The Cyberwire - Your Cyber Security News Connection.

RSAC wraps. CISA warns shutdown furloughs are weakening cyber defenses. China-linked actors burrow into global telecom infrastructure. Iran’s Pay2Key resurfaces. India probes suspected Pakistan-linked CCTV spying. Florida suspends a firm over offshore medical data exposure. Cisco patches fresh flaws. Russian police arrest the alleged LeakBase operator. Intern Kevin files his latest man-on-the street report. Google gets grabby with your homepage.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest aka Intern Kevin Intern Kevin is back from the floor at RSAC 2026. By day, he’s Global Director of Cybersecurity Startups at Microsoft for Startups, but this week, Kevin Magee is trolling the floor at RSAC to get the pulse of what is really happening in and around the Moscone Center. Kevin chats with Ann Johnson, Co

The UK’s cyber security chief urges a “full court press” against threats. RSAC highlights. The U.S. State Department has launched a Bureau of Emerging Threats. The TeamPCP cybercriminal group targets an open source library. TP-Link patches multiple router vulnerabilities. A critical vulnerability hits Windchill and FlexPLM platforms. A phishing campaign impersonates Palo Alto Networks recruiters. Malicious Chrome extensions are harvesting users’ conversations with AI tools. Intern Kevin files his latest report from the RSAC show floor. Your “private” zoom call may already have a podcast deal.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest aka Intern Kevin Intern Kevin joins us from the floor at RSAC 2026. By day, he’s Global Director of Cybersecurity Startups at Microsoft for Startups, but this week, Ke

RSAC spotlights public-private partnership gaps. DarkSword leaks to GitHub. The FCC blocks new foreign-made routers. Citrix patches a critical NetScaler flaw. DOE rolls out an energy-sector cyber strategy. CanisterWorm spreads through npm. Researchers flag suspected KACE SMA exploitation. QualDerm reports a 3.1-million-record breach. A Russian access broker gets 81 months. Intern Kevin checks in from RSAC. Maria Varmazis speaks with Jake Braun, longtime DEF CON organizer and former White House official about the DEF CON 33 Hackers' Almanack. Slow down, you vibe too fast.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Maria Varmazis speaks with today’s guest Jake Braun, longtime DEF CON organizer, former White House official, and lead on DEF CON Franklin, about the DEF CON 33 Hackers' Almanack. You can

Despite being adopted and prioritized by many organizations, cybersecurity still faces a significant challenge where leaders still cannot articulate their needs, and find and develop talent. Rather, organizations oftentimes follow the same strategy many others are utilizing, which involves poaching talent with enticing salaries. In this episode of CISO Perspectives, host ⁠Kim Jones⁠ sits down with Ed Vasko, the CEO at High Wire Networks, to discuss this approach and the impacts it is having on the cyber talent ecosystem. Throughout the conversation, Ed and Kim discuss their experience when assessing talent and some of the mistakes made by the industry, and what can be done to begin correcting this approach. Want more CISO Perspectives? Check out a companion ⁠⁠blog post⁠⁠ by our very own Ethan Cook, where he breaks down key insights, shares behind-the-scenes context, and highlights research that complements this episode. It’s the perfect follow-up if you’re curious about the cyber talent crunch and how we c

The White House rolls out its AI legislative framework. The FBI warns Iranian actors are using Telegram for command and control, while Russian operators phish Signal users. Authorities dismantle a massive fake CSAM network, Tycoon 2FA rebounds after disruption, VoidStealer debuts a stealthy Chrome key-theft trick, QNAP patches Pwn2Own flaws, and CISA orders urgent fixes for a critical Cisco firewall bug. Plus, our Monday business breakdown. Brandon Karpf and Maria Varmazis ponder the practicality of orbital data centers. One radio to rule the range.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, N2K CyberWire’s Dave BIttner and Maria Varmazis are joined by Brandon Karpf to discuss the practicality of orbital data centers. Selected Reading President Donald J. Trump Unveils National AI Legislat

Please enjoy this encore of Career Notes. Roya Gordon, a Security Research Evangelist at ICS cybersecurity firm Nozomi Networks, started her career as an intelligence specialist in the U.S. Navy. After her time serving, Roya spent time as a Control Systems Cybersecurity Analyst at the Idaho National Laboratory and then took the role of Cyber Threat Intelligence Manager at Accenture. She shares her story after the NSA accepted her and then quickly diverted, creating a new path for Roya to follow. She shares the jobs she went after along the way, leading up to Nozomi Networks and how she wishes to be a trailblazer for young black women everywhere. She hopes to shape young women's minds on what the cybersecurity industry is actually like, in hopes that she can be a figure people look up to. We thank Roya for sharing her story. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this special edition of CyberWire Daily’s 10th anniversary series, Maria Varmazis hosts a thoughtful and engaging conversation with N2K CyberWire CEO Peter Kilpe and CyberWire Daily host Dave Bittner, exploring the origin story of the podcast that started it all. From early ambitions to behind-the-scenes turning points, they trace how the show found its voice and evolved from a startup experiment into a trusted cornerstone of the cybersecurity community. Along the way, they share candid anecdotes, hard-earned lessons, and reflections on how both the industry and CyberWire Daily have transformed over the past decade. Learn more about your ad choices. Visit megaphone.fm/adchoices

Yuval Avrahami from Wiz joins to share their work on "CodeBreach: Infiltrating the AWS Console Supply Chain and Hijacking AWS GitHub Repositories via CodeBuild." Wiz Research uncovered “CodeBreach,” a critical supply chain vulnerability caused by a subtle misconfiguration in AWS CodeBuild pipelines that allowed attackers to take over key GitHub repositories, including the widely used AWS JavaScript SDK that powers the AWS Console. By exploiting an unanchored regex filter, unauthenticated attackers could trigger privileged builds, steal credentials, and potentially inject malicious code into software used across a majority of cloud environments. AWS has since remediated the issue and introduced stronger safeguards, but the incident highlights a growing trend of attackers targeting CI/CD pipelines where small misconfigurations can lead to massive downstream impact. The research can be found here: CodeBreach: Infiltrating the AWS Console Supply Chain and Hijacking AWS GitHub Repositories via CodeBuild

Feds take down major IoT botnets. The FBI seizes hacktivist infrastructure. A data breach hits Kaplan, while a hacker claims access to millions of law enforcement tips. Fake Zoom calls deliver malware. A crypto “security” tool turns out to be spyware. A critical AI framework flaw gets exploited in hours. An insider extortion case ends in conviction. And a streaming scam pulls in over $10 million. A look back at ten years of Cyberwire podcasts. Intern Kevin gets ready for RSAC. A cyberattack leaves breathalyzers offline.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Celebrating CyberWire Daily Maria Varmazis leads a conversation with Peter Kilpe and Dave Bittner reflecting on the origins of the CyberWire Daily podcast as part of the 10th anniversary series, sharing behind-the-scenes insights and how it all got started.

Even as cybersecurity has grown and become universially accepted, the field has continued to struggle when attempting to assess and aquire talent. Oftentimes, there is a disconnect between what organizations need and what they interview for leading vague job postings and ineffective hirings. In this episode of CISO Perspectives, host ⁠Kim Jones⁠ sits down with Jeff Welgan, the Chief Strategist and CEO at SkillRex, to discuss how we assess talent. Throughout the conversation, Jeff and Kim will discuss the problems associated with traditional workforce management and how modernizing this approach can provide a strategic advantage. Want more CISO Perspectives? Check out a companion ⁠⁠blog post⁠⁠ by our very own Ethan Cook, where he breaks down key insights, shares behind-the-scenes context, and highlights research that complements this episode. It’s the perfect follow-up if you’re curious about the cyber talent crunch and how we can reshape the ecosystem for future professionals. Learn more about your ad choi

DarkSword targets iPhones for indiscriminate exploitation. Cybercrime and the Iran war. The FBI confirms purchasing commercially available location data. The DHS secretary nominee gets grilled on CISA funding. A Zimbra Collaboration Suite vulnerability is being used in targeted espionage. A new Android malware targets sensitive data stored in user notes. AWS warns of ongoing Interlock ransomware activity. Tracking pixels grab more than they should. Perry Carpenter and Mason Amadeus from The FAIK Files podcast speak with Hany Farid about the real-world harms of synthetic media. Do Boomers balance breaches better?  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Perry Carpenter and Mason Amadeus, hosts of The FAIK Files podcast, speaking with Hany Farid about the real-world harms of s

Iran’s cyber ops stay resilient. U.S. lawmakers press Big Tech on EU rules. Researchers expose a Fancy Bear server. Japan moves toward offensive cyber. CISA calls for cross-agency teamwork. New malware targets network infrastructure. AI fooled by font-based attacks. Schneider Electric warns of critical flaws. Quantum cryptography earns top honors. Guest Bradon Rogers, Chief Customer Officer at Island, discusses making AI browsers safe for enterprises. Smart glasses on the witness stand. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, guest Bradon Rogers, Chief Customer Officer at Island, discusses making AI browsers safe for enterprises. You can dig into the details of what Bradon discussed in Gartner’s “Cybersecurity Must Block AI Browsers for Now.” You can hear the full i

The EU imposes sanctions after cyberattacks. DHS boosts surveillance spending. AI firms recruit weapons-risk experts. Stryker disruption, no patient impact. LeakNet leans on ClickFix. Sears chatbot data spills. A Chinese security firm leaks a private key. Tech giants team up on scams. Teens sue xAI over alleged AI-generated abuse. On today’s Threat Vector segment, David Moulton and guest Erica L. Shoemate, founder of The EN Strategy Group, explore how AI is fundamentally reshaping the security landscape. Cyber crooks cause a complimentary curbside convenience.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector What if the choices we make about AI security today determine who holds power tomorrow? On this Threat Vector segment, David Moulton and guest Erica L. Shoemate, founder of The EN Strategy Group, explor

In this mid-season episode, Kim takes a step back to reflect on the journey so far—revisiting key conversations, standout moments, and recurring themes that have shaped the season. During the episode, Kim sits down with N2K's own Ethan Cook to connect the dots across episodes, uncovering deeper patterns and takeaways. Whether you're catching up or tuning in weekly, this episode offers a thoughtful recap and fresh perspective on where we've been—and what's still to come. Learn more about your ad choices. Visit megaphone.fm/adchoices

Drone strikes hit a key chip supply chain. China-linked hackers target Southeast Asian militaries. Attackers race ahead with AI. ShinyHunters claim a massive Telus breach. Microsoft issues a hotpatch. Malware turns up on Steam. Fileless attacks grow. Airline miles become cybercrime currency. Monday business breakdown. Tim Starks from CyberScoop unpacks the Stryker attack and the nebulous nature of Iranian cyber activity. AI playmates puzzle preschoolers.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Tim Starks from CyberScoop discussing how the Stryker attack highlights the nebulous nature of Iranian cyber activity amid joint U.S.-Israel conflict. You can read more in Tim’s article here.  Selected Reading Drone strikes halt a third of the world's helium supply, threatening chip productio

Please enjoy this encore of Career Notes. Christian Lees, CTO at Resecurity, shares his story and insight on coming into the cybersecurity world. He considers himself a late bloomer because he did not go to college until he was 23. He wasn’t sure of what he wanted to do, and a family friend gave him a computer and the rest was history, he says. He fell in love with computers and started working at different companies trying to get ahead. He says it's not always textbook, and sometimes you just need to cut your teeth on something to get where you're going. Throughout his journey, he was constantly questioning whether he made the right decision, and in the end he says you have to be willing to "define friction points in it, you may join security field, not knowing what you're gonna do, but by being that curious person and breaking things and putting it back together, you'll find the right way and just never stop being curious." We thank Christian for sharing his story. Learn more about your ad choices. Visit

This week, we are joined by Or Eshed, Co-Founder and CEO from LayerX Security, discussing their work on "How We Discovered A Campaign of 16 Malicious Extensions Built to Steal ChatGPT Accounts." Researchers uncovered a coordinated campaign of 16 malicious browser extensions posing as ChatGPT productivity tools while secretly stealing user accounts. The extensions intercept ChatGPT session authentication tokens and send them to attacker-controlled servers, allowing threat actors to impersonate users and access their conversations, files, and connected services like Google Drive or Slack. The findings highlight how AI-focused browser extensions are creating a new attack surface, emphasizing the need for organizations to closely monitor and restrict third-party AI tools. The research can be found here: ⁠⁠⁠How We Discovered A Campaign of 16 Malicious Extensions Built to Steal ChatGPT Accounts Learn more about your ad choices. Visit megaphone.fm/adchoices

Europol dismantles the SocksEscort proxy service. Cyber operations highlight imbalance in the war in Iran. Google rushes Chrome zero-day patches. Veeam fixes critical backup flaws. A former incident responder faces ransomware charges. Thomson Reuters staff push back on an ICE contract. Attackers abuse backup tools for data theft. CISA flags a critical n8n vulnerability. Maria Varmazis is joined by Jack R. Bialik, engineer and author, to discuss the hidden risks of a fully-digital society, and talk about his book "In Lost in Time: Our Forgotten and Vanishing Knowledge." A Phony photo fuels a phantom flight fiasco. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest N2K CyberWire’s Maria Varmazis is joined by Jack R. Bialik, engineer and author, to discuss the hidden risks of a fully-digital society, and talk a

Show Notes: As cybersecurity has matured, the field has become more formalized within businesses with CISOs leading the way. However, despite the value of the CISO and its widespread adoption, the role has continued to lose agency with other board members. In this episode of CISO Perspectives, host ⁠Kim Jones⁠ sits down with Patty Ryan, the CISO at QuidelOrtho, to assess the value of the role. Throughout the conversation, Patty and Kim will discuss the challenges facing CISOs, why the role has lost its agency, and what can be done to reverse the current trajectory. Want more CISO Perspectives?: Check out a companion ⁠⁠blog post⁠⁠ by our very own Ethan Cook, where he breaks down key insights, shares behind-the-scenes context, and highlights research that complements this episode. It’s the perfect follow-up if you’re curious about the cyber talent crunch and how we can reshape the ecosystem for future professionals. Learn more about your ad choices. Visit megaphone.fm/adchoices

Iran threatens tech firms as hackers strike Stryker. The EU advances efforts toward digital sovereignty. A foreign hacker stumbles upon the FBI’s Epstein files. DOGE used ChatGPT to cull humanities grants. Meta claims increased efforts against scams. A Wisconsin ambulance provider discloses a data breach. CISA shortens the patch deadline for a critical SolarWinds vulnerability. We preview this year’s RSAC 2026 Innovation Sandbox with Cecilia Marinier and Paul Kocher. Dangerous digital diets miss the mark.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, we share a RSAC 2026 Conference innovation preview with Cecilia Marinier and Innovation Sandbox judge Paul Kocher talking about this year's Top 10 Finalists. Selected Reading Iran-linked hackers claim responsibility for