Episodi
-
Viasat confirms it was breached by Salt Typhoon. Microsoft’s June 2025 security update giveth, and Microsoft’s June 2025 security update taketh away. Local privilege escalation flaws grant root access on major Linux distributions. BeyondTrust patches a critical remote code execution flaw. SMS low cost routing exposes users to serious risks. Erie Insurance says their ongoing outage isn’t ransomware. Backups are no good if you can’t find them. Veeam patches a critical vulnerability in its Backup software. SuperCard malware steals payment card data for ATM fraud and direct bank transfers. We preview our Juneteenth special edition. Backing up humanity.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
Today, we are sharing an excerpt of our Juneteenth Special Edition conversation between Dave Bittner, T-Minus Space Daily’s Maria Varmazis, and CISO Perspectives podcast’s Kim Jones. Enjoy this discussion on the eve of Juneteenth and tune into your CyberWire Daily feed tomorrow on your favorite podcast app to hear the full conversation.
Selected Reading
Viasat hacked by China-backed Salt Typhoon in 2024 US telecom attacks (Cybernews)
Microsoft's June Patches Unleash a Cascade of Critical Failures (WinBuzzer)
New Linux udisks flaw lets attackers get root on major Linux distros (Bleeping Computer)
BeyondTrust warns of pre-auth RCE in Remote Support software (Bleeping Computer)
Two Factor Insecurity (Lighthouse Reports)
Erie Insurance: ‘No Evidence’ of Ransomware in Network Outage (Insurance Journal)
Half of organizations struggle to locate backup data, report finds (SC Media)
New Veeam RCE flaw lets domain users hack backup servers (Bleeping Computer)
Russia detects first SuperCard malware attacks skimming bank data via NFC (The Record)
Why one man is archiving human-made content from before the AI explosion (Ars Technica)
Audience Survey
Complete our annual audience survey before August 31.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices -
A House oversight committee requests DOGE documents from Microsoft. Predatory Sparrow claims a cyberattack on an Iranian bank. Microsoft says data that happens in Europe will stay in Europe. A complex malware campaign is using heavily obfuscated Visual Basic files to deploy RATs. A widely used CMS platform suffers potential RCE bugs. North Korea’s Kimsuky targets academic institutions using password-protected research documents. Asus patches a high-severity vulnerability in its Armoury Crate software. CISA’s new leader remains in confirmation limbo. Our guest is Brian Downey, VP of Product Management from Barracuda, talking about how security sprawl increases risk. Operation Fluffy Narwhal thinks it’s time to rethink adversary naming.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
We are joined by Brian Downey, VP of Product Marketing and Product Management from Barracuda, talking about how security sprawl increases risk. You can find more information about what Brian discussed here.
Selected Reading
Following Whistleblower Reports, Acting Ranking Member Lynch Demands Microsoft Hand Over Information on DOGE’s Misconduct at NLRB | The Committee on Oversight and Accountability Democrats (House Committee on Oversight and Government Reform)
Pro-Israel hackers claim breach of Iranian bank amid military escalation (The Record)
Microsoft lays out data protection plans for European cloud customers (Reuters)
New Sophisticated Multi-Stage Malware Campaign Weaponizes VBS Files to Execute PowerShell Script (Cyber Security News)
Chained Flaws in Enterprise CMS Provider Sitecore Could Allow RCE (Infosecurity Magazine)
Beware of Weaponized Research Papers That Delivers Malware Via Password-Protected Documents (Cyber Security News)
Organizations Warned of Vulnerability Exploited Against Discontinued TP-Link Routers (SecurityWeek)
Asus Armoury Crate Vulnerability Leads to Full System Compromise (SecurityWeek)
Trump’s Pick to Lead CISA is Stuck in Confirmation Limbo (Gov Infosecurity)
Call Them What They Are: Time to Fix Cyber Threat Actor Naming (Just Security)
Audience Survey
Complete our annual audience survey before August 31.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices -
Episodi mancanti?
-
International law enforcement takes down a darknet drug marketplace. The Washington Post is investigating a cyberattack targeting several journalists' email accounts. Anubis ransomware adds destructive capabilities. The GrayAlpha threat group uses fake browser update pages to deliver advanced malware. Researchers uncover a stealthy malware campaign that hides a malicious payload in a JPEG image. Tenable patches three high-severity vulnerabilities in Nessus Agent. Attackers can disable Secure Boot on many Windows devices by exploiting a firmware flaw. Lawmakers introduce a bipartisan bill to strengthen coordination between CISA and HHS. Harry Coker reflects on his tenure as National Cyber Director. Maria Varmazis checks in with Brandon Karpf on agentic AI. When online chatbots overshare, it’s no laughing Meta.
CyberWire Guest
Joining us today to discuss Agentic AI and it relates to cybersecurity and space with T-Minus Space Daily host Maria Varmazis is Brandon Karpf, friend of the show, founder of T-Minus Space Daily, and cybersecurity expert.
Selected Reading
Police seizes Archetyp Market drug marketplace, arrests admin (Bleeping Computer)
Washington Post investigating cyberattack on journalists' email accounts, source says (Reuters)
Anubis Ransomware Packs a Wiper to Permanently Delete Files (SecurityWeek)
GrayAlpha Hacker Group Weaponizes Browser Updates to Deploy PowerNet Loader and NetSupport RAT (Cyber Security News)
Malicious Payload Uncovered in JPEG Image Using Steganography and Base64 Obfuscation (Cyber Security News)
Tenable Fixes Three High-Severity Flaws in Vulnerability Scanner Nessus (Infosecurity Magazine)
Microsoft-Signed Firmware Module Bypasses Secure Boot (Gov Infosecurity)
Bipartisan bill aims to create CISA-HHS liaison for hospital cyberattacks (The Record)
Coker: We can’t have economic prosperity or national security without cybersecurity (The Record)
The Meta AI app is a privacy disaster (TechCrunch)
Audience Survey
Complete our annual audience survey before August 31.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices -
Please enjoy this encore of Career Notes.
Distinguished Cloud Strategist at Lacework, Mark Nunnikhoven, has gone from taking technology to its limits for his own understanding to providing clarity about security for others. Mark fell in love with his Commodore 128 and once he realized he could bend the machine to his will, it set him on the path to technology. While he had some bumps in the road, dropping out of high school and not following the traditional path in college, Mark did complete his masters in information security. His professional life took him from Canadian public service to the private sector where Mark noted the culture shift was an eye-opening experience. Mark always looks to learn something new and share that with others and that is evidenced as his includes teaching as a facet of his career. We thank Mark for sharing his story with us.
Learn more about your ad choices. Visit megaphone.fm/adchoices -
This week, Dave is joined by Ziv Karliner, Pillar Security’s Co-Founder and CTO, sharing details on their work on "New Vulnerability in GitHub Copilot and Cursor: How Hackers Can Weaponize Code Agents." Vibe Coding - where developers use AI assistants like GitHub Copilot and Cursor to generate code almost instantly - has become central to how enterprises build software today. But while it’s turbo-charging development, it’s also introducing new and largely unseen cyber threats.
The team at Pillar Security identified a novel attack vector, the "Rules File Backdoor", which allows attackers to manipulate these platforms into generating malicious code. It represents a new class of supply chain attacks that weaponizes AI itself, where the malicious code suggestions blend seamlessly with legitimate ones, bypassing human review and security tools.
The research can be found here:
New Vulnerability in GitHub Copilot and Cursor: How Hackers Can Weaponize Code Agents
Learn more about your ad choices. Visit megaphone.fm/adchoices -
Cloudflare says yesterday’s widespread outage was not caused by a cyberattack. Predator mobile spyware remains highly active. Microsoft is investigating ongoing Microsoft 365 authentication services issues. An account takeover campaign targets Entra ID users by abusing a popular pen testing tool. Palo Alto Networks documents a JavaScript obfuscation method dubbed “JSFireTruck.” Trend Micro and Mitel patch multiple high-severity vulnerabilities. CISA issues multiple advisories. My Hacking Humans cohost Joe Carrigan joins us to discuss linkless recruiting scams. Uncle Sam wants an AI chatbot.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
Today, we are joined by Joe Carrigan, one of Dave’s Hacking Humans co-hosts, to talk about linkless recruiting scams. You can learn more in this article from The Record: FIN6 cybercriminals pose as job seekers on LinkedIn to hack recruiters. Tune in to Hacking Humans each Thursday on your favorite podcast app to hear the latest on the social engineering scams that are making the headlines from Joe, Dave and their co-host Maria Varmazis.
Selected Reading
Cloudflare: Outage not caused by security incident, data is safe (Bleeping Computer)
Predator Mobile Spyware Remains Consistent with New Design Changes to Evade Detection (Cyber Security News)
Microsoft confirms auth issues affecting Microsoft 365 users (Bleeping Computer)
TeamFiltration Abused in Entra ID Account Takeover Campaign (SecurityWeek)
270K websites injected with ‘JSF-ck’ obfuscated code (SC Media)
Palo Alto Networks Patches Series of Vulnerabilities (Infosecurity Magazine)
SimpleHelp Vulnerability Exploited Against Utility Billing Software Users (SecurityWeek)
Trend Micro fixes critical vulnerabilities in multiple products (Bleeping Computer)
Critical Vulnerability Exposes Many Mitel MiCollab Instances to Remote Hacking (SecurityWeek)
CISA Releases Ten Industrial Control Systems Advisories (CISA)
Trump team leaks AI plans in public GitHub repository (The Register)
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices -
Interpol’s Operation Secure dismantles a major cybercrime network, and Singapore takes down scam centers. GitLab patches multiple vulnerabilities in its DevSecOps platform. Researchers unveil a covert method for exfiltrating data using smartwatches. EchoLeak allows for data exfiltration from Microsoft Copilot. Journalists are confirmed targets of Paragon’s Graphite spyware. France calls for comments on tracking pixels. Fog ransomware operators deploy an unusual mix of tools. Skeleton Spider targets recruiters by posing as job seekers on LinkedIn and Indeed. Erie Insurance suffers ongoing outages following a cyberattack. Our N2K Lead Analyst Ethan Cook shares insights on Trump’s antitrust policies. DNS neglect leads to AI subdomain exploits.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
Today, we share a selection from today’s Caveat podcast where Dave Bittner and Ben Yelin are joined by N2K’s Lead Analyst, Ethan Cook, to take a Policy Deep Dive into “The art of the breakup: Trump’s antitrust surge.” You can listen to the full episode here and find new episodes of Caveat in your favorite podcast app each Thursday.
Selected Reading
Interpol takes down 20,000 malicious IPs and domains (Cybernews)
Singapore leads multinational operation to shutter scam centers tied to $225 million in thefts (The Record)
GitLab patches high severity account takeover, missing auth issues (Bleeping Computer)
SmartAttack uses smartwatches to steal data from air-gapped systems (Bleeping Computer)
Critical vulnerability in Microsoft 365 Copilot AI called EchoLeak enabled data exfiltration (Beyond Machines)
Researchers confirm two journalists were hacked with Paragon spyware (TechCrunch)
Tracking pixels: CNIL launches public consultation on its draft recommendation (CNIL)
Fog ransomware attack uses unusual mix of legitimate and open-source tools (Bleeping Computer)
FIN6 cybercriminals pose as job seekers on LinkedIn to hack recruiters (The Record)
Erie Insurance confirms cyberattack behind business disruptions (Bleeping Computer)
Why Was Nvidia Hosting Blogs About 'Brazilian Facesitting Fart Games'? (404 Media)
Secure your public DNS presence from subdomain takeovers and dangling DNS exploits (Silent Push)
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices -
Patch Tuesday. Mozilla patches two critical FireFox security flaws. A critical flaw in Salesforce OmniStudio exposes sensitive customer data stored in plain text. The Badbox botnet continues to evolve. AI-powered “ghost students” enrolling in online college courses to steal government funds. Hackers steal nearly 300,000 vehicle crash reports from the Texas Department of Transportation. ConnectWise rotates its digital code signing certificates. The chair of the House Homeland Security Committee announces his upcoming retirement. Our guest is Matt Radolec, VP of Incident Response, Cloud Operations & SE EU from Varonis, wondering if AI may be the Cerberus of our time. Friendly skies…or friendly spies?
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
On our Industry Voices segment, we have Matt Radolec, VP of Incident Response, Cloud Operations & SE EU from Varonis, sharing insights on AI: The Cerberus of our time. You can hear Matt’s full interview here. The State of Data Security: Quantifying AI’s Impact on Data Risk report from Varonis reveals how much sensitive data is exposed and at risk in the AI era. Learn more and get State of Data Security Report.
Selected Reading
Microsoft warns of 66 flaws to fix for this Patch Tuesday, and two are under active attack (The Register)
Microsoft slows Windows 11 24H2 Patch Tuesday due to a 'compatibility issue' (The Register)
ICS Patch Tuesday: Vulnerabilities Addressed by Siemens, Schneider, Aveva, CISA (SecurityWeek)
Firefox Patches Multiple Vulnerabilities That Could Lead to Browser Crash (Cyber Security News)
Salesforce OmniStudio Vulnerabilities Exposes Sensitive Customer Data in Plain Text (Cyber Security News)
CISO who helped unmask Badbox warns: Version 3 is coming (The Register)
How Scammers Are Using AI to Steal College Financial Aid (SecurityWeek)
300K Crash Reports Stolen in Texas DOT Hack (BankInfoSecurity)
ConnectWise rotating code signing certificates over security concerns (Bleeping Computer)
House Homeland Chairman Mark Green’s departure could leave congressional cyber agenda in limbo (CyberScoop)
Airlines Don't Want You to Know They Sold Your Flight Data to DHS (404 Media)
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices -
An unsecured Chroma database exposes personal information of Canva Creators. A researcher brute-forces Google phone numbers. Five zero-day vulnerabilities in Salesforce Industry Cloud are uncovered. Librarian Ghouls target Russian organizations with stealthy malware. SAP releases multiple security patches including a critical fix for a NetWeaver bug. Sensata Technologies confirms the theft of sensitive personal data during an April ransomware attack.SentinelOne warns of targeted cyber-espionage attempts by China-linked threat actors. Skitnet gains traction amongst ransomware gangs. The UK’s NHS issues an urgent appeal for blood donors. On today’s Threat Vector, host David Moulton talks with Arjun Bhatnagar, CEO of Cloaked, about why protecting your digital privacy is more urgent than ever. The FBI’s Cyber Division welcomes a new leader.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
Threat Vector Segment
In this segment of Threat Vector, host David Moulton talks with Arjun Bhatnagar, CEO of Cloaked, about why protecting your digital privacy is more urgent than ever. From building better cybersecurity habits to understanding the hidden risks in everyday apps, Arjun shares practical advice that listeners can use immediately. You can hear David and Arjun's full discussion on Threat Vector here and catch new episodes every Thursday on your favorite podcast app.
Selected Reading
Canva Creators' Data Exposed Via AI Chatbot Company Database (Cyber Security News)
Google brute-force attack exposes phone numbers in minutes (The Register)
Five Zero-Days, 15 Misconfigurations Found in Salesforce Industry Cloud (SecurityWeek)
'Librarian Ghouls' APT Group Actively Attacking Organizations To Deploy Malware (Cyber Security News)
Critical Vulnerability Patched in SAP NetWeaver (SecurityWeek)
Sensitive Information Stolen in Sensata Ransomware Attack (SecurityWeek)
SentinelOne Warns Cybersecurity Vendors of Chinese Attacks (Infosecurity Magazine)
Skitnet Malware Actively Adopted by Ransomware Gangs to Enhance Operational Efficiency (GB Hackers)
NHS calls for 1 million blood donors as UK stocks remain low following cyberattack (The Record) – mentioning this in the Briefing
Brett Leatherman to follow Bryan Vorndran as head of FBI Cyber Division (The Record)
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices -
A new White House executive Order overhauls U.S. cybersecurity policy. The EU updates its “cybersecurity blueprint”. The Pentagon’s inspector general investigates Defense Secretary Hegseth’s Signal messages. Chinese hackers target U.S. smartphones. A new Mirai botnet variant drops malware on vulnerable DVRs. 17 popular Gluestack packages on NPM have been compromised. Attackers exploit vulnerabilities in Fortigate security appliances to deploy Qilin ransomware. A Nigerian man gets five years in prison for a hacking and fraud scheme. Our guest is Tim Starks from CyberScoop, discussing Sean Cairncross’ journey toward confirmation as the next National Cyber Director. Fire Stick flicks spark a full-on legal blitz.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
Today we are joined by Tim Starks from CyberScoop, to discuss Sean Cairncross, who’s bringing a focus on policy coordination if confirmed as the next National Cyber Director.
Selected Reading
Trump Administration Revises Cybersecurity Rules, Replaces Biden Order (Infosecurity Magazine)
Europe arms itself against cyber catastrophe (Politico)
Pentagon watchdog investigates if staffers were asked to delete Hegseth’s Signal messages (Associated Press)
Chinese hackers and user lapses turn smartphones into a 'mobile security crisis' (Associated Press)
iMessage Zero-Click Attacks Suspected in Targeting of High-Value EU, US Individuals (SecurityWeek)
New Mirai botnet infect TBK DVR devices via command injection flaw (Bleeping Computer)
Malware found in NPM packages with 1 million weekly downloads (Bleeping Computer)
Hackers Actively Exploiting Fortigate Vulnerabilities to Deploy Qilin Ransomware (Cyber Security News)
Nigerian Involved in Hacking US Tax Preparation Firms Sentenced to Prison (SecurityWeek)
Hacked Fire Sticks now come with more than just malware – a possible jail sentence (Cybernews)
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices -
Please enjoy this encore of Career Notes.
Linux and Security Advocate at Intezer Ell Marquez shares her journey from the family ranch to security. Needing a life change due to a bunch of circumstances that had occurred that left her almost homeless, Ell found out about a six week Linux boot camp that took her down the path toward technology. She fell in love with security at at BSides Conference and hasn't looked back. Ell says she recently started a campaign called "it's okay to be new" noting that no matter how long you've been in the industry, you need to be new because technology changes so quickly. She concludes by offering one final piece of advice to everybody is just "be unapologetically yourself." We thank Ell for sharing her story with us.
Learn more about your ad choices. Visit megaphone.fm/adchoices -
This week, we are joined by Michael Gorelik, Chief Technology Officer from Morphisec, discussing their work on "New Noodlophile Stealer Distributes Via Fake AI Video Generation Platforms." A new threat dubbed Noodlophile Stealer is exploiting the popularity of AI-powered content tools by posing as fake AI video generation platforms, luring users into uploading media in exchange for malware-laced downloads.
Distributed through convincing Facebook groups and viral campaigns, the malware steals browser credentials, cryptocurrency wallets, and can deploy a remote access trojan like XWorm. The campaign uses a layered, obfuscated delivery chain disguised as legitimate video editing software, making it both deceptive and difficult to detect.
The research can be found here:
New Noodlophile Stealer Distributes Via Fake AI Video Generation Platforms
Learn more about your ad choices. Visit megaphone.fm/adchoices -
The DOJ files to seize over $7 million linked to illegal North Korean IT workers. The FBI warns of BADBOX 2.0 malware targeting IoT devices. Researchers uncover a major security flaw in Chrome extensions. ESET uncovers Iranian hackers targeting Kurdish and Iraqi government officials. Hitachi Energy, Acronis and Cisco patch critical vulnerabilities. 20 suspects are arrested in a major international CSAM takedown. Hackers exploit a critical flaw in Roundcube webmail. Today’s guest is Ian Bramson, Global Head of Industrial Cybersecurity at Black & Veatch, exploring how organizations can close the cyberattack readiness gap. ChatGPT logs are caught in a legal tug-of-war.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
Today’s guest is Ian Bramson, Global Head of Industrial Cybersecurity at Black & Veatch. Ian joins us to explore how organizations can close the cyberattack readiness gap in industrial environments—especially as cyber threats grow more sophisticated and aggressive.
Selected Reading
Department Files Civil Forfeiture Complaint Against Over $7.74M Laundered on Behalf of the North Korean Government (U.S. Department of Justice)
FBI: BADBOX 2.0 Android malware infects millions of consumer devices (Bleeping Computer)
Chrome Extensions Vulnerability Exposes API Keys, Secrets, and Tokens (Cyber Security News)
Iran-linked hackers target Kurdish and Iraqi officials in long-running cyberespionage campaign (The Record)
CISA reports critical flaw in Hitachi Energy Relion devices (Beyond Machines)
Critical security vulnerabilities discovered in Acronis Cyber Protect software (Beyond Machines)
Cisco Patches Critical ISE Vulnerability With Public PoC (SecurityWeek)
Police arrests 20 suspects for distributing child sexual abuse content (Bleeping Computer)
Hacker selling critical Roundcube webmail exploit as tech info disclosed (Bleeping Computer)– mentioning this in the Briefing
OpenAI slams court order to save all ChatGPT logs, including deleted chats (Ars Technica)
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices -
Researchers discover what may be China’s largest ever data leak. CrowdStrike cooperates with federal authorities following last year’s major software bug. A researcher discovers over half a million sensitive insurance documents exposed online. Microsoft offers free cybersecurity programs to European governments. The FBI chronicles the Play ransomware gang. Google warns a threat group is targeting Salesforce customers. A former Biden cybersecurity official warns that U.S. critical infrastructure remains highly vulnerable to cyberattacks. The State Department offers up to $10 million for information on the RedLine infostealer malware. Our guest is Anneka Gupta, Chief Product Officer at Rubrik, on the challenges of managing security across systems. Some FDA workers want to put their new Elsa AI on ice.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
Today we have Anneka Gupta, Chief Product Officer at Rubrik, talking about organizations moving to the cloud thinking security will be handled there and the challenges of managing security across systems.
Selected Reading
Largest ever data leak exposes over 4 billion user records (Cybernews)
CrowdStrike Cooperating With Federal Probes Into July Software Outage (Wall Street Journal)
Two Decades of Triangle Insurance Documents Exposed Publicly (Substack)
Microsoft offers to boost European governments' cybersecurity for free ( (Reuters)
FBI: Play ransomware gang has attacked 600 organizations since 2023 (The Record)
Google Warns of Vishing, Extortion Campaign Targeting Salesforce Customers (SecurityWeek)
‘I do not have confidence’ that US infrastructure is cyber-secure, former NSC official says (Nextgov/FCW)
China issues warrants for alleged Taiwanese hackers and bans a business for pro-independence links (AP News)
US offers $10M for tips on state hackers tied to RedLine malware (Bleeping Computer)
FDA rushed out agency-wide AI tool—it’s not going well (Ars Technica)
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices -
Researchers uncover a major privacy violation involving tracking scripts from Meta and Yandex. A compliance automation firm discloses a data breach. PumaBot stalks vulnerable IoT devices. The Ramnit banking trojan gets repurposed for ICS intrusions. The North Face suffers a credential stuffing attack. Kaspersky says the Black Owl team is a cyber threat to Russia. CISA releases ISC advisories. An Indian grocery delivery startup suffers a devastating data wiping attack. The UK welcomes their new Cyber and Electromagnetic (CyberEM) Command. Our guest is Rohan Pinto, CTO of 1Kosmos, discussing the implications of AI deepfakes for biometric security. The cybersecurity sleuths at Sophos unravel a curious caper.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
Today we are joined by Rohan Pinto, CTO of 1Kosmos, and he is discussing the implications of AI deepfakes for biometric security.
Selected Reading
Meta and Yandex are de-anonymizing Android users’ web browsing identifiers (Ars Technica)
Vanta leaks customer data due to product code change (Beyond Machines)
New Linux PumaBot Attacking IoT Devices by Brute-Forcing SSH Credentials (Cyber Security News)
Ramnit Malware Infections Spike in OT as Evidence Suggests ICS Shift (SecurityWeek)
The North Face warns customers of April credential stuffing attack (Bleeping Computer)
Pro-Ukraine hacker group Black Owl poses ‘major threat’ to Russia, Kaspersky says (The Record)
CISA Releases ICS Advisories Covering Vulnerabilities & Exploits (Cyber Security News)
Indian grocery startup KiranaPro was hacked and its servers deleted, CEO confirms (TechCrunch)
UK CyberEM Command to spearhead new era of armed conflict (The Register)
Widespread Campaign Targets Cybercriminals and Gamers (Infosecurity Magazine)
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices -
Google issues an emergency patch for a Chrome zero-day. A new malware campaign uses fake DocuSign CAPTCHA pages to trick users into installing a RAT. A high-severity Splunk vulnerability allows non-admin users to access and modify critical directories. Experts warn congress that Chinese infiltrations are preparations for war. Senators look to strengthen cybersecurity collaboration in the U.S. energy sector. Crocodilus Android malware adds fake contacts to victims’ phones. SentinelOne publishes a detailed analysis of their recent outage. Cartier leaves some of its cyber sparkle exposed. Our guest is Jon Miller, CEO and Co-founder of Halcyon, discussing Bring Your Own Vulnerable Driver (BYOVD) attacks. Microsoft and CrowdStrike tackle hacker naming…or do they?
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
Today on our Industry Voices segment, we are joined by Jon Miller, CEO and Co-founder of Halcyon who is discussing Bring Your Own Vulnerable Driver (BYOVD) attacks. Listen to Jon’s conversation here.
Selected Reading
Google patches new Chrome zero-day bug exploited in attacks (Bleeping Computer)
Fake Docusign Pages Deliver Multi-Stage NetSupport RAT Malware (Infosecurity Magazine)
Splunk Universal Forwarder on Windows Lets Non-Admin Users Access All Contents (Cyber Security News)
China hacks show they're 'preparing for war': McMaster (The Register)
FCC Proposes Rules to Ferret Out Control of Regulated Entities by Foreign Adversaries (Cooley)
US lawmakers propose legislation to expand cyber threat coordination across energy sector (Industrial Cyber)
Android malware Crocodilus adds fake contacts to spoof trusted callers (Bleeping Computer)
SentinelOne Global Service Outage Root Cause Revealed (Cyber Security News)
Romanian man pleads guilty to 'swatting' plot that targeted an ex-US president and lawmakers (AP News)
Cartier reports data breach exposing customer personal information (Beyond Machines)
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices -
An international law enforcement operation dismantles AVCheck. Trump’s 2026 budget looks to cut over one thousand positions from CISA. Cyber Command’s defensive wing gains sub-unified command status. A critical vBulletin vulnerability is actively exploited. Acreed takes over Russian markets as credential theft kingpin. Qualcomm patches three actively exploited zero-days in its Adreno GPU drivers. Researchers unveil details of a Cisco IOS XE Zero-Day. Microsoft warns a memory corruption flaw in the legacy JScript engine is under active exploitation. A closer look at the stealthy Lactrodectus loader. On today’s Afternoon Cyber Tea, Ann Johnson speaks with Hugh Thompson, RSAC program committee chair. Decoding AI hallucinations with physics.
Complete our annual audience survey before August 31.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
Today we have our Afternoon Cyber Tea segment with Ann Johnson. On today’s episode, Ann speaks with Hugh Thompson, RSAC program committee chair, as they discuss what goes into building the RSA Conference.
Selected Reading
Police takes down AVCheck site used by cybercriminals to scan malware (Bleeping Computer)
DHS budget request would cut CISA staff by 1,000 positions (Federal News Network)
Cybercom’s defensive arm elevated to sub-unified command (DefenseScoop)
vBulletin Vulnerability Exploited in the Wild (SecurityWeek)
Acreed Emerges as Dominant Infostealer Threat Following Lumma Takedown (Infosecurity Magazine)
Qualcomm fixes three Adreno GPU zero-days exploited in attacks (Bleeping Computer)
Exploit details for max severity Cisco IOS XE flaw now public (Bleeping Computer)
Microsoft Scripting Engine flaw exploited in wild, Proof-of-Concept published (Beyond Machines)
Latrodectus Malware Analysis: A Deep Dive into the Black Widow of Cyber Threats in 2025 (WardenShield)
The Root of AI Hallucinations: Physics Theory Digs Into the 'Attention' Flaw (SecurityWeek)
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices -
Please enjoy this encore of Career Notes.
Lieutenant in the US Navy and Skillbridge Fellow at the CyberWire, Brandon Karpf, knew he wanted to join the military at a young age. He achieved that through the US Naval Academy where he was a member of the men’s heavyweight rowing team. Commissioned as a cryptologic warfare officer, Brandon was sent to MIT for a graduate degree where he experienced the exact opposite of the Naval Academy’s highly structured life. Brandon’s later work with both NSA and US Cyber Command helped him gain experience and cyber operations skills. As he transitions from active duty to civilian life, Brandon shares his personal challenges and struggles during that process. Through the DoD Skillbridge Fellowship program, Brandon’s transition has him sharing his skills with the CyberWire. We thank Brandon for sharing his expertise and his story with us.
Learn more about your ad choices. Visit megaphone.fm/adchoices -
This week, we are joined by John Hammond, Principal Security Researcher at Huntress, who is sharing his PoC and research on "CVE-2025-30406 - Critical Gladinet CentreStack & Triofox Vulnerability Exploited In The Wild." A critical 9.0 severity vulnerability (CVE-2025-30406) in Gladinet CentreStack and Triofox is being actively exploited in the wild, allowing remote code execution via hardcoded cryptographic keys in default configuration files.
Huntress researchers observed compromises at multiple organizations and confirmed hundreds of vulnerable internet-exposed servers, urging immediate patching or manual machineKey updates. Mitigation guidance, detection, and remediation scripts have been released to help users identify and secure affected installations.
The research can be found here:
CVE-2025-30406 - Critical Gladinet CentreStack & Triofox Vulnerability Exploited In The Wild
Learn more about your ad choices. Visit megaphone.fm/adchoices -
SentinelOne suffers a global service outage. A major DDoS attack hits a Russian internet provider. U.S. banking groups urge the SEC to scrap cybersecurity disclosure rules. Australia mandates reporting of ransomware payments. Researchers uncover a new Browser-in-the-Middle (BitM) attack targeting Safari users. A Florida health system pays over $800,000 to settle insider breach concerns. CISA issues five urgent ICS advisories. Our guest is Matt Covington, VP of Product at BlackCloak, discussing the emergence of advanced impersonation techniques like deepfakes and the importance of digital executive protection. The feds are putting all our digital data in one basket.
CyberWire Guest
On our Industry Voices segment, at the 2025 RSA Conference, we were joined by Matt Covington, VP of Product at BlackCloak, discussing the emergence of advanced impersonation techniques like deepfakes and digital executive protection. Listen to Matt’s conversation here.
Selected Reading
Cybersecurity Firm SentinelOne Suffers Major Outage (Bank Infosecurity)
DDoS incident disrupts internet for thousands in Moscow (The Record)
Banks Want SEC to Rescind Cyberattack Disclosure Requirements (PYMNTS.com)
Australian ransomware victims now must tell the government if they pay up (The Record)
New BitM Attack Exploits Safari Vulnerability to Steal Login Credentials (Cyber Security News)
Florida Health System Pays $800K for Insider Record Snooping (Bank Infosecurity)
UTG-Q-015 Hackers Launched Large Scale Brute-Force Attacks Against Govt Web Servers (Cyber Security News)
CISA Releases Five ICS Advisories Targeting Vulnerabilities and Exploits (Cyber Security News)
Trump Taps Palantir to Compile Data on Americans (The New York Times)
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices - Mostra di più
