CyberWire Daily

N2K Networks

The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.

  1. 35 min ago

    A nightmare on Windows street.

    Nightmare Eclipse drops another Windows zero-day. The Gentlemen take the ransomware crown. CISA orders emergency Fortinet patching. Canada’s surveillance bill faces U.S. scrutiny. Meta’s Oversight Board flags AI censorship bias. Commerce tops the cyber target list. An active espionage campaign hits Bangladesh’s military. The Hewlett Foundation commits $100 million to emerging tech security. And U.S. prosecutors dismantle an alleged cyber-enabled money laundering network. Our guest is Nick Stohlman, Vice President of CJIS Strategy at Imprivata, talking about CJIS readiness and the identity security challenges facing public safety agencies. Leaked source code reveals an AI mixtape. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Nick Stohlman, Vice President of CJIS Strategy at Imprivata, talking about CJIS, Criminal Justice Information Services, readiness and the identity security challenges facing public safety agencies. Selected Reading New Windows LegacyHive zero-day gives hackers admin privileges (Bleeping Computer) The Gentlemen Overtakes Qilin as Most Prolific Ransomware Threat (Infosecurity Magazine) CISA urges immediate action on actively exploited Fortinet flaws (Bleeping Computer) Senator calls on Rubio, Blanche to push back against Canadian surveillance legislation (The Record) Meta Oversight Board finds top AI models less likely to criticize repressive regimes (Reuters) Commerce faces rising AI bot activity, escalating DDoS attacks, and new fraud tactics (Akamai) From Biography to Backdoor: Tracking a DoNot (APT-C-35) Intrusion Targeting Bangladesh Military Personnel (Cyderes) Hewlett Foundation Announces New $100 Million Emerging Technology and Security Initiative (Hewlett Foundation) US charges two over laundering $43 million from investment fraud (Bleeping Computer) Hack Reveals Suno AI Music Generator Scraped YouTube, Deezer, and Genius (404 Media) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

  2. 1 day ago

    For hackers, sharing is caring.

    CISA warns of active SharePoint attacks. The NSA pushes coordinated vulnerability disclosure. ClickLock Stealer targets macOS. Splunk and Zoom patch critical flaws. Spirals ransomware strikes in under 24 hours. New Windows evasion techniques emerge. LabubaRAT poses as NVIDIA software. 23andMe settles over its 2023 breach. Plus, a look back at one of the most audacious data center heists ever pulled off. Our guest is Ryan Kalember, Chief Strategy Officer at Proofpoint, discussing why agentic AI is creating a new insider threat. Near, far, wherever you are…the scam must go on. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Ryan Kalember, Chief Strategy Officer at Proofpoint, and he is discussing why agentic AI is creating a new insider threat. Selected Reading CISA urges immediate SharePoint hardening as exploits mount (CSO Online) NSA joins CISA and Others in Releasing the Cybersecurity Information Sheet “Establishing a Coordinated Vulnerability Disclosure Program to Work with Security Researchers” (NSA) ‘ClickLock Stealer’ Bypasses macOS Security With Social Engineering, Process Killing (SecurityWeek) Splunk, Zoom Patch Critical Vulnerabilities (SecurityWeek) New Spirals ransomware encrypts victim network in under 24 hours (Bleeping Computer) Bind Link Abuse: One Windows Feature, Many Ways to Blind Your EDR (Bitdefender) LabubaRAT: A Rust Based Remote Access Tool Masquerading as NVIDIA Software (Blackpoint Cyber) 23andMe reaches $18 million settlement with states for massive breach (The Record) How a Gang of Thieves Pulled Off a Multimillion-Dollar Data Center Heist (The New York Times) Fake Céline Dion Paris Tickets Sold on Facebook and Ticketmaster Clones (Hackread) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

  3. 2 days ago

    Patchapalooza packs a punch.

    Patch Tuesday. SonicWall urges immediate patching of actively exploited vulnerabilities.  The White House launches an AI-backed vulnerability clearinghouse. The Air Force contends with widespread cybersecurity quarantines. The UK and EU blame Russia for last year’s cyberattack on Poland’s power grid. Meta faces accusations of AI-assisted layoffs. NATO allies collaborate in space. The Pentagon offers paid cyber apprenticeships. Spanish police dismantle a cybercrime and money-laundering network. Our guest is Clark Frogley, Global Head of Fraud at Quantexa and former FBI agent, discussing the fraud-as-a-service economy and what banks are missing. Grok Build users data is cloudy with a chance of uploads.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Clark Frogley, Global Head of Fraud at Quantexa and former FBI agent, as he is discussing the fraud-as-a-service economy and what banks are missing. Selected Reading Microsoft Patches a Record 570 Security Flaws (Krebs on Security) Adobe Patches Critical ColdFusion Vulnerabilities (SecurityWeek) Vulnerabilities Patched by Fortinet, Ivanti, ServiceNow (SecurityWeek) ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Schneider, Rockwell (SecurityWeek) Critical Vulnerabilities Patched With Fresh Chrome 150, Firefox 152 Updates (SecurityWeek) SonicWall warns of SMA1000 flaws exploited in zero-day attacks, patch now (Bleeping Computer) White House announces ‘Gold Eagle’ AI clearinghouse for cyber vulnerabilities (Nextgov/FCW) Air Force network lockouts hit troops and civilians (Federal News Network) NATO Allies join forces to develop high-end space capabilities (NATO) EU and UK officially blame Russian spies for cyberattack on Poland's power grid (The Register) Meta used AI to target workers with medical conditions for layoffs, lawsuit claims (Reuters) Pentagon opens application window for paid cyber apprenticeships (DefenseScoop) Spanish Police take down €140 million cyber fraud ring, arrest four (Bleeping Computer) Musk promises purge after Grok Build caught sending entire repos to the cloud (The Register) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

  4. 3 days ago

    The ransomware toll road.

    Treasury sanctions a VPN provider tied to ransomware. The Pentagon hits pause on CMMC audits. Critical flaws surface in Google Cloud’s Dialogflow CX. Estée Lauder discloses a data breach. Mobile networks become a battlefield for tracking U.S. personnel. Australia calls out Big Tech over child safety. SAP patches critical bugs. CISA flags an actively exploited Cisco flaw. And the federal government accelerates AI investments. Our guest is Bogdan Botezatu, Senior Director, Threat Research and Reporting at Bitdefender, talking about Cyberthreats to Journalists and Influencers. AI costs savings come at a price. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Bogdan Botezatu, Senior Director, Threat Research and Reporting at Bitdefender, is talking about "Targeting the Messengers: Cyberthreats to Journalists and Influencers," their awareness campaign designed to address the escalating digital and reputational risks faced by media professionals in hostile environments. Selected Reading US sanctions VPN, malware providers for enabling ransomware attacks (Bleeping Computer) Pentagon announces 'immediate suspension' of CMMC Phase II mandates (Breaking Defense) Google Cloud Dialogflow CX vulnerability allowed AI agent hijacking | brief  (SC Media) Estée Lauder Companies Reports Data Breach Exposing Health Records and SSNs (Beyond Machines) US military targeted in Iran war phone-tracking campaign (Financial Times) Australia finds serious gaps in Big Tech response to online child sexual abuse (Reuters) SAP warns of critical flaws in NetWeaver and Commerce Cloud (Bleeping Computer) CISA adds Cisco IOS flaw to known exploited vulnerabilities catalog | brief (SC Media) Federal AI Projects Get Priority in TMF Funding Dash (GovInfo Security) Companies Are Throttling Employees’ AI Use Because It’s Too Expensive (404 Media) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

  5. 4 days ago

    State of the router.

    The U.S. and its allies warn of Russian cyber threats targeting critical infrastructure as Europe rolls out new sanctions. Apple sues OpenAI over alleged trade secret theft. Progress investigates a potential ShareFile security incident, Zimbra patches a critical flaw, and researchers uncover the new CrashStealer macOS malware. Plus, the EPA tests water utility resilience, scammers clone trusted news sites, and our Monday business briefing. Our guest is Brandon Karpf, from NTT, discussing the 11th Japan-U.S. Cyber Dialogue. Californians smash that delete button. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Brandon Karpf, friend of the show discussing the 11th Japan-U.S. Cyber Dialogue. Selected Reading US and allies warn of Russian critical infrastructure attacks (Bleeping Computer) EU sanctions Russian GRU military hackers over cyberattacks (Bleeping Computer) OpenAI Hardware Biz Built with Apple Secrets, Apple Says (Gov Infosecurity) Progress Software Warns of External Security Threat to ShareFile (Infosecurity Magazine) Zimbra Patches Critical Code Execution Vulnerability (SecurityWeek) When Hackers Cut the Internet, Will the Water Still Flow? (BankInfo Security) ‘A very good clone’: news stories faked to lure victims to scam investment sites (The Guardian) CrashStealer: C++ macOS infostealer posing as crash reporter (Jamf) Business Briefing for 07.08.26  (N2K Pro Business Briefing) 322,000 Californians sign up to have data brokers delete their personal information (Mercury News) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

  6. 10 Jul

    GoshDarn it, that’s advanced.

    Researchers track ransomware they say is getting GoshDarn sophisticated. Zimbra patches a critical vulnerability affecting its Classic Web Client. A sophisticated vishing campaign targeting Microsoft 365 accounts. GigaWiper combines espionage capabilities with multiple destructive payloads. The EU sues member states over lax cybersecurity. The NSA revives TAO. A Puerto Rican agency exposes roughly a million Social Security numbers. A former ransomware negotiator heads to prison for assisting BlackCat. Our guest is Maxim Zavodchik, Senior Director of AI Security Research at Akamai, with insights on the upcoming MCP specification. Bad Wifi leaves a trophy up for grabs.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest We are joined by Maxim Zavodchik, Senior Director of AI Security Research at Akamai sharing insights on new security risks that can arise from upcoming MCP specification. Selected Reading New Ransomware Exploits Malicious Driver to Remove Cybersecurity Protections (Infosecurity Magazine) Zimbra urges customers to patch critical web client XSS flaw (Bleeping Computer) Okta Warns of Vishing Attacks Targeting Microsoft 365 Customers (SecurityWeek) GigaWiper Combines Multiple Malware for System-Level Sabotage (SecurityWeek) Commission preliminarily finds the addictive design of Instagram and Facebook in breach of the Digital Services Act (European Commision) European Patience With Cybersecurity Laggards Snaps (BankInfoSecurity) NSA revives 'Tailored Access Operations' name for elite hacking unit (The Record) A Puerto Rico Government Agency Exposed 1 Million Social Security Numbers (ProPublica) Third US Security Expert Sentenced to Prison for Helping Ransomware Gang (SecurityWeek) Thief posed as Wi-Fi fixing hero, then stole priceless trophy (The Register) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

4.4
out of 5
74 Ratings

About

The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.

You Might Also Like