tech at https://twit.tv/shows/this-week-in-tech Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: uscloud.com smarty.com/twit ZipRecruiter.com/twit helixsleep.com/twit zscaler.com/security

A major ransomware attack disrupts airport operations across Europe. Congress is on the verge of letting major cyber legislation expire. A critical flaw nearly allowed total compromise of every Entra ID tenant. Automaker Stellantis confirms a data breach. Fortra patches a critical flaw in its GoAnywhere MFT software. Europol leads a major operation against online child sexual exploitation. Three of the cybersecurity industry's biggest players opt out of MITRE's 2025 ATT&CK Evaluations. A compromised Steam game drains a cancer patient's donations. Business Breakdown. Andrzej Olchawa and Milenko Starcik from VisionSpace join Maria Varmazis, host of T-Minus Space on hacking satellites. How one kid got tangled in Scattered Spider's web. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Andrzej Olchawa and Milenko Starcik from VisionSpace are speaking with Maria Varmazis, host of T-Minus Space on hacking satellites. Selected Reading EU cyber agency says airport software held to ransom by criminals (BBC News) Cyber threat information law hurtles toward expiration, with poor prospects for renewal (CyberScoop) Microsoft Entra ID flaw allowed hijacking any company's tenant (Bleeping Computer) Stellantis says a third-party vendor spilled customer data (The Register) Fortra Patches Critical GoAnywhere MFT Vulnerability (SecurityWeek) AI Forensics Help Europol Track 51 Children in Global Online Abuse Case (HackRead) Cyber Threat Detection Vendors Pull Out of MITRE Evaluations Test (Infosecurity Magazine) Verified Steam game steals streamer's cancer treatment donations (Bleeping Computer) CrowdStrike and Check Point intend to acquire AI security firms. (N2K CyberWire Business Briefing)  ‘I Was a Weird Kid': Jailhouse Confessions of a Teen Hacker (Bloomberg) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Is strapping notifications to your face the next frontier, or just tech gone too far? Dive into a lively, sometimes skeptical discussion on Meta's AR glasses, social media's shifting power, the fate of TikTok, and how AI is quietly rewriting the rules, whether we like it or not. Seeing Through the Reality of Meta's Smart Glasses I regret to inform you Meta's new smart glasses are the best I've ever tried Parents outraged as Meta uses photos of schoolgirls in ads targeting man Windows 10 EOL coming soon Trump's $100,000 Visa Fee Spurs Confusion and Chaos 4Chan, MAGAs unite in 'clog the toilet' op to block H-1B workers flying back iPhone Air review: Thinness with a point Phone batteries are getting more compact, but the US is missing out A MacBook Pro touchscreen? About damn time TikTok deal will be signed soon, with U.S. control of algorithm, White House says By some measures, TikTok has grown bigger than Facebook or Instagram in the US Two UK teens charged in connection to Scattered Spider ransomware attacks Teen Suspect Surrenders in 2023 Las Vegas Casino Cyberattack Case - Casino.org Jaguar Land Rover extends its production shutdown after a cyberattack discovered in late August, and says efforts to reboot production safely "will take time" ctrl/tinycolor and 40+ NPM Packages Compromised - StepSecurity Never steal a hacker's girlfriend's phone: How an expert exposed a global network of thieves Revealed: the huge growth of Myanmar scam centres that may hold 100,000 trafficked people Pope Leo XIV Rejects a proposal by a Catholic organization to create an "AI Pope Leo" avatar Ig Winners Host: Leo Laporte Guests: Devindra Hardawar, Fr. Robert Ballecer, SJ, and Nicholas De Leon Download or subscribe to This Week in Tech at https://twit.tv/shows/this-week-in-tech Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: uscloud.com smarty.com/twit ZipRecruiter.com/twit helixsleep.com/twit zscaler.com/security

Is strapping notifications to your face the next frontier, or just tech gone too far? Dive into a lively, sometimes skeptical discussion on Meta's AR glasses, social media's shifting power, the fate of TikTok, and how AI is quietly rewriting the rules, whether we like it or not. Seeing Through the Reality of Meta's Smart Glasses I regret to inform you Meta's new smart glasses are the best I've ever tried Parents outraged as Meta uses photos of schoolgirls in ads targeting man Windows 10 EOL coming soon Trump's $100,000 Visa Fee Spurs Confusion and Chaos 4Chan, MAGAs unite in 'clog the toilet' op to block H-1B workers flying back iPhone Air review: Thinness with a point Phone batteries are getting more compact, but the US is missing out A MacBook Pro touchscreen? About damn time TikTok deal will be signed soon, with U.S. control of algorithm, White House says By some measures, TikTok has grown bigger than Facebook or Instagram in the US Two UK teens charged in connection to Scattered Spider ransomware attacks Teen Suspect Surrenders in 2023 Las Vegas Casino Cyberattack Case - Casino.org Jaguar Land Rover extends its production shutdown after a cyberattack discovered in late August, and says efforts to reboot production safely "will take time" ctrl/tinycolor and 40+ NPM Packages Compromised - StepSecurity Never steal a hacker's girlfriend's phone: How an expert exposed a global network of thieves Revealed: the huge growth of Myanmar scam centres that may hold 100,000 trafficked people Pope Leo XIV Rejects a proposal by a Catholic organization to create an "AI Pope Leo" avatar Ig Winners Host: Leo Laporte Guests: Devindra Hardawar, Fr. Robert Ballecer, SJ, and Nicholas De Leon Download or subscribe to This Week in Tech at https://twit.tv/shows/this-week-in-tech Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: uscloud.com smarty.com/twit ZipRecruiter.com/twit helixsleep.com/twit zscaler.com/security

Is strapping notifications to your face the next frontier, or just tech gone too far? Dive into a lively, sometimes skeptical discussion on Meta's AR glasses, social media's shifting power, the fate of TikTok, and how AI is quietly rewriting the rules, whether we like it or not. Seeing Through the Reality of Meta's Smart Glasses I regret to inform you Meta's new smart glasses are the best I've ever tried Parents outraged as Meta uses photos of schoolgirls in ads targeting man Windows 10 EOL coming soon Trump's $100,000 Visa Fee Spurs Confusion and Chaos 4Chan, MAGAs unite in 'clog the toilet' op to block H-1B workers flying back iPhone Air review: Thinness with a point Phone batteries are getting more compact, but the US is missing out A MacBook Pro touchscreen? About damn time TikTok deal will be signed soon, with U.S. control of algorithm, White House says By some measures, TikTok has grown bigger than Facebook or Instagram in the US Two UK teens charged in connection to Scattered Spider ransomware attacks Teen Suspect Surrenders in 2023 Las Vegas Casino Cyberattack Case - Casino.org Jaguar Land Rover extends its production shutdown after a cyberattack discovered in late August, and says efforts to reboot production safely "will take time" ctrl/tinycolor and 40+ NPM Packages Compromised - StepSecurity Never steal a hacker's girlfriend's phone: How an expert exposed a global network of thieves Revealed: the huge growth of Myanmar scam centres that may hold 100,000 trafficked people Pope Leo XIV Rejects a proposal by a Catholic organization to create an "AI Pope Leo" avatar Ig Winners Host: Leo Laporte Guests: Devindra Hardawar, Fr. Robert Ballecer, SJ, and Nicholas De Leon Download or subscribe to This Week in Tech at https://twit.tv/shows/this-week-in-tech Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: uscloud.com smarty.com/twit ZipRecruiter.com/twit helixsleep.com/twit zscaler.com/security

Is strapping notifications to your face the next frontier, or just tech gone too far? Dive into a lively, sometimes skeptical discussion on Meta's AR glasses, social media's shifting power, the fate of TikTok, and how AI is quietly rewriting the rules, whether we like it or not. Seeing Through the Reality of Meta's Smart Glasses I regret to inform you Meta's new smart glasses are the best I've ever tried Parents outraged as Meta uses photos of schoolgirls in ads targeting man Windows 10 EOL coming soon Trump's $100,000 Visa Fee Spurs Confusion and Chaos 4Chan, MAGAs unite in 'clog the toilet' op to block H-1B workers flying back iPhone Air review: Thinness with a point Phone batteries are getting more compact, but the US is missing out A MacBook Pro touchscreen? About damn time TikTok deal will be signed soon, with U.S. control of algorithm, White House says By some measures, TikTok has grown bigger than Facebook or Instagram in the US Two UK teens charged in connection to Scattered Spider ransomware attacks Teen Suspect Surrenders in 2023 Las Vegas Casino Cyberattack Case - Casino.org Jaguar Land Rover extends its production shutdown after a cyberattack discovered in late August, and says efforts to reboot production safely "will take time" ctrl/tinycolor and 40+ NPM Packages Compromised - StepSecurity Never steal a hacker's girlfriend's phone: How an expert exposed a global network of thieves Revealed: the huge growth of Myanmar scam centres that may hold 100,000 trafficked people Pope Leo XIV Rejects a proposal by a Catholic organization to create an "AI Pope Leo" avatar Ig Winners Host: Leo Laporte Guests: Devindra Hardawar, Fr. Robert Ballecer, SJ, and Nicholas De Leon Download or subscribe to This Week in Tech at https://twit.tv/shows/this-week-in-tech Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: uscloud.com smarty.com/twit ZipRecruiter.com/twit helixsleep.com/twit zscaler.com/security

A cyberattack disrupts European airports, a Scattered Spider member turns himself in to US authorities, the Pentagon hires a new cyber policy leader and two Russian APTs work together for the first time. Show notes Risky Bulletin: Cyberattack disrupts airports across Europe

Is strapping notifications to your face the next frontier, or just tech gone too far? Dive into a lively, sometimes skeptical discussion on Meta's AR glasses, social media's shifting power, the fate of TikTok, and how AI is quietly rewriting the rules, whether we like it or not. Seeing Through the Reality of Meta's Smart Glasses I regret to inform you Meta's new smart glasses are the best I've ever tried Parents outraged as Meta uses photos of schoolgirls in ads targeting man Windows 10 EOL coming soon Trump's $100,000 Visa Fee Spurs Confusion and Chaos 4Chan, MAGAs unite in 'clog the toilet' op to block H-1B workers flying back iPhone Air review: Thinness with a point Phone batteries are getting more compact, but the US is missing out A MacBook Pro touchscreen? About damn time TikTok deal will be signed soon, with U.S. control of algorithm, White House says By some measures, TikTok has grown bigger than Facebook or Instagram in the US Two UK teens charged in connection to Scattered Spider ransomware attacks Teen Suspect Surrenders in 2023 Las Vegas Casino Cyberattack Case - Casino.org Jaguar Land Rover extends its production shutdown after a cyberattack discovered in late August, and says efforts to reboot production safely "will take time" ctrl/tinycolor and 40+ NPM Packages Compromised - StepSecurity Never steal a hacker's girlfriend's phone: How an expert exposed a global network of thieves Revealed: the huge growth of Myanmar scam centres that may hold 100,000 trafficked people Pope Leo XIV Rejects a proposal by a Catholic organization to create an "AI Pope Leo" avatar Ig Winners Host: Leo Laporte Guests: Devindra Hardawar, Fr. Robert Ballecer, SJ, and Nicholas De Leon Download or subscribe to This Week in Tech at https://twit.tv/shows/this-week-in-tech Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: uscloud.com smarty.com/twit ZipRecruiter.com/twit helixsleep.com/twit zscaler.com/security

V této epizodě řešíme kyberútok na Collins Aerospace, který způsobil chaos na největších evropských letištích, červa Shai-Hulud šířícího se přes NPM balíčky, únik dat zákazníků značek Gucci, Balenciaga a Alexander McQueen, špionážní kampaň UNC1549 mířící na telekomunikace a také zatčení mladých hackerů ze skupiny Scattered Spider.

Unveiling the Ransomware Ecosystem with Tammy Harper In this compelling episode, Jim is joined by Tammy Harper from Flair.io to re-air one of their most popular and insightful episodes. Dive into the intricate world of ransomware as Tammy, a seasoned threat intelligence researcher, provides an in-depth introduction to the ransomware ecosystem. Explore the basics and nuances of ransomware, from its origins to its modern-day complexities. Tammy discusses not only the operational structures and notable ransomware groups like Conti, LockBit, and Scattered Spider, but also the impact and evolution of ransomware as a service. She also elaborates on ransomware negotiation tactics and how initial access brokers operate. This episode is packed with invaluable information for anyone looking to understand the cybercrime underground economy. Don't forget to leave your questions in the comments, and they might be addressed in future episodes! 00:00 Introduction and Episode Re-Run Announcement 00:29 Guest Introduction: Tammy Harper from Flair io 00:41 Exploring the Dark Web and Ransomware 02:21 Tammy Harper's Background and Expertise 03:40 Understanding the Ransomware Ecosystem 04:02 Ransomware Business Models and Initial Access Brokers 07:08 Double and Triple Extortion Tactics 11:23 History of Ransomware: From AIDS Trojan to WannaCry 13:02 The Rise of Ransomware as a Service (RaaS) 19:41 Conti: The Ransomware Giant 26:17 Conti's Tools of the Trade: EMOTET, ICEDID, and TrickBot 32:05 The Conti Leaks and Their Impact 34:04 LockBit and the Ransomware Cartel 37:07 National Hazard Agency: A Subgroup of LockBit 38:17 Release of Volume Two and Its Impact 39:08 Details of the Training Manual 40:52 Ransomware Negotiations 41:28 Ransom Chat Project 42:27 Conti vs. LockBit Negotiation Tactics 43:30 Professionalism in Ransomware Operations 47:07 Ransomware Chat Simulation 48:03 Ransom Look Project 49:11 Current Ransomware Landscape 50:32 Infiltration and Research Methods 51:47 Profiles of Emerging Ransomware Groups 01:05:21 Initial Access Market 01:10:26 Future of Ransomware and Law Enforcement Efforts 01:13:14 Conclusion and Final Thoughts

OpenAI patches a ChatGPT flaw that could have exposed Gmail data. CISA documents malware exploiting two Ivanti Endpoint Manager Mobile (EPMM) flaws. WatchGuard patches a critical flaw in its Firebox firewalls. MI6 launches a dark web snitch site. The DoD looks to cut its cybersecurity job hiring time just 25 days. Researchers trick ChatGPT agents into solving CAPTCHAs. A UK teen faces accusations of being part of the Scattered Spider gang. The Senate confirms a new assistant secretary of defense for cyber policy. A former CIA officer is accused of selling classified information to private clients. Karin Ophir Zimet, Torq's Chief People Officer, is speaking with N2K Senior Workforce Analyst Will Markow about their internship program for upleveling AI skills. Russia's AI propaganda goes prime time.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Karin Ophir Zimet, Torq's Chief People Officer, is speaking with N2K Senior Workforce Analyst Will Markow about their internship program for upleveling AI skills. Selected Reading OpenAI Fixed ChatGPT Security Flaw That Put Gmail Data at Risk (Bloomberg) CISA Analyzes Malware From Ivanti EPMM Intrusions (SecurityWeek) WatchGuard Issues Fix for 9.3-Rated Firebox Firewall Vulnerability (HackRead) MI6 upgrades dark web portal to recruit new spies (The Register) DOD official: We need to drop the cybersecurity talent hiring window to 25 days (CyberScoop) ChatGPT Tricked Into Solving CAPTCHAs (SecurityWeek) Scattered Spider teen cuffed after crypto splurge on games (The Register) Senate confirms Sutton as Pentagon cyber policy chief (The Record) Contractor Used Classified CIA Systems as ‘His Own Personal Google' (404 Media) Russian State TV Launches AI-Generated News Satire Show (404 Media) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Google patches sixth Chrome zero-day exploited in attacks this year Microsoft to force install the Microsoft 365 Copilot app in October Two more Scattered Spider teen suspects arrested Huge thanks to our sponsor, Drata Leading security teams trust SafeBase by Drata to turn trust into a growth engine. Our enterprise-grade Trust Center puts your security posture in one secure, customer-facing portal, giving buyers instant visibility into your company's continuous controls, certifications, and policies. With AI-powered Questionnaire Assistance, blast through inbound security questionnaires in minutes instead of days, automate cross functional workflows, and eliminate friction. That means less manual work, and faster deal cycles. Win with Trust. Learn more at SafeBase.io. Find the stories behind the headlines at CISOseries.com.

Javvad Malik and Erich Kron are back with tea, shade, and tech news, taking on three fresh cyber disasters that are making folks sweat: JLR's Cyber Chaos: A hack shut down Jaguar Land Rover's IT & production lines, and now its supply chain workers are being told to apply for Universal Credit. When “just a hack” looks more like a national employment crisis.  Teenagers + Scattered Spider = TfL Attack Fallout: Two teens are now charged for allegedly being part of the Scattered Spider crew that hacked Transport for London last August. From Oyster cards to APIs—this one's got lots of teeth.  SonicWall: “Oops, Backups Leaked (a Little Bit)”: Under 5% of SonicWall users impacted by exposed firewall backup prefs. Credentials were encrypted but still, enough info was accessible to give attackers a run for their money. Reset everything. Like now.  Buckle up: we'll laugh, we'll cringe, and we'll figure out what this means for real people doing real work in security. ---------------------------------------------------------------------------- Stories from the show: JLR hack could see thousands laid off - MP https://www.bbc.com/news/articles/cwyrqxj3eqqo U.K. Arrests Two Teen Scattered Spider Hackers Linked to August 2024 TfL Cyber Attack https://thehackernews.com/2025/09/uk-arrest-two-teen-scattered-spider.html SonicWall Urges Password Resets After Cloud Backup Breach Affecting Under 5% of Customers https://thehackernews.com/2025/09/sonicwall-urges-password-resets-after.html  

The U.S. Department of Justice on Thursday unsealed federal charges against British teenager Thalha Jubair, who prosecutors accuse of being involved in at least 120 cyberattacks, including the U.S. Courts system, and the extortion of dozens of U.S. companies.  In other news, Every now and then, researchers at the biggest tech companies drop a bombshell. There was the time Google said its latest quantum chip indicated multiple universes exist. Or when Anthropic gave its AI agent Claudius a snack vending machine to run and it went amok, calling security on people, and insisting it was human. This week, it was OpenAI's turn to raise our collective eyebrows. Learn more about your ad choices. Visit podcastchoices.com/adchoices

America's Government Accountability Office says the Pentagon employs more than 70,000 cyber personnel, hackers steal SonicWall firewall configs, DeepSeek returns insecure code for groups China doesn't like, and two Scattered Spider members arrested in the UK. Show notes Risky Bulletin: Pentagon has +70K cyber staff, and a lot of overlap

Insight Partners warns thousands after ransomware breach Scattered Spider gang feigns retirement, breaks into bank instead Consumer Reports calls Microsoft 'hypocritical'  Huge thanks to our sponsor, Drata Leading security teams trust SafeBase by Drata to turn trust into a growth engine. Our enterprise-grade Trust Center puts your security posture in one secure, customer-facing portal, giving buyers instant visibility into your company's continuous controls, certifications, and policies. With AI-powered Questionnaire Assistance, blast through inbound security questionnaires in minutes instead of days, automate cross functional workflows, and eliminate friction. That means less manual work, and faster deal cycles. Win with Trust. Learn more at SafeBase.io.

If you like what you hear, please subscribe, leave us a review and tell a friend!Microsoft and Windows updates are causing disruptions and upcoming end-of-support for Windows 10 and Exchange 2016/2019, while cyber threats continue with supply chain attacks, phishing networks, and ransomware affecting organizations from npm developers to Jaguar Land Rover. High-profile threat actors like Scattered Spider and malware campaigns like RaccoonO365 highlight the persistent risks to financial sectors and sensitive data, with law enforcement and tech companies actively dismantling malicious networks.

Welcome back to To the Point Cybersecurity Podcast! In this week's episode, hosts Rachael Lyon and Jonathan Knepher are joined by the brilliant Dr. Margaret Cunningham, Technical Director for Security and AI Strategy at Darktrace. With a PhD in Applied Experimental Psychology and multiple patents to her name, Dr. Cunningham is a leading voice in human-centered security, behavioral analytics, and the ever-evolving intersection of people and technology. Together, the trio dives into the fast-changing landscape of AI-driven threats—think voice cloning, deepfakes, and sophisticated social engineering attacks that challenge every notion of trust and identity. From the real-world dangers of phone scams using cloned voices, to high-profile incidents like the Coinbase insider threat and the rise of groups like Scattered Spider, you'll hear stories that illuminate both the risks and solutions shaping today's enterprise security. They explore the future (and limits) of authentication, the importance—and pitfalls—of data collection, and why behavioral analytics are more crucial than ever in spotting anomalies. Dr. Cunningham also shares insights on transparency, industry responses, and the human factors that make cybersecurity so complex and fascinating. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e350

In this episode, Richard completes his 2 part series on hacking group Scattered Spider.

In this edition of Between Two Nerds, Tom Uren and The Grugq talk about how the teenage hacking groups Scattered Spider, Lapsus$ and Shiny Hunters are collaborating. They examine whether this is bad news and what will it take to slow these wrecking crews down. Plus, how teenage hackers are like goldfish. This episode is also available on Youtube. Show notes The Register, Three notorious cybercrime gangs appear to be collaborating Between Two Nerds episode 103 Sponsor interview with Brett Winterford from Okta

The Cybercrime Magazine Podcast brings you daily cybercrime news on WCYB Digital Radio, the first and only 7x24x365 internet radio station devoted to cybersecurity. Stay updated on the latest cyberattacks, hacks, data breaches, and more with our host. Don't miss an episode, airing every half-hour on WCYB Digital Radio and daily on our podcast. Listen to today's news at https://soundcloud.com/cybercrimemagazine/sets/cybercrime-daily-news. Brought to you by our Partner, Evolution Equity Partners, an international venture capital investor partnering with exceptional entrepreneurs to develop market leading cyber-security and enterprise software companies. Learn more at https://evolutionequity.com

Apple urges iPhone, iPad and Mac update ASAP Scattered Spider operative gets 10 years and a big fine Microsoft seeks customer feedback on SSD failure issues Huge thanks to our sponsor, Conveyor Does logging into a portal security questionnaire feel like punishment? We get it. Other solutions offer browser extensions that require you to do all the copy-pasting. It's slow, tedious, and frustrating. Conveyor takes care of it for you. Our AI auto-scrolls, finds every question, and fills in accurate answers—all automatically. Oh, and our AI completes security questionnaires of any format, not just portals. Visit www.conveyor.com to learn more. Find the stories behind the headlines at CISOseries.com.

Zero-day clickjacking flaws affect major password managers. The FBI warns that Russian state-backed hackers are exploiting a long-known Cisco flaw. Apple releases emergency patches for a zero-day flaw in the Image I/O framework. Home Depot faces a proposed class action lawsuit accusing it of secretly using facial recognition at self-checkout kiosks. A VPN browser extension has been exposed for secretly spying on users. Browser fingerprinting overtakes cookies as the dominant method of online tracking. Agentic AI browsers prove easily scammed. A Scattered Spider member earns 10 years in federal prison. Ron Zayas, CEO of Ironwall by Incogni, to discuss the massive data sharing and privacy risks in the leading Buy Now Pay Later apps. An Australian bank's AI cutbacks are put on permanent hold. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Ron Zayas, CEO of Ironwall by Incogni, to discuss the massive data sharing and privacy risks in the leading Buy Now Pay Later apps. Tune in to hear the full conversation on Caveat. Selected Reading Researcher Exposes Zero-Day Clickjacking Vulnerabilities in Major Password Managers (Socket) FBI warns of Russian hackers exploiting 7-year-old Cisco flaw (Bleeping Computer) Apple fixes new zero-day flaw exploited in targeted attacks (Bleeping Computer) Home Depot Sued for 'Secretly' Using Facial Recognition Technology on Self-Checkout Cameras (PetaPixel) SpyVPN: The Google-Featured VPN That Secretly Captures Your Screen (Koi Blog) Beyond cookies: browser fingerprinting in 2025 (PITG Network) "Scamlexity": When Agentic AI Browsers Get Scammed (Guardio) SIM-Swapper, Scattered Spider Hacker Gets 10 Years (Krebs on Security) Commonwealth Bank backtracks on AI job cuts, apologises for 'error' as call volumes rise (ABC News) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

If you like what you hear, please subscribe, leave us a review and tell a friend!

Microsoft restricts Chinese firms' access to its MAPP program, Apple patches a zero-day used in the wild, a Scattered Spider member gets 10 years in prison, and a new exploit broker pops up in the UAE. Show notes Risky Bulletin: A decade later, Russian hackers are still using SYNful Knock, and it's still working

In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community. • Recent reporting from DataBreaches has added yet another twist to the attribution puzzle between Scattered Spider and ShinyHunters. https://databreaches.net/2025/08/03/are-scattered-spider-and-shinyhunters-one-group-or-two-and-who-did-france-arrest/• A recent disclosure on the oss-security mailing list detailed a set of 11 vulnerabilities in the Linux kernel's eBPF subsystem, originally reported by security researcher “Van1sh” to both the kernel security team and the linux-distros list on July 19. https://www.openwall.com/lists/oss-security/2025/08/03/1• Microsoft's Microsoft Active Protections Program, or MAPP, is designed to shorten the time between vulnerability discovery and patch deployment by giving trusted security vendors early access to vulnerability details. https://nattothoughts.substack.com/p/when-privileged-access-falls-into• US law enforcement, in coordination with multiple international partners, has taken action against the BlackSuit ransomware group — also known as Royal — resulting in the seizure of four servers, nine domains, and approximately $1 million in cryptocurrency. https://www.darkreading.com/vulnerabilities-threats/blacksuit-ransomware-infrastructure-law-enforcementSupport our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform. This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io.

In this episode of Defending The Edge Podcast with Defendedge, we're diving into AI data leaks to nuclear security breaches, the ChatGPT privacy incident, the Tea app hack, Scattered Spider's latest resurgence, and a critical SharePoint zero-day that hit a U.S. nuclear agency. Join us as we discuss all of these topics and more.

This year at Black Hat, the topic of AI was everywhere — from hallway chats to the expo floor. Adam and Cristian took a break from the action for a rare in-person conversation about how adversaries are weaponizing AI, how defenders are using agentic AI, and what we should all be thinking about as AI evolves as an offensive and defensive tool. The AI threat is real, and advanced adversaries in particular are using it to their advantage. They're improving the wording in social engineering attacks, creating deepfakes in fraudulent job interviews, and targeting victims on a more personal level. FAMOUS CHOLLIMA is an example of one adversary “using it for everything,” the hosts say. SCATTERED SPIDER is another adversary to watch. On the other side, defenders are adopting agentic AI to expedite their response. Adam and Cristian explore the importance of protecting AI workloads, the potential for insider threats with AI models, and the growing need for AI governance and security guardrails. If AI is monitoring security services, they ask, who guards the guardian? Tune in for an in-depth conversation on what AI is really capable of — and stick around for a sneak peek of an upcoming guest episode, where a guest joins to discuss young adversaries moving from online gaming to organized cybercrime.

Link to episode page This week's Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Steve Zalewski, co-host, Defense in Depth Thanks to our show sponsor, Vanta Do you know the status of your compliance controls right now? Like…right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines All links and the video of this episode can be found on CISO Series.com    

Social engineering attacks are becoming more sophisticated, and this episode of The Backup Wrap-up explores real-world tactics through our Mr. Robot series analysis. Curtis and Prasanna examine how social engineering works, from Instagram stalking to phone compromise, and discuss actual ransomware groups like Scattered Spider who use social engineering to impersonate employees and reset passwords. We break down the hospital hacking scene, revealing how underfunded IT departments create vulnerabilities that social engineering attacks exploit. The episode also covers email security, backup system risks, and the Sony hack parallels shown in the series. Learn how to protect your organization from social engineering by understanding what information to keep private, how to properly fund cybersecurity, and why your backup systems need protection from social engineering tactics.

If you like what you hear, please subscribe, leave us a review and tell a friend!

This episode covers three critical cybersecurity developments affecting healthcare organizations. First, FBI warnings about Scattered Spider ransomware group targeting employees through Slack and Microsoft Teams, including their alarming tactic of creating fake identities to join incident response calls and monitor remediation efforts. Second, leaked chat logs from the Conti ransomware group reveal these criminal organizations operate like structured tech startups with HR policies, management layers, and performance reviews - highlighting the sophisticated nature of modern cyber threats. Finally, CrowdStrike intelligence reveals over 900 North Korean operatives have quietly embedded themselves in US companies using deepfakes and fake identities, wiring paychecks back to the regime. The episode also mentions CISA's new free Thorium tool for malware analysis and forensic investigations.X: This Week Health LinkedIn: This Week Health Donate: Alex's Lemonade Stand: Foundation for Childhood Cancer

In the first half of 2025 alone, cloud intrusions were up 136% compared to all of 2024. China was a big driver — CrowdStrike saw a 40% year-over-year surge in intrusions from suspected cloud-conscious China-nexus threat actors. In the government sector, interactive intrusions increased 71%, and targeted intrusion activity jumped 185%.   The CrowdStrike OverWatch threat hunting team has a firsthand look at how adversaries are changing their techniques. In the CrowdStrike 2025 Threat Hunting Report, published today, the team shares observations, trends, and shifts seen in its threat hunting and adversary engagements over the past 12 months.   In this episode, Adam and Cristian dive deep into the report's key findings and put them into context. They explore why the use of malware is going down (and why it won't go away), unpack the rise in government intrusions, and explain the role of generative AI (GenAI) in today's threat landscape. They examine the rise of prolific adversaries such as SCATTERED SPIDER and FAMOUS CHOLLIMA and discuss the techniques organizations can use to stop them.   Below are more key stats from this year's report: 73% of all interactive intrusions were eCrime 81% of interactive intrusions were malware-free In the first half of 2025, voice phishing (vishing) attacks surpassed the total number seen in 2024 FAMOUS CHOLLIMA insiders infiltrated 320+ companies in the last 12 months — a 220% year-over-year increase — by using GenAI throughout hiring and employment   Download the report to learn more.   Links:  

A critical vulnerability in SUSE [SOO-suh] Manager allows attackers to run commands with root privilege. A joint CISA and U.S. Coast Guard threat hunt at a critical infrastructure site reveals serious cybersecurity issues. Healthcare providers across the U.S. report recent data breaches. Cybercriminals infiltrate a bank by physically planting a Raspberry Pi on a network switch. Russian state-backed hackers target Moscow diplomats to deploy ApolloShadow malware. Luxembourg investigates a major telecom outage tied to Huawei equipment. China's cyberspace regulator summons Nvidia over alleged security risks linked to its H20 AI chips. A new report examines early indicators of system compromise. Today we are joined by Ryan Whelan, Managing Director and Global Head of Accenture Cyber Intelligence, with their analysis of Scattered Spider. Pwn2Own puts a million dollar bounty on WhatsApp zero-clicks. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire GuestOur guest today is Ryan Whelan, Managing Director and Global Head of Accenture Cyber Intelligence, discussing the possibilities of Scattered Spider. Selected Reading Critical flaw in SUSE Manager exposes enterprise deployments to compromise (Beyond Machines) CISA identifies OT configuration flaws during cyber threat hunt at critical infrastructure organization, lists cyber hygiene (Industrial Cyber) CISA Issues ICS Advisories for Rockwell Automation Using VMware, and Güralp Seismic Monitoring Systems (Cyber Security News) Florida Internal Medicine Practices Discloses November 2024 Data Breach (HIPAA Journal) Cybercrooks use Raspberry Pi to steal ATM cash (The Register) Russian Cyberspies Target Foreign Embassies in Moscow via AitM Attacks: Microsoft (SecurityWeek) Luxembourg probes reported attack on Huawei tech that caused nationwide telecoms outage (The Record) Nvidia summoned by China's cyberspace watchdog over risks in H20 chips (CGTN) Hackers Regularly Exploit Vulnerabilities Before Public Disclosure (Infosecurity Magazine) Pwn2Own hacking contest pays $1 million for WhatsApp exploit (Bleeping Computer) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Scattered Spider Related Domain Names A quick demo of our domain feeds and how they can be used to find Scattered Spider related domains https://isc.sans.edu/diary/Scattered+Spider+Related+Domain+Names/32162 Excel External Workbook Links to Blocked File Types Will Be Disabled by Default Excel will discontinue allowing links to dangerous file types starting as early as October. https://support.microsoft.com/en-us/topic/external-workbook-links-to-blocked-file-types-will-be-disabled-by-default-6dd12903-0592-463d-9e68-0741cf62ee58 CISA Releases Thorium CISA announced that it released its malware analysis platform, Thorium, as open-source software. https://www.cisa.gov/news-events/alerts/2025/07/31/thorium-platform-public-availability

In this week's episode, Joe McNamara and John Byrne examine significant shifts in the regulatory landscape, starting with a tribute to compliance leader Anna Rentschler. They dive into concerning changes to FCPA enforcement guidance that critics say abandons universal ethical standards, the OCC's unusual LinkedIn post signaling increased risk tolerance for banks, and growing threats to the Corporate Transparency Act. The discussion moves internationally to cover the UK's crypto asset sanctions compliance findings, the EU's latest money laundering risk assessment highlighting fintech vulnerabilities, and an FBI advisory on the Scattered Spider cybercriminal group.

A sweeping malware campaign by North Korea's Lazarus Group targets open source ecosystems. President Trump announces a new electronic health records system. A new report reveals deep ties between Chinese state-sponsored hackers and Chinese tech companies. Researchers describe a new prompt injection threat targeting LLMs via browser extensions. Palo Alto Networks' Unit 42 proposes a new Attribution Framework. Honeywell patches six vulnerabilities in its Experion Process Knowledge System. Researchers track the rapid evolution of a sophisticated Android banking trojan. Scattered Spider goes quiet following recent arrests. Our guests are Jermaine Roebuck and Ann Galchutt from CISA, discussing "Open-Source Eviction Strategies Tool for Cyber Incident Response." A Polish trainmaker sues hackers for fixing trains. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Jermaine Roebuck, Associate Director for Threat Hunting at CISA and Ann Galchutt, Technical Lead at CISA, who will be discussing "Open-Source Eviction Strategies Tool for Cyber Incident Response." Selected Reading Sonatype uncovers global espionage campaign in open source ecosystems (Sonatype) Trump administration is launching a new private health tracking system with Big Tech's help (AP News) Report Links Chinese Companies to Tools Used by State-Sponsored Hackers (SecurityWeek) Top 5 GenAI Tools Vulnerable to Man-in-the-Prompt Attack, Billions Could Be Affected (LayerX) Introducing Unit 42's Attribution Framework (Unit42) Honeywell Experion PKS Flaws Allow Manipulation of Industrial Processes (SecurityWeek) Behind Random Words: DoubleTrouble Mobile Banking Trojan Revealed Cybercriminals ‘Spooked' After Scattered Spider Arrests (Infosecurity Magazine) Polish Train Maker Is Suing the Hackers Who Exposed Its Anti-Repair Tricks (iFixit) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Securing Firebase: Lessons Re-Learned from the Tea Breach Inspried by the breach of the Tea app, Brendon Evans recorded a video to inform of Firebase security issues https://isc.sans.edu/diary/Securing%20Firebase%3A%20Lessons%20Re-Learned%20from%20the%20Tea%20Breach/32158 WebKit Vulnerability Exploited before Apple Patch A WebKit vulnerablity patched by Apple yesterday has already been exploited in Google Chrome. Google noted the exploit with its patch for the same vulnerability in Chrome. https://nvd.nist.gov/vuln/detail/CVE-2025-6558 Scattered Spider Update CISA released an update for its report on Scattered Spider, noting that the group also calls helpdesks impersonating users, not just the other way around. https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-320a

In this special episode of Hacking Humans, while Joe and Maria take a well-earned summer break, we're joined by a special guest host: Rob Allen, Chief Product Officer at ThreatLocker. Rob dives into the tactics and profile of the cybercriminal group known as Scattered Spider—a crew that's gained notoriety for its cunning use of social engineering over traditional hacking techniques. Known for being young, agile, and highly manipulative, Scattered Spider has successfully bypassed security measures not by breaking systems, but by fooling the people who use them. Tune in for a fascinating breakdown of how this group operates and what you can do to defend against them. A listener caught this catch of the day on campus—an email claiming a “salary increase” and urging them to click a sketchy link. It came from outside the company, was riddled with grammar issues, and asked for info HR should already have. Complete our annual ⁠⁠⁠⁠audience survey⁠⁠⁠⁠ before August 31. Resources and links to stories: ⁠⁠Scattered Spider weaves web of social-engineered destruction ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Have a Catch of the Day you'd like to share? Email it to us at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠hackinghumans@n2k.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠.

Officials in St. Paul, Minnesota declare a state of emergency following a cyberattack. Hackers disrupt a major French telecom. A power outage causes widespread service disruptions for cloud provider Linode. Researchers reveal a critical authentication bypass flaw in an AI-driven app development platform. A new study shows AI training data is chock full of PII. Fallout continues for the Tea dating safety app. Hackers are actively exploiting a critical SAP NetWeaver vulnerability to deploy malware. CISA and the FBI update their Scattered Spider advisory. A Florida prison exposes personal information of visitors to all of its inmates. Our guest today is Keith Mularski, Chief Global Ambassador at Qintel, retired FBI Special Agent, and co-host of Only Malware in the Building. CISA and Senator Wyden come to terms —mostly— over the long-buried US Telecommunications Insecurity Report.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest today is Keith Mularski, Chief Global Ambassador at Qintel, retired FBI Special Agent, and co-host of Only Malware in the Building discussing what it's like to be the new host on the N2K CyberWire network and giving a glimpse into some upcoming episodes. You can catch Keith and his co-hosts Selena Larson, Staff Threat Researcher and Lead, Intelligence Analysis and Strategy at Proofpoint, and our own Dave Bittner the first Tuesday of each month on your favorite podcast app with new episodes of Only Malware. Selected Reading Major cyberattack hits St. Paul, shuts down many services (Star Tribune) French telecom giant Orange discloses cyberattack (Bleeping Computer) Power Outage at Newark Data Center Disrupts Linode, Took LWN Offline (FOSS Force) Critical authentication bypass flaw reported in AI coding platform Base44 (Beyond Machines) A major AI training data set contains millions of examples of personal data (MIT Technology Review) Dating safety app Tea suspends messaging after hack (BBC) Hackers exploit SAP NetWeaver bug to deploy Linux Auto-Color malware (Bleeping Computer) CISA and FBI Release Tactics, Techniques, and Procedures of the Scattered Spider Hacker Group (gb hackers) Florida prison data breach exposes visitors' contact information to inmates (Florida Phoenix) CISA to release long-buried US telco security report (The Register) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this Special Edition episode of the Threat Vector podcast with an update on our previous Muddled Libra coverage. Muddled Libra is back and more dangerous than ever. In this episode of Threat Vector, David Moulton speaks with Sam Rubin and Kristopher Russo from Unit 42 about the resurgence of the threat group also known as Scattered Spider. They break down the group's shift to destructive extortion, modular attack teams, and cloud-first tactics. Discover why traditional defenses fail, how attackers now exploit trusted tools, and what forward-leaning security leaders are doing to stay ahead. With real-world case studies, strategic advice, and insights from the front lines, this episode helps defenders understand today's threat landscape and what's coming next. Join the conversation on our social media channels: Website: ⁠⁠⁠⁠https://www.paloaltonetworks.com/ Threat Research: ⁠⁠⁠⁠https://unit42.paloaltonetworks.com/⁠⁠⁠⁠ Facebook: ⁠⁠⁠⁠https://www.facebook.com/LifeatPaloAltoNetworks/⁠⁠⁠⁠ LinkedIn: ⁠⁠⁠⁠https://www.linkedin.com/company/unit42/⁠⁠⁠⁠ YouTube: @paloaltonetworks Twitter: ⁠⁠⁠⁠https://twitter.com/PaloAltoNtwks⁠⁠⁠⁠ About Threat Vector Threat Vector by Palo Alto Networks is your premier podcast for security thought leadership. Join us as we explore pressing cybersecurity threats, robust protection strategies, and the latest industry trends. The podcast features in-depth discussions with industry leaders, Palo Alto Networks experts, and customers, providing crucial insights for security decision-makers. Whether you're looking to stay ahead of the curve with innovative solutions or understand the evolving cybersecurity landscape, Threat Vector equips you with the knowledge needed to safeguard your organization. Palo Alto Networks Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile. ⁠http://paloaltonetworks.com Learn more about your ad choices. Visit megaphone.fm/adchoices

Risky Biz returns after two weeks off, and there sure is cybersecurity news to catch up on. Patrick Gray and Adam Boileau discuss: Microsoft tried to make outsourcing the Pentagon's cloud maintenance to China okay (it was not) She shells Sharepoint by the sea-shore (by ‘she' we mean ‘China') Four (alleged) Scattered Spider members arrested (and bailed) in the UK Hackers spend $2700 to buy creds for a Brazilian payment system, steal $100M Fortinet has SQLI in the auth header, Citrix mem leak is weaponised, HP hardcodes creds and Sonicwalls get user-moderootkits. Just security vendor things! This week's episode is sponsored by Airlock Digital. CEO David Cottingham talks through what it takes to build a mature, resilient management platform for a security critical system. This episode is also available on Youtube. Show notes Update on DOD's cloud services Microsoft to stop using engineers in China for tech support of US military, Hegseth orders review A Little-Known Microsoft Program Could Expose the Defense Department to Chinese Hackers While DOD policy bans unauthorized apps like TikTok from being on employees phones over national security risks Microsoft Fix Targets Attacks on SharePoint Zero-Day – Krebs on Security National Guard was hacked by China's 'Salt Typhoon' group, DHS says Suspected contractor for China's Hafnium group arrested in in Italy | Cybersecurity Dive Singapore accuses Chinese state-backed hackers of attacking critical infrastructure networks | The Record from Recorded Future News UK Arrests Four in ‘Scattered Spider' Ransom Group – Krebs on Security Four people bailed after arrests over cyber attacks on M&S, Co-op and Harrods Brazilian police arrest IT worker over $100 million cyber theft | The Record from Recorded Future News At Least 750 US Hospitals Faced Disruptions During Last Year's CrowdStrike Outage, Study Finds | WIRED Hacker returns cryptocurrency stolen from GMX exchange after $5 million bounty payment | The Record Indian crypto exchange CoinDCX says $44 million stolen from reserves | The Record Chainalysis: $2.17 billion in crypto stolen in first half of 2025, driven by North Korean hacks | The Record PoisonSeed bypassing FIDO keys to ‘fetch' user accounts Risky Bulletin: Browser extensions hijacked for web scraping botnet A Startup is Selling Data Hacked from Peoples' Computers to Debt Collectors A surveillance vendor was caught exploiting a new SS7 attack to track people's phone locations | TechCrunch Ukrainian hackers wipe databases at Russia's Gazprom in major cyberattack, intelligence source says File transfer company CrushFTP warns of zero-day exploit seen in the wild | The Record HPE warns of hardcoded passwords in Aruba access points Pre-Auth SQL Injection to RCE - Fortinet FortiWeb Fabric Connector (CVE-2025-25257) Researchers, CISA confirm active exploitation of critical Citrix Netscaler flaw | Cybersecurity Dive Google finds custom backdoor being installed on SonicWall network devices - Ars Technica Hackers Can Remotely Trigger the Brakes on American Trains and the Problem Has Been Ignored for Years

This week, we are pleased to be joined by ⁠George Glass⁠, Associate Managing Director of ⁠Kroll⁠'s Cyber Risk business, as he is discussing their research on Scattered Spider and their targeting of insurance companies. While Scattered Spider has recently turned its attention to the airline industry, George focuses on the broader trend of the group's industry-by-industry approach and what that means for defenders across sectors. George and Dave discuss the group's history, their self-identification as a cartel, and their increasingly aggressive tactics, including the use of fear-based social engineering, physical threats, and the recruitment of insiders at telecom providers. They also examine how organizations—especially those with vulnerabilities similar to past targets—can proactively defend against this threat and prepare an effective response if their industry becomes the next focus. Complete our annual ⁠⁠audience survey⁠⁠ before August 31. Learn more about your ad choices. Visit megaphone.fm/adchoices

British and Romanian authorities make arrests in a major tax fraud scheme. The Interlock ransomware gang has a new RAT. A new vulnerability in Google Gemini for Workspace allows attackers to hide malicious instructions inside emails. Suspected Chinese hackers breach a major DC law firm.  Multiple firmware vulnerabilities affect products from Taiwanese manufacturer Gigabyte Technology. Nvidia warns against Rowhammer attacks across its product line. Louis Vuitton joins the list of breached UK retailers. Indian authorities dismantle a cyber fraud gang. CISA pumps the brakes on a critical vulnerability in American train systems. Our guest is Cynthia Kaiser, SVP of Halcyon's Ransomware Research Center and former Deputy Assistant Director at the FBI's Cyber Division, with insights on Scattered Spider. Hackers ransack Elmo's World.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Cynthia Kaiser, SVP of Halcyon's Ransomware Research Center and former Deputy Assistant Director at the FBI's Cyber Division, discussing "Scattered Spider and Other Criminal Compromise of Outsourcing Providers Increases Victim Attacks." You can check out more from Halcyon here. Selected Reading Romanian police arrest 13 scammers targeting UK's tax authority (The Record) Interlock Ransomware Unleashes New RAT in Widespread Campaign (Infosecurity Magazine) Google Gemini flaw hijacks email summaries for phishing (Bleeping Computer) Chinese hackers suspected in breach of powerful DC law firm (CNN Politics) Flaws in Gigabyte Firmware Allow Security Bypass, Backdoor Deployment (Security Week) Nvidia warns of Rowhammer attacks on GPUs (The Register) Louis Vuitton UK Latest Retailer Hit by Data Breach (Infosecurity Magazine) Indian Police Raid Tech Support Scam Call Center (Infosecurity Magazine) Security vulnerability on U.S. trains that let anyone activate the brakes on the rear car was known for 13 years — operators refused to fix the issue until now (Tom's Hardware) End-of-Train and Head-of-Train Remote Linking Protocol (CISA) Hacker Makes Antisemitic Posts on Elmo's X Account (The New York Times) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Why were the Texas floods so deadly, and could more have been done to warn victims? Emily Foxhall at the Texas Tribune explores the issue. Today, a federal judge will hear new legal arguments against the Trump administration’s birthright-citizenship order. Tom Hals of Reuters tells us about the legal landscape and what to expect. Lily Hay Newman, a senior writer for Wired, takes us behind the scenes of a group of young cybercriminals called the Scattered Spider. Plus, measles has hit record levels in the U.S., Elon Musk lost his CEO at X, and the AI music going viral. Today’s episode was hosted by Shumita Basu.

President Trump publicly released tariff letters to around a dozen countries—including Japan, South Korea, Thailand, and Indonesia—warning they'll face import taxes of at least 25% starting August 1 unless they finalize new trade deals. Meanwhile, a California National Guard deployment to an empty park in LA drew backlash as a political stunt, while Customs and Border Protection issued a call for advanced surveillance tech to analyze seized digital devices. Cybersecurity experts raised alarms over Scattered Spider, a hacker group targeting U.S. infrastructure using phishing and impersonation tactics. The DOJ and FBI released a memo denying any Epstein “client list” or foul play in his prison death—despite past contradictions—including new (but suspect) footage. Physician groups are suing HHS Secretary RFK Jr. over new federal COVID vaccine recommendations, and the Trump administration says a U.S.-friendly version of TikTok is on track to launch September 5 as part of a deal to avoid a full ban. Resources/Articles mentioned in this episode: NYT: Here Are Trump's New Tariff Threats  AP News: Troops and federal agents briefly descend on LA's MacArthur Park in largely immigrant neighborhood Wired: CBP Wants New Tech to Search for Hidden Data on Seized Phones Wired: A Group of Young Cybercriminals Poses the ‘Most Imminent Threat' of Cyberattacks Right Now Axios: Exclusive: DOJ, FBI conclude Epstein had no "client list," died by suicide Axios: Docs sue RFK Jr. over COVID vax policy changes  The Verge: TikTok's ‘ban' problem could end soon with a new app and a sale  Morning Announcements is produced by Sami Sage and edited by Grace Hernandez-Johnson Learn more about your ad choices. Visit megaphone.fm/adchoices