CyberWire Daily

N2K Networks
  • 4.8 (1K)
  • Tech News
  • Updated Daily

The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.

  1. 14h ago

    The Klue is in the data trail.

    Klue supply-chain attack impacts cybersecurity firms. Brand-new Prinz Eugen ransomware is surprisingly polished. ShinyHunters leak exposes sensitive data of 10,000 Council of Europe employees. Security agencies sound alarm over FortiBleed credential harvesting operation. Texas data breach affects hunting and fishing licensees. Microsoft ties Mastra AI supply chain attack to North Korean hackers. Vidar infostealer unveils new technique to defeat Chrome's encryption protections. Brazil investigates suspected hack of emergency alert system. We got your Monday business brief. On today’s Industry Voices, Dave Bittner sits down with Mike Britton, CIO of Abnormal AI, as they discuss "AI-Powered Attacks Are Now a Commodity.” And not the kind of beats you want to drop. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today’s Industry Voices, we are joined by Mike Britton, CIO of Abnormal AI, discussing "AI-Powered Attacks Are Now a Commodity — And Most Organizations Don't Know It Yet." If you enjoyed this conversation and want to hear the full interview, listen here. Selected Reading Klue OAuth breach victim list grows as Icarus hackers claim attack (BleepingComputer) Prinz Eugen ransomware: a deep dive into a new Go-based encryptor (ThreatDown by Malwarebytes) Council of Europe Data Breach: ShinyHunters Makes 10,000 Employees' Records Permanent (Tech Times) Global cybersecurity agencies warn of credential exposure in FortiBleed campaign targeting Fortinet firewalls, VPN gateways (Industrial Cyber) Everything's bigger and better in Texas – even data breaches (The Register) Microsoft links Mastra AI supply chain attack to North Korean hackers (BleepingComputer) Inside Vidar’s ABE Bypass: From Memory Scanning to APC Injections (Gen Digital) Brazil probes emergency warning system after nationwide rogue alert (The Register) Ent emerges from stealth with $100 million in seed funding. (N2K Pro Business Briefing)  Apple patches Beats Studio Buds flaw that could turn earbuds into a wiretap (Malwarebytes) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

    30 min
  2. Navigating the GPS threat landscape, with Brandon Karpf.

    2d ago

    Navigating the GPS threat landscape, with Brandon Karpf.

    Traditionally, GPS jamming attacks have been confined to the ground; however, new data shows that these attacks could be moving to target signals before they even reach the ground. In this week’s episode, host Maria Varmazis sits down with Dave Bittner and Brandon Karpf to discuss recent research that suggests the attack landscape for GPS attacks is expanding. If this research is accurate, these attacks represent a significant evolution for how defenders think about this critical technology. Key sources: Something is jamming GPS over Europe. Here's what we found. Chasing Lightning: Detecting, Characterizing, and Identifying a Powerful Space-Based GNSS Interference Source. EKS 5. Like what you heard? Be sure to subscribe to our free Signals and Space Briefing⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠, our Sunday newsletter covering the intersection of cybersecurity and space. Subscribe at: https://thecyberwire.com/newsletters/signals-and-space  Is there a topic or person you’d like to hear on our show? You can send your questions and feedback to space@n2k.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠. You can also fill our our audience survey: https://www.surveymonkey.com/r/NJYCN2P  T-Minus: Space-Cyber Briefing is a production of N2K CyberWire. N2K is your nexus for discovery and connection for people, technology, and ideas shaping the future of secure innovation. Learn how at n2k.com. Learn more about your ad choices. Visit megaphone.fm/adchoices

    32 min
  3. Vulnerability response: Built for humans, outpaced by machines. [CyberWire-X]

    2d ago

    Vulnerability response: Built for humans, outpaced by machines. [CyberWire-X]

    For years, security teams had time between discovery and exploitation. Time to triage. Time to validate. Time to prioritize what to fix first. AI has compressed that window. Frontier models now discover and chain vulnerabilities faster than human analysts can confirm them, and the gap between finding and fixing is shrinking in both directions. In this episode of CyberWire-X, N2K’s ⁠Dave Bittner⁠ and Federico Kirschbaum, Head of XBOW Security Lab, explore what it actually means to run autonomous offensive security, why validation workflows built for quarterly testing cycles struggle to keep up, and how practitioners are redefining what a tested application looks like when the pace of offense has fundamentally changed. Learn more about your ad choices. Visit megaphone.fm/adchoices

    25 min
  4. Peeling back Banana RAT. [Research Saturday]

    3d ago ·  Bonus

    Peeling back Banana RAT. [Research Saturday]

    This week, we are joined by Tom Kellermann, Trend Micro's VP of AI Security and Threat Research, discussing their work on "Inside SHADOW-WATER-063’s Banana RAT: From Build Server to Banking Fraud." Researchers from Trend Micro's MDR team uncovered the full operation behind Banana RAT, a sophisticated banking trojan they track as SHADOW-WATER-063, by analyzing both attacker infrastructure and infected victim systems. The malware uses fileless PowerShell execution, layered obfuscation, and remote-control capabilities to steal credentials, manipulate banking sessions, intercept Pix QR code payments, and facilitate financial fraud targeting Brazilian banks. The campaign appears to be operated by a Brazilian Portuguese-speaking cybercriminal group with ties to the broader Tetrade banking malware ecosystem and may be evolving toward a malware-as-a-service model. The research and executive brief can be found here: ⁠Inside SHADOW-WATER-063’s Banana RAT: From Build Server to Banking Fraud Learn more about your ad choices. Visit megaphone.fm/adchoices

    29 min
  5. CyberWire Daily at 10: A decade of leaks, espionage, and influence operations. [Special Edition]

    4d ago

    CyberWire Daily at 10: A decade of leaks, espionage, and influence operations. [Special Edition]

    In this special edition of CyberWire Daily’s 10th anniversary series, N2K CyberWire's Maria Varmazis and Dave Bittner discuss leaks, espionage and influence operations over the past 10 years. Together they reflect on a decade of cybersecurity developments, focusing on the pivotal year 2016 where a shift occurred. Join N2K as we cover the rise of nation-state cyber operations, major leaks like the Panama Papers and DNC email hacks, and the evolving landscape of cyber norms, trust, and threat perception. Learn more about your ad choices. Visit megaphone.fm/adchoices

    26 min

  6. 4d ago

    The botnet browser blues.

    International law enforcement disrupts the SocGholish botnet. The UK’s cyber chief says cybersecurity is a contest, not a risk register. Ukraine joins the EU’s cyber reserve. The Gentlemen gang sharpens its ransomware toolkit. A WordPress supply chain attack spreads malware. Critical patches land from F5, Atlassian, and Splunk. Agentjacking targets AI coding assistants. And Kodak confirms a breach claimed by ShinyHunters. Our guest is Ben Yelin from University of Maryland Center for Cyber Health and Hazard Strategies on the failure of FISA section 702 to reauthorize. Criminal coders face automation anxiety. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Ben Yelin from University of Maryland Center for Cyber Health and Hazard Strategies, and coh-host of Caveat, as he discusses the failure of FISA section 702 to reauthorize. Selected Reading Police cleans nearly 15,000 SocGholish-infected sites tied to Evil Corp (Bleeping Computer) Hostile States Behind 75% of Cyber-Attacks on UK CNI, NCSC Warns (Infosecurity Magazine) Cyberspace Locked in a Nation-State Contest, Says NCSC CEO (BankInfo Security) EU grants Ukraine access to cybersecurity reserve for major attacks (The Record) Killing me gently: Inside Gentlemen’s EDR killer framework (ESET) ShapedPlugin update flow hacked to infect WordPress sites (Bleeping Computer) F5 issues out-of-band patches for critical NGINX vulnerabilities (Bleeping Computer) Atlassian, Splunk Patch Critical Vulnerabilities (SecurityWeek) Agentjacking: Researchers Show How One Fake Bug Report Can Hijack AI Coding Agents (HackRead) Kodak Admits Data Breach After ShinyHunters Hack Claims (SecurityWeek) Cybercriminals Are Worried About AI Taking Their Jobs Too (Infosecurity Magazine) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

    25 min

  7. 5d ago

    The nominee in limbo.

    President Trump halts a key intelligence nomination. The FBI warns of a new Microsoft 365 phishing threat. France cuts ties with Palantir. A new Android banking trojan emerges. Fortinet firewalls come under attack. CISA orders emergency Joomla patching. Plus, Madison Square Garden data leaks and malware hidden in Steam wallpapers. Our guest is Christy Wyatt, CEO from Absolute Security, discussing their new ebook. The DOJ claims pollution is mission-critical.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today’s Industry Voices we are joined by Christy Wyatt, CEO from Absolute Security, discussing their ebook. If you enjoyed this conversation, check out the full interview here. Selected Reading President Trump calls to delay nomination of intel pick Jay Clayton (NPR) Warner warns of CISA cuts, staffing gaps in letter to acting chief (The Record) French spies drop AI giant Palantir over US overreliance fears (The Local) Rokarolla : Android Banker with Complete Device Takeover Capabilities (Zimperium) FortiBleed: 75,000 Fortinet Firewalls Compromised: Global Enterprises Exposed – Claim Your Ethical Disclosure (InfoStealers) CISA orders feds to patch max severity Joomla plugin flaw by Friday (Bleeping Computer) Hackers Publish Knicks and Madison Square Garden Data Online (404 Media) Gamers beware: malicious wallpapers on Steam found stealing accounts (Securelist) DHS S&T Highlights New SPARTA Resources for Defending Spacecraft Against Cyberattacks (ExecutiveGov) DOJ Lawyers Argue xAI Is ‘Vital’ for National Security in NAACP Lawsuit (WIRED) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

    32 min

  8. 6d ago

    No Mythos of escape.

    Emergency talks fail to free Anthropic’s Fable 5. Trump moves to strengthen national security systems. Microsoft patches a critical Copilot flaw. ShinyHunters weaponize a PeopleSoft zero-day. DragonForce hides in Microsoft Teams for months. Plus, Amos Stealer targets Macs, CISA issues a three-day patch deadline, Delta avoids penalties, and researchers show just how easy it is to manipulate AI search. Our guest is Mike Fey, Co-Founder & CEO at Island, discussing the architectural differences between network and modern SASE. Consulting meets confabulation. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today’s Industry Voices, we are joined by Mike Fey, Co-Founder & CEO at Island, discussing the architectural differences between network and modern SASE. If you enjoyed this conversation, check out the full interview here.  Selected Reading Anthropic Is Still at Odds With the White House Over Claude Fable 5 (WIRED) Feds freaked over Fable 5 after simple 'fix this code' prompt, not jailbreak, says researcher (The Register) White House Issues Memo to Bolster NSS Cybersecurity (SecurityWeek) Microsoft Patches Critical SearchLeak Vulnerability in Copilot Enterprise (Beyond Machines) ShinyHunters Hits Universities Via Oracle Zero-Day (GovInfo Security) DragonForce Ransomware Exploited Microsoft Teams to Hide Attack (Infosecurity Magazine) Inside Amos Stealer: How This Threat Targets macOS Credentials and Keychains (CyberProof) CISA warns of another cPanel plugin flaw exploited in attacks (Bleeping Computer) US closes probe into 2024 Delta Air Lines meltdown sparked by CrowdStrike outage (Reuters) It Is Trivially Easy to Use Reddit to Manipulate AI Search, Research Suggests (404 Media) KPMG pulls report on AI usage due to apparent hallucinations (TechCrunch) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

    32 min
See All (2K)

Hosts & Guests

4.8
out of 5
1,013 Ratings

About

The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.

Information

  • Creator
    N2K Networks
  • Years Active
    2016 - 2026
  • Episodes
    2K
  • Rating
    Clean
  • Copyright
    © 2024 N2K Networks, Inc. 706761
  • Show Website
    CyberWire Daily

You Might Also Like