App Store

Google Play

DK - Details page - Device banner - 894x1036

Nyd den ubegrænsede adgang til tusindvis af spændende e- og lydbøger - helt gratis

Lyt når som helst, hvor som helst 

N2K Networks

The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.

CyberWire Daily

Please enjoy this encore of Career Notes. 

COO and Co-Founder of Query. AI, Andrew Maloney, shares how the building blocks he learned in the military helped him get where he is today. Coming from a blue collar family with a minimal knowledge of computers, Andrew went into computer operations in the Air Force. While deployed to Oman just after the start of the Iraq War, Andrew said he got his break into security. That's where he learned the components that fit together in order to effectively secure an environment. Andrew's words of wisdom: You've got to keep pushing and you've got to believe in yourself and never sell yourself short. We thank Andrew for sharing his story with us.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Andrew Maloney: Never-ending thirst for knowledge. [COO] [Career Notes]

Today we are joined by Selena Larson, co-host of Only Malware in the Building and Staff Threat Researcher and Lead Intelligence Analysis and Strategy at Proofpoint, sharing their work on "Microsoft OAuth App Impersonation Campaign Leads to MFA Phishing." Proofpoint researchers have identified campaigns where threat actors use fake Microsoft OAuth apps to impersonate services like Adobe, DocuSign, and SharePoint, stealing credentials and bypassing MFA via attacker-in-the-middle phishing kits, mainly Tycoon. 

These attacks redirect users to fake Microsoft login pages to capture credentials, 2FA tokens, and session cookies, targeting nearly 3,000 Microsoft 365 accounts across 900 environments in 2025. Microsoft’s upcoming security changes and strengthened email, cloud, and web defenses, along with user education, are recommended to reduce these risks.

The research can be found here:

 
⁠Microsoft OAuth App Impersonation Campaign Leads to MFA Phishing

Learn more about your ad choices. Visit megaphone.fm/adchoices

Don’t trust that app! [Research Saturday]

A cyberattack disrupts Bridgestone’s manufacturing operations. CISA warns of critical vulnerabilities in products used across multiple sectors. Additional cybersecurity firms confirm data exposure in the recent Salesforce–Salesloft Drift attack. A configuration vulnerability in Sitecore products leads to remote code execution. HHS promises stricter enforcement of healthcare information access rules. Texas sues an education software provider over a December 2024 data breach. A federal jury orders Google to pay $425 million over improperly collected user data. Nations unite for global guidance on SBOMs. On our Industry Voices segment, we are joined by Aron Anderson, Enterprise Security Manager of Adobe, on embracing the journey to zero trust. Chess.com gets caught in a tricky gambit.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

Industry Voices

On our Industry Voices segment we are joined by Aron Anderson, Enterprise Security Manager of Adobe, as he is talking about embracing the journey to zero trust. If you want to hear the full conversation from Aron, you can check it out here.

Selected Reading

Tire giant Bridgestone confirms cyberattack impacts manufacturing (Bleeping Computer)

CISA issues ICS advisories on hardware flaws in Honeywell, Mitsubishi Electric, Delta Electronics, rail communication protocols (Industrial Cyber)

More Cybersecurity Firms Hit by Salesforce-Salesloft Drift Breach (SecurityWeek)

Unknown miscreants snooping around Sitecore via sample keys (The Register)

HHS Says It's 'Cracking Down' on Health Information Blocking (BankInfo Security)

Texas sues PowerSchool over breach exposing 62M students, 880k Texans (Bleeping Computer)

Google hit with $425 million verdict in privacy class action suit (The Record)

US and 14 Allies Release Joint Guidance on Software Bill of Materials (Infosecurity Magazine)

Chess.com says 4,500 people had data stolen during June breach (The Record)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Wheels left spinning after cyber incident.

Salt Typhoon marks China’s most ambitious campaign yet. A major Google outage hit Southeastern Europe. A critical zero-day flaw in FreePBX gets patched. Scattered Lapsus$ Hunters claim the Jaguar Land Rover hack. Researchers uncover a major evolution in the XWorm backdoor campaign. GhostRedirector is a new China-aligned threat actor. CISA adds a pair of TP-Link router flaws to its Known Exploited Vulnerabilities (KEV) catalog. The feds put a $10 million bounty on three Russian FSB officers. Experts warn sweeping cuts to ODNI could cripple U.S. cyber defense. Our guest is Rick Kaun, Global Director of Cybersecurity Services at Rockwell Automation, discussing IT/OT convergence in securing critical water and wastewater systems. Google says rumors of Gmail’s breach are greatly exaggerated.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.CyberWire Guest

Today our guest is Rick Kaun, Global Director of Cybersecurity Services at Rockwell Automation, who is talking about "IT/OT Convergence for Critical Water & Wastewater Security."

Selected Reading

‘Unrestrained’ Chinese Cyberattackers May Have Stolen Data From Almost Every American (The New York Times)

Google Down in Eastern Europe (UPDATED) (Novinite Sofia News Agency)

Sangoma Patches Critical Zero-Day Exploited to Hack FreePBX Servers (SecurityWeek)

M&S hackers claim to be behind Jaguar Land Rover cyber attack (BBC)

XWorm’s Evolving Infection Chain: From Predictable to Deceptive (Trellix)

GhostRedirector poisons Windows servers: Backdoors with a side of Potatoes (welivesecurity by ESET)

CISA Flags TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 as Actively Exploited (The Cyber Security News) 

US offers $10 million bounty for info on Russian FSB hackers (Bleeping Computer)

Cutting Cyber Intelligence Undermines National Security (FDD)

No, Google did not warn 2.5 billion Gmail users to reset passwords (Bleeping Computer)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

China’s cyberstorm goes global.

Jaguar Land Rover suffers a major cyberattack. ICE gains access to a powerful spyware tool. Researchers find Fancy Bear snuffling around a new Outlook backdoor. Cloudflare and Palo Alto Networks confirm compromised Salesforce data. A researcher discovers an unsecured Navy Federal Credit Union (NFCU) server. A new ClickFix scam spreads MetaStealer malware. Specialty healthcare providers struggle to protect sensitive patient data. CISA appoints a new Executive Assistant Director for Cybersecurity. On Afternoon Cyber Tea, Ann Johnson and Harvard’s Amy Edmondson discuss how psychological safety helps cybersecurity teams speak up, spot risks, and learn from failure. Our guest today is Tim Starks from CyberScoop discussing China’s reliance on domestic firms for hacking. Hackers threaten to feed stolen art to the machines.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

Afternoon Cyber Tea

On our Afternoon Cyber Tea segment, host Ann Johnson is joined by Amy Edmondson⁠, Harvard Business School professor and psychological safety pioneer. Together they discuss how creating psychologically safe environments allows teams, especially in high-pressure fields like cybersecurity, to speak up about early warnings, embrace the red, and learn from failure. You can listen to Ann and Amy's full conversation here and don't miss new episodes of Afternoon Cyber Tea every other Tuesday on your favorite podcast app.

CyberWire Guest

Our guest today is Tim Starks from CyberScoop discussing Top FBI official says Chinese reliance on domestic firms for hacking is a weakness.

Selected Reading

Jaguar Land Rover Operations ‘Severely Disrupted’ by Cyberattack (Security Week)

Ice obtains access to Israeli-made spyware that can hack phones and encrypted apps (The Guardian)

Russian APT28 Expands Arsenal with 'NotDoor' Outlook Backdoor (Infosecurity Magazine)

Cloudflare and Palo Alto Networks Victimized in Salesloft Drift Breach (Infosecurity Magazine)

Misconfigured Server Leaks 378GB of Navy Federal Credit Union Files (Hack Read)

Fake AnyDesk Installer Spreads MetaStealer Through ClickFix Scam (Hack Read)

Hacks on Specialty Health Entities Affect Nearly 900,000 (Bank Infosecurity)

Python-based infostealer ‘Inf0s3c’ combines stealth with broad data theft (SC Media)

CISA Names Nicholas Andersen as Executive Assistant Director for Cybersecurity (The Cyber Express)

Hackers Threaten to Submit Artists' Data to AI Models If Art Site Doesn't Pay Up (404 Media)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Ransomware in the rearview.

Researchers disrupt a cyber campaign by Russia’s Midnight Blizzard. The Salesloft Drift breach continues to ripple outward. WhatsApp patches a critical flaw in its iOS and Mac apps. A fake PDF editing tool delivers the TamperChef infostealer. A hacker finds crash data Tesla claimed not to have. Spain cancels a €10 million contract with Huawei. A fraudster bilks Baltimore for over $1.5 million. We’ve got a breakdown of the latest Business news. In our Threat Vector segment, ⁠Michael Sikorski⁠ and guest ⁠Thomas P. Bossert explore the path from policy and national security strategy to building operational cyber defense. We preview our spicy new episode of Only Malware in the Building.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.Threat Vector Segment

In our Threat Vector segment, host David Moulton hands the mic over to ⁠Michael Sikorski⁠ and guest ⁠Thomas P. Bossert⁠, President of Trinity Cyber and former Homeland Security Advisor. They explore the path from policy and national security strategy to building operational cyber defense. Listen to the full conversation here and find new episodes of⁠ Threat Vector⁠ each Thursday on the N2K CyberWire network and in your favorite podcast app.CyberWire Guest

Today, our podcast producer Liz Stokes speaks with N2K Director of Enterprise Content Strategy Ma'ayan Plaut about our spicy new episode of Only Malware in the Building. You can find the audio version of Only Malware episode here, but we recommend you view the episode for added enjoyment!

Selected Reading

Amazon disrupts Russian APT29 hackers targeting Microsoft 365 (Bleeping Computer)

The Ongoing Fallout from a Breach at AI Chatbot Maker Salesloft (Krebs on Security)

Zscaler swiftly mitigates a security incident impacting Salesloft Drift (Zscaler)

WhatsApp fixes 'zero-click' bug used to hack Apple users with spyware (TechCrunch)

TamperedChef infostealer delivered through fraudulent PDF Editor (Bleeping Computer)

Heimdal Investigation: European Organizations Hit by PDF Editor Malware Campaign (Heimdal Security) 

Tesla said it didn’t have critical data in a fatal crash. Then a hacker found it. (The Washington Post)

Spanish government cancels €10m contract using Huawei equipment (The Record)

Scammer steals $1.5 million from Baltimore by spoofing city vendor (The Record)

N2K Pro Business Briefing update (N2K Networks) Taco Bell rethinks AI drive-through after man orders 18,000 waters (BBC)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. 

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Blizzard warning: Amazon freezes midnight hack.

Welcome in! You’ve entered, Only Malware in the Building — but this time, it’s not just another episode. This is a special edition you won’t want to miss.

For the first time, our hosts are together in-studio — and they’re turning up the heat. Literally. Join ⁠⁠⁠⁠⁠⁠Selena Larson⁠⁠⁠⁠⁠⁠, ⁠⁠⁠⁠⁠⁠Proofpoint⁠⁠⁠⁠⁠⁠ intelligence analyst and host of their podcast ⁠⁠⁠⁠⁠⁠DISCARDED⁠, along with ⁠⁠⁠⁠⁠⁠N2K Networks⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠⁠ and ⁠⁠⁠⁠⁠Keith Mularski⁠⁠⁠⁠⁠, former FBI cybercrime investigator and now Chief Global Ambassador at ⁠⁠⁠⁠⁠Qintel⁠⁠⁠⁠⁠⁠⁠⁠⁠, as they take on a fiery hot wings challenge while answering personal questions about themselves, their careers, and the stories that shaped them. Think you’ve seen them tackle malware mysteries before? Wait until you see them sweat. 

This one’s too good for audio alone — you’ll want to watch the full ⁠video⁠ edition to catch every spicy reaction, every laugh, and maybe even a few tears.

So grab your milk, get ready to feel the burn, and come join us for this special hot take on Only Malware in the Building.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Hot sauce and hot takes: An Only Malware in the Building special. [OMITB]

While our team is observing the Labor Day holiday in the US, we hope you will enjoy this episode of The Microsoft Threat Intelligence Podcast . New episodes airs on the N2K CyberWIre network every other Wednesday. 

In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo is live from Black Hat 2025 with a special lineup of Microsoft security leaders and researchers. 

First, Sherrod sits down with Tom Gallagher, VP of Engineering and head of the Microsoft Security Response Center (MSRC). Tom shares how his team works with researchers worldwide, why responsible disclosure matters, and how programs like Zero Day Quest (ZDQ) are shaping the future of vulnerability research in cloud and AI security. He also announced the next iteration of ZTQ with $5 million up for grabs. 

Next, Sherrod is joined by Eric Baller (Senior Security Researcher) and Eric Olson (Principal Security Researcher) to unpack the fast-changing ransomware landscape. From dwell time collapsing from weeks to minutes, to the growing role of access brokers, they explore how attackers operate as organized ecosystems and how defenders can respond. 

Finally, Sherrod welcomes Travis Schack (Principal Security Researcher) alongside Eric Olson to examine the mechanics of social engineering. They discuss how attackers exploit urgency, trust, and human curiosity, why AI is supercharging phishing campaigns, and how defenders can fight back with both training and technology. 

In this episode you’ll learn: 

 How MSRC partners with researchers across 59 countries to protect customers 

 Why Zero Day Quest is accelerating vulnerability discovery in cloud and AI 

 How ransomware dwell times have shrunk from days to under an hour 

Resources: 

 
View Sherrod DeGrippo on LinkedIn 

 Zero Day Quest — Microsoft 

 
Microsoft Security Response Center Blog 

Related Microsoft Podcasts: 

 Afternoon Cyber Tea with Ann Johnson

 The BlueHat Podcast

 
Uncovering Hidden Risks 

 

Discover and follow other Microsoft podcasts at microsoft.com/podcasts 

Get the latest threat intelligence insights and guidance at Microsoft Security Insider

 

The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network. 
Learn more about your ad choices. Visit megaphone.fm/adchoices

Live from Black Hat: Ransomware, Responsible Disclosure, and the Rise of AI [Microsoft Threat Intelligence Podcast]

This Labor Day, we’re celebrating more than just a holiday. Join us in celebrating not just the work, but the people who make it possible — the labor behind the labor.We’re honoring the people who bring their creativity, dedication, and passion to every corner of N2K. The work you hear, read, and see from us doesn’t happen by accident. It’s the result of talented colleagues who pour themselves into their craft, often in ways that don’t always get the spotlight. From shaping sound and refining scripts to building certification content and producing video, their labor is the heartbeat of what we do.In this special edition, host Ma’ayan Plaut introduces you to some of the voices behind the scenes: Elliott, whose audio artistry makes every show sing; Ethan, whose sharp analysis bridges policy and practice; Alice, whose storytelling brings energy and curiosity to the space industry; George and Ann, who create and refine the certification content that keeps us at the forefront of technology; and Sarelle, whose video production brings our stories to life. Together, they embody the care and creativity that define N2K.And if you’d like to see the labor behind the labor, we’ve also put together a ⁠⁠video⁠⁠ companion to this project — giving you another way to meet the team and experience their work in action. Be sure to check it out!
Learn more about your ad choices. Visit megaphone.fm/adchoices

The labor behind the labor. [Special Edition]

Please enjoy this encore of Career Notes.

Social engineer and CEO of Hekate, Marina Ciavatta, shares her story of how people think her job is a la Mission Impossible coming from the ceiling with a rope and stealing stuff in the dead of the night. Marina does physical pentesting. Starting with an unused degree in journalism, Marina turned her talent for writing into a job as a content producer for a technology company and this appealed to her self-proclaimed nerdism. She fell in love with hacking and got into pentesting thanks to a friend. Marina recommends those interested in physical pentesting "try to find other social engineers to mingle. It's in the name. We are social creatures." We thank Marina for sharing her story with us.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Marina Ciavatta: Going after the human error. [Social engineer] [Career Notes]

Mark Manglicmot, SVP of Security Services from Arctic Wolf, is sharing their research on "Cleopatra’s Shadow: A Mass Exploitation Campaign Deploying a Java Backdoor Through Zero-Day Exploitation of Cleo MFT Software." Arctic Wolf Labs discovered an ongoing exploitation campaign targeting Cleo Managed File Transfer (MFT) products, beginning on December 7, 2024. Threat actors used a malicious PowerShell stager to deploy a Java-based backdoor, dubbed Cleopatra, which features in-memory file storage and cross-platform compatibility across Windows and Linux. 
Despite Cleo's previous patch for CVE-2024-50623, attackers appear to have leveraged an alternative access method, exploiting the software's autorun feature to execute payloads and establish persistent access.

The research can be found here:
Cleopatra’s Shadow: A Mass Exploitation Campaign Deploying a Java Backdoor Through Zero-Day Exploitation of Cleo MFT Software

Learn more about your ad choices. Visit megaphone.fm/adchoices

Cleo’s trojan horse. [Research Saturday]

Lyt når som helst, hvor som helst

Other podcasts you might like ...