App Store

Google Play

DK - Details page - Device banner - 894x1036

Nyd den ubegrænsede adgang til tusindvis af spændende e- og lydbøger - helt gratis

Lyt når som helst, hvor som helst 

N2K Networks

The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.

CyberWire Daily

Microsoft warns of a high-severity vulnerability in Exchange Server hybrid deployments. A Dutch airline and a French telecom report data breaches. Researchers reveal new HTTP request smuggling variants. An Israeli spyware maker may have rebranded to evade U.S. sanctions. CyberArk patches critical vulnerabilities in its secrets management platform. The Akira gang use a legit Intel CPU tuning driver to disable Microsoft Defender. ChatGPT Connectors are shown vulnerable to indirect prompt injection. Researchers expose new details about the VexTrio cybercrime network. SonicWall says a recent SSLVPN-related cyber activity is not due to a zero-day. Ryan Whelan from Accenture is our man on the street at Black Hat. Do androids dream of concierge duty?

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

We continue our coverage from the floor at Black Hat USA 2025 with another edition of Man on the Street. This time, we’re catching up with Ryan Whelan, Managing Director and Global Head of Cyber Intelligence at Accenture, to hear what’s buzzing at the conference.

Selected Reading

Microsoft warns of high-severity flaw in hybrid Exchange deployments (Bleeping Computer)

KLM suffers cyber breach affecting six million passengers (IO+)

Cyberattack hits France’s third-largest mobile operator, millions of customers affected (The Record)

New HTTP Request Smuggling Attacks Impacted CDNs, Major Orgs, Millions of Websites (SecurityWeek)

Candiru Spyware Infrastructure Uncovered (BankInfoSecurity)

Enterprise Secrets Exposed by CyberArk Conjur Vulnerabilities (SecurityWeek)

Akira ransomware abuses CPU tuning tool to disable Microsoft Defender (Bleeping Computer)

A Single Poisoned Document Could Leak ‘Secret’ Data Via ChatGPT (WIRED)

Researchers Expose Infrastructure Behind Cybercrime Network VexTrio (Infosecurity Magazine)

Gen 7 and newer SonicWall Firewalls – SSLVPN Recent Threat Activity (SonicWall)

Want a Different Kind of Work Trip? Try a Robot Hotel (WIRED)

Audience Survey

Complete our annual audience survey before August 31.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Exchange hybrid flaw raises cloud alarm.

Two Chinese nationals are arrested for allegedly exporting sensitive Nvidia AI chips. A critical security flaw has been discovered in Microsoft’s new NLWeb protocol. Vulnerabilities in Dell laptop firmware could let attackers bypass Windows logins and install malware. Trend Micro warns of an actively exploited remote code execution flaw in its endpoint security platform. Google confirms a data breach involving one of its Salesforce databases. A lack of MFA leaves a Canadian city on the hook for ransomware recovery costs. Nvidia’s CSO denies the need for backdoors or kill switches in the company’s GPUs. CISA flags multiple critical vulnerabilities in Tigo Energy’s Cloud Connect Advanced (CCA) platform. DHS grants funding cuts off the MS-ISAC. Helicopter parenting officially hits the footwear aisle.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Sarah Powazek from UC Berkeley's Center for Long-Term Cybersecurity (CLTC) discussing her proposed nationwide roadmap to scale cyber defense for community organizations.

Black Hat Women on the street

Live from Black Hat USA 2025, it’s a special “Women on the Street” segment with Halcyon’s Cynthia Kaiser, SVP Ransomware Research Center, and CISO Stacey Cameron. Hear what’s happening on the ground and what’s top of mind in cybersecurity this year.

Selected Reading

Two Arrested in the US for Illegally Exporting Microchips Used in AI Applications to China (TechNadu)

Microsoft’s plan to fix the web with AI has already hit an embarrassing security flaw (The Verge)

ReVault flaws let hackers bypass Windows login on Dell laptops (Bleeping Computer)

Trend Micro warns of Apex One zero-day exploited in attacks (Bleeping Computer)

Google says hackers stole its customers' data in a breach of its Salesforce database (TechCrunch)

Hamilton taxpayers on the hook for full $18.3M cyberattack repair bill after insurance claim denied (CP24)

Nvidia rejects US demand for backdoors in AI chips (The Verge)

Critical vulnerabilities reported in Tigo Energy Cloud connect advanced solar management platform (Beyond Machines)

New state, local cyber grant rules prohibit spending on MS-ISAC (StateScoop)

Skechers skewered for adding secret Apple AirTag compartment to kids’ sneakers — have we reached peak obsessive parenting? (NY Post)

Audience Survey

Complete our annual audience survey before August 31.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Chasing Silicon shadows.

Cisco reveals a phishing related data breach. SonicWall warns users to disable SSLVPN services after reports of ransomware gangs exploiting a likely zero-day. Researchers uncover a stealthy Linux backdoor and new vulnerabilities in Nvidia’s Triton Inference Server. A new malware campaign targets Microsoft 365 users with fake OneDrive emails. The U.S. Treasury warns of rising criminal activity involving cryptocurrency ATMs. Cloudflare accuses an AI startup of using stealthy methods to bypass restrictions on web scraping. A global infostealer campaign compromises over 4,000 victims across 62 countries. Marty Momdjian, General Manager of Ready1 by Semperis, tells us about Operation Blindspot, a tabletop exercise taking place this week at Black Hat. On this week’s Threat Vector segment, host David Moulton speaks with ⁠Nigel Hedges⁠ from ⁠Sigma Healthcare⁠ about how CISOs can shift cybersecurity from a technical problem to a business priority. One hospital’s data ends up in the snack aisle.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

We are joined by Marty Momdjian, General Manager of Ready1 by Semperis, who is talking about Operation Blindspot, a tabletop exercise simulating a cyberattack against a rural water utility based in Nevada taking place this week at Black Hat USA 2025.

Threat Vector Segment

On this week’s Threat Vector segment, host David Moulton speaks with ⁠Nigel Hedges⁠, Executive General Manager of Cyber & Risk at ⁠Chemist Warehouse⁠ and ⁠Sigma Healthcare⁠. Nigel shares how CISOs can shift cybersecurity from a technical problem to a business priority. You can listen to the full discussion on Threat Vector here and catch new episodes every Thursday on your favorite podcast app.

Selected Reading

Cisco discloses data breach impacting Cisco.com user accounts (Bleeping Computer)

SonicWall urges admins to disable SSLVPN amid rising attacks (Bleeping Computer)

Antivirus vendors fail to spot persistent, nasty, stealthy Linux backdoor (The Register)

Nvidia Triton Vulnerabilities Pose Big Risk to AI Models (SecurityWeek)

Discord CDN Link Abused to Deliver RAT Disguised as OneDrive File (Hackread)

Crypto ATMs fueling criminal activity, Treasury warns (The Record)

AI company Perplexity is sneaking to get around blocks on crawlers, Cloudflare alleges (CyberScoop)

Python-powered malware grabs 200K passwords, credit cards (The Register)

Thai hospital fined 1.2 million baht for data breach via snack bags (DataBreaches.Net) 

Audience Survey

Complete our annual audience survey before August 31.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Hello, hacker speaking.

The Senate confirms a new national cyber director. A new commission explores the establishment of a separate Cyber Force. Cybercriminals exploit link wrapping to launch sophisticated phishing attacks. AI agents are hijacked, cameras cracked, and devs phished. Gene sequencers and period trackers settle allegations of oversharing personal data and inadequate security. Today we are joined by Tim Starks from CyberScoop discussing how China accuses the US of exploiting Microsoft zero-day in a cyberattack. OpenAI scrambles after a chat leak fiasco.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. You can read Tim’s article on the topic here. 

CyberWire Guest

Today we are joined by Tim Starks from CyberScoop discussing how China accuses the US of exploiting Microsoft zero-day in a cyberattack.

Selected Reading

Sean Cairncross confirmed as national cyber director (The Record)

Panel to create roadmap for establishing US Cyber Force (The Record)

Microsoft 365: Attackers Weaponize Proofpoint and Intermedia Link Wrapping to Steal Logins (WinBuzzer)

When Public Prompts Turn Into Local Shells: ‘CurXecute’ – RCE in Cursor via MCP Auto‑Start (Aim Security)

LegalPwn Attack Tricks GenAI Tools Into Misclassifying Malware as Safe Code (Hackread)

Bitdefender Warns Users to Update Dahua Cameras Over Critical Flaws (Hackread)

Mozilla warns of phishing attacks targeting add-on developers (Bleeping Computer)

Gene Sequencing Giant Illumina Settles for $9.8M Over Product Vulnerabilities (SecurityWeek)

Flo settles class action lawsuit alleging improper data sharing (The Record)

ChatGPT users shocked to learn their chats were in Google search results (Ars Technica) 

Audience Survey

Complete our annual audience survey before August 31.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

New sheriff in cyber town.

Please enjoy this encore of Career Notes. 

Manager in BARR Advisory's Cyber Risk Advisory Practice, Hannah Kenney, shares her journey from never considering technology as a career to having it click in an informations systems class in college. After noticing she was the only one in the room who enjoyed the lecture, Hannah knew she wanted to go down the technology route. In talking about her work, Hannah describes it as creative problem solving. She hopes "people see me as someone who viewed cybersecurity and risk as something that is focused on people first and foremost." We thank Hannah for sharing her story with us.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Hannah Kenney: Focused on people. [Risk] [Career Notes]

This week, we are joined by Eric Woodruff, Chief Identity Architect at Semperis, discussing "nOAuth Abuse Alert: Full Account Takeover of Entra Cross-Tenant SaaS Applications". Semperis researchers identified a critical authentication flaw known as nOAuth in 9 out of 104 tested SaaS applications integrated with Microsoft Entra ID. 

This low-complexity but severe vulnerability allows attackers with just a user’s email address and access to an Entra tenant to impersonate users, exfiltrate data, and move laterally within affected apps—with no viable defense or detection available to customers. The findings spotlight ongoing risks tied to improper use of email claims in authentication and emphasize the urgent need for SaaS vendors to adopt secure OpenID Connect practices and remediate vulnerable applications.

Complete our annual ⁠audience survey⁠ before August 31.

The research can be found here:

 nOAuth Abuse Alert: Full Account Takeover of Entra Cross-Tenant SaaS Applications

Learn more about your ad choices. Visit megaphone.fm/adchoices

nOAuth-ing to see here. [Research Saturday]

A critical vulnerability in SUSE [SOO-suh] Manager allows attackers to run commands with root privilege. A joint CISA and U.S. Coast Guard threat hunt at a critical infrastructure site reveals serious cybersecurity issues. Healthcare providers across the U.S. report recent data breaches. Cybercriminals infiltrate a bank by physically planting a Raspberry Pi on a network switch. Russian state-backed hackers target Moscow diplomats to deploy ApolloShadow malware. Luxembourg investigates a major telecom outage tied to Huawei equipment. China’s cyberspace regulator summons Nvidia over alleged security risks linked to its H20 AI chips. A new report examines early indicators of system compromise. Today we are joined by Ryan Whelan, Managing Director and Global Head of Accenture Cyber Intelligence, with their analysis of Scattered Spider. Pwn2Own puts a million dollar bounty on WhatsApp zero-clicks.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire GuestOur guest today is Ryan Whelan, Managing Director and Global Head of Accenture Cyber Intelligence, discussing the possibilities of Scattered Spider.

Selected Reading

Critical flaw in SUSE Manager exposes enterprise deployments to compromise (Beyond Machines)

CISA identifies OT configuration flaws during cyber threat hunt at critical infrastructure organization, lists cyber hygiene (Industrial Cyber)

CISA Issues ICS Advisories for Rockwell Automation Using VMware, and Güralp Seismic Monitoring Systems (Cyber Security News)

Florida Internal Medicine Practices Discloses November 2024 Data Breach (HIPAA Journal)

Cybercrooks use Raspberry Pi to steal ATM cash (The Register)

Russian Cyberspies Target Foreign Embassies in Moscow via AitM Attacks: Microsoft (SecurityWeek)

Luxembourg probes reported attack on Huawei tech that caused nationwide telecoms outage (The Record)

Nvidia summoned by China's cyberspace watchdog over risks in H20 chips (CGTN)

Hackers Regularly Exploit Vulnerabilities Before Public Disclosure (Infosecurity Magazine)

Pwn2Own hacking contest pays $1 million for WhatsApp exploit (Bleeping Computer)

Audience Survey

Complete our annual audience survey before August 31.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

SUSE flaw found hiding in plain port.

A sweeping malware campaign by North Korea’s Lazarus Group targets open source ecosystems. President Trump announces a new electronic health records system. A new report reveals deep ties between Chinese state-sponsored hackers and Chinese tech companies. Researchers describe a new prompt injection threat targeting LLMs via browser extensions. Palo Alto Networks’ Unit 42 proposes a new Attribution Framework. Honeywell patches six vulnerabilities in its Experion Process Knowledge System. Researchers track the rapid evolution of a sophisticated Android banking trojan. Scattered Spider goes quiet following recent arrests. Our guests are Jermaine Roebuck and Ann Galchutt from CISA, discussing "Open-Source Eviction Strategies Tool for Cyber Incident Response." A Polish trainmaker sues hackers for fixing trains.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Jermaine Roebuck, Associate Director for Threat Hunting at CISA and Ann Galchutt, Technical Lead at CISA, who will be discussing "Open-Source Eviction Strategies Tool for Cyber Incident Response."

Selected Reading

Sonatype uncovers global espionage campaign in open source ecosystems (Sonatype)

Trump administration is launching a new private health tracking system with Big Tech's help (AP News)

Report Links Chinese Companies to Tools Used by State-Sponsored Hackers (SecurityWeek)

Top 5 GenAI Tools Vulnerable to Man-in-the-Prompt Attack, Billions Could Be Affected (LayerX)

Introducing Unit 42’s Attribution Framework (Unit42)

Honeywell Experion PKS Flaws Allow Manipulation of Industrial Processes (SecurityWeek)

Behind Random Words: DoubleTrouble Mobile Banking Trojan Revealed

Cybercriminals ‘Spooked’ After Scattered Spider Arrests (Infosecurity Magazine)

Polish Train Maker Is Suing the Hackers Who Exposed Its Anti-Repair Tricks (iFixit)

Audience Survey

Complete our annual audience survey before August 31.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Open source, open target.

Officials in St. Paul, Minnesota declare a state of emergency following a cyberattack. Hackers disrupt a major French telecom. A power outage causes widespread service disruptions for cloud provider Linode. Researchers reveal a critical authentication bypass flaw in an AI-driven app development platform. A new study shows AI training data is chock full of PII. Fallout continues for the Tea dating safety app. Hackers are actively exploiting a critical SAP NetWeaver vulnerability to deploy malware. CISA and the FBI update their Scattered Spider advisory. A Florida prison exposes personal information of visitors to all of its inmates. Our guest today is Keith Mularski, Chief Global Ambassador at Qintel, retired FBI Special Agent, and co-host of Only Malware in the Building. CISA and Senator Wyden come to terms —mostly— over the long-buried US Telecommunications Insecurity Report. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Our guest today is Keith Mularski, Chief Global Ambassador at Qintel, retired FBI Special Agent, and co-host of Only Malware in the Building discussing what it's like to be the new host on the N2K CyberWire network and giving a glimpse into some upcoming episodes. You can catch Keith and his co-hosts Selena Larson, Staff Threat Researcher and Lead, Intelligence Analysis and Strategy at Proofpoint, and our own Dave Bittner the first Tuesday of each month on your favorite podcast app with new episodes of Only Malware. 

Selected Reading

Major cyberattack hits St. Paul, shuts down many services (Star Tribune)

French telecom giant Orange discloses cyberattack (Bleeping Computer)

Power Outage at Newark Data Center Disrupts Linode, Took LWN Offline (FOSS Force)

Critical authentication bypass flaw reported in AI coding platform Base44 (Beyond Machines)

A major AI training data set contains millions of examples of personal data (MIT Technology Review)

Dating safety app Tea suspends messaging after hack (BBC)

Hackers exploit SAP NetWeaver bug to deploy Linux Auto-Color malware (Bleeping Computer)

CISA and FBI Release Tactics, Techniques, and Procedures of the Scattered Spider Hacker Group (gb hackers)

Florida prison data breach exposes visitors' contact information to inmates (Florida Phoenix)

CISA to release long-buried US telco security report (The Register)

Audience Survey

Complete our annual audience survey before August 31.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

State of emergency in St Paul.

Things get worse in the Tea dating app breach. CISA adds three vulnerabilities to its Known Exploited Vulnerabilities catalog. Researchers uncover a critical flaw in Google’s AI coding assistant. A Missouri Health System agrees to a $9.25 million settlement over claims it used web tracking tools. “Sploitlight” could let attackers bypass Apple’s TCC framework to steal sensitive data. Malware squeaks its way into a mouse configuration tool. Threat actors hide the Oyster backdoor in popular IT tools. The FBI nabs over $2.4 million in Bitcoin from the Chaos ransomware gang. Our guest is Jaeson Schultz, Technical Leader for Cisco Talos Security Intelligence & Research Group, to talk about their work on the security of PDF files. The unintended privacy paradox of data brokers.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Jaeson Schultz, Technical Leader for Cisco Talos Security Intelligence & Research Group, to talk about their work on "PDFs: Portable documents, or perfect deliveries for phish?"

Selected Reading

A Second Tea Breach Reveals Users’ DMs About Abortions and Cheating (404 Media)

CISA warns of active exploitation of critical PaperCut flaw, mandates immediate patching (Beyond Machines)

CISA Warns of Exploited Critical Vulnerabilities in Cisco Identity Services Engine (Infosecurity Magazine)

Researchers flag flaw in Google’s AI coding assistant that allowed for ‘silent’ code exfiltration (CyberScoop)

Health System Settles Web Tracker Lawsuit for Up to $9.25M (GovInfo Security)

Microsoft: macOS Sploitlight flaw leaks Apple Intelligence data (Bleeping Computer)

Endgame Gear mouse config tool infected users with malware (Bleeping Computer)

Oyster Backdoor Disguised as PuTTY and KeyPass Targets IT Admins via SEO Poisoning (GB Hackers)

FBI Seizes $2.4m in Crypto from Chaos Ransomware Gang (Infosecurity Magazine)

Hundreds of registered data brokers ignore user requests around personal data (CyberScoop)

Audience Survey

Complete our annual audience survey before August 31.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Tea time is over.

Today we are joined by ⁠Selena Larson⁠, Threat Researcher at ⁠Proofpoint⁠, and co-host of ⁠Only Malware in the Building⁠, as she discusses their work on "Amatera Stealer - Rebranded ACR Stealer With Improved Evasion, Sophistication." Proofpoint researchers have identified Amatera Stealer, a rebranded and actively developed malware-as-a-service (MaaS) variant of the former ACR Stealer, featuring advanced evasion techniques like NTSockets for stealthy C2 communication and WoW64 Syscalls to bypass user-mode defenses. 

Distributed via ClearFake web injects and the ClickFix technique, Amatera leverages multilayered PowerShell loaders, blockchain-based hosting, and creative social engineering to compromise victims. With enhanced capabilities to steal browser data, crypto wallets, and other sensitive files, Amatera poses a growing threat in the wake of disruptions to competing stealers like Lumma.

Complete our annual ⁠audience survey⁠ before August 31.

The research can be found here:

 ⁠Amatera Stealer: Rebranded ACR Stealer With Improved Evasion, Sophistication

Learn more about your ad choices. Visit megaphone.fm/adchoices

Click here to steal. [Research Saturday]

Lyt når som helst, hvor som helst

Other podcasts you might like ...