app_store_button

google_play_button

DK - Details page - Device banner - 894x1036

Nyd den ubegrænsede adgang til tusindvis af spændende e- og lydbøger - helt gratis

Lyt når som helst, hvor som helst 

N2K Networks

The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.

CyberWire Daily

While our team is observing the Martin Luther King, Jr. holiday in the United States, please enjoy this CyberWire-X episode featuring the team from Horizon3.ai. 

In this CyberWire-X episode, Dave Bittner speaks with Horizon3.ai co-founder and CEO Snehal Antani about how continuous autonomous penetration testing is reshaping security resilience. Antani reflects on his journey from CIO to DoD operator, where he learned that the hardest part of security isn’t patching — it’s prioritizing what matters and proving defenses work before attackers do. He explains why vulnerability scans fall short, how “AI hackers” simulate adversary behavior at machine speed, and why organizations must shift from compliance thinking to attacker-centric validation. Antani shares real-world findings, warns of 77-second domain compromise, and predicts a future of AI fighting AI, with humans by exception.

Resources: 

 Whitepaper: NodeZero® for Pentesters and Red Teams

 Whitepaper: Traditional vs. Autonomous: Why NodeZero® is the Future of Cyber Risk Assessments

Learn more about your ad choices. Visit megaphone.fm/adchoices

Pentesting at the speed of thought. [CyberWire-X]

Please enjoy this encore of Career Notes. 

Deepen Desai, Global Chief Information Security Officer at Zscaler, shares his story as a doctor that treats computer viruses. He describes how he got into the security field and his work with Zscaler. He says what it's like learning and growing in this field and shares great advice for people who are up and coming in the field. Deepen describes working with an incredible team and how much joy it brings him to see his team learning and growing beyond their roles working with him. He says he want's to be remembered as a mentor among his colleagues. He says "I still remember my first team that I built, 15 years ago. Most of those guys are leading key technologies at many of the major security vendors, and some of them are still with me." We thank Deepen for sharing his story.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Deepen Desai: A doctor in computer viruses. [CISO] [Career Notes]

Today we are joined by Ben Folland, Security Operations Analyst from Huntress, discussing their work on "ClickFix Gets Creative: Malware Buried in Images." This analysis covers a ClickFix campaign that uses fake human verification checks and a realistic Windows Update screen to trick users into manually running malicious commands. 

The multi-stage attack chain leverages mshta.exe, PowerShell, and .NET loaders, ultimately delivering infostealers like LummaC2 and Rhadamanthys, with payloads hidden inside PNG images using steganography. While technically sophisticated, the campaign hinges on simple user interaction, underscoring the importance of user awareness and controls around command execution.

The research can be found here:

 ClickFix Gets Creative: Malware Buried in Images

Learn more about your ad choices. Visit megaphone.fm/adchoices

Picture perfect deception. [Research Saturday]

Who turned out the lights in Venezuela? The European Space Agency confirms a series of cyberattacks. Dutch police nab the alleged operator of a notorious malware testing service. The U.S. and allies issue new guidance on OT security. Researchers warn of automated exploitation of a critical Hewlett-Packard Enterprise OneView flaw. TamperedChef cooks up trojanized PDF documents to deliver backdoor malware. A bluetooth vulnerability puts devices at risk. Cisco patches a maximum-severity zero-day exploited since November. Jen Easterly heads up RSAC. Our guest is Zak Kassas from Ohio State University, discussing GPS alternatives. Vintage phones face modern problems.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today Maria Varmazis from T-Minus pace sits down with Zak Kassas from the Ohio State University to discuss the study “Navigating the Arctic Circle with Starlink and OneWeb LEO Satellites”.This conversation is a preview of tomorrow’s Deep Space episode from T-Minus Space Daily. 

Selected Reading

Cyberattack in Venezuela Demonstrated Precision of U.S. Capabilities (The New York Times)

Sensitive European Space Agency Data Leaked to the Dark Web by String of Cyberattacks (IBTimes UK)

Operation Endgame: Dutch Police Arrest Alleged AVCheck Operator (Hackread)

CISA, Allies Sound Alarm on OT Network Exposure (GovInfo Security)

RondoDox botnet exploits critical HPE OneView bug (The Register)

TamperedChef Malvertising Campaign Drops Malware via Fake PDF Manuals (Infosecurity Magazine)

WhisperPair Attack Leaves Millions of Bluetooth Accessories Open to Hijacking (SecurityWeek)

Cisco finally fixes AsyncOS zero-day exploited since November (Bleeping Computer)

Former CISA Director Jen Easterly Appointed CEO of RSAC (SecurityWeek)

iPhone 4 makes comeback — but experts warn of security risks (New York Post)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Who turned out the lights?

Verizon hit by a major wireless outage. Poland blocks an attack on its power grid. A massive database of French citizens exposed. Microsoft shuts down a cybercrime-as-a-service operation. The UK backs away from digital ID plans. California probes Grok deepfakes. The FTC settles with GM over location data. Palo Alto Networks patches a serious firewall flaw. Plus, John Serafini of HawkEye on modern signals intelligence, and federal agents seize devices from a Washington Post reporter.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today Maria Varmazis sits down with John Serafini, Founder and CEO of Hawkeye 360, on T-Minus to discuss commercial signals intelligence, advanced RF signal processing, and Hawkeye 360’s recent acquisition of Innovative Signal Analysis alongside its Series E funding. To hear the full conversation, check out the episode on T-Minus.

Selected Reading

Verizon Says Service Restored After Thousands Affected by Outage (Bloomberg)

Poland says it repelled major cyberattack on power grid, blames Russia (The Record)

Massive breach leaks 45 million French records: demographic, healthcare, and financial data all leaked, here's what we know (TechRadar)

Criminal Subscription Service Behind AI-Powered Cyber-Attacks Taken Out By Microsoft (Infosecurity Magazine)

Government drops plans for mandatory digital ID to work in UK (BBC News)

Attorney General Bonta Launches Investigation into xAI, Grok Over Undressed, Sexual AI Images of Women and Children | State of California (Department of Justice)

FTC bans GM from selling drivers' location data for five years (Bleeping Computer)

Palo Alto Networks warns of DoS bug letting hackers disable firewalls (Bleeping Computer)

FBI executes search warrant at Washington Post reporter’s home (Washington Post)

US cargo tech company publicly exposed its shipping systems and customer data to the web (TechCrunch)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. 

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

A long day without bars.

Patch Tuesday fallout, China sidelines Western security vendors, and a critical flaw puts industrial switches at risk of remote takeover. A ransomware attack disrupts a Belgian hospital, crypto scams hit investment clients, and Eurail discloses a data breach. Analysts press Congress to go on offense in cyberspace, and Sean Plankey gets another shot at leading CISA. In our Threat Vector segment, David Moulton sits down with Ian Swanson, AI Security Leader at Palo Alto Networks about supply chain security. And, an AI risk assessment cites a football match that never happened.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

Threat Vector Segment

AI security is no longer optional, it’s urgent. In this segment of Threat Vector, David Moulton sits down with Ian Swanson, former CEO of Protect AI and now the AI Security Leader at Palo Alto Networks. Ian shares how securing the AI supply chain has become the next frontier in cybersecurity and why every enterprise building or integrating AI needs to treat it like any other software pipeline—rife with dependencies, blind spots, and adversaries ready to exploit them. You can catch the full conversation here and listen to new episodes of Threat Vector every Thursday on your favorite podcast app. 

Selected Reading

Patch Tuesday, January 2026 Edition (Krebs on Security)

Adobe Patches Critical Apache Tika Bug in ColdFusion (SecurityWeek)

Chrome 144, Firefox 147 Patch High-Severity Vulnerabilities (SecurityWeek)

Fortinet Patches Critical Vulnerabilities in FortiFone, FortiSIEM (SecurityWeek)

Exclusive: Beijing tells Chinese firms to stop using US and Israeli cybersecurity software, sources say (Reuters)

Critical OpenSSH flaw exposes Moxa industrial switches to remote takeover (Beyond Machines)

Cyberattack forces Belgian hospital to transfer critical care patients (The Record)

Betterment confirms data breach after wave of crypto scam emails (Bleeping Computer)

Passports, bank details compromised in Eurail data breach (The Register)

Lawmakers Urged to Let US Take on 'Offensive' Cyber Role (Bank InfoSecurity)

Sean Plankey re-nominated to lead CISA (CyberScoop)

Police chief admits misleading MPs after AI used in justification for banning Maccabi Tel Aviv fans (BBC News)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

CVEs don’t sleep.

Stolen Target source code looks real. CISA pulls the plug on Gogs. SAP rushes patches for critical flaws. A suspected Russian spy emerges in Sweden, while Cloudflare threatens to walk away from Italy. Researchers flag a Wi-Fi chipset bug, a long-running Magecart skimming campaign, and a surge in browser-in-the-browser phishing against Facebook users. Mandiant releases a new Salesforce defense tool, and NIST asks how to secure agentic AI before it secures itself. Our guests are Christine Blake and Madison Farabaugh from Inside the Media Minds. Plus, a Dutch court says seven years is still the going rate for a USB-powered cocaine plot.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Christine Blake and Madison Farabaugh from W2 Communications and hosts of Inside the Media Minds podcast on their show joining the N2K CyberWire network. You can listen to the latest episode of Inside the Media Minds today and catch new installments every month on your favorite podcast app.

Selected Reading

Target employees confirm leaked code after ‘accelerated’ Git lockdown (Bleeping Computer)

Fed agencies urged to ditch Gogs as zero-day makes CISA list (The Register)

SAP's January 2026 Security Updates Patch Critical Vulnerabilities (SecurityWeek)

Sweden detains ex-military IT consultant suspected of spying for Russia (The Record)

Cloudflare CEO threatens to pull out of Italy (The Register)

One Simple Trick to Knock Out the Wi-Fi Network (GovInfo Security)

Google's Mandiant releases free Salesforce access control checker (iTnews)

Global Magecart Campaign Targets Six Card Networks (Infosecurity Magazine)

Facebook login thieves now using browser-in-browser trick (Bleeping Computer)

NIST Calls for Public to Help Better Secure AI Agents (GovInfo Security)

Appeal fails for hacker who opened port to coke smugglers (The Register)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Source code in the wild aisle.

The FBI warns of Kimsuky quishing. Singapore warns of a critical vulnerability in Advantech IoT management platforms. Russia’s Fancy Bear targets energy research, defense collaboration, and government communications. Malaysia and Indonesia suspend access to X. Researchers warn a large-scale fraud operation is using AI-generated personas to trap mobile users in a social engineering scam. BreachForums gets breached. The NSA names a new Deputy Director. Monday Biz Brief. Our guest is Sasha Ingber, host of the International Spy Museum's SpyCast podcast. The commuter who hacked his scooter. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Sasha Ingber, host of the International Spy Museum's SpyCast podcast, on the return of SpyCast to the N2K CyberWire network.

Selected Reading

North Korea–linked APT Kimsuky behind quishing attacks, FBI warns (Security Affairs) 

Advantech patches maximum-severity SQL injection flaw in IoT products (Beyond Machines)

Russia's APT28 Targeting Energy Research, Defense Collaboration Entities (SecurityWeek)

Malaysia and Indonesia block X over deepfake smut (The Register)

New OPCOPRO Scam Uses AI and Fake WhatsApp Groups to Defraud Victim (Hackread)

BreachForums hacking forum database leaked, exposing 324,000 accounts (Bleeping Computer)

Former NSA insider Kosiba brought back as spy agency’s No. 2 (The Record)

Vega raises $120 million in a Series B round led by Accel.

Reverse engineering my cloud-connected e-scooter and finding the master key to unlock all scooters (Rasmus Moorats)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

A picture worth a thousand breaches.

Please enjoy this encore of Career Notes. 

Laura Hoffner, Executive Vice President at Concentric, shares her story about her time working as a Naval Intelligence Officer and supporting special operations around the globe for 12 years, to now, where she transitioned to the Naval Reserves and joined the Concentric team. Laura has known since she was in the seventh grade that she wanted to work with SEALs and work in intelligence, so she set her goals high and achieved them shortly after graduating college. She credits being a Naval Intelligence Officer to helping her get to where she is today and says how much she is enjoying working with Concentric, saying she's "ultimately just incredibly benefiting from unbelievable mentors at the company itself." We thank Laura for sharing her story.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Laura Hoffner: Setting your sights high. [Intelligence] [Career Notes]

This week, we are joined by Martin Zugec, Technical Solutions Director from Bitdefender, sharing their work and findings on "EggStreme Malware: Unpacking a New APT Framework Targeting a Philippine Military Company." Built for long-term espionage, the campaign uses DLL sideloading, in-memory execution, and abused Windows services to stay stealthy and persistent.

We walk through how the multi-stage framework delivers a powerful backdoor with reconnaissance, lateral movement, data theft, and keylogging capabilities—and what this operation reveals about the evolving tactics defenders need to watch for.

The research can be found here:

 EggStreme Malware: Unpacking a New APT Framework Targeting a Philippine Military Company

Learn more about your ad choices. Visit megaphone.fm/adchoices

Walking on EggStremes. [Research Saturday]

While our team is out on winter break, please enjoy this episode of Research Saturday.

Today we are joined by ⁠⁠Selena Larson⁠⁠, co-host of ⁠⁠Only Malware in the Building⁠⁠ and Staff Threat Researcher and Lead Intelligence Analysis and Strategy at ⁠⁠Proofpoint⁠⁠, sharing their work on "Microsoft OAuth App Impersonation Campaign Leads to MFA Phishing." Proofpoint researchers have identified campaigns where threat actors use fake Microsoft OAuth apps to impersonate services like Adobe, DocuSign, and SharePoint, stealing credentials and bypassing MFA via attacker-in-the-middle phishing kits, mainly Tycoon. 

These attacks redirect users to fake Microsoft login pages to capture credentials, 2FA tokens, and session cookies, targeting nearly 3,000 Microsoft 365 accounts across 900 environments in 2025. Microsoft’s upcoming security changes and strengthened email, cloud, and web defenses, along with user education, are recommended to reduce these risks.

The research can be found here:

 
⁠⁠⁠⁠Microsoft OAuth App Impersonation Campaign Leads to MFA Phishing

Learn more about your ad choices. Visit megaphone.fm/adchoices

Don’t trust that app!

Lyt når som helst, hvor som helst

Other podcasts you might like ...