CyberWire Daily

When discussing privacy risks, many often look to implementing strong encryption, secure data storage practices, and data sanitization processes to help ensure sensitive information remains protected. Though these practices are good and should be prioritized, many often miss other key areas that need just as much focus. As the internet of things has only continued to grow larger and larger, so has the risk these devices inherently create as they collect and store more information than many would instinctively assume. In this episode of CISO Perspectives, host ⁠Kim Jones⁠ sits down with Merry Marwig, the Vice President of Global Communications & Advocacy at Privacy4Cars, to explore how privacy risks are in places many do not think to look. Together, Merry and Kim discuss why security leaders need to rethink how they approach privacy and consider how the devices we use every day could inadvertently expose our sensitive information. This episode of N2K Pro's CISO Perspectives podcast is brought to you by our sponsor, Meter. Meter provides a full-stack, enterprise-grade networking solution—wired, wireless, and cellular—designed, deployed, and managed end-to-end. From hardware to software, ISP to security, Meter delivers seamless, secure, and scalable connectivity for modern business environments. Learn more about ⁠Meter⁠. Want more CISO Perspectives? Check out a companion ⁠⁠blog post⁠⁠ by our very own Ethan Cook, where he breaks down key insights, shares behind-the-scenes context, and highlights research that complements this episode. Learn more about your ad choices. Visit megaphone.fm/adchoices

Privacy is one of the most universally valued rights. Yet, despite its importance, data breaches exposing millions of people's sensitive information have become routine. Many have come to assume that their personal data has already been, or inevitably will be, compromised. Despite this reality, prioritizing privacy is more important than ever. In this episode of CISO Perspectives, host ⁠Kim Jones⁠ sits down with Kristy Westphal, the Global Security Director of Spirent Communications, to explore data privacy's impacts on cybersecurity efforts. Together, Kristy and Kim discuss why privacy cannot be an afterthought but rather must be something actively addressed through proactive security efforts, shifting security culture mindsets, and staying ahead of rapidly changing technologies. This episode of N2K Pro's CISO Perspectives podcast is brought to you by our sponsor, Meter. Meter provides a full-stack, enterprise-grade networking solution—wired, wireless, and cellular—designed, deployed, and managed end-to-end. From hardware to software, ISP to security, Meter delivers seamless, secure, and scalable connectivity for modern business environments. Learn more about ⁠Meter⁠. Want more CISO Perspectives? Check out a companion ⁠⁠blog post⁠⁠ by our very own Ethan Cook, where he breaks down key insights, shares behind-the-scenes context, and highlights research that complements this episode. Learn more about your ad choices. Visit megaphone.fm/adchoices

On this episode, host Kim Jones is joined by Ethan Cook, N2K’s lead analyst and editor, for a deeper, more reflective conversation on cybersecurity regulation, privacy, and the future of policy. This episode steps back from the news cycle to connect the dots and explore where the regulatory landscape is heading — and why it matters. Ethan, who will join the show regularly this season to provide big-picture analysis after major policy conversations, shares his perspective on the evolving balance between government oversight, innovation, and individual responsibility. This episode of N2K Pro's CISO Perspectives podcast is brought to you by our sponsor, Meter. Meter provides a full-stack, enterprise-grade networking solution—wired, wireless, and cellular—designed, deployed, and managed end-to-end. From hardware to software, ISP to security, Meter delivers seamless, secure, and scalable connectivity for modern business environments. Learn more about Meter. Learn more about your ad choices. Visit megaphone.fm/adchoices

This season on CISO Perspectives—your host, Kim Jones is digging into the issues shaping the future of cybersecurity leadership. From the regulations every CISO needs to understand, to the unexpected places privacy risks are emerging, to the new ways fraud and identity are colliding—these conversations will sharpen your strategies and strengthen your defenses. Industry leaders join the discussion to share their insights, challenges, and hard-earned lessons. Together, we’ll connect the dots across regulation, privacy, fraud, leadership, and talent—helping you build a stronger, more resilient cybersecurity ecosystem. This is CISO Perspectives. Real conversations. Real strategies. Real impact. Learn more about your ad choices. Visit megaphone.fm/adchoices

UK court blocks government's attempt to keep Apple encryption case secret. Port of Seattle says last year's breach affected 90,000 people. Verizon Call Filter App flaw exposes millions' call records. Hackers hit Australian pension funds. A global threat hiding in plain sight. Cybercriminals are yelling CAPTCH-ya! Meta retires U.S. fact-checking program. Our guest today is Rob Boyce from Accenture and he’s discussing Advanced Persistent Teenagers (APTeens). And Google’s AI Goes Under the Sea. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Rob Boyce, Global Lead for Cyber Resilience at Accenture, joins to discuss Advanced Persistent Teenagers (APTeens). Advanced Persistent Teenagers (APTeens) have rapidly become a significant enterprise risk by demonstrating capabilities once limited to organized ransomware groups, the threat from juvenile, homegrown threat-actors has risen steadily.  Selected Reading UK Effort to Keep Apple Encryption Fight Secret Blocked in Court (Bloomberg) Port of Seattle says ransomware breach impacts 90,000 people (BleepingComputer) Call Records of Millions Exposed by Verizon App Vulnerability (SecurityWeek) Cybercriminals are trying to loot Australian pension accounts in new campaign (The Record) NEPTUNE RAT Attacking Windows Users to Exfiltrate Passwords from 270+ Apps (Cyber Security News) Threat Actors Using Fake CAPTCHAs and CloudFlare Turnstile to Deliver LegionLoader (Cyber Security News)  Meta ends its fact-checking program in the US later today, replaces it with Community Notes (Techspot) Suspected Scattered Spider Hacker Pleads Guilty (SecurityWeek) This Alphabet Spin-off Brings “Fishal Recognition” to Aquaculture (IEEE Spectrum)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

This week, Dave speaks with Max Gannon of Cofense Intelligence to dive into his team's research on "The Rise of Precision-Validated Credential Theft: A New Challenge for Defenders." Threat actors continuously develop new tactics, techniques, and procedures (TTPs) to bypass existing defenses. When defenders identify these methods and implement countermeasures, attackers adapt or create more sophisticated approaches. This research explores how cybercriminals are leveling up their credential phishing tactics using Precision-Validated Phishing, a technique that leverages real-time email validation to ensure only high-value targets receive the phishing attempt. The research can be found here: The Rise of Precision-Validated Credential Theft: A New Challenge for Defenders⁠⁠⁠⁠⁠ Learn more about your ad choices. Visit megaphone.fm/adchoices

Thinking past the US 2024 Presidential Election, In part three of the series, Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses reducing the impact of propaganda in the future elections with Perry Carpenter, Chief Human Risk Management Strategist at KnowBe4 and host of the 8th Layer Insights Podcast, Nina Jankowicz, Co-Founder and CEO of the The American Sunlight Project, and Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber. Check out Part 1 & 2! Part 1: Election Propaganda Part 1: How Does Election Propaganda Work? In this episode, Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses personal defensive measures that every citizen can take—regardless of political philosophy—to resist the influence of propaganda. This foundational episode is essential for understanding how to navigate the complex landscape of election messaging. Part 2: Election Propaganda: Part 2: Modern propaganda efforts. In preparation for the US 2024 Presidential Election, Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses recent international propaganda efforts in the form of nation state interference and influence operations as well as domestic campaigns designed to split the target country into opposing camps. Guests include Nina Jankowicz, Co-Founder and CEO of the The American Sunlight Project and Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber. References: Rick Howard, 2024. Election Propaganda Part 1: How does election propaganda work? [3 Part Podcast Series]. The CyberWire. Rick Howard, 2024. Election Propaganda: Part 2: Modern propaganda efforts. [3 Part Podcast Series]. The CyberWire. Christopher Chabris, Daniel Simons, 2010. The Invisible Gorilla: And Other Ways Our Intuitions Deceive Us [Book]. Goodreads. Chris Palmer, 2010. TFL Viral - Awareness Test (Moonwalking Bear) [Explainer]. YouTube. David Ehl, 2024. Why Meta is now banning Russian propaganda [News]. Deutsche Welle. Eli Pariser, 2011. The Filter Bubble: What the Internet is Hiding From You [Book]. Goodreads. Kara Swisher, Julia Davis, Alex Stamos, Brandy Zadrozny, 2024. Useful Idiots? How Right-Wing Influencers Got $ to Spread Russian Propaganda [Podcast]. On with Kara Swisher. Nate Silver, 2024. What’s behind Trump’s surge in prediction markets? [Analysis]. Silver Bulletin. Niha Masih, 2024. Meta bans Russian state media outlet RT for acts of ‘foreign interference’ [News]. The Washington Post. Nilay Patel, 2024. The AI election deepfakes have arrived [Podcast]. Decoder. Nina Jankowicz, 2020. How to Lose the Information War: Russia, Fake News and the Future of Conflict [Book]. Goodreads. Perry Carpenter, 2024. FAIK: A Practical Guide to Living in a World of Deepfakes, Disinformation, and AI-Generated Deceptions [Book]. Goodreads. Perry Carpenter, 2021. Meatloaf Recipes Cookbook: Easy Recipes For Preparing Tasty Meals For Weight Loss And Healthy Lifestyle All Year Round [Book]. Goodreads. Perry Carpenter, n.d. 8th Layer Insights [Podcast]. N2K CyberWire. Renee DiResta, 2024. Invisible Rulers: The People Who Turn Lies into Reality [Book]. Goodreads. Robin Stern, Marc Brackett, 2024. 5 Ways to Recognize and Avoid Political Gaslighting [Explainer]. The Washington Post. Sarah Ellison, Amy Gardner, Clara Ence Morse, 2024. Elon Musk’s misleading election claims reach millions and alarm election officials [News]. The Washington Post. Scott Small, 2024. Election Cyber Interference Threats & Defenses: A Data-Driven Study [White Paper]. Tidal Cyber. Staff, n.d. Overview: Coalition for Content Provenance and Authenticity [Website]. C2PA. Staff, 2021. Foreign Threats to the 2020 US Federal Elections [Intelligence Community Assessment]. DNI. Staff, n.d. Project Origin [Website]. OriginProject. URL https://www.originproject.info/ Stuart A. Thompson, Tiffany Hsu, 2024. Left-Wing Misinformation Is Having a Moment [Analysis] The New York Times. Learn more about your ad choices. Visit megaphone.fm/adchoices

In preparation for the US 2024 Presidential Election, Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses recent international propaganda efforts in the form of nation state interference and influence operations as well as domestic campaigns designed to split the target country into opposing camps. Guests include Nina Jankowicz, Co-Founder and CEO of the The American Sunlight Project and Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber. Check out Part 1! Make sure to check out Election Propaganda Part 1: How Does Election Propaganda Work? In this episode, Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses personal defensive measures that every citizen can take—regardless of political philosophy—to resist the influence of propaganda. This foundational episode is essential for understanding how to navigate the complex landscape of election messaging. References: Scott Small, 2024. Election Cyber Interference Threats & Defenses: A Data-Driven Study [White Paper]. Tidal Cyber. Renee DiResta, 2024. Invisible Rulers: The People Who Turn Lies into Reality [Book]. Goodreads. Nina Jankowicz, 2020. How to Lose the Information War: Russia, Fake News and the Future of Conflict [Book]. Goodreads. Learn more about your ad choices. Visit megaphone.fm/adchoices

Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses personal defensive measures that an average citizen, regardless of political philosophy, can take in order to not succumb to propaganda. References: David Ehl, 2024. Why Meta is now banning Russian propaganda [News]. Deutsche Welle. Jeff Berman, Renée DiResta, 2023. Disinformation & How To Combat It [Interview]. Youtube. Niha Masih, 2024. Meta bans Russian state media outlet RT for acts of ‘foreign interference’ [News]. The Washington Post. Quentin Hardy, Renée DiResta, 2024. The Invisible Rulers Turning Lies Into Reality [Interview]. YouTube. Rob Tracinski, Renée DiResta, 2024.  The Internet Rumor Mill [Interview]. YouTube. Robin Stern, Marc Brackett, 2024. 5 Ways to Recognize and Avoid Political Gaslighting [Explainer]. The Washington Post. Sarah Ellison, Amy Gardner, Clara Ence Morse, 2024. Elon Musk’s misleading election claims reach millions and alarm election officials [News]. The Washington Post. Scott Small, 2024. Election Cyber Interference Threats & Defenses: A Data-Driven Study [White Paper]. Tidal Cyber. Staff, 2021. Foreign Threats to the 2020 US Federal Elections [Intelligence Community Assessment]. DNI. Staff, 2024. Election Cyber Interference Threats & Defenses: A Data-Driven Study [White Paper]. Tidal. Stuart A. Thompson, Tiffany Hsu, 2024. Left-Wing Misinformation Is Having a Moment [Analysis. The New York Times. Stuart A. Thompson, 2024. Elon Musk’s Week on X: Deepfakes, Falsehoods and Lots of Memes [News]. The New York Times. Will Oremus, 2024. Zuckerberg expresses regrets over covid misinformation crackdown [News]. The Washington Post. Yascha Mounk, Renée DiResta, 2022. How (Not) to Fix Social Media [Interview]. YouTube. Renee DiResta, 2024. Invisible Rulers: The People Who Turn Lies into Reality [Book]. Goodreads. Nina Jankowicz, 2020. How to Lose the Information War: Russia, Fake News and the Future of Conflict [Book]. Goodreads. Learn more about your ad choices. Visit megaphone.fm/adchoices

Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, turns over hosting responsibilities to Errol Weiss, the Chief Security Officer (CSO) of the HEALTH-ISAC and one of the original contributors to the N2K CyberWire Hash Table. He will make the business case for information sharing. References: White and Williams LLP, Staff Osborne Clarke LLP , 2018. Threat Information Sharing and GDPR [Legal Review]. FS-ISAC. Senator Richard Burr (R-NC), 2015. S.754 - 114th Congress (2015-2016): To improve cybersecurity in the United States through enhanced sharing of information about cybersecurity threats, and for other purposes [Law]. Library of Congress. Staff, n.d. National Council of ISACs [Website]. NCI. Staff, 2020. Guidance to Assist Non-Federal Entities to Share Cyber Threat Indicators and Defensive Measures with Federal Entities under the Cybersecurity Information Sharing Act of 2015 [Guidance]. CISA. Staff, 2023. Information Sharing Best Practices [White paper]. Health-ISAC. Learn more about your ad choices. Visit megaphone.fm/adchoices

Cisco patches critical vulnerabilities in its Unified Contact Center Express (UCCX) software. CISA lays off 54 employees despite a federal court order halting workforce reductions. Gootloader malware returns. A South Korean telecom is accused of concealing a major malware breach. Russia’s Sandworm launches multiple wiper attacks against Ukraine. China hands out death sentences to scam compound kingpins. My guest is Dr. Sasha O'Connell, Senior Director for Cybersecurity Programs at Aspen Digital. Meta’s moral compass points to profit. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Dr. Sasha O'Connell, Senior Director for Cybersecurity Programs at Aspen Digital, joins us to preview her Caveat podcast interview about "10 Years of Cybersecurity Progress & What Comes Next." Listen to Sasha and Dave’s full conversation on this week’s Caveat episode.  Selected Reading Critical Cisco UCCX flaw lets attackers run commands as root (Bleeping Computer) CISA plans to fire 54 employees despite court injunction (Metacurity) CISA reports active exploitation of critical vulnerability in CentOS Web Panel (Beyond Machines) Gootloader malware is back with new tricks after 7-month break (Bleeping Computer) KT accused of concealing major malware infection, faces probe over customer data breach (The Korea Times) Sandworm hackers use data wipers to disrupt Ukraine's grain sector (Bleeping Computer) ⁠China sentences 5 Myanmar scam kingpins to death ⁠(The Record) ⁠“Hackers” rig elections to IAN executive committee⁠ (Mumbai News) Meta is earning a fortune on a deluge of fraudulent ads, documents show (Reuters) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.   Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Operation “Chargeback” takes down global fraud networks. An investigation reveals the dangers of ADINT. M&S profits plunge after a cyberattack. Google patches a critical Android flaw. Asian prosecutors seize millions from an accused Cambodian scam kingpin. Ohio residents are still guessing water bills months after a cyberattack. Houston firefighters deny blame in city data breach. Nikkei reports a slack breach exposing 17,000 records.The Google–Wiz deal clears DOJ review. Ann Johnson welcomes her Microsoft colleague Frank X. Shaw⁠ to Afternoon Cyber Tea. Norway parks its Chinese Bus in a cave, just in case.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Afternoon Cyber Tea On this month's segment from Afternoon Cyber Tea, host Ann Johnson welcomes Frank X. Shaw⁠, Chief Communications Officer at Microsoft, to explore the critical role of communication in cybersecurity. They discuss how transparency and trust shape effective response to cyber incidents, the importance of breaking down silos across teams, and how AI is transforming communication strategies. You can listen to Ann and Frank's full conversation here, and catch new episodes of Afternoon Cyber Tea every other Tuesday on your favorite podcast app. Selected Reading Operation Chargeback: 4.3 million cardholders affected, EUR 300 million in damages - Three criminal networks suspected of misusing credit card data from cardholders across 193 countries; 18 suspects arrested (Europol) Databroker Files: Targeting the EU (Netzpolitik) M&S profits almost wiped out after cyber hack left shelves empty (BBC News) Google releases November 2025 Android patch, fixes critical zero-click flaw (Beyond Machines) Prosecutors seize yachts, luxury cars from man accused of running Cambodia cyberscams (NPR) Cyberattack that crippled Middletown's systems shows how hackers target smaller cities (Cincinnati.com) Houston data breach exposes firefighters’ personal info, union says they’re being blamed (Click2Houston) Japanese publishing company Nikkei suffers Slack compromise exposing data of over 17,000 people (Beyond Machines) Google Clears DOJ Antitrust Hurdle for $32 Billion Wiz Deal (Bloomberg) Dybt i et norsk fjeld blev en kinesisk bybus splittet ad. En status på vores frygt (Zetland) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

China-Linked hackers target Cisco firewalls. MIT Sloan withdraws controversial “AI-Driven Ransomware” paper. A new study questions the value of cybersecurity training. Hackers exploit OpenAI’s API as a malware command channel. Apple patches over 100 Security flaws across devices. A Florida-based operator of mental health and addiction treatment centers exposes sensitive patient information. OPM plans a “mass deferment” for Cybercorps scholars affected by the government shutdown. Lawmakers urge the FTC to investigate Flock Safety’s cybersecurity gaps. Cybercriminals team with organized crime for high-tech cargo thefts. Ben Yelin from University of Maryland Center for Cyber Health and Hazard Strategies discussing ICE’s controversial facial scanning initiative. A priceless theft meets a worthless password.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest We are joined by Ben Yelin from University of Maryland Center for Cyber Health and Hazard Strategies discussing ICE’s controversial facial scanning initiative. You can read more about Ben’s topic from 404 Media: You Can't Refuse To Be Scanned by ICE's Facial Recognition App, DHS Document Says. Selected Reading China-Linked Hackers Target Cisco Firewalls in Global Campaign (Hackread) MIT Sloan shelves paper about AI-driven ransomware (The Register) CyberSlop — meet the new threat actor, MIT and Safe Security (DoublePulsar) Study concludes cybersecurity training doesn’t work (KPBS Public Media) Microsoft: OpenAI API moonlights as malware HQ (The Register) Apple Patches 19 WebKit Vulnerabilities (SecurityWeek) Data Theft Hits Behavioral Health Network in 3 States (Bank Infosecurity) OPM plans to give CyberCorps members more time to find jobs after shutdown ends (CyberScoop) Lawmakers ask FTC to probe Flock Safety’s cybersecurity practices (The Record) Cybercriminals, OCGs team up on lucrative cargo thefts (The Register) Louvre Robbery: Security Flaws: The (Obviously) Password Was "Louvre" (L’Unione Sarda) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The FCC plans to roll back cybersecurity mandates that followed Salt Typhoon. The alleged cybercriminal MrICQ has been extradited to the U.S. Ransomware negotiators are accused of conducting ransomware attacks. Ernst & Young accidentally exposed a 4-terabyte SQL Server backup. A hacker claims responsibility for last week’s University of Pennsylvania breach. The UK chronicles cyberattacks on Britain’s drinking water suppliers. Monday business brief. Our guest is Caleb Tolin, host of Rubrik's Data Security Decoded podcast. Hackers massage the truth.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Caleb Tolin, host of Rubrik's Data Security Decoded podcast, as he is introducing himself and his show joining the N2K CyberWire network. You can catch new episodes of Data Security Decoded the first and third Tuesdays of each month on your favorite podcast app. Selected Reading FCC plans vote to remove cyber regulations installed after theft of Trump info from telecoms (The Record) Alleged Jabber Zeus Coder ‘MrICQ’ in U.S. Custody (Krebs on Security) Chicago firm that resolves ransomware attacks had rogue workers carrying out their own hacks, FBI says (Chicago Sun Times) Ernst & Young cloud misconfiguration leaks 4TB SQL Server backup on Microsoft Azure (Beyond Machines) Penn hacker claims to have stolen 1.2 million donor records in data breach (Bleeping Computer) Hackers are attacking Britain’s drinking water suppliers (The Record) JumpCloud acquires Breez. Chainguard secures $280 million in growth financing. Sublime Security closes $150 million Series C round. (N2K Pro) Hackers steal data, extort $350,000 from massage parlor clients (Korea JoongAng Daily) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA says cooperation between federal agencies and the private sector remains steady. Long-standing Linux kernel vulnerability in active ransomware campaigns confirmed. A Chinese-linked group targets diplomatic organizations in Hungary, Belgium, and other European nations. A government contractor breach exposes data of over 10 million Americans. Luxury fashion brands fall victim to impersonation scams. Phishing shifts from email to LinkedIn. Advocacy groups urge the FTC to block Meta from using chatbot interactions to target ads. A man pleads guilty to selling zero-days to the Russians. Emily Austin, Principal Security Researcher at Censys, discusses why nation state attackers continue targeting critical infrastructure. When M&S went offline, shoppers hit ‘Next’. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Emily Austin, Principal Security Researcher at Censys, as she discusses why nation state attackers continue targeting critical infrastructure. Selected Reading Cyber info sharing ‘holding steady’ despite lapse in CISA 2015, official says (The Record) CISA: High-severity Linux flaw now exploited by ransomware gangs (Bleeping Computer) CISA and NSA share tips on securing Microsoft Exchange servers (Bleeping Computer) UNC6384 Weaponizes ZDI-CAN-25373 Vulnerability to Deploy PlugX Against Hungarian and Belgian Diplomatic Entities (Arctic Wolf) More than 10 million impacted by breach of government contractor Conduent (The Record) Luxury Fashion Brands Face New Wave of Threats in Lead-up to 2025 Holiday Shopping Season (BforeAI) LinkedIn phishing targets finance execs with fake board invites (Bleeping Computer) Coalition calls on FTC to block Meta from using chatbot interactions to target ads, personalize content (The Record) Ex-L3Harris exec pleads guilty to selling zero-day exploits to Russian broker (CyberScoop) Business rival credits cyberattack on M&S for boosting profits (The Record) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

A Texas telecom confirms a nation-state attack. A global outage disrupts Azure and Microsoft 365 services.  Malicious npm packages steal sensitive data from Windows, Linux, and macOS systems.  Hacktivists have breached multiple critical infrastructure systems across Canada. Major chipmakers spill the TEE. TP-Link home routers fall under federal scrutiny. Cloud Atlas targets Russia’s agricultural sector. Israel’s cloud computing deal with Google and Amazon allegedly includes a secret “winking mechanism.”The FCC tamps down on overseas robocalls. Mike Anderson, from Netskope, discusses why CIOs should think like HR leaders when considering Agentic AI. Danes Draw the line at digital doppelgängers.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Mike Anderson, Netskope’s Chief Digital and Information Officer, to discuss why CIOs must think like HR leaders when considering Agentic AI. Selected Reading US company with access to biggest telecom firms uncovers breach by nation-state hackers (Reuters) Huge Microsoft outage hit 365, Xbox, and beyond — deployment of fix for Azure breakdown rolled out (Tom's Hardware) Malicious NPM packages fetch infostealer for Windows, Linux, macOS (Bleeping Computer) Canada says hacktivists breached water and energy facilities (Bleeping Computer) New physical attacks are quickly diluting secure enclave defenses from Nvidia, AMD, and Intel (Ars Technica) U.S. agencies back banning top-selling home routers on security grounds (The Washington Post) Cloud Atlas hackers target Russian agriculture sector ahead of industry forum (The Record) Revealed: Israel demanded Google and Amazon use secret ‘wink’ to sidestep legal orders (The Guardian) FCC adopts new rule targeting robocalls (The Record) Denmark to tackle deepfakes by giving people copyright to their own features (The Guardian) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Explosions rock a shuttered Myanmar cybercrime hub. The Aisuru botnet shifts from DDoS to residential proxies. Dentsu confirms data theft at Merkle. Boston bans biometrics. Proton restores journalists’ email accounts after backlash. Memento labs admits Dante spyware is theirs. Australia accuses Microsoft of improperly forcing users into AI upgrades. CISA warns of active exploitation targeting manufacturing management software. A covert cyberattack during Trump’s first term disabled Venezuela’s intelligence network. Our guest is Ben Seri, Co-Founder and CTO of Zafran, discussing the trend of AI native attacks. New glasses deliver fashionable paranoia. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today’s guest is Ben Seri, Co-Founder and CTO of Zafran, discussing the trend of AI native attacks and how defenders should use AI to defend and remediate. Selected Reading Stragglers from Myanmar scam center raided by army cross into Thailand as buildings are blown up (AP News) Aisuru Botnet Shifts from DDoS to Residential Proxies (Krebs on Security) Advertising giant Dentsu reports data breach at subsidiary Merkle (Bleeping Computer) Boston Police Can No Longer Use Facial Recognition Software (Built in Boston) Proton Mail Suspended Journalist Accounts at Request of Cybersecurity Agency (The Intercept) CEO of spyware maker Memento Labs confirms one of its government customers was caught using its malware (TechCrunch) Australia sues Microsoft for forcing Copilot AI onto Office 365 customers (Pivot to AI) CISA warns of actively exploited flaws in Dassault DELMIA Apriso manufacturing software (Beyond Machines) CIA cyberattacks targeting the Maduro regime didn’t satisfy Trump in his first term. Now the US is flexing its military might (CNN Politics) Zenni’s Anti-Facial Recognition Glasses are Eyewear for Our Paranoid Age (404 Media) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

WSUS attacks escalate as emergency patch fails to fully contain exploited flaw. Schneider Electric and Emerson are listed among victims in the Oracle EBS cyberattack. Google debunks reports of a massive GMail breach. A new banking trojan mimics human behavior for stealth. Sweden’s power grid operator confirms a cyberattack. Italian spyware targets Russian and Belarusian organizations. The U.S. declines to sign the new UN cyber treaty. Ransomware payments fall to record lows. U.S. Cyber Chief calls for a “clean American tech stack” to counter China's global surveillance push. On today's Threat Vector segment, David Moulton⁠ speaks with two cybersecurity leaders from Palo Alto Networks:⁠ Sarit Tager⁠ and⁠ Krithivasan Mecheri⁠. AI mistakes Doritos for a deadly weapon.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector On today's Threat Vector segment, David Moulton⁠ speaks with two cybersecurity leaders from Palo Alto Networks:⁠ Sarit Tager⁠ and⁠ Krithivasan Mecheri⁠ (Krithi). Together, they dive into the urgent challenges of securing modern development in the age of AI and "Shifting Security Left". You can listen to their full conversation here, and catch new episodes every Thursday on your favorite podcast app.  Selected Reading Microsoft WSUS attacks hit 'multiple' orgs, Google warns (The Register) Industrial Giants Schneider Electric and Emerson Named as Victims of Oracle Hack (SecurityWeek) Google says talk of Gmail breach impacting millions not true (The Register) 'Herodotus' Android Trojan Mimics Human Sluggishness (Gov Infosecurity) Hackers Target Swedish Power Grid Operator  (SecurityWeek) Italian-made spyware spotted in breaches of Russian, Belarusian systems  (The Record) US declines to join more than 70 countries in signing UN cybercrime treaty (The Record) Ransomware profits drop as victims stop paying hackers (Bleeping Computer) National cyber director says U.S. needs to counter Chinese surveillance, push American tech (CyberScoop) Armed police handcuff teen after AI mistakes crisp packet for gun in US (BBC News) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The UN launches the world’s first global treaty to combat cybercrime. A House Democrats’ job portal left security clearance data exposed online. A new data leak exposes 183 million email addresses and passwords. Threat actors target Discord users with an open-source red-team toolkit. A new campaign targets unpatched WordPress plugins. The City of Gloversville, New York, suffers a ransomware attack. Jen Easterly hopes AI could eliminate the buggy software that fuels cybercrime. A Connecticut health system agrees to an $18 million settlement following a ransomware attack. Monday business brief. Tim Starks from CyberScoop is discussing concerns over budget cuts and visibility. Meta’s privacy safeguard goes dark. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Tim Starks from CyberScoop who is discussing concerns over budget cuts and visibility. You can read the articles Tim references here:  US ‘slipping’ on cybersecurity, annual Cyberspace Solarium Commission report concludes (CyberScoop) F5 vulnerability highlights weak points in DHS’s CDM program (CyberScoop) Selected Reading⁠ UN Cybercrime Treaty wins dozens of signatories (The Register) Hundreds of People With ‘Top Secret’ Clearance Exposed by House Democrats’ Website (WIRED) Gmail passwords confirmed in 183 million account data breach (Tribune Online) Hackers steal Discord accounts with RedTiger-based infostealer (Bleeping Computer) Year-Old WordPress Plugin Flaws Exploited to Hack Websites (SecurityWeek) Gloversville hit by ransomware attack (WNYT.com NewsChannel 13) Ex-CISA chief says AI could mean the end of cybersecurity (The Register) Yale New Haven Health Will Pay $18M to Settle Hack Lawsuit (GovInfo Security) Veeam to acquire Securiti AI for $1.7 billion. (N2K Pro) A $60 Mod to Meta’s Ray-Bans Disables Its Privacy-Protecting Recording Light (404 Media) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

A former defense contractor is charged with attempting to sell trade secrets to Russia. Researchers uncover critical vulnerabilities in TP-Link routers. Microsoft patches a critical Windows Server Update Service flaw. CISA issues eight new ICS advisories. “Shadow Escape” targets LLMs database connections. Halloween-themed scams spike. Our guest is Chris Inglis, first National Cyber Director, speaking on cybercrime and the upcoming documentary on cyber war, "Midnight in the War Room". WhatsApp’s missing million-dollar exploit.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Chris Inglis, first National Cyber Director, speaking on cybercrime and the upcoming documentary on cyber war, "Midnight in the War Room" presented by Semperis. Learn more and check out the trailer. Selected Reading Hacking Lab Boss Charged with Seeking to Sell Secrets (Bloomberg) Dark Covenant 3.0: Controlled Impunity and Russia’s Cybercriminals (Recorded Future) New TP-Link Router Vulnerabilities: A Primer on Rooting Routers (Forescout) Windows Server emergency patches fix WSUS bug with PoC exploit (Bleeping Computer) CISA Releases Eight Industrial Control Systems Advisories (CISA) Cyberattack on Russia’s food safety agency reportedly disrupts product shipments (The Record) Shadow Escape 0-Click Attack in AI Assistants Puts Trillions of Records at Risk (Hackread) Trick or Treat: Bitdefender Labs Uncovers Halloween Scams Flooding Inboxes and Feeds (Bitdefender) Pwn2Own WhatsApp Hacker Says Exploit Privately Disclosed to Meta (SecurityWeek) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices