CyberWire Daily

Anthropic’s Mythos proves irresistible despite claimed supply chain risks.Iran claims U.S. backdoors hit its networks. New Coast Guard rules target maritime OT security. A fresh NGate Android malware variant emerges. Thousands of ActiveMQ servers face active exploitation risk. CISA adds eight flaws to its KEV list. Progress patches MOVEit and LoadMaster bugs. Attackers impersonate IT staff over Microsoft Teams. A ransomware negotiator admits working with BlackCat. Google Gemini asks, “May we see your photos please?” Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today’s Industry Voices Elad Koren, Vice President, Product Management, Cortex Cloud at Palo Alto Networks, discusses building AI natively into platforms, managing complexity and trust, and taking a measured, experimental approach during the industry’s “messy middle” phase. If you enjoyed this conversation, tune into the full interview here. Selected Reading The US NSA is using Anthropic's Claude Mythos despite supply chain risk (Security Affairs) Anthropic secretly installs spyware when you install Claude Desktop (That Privacy Guy) Iran claims US used backdoors in networking equipment (The Register) Maritime Cybersecurity Rules Make Waves (GovInfoSecurity) New NGate variant hides in a trojanized NFC payment app (We Live Security) Actively exploited Apache ActiveMQ flaw impacts 6,400 servers (Bleeping Computer) CISA flags another Cisco Catalyst SD-WAN Manager bug as exploited (CVE-2026-20133) (Help Net Security) Progress Patches Multiple Vulnerabilities in MOVEit WAF, LoadMaster (SecurityWeek) Microsoft: Teams increasingly abused in helpdesk impersonation attacks (Bleeping Computer) Florida Man Working as a Ransomware Negotiator Pleads Guilty to Conspiracy to Deploy Ransomware and Extort U.S. Victims (United States Department of Justice) Google Starts Scanning All Your Photos As New Update Goes Live (Forbes) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Cloud platform Vercel confirms a data breach. Microsoft releases emergency updates to fix Windows Server restart loops. Bluesky gets DDoSed. Insurers keep close watch on an AI hiring discrimination suit. Cybersecurity workforce turnover rises. Scammers abuse Apple’s email notification system. A Scattered Spider member pleads guilty to SMS phishing and cryptocurrency theft. Monday business brief. Our guest is Melissa K. Smith, SVP, Global Strategic Partnerships and Initiatives at SentinelOne, discussing building a unified defense through strategic partnerships. A budget beacon briefly betrays a boat’s bearing. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today on our Industry Voices segment, we are joined by Melissa K. Smith, SVP, Global Strategic Partnerships and Initiatives at SentinelOne discussing building a unified defense through strategic partnerships. If you enjoyed this conversation, be sure to check out the full interview here. Selected Reading Vercel confirms breach as hackers claim to be selling stolen data (Bleeping Computer) Microsoft releases emergency updates to fix Windows Server issues (Bleeping Computer) Bluesky Disrupted by Sophisticated DDoS Attack (SecurityWeek) Who is liable when artificial intelligence makes mistakes? (Financial Times) Insurance carriers quietly back away from covering AI outputs (CSO Online) Compensation vs. Burnout: The New Retention Calculus for Cybersecurity Leaders (Security Boulevard) Watch out, hackers are abusing Apple account notifications to distribute malware, steal money and data (TechRadar) British Scattered Spider Hacker Pleads Guilty in the US (SecurityWeek) Business Briefing for 04.15.26 (CyberWire Pro) Dutch navy frigate tracked by mailing it a Bluetooth tracker (The Register) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of Career Notes. Jaya Baloo, a Chief Information Security Officer from Avast sits down to share her story, sharing how she got into the technology field at a younger age with being introduced to computers and games on her PS 24. She started off going to college for political science and after not knowing what to do after that, she got her first start in cybersecurity. After falling in love with cybersecurity she kept moving up the ranks in different organizations before finding herself at Avast. She shares that at Avast she leans on her team quite a bit and you should never be afraid to bounce ideas off of your teammates. She says "The best ideas come from like bouncing ideas off of each other, sharing within the group and then if I can't figure it out myself, that's why I hire these amazing individuals it's to help me figure it out." We thank Jaya for sharing her story. Learn more about your ad choices. Visit megaphone.fm/adchoices

Today we are joined by Dr. Darren Williams, Founder and CEO of BlackFog, to discuss his team's work on "Steaelite RAT Enables Double Extortion Attacks from a Single Panel." A new remote access trojan, Steaelite, is being marketed on underground forums as an all-in-one platform that combines remote access, credential theft, surveillance, and ransomware deployment through a single browser-based dashboard. Unlike traditional cybercrime toolchains, it merges data exfiltration and ransomware capabilities into one interface, with automated credential harvesting beginning as soon as a victim is infected. The tool signals a growing shift toward streamlined “double extortion” attacks, where data theft and encryption happen within the same system—raising the stakes for defenders to stop threats before data is exfiltrated. The research and executive brief can be found here: Steaelite RAT Enables Double Extortion Attacks from a Single Panel Learn more about your ad choices. Visit megaphone.fm/adchoices

The House extends Section 702, for now. Mythos raises fresh cyber risk concerns. CISA warns of reduced capacity. ZionSiphon targets Israeli water systems. Operation PowerOFF hits DDoS-for-hire networks. CISA flags an actively exploited ActiveMQ flaw. WordPress plugin supply chain attacks spread. China tests deep-sea cable-cutting tech. Our guest is Arvind Nithrakashyap, CTO and Co-Founder of Rubrik, discussing AI as the next frontier. Tim Starks from CyberScoop takes us Inside the FBI’s recent router takedown. A DraftKings data dealer meets his downfall. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, ⁠Daily Briefing⁠, and you’ll never miss a beat. And be sure to follow CyberWire Daily on ⁠LinkedIn⁠. Industry Voices On today’s Industry Voices segment, we are joined by ⁠Arvind Nithrakashyap⁠, CTO and Co-Founder of ⁠Rubrik⁠, discussing AI as the next frontier. If you enjoyed this conversation, check out the full interview here. CyberWire Guest Today we have ⁠Tim Starks⁠ from ⁠CyberScoop⁠ discussing Inside the FBI’s router takedown that cut off APT28’s ‘tremendous access’. Selected Reading ⁠House extends surveillance powers for 10 days⁠ (NPR) ⁠White House Works to Give US Agencies Anthropic Mythos AI⁠ (Bloomberg) ⁠Lawmakers Gathered Quietly to Talk About AI. Angst and Fears of ‘Destruction’ Followed⁠ (SecurityWeek) ⁠How Anthropic Discovered Mythos AI Was Too Dangerous For Release⁠ (Bloomberg) ⁠CISA Warns of 'Detrimental Capacity Impacts' Amid Shutdown⁠ (BankInfo Security) ⁠New ZionSiphon Malware Discovered Targeting Israeli Water Systems⁠ (Hackread) ⁠Europol-supported global operation targets over 75 000 users engaged in DDoS attacks⁠ (Europol) ⁠CISA flags Apache ActiveMQ flaw as actively exploited in attacks⁠ (Bleeping Computer) ⁠30+ WordPress plugins bought on Flippa and backdoored in supply chain attack⁠ (TNW) ⁠New undersea cable cutter risks Internet’s backbone⁠ (Ars Technica) ⁠Man gets 30 months for selling thousands of hacked DraftKings accounts⁠ (Bleeping Computer) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our ⁠brief listener survey⁠. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at ⁠sponsor.thecyberwire.com⁠. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

NIST struggles with an NVD backlog. Cisco and Splunk ship critical patches. Researchers flag a systemic flaw in Anthropic’s MCP. ShinyHunters leak 13.5 million McGraw Hill accounts. Cargo theft goes cyber. A Tennessee hospital breach hits 337,000 patients. Two Americans are sentenced in a North Korean fake-IT-worker scheme. Our guest is Rob Allen, Chief Product Officer at ThreatLocker, describing security gaps addressed by zero trust. OpenAI lets security teams take off the training wheels. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today’s Industry Voices segment we are joined by Rob Allen, Chief Product Officer at ThreatLocker, security gaps addressed by zero trust. If you enjoyed this conversation check out the full interview here. Selected Reading NIST Drops NVD Enrichment for Pre-March 2026 Vulnerabilities (Infosecurity Magazine) Cisco says critical Webex Services flaw requires customer action (Bleeping Computer) Splunk Enterprise Update Patches Code Execution Vulnerability (SecurityWeek) Systemic Flaw in MCP Protocol Could Expose 150 Million Downloads (Infosecurity Magazine) Data breach at edtech giant McGraw Hill affects 13.5 million accounts (Bleeping Computer) Freight Hacker Wields Code-Signing Service to Evade Defenses (GovInfo Security) Data Breach at Tennessee Hospital Affects 337,000 (SecurityWeek) US nationals behind DPRK IT worker 'laptop farm' sent to prison (Bleeping Computer) OpenAI Launches GPT-5.4 Cyber And It's Built Specifically for Defenders (TechGlow) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Patch Tuesday. CISA directs furloughed employees back to work. Experts warn Anthropic’s Glasswing signals a new era of AI-driven vulnerability discovery. Federal prosecutors crack down on chip smuggling. Sweden says a pro-Russian cyber group attempted to disrupt power plant operations. A fake app in Apple’s App Store drains crypto wallets. Virginia bans the sale of precise geolocation data. Our guest is Johnny Hand, VP for AI Excellence at TrendAI, discussing AI operational discipline. Do you need to buy a separate seat for your AI agent? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today on our Industry Voices segment, we are joined by ⁠Johnny Hand⁠, VP for AI Excellence at ⁠TrendAI⁠, discussing AI operational discipline and real-world cyber impact. If you enjoyed this conversation, check out the full interview here. Selected Reading Microsoft Patch Tuesday for April 2026 fixed actively exploited SharePoint zero-day (Security Affairs) ICS Patch Tuesday: 8 Industrial Giants Publish New Security Advisories (SecurityWeek) Adobe Patches 55 Vulnerabilities Across 11 Products (SecurityWeek) CISA Workers Recalled Despite Shutdown (GovInfoSecurity) CISA cancels summer internships for cyber scholarship students amid DHS funding lapse (CyberScoop) Anthropic’s Mythos signals a structural cybersecurity shift (CSO Online) We’re only seeing the tip of the chip-smuggling iceberg (CyberScoop) Swedish power plant targeted by pro-Russian group in 2025, government says (Reuters) Exclusive: Russia-linked hackers compromised scores of Ukrainian prosecutors’ email accounts, data shows (Reuters) Users lose $9.5 million to fake Ledger wallet app on the Apple App Store (web3isgoinggreat) Virginia enacts ban on precise geolocation data sales as momentum for similar prohibitions builds (The Record) Microsoft exec suggests AI agents will need to buy software licenses, just like employees (Business Insider) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

France pushes digital sovereignty. Adobe rushes an Acrobat Reader patch. Booking.com confirms a targeted breach. SAP fixes a critical SQL injection bug. A sanctions-dodging fraud network resurfaces. ViperTunnel infiltrates U.S. and U.K. firms. GlassWorm spreads across developer tools. Researchers dissect Predator spyware’s kernel engine. A lawsuit challenges AI transcription in hospitals. Ted Shorter from Keyfactor unpacks quantum computing at scale. On our Threat Vector segment, David Moulton and ⁠Elad Koren⁠ pull back the curtain on agentic-first security. Preparing for post-quantum perils. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Ted Shorter, CTO and Co-Founder of Keyfactor, discussing the advent of quantum computing at scale, known as "Q-Day". Threat Vector Host David Moulton speaks with returning guest ⁠Elad Koren⁠, Vice President of Product Management for Cortex Cloud at ⁠Palo Alto Networks⁠ on this Threat Vector segment. Together they pull back the curtain on what an agentic-first security experience actually looks like in practice. This isn't a vision deck. The agents are already running. To listen to the full conversation, check it out here. Catch new episodes of Threat Vector every Thursday on your favorite podcast app. Selected Reading France Tees Up Big Public Sector Move Away From US Tech (BankInfo Security) Adobe rolls out emergency fix for Acrobat, Reader zero-day flaw (Bleeping Computer) Booking.com Confirms Data Breach as Hackers Access Customer Details (Hackread) SAP Patches Critical ABAP Vulnerability (SecurityWeek) Triad Nexus Evades Sanctions to Fuel Cybercrime (SecurityWeek) Ransomware-Linked ViperTunnel Malware Hits UK and US Businesses (Hackread) GlassWorm evolves with Zig dropper to infect multiple developer tools (Security Affairs) Predator Spyware's iOS Kernel Exploitation Engine: PAC Bypass, NEON R/W & More (Jamf Threat Labs) Lawsuit: AI Illegally Recorded Doctor-Patient Encounters (BankInfo Security) World Quantum Day (WorldQuantimDay) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The FBI disrupts a multi-million-dollar phishing ring. A North Korea-linked supply chain attack hits OpenAI. Developers face a Slack phishing campaign. A critical Python notebook flaw is exploited in hours. ShinyHunters target Rockstar Games. A Japanese shipping firm reports a breach. Tracking the cybersecurity winners and losers in Trump’s 2027 budget, plus a claimed cyberattack on UAE infrastructure. Business breakdown. Our guest is Justin Kohler, Chief Product Officer at SpecterOps, discussing Identity Attack Path Management. Crackdowns at home push scam networks abroad. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today’s Industry Voices, we are joined by Justin Kohler, Chief Product Officer at SpecterOps, discussing Identity Attack Path Management. If you enjoyed this conversation, tune into the full interview here. Selected Reading FBI Dismantles $20m Phishing Operation W3LL (Infosecurity Magazine) The cyber winners and losers in Trump’s 2027 budget (CSO Online) Handala carries out unprecedented cyberattack against critical UAE Infrastructure (PressTV) OpenSSF Flags Malware Campaign on Slack Posing as Linux Foundation Figures (HackRead) OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack (SecurityWeek) Critical Marimo pre-auth RCE flaw now under active exploitation (Bleeping Computer) GTA-maker Rockstar Games hacked again but downplays impact (BBC) NYK alerts on data breach in bunker fuel procurement system (Manifold Times) Business Briefing for 04.08.26 (The CyberWire) China Is Cracking Down on Scams. Just Not the Ones Hitting Americans (WIRED) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of Career Notes. Mark Logan, CEO of One Identity, sits down to share his story, explaining how he fit into different roles growing up in different companies. Mark has nearly two decades of C-Suite experience at an array of different organizations, finally landing on his current position as the CEO at One Identity. Sharing his different roles, he also gives a quote from Steve Jobs, saying "it's not what I say yes to, it's what I say no to." He believes that's a key area for his workers because when he is able to make up his mind, his team and his customers have someone they can rely on. Mark says that as a CEO he wants to share the advice of always marching towards your goals, and identifying that different people have different goals because they work in different fields, but that's what makes a company work best. He says "I've found that the more you can delegate, provided you've got the right folks in place the better." We thank Mark for sharing his story. Learn more about your ad choices. Visit megaphone.fm/adchoices

What does a modern cyberattack really look like from the inside? In this CyberWire-X episode, Dave Bittner speaks with John Anthony Smith, Founder and Chief Security Officer of Fenix24. This conversation takes us step by step as an attacker breaks into a target environment – probing for weaknesses, exploiting entry points, escalating privileges, and moving laterally until they reach their objective. While the attack unfolds, listeners are privy to a behind-the-scenes commentary that reveals the tradecraft: the scripts, misconfigurations, overlooked alerts, and the moments defenders could have stopped the intrusion and, most importantly, prepared for the day through a defense that locks down data and enables a quick and full recovery. This is not a theoretical review or a highlight reel. It's a candid, technical, and eye-opening journey through the full kill chain that will reshape listeners think about detection, incident readiness, and resilience. Learn more about your ad choices. Visit megaphone.fm/adchoices

Today we are joined by Selena Larson, Threat Researcher from Proofpoint research team and co-host of Only Malware in the Building, talking about their work on "(Don't) TrustConnect: It's a RAT in an RMM hat." Proofpoint uncovered TrustConnect, a malware-as-a-service platform posing as a legitimate remote monitoring and management (RMM) tool, but actually functioning as a remote access trojan (RAT) sold to cybercriminals for $300/month. The operation used a fake business website, legitimate-looking certificates, and branded installers (like fake Microsoft Teams or Zoom apps) to trick victims, while providing attackers with full remote control, file transfer, and surveillance capabilities. Although parts of its infrastructure were disrupted, the threat actor quickly rebounded with new variants, highlighting both the resilience of the operation and its deep ties to the broader cybercriminal ecosystem abusing RMM tools. The research and executive brief can be found here: (Don't) TrustConnect: It's a RAT in an RMM hat Learn more about your ad choices. Visit megaphone.fm/adchoices

The Treasury Secretary and Fed Chair summon bankers over AI concerns. A hacker claims more than 10 petabytes stolen from China’s National Supercomputing Center. Recalibrating the quantum timeline. Researchers demo prompt injection against Apple Intelligence. Payroll Pirates target Canadians. Gmail gets end-to-end encryption on mobile devices. A Chrome update fixes critical vulnerabilities. A Pennsylvania cop admits creating more than 3,000 AI-generated pornographic deepfakes. Our guest is Henry Comfort, Co-Founder and CEO of Geordie AI, winner of this year’s RSAC Innovation Sandbox. FCC floats firmer filters for fraudulent phone calls. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, Dave shares coverage of the RSAC 2026 Innovation Sandbox and his conversation with Henry Comfort, Co-Founder and CEO from the winner of “Most Innovative Startup” Geordie AI. We tip our hats to this year’s finalists. Selected Reading Bessent and Powell’s A.I. Anxiety (The New York Times) Court Backs Pentagon Anthropic Ban - But the Fight Continues (GovInfo Security) A hacker has allegedly breached one of China’s supercomputers and is attempting to sell a trove of stolen data (CNN) Why is the timeline to quantum-proof everything constantly shrinking? (CyberScoop) Microsoft: Canadian employees targeted in payroll pirate attacks (Bleeping Computer) Google rolls out Gmail end-to-end encryption on mobile devices (Bleeping Computer) Chrome 147 Patches 60 Vulnerabilities, Including Two Critical Flaws Worth $86,000 (SecurityWeek) Police corporal created AI porn from driver's license pics (Ars Technica) FCC proposes new rule to further crackdown on illegal robocalls (The Record) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Iran-linked hackers signal cyberattacks will continue despite the cease-fire. Microsoft restores access after suspending open-source developer accounts. John Deere settles its right-to-repair fight. A suspected Adobe Reader zero-day surfaces. Palo Alto Networks and SonicWall patch high-severity flaws. New macOS malware targets crypto wallets. A threat cluster abuses live chat to bypass MFA. CISA orders urgent Ivanti patching. Researchers track a stealthy DDoS-for-hire botnet. Our guest is Edgard Capdevielle, CEO of Nozomi Networks, sharing insights on threats posed by nation-states and AI on OT security. macOS has a 49 day time limit. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today’s Industry Voices, we are joined by Edgard Capdevielle, CEO of Nozomi Networks, sharing insights on threats posed by nation-states and AI on OT security. If you enjoyed this conversation, check out the full interview here. Selected Reading Shaky Ceasefire Unlikely to Stop Cyberattacks From Iran-Linked Hackers for Long (SecurityWeek) Microsoft suspends dev accounts for high-profile open source projects (Bleeping Computer) John Deere to Pay $99 Million in Monumental Right-to-Repair Settlement (The Drive) Adobe Reader Zero-Day Exploited for Months: Researcher (SecurityWeek) Palo Alto Networks, SonicWall Patch High-Severity Vulnerabilities (SecurityWeek) New macOS Malware notnullOSX Targets Crypto Wallets Over $10K (Hackread) Google Warns of New Threat Group Targeting BPOs and Helpdesks (Infosecurity Magazine) Masjesu Rising: The Commercial IoT Botnet Built for Stealth, DDoS, and IoT Evasion (Trellix) CISA orders feds to patch exploited Ivanti EPMM flaw by Sunday (Bleeping Computer) We Found a Ticking Time Bomb in macOS TCP Networking - It Detonates After Exactly 49 Days (Photon Blog) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Federal agencies warn Iranian-linked hackers are probing U.S. critical infrastructure, while the DOJ disrupts a Russian router hijacking campaign. Cyberattacks hit Minnesota government systems and force a Massachusetts hospital to divert ambulances. Anthropic limits access to its new AI bug-hunting model, hackers leak terabytes of LAPD data, and researchers warn of a rise in AI recommendation poisoning. Our guest is Benny Czarny, Founder and CEO of OPSWAT, discussing his book "Cybersecurity Upside Down: Rethink Your Cybersecurity Strategy." Japan trades red tape for training data. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today’s Industry Voices, we are joined by Benny Czarny, Founder and CEO of OPSWAT, discussing his book "Cybersecurity Upside Down: Rethink Your Cybersecurity Strategy." If you enjoyed this interview, check out the full conversation here. Selected Reading Iran-Linked Hackers Are Sabotaging US Energy and Water Infrastructure (WIRED) Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure (FBI Internet Crime Complaint Center (IC3)) Pro-Iran Group Takes Credit for Cyberattacks on Chime, Pinterest (Bloomberg) US disrupts Russian military-run DNS hijacking network, Justice Department says (Reuters) Frostarmada forest blizzard dns hijacking (Lumen Technologies Black Lotus Labs) Minnesota governor orders emergency support for cyberattack disrupting county's 'critical systems' (StateScoop) Massachusetts hospital turning ambulances away after cyberattack (The Record) What Anthropic Glasswing reveals about the future of vulnerability discovery (CSO Online) Sensitive LAPD records leaked in hack of L.A. city attorney's office (LA Times) Manipulating AI memory for profit: The rise of AI Recommendation Poisoning (Microsoft Security Blog) Japan relaxes privacy laws to make AI development easy (The Register) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA faces a $700 million budget cut. Russian and Iranian cyber cooperation raises concerns. New BPFDoor variants emerge. Cybercrime losses climb again. Researchers advance a GPU Rowhammer attack. Northern Ireland schools go offline after a breach. An alleged hacker-for-hire faces U.S. charges. And German police name the suspected REvil mastermind. Our guest is John Anthony Smith, Founder and Chief Security Officer at Fenix24, explaining why more technology hasn't made us more secure. A frustrated researcher drops the hammer. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today’s Industry Voices segment, John Anthony Smith, Founder and Chief Security Officer at Fenix24, discusses why more technology hasn't made us more secure. Check out the full conversation here. Selected Reading White House Seeks to Slash CISA Funding by $707 Million (SecurityWeek) Exclusive: Russia supplies Iran with cyber support, spy imagery to hone attacks, Ukraine says (Reuters) New Whitepaper: Stealthy BPFDoor Variants are a Needle That Looks Like Hay (Rapid7) FBI Internet Crime Complaint Center (IC3) Report 2025 (FBI Internet Crime Complaint Center (IC3)) GPUBreach: Root Shell Access Achieved via GPU Rowhammer Attack (SecurityWeek) Cyberattack hits Northern Ireland’s centralized school network, disrupting access for thousands (The Record) Suspect in Hacking of Climate Activists Is Extradited to New York (New York Times) German Police Unmask REvil Ransomware Leader (SecurityWeek) Disgruntled researcher leaks “BlueHammer” Windows zero-day exploit (Bleeping Computer) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Fortinet releases an emergency update for a critical vulnerability. A major outage disrupts Russian banking apps. A new report highlights critical skills gaps. CyberCorp scholars struggle to secure jobs. Scammers use QR codes in fake traffic violation schemes. A proposed lawsuit accuses Perplexity of oversharing users’ AI transcripts. Cambodia outlaws scam centers. Scammers impersonate Harvard IT staff. With “wrench attack” threats of violence, life imitates art. Kevin Magee from Microsoft for Startups describes emerging trends. On Afternoon Cyber Tea with Ann Johnson, Ann speaks with Allie Mellen about her new book "Code War: How Nations Hack, Spy, and Shape the Digital Battlefield." Users find Copilot’s terms of use highly entertaining. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today on our Industry Voices segment, we are joined by Kevin Magee from Microsoft for Startups discussing how cybersecurity startups can succeed by focusing on real problems and navigating emerging trends. Tune into the full conversation here. Afternoon Cyber Tea On this segment of Afternoon Cyber Tea with Ann Johnson, Ann speaks with Allie Mellen about her new book "Code War: How Nations Hack, Spy, and Shape the Digital Battlefield." You can listen to the full conversation here and catch new episodes of Afternoon Cyber Tea every other Tuesday on your favorite podcast app. Selected Reading New FortiClient EMS flaw exploited in attacks, emergency patch released (Bleeping Computer) Major outage hits Russian banking apps, metro payments across regions (The Record) SANS 2026 report flags cybersecurity skills crisis, putting critical infrastructure and OT sectors at measurable breach risk (Industrial Cyber) CyberCorps grads consider private sector as fed hiring challenges persist (Federal News Network) Traffic violation scams switch to QR codes in new phishing texts (Bleeping Computer) Perplexity's "Incognito Mode" is a "sham," lawsuit says (Ars Technica) Cambodian parliament passes landmark cybercrime law after scam centre scrutiny (Reuters) Harvard Warns of Active Cyberattack Impersonating IT Staff and Targeting Affiliates (The Crimson) Wealthy California crypto holders targeted in violent ‘wrench attacks’ (KTLA) Security (xkcd) Censys raises $70 million in a Series D round. (N2K Pro Business Briefing) Even Microsoft know Copilot can't be trusted (The Register) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our ⁠brief listener survey⁠. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at ⁠sponsor.thecyberwire.com⁠. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of Career Notes. Anjali Hansen, a Senior Privacy Counselor from Noname Security shares her story as she climbed through the ranks to get to where she is today. When Anjali started, she wanted to do international law. She started working for the International Trade Commission after law school, where she was able to gain most of her experience and real world abilities. Working with online fraud and abuse, she shares, concerned her, because it felt like governments could not protect organizations from threats occurring, which is how she got interested in cybercrime. From there, she moved to Noname Security, and in working there, she found that she is working with every group in the organization, creating a cross team collaboration, saying how much she admires that type of model. She says "We have to help other departments protect the data because the data's throughout an organization, it's in HR, it's in sales and marketing, it's in IT, it's in finance. So you have to be able to work with all these teams." We thank Anjali for sharing her story. Learn more about your ad choices. Visit megaphone.fm/adchoices

This week, we are joined by Santiago Pontiroli, Threat Intelligence Research Lead from Acronis TRU team, discussing their work on "New year, new sector: Transparent Tribe targets India’s startup ecosystem." The Acronis Threat Research Unit uncovered a new campaign by Transparent Tribe showing the group has expanded beyond traditional government and defense targets to India’s startup ecosystem, especially cybersecurity and OSINT-focused firms. The attackers use startup-themed lures delivered via ISO files and malicious shortcuts to deploy Crimson RAT, a highly obfuscated tool capable of surveillance, data theft, and system control. Despite this shift, the campaign closely mirrors the group’s long-standing espionage tactics, suggesting startups are being targeted for their connections to government, law enforcement, and sensitive intelligence networks. The research and executive brief can be found here: New year, new sector: Transparent Tribe targets India’s startup ecosystem Learn more about your ad choices. Visit megaphone.fm/adchoices

Cloud data centers come under fire in wartime. A massive dark web intelligence database is exposed. Chinese hackers exploit a video conferencing zero-day. The intelligence community rolls out cyber modernization plans. React2Shell attacks spread at scale. Iowa sues UnitedHealth over the Change Healthcare breach. France moves to bar kids from social media. Researchers warn about hidden risks in power regulation. An insider extortion plot locks admins out of hundreds of servers. Our guest Brandon Karpf, friend of the show, with insights on the war in Iran. Espresso exploit exposes executive emails. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Brandon Karpf, friend of the show, discussing defending critical infrastructure against Iran. Selected Reading What Happens When Data Centers Become Military Targets? (GovInfo Security) Shared EnemShared Enemy: Inside a Chinese Dark Web Monitoring Database | UpGuardy: Inside a Chinese Dark Web Monitoring Database (UpGuard) TrueConf Zero-Day Exploited in Asian Government Attacks (SecurityWeek) ODNI tackles AI, threat hunting, app cybersecurity in year-one tech review (CyberScoop) React2Shell Exploited in Large-Scale Credential Harvesting Campaign (SecurityWeek) State AG Sues Change Healthcare in 2024 Ransomware Attack (GovInfo Security) French Senate passes bill that would ban children under 15 from social media (The Record) The silent dependency: DC power regulation in cyber‑physical security (NCC Group) Man admits to locking thousands of Windows devices in extortion plot (Bleeping Computer) The company's biggest security hole lived in the breakroom (The Register) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices