CyberWire Daily

Russian hackers target Signal and WhatsApp. Permit scammers impersonate local officials. Anthropic sues over a Pentagon blacklist. The White House moves to restore fraud victims. ShinyHunters target Salesforce data. Ericsson reports a breach. macOS users face ClickFix malware. AWS credentials are phished. And CISA warns of an exploited Ivanti flaw. Our guest is Brian Baskin, Threat Researcher at Sublime Security, discussing tax season employee impersonation scams. Who fact-checks the fact-checkers? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest today is Brian Baskin, Threat Researcher at Sublime Security, discussing how tax season employee impersonation scams are conducted and what to look out for as we prepare our returns. Selected Reading Russia targets Signal and WhatsApp accounts in cyber campaign (AIVD) FBI warns of phishing attacks impersonating US city, county officials (Bleeping Computer) Anthropic sues Trump administration over Pentagon blacklist (CNBC) White House floats Victims Restoration Program for millions affected by cyber fraud (The Record) CybercrimeHundreds of Salesforce Customers Allegedly Targeted in New Data Theft Campaign (SecurityWeek) Ericsson US discloses data breach after service provider hack (Bleeping Computer) Fake CleanMyMac Site Uses ClickFix Trick to Install SHub Stealer on macOS (Hackread) Behind the console: Active phishing campaign targeting AWS console credentials (Datadog Security Labs) CISA: Recently patched Ivanti EPM flaw now actively exploited (Bleeping Computer) AI fake-news detectors may look accurate but fail in real use, study finds (Tech Xplore) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Show Notes: Cybersecurity has continued to grow and mature as a field over the past decade which has given rise to numerous degree pathways across dozens of collegiate institutions; however, the value of these degrees has continued to be a topic of debate. In this episode of CISO Perspectives, host ⁠Kim Jones⁠ sits down with Dr. Lara Ferry, the Vice President of Research at Arizona State University, to explore higher education's role in cyber. Throughout the conversation, Lara and Kim will discuss the challenges facing degree programs, the disconnects between organizations and institutions, and how the gap can be better addressed. Want more CISO Perspectives?: Check out a companion ⁠⁠blog post⁠⁠ by our very own Ethan Cook, where he breaks down key insights, shares behind-the-scenes context, and highlights research that complements this episode. It’s the perfect follow-up if you’re curious about the cyber talent crunch and how we can reshape the ecosystem for future professionals. Learn more about your ad choices. Visit megaphone.fm/adchoices

Israel claims a strike on Iran’s cyber warfare headquarters. The Trump administration releases a new national cyber strategy. DHS shakes up its IT and cybersecurity leadership. Velvet Tempest uses ClickFix to drop loaders and RATs. Researchers uncover a Linux cryptocurrency clipboard hijacker. The DOJ brings a Ghanaian romance scammer to justice. Online advertising enables government tracking. Monday business breakdown. Our guest is Jon France, CISO from ISC2, sharing some insights and findings from their 2025 ISC2 Cybersecurity Workforce Study. An Apple II app gets audited by AI. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Joining us today is Jon France, CISO from ISC2, sharing some insights and findings from their 2025 ISC2 Cybersecurity Workforce Study. For further detail, you can also check out ISC2’s just released Women in Cybersecurity report. Selected Reading Iranian cyber warfare HQ allegedly hit by Israel | brief (SC Media) Iran internet blackout reaches 6th day as rights groups call for end to digital shutdown (The Record) The long-awaited Trump cyber strategy has arrived (CyberScoop) DHS CISO, deputy CISO exit amid reported IT leadership overhaul (FedScoop) Termite ransomware breaches linked to ClickFix CastleRAT attacks (Bleeping Computer) ClipXDaemon: Autonomous X11 Clipboard Hijacker Delivered Via Bincrypter-Based Loader (Cyble) Ghanaian Pleads Guilty to Role in $100m Romance Scam (Infosecurity Magazine) The Government Uses Targeted Advertising to Track Your Location. Here's What We Need to Do. (Electronic Frontier Foundation) Zurich Insurance Group intends to acquire UK cyber insurer Beazley for approximately $11 billion. (N2K Pro Business Briefing) Microsoft Azure CTO says Claude found vulns in Apple II code (The Register) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this special Reporter’s Notebook, Maria Varmazis⁠⁠⁠⁠, host here at N2K CyberWire, takes listeners behind the scenes of our three-part series on Cyber Coalition 2025 in Tallinn, Estonia. After exploring real-time incident response, cross-border coordination, and the broader stakes of collective cyber defense, this episode offers a more personal, behind-the-scenes look at how the reporting came together. Hosted by the NATO Cooperative Cyber Defense Centre of Excellence, the exercise brought together allied military, government, and industry teams inside NATO’s secure cyber range. Here, Maria reflects on moments that didn’t make the final cut — the atmosphere inside the facilities, the pace of covering a live exercise, and the small, human details that added texture to the larger story. If you haven’t yet, be sure to listen to all three episodes of the series to hear the full story from the ground at Cyber Coalition 2025. Episode one can be found ⁠⁠here⁠⁠. Episode two can be found ⁠here⁠. Episode three can be found ⁠⁠here⁠⁠. Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of Career Notes. Anna Belak, Director of Thought Leadership at Sysdig, shares her story from physics to cyber. Anna explains how she went into college with the thinking of getting a physics degree and then for her PhD decided to switch to material science and engineering. Both were not something she enjoyed and ultimately decided to go into cyber. She shares some advice on how you should never limit yourself to your degree, as well as always learning new skills and honing in on skills you already have. She say's by doing these things it will make you into a unicorn, meaning if you are good at one thing and teach yourself to be good at something else, you will become that much more valuable. Anna hopes she makes an impact with the people she works with, she hopes they will want to work with her even long after she leaves a company. We thank Anna for sharing her story. Learn more about your ad choices. Visit megaphone.fm/adchoices

This week we are joined by Marcelle Lee, cybersecurity consultant and researcher, discussing "CTI tradecraft: Investigating a mobile scareware campaign." She details how a routine click on a Google News story led to a mobile scareware pop-up—and a deeper investigation into a broader campaign. Using free tools like Censys, URLScan, VirusTotal, and CyberChef, she pivoted from two domains to uncover more than 100 related domains, shared infrastructure, and links to questionable antivirus apps in the Google Play Store. The findings are mapped to the MITRE ATT&CK framework, showing how freely available resources can power meaningful, actionable threat intelligence. The research can be found here: ⁠CTI tradecraft: Investigating a mobile scareware campaign Learn more about your ad choices. Visit megaphone.fm/adchoices

Iran’s MuddyWater breaches multiple U.S. organizations. The FBI probes a breach of wiretap management systems. A China-linked threat actor targets South American telecoms. Cisco patches critical firewall flaws. CISA flags actively exploited bugs in Hikvision cameras and Rockwell industrial systems. A House committee advances the controversial KIDS online safety bill. The FBI arrests a suspect accused of stealing millions in seized crypto from the U.S. Marshals Service. Ben Yelin and Ethan Cook unpack the dispute between Anthropic and the Pentagon. Wikimedia worm wreaks widespread wiki woes. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, we’re bringing you a featured conversation from our Caveat podcast, where Ben Yelin sits down with N2K Lead Analyst Ethan Cook to unpack the fallout between the Pentagon and Anthropic, what led to the deal unraveling, and what it means as the government pivots to a similar AI contracting agreement with OpenAI. You can listen to their full conversation here and catch new episodes of Caveat featuring Dave and Ben every Thursday with special appearances by Ethan. Selected Reading Iranian APT Hacked US Airport, Bank, Software Company (SecurityWeek) Tech Giants, Washington Rally for Anthropic in Pentagon Feud (GovInfo Security) FBI investigates breach of surveillance and wiretap systems (Bleeping Computer) Chinese state hackers target telcos with new malware toolkit (Bleeping Computer) Cisco Patches 48 Firewall Vulnerabilities with Two CVSS 10 Flaws (Hackread) CISA Flags Hikvision Camera & Rockwell Logix Vulnerabilities as Actively Exploited (SOCRadar) House panel marks up kids digital safety act amid Democrat backlash (The Record) US contractor's son arrested over alleged $46M crypto theft (The Register) Wikipedia hit by self-propagating JavaScript worm that vandalized pages (Bleeping Computer) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Show Notes: As the cybersecurity industry has grown, the field has struggled to answer the question: do certifications matter? In this episode of CISO Perspectives, host ⁠Kim Jones⁠ sits down with N2K's own, ⁠Simone Petrella, to answer this question and discuss why the value of certifications continue to be debated. Throughout the conversation, Simone and Kim will discuss the challenges associated with certifications, and how the industry can adjust the ways it sees and utilizes them. Got cybersecurity, IT, or project management certification goals? For the past 25 years, N2K's practice tests have helped more than half a million professionals reach certification success. Grow your career and reach your goals faster with N2K’s full exam prep of practice tests, labs, and training courses for Microsoft, CompTIA, PMI, Amazon, and more at n2k.com/certify. Want more CISO Perspectives? Check out a companion ⁠⁠blog post⁠⁠ by our very own Ethan Cook, where he breaks down key insights, shares behind-the-scenes context, and highlights research that complements this episode. It’s the perfect follow-up if you’re curious about the cyber talent crunch and how we can reshape the ecosystem for future professionals. Learn more about your ad choices. Visit megaphone.fm/adchoices

Unit 42 is tracking more than 60 active hacktivist groups and Iran-linked threat actors right now. What are they actually doing, what should you believe, and what should you do about it? In this episode of Threat Vector, David Moulton sits down with Justin Moore, Senior Manager of Threat Intelligence Research at Unit 42, and Andy Piazza, Senior Director of Threat Intelligence at Unit 42, to walk through the Unit 42 Iran Threat Brief and what the observed activity means for defenders. You'll learn: - What Unit 42 is actually observing from groups like Handala Hack, FAD Team, and Dark Storm, and what claims remain unverified - Why Iran's reduced internet connectivity changes the threat picture in ways that aren't obvious - What dispersed operators and proxy groups mean for organizations far outside the Middle East - Which defensive actions matter most against the TTPs and IOCs Unit 42 has documented - How to handle hacktivist claims that may be exaggerated or false Justin Moore brings nine years of intelligence officer experience plus senior threat intel roles at Mandiant, Google, and TikTok before joining Unit 42. Andy Piazza has more than 20 years in security operations and threat intelligence, including leading IBM X-Force's global threat intel team. Read the threat brief from Unit 42: - Escalation of Cyber Risk Related to Iran (March 2026) - Escalation of Cyber Risk Related to Iran (June 2025) This episode is essential listening if you're: a CISO assessing current exposure, a threat analyst tracking Iran-linked groups, or a security leader who needs to explain the actual observed risk to your board. Related Episodes: - Inside the Mind of State-Sponsored Cyberattackers - Frenemies With Benefits - From Policy to Cyber Interference #Cybersecurity #ThreatIntelligence About Threat Vector Threat Vector by Palo Alto Networks is your premier podcast for security thought leadership. Join us as we explore pressing cybersecurity threats, robust protection strategies, and the latest industry trends. The podcast features in-depth discussions with industry leaders, Palo Alto Networks experts, and customers, providing crucial insights for security decision-makers. Whether you're looking to stay ahead of the curve with innovative solutions or understand the evolving cybersecurity landscape, Threat Vector equips you with the knowledge needed to safeguard your organization. Palo Alto Networks Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile.⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠http://paloaltonetworks.com.⁠ Learn more about your ad choices. Visit megaphone.fm/adchoices

Hacktivist activity surges in the Middle East. Defense tech firms distance themselves from Claude. International law enforcement take down the Leakbase cybercrime forum. A pair of Cisco SD-WAN vulnerabilities are under active exploitation. Google releases an urgent Chrome security update. Age-verification is put under the microscope. TikTok is leaving end-to-end encryption out of your DMs. Our guest is Daniel Barbu, Director of EMEA Security from Adobe, discussing fostering a human‑centered, enablement‑driven, and collaborative approach to AI. Clever code catches cardiac clues. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today on our Industry Voices segment, we are joined by ⁠Daniel Barbu⁠, Director of EMEA Security from ⁠Adobe⁠, discussing how fostering a human‑centered, enablement‑driven, and collaborative approach to AI through the security guild, trainings, and other initiatives. Tune into the full conversation here. Selected Reading Retaliatory Hacktivist DDoS Activity Following Operation Epic Fury/Roaring Lion (Radware) Threat Brief: March 2026 Escalation of Cyber Risk Related to Iran (Palo Alto Networks) Unit 42's Iran Threat Brief: What We're Seeing (Threat Vector podcast special edition by Palo Alto Networks) Defense tech companies are dropping Claude after Pentagon's Anthropic blacklist (NBC) Sen. Wyden Warns of Mass Surveillance Amid Pentagon's Fight With Anthropic (Gizmodo) Sprawling FBI, European operation takes down Leakbase cybercriminal forum (The Record) Cisco Warns of More Catalyst SD-WAN Flaws Exploited in the Wild (SecurityWeek) Google Rolls Out Emergency Chrome Update to Patch 10 Critical Security Vulnerabilities (GB Hackers) Hackers Expose The Massive Surveillance Stack Hiding Inside Your “Age Verification” Check (Techdirt) TikTok says it won't encrypt DMs claiming it puts users at risk (BBC) WiFi signals can measure heart rate—no wearables needed - News (UCSC) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

A suspected U.S. exploit kit shows up in global iOS attacks. Facebook goes down briefly worldwide. A critical help-desk flaw enables remote code execution. Juniper PTX routers face a major bug. LastPass warns of phishing. Telegram becomes a cybercrime marketplace. Healthcare groups fight relaxed IT rules. A stolen Gemini API key runs up massive bills. CISA’s CIO departs. Our guest is Brian Long, CEO and Co-Founder of Adaptive Security, discussing how AI is reshaping social engineering. The problem of posthumous profiles. CyberWire Guest Today on our Industry Voices segment we are joined by Brian Long, CEO and Co-Founder of Adaptive Security, discussing how AI is reshaping social engineering. If you want to hear the full conversation, listen to it here. Selected Reading Possible U.S.-developed exploits linked to first known ‘mass’ iOS attack (CyberScoop) Facebook accounts unavailable in worldwide outage (Bleeping Computer) Critical FreeScout Vulnerability Leads to Full Server Compromise (SecurityWeek) Juniper PTX Routers at Risk, Critical Takeover Flaw Disclosed (BankInfo Security) LastPass Warns of New Phishing Campaign (SecurityWeek) Telegram Increasingly Used to Sell Access, Malware and Stolen Logs Hackread) Groups Push Back on HHS' Proposed Health IT Rollbacks (BankInfo Security) Dev stunned by $82K Gemini API key bill after theft (The Register) CISA CIO Robert Costello exits agency (CyberScoop) Calls for Global Digital Estate Standard as Posthumous Deepfake Fraud Risk Grows (Infosecurity Magazine) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

GPS jamming hits the Strait of Hormuz. An Iran linked threat actor uses AI to target Iraqi government officials. Hacktivists leak thousands of DHS contract records. A Hawaii cancer center suffers a data breach. Google patches over a hundred Android vulnerabilities. A new report tallies the scale of third party breaches. An MS-Agent AI framework flaw allows full system compromise. On today's Threat Vector segment, Evan Gordenker, Director of AI Security and DPRK Operations at Unit 42, joins David Moulton to unpack North Korea’s hiring scams. Tire tech turns tattletale. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest North Korea has turned your hiring pipeline into a revenue machine. And most organizations have no idea. Evan Gordenker, Director of AI Security and DPRK Operations at Unit 42, joins David Moulton on today’s Threat Vector segment to unpack how this operation actually works. Listen to their full conversation to get more detail and catch new episodes of Threat Vector every Thursday on your favorite podcast app. Selected Reading Attacks on GPS Spike Amid US and Israeli War on Iran (WIRED) Amazon: Drone strikes damaged AWS data centers in Middle East (Bleeping Computer) Iranian Cyber Threat Actor Targets Iraqi Government Officials in AI-Powered Campaign (Infosecurity Magazine) Hacktivists claim to have hacked Homeland Security to release ICE contract data (TechCrunch) UH Cancer Center data breach affects nearly 1.2 million people (Bleeping Computer) Android gets patches for Qualcomm zero-day exploited in attacks (Bleeping Computer) Chrome Gemini panel became privilege escalator for rogue extensions (The Register) Huge “Shadow Layer” of Organizations Hit by Supply Chain Attacks (Infosecurity Magazine) Vulnerability in MS-Agent AI Framework Can Allow Full System Compromise (SecurityWeek) Researchers Uncover Method to Track Cars via Tire Sensors (SecurityWeek) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Show Notes: As cybersecurity matures, one area still lags: diversity. In this thought-provoking episode of CISO Perspectives, host Kim Jones takes the mic solo to address a topic that remains both critical and controversial. Kim explores the current state of diversity in the cybersecurity field, why progress has been slow, and how inclusive teams drive greater innovation and resilience. Tune in for an honest conversation that challenges the status quo and pushes the industry forward. Want more CISO Perspectives?: Check out a companion ⁠⁠blog post⁠⁠ by our very own Ethan Cook, where he breaks down key insights, shares behind-the-scenes context, and highlights research that complements this episode. It’s the perfect follow-up if you’re curious about the cyber talent crunch and how we can reshape the ecosystem for future professionals. Learn more about your ad choices. Visit megaphone.fm/adchoices

Cyberwar shadows the US Israel attack on Iran. Hackers hijack Pakistani news broadcasts. President Trump orders all federal agencies to stop using AI technology from Anthropic. The Health Care Cybersecurity and Resiliency Act clears a hurdle. A new RAT streamlines double extortion attacks against Windows systems. CISA updates warnings on a zero-day targeting Ivanti Connect Secure devices. A North Korea-linked group targets air-gapped systems. Monday business breakdown. On our Afternoon Cyber Tea segment from Microsoft Security, host Ann Johnson speaks with Rob Suárez, Vice President and Chief Information Security Officer at CareFirst BlueCross BlueShield, about cybersecurity in healthcare. Tim Starks from CyberScoop has the latest goings on at CISA. Microsoft says the slop stops here. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Tim Starks from CyberScoop as he is discussing ongoing challenges at CISA. If you are interested in this topic, you can learn more here. Afternoon Cyber Tea On our Afternoon Cyber Tea segment from Microsoft Security, host Ann Johnson speaks with Rob Suárez, Vice President and Chief Information Security Officer at CareFirst BlueCross BlueShield, about cybersecurity in healthcare. You can hear the full conversation here, and catch new episodes of Afternoon Cyber Tea every other Tuesday on your favorite podcast app. Selected Reading US-Israel and Iran Trade Cyberattacks: Pro-West Hacks Cause Disruption as Tehran Retaliates (SecurityWeek) Western Cybersecurity Experts Brace for Iranian Reprisal (BankInfo Security) Pakistan’s Top News Channels Hacked and Hijacked With Anti-Military Messages (Hackread) Anthropic confirms Claude is down in a worldwide outage (Bleeping Computer) Trump Orders Government to Stop Using Anthropic After Pentagon Standoff (New York Times) OpenAI Will Deploy AI in US Military Classified Networks (GovInfo Security) Senate Health Cyber Bill Clears Committee Hurdle (GovInfo Security) Double whammy: Steaelite RAT bundles data theft, ransomware (The Register) CISA warns that RESURGE malware can be dormant on Ivanti devices (Bleeping Computer) North Korean APT Targets Air-Gapped Systems in Recent Campaign (SecurityWeek) Astelia secures $35 million in combined seed and Series A funding. (N2K Pro Business Briefing) Microsoft gets tired of “Microslop,” bans the word on its Discord, then locks the server after backlash (Windows Latest) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

In the final installment of our three-part series on ⁠Cyber Coalition 2025⁠⁠, ⁠⁠Maria Varmazis⁠⁠⁠, host here at N2K CyberWire, and ⁠⁠⁠Liz Stokes, CyberWire Producer, step back from the cyber range to reflect on what their time in Tallinn really meant. This episode moves beyond the mechanics of the exercise and into the broader stakes of collective cyber defense in an increasingly uncertain geopolitical moment. Recorded two months after their visit, the conversation blends field tape and personal reflections — from standing outside the Russian Embassy in Old Town to recalling the weight inside NATO’s secure facilities. Estonia’s history, including the 2007 cyberattacks, and its visible solidarity with Ukraine underscore just how real and proximate the risks remain. Be sure to check out the first two episodes of this three part series, you can find them below. Episode one can be found ⁠here⁠. Episode two can be found here. Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of Career Notes. Larry Cashdollar, Principal Security Intelligence Response Engineer at Akamai Technologies, sits down with Dave Bittner to discuss his life leading up to working at Akamai. He shares his story from his beginnings to now, describing what college life was like as a young computer enthusiast. He says "If you look at my 1986 yearbook, I think it was my sixth grade class, it says computer scientist for my career path. So I had a love of computers when I was really young. I guess I knew what field I wanted to get into right off the bat." He describes different career paths that all led him to his current position. He also shares his love for computers and technology through the decades of his youth, and how he is learning, even now. We thank Larry for sharing his story. Learn more about your ad choices. Visit megaphone.fm/adchoices

This week we are joined by Dr. Renée Burton, Vice President of Infoblox Threat Intel, discussing "Parked Domains and Direct Search: An Underreported Security Risk." Parked domains are no longer harmless ad pages — new research finds that in today’s “direct search” or zero-click parking ecosystem, more than 90% of visits to certain parked lookalike domains lead to scams, malware, or deceptive content, often hidden behind layers of traffic distribution systems and device fingerprinting. The report details three previously unpublished domain portfolio actors who weaponize typosquatting, DNS manipulation — including rare “double fast flux” techniques highlighted in a 2025 advisory from Cybersecurity and Infrastructure Security Agency — and even misconfigured name server records to evade detection and funnel real users toward malicious advertisers. Beyond malvertising, some parked lookalike domains collect misdirected email, fuel business email compromise, and exploit outdated links — including those surfaced by generative AI — underscoring how a simple typo can expose users and enterprises to significant risk. The research can be found here: Parked Domains Become Weapons with Direct Search Advertising Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA’s acting director exits. Trump’s pick to lead the NSA hits Senate headwinds. The Pentagon pressures Anthropic over AI guardrails. A new WiFi attack sidesteps encryption. CISA flags flaws in EV chargers. Juniper patches a critical router bug. ManoMano discloses a massive breach. Europol cracks down on The Com. Greece delivers verdicts in Predatorgate. An alleged carding kingpin lands in U.S. custody. Jeff Williams, Founder of OWASP and Co-Founder/CTO of Contrast Security, shares how NIST is rethinking its role in analyzing software vulnerabilities as EU launches GCVE. Meta’s mischievous monocles meet their match. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we have Jeff Williams, Founder of OWASP and Co-Founder/CTO of Contrast Security, sharing how NIST is rethinking its role in analyzing software vulnerabilities as EU launches GCVE. If you enjoyed this conversation, you can hear the full interview over on the Caveat podcast. Selected Reading Gottumukkala out, Andersen in as acting CISA director (CyberScoop) Senator seeks to block Trump’s NSA pick, citing civil liberties concerns (The Washington Post) Anthropic Refuses to Bend to Pentagon on AI Safeguards as Dispute Nears Deadline (SecurityWeek) New AirSnitch attack bypasses Wi-Fi encryption in homes, offices, and enterprises (Ars Technica) Critical Vulnerabilities in SWITCH EV Charging Platform Allow Station Impersonation (Beyond Machines) Juniper Networks PTX Routers Affected by Critical Vulnerability (SecurityWeek) 38 Million Allegedly Impacted by ManoMano Data Breach (SecurityWeek) ‘Project Compass’ Cracks Down on ‘The Com’: 30 Members Arrested (Infosecurity Magazine) Greek court sentences Predator spyware gang (POLITICO) Chilean Carding Shop Operator Extradited to US (SecurityWeek) This App Warns You if Someone Is Wearing Smart Glasses Nearby (404 Media) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Five Eyes flags active exploitation of Cisco SD-WAN flaws. Ransomware incidents surge, but fewer victims are paying. The FTC eases its stance on COPPA to encourage age verification. Authorities in Poland and Germany charge 11 in a Facebook credential harvesting scheme. Top UK news outlets unite on AI licensing standards, as the UK touts gains in cyber resilience. Researchers say a hacker abused Anthropic’s Claude to breach Mexican government networks. Gamers revolt over AI in game development. On our Industry Voices, we are joined by Linda Gray Martin, Chief of Staff and SVP, and Britta Glade, SVP of Content and Communities, from RSAC sharing what is new at RSAC 2026. In Moscow, a man is accused of impersonating an FSB officer to shake down the Conti ransomware gang. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today on our Industry Voices, we are joined by Linda Gray Martin, Chief of Staff and SVP, and Britta Glade, SVP of Content and Communities, from RSAC sharing what is new at RSAC 2026. Selected Reading Cisco SD-WAN Is Actively Exploited by UAT-8616, Five Eyes Alliance Agencies Issue Warning (TechNadu) Ransomware payments dropped in 2025 as attack numbers reached record levels: Chainalysis (The Record) FTC Softens Enforcement of Rule Protecting Children Online, Ostensibly to Protect Children Online (Gizmodo) Poland Cybercrime Unit Uncovers Scheme Stealing 100,000 Facebook Logins (The 420) UK news giants form 'NATO for news' group to control AI scraping (Press Gazette) Government cuts cyber-attack fix times by 84% and launches new profession to protect public services (GOV.UK) Hacker Used Anthropic’s Claude to Steal Sensitive Mexican Data (Bloomberg) AI Mistakes Are Infuriating Gamers as Developers Seek Savings (Bloomberg) Moscow man accused of posing as FSB officer to extort Conti ransomware gang (The Record) AIs can’t stop recommending nuclear strikes in war game simulations (New Scientist) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Trump tells diplomats to fight digital sovereignty. DeepSeek allegedly trains on banned Nvidia chips. Google knocks out Gallium. Hackers tamper with patient records in New Zealand. Popular mental health apps leak risk. Wynn confirms a ShinyHunters breach. Telecoms dodge New York cyber rules. Russia targets Telegram’s founder. And a defense insider heads to prison for selling cyber weapons to Moscow. Andrew Dunbar, CISO of Shopify, discusses how identity and trust become the new perimeter and how commerce needs both. Barking backlash brews beneath big-game broadcast. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Andrew Dunbar, CISO of Shopify, to discuss how identity and trust become the new perimeter and how commerce needs both to be engineered into the platform. Selected Reading Exclusive: US orders diplomats to fight data sovereignty initiatives (Reuters) Exclusive: China's DeepSeek trained AI model on Nvidia's best chip despite US ban, official says (Reuters) Google disrupts Chinese-linked hackers that attacked 53 groups globally (Reuters) Patient data changed as major NZ health app MediMap hacked (RNZ News) Android mental health apps with 14.7M installs filled with security flaws (Bleeping Computer) Wynn Resorts Confirms Cyberattack & Extortion Threat, Claims Data Deleted (Casino.org) Verizon successfully dodged data security rules from state regulators (Times Union) Russia opens probe of Telegram chief, claiming app has been used for terrorism (Washington Post) Former Defense Contractor Sentenced to 87 Months in Prison for Selling Secrets to Russia: Peter Williams Trade Secrets Case Concludes (TechNadu) $10,000 bounty offered if you can hack Ring cameras to stop them sharing your data with Amazon (Bitdefender) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices