The Cyberwire - Your Cyber Security News Connection.

European authorities take down an illegal cryptomixer. An Australian man is sentenced for running an airport evil twin WiFi campaign. Researchers unmask a Scattered LAPSUS$ Hunters impresario. CISA flags a cross-site scripting flaw in OpenPLC ScadaBR. A major South Korean retailer suffers a data breach affecting over 33 million customers. Threat actors abuse digital calendar subscription features. New York’s new hospital cybersecurity mandates may raise the bar nationwide. Scammers target Cyber Monday shoppers. Monday business brief. Ann Johnson speaks with Microsoft’s Amy Hogan-Burney on the Afternoon Cyber Tea segment. Google gets caught reheating someone else’s holiday recipe.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, ⁠Daily Briefing⁠, and you’ll never miss a beat. And be sure to follow CyberWire Daily on ⁠LinkedIn⁠. Afternoon Cyber Tea segment Afternoon Cyber Tea host Ann Johnson speaks with Amy Hogan-Bur

Please enjoy this encore of Career Notes. Operational technology cybersecurity strategist from Nozomi Networks, Danielle Jablanski shares her story of building a target map to end up where she is today. She shares how she started in college and how different paths in life got her to be on the target of success where she is today. She says " you build out that kind of target of where you want to be, and understand that getting to that point might mean doing things you don't enjoy for a number of years, but figuring that out is another way to get to that target without having like a clear bullseye" She goes on to explain how this target map is helping her to create real change and ultimately makes an impact. We thank Danielle for sharing her story. Learn more about your ad choices. Visit megaphone.fm/adchoices

Join us for a timely and insightful live discussion on the evolving role of artificial intelligence in governance, risk, and compliance. Host Dave Bittner from N2K | CyberWire is joined by Kayne McGladrey from Hyperproof, Matthew Cassidy, PMP, CISA from Grant Thornton (US), and Alam Ali from Hyperproof to explore the current state of artificial intelligence in governance, risk, and compliance. The panel will discuss what AI is truly doing well today, the risks and challenges organizations need to watch for, and how AI is poised to influence the future of GRC. They will also share practical insights and real-world guidance for teams looking to adopt AI responsibly and effectively. Don’t miss this timely conversation as our experts break down what’s real, what’s risky, and what’s next in AI for GRC. Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of Research Saturday. This week, we are joined by ⁠Michael Gorelik⁠, Chief Technology Officer from ⁠Morphisec⁠, discussing their work on "New Noodlophile Stealer Distributes Via Fake AI Video Generation Platforms." A new threat dubbed Noodlophile Stealer is exploiting the popularity of AI-powered content tools by posing as fake AI video generation platforms, luring users into uploading media in exchange for malware-laced downloads. Distributed through convincing Facebook groups and viral campaigns, the malware steals browser credentials, cryptocurrency wallets, and can deploy a remote access trojan like XWorm. The campaign uses a layered, obfuscated delivery chain disguised as legitimate video editing software, making it both deceptive and difficult to detect. The research can be found here: ⁠⁠⁠New Noodlophile Stealer Distributes Via Fake AI Video Generation Platforms Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of Only Malware in the Building. Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is ⁠⁠⁠⁠⁠Selena Larson⁠⁠⁠⁠⁠, ⁠⁠⁠⁠⁠Proofpoint⁠⁠⁠⁠⁠ intelligence analyst and host of their podcast ⁠⁠⁠⁠⁠DISCARDED⁠⁠⁠⁠⁠. Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by her co-hosts ⁠⁠⁠⁠⁠N2K Networks⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠ and ⁠⁠⁠⁠Keith Mularski⁠⁠⁠⁠, former FBI cybercrime investigator and now Chief Global Ambassador at ⁠⁠⁠⁠Qintel⁠⁠⁠⁠. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we explore what makes information sharing actually work. From public-private partnerships to actionable intelligence, our guests discuss how organizations can prioritize, process, and operationalize shared cyber threat data to stay ahead of emerg

We dive into a nostalgic yet revealing journey through classic hacker films, from WarGames to The Net and beyond, to assess what they got right, what they wildly imagined, and what those stories say about culture, fears, and cyber reality today. David Moulton, Senior Director of Thought Leadership for Unit 42  talks with Ben Hasskamp, Global Content Leader at Palo Alto Networks, who has been writing deeply on this intersection of media, tech, and risk. Together, we’ll examine how cinematic depictions of hacking have shaped public perception, influenced policy, and sometimes eerily foreshadowed modern cyber threats. Expect a blend of film critique, security insight, and cultural reflection. Join the conversation on our social media channels: Website:⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠https://www.paloaltonetworks.com/⁠⁠⁠⁠⁠⁠ Threat Research:⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠https://unit42.paloaltonetworks.com/⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Facebook:⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠https://www.facebook.com/LifeatPaloAltoNetworks/⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ LinkedIn:⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠https://www.linkedin

Please enjoy this encore of T-Minus Deep Space. BigBear.ai is at the forefront of innovation for national security, and is committed to supporting the critical infrastructure driving America’s competitive edge. The company deploys cutting-edge Al, machine learning, and computer vision solutions to defend critical operations and win with decision advantage. Our guests are ⁠Eric Conway,⁠ Vice President of Technology, and ⁠Joe Davis⁠, Cybersecurity Research Scientist  at ⁠Bigbear.ai.⁠  Remember to leave us a 5-star rating and review in your favorite podcast app. Be sure to follow T-Minus on ⁠LinkedIn⁠ and ⁠Instagram⁠. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our ⁠media kit⁠. Contact us at ⁠space@n2k.com⁠ to request more info. Want to join us for an interview? Please send your pitch to ⁠space-editor@n2k.com⁠ and include your name, affiliation, and topic proposal. T-Minus is a production of N2K Networks, your source for

Report sheds light on cyber activity targeting space-related organizations during the Gaza War. Russian threat actor targets US civil engineering firm. FBI says $262 million has been stolen in account takeover scams this year. HashJack attack tricks AI browser assistants. London councils disrupted by cyberattacks. Russia’s Gamaredon and North Korea’s Lazarus Group appear to be sharing infrastructure. Canon says subsidiary was breached by Oracle EBS flaw. Dave Bittner was joined by Cynthia Kaiser, SVP of the Ransomware Research Center at Halcyon, sharing a deep dive on Akira ransomware. And Campbell’s Soup CISO placed on leave following lawsuit. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Dave Bittner was joined by Cynthia Kaiser, SVP of the Ransomware Research Center at Halcyon, sharing a deep dive on

CISA warns of spyware targeting messaging apps. CodeRED, this is not a test. Infostealer campaign spreads via malicious Blender files. Shai-Hulud’s second coming. Real estate finance firm SitusAMC investigates breach. Dartmouth College discloses Oracle EBS breach. Dave Bittner is joined by Tim Starks, Senior reporter from CyberScoop, to discuss the Trump administration’s upcoming cyber strategy. And tis the season for deals — and digital deception. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Dave Bittner is joined by Tim Starks, Senior reporter from CyberScoop, to discuss the Trump administration’s upcoming cyber strategy. Read Tim’s piece on the topic “Completed draft of cyber strategy emphasizes imposing costs, industry partnership”. Selected Reading ​​Spyware Allows Cyber Threat Actors to Target

In this mid-season episode, Kim takes a step back to reflect on the conversations he has had so far. During the episode, Kim sits down with N2K's own Ethan Cook to connect the dots across episodes, diving into how new technologies are impacting longstanding challenges, both from a security standpoint and from an attacker's view. Whether you're catching up or tuning in weekly, this episode offers a thoughtful recap and fresh perspective on where we've been—and what's still to come. Learn more about your ad choices. Visit megaphone.fm/adchoices

CrowdStrike fires an insider who allegedly shared screenshots with hackers. Google agrees, it wasn’t Salesforce. Cox Enterprises confirms Oracle EBS breach. Alleged Transport for London hackers plead not guilty. Hackers exploit new WSUS bug to deploy ShadowPad backdoor. Iberia discloses breach of customer data. Harvard discloses voice-phishing breach exposing alumni and donor data. We have our Monday Business Briefing. Our guest today is Brandon Karpf, friend of the show discussing maritime GPS jamming and spoofing. And the launderers who wanted a bank for Christmas. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Brandon Karpf, friend of the show discussing maritime GPS jamming and spoofing. Selected Reading CrowdStrike fires 'suspicious insider' who passed information to hackers

The new Netflix movie A House of Dynamite, chronicles what happens when the unthinkable unfolds. How realistic is it? We ask the movie’s advisor and expert, Lieutenant General Daniel Karbler (Ret.). Remember to leave us a 5-star rating and review in your favorite podcast app. Be sure to follow T-Minus on LinkedIn and Instagram. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at space@n2k.com to request more info. Want to join us for an interview? Please send your pitch to space-editor@n2k.com and include your name, affiliation, and topic proposal. T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of Career Notes. Co-founder and CTO of Virsec, Satya Gupta shares his story of how he has over 25 years of expertise in embedded systems, network security and systems architecture. He also talks about how a colleague of his told him something that resinated with him, he said " that was really a remarkable statement that I heard from that person. You rise to the point where you can actually contribute." He also discusses how he got into the startup atmosphere and how different scenarios in his life helped to lead him to the successful man he has become in the cyber community. We thank Satya for sharing his story. Learn more about your ad choices. Visit megaphone.fm/adchoices

On this Special Edition podcast, we share a panel from DataTribe's Cyber Innovation Day 2025, "Cyber: The Wake of Tech Innovation." The podcast tech host panel included Dave Bittner, host of  CyberWire Daily podcast, Maria Varmazis, host of T-Minus Space Daily podcast, and Daniel Whitenack, co-host of Practical AI podcast, sharing a wide-ranging discussion. Together, Dave, Maria and Dan examine the intersection of frontier innovation and cyber innovation through the lens of cyber, space, and AI. Learn more about your ad choices. Visit megaphone.fm/adchoices

Alex Berninger, Senior Manager of Intelligence at Red Canary, and Mike Wylie, Director, Threat Hunting at Zscaler, join to discuss four phishing lures in campaigns dropping RMM tools. Red Canary and Zscaler uncovered phishing campaigns delivering legitimate remote monitoring and management (RMM) tools—like ITarian, PDQ, SimpleHelp, and Atera—to gain stealthy access to victim systems. Attackers used four main lures (fake browser updates, meeting invites, party invitations, and fake government forms) and often deployed multiple RMM tools in quick succession to establish persistent access and deliver additional malware. The report highlights detection opportunities, provides indicators of compromise, and stresses the importance of monitoring authorized RMM usage, scrutinizing trusted services like Cloudflare R2, and enforcing strict network and endpoint controls. The research can be found here: You’re invited: Four phishing lures in campaigns dropping RMM tools Learn more about your ad choices. Visit me

Cyber Command names a new head of AI. The UK introduces its long-delayed Cyber Security and Resilience Bill. Researchers highlight a critical Oracle Identity Manager flaw. Salesforce warns customers of a third-party data breach. Italy’s state-owned railway operator leaks sensitive information. SonicWall patches firewalls and email security devices. The US charges four individuals with conspiring to illegally export restricted Nvidia AI chips to China. The SEC drops its lawsuit against SolarWinds. NSO group claims a permanent injunction could cause irreparable and potentially existential harm. Maria Varmazis of the T-Minus Space Daily show sits down with General Daniel Karbler (Ret.) to discuss his consulting work for A House of Dynamite, the newly released Netflix film. Roses are red, violets are blue, this poem just jailbroke your AI too. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll neve

In this special episode of Threat Vector, host David Moulton, Senior Director of Thought Leadership for Unit 42, sits down with Stav Setty, Principal Researcher at Palo Alto Networks, to unpack Jingle Thief a cloud-only, identity-driven campaign that turned Microsoft 365 into a gift card printing press. Stav explains how the Morocco based group known as Atlas Lion lived off the land inside M365 for months at a time, using tailored phishing and smishing pages, URL tricks, and internal phishing to compromise one user and quietly pivot to dozens more. Together, David and Stav walk through how the attackers abused legitimate identity features like device registration, MFA resets, inbox forwarding rules, and ServiceNow style access requests to blend into normal business workflows and monetize “digital cash” in the form of gift cards. They dig into why MFA alone is not safety, why identity is now the real perimeter, and how behavioral analytics, UEBA, and ITDR can piece together small signals into a clear story of

The US and allies sanction Russian bulletproof hosting providers. The White House looks to sue states over AI regulations. The US Border Patrol flags citizens’ “suspicious” travel patterns. Lawmakers seek to strengthen the SEC’s cybersecurity posture. A new Android banking trojan captures content from end-to-end encrypted apps. A hidden browser API raises security concerns. Fortinet patches a zero-day. A Philippine former mayor gets life in prison for scam center human trafficking. Our guest is Cliff Crosland, CEO and Co-founder at Scanner.dev, discussing why security data lakes are ideal for AI in the SOC. Green energy gets hijacked for a blockchain side-hustle.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, we are joined by Cliff Crosland, CEO and Co-founder at Scanner.

Cloudflare’s outage is rooted in an internal configuration error. The Trump administration is preparing a new national cyber strategy. CISA gives federal agencies a week to secure a new Fortinet flaw. MI5 warns that China is using LinkedIn headhunters and covert operatives to target lawmakers. Experts question the national security risks of TP-Link routers. The China-aligned PlushDaemon threat group hijacks software updates. Researchers discover WhatsApp’s entire global member directory accessible online without protection. LG Energy Solution confirms a ransomware attack. ShinySp1d3r makes its debut. Rotem Tsadok, Director of Security Operations and Forensics at Varonis, is sharing lessons learned from thousands of forensics investigations. A judge says Google’s claims to water use secrecy are all wet.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow

Cloudflare suffers a major outage. Google issues an emergency Chrome update. Logitech discloses a data breach. CISA plans a major hiring push. The House renews the State and Local Cybersecurity Grant Program. The GAO warns military personnel are oversharing online. Tech groups urge governments worldwide to reject proposals that weaken or bypass encryption. Australian authorities blame outdated software for the death of a telecom customer. An alleged Void Blizzard hacker faces extradition to the US. Our guest is Kevin Kennedy from ManTech discussing the future battlefield and the importance of integrating non-kinetic effects. AI meets the IRS. What could possibly go wrong? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, we are joined by ⁠Kevin Kennedy⁠ from ⁠ManTech⁠ discuss