Episodit
-
This week we are joined by Kyle Lefton, Security Researcher from Akamai, who is diving into their work on "Two Botnets, One Flaw - Mirai Spreads Through Wazuh Vulnerability." Akamai researchers have observed active exploitation of CVE-2025-24016, a critical RCE vulnerability in Wazuh, by two Mirai-based botnets.
The campaigns highlight how quickly attackers are adapting proof-of-concept exploits to spread malware, underscoring the urgency of patching vulnerable systems. One botnet appears to target Italian-speaking users, suggesting regionally tailored operations.
The research can be found here:
â Two Botnets, One Flaw: Mirai Spreads Through Wazuh Vulnerability
Learn more about your ad choices. Visit megaphone.fm/adchoices -
Hawaiian Airlines reports a cybersecurity incident. Microsoft updates its Windows Resiliency Initiative after the 2024 CrowdStrike crash. CitrixBleedâŻ2 is under active exploitation in the wild. Researchers disclose a critical vulnerability in Open VSX. Malware uses prompt injection to evade AI analysis. A new report claims Cambodia turns a blind eye to scam compounds. Senators propose a ban on AI tools from foreign adversaries. An NSA veteran is named top civilian at U.S. Cyber Command. Maria Varmazis speaks with Ian Itz from Iridium Communications on allowing IoT devices to communicate directly with satellites. One Kansas City hacker’s bold marketing campaign ends with a guilty plea.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
Our guest today is Ian Itz, Executive Director at the IoT Line of Business at Iridium Communications. Ian spoke with T-Minus Space Daily host Maria Varmazis on their Deep Space weekend show about how Iridium allows IoT devices, like sensors and trackers, to communicate directly with satellites, bypassing terrestrial infrastructure. We share an excerpt of their conversation on our show today. You can listen to the full conversation on Deep Space. And, be sure to check out T-Minus Space Daily brought to you by N2K CyberWire each weekday on your favorite podcast app.
Selected Reading
Hawaiian Airlines Hit by Cybersecurity Incident (Infosecurity Magazine)
Microsoft to Preview New Windows Endpoint Security Platform After CrowdStrike Outage (SecurityWeek)
CitrixBleed 2 Vulnerability Exploited (Infosecurity Magazine)
Vulnerability Exposed All Open VSX Repositories to Takeover (SecurityWeek)
Prompt injection in malware sample targets AI code analysis tools (SC Media)
Scam compounds labeled a 'living nightmare' as Cambodian government accused of turning a blind eye (The Record)
Bipartisan bill seeks to ban federal agencies from using DeepSeek, AI tools from ‘foreign adversaries’ (The Record)
NSA’s Patrick Ware takes over as top civilian at U.S. Cyber Command (The Record)
Man Who Hacked Organizations to Advertise Security Services Pleads Guilty (SecurityWeek)
Audience Survey
Complete our annual audience survey before August 31.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices -
Puuttuva jakso?
-
Patches, patches and more patches.A patient death has been linked to the 2023 ransomware attack on an NHS IT provider. U.S. authorities indict the man known online as “IntelBroker”. A suspected cyberattack disrupts Columbia University’s computer systems. A major license plate reader company restricts cross-state data access after reports revealed misuse of its network by police agencies. Our guest is Andy Boyd, former Director of CIA's Center for Cyber Intelligence (CCI) and currently an operating partner at AE Industrial Partners. Discounted parking as a gateway cybercrime.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
Our guest today joins us from this week’s Caveat podcast episode. Andy Boyd, former Director of CIA's Center for Cyber Intelligence (CCI) and currently an operating partner at AE Industrial Partners, a private equity firm focused on the national security and aerospace industries, joins Dave and co-host Ben Yelin to discuss offensive cyber and the United States government. You can listen to the full conversation here and catch new episodes of Caveat every Thursday on your favorite podcast app.
Selected Reading
Cisco reports perfect 10 critical remote code execution flaws in Identity Services Engine (ISE) (Beyond Machines)
Citrix releases emergency patches for actively exploited vulnerability in NetScaler Products (Beyond Machines)
CISA Warns of FortiOS Hard-Coded Credentials Vulnerability Exploited in Attacks (Cyber Security News)
CISA: AMI MegaRAC bug enabling server hijacks exploited in attacks (Bleeping Computer)
Patient's death linked to cyber attack on NHS, hospital trust says | Science, Climate & Tech News (Sky News)
British Man Charged by US in ‘IntelBroker’ Company Data Hacks (Bloomberg)
French police reportedly arrest suspected BreachForums administrators (The Record)
Potential Cyberattack Scrambles Columbia University Computer Systems (The New York Times)
Flock Removes States From National Lookup Tool After ICE and Abortion Searches Revealed (404 Media)
Student allegedly hacked Western Sydney University to get discounted parking and alter academic results | New South Wales (The Guardian)
Audience Survey
Complete our annual audience survey before August 31.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices -
Cybercriminals target financial institutions across Africa using open-source tools. Threat actors are using a technique called Authenticode stuffing to abuse ConnectWise remote access software. A fake version of SonicWall’s NetExtender VPN app steals users’ credentials. CISA and the NSA publish a guide urging the adoption of Memory Safe Languages. Researchers identify multiple security vulnerabilities affecting Brother printers. Fake AI-themed websites spread malware. Researchers track a sharp rise in signup fraud. A new Common Good Cyber Fund has been launched to support nonprofits that provide essential cybersecurity services. Tim Starks from CyberScoop joins us to discuss calls for a federal cyberinsurance backstop. A Moscow court says ‘nyet’ to more jail time for cyber crooks.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
We are again joined by Tim Starks, Senior Reporter from CyberScoop. Tim discusses his recent piece on “Federal cyber insurance backstop should be tied to expiring terrorism insurance law, report recommends.”
Selected Reading
Cybercriminals Abuse Open-Source Tools To Target Africa’s Financial Sector (Unit 42)
Hackers Abuse ConnectWise to Hide Malware (SecurityWeek)
Fake SonicWall VPN app steals user credentials (The Register)
CISA Publishes Guide to Address Memory Safety Vulnerabilities in Modern Software Development (GB Hackers)
New Vulnerabilities Expose Millions of Brother Printers to Hacking (SecurityWeek)
Black Hat SEO Poisoning Search Engine Results For AI (ThreatLabz)
Half of Customer Signups Are Now Fraudulent (Infosecurity Magazine)
Common Good Cyber Fund Launched to Support Non-Profit Security Efforts (Infosecurity Magazine)
Russia releases REvil members after convictions for payment card fraud (The Record)
Audience Survey
Complete our annual audience survey before August 31.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices -
Cybersecurity warnings about possible Iranian retaliation have surged. A potential act of sabotage disrupts the NATO Summit in The Hague. Canadian cybersecurity officials discover Salt Typhoon breached a major telecom provider. The U.S. House bans WhatsApp from all government devices. APT28 uses Signal chats in phishing campaigns targeting Ukrainian government entities. A China-linked APT has built a covert network of over 1,000 compromised devices for long-term espionage. FileFix is a new variant of the well-known ClickFix method. SparkKitty targets Android and iOS users for image theft. Scammers steal $4 million from Coinbase users by posing as support staff. On today’s Threat Vector, host David Moulton sits down with Tyler Shields, Principal Analyst at ESG, to discuss the fine line between thought leadership and echo chambers in the industry. War Thunder gamers just can’t resist state secrets.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
Threat Vector Segment
In this segment of Threat Vector, host David Moulton sits down with Tyler Shields, Principal Analyst at ESG, entrepreneur, and cybersecurity marketing expert, to discuss the fine line between thought leadership and echo chambers in the industry. You can hear David and Tyler's full discussion on Threat Vector â hereâ and catch new episodes every Thursday on your favorite podcast app.
Selected Reading
Warnings Ratchet Over Iranian Cyberattack (BankInfoSecurity)
NATO Summit in The Hague hit by potential sabotage as rail cables set on fire (The Record)
Canada says Salt Typhoon hacked telecom firm via Cisco flaw (BleepingComputer)
Scoop: WhatsApp banned on House staffers' devices (Axios)
APT28 hackers use Signal chats to launch new malware attacks on Ukraine (Bleeping Computer)
Chinese APT Hacking Routers to Build Espionage Infrastructure (SecurityWeek)
FileFix - A ClickFix Alternative (mr.d0x)
Photo-Stealing Spyware Sneaks Into Apple App Store, Google Play (SecurityWeek)
Hackers Impersonate Coinbase User Support To Scam Victims of $4,000,000 Before Blowing Most of Money on Gambling: ZachXBT (The Daily Hodl)
Reset the clock! War Thunder fan posts restricted Harrier data to game forum (Cyber Daily)
Audience Survey
Complete our annual audience survey before August 31.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices -
US warns of heightened risk of Iranian cyberattacks. Cyber warfare has become central to Israel and Iran’s strategies. Oxford City Council discloses data breach. Europe aiming for digital sovereignty. Michigan hospital network says data belonging to 740,000 was stolen by ransomware gang. RapperBot pivoting to attack DVRs. A picture worth a thousand wallets. New Zealand’s public sector bolsters cyber defenses. On our Industry Voices segment today, we are joined by Imran Umar, Zero Trust Lead at Booz Allen Hamilton, discussing Zero Trust and Thunderdome. And a cyberattack spoils Russia’s dairy flow.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.CyberWire Guest
On our Industry Voices segment today, we are joined by Imran Umar, Zero Trust Lead at Booz Allen Hamilton, discussing Zero Trust and Thunderdome. Hear the full conversation â hereâ . Find resources below to learn more about the topic Imran discusses.
For additional information:
Zero Trust, More Confidence
Zero Trust: Translating Results into Action
Selected Reading
US Warns of Heightened Risk of Iranian Cyber-Attacks After Military Strikes (Infosecurity Magazine)
Bank hacks, internet shutdowns and crypto heists: Here’s how the war between Israel and Iran is playing out in cyberspace (Politico)
Oxford City Council suffers breach exposing two decades of data (Bleeping Computer)
Europeans seek 'digital sovereignty' as US tech firms embrace Trump (Reuters)
Data of more than 740,000 stolen in ransomware attack on Michigan hospital network (The Record)
RapperBot Attacking DVRs to Gain Access Over Surveillance Cameras to Record Video (Cyber Security News)
CoinMarketCap Doodle Image Vulnerability Lets Attackers Run Malicious Code via API Call (GB Hackers)
NZ NCSC mandates minimum cybersecurity baseline for public sector agencies, sets October deadline (Industrial Cyber)
Russian dairy supply disrupted by cyberattack on animal certification system (The Record)
Audience Survey
Complete our annual audience survey before August 31.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices -
Please enjoy this encore of Career Notes.
Jadee Hanson, CIO and CISO at Code 42, started her technology journey thanks to the help of a teacher in high school. She began college studying computer science and ended with a degree in computer information systems as it had more of the business side. Working in the private sector for companies such as Deloitte, Target and Code 42, Jadee gained experience and specialized in insider risk. She notes "utopia for me and my team is to get to a spot where the team is just firing on all cylinders and being really proactive about what's coming and what's changing." Jadee mentions she tries hard to do things that might scare her every day. For those interested in the field, especially young women, Jadee recommends they get involved and then stay curious. We thank Jadee for sharing her story with us.
Learn more about your ad choices. Visit megaphone.fm/adchoices -
Dustin Childs, Head of Threat Awareness at Trend Micro Zero Day Initiative, joins to discuss their work on "ZDI-23-1527 and ZDI-23-1528: The Potential Impact of Overly Permissive SAS Tokens on PC Manager Supply Chains." The research explores two critical vulnerabilities (ZDI-23-1527 and ZDI-23-1528) that could have enabled attackers to hijack the Microsoft PC Manager supply chain via overly permissive SAS tokens in WinGet and official Microsoft domains.
While the issues have since been resolved, the findings highlight how misconfigured cloud storage access can put trusted software distribution at risk. The post also includes detection strategies to help defenders identify and mitigate similar threats.
The research can be found here:
ZDI-23-1527 and ZDI-23-1528: The Potential Impact of Overly Permissive SAS Tokens on PC Manager Supply Chains
Learn more about your ad choices. Visit megaphone.fm/adchoices -
An historic data breach that wasn’t. Aflac says it stopped a ransomware attack. Cloudflare thwarts a record breaking DDoS attack. Mocha Manakin combines clever social engineering with custom-built malware. The Godfather Android trojan uses a sophisticated virtualization technique to hijack banking and crypto apps. A British expert on Russian information warfare is targeted in a sophisticated spear phishing campaign. A federal judge dismisses a lawsuit against CrowdStrike filed by airline passengers. Banana Squad disguises malicious code as legitimate open-source software. The U.S. Justice Department wants to seize over $225 million in cryptocurrency linked to romance and investment scams. Ben Yelin explains the recent Oversight Committee request for Microsoft to hand over GitHub logs related to alleged DOGE misconduct. This one weird audio trick leaves AI scam calls speechless.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
Today, we are joined Ben Yelin, co host of Caveat podcast and Program Director for Public Policy & External Affairs at the University of Maryland Center for Health and Homeland Security, discussing the recent Oversight Committee request for Microsoft to hand over GitHub logs related to alleged misconduct by Elon Musk’s "Department of Government Efficiency" (DOGE). You can learn more here.
Selected Reading
No, the 16 billion credentials leak is not a new data breach (Bleeping Computer)
Aflac says it stopped ransomware attack launched by ‘sophisticated cybercrime group’ (The Record)
Record-Breaking 7.3 Tbps DDoS Attack Targets Hosting Provider (SecurityWeek)
New Mocha Manakin Malware Deploys NodeInitRAT via Clickfix Attack (Hackread)
Godfather Android Trojan Creates Sandbox on Infected Devices (SecurityWeek)
Russia Expert Falls Prey to Elite Hackers Disguised as US Officials (Infosecurity Magazine)
Judge Axes Flight Disruption Suit Tied to CrowdStrike Outage (GovInfo Security)
Banana Squad Hides Data-Stealing Malware in Fake GitHub Repositories (Hackread)
DOJ moves to seize $225 million in crypto stolen by scammers (The Record)
Boffins devise voice-altering tech to jam 'vishing' ploys (The Register)
Audience Survey
Complete our annual audience survey before August 31.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices -
We put together an open conversation between our podcast hosts, CyberWire Daily's Dave Bittner, T-Minus Space Daily’s Maria Varmazis, and CISO Perspectives podcast’s Kim Jones. Their conversation goes deeper than just the historical significance of Juneteenth, diving into candid conversations on allyship, representation, and the enduring value of diversity in the cybersecurity and space fields. Grab your coffee and join us in the room.
Resources:
Juneteenth
CISO Perspectives podcast:
Does diversity matter in cyber?
Mid season reflection with Kim Jones.
T-Minus Space Daily podcast:
Dr. Sian Proctor sharing her poem "Space to Inspire" on Instagram.
Deep Space: Inspiration4 with Dr. Sian “Leo” Proctor.
Learn more about your ad choices. Visit megaphone.fm/adchoices -
Viasat confirms it was breached by Salt Typhoon. Microsoft’s June 2025 security update giveth, and Microsoft’s June 2025 security update taketh away. Local privilege escalation flaws grant root access on major Linux distributions. BeyondTrust patches a critical remote code execution flaw. SMS low cost routing exposes users to serious risks. Erie Insurance says their ongoing outage isn’t ransomware. Backups are no good if you can’t find them. Veeam patches a critical vulnerability in its Backup software. SuperCard malware steals payment card data for ATM fraud and direct bank transfers. We preview our Juneteenth special edition. Backing up humanity.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
Today, we are sharing an excerpt of our Juneteenth Special Edition conversation between Dave Bittner, T-Minus Space Daily’s Maria Varmazis, and CISO Perspectives podcast’s Kim Jones. Enjoy this discussion on the eve of Juneteenth and tune into your CyberWire Daily feed tomorrow on your favorite podcast app to hear the full conversation.
Selected Reading
Viasat hacked by China-backed Salt Typhoon in 2024 US telecom attacks (Cybernews)
Microsoft's June Patches Unleash a Cascade of Critical Failures (WinBuzzer)
New Linux udisks flaw lets attackers get root on major Linux distros (Bleeping Computer)
BeyondTrust warns of pre-auth RCE in Remote Support software (Bleeping Computer)
Two Factor Insecurity (Lighthouse Reports)
Erie Insurance: ‘No Evidence’ of Ransomware in Network Outage (Insurance Journal)
Half of organizations struggle to locate backup data, report finds (SC Media)
New Veeam RCE flaw lets domain users hack backup servers (Bleeping Computer)
Russia detects first SuperCard malware attacks skimming bank data via NFC (The Record)
Why one man is archiving human-made content from before the AI explosion (Ars Technica)
Audience Survey
Complete our annual audience survey before August 31.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices -
A House oversight committee requests DOGE documents from Microsoft. Predatory Sparrow claims a cyberattack on an Iranian bank. Microsoft says data that happens in Europe will stay in Europe. A complex malware campaign is using heavily obfuscated Visual Basic files to deploy RATs. A widely used CMS platform suffers potential RCE bugs. North Korea’s Kimsuky targets academic institutions using password-protected research documents. Asus patches a high-severity vulnerability in its Armoury Crate software. CISA’s new leader remains in confirmation limbo. Our guest is Brian Downey, VP of Product Management from Barracuda, talking about how security sprawl increases risk. Operation Fluffy Narwhal thinks it’s time to rethink adversary naming.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
We are joined by Brian Downey, VP of Product Marketing and Product Management from Barracuda, talking about how security sprawl increases risk. You can find more information about what Brian discussed here.
Selected Reading
Following Whistleblower Reports, Acting Ranking Member Lynch Demands Microsoft Hand Over Information on DOGE’s Misconduct at NLRB | The Committee on Oversight and Accountability Democrats (House Committee on Oversight and Government Reform)
Pro-Israel hackers claim breach of Iranian bank amid military escalation (The Record)
Microsoft lays out data protection plans for European cloud customers (Reuters)
New Sophisticated Multi-Stage Malware Campaign Weaponizes VBS Files to Execute PowerShell Script (Cyber Security News)
Chained Flaws in Enterprise CMS Provider Sitecore Could Allow RCE (Infosecurity Magazine)
Beware of Weaponized Research Papers That Delivers Malware Via Password-Protected Documents (Cyber Security News)
Organizations Warned of Vulnerability Exploited Against Discontinued TP-Link Routers (SecurityWeek)
Asus Armoury Crate Vulnerability Leads to Full System Compromise (SecurityWeek)
Trump’s Pick to Lead CISA is Stuck in Confirmation Limbo (Gov Infosecurity)
Call Them What They Are: Time to Fix Cyber Threat Actor Naming (Just Security)
Audience Survey
Complete our annual audience survey before August 31.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices -
International law enforcement takes down a darknet drug marketplace. The Washington Post is investigating a cyberattack targeting several journalists' email accounts. Anubis ransomware adds destructive capabilities. The GrayAlpha threat group uses fake browser update pages to deliver advanced malware. Researchers uncover a stealthy malware campaign that hides a malicious payload in a JPEG image. Tenable patches three high-severity vulnerabilities in Nessus Agent. Attackers can disable Secure Boot on many Windows devices by exploiting a firmware flaw. Lawmakers introduce a bipartisan bill to strengthen coordination between CISA and HHS. Harry Coker reflects on his tenure as National Cyber Director. Maria Varmazis checks in with Brandon Karpf on agentic AI. When online chatbots overshare, it’s no laughing Meta.
CyberWire Guest
Joining us today to discuss Agentic AI and it relates to cybersecurity and space with T-Minus Space Daily host Maria Varmazis is Brandon Karpf, friend of the show, founder of T-Minus Space Daily, and cybersecurity expert.
Selected Reading
Police seizes Archetyp Market drug marketplace, arrests admin (Bleeping Computer)
Washington Post investigating cyberattack on journalists' email accounts, source says (Reuters)
Anubis Ransomware Packs a Wiper to Permanently Delete Files (SecurityWeek)
GrayAlpha Hacker Group Weaponizes Browser Updates to Deploy PowerNet Loader and NetSupport RAT (Cyber Security News)
Malicious Payload Uncovered in JPEG Image Using Steganography and Base64 Obfuscation (Cyber Security News)
Tenable Fixes Three High-Severity Flaws in Vulnerability Scanner Nessus (Infosecurity Magazine)
Microsoft-Signed Firmware Module Bypasses Secure Boot (Gov Infosecurity)
Bipartisan bill aims to create CISA-HHS liaison for hospital cyberattacks (The Record)
Coker: We can’t have economic prosperity or national security without cybersecurity (The Record)
The Meta AI app is a privacy disaster (TechCrunch)
Audience Survey
Complete our annual audience survey before August 31.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices -
Please enjoy this encore of Career Notes.
Distinguished Cloud Strategist at Lacework, Mark Nunnikhoven, has gone from taking technology to its limits for his own understanding to providing clarity about security for others. Mark fell in love with his Commodore 128 and once he realized he could bend the machine to his will, it set him on the path to technology. While he had some bumps in the road, dropping out of high school and not following the traditional path in college, Mark did complete his masters in information security. His professional life took him from Canadian public service to the private sector where Mark noted the culture shift was an eye-opening experience. Mark always looks to learn something new and share that with others and that is evidenced as his includes teaching as a facet of his career. We thank Mark for sharing his story with us.
Learn more about your ad choices. Visit megaphone.fm/adchoices -
This week, Dave is joined by â Ziv Karlinerâ , â Pillar Securityâ ’s Co-Founder and CTO, sharing details on their work on "New Vulnerability in GitHub Copilot and Cursor: How Hackers Can Weaponize Code Agents." Vibe Coding - where developers use AI assistants like GitHub Copilot and Cursor to generate code almost instantly - has become central to how enterprises build software today. But while it’s turbo-charging development, it’s also introducing new and largely unseen cyber threats.
The team at Pillar Security identified a novel attack vector, the â "Rules File Backdoor"â , which allows attackers to manipulate these platforms into generating malicious code. It represents a new class of supply chain attacks that weaponizes AI itself, where the malicious code suggestions blend seamlessly with legitimate ones, bypassing human review and security tools.
The research can be found here:
â New Vulnerability in GitHub Copilot and Cursor: How Hackers Can Weaponize Code Agents
Learn more about your ad choices. Visit megaphone.fm/adchoices -
Cloudflare says yesterday’s widespread outage was not caused by a cyberattack. Predator mobile spyware remains highly active. Microsoft is investigating ongoing Microsoft 365 authentication services issues. An account takeover campaign targets Entra ID users by abusing a popular pen testing tool. Palo Alto Networks documents a JavaScript obfuscation method dubbed “JSFireTruck.” Trend Micro and Mitel patch multiple high-severity vulnerabilities. CISA issues multiple advisories. My Hacking Humans cohost Joe Carrigan joins us to discuss linkless recruiting scams. Uncle Sam wants an AI chatbot.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
Today, we are joined by Joe Carrigan, one of Dave’s Hacking Humans co-hosts, to talk about linkless recruiting scams. You can learn more in this article from The Record: FIN6 cybercriminals pose as job seekers on LinkedIn to hack recruiters. Tune in to Hacking Humans each Thursday on your favorite podcast app to hear the latest on the social engineering scams that are making the headlines from Joe, Dave and their co-host Maria Varmazis.
Selected Reading
Cloudflare: Outage not caused by security incident, data is safe (Bleeping Computer)
Predator Mobile Spyware Remains Consistent with New Design Changes to Evade Detection (Cyber Security News)
Microsoft confirms auth issues affecting Microsoft 365 users (Bleeping Computer)
TeamFiltration Abused in Entra ID Account Takeover Campaign (SecurityWeek)
270K websites injected with ‘JSF-ck’ obfuscated code (SC Media)
Palo Alto Networks Patches Series of Vulnerabilities (Infosecurity Magazine)
SimpleHelp Vulnerability Exploited Against Utility Billing Software Users (SecurityWeek)
Trend Micro fixes critical vulnerabilities in multiple products (Bleeping Computer)
Critical Vulnerability Exposes Many Mitel MiCollab Instances to Remote Hacking (SecurityWeek)
CISA Releases Ten Industrial Control Systems Advisories (CISA)
Trump team leaks AI plans in public GitHub repository (The Register)
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices -
Interpol’s Operation Secure dismantles a major cybercrime network, and Singapore takes down scam centers. GitLab patches multiple vulnerabilities in its DevSecOps platform. Researchers unveil a covert method for exfiltrating data using smartwatches. EchoLeak allows for data exfiltration from Microsoft Copilot. Journalists are confirmed targets of Paragon’s Graphite spyware. France calls for comments on tracking pixels. Fog ransomware operators deploy an unusual mix of tools. Skeleton Spider targets recruiters by posing as job seekers on LinkedIn and Indeed. Erie Insurance suffers ongoing outages following a cyberattack. Our N2K Lead Analyst Ethan Cook shares insights on Trump’s antitrust policies. DNS neglect leads to AI subdomain exploits.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
Today, we share a selection from today’s Caveat podcast where Dave Bittner and Ben Yelin are joined by N2K’s Lead Analyst, Ethan Cook, to take a Policy Deep Dive into “The art of the breakup: Trump’s antitrust surge.” You can listen to the full episode here and find new episodes of Caveat in your favorite podcast app each Thursday.
Selected Reading
Interpol takes down 20,000 malicious IPs and domains (Cybernews)
Singapore leads multinational operation to shutter scam centers tied to $225 million in thefts (The Record)
GitLab patches high severity account takeover, missing auth issues (Bleeping Computer)
SmartAttack uses smartwatches to steal data from air-gapped systems (Bleeping Computer)
Critical vulnerability in Microsoft 365 Copilot AI called EchoLeak enabled data exfiltration (Beyond Machines)
Researchers confirm two journalists were hacked with Paragon spyware (TechCrunch)
Tracking pixels: CNIL launches public consultation on its draft recommendation (CNIL)
Fog ransomware attack uses unusual mix of legitimate and open-source tools (Bleeping Computer)
FIN6 cybercriminals pose as job seekers on LinkedIn to hack recruiters (The Record)
Erie Insurance confirms cyberattack behind business disruptions (Bleeping Computer)
Why Was Nvidia Hosting Blogs About 'Brazilian Facesitting Fart Games'? (404 Media)
Secure your public DNS presence from subdomain takeovers and dangling DNS exploits (Silent Push)
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices -
Patch Tuesday. Mozilla patches two critical FireFox security flaws. A critical flaw in Salesforce OmniStudio exposes sensitive customer data stored in plain text. The Badbox botnet continues to evolve. AI-powered “ghost students” enrolling in online college courses to steal government funds. Hackers steal nearly 300,000 vehicle crash reports from the Texas Department of Transportation. ConnectWise rotates its digital code signing certificates. The chair of the House Homeland Security Committee announces his upcoming retirement. Our guest is Matt Radolec, VP of Incident Response, Cloud Operations & SE EU from Varonis, wondering if AI may be the Cerberus of our time. Friendly skies…or friendly spies?
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
On our Industry Voices segment, we have Matt Radolec, VP of Incident Response, Cloud Operations & SE EU from Varonis, sharing insights on AI: The Cerberus of our time. You can hear Matt’s full interview here. The State of Data Security: Quantifying AI’s Impact on Data Risk report from Varonis reveals how much sensitive data is exposed and at risk in the AI era. Learn more and get State of Data Security Report.
Selected Reading
Microsoft warns of 66 flaws to fix for this Patch Tuesday, and two are under active attack (The Register)
Microsoft slows Windows 11 24H2 Patch Tuesday due to a 'compatibility issue' (The Register)
ICS Patch Tuesday: Vulnerabilities Addressed by Siemens, Schneider, Aveva, CISA (SecurityWeek)
Firefox Patches Multiple Vulnerabilities That Could Lead to Browser Crash (Cyber Security News)
Salesforce OmniStudio Vulnerabilities Exposes Sensitive Customer Data in Plain Text (Cyber Security News)
CISO who helped unmask Badbox warns: Version 3 is coming (The Register)
How Scammers Are Using AI to Steal College Financial Aid (SecurityWeek)
300K Crash Reports Stolen in Texas DOT Hack (BankInfoSecurity)
ConnectWise rotating code signing certificates over security concerns (Bleeping Computer)
House Homeland Chairman Mark Green’s departure could leave congressional cyber agenda in limbo (CyberScoop)
Airlines Don't Want You to Know They Sold Your Flight Data to DHS (404 Media)
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices -
An unsecured Chroma database exposes personal information of Canva Creators. A researcher brute-forces Google phone numbers. Five zero-day vulnerabilities in Salesforce Industry Cloud are uncovered. Librarian Ghouls target Russian organizations with stealthy malware. SAP releases multiple security patches including a critical fix for a NetWeaver bug. Sensata Technologies confirms the theft of sensitive personal data during an April ransomware attack.SentinelOne warns of targeted cyber-espionage attempts by China-linked threat actors. Skitnet gains traction amongst ransomware gangs. The UK’s NHS issues an urgent appeal for blood donors. On today’s Threat Vector, host David Moulton talks with Arjun Bhatnagar, CEO of Cloaked, about why protecting your digital privacy is more urgent than ever. The FBI’s Cyber Division welcomes a new leader.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
Threat Vector Segment
In this segment of Threat Vector, host David Moulton talks with Arjun Bhatnagar, CEO of Cloaked, about why protecting your digital privacy is more urgent than ever. From building better cybersecurity habits to understanding the hidden risks in everyday apps, Arjun shares practical advice that listeners can use immediately. You can hear David and Arjun's full discussion on Threat Vector â hereâ and catch new episodes every Thursday on your favorite podcast app.
Selected Reading
Canva Creators' Data Exposed Via AI Chatbot Company Database (Cyber Security News)
Google brute-force attack exposes phone numbers in minutes (The Register)
Five Zero-Days, 15 Misconfigurations Found in Salesforce Industry Cloud (SecurityWeek)
'Librarian Ghouls' APT Group Actively Attacking Organizations To Deploy Malware (Cyber Security News)
Critical Vulnerability Patched in SAP NetWeaver (SecurityWeek)
Sensitive Information Stolen in Sensata Ransomware Attack (SecurityWeek)
SentinelOne Warns Cybersecurity Vendors of Chinese Attacks (Infosecurity Magazine)
Skitnet Malware Actively Adopted by Ransomware Gangs to Enhance Operational Efficiency (GB Hackers)
NHS calls for 1 million blood donors as UK stocks remain low following cyberattack (The Record) – mentioning this in the Briefing
Brett Leatherman to follow Bryan Vorndran as head of FBI Cyber Division (The Record)
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices -
A new White House executive Order overhauls U.S. cybersecurity policy. The EU updates its “cybersecurity blueprint”. The Pentagon’s inspector general investigates Defense Secretary Hegseth’s Signal messages. Chinese hackers target U.S. smartphones. A new Mirai botnet variant drops malware on vulnerable DVRs. 17 popular Gluestack packages on NPM have been compromised. Attackers exploit vulnerabilities in Fortigate security appliances to deploy Qilin ransomware. A Nigerian man gets five years in prison for a hacking and fraud scheme. Our guest is Tim Starks from CyberScoop, discussing Sean Cairncross’ journey toward confirmation as the next National Cyber Director. Fire Stick flicks spark a full-on legal blitz.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
Today we are joined by Tim Starks from CyberScoop, to discuss Sean Cairncross, who’s bringing a focus on policy coordination if confirmed as the next National Cyber Director.
Selected Reading
Trump Administration Revises Cybersecurity Rules, Replaces Biden Order (Infosecurity Magazine)
Europe arms itself against cyber catastrophe (Politico)
Pentagon watchdog investigates if staffers were asked to delete Hegseth’s Signal messages (Associated Press)
Chinese hackers and user lapses turn smartphones into a 'mobile security crisis' (Associated Press)
iMessage Zero-Click Attacks Suspected in Targeting of High-Value EU, US Individuals (SecurityWeek)
New Mirai botnet infect TBK DVR devices via command injection flaw (Bleeping Computer)
Malware found in NPM packages with 1 million weekly downloads (Bleeping Computer)
Hackers Actively Exploiting Fortigate Vulnerabilities to Deploy Qilin Ransomware (Cyber Security News)
Nigerian Involved in Hacking US Tax Preparation Firms Sentenced to Prison (SecurityWeek)
Hacked Fire Sticks now come with more than just malware – a possible jail sentence (Cybernews)
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices - Näytä enemmän
![A tale of two botnets. [Research Saturday]](https://is5-ssl.mzstatic.com/image/thumb/Podcasts116/v4/12/16/ca/1216caa3-af21-5352-8400-c6e0e84332b5/mza_6844882071149318753.jpg/80x80bb.jpg)