App Store

Google Play

DK - Details page - Device banner - 894x1036

Nyd den ubegrænsede adgang til tusindvis af spændende e- og lydbøger - helt gratis

Lyt når som helst, hvor som helst 

N2K Networks

The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.

CyberWire Daily

Microsoft releases emergency out-of-band (OOB) Windows updates. Trump targets NSA’s leading AI and cyber expert in clearance revocations. A breach may have compromised the privacy of Ohio medical marijuana patients. Cybercriminals exploit an AI website builder to rapidly create phishing sites. Warlock ransomware operators target Microsoft’s SharePoint ToolShell vulnerability. Google and Mozilla patch Chrome and Firefox. European officials report two cyber incidents targeting water infrastructure. A federal appeals court has upheld fines against T-Mobile and Sprint for illegally selling customer location data. Authorities dismantle DDoS powerhouse Rapper Bot. On our Industry Voices segment, we are joined by Matt Radolec, VP - Incident Response, Cloud Operations, and Sales Engineering at Varonis, speaking about ShinyHunters and the problems with securing Salesforce. Microsoft Copilot gets creative with compliance. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On our Industry Voices segment, we are joined by Matt Radolec, VP - Incident Response, Cloud Operations, and Sales Engineering at Varonis, who is speaking about ShinyHunters and the problems with securing Salesforce. You can hear more from Matt here.

Selected Reading

Microsoft releases emergency updates to fix Windows recovery (Bleeping Computer)

Trump Revokes Security Clearances of 37 Former and Current Officials (The New York Times)

Highly Sensitive Medical Cannabis Patient Data Exposed by Unsecured Database (WIRED)

AI Website Builder Lovable Abused for Phishing and Malware Scams (Hackread)

Warlock Ransomware Hitting Victims Globally Through SharePoint ToolShell Exploit (InfoSecurity Magazine)

High-Severity Vulnerabilities Patched in Chrome, Firefox (SecurityWeek)

Russia-linked European attacks renew concerns over water cybersecurity (CSO Online)

T-Mobile claimed selling location data without consent is legal, judges disagree (Ars Technica)

Officials gain control of Rapper Bot DDoS botnet, charge lead developer and administrator (CyberScoop)

Copilot Broke Your Audit Log, but Microsoft Won’t Tell You (Pistachio Blog)

Audience Survey

Complete our annual audience survey before August 31.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Undoing the undo bug.

A researcher uncovers vulnerabilities across Intel’s internal websites that exposed sensitive employee and supplier data. The Kimsuky group (APT43) targets South Korean diplomatic missions. A new DDoS vulnerability bypasses the 2023 “Rapid Reset” fix. Drug development firm Inotiv reports a ransomware attack to the SEC. The UK drops their demand that Apple provide access to encrypted iCloud accounts. Hackers disguise the PipeMagic backdoor as a fake ChatGPT desktop app. The source code for a powerful Android banking trojan was leaked online. A Nebraska man is sentenced to prison for defrauding cloud providers to mine nearly $1 million in cryptocurrency. On this week’s Threat Vector, David Moulton speaks with Liz Pinder and Patrick Bayle for a no holds barred look at context switching in the SOC. A UK police force fails to call for backup.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

Threat Vector

Security analysts are drowning in tools, alerts, and tabs. On today's Threat Vector segment from Palo Alto Networks, we offer a snapshot from host⁠ David Moulton⁠'s conversation with⁠ Liz Pinder⁠ and⁠ Patrick Bayle⁠⁠. Together they take a no holds barred look at context switching in the SOC, what it costs, why it's getting worse, and how smarter design can fix it. You can listen to David, Patrick, and Liz's conversation⁠ here⁠. It’s a must-listen for anyone building or managing a modern SOC. New episodes of⁠ Threat Vector⁠ drop each Thursday on the N2K CyberWire network and in your favorite podcast app.

Selected Reading

Intel data breach: employee data could be accessed via API (Techzine Global)

North Korean Kimsuky Hackers Use GitHub to Target Foreign Embassies with XenoRAT Malware (GB Hackers)

Internet-wide Vulnerability Enables Giant DDoS Attacks (Dark Reading)

Drug development company Inotiv reports ransomware attack to SEC (The Record)

UK ‘agrees to drop’ demand over Apple iCloud encryption, US intelligence head claims (The Record)

Ransomware gang masking PipeMagic backdoor as ChatGPT desktop app: Microsoft (The Record)

ERMAC Android malware source code leak exposes banking trojan infrastructure (Bleeping Computer)

Nebraska man gets 1 year in prison for $3.5M cryptojacking scheme (Bleeping Computer)

South Yorkshire Police Deletes 96,000 Pieces of Digital Evidence (Infosecurity Magazine) 

Audience Survey

Complete our annual audience survey before August 31.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Inside Intel’s internal web maze.

HR software giant Workday discloses a data breach. Researchers uncover a zero-day in Elastic’s EDR software. Ghost-tapping is an emerging fraud technique where cybercriminals use NFC relay attacks to exploit stolen payment card data. Germany may be on a path to ban ad blockers. A security researcher documents multiple serious flaws in McDonald’s systems. There’s a new open-source framework for testing 5G security flaws. New York’s Attorney General sues the banks behind Zelle over fraud allegations. The DOJ charges the alleged Zeppelin ransomware operator and seizes over $2.8 million in cryptocurrency. Tim Starks from CyberScoop discusses the overlooked changes that two Trump executive orders could bring to cybersecurity. Bots build their own echo chambers.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.CyberWire Guest

Today we have Tim Starks from CyberScoop discussing the overlooked changes that two Trump executive orders could bring to cybersecurity.

Selected Reading

HR giant Workday discloses data breach after Salesforce attack (Bleeping Computer)

Researchers report zero-day vulnerability in Elastic Endpoint Detection and Respons Driver that enables system compromise (Beyond Machines)

Ghost-Tapping and the Chinese Cybercriminal Retail Fraud Ecosystem (Recorded Future)

Is Germany on the Brink of Banning Ad Blockers? User Freedom, Privacy, and Security Is At Risk. (Open Policy & Advocacy)

How I Hacked McDonald's (Their Security Contact Was Harder to Find Than Their Secret Sauce Recipe) (bobdahacker)

Boffins say tool can sniff 5G traffic, launch 'attacks' without using rogue base stations (The Register)

New York claims Zelle’s shoddy security enabled a billion dollars in scams (The Verge)

US Seizes $2.8 Million From Zeppelin Ransomware Operator (SecurityWeek)

Researchers Made a Social Media Platform Where Every User Was AI. The Bots Ended Up at War (Gizmodo)

Audience Survey

Complete our annual audience survey before August 31.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Workday’s bad day.

Bob Rudis, VP Data Science from GreyNoise, is sharing some insights into their work on "Early Warning Signals: When Attacker Behavior Precedes New Vulnerabilities." New research reveals a striking trend: in 80% of cases, spikes in malicious activity against enterprise edge technologies like VPNs and firewalls occurred weeks before related CVEs were disclosed. 

The report breaks down this “6-week critical window,” highlighting which vendors show the strongest early-warning patterns and offering tactical steps defenders can take when suspicious spikes emerge. These findings reveal how early attacker activity can be transformed into actionable intelligence, enabling defenders to anticipate and neutralize threats before vulnerabilities are publicly disclosed.

Complete our annual ⁠⁠⁠audience survey⁠⁠⁠ before August 31.

The research can be found here:

 Early Warning Signals: When Attacker Behavior Precedes New Vulnerabilities

Learn more about your ad choices. Visit megaphone.fm/adchoices

The CVE countdown clock. [Research Saturday]

Please enjoy this encore of Career Notes.

Head of Cyber Governance with Red Sift, Dr. Rois Ni Thuama shares the circuitous route of her career into cyber governance. She notes the route "looks really clean, but actually it was a bit more Jeremy Bearimy." While at Trinity College, Rois was moved to be part of history unfolding in South Africa and pause her studies. While there, she began making music videos and wildlife documentaries. Upon her return to London, Rois started working in corporate governance and risk at a music technology startup. This ignited her enthusiasm for startups. She now works in a company with several coworkers from that tech startup doing cyber governance. Rois advises law students of many ways into the industry including doing coding, learning risk management, and understanding privacy legislation, and then "just get into the game." We thank Rois for sharing her story. 
Learn more about your ad choices. Visit megaphone.fm/adchoices

Dr. Rois Ni Thuama: Get into the game. [Cyber governance] [Career Notes]

Plex urges users to immediately update their Media Server due to an undisclosed security flaw. Cisco warns of a critical remote code execution flaw in their Secure Firewall Management Center software.Rockwell Automation discloses multiple critical and high-severity flaws. Hackers breached a Canadian House of Commons database. Active law enforcement and government email accounts are sold online for as little as $40. Telecom giant Colt Technology Services suffers a cyber incident disrupting its customer portal. Taiwan launches new measures to boost hospital cybersecurity after ransomware attacks. NIST has released a concept paper proposing control overlays for securing AI systems. A date with an AI chatbot ends in tragedy. Our guest is Randall Degges, Snyk's Head of Developer and Security Relations, to discuss how underqualified or outsourced coding support can open doors for nation-state threats. Dutch speed cameras are stuck in a cyber-induced siesta.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Randall Degges, Snyk's Head of Developer and Security Relations, to discuss how underqualified or outsourced coding support can open doors for nation-state threats.

Selected Reading

Plex warns users to patch security vulnerability immediately (Bleeping Computer)

Cisco Discloses Critical RCE Flaw in Firewall Management Software (Infosecurity Magazine)

Critical Flaws Patched in Rockwell FactoryTalk, Micro800, ControlLogix Products (SecurityWeek)

CISA Releases Thirty-Two Industrial Control Systems Advisories (CISA.gov)

Hackers Breach Canadian Government Via Microsoft Exploit (Bank Infosecurity)

Compromised Government and Police Email Accounts on the Dark Web (Abnormal.AI)

Telco giant Colt suffers attack, takes systems offline (The Register)

Taiwan announces measures to protect hospitals from hackers (Focus Taiwan)

New NIST Concept Paper Outlines AI-Specific Cybersecurity Framework (Hack Read)

A flirty Meta AI bot invited a retiree to meet. He never made it home. (Reuters)

Dutch prosecution service attack keeps speed cameras offline (The Register)

Audience Survey

Complete our annual audience survey before August 31.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Media server mayday.

A ransomware attack exposes personal medical records of VA patients. New joint guidance from CISA and the NSA emphasizes asset inventory and OT taxonomy. The UK government reportedly spent millions to cover up a data breach. Researchers identified two critical flaws in a widely used print orchestration platform. Phishing attacks increasingly rely on personalization. Rooting and jailbreaking frameworks pose serious enterprise risks. Fortinet warns of a critical command injection flaw in FortiSIEM. Estonian nationals are sentenced in a crypto Ponzi scheme. Michele Campobasso from Forescout joins us to unpack new research separating the hype from reality around “vibe hacking.” Meet the Blockchain Bandits of Pyongyang.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Michele Campobasso from Forescout joins us to unpack new research separating the hype from reality around “vibe hacking.” Their team tested open-source, underground, and commercial AI models on vulnerability research and exploit development tasks—finding high failure rates and significant limitations, even among top commercial systems.

Selected Reading

Medical records for 1 million dialysis patients breached in data hack of VA vendor (Stars and Stripes)

NSA Joins CISA and Others to Share OT Asset Inventory Guidance (NSA.gov)

CISA warns of N-able N-central flaws exploited in zero-day attacks (Bleeping Computer)

U.K. Secretly Spent $3.2 Million to Stop Journalists From Reporting on Data Breach (The New York Times)

From Support Ticket to Zero Day (Horizon3.ai)

Personalization in Phishing: Advanced Tactics for Malware Delivery (Cofense)

The Root(ing) Of All Evil: Security Holes That Could Compromise Your Mobile Device (Zimperium)

Fortinet warns of FortiSIEM pre-auth RCE flaw with exploit in the wild (Bleeping Computer)

Estonians behind $577 million cryptomining fraud sentenced to 16 months (The Record)

Someone counter-hacked a North Korean IT worker: Here’s what they found (Cointelegraph)

Audience Survey

Complete our annual audience survey before August 31.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Dialysis down, data out.

Patch Tuesday. The Matrix Foundation patches high-severity vulnerabilities in its open-source communications protocol. The “Curly COMrades” Russian-aligned APT targets critical infrastructure. Microsoft tells users to ignore new CertificateServicesClient (CertEnroll) errors. Researchers uncover a malware campaign hiding the NjRat Remote Access Trojan in a fake Minecraft clone. Motorcycle manufacturer Royal Enfield suffers a ransomware attack. The DOJ details a major operation against the BlackSuit ransomware group. Our guest is Jack Jones, father of Factor Analysis of Information Risk (FAIR) and the FAIR Controls Analytics Model (FAIR-CAM), sharing insights on cyber risk quantification. Data Brokers’ digital hide-and-seek.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Jack Jones, father of Factor Analysis of Information Risk (FAIR) and the FAIR Controls Analytics Model (FAIR-CAM), as he is sharing insights on where he sees the cyber risk quantification market heading.

Selected Reading

Microsoft Patches Over 100 Vulnerabilities (SecurityWeek)

Adobe Patches Over 60 Vulnerabilities Across 13 Products (SecurityWeek)

Chipmaker Patch Tuesday: Many Vulnerabilities Addressed by Intel, AMD, Nvidia (SecurityWeek)

Fortinet, Ivanti Release August 2025 Security Patches (SecurityWeek)

ICS Patch Tuesday: Major Vendors Address Code Execution Vulnerabilities (SecurityWeek)

Alarm raised over 'high-severity' vulnerabilities in Matrix messaging protocol (The Record)

'Curly COMrades' APT Hackers Target Critical Organizations Across Multiple Countries (GB Hackers)

Microsoft asks users to ignore certificate enrollment errors (Bleeping Computer)

Fake Minecraft Installer Spreads NjRat Spyware to Steal Data (Hackread)

Motorcycle manufacturer Royal Enfield hit by ransomware attack published: yesterday (Beyond Machines)

US Authorities Seize $1m from BlackSuit Ransomware Group (Infosecurity Magazine)

We caught companies making it harder to delete your personal data online (The Markup)

Audience Survey

Complete our annual audience survey before August 31.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

When spies get spied on.

Hackers leak backend data from the North Korean state-sponsored hacking group Kimsuky. A ransomware attack on a Dutch clinical diagnostics lab exposes medical data of nearly half a million women. One of the world’s largest staffing firms suffers a data breach. Saint Paul, Minnesota, confirms the Interlock ransomware gang was behind a July cyberattack. Researchers jailbreak ChatGPT-5. A cyber incident takes the Pennsylvania Attorney General’s Office entirely offline. A new report quantifies global financial exposure from Operational Technology (OT) cyber incidents. Finnish prosecutors charge a Russian captain for allegedly damaging five critical subsea cables in the Baltic Sea. On our Industry Voices segment, we are joined by Sean Deuby, Semperis’ Principal Technologist, with insights on the global state of ransomware. Hackers take smart buses for a virtual joyride.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On our Industry Voices segment, we are joined by Sean Deuby, Semperis’ Principal Technologist, who is sharing insights and observations on the state of ransomware around the globe. If you want to hear the full conversation, check it out here.

Selected Reading

Kimsuky APT Hackers Exposed in Alleged Breach Revealing Phishing Tools and Operational Data (TechNadu)

Ransomware attack on dutch medical lab exposes cancer screening data of almost 500K women (Beyond Machines)

Manpower discloses data breach affecting nearly 145,000 people (Bleeping Computer)

Saint Paul cyberattack linked to Interlock ransomware gang (Bleeping Computer)

Tenable Jailbreaks GPT-5, Gets It To Generate Dangerous Info Despite OpenAI’s New Safety Tech (Tenable)

Pennsylvania Attorney General's Office hit by cybersecurity incident, shuts down digital infrastructure (Beyond Machines)

New Dragos Report Estimates Over $300 Billion in Potential Global OT Cyber Risk Exposure (Business Wire)

The 2025 OT Security Financial Risk Report (Dragos)

Finland charges captain of suspected Russian ‘shadow fleet’ tanker for subsea cable damage (The Record)

Free Wi-Fi Leaves Buses Vulnerable to Remote Hacking (SecurityWeek)

Audience Survey

Complete our annual audience survey before August 31.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Kimsuky gets kim-sunk.

CISA issues an Emergency Directive to urgently patch a critical vulnerability in Microsoft Exchange hybrid configurations. SoupDealer malware proves highly evasive. Google patches a Gemini calendar flaw. A North Korean espionage group pivots to financial crime. Russia’s RomCom exploits a WinRAR zero-day. Researchers turn Linux-based webcams into persistent threats. The Franklin Project enlists volunteer hackers to strengthen cybersecurity at U.S. water utilities. DoD announces the winner of DARPA’s two-year AI Cyber Challenge. The U.S. extradites Ghanaian nationals for their roles in a massive fraud ring. Our guest is Steve Deitz, President of MANTECH's Federal Civilian Sector, with a look at cell-based Security Operations Centers (SOC). AI advice turns dinner into a medical mystery.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On today’s Industry Voices, we are joined by Steve Deitz, President of MANTECH's Federal Civilian Sector, as he is discussing the cell-based Security Operations Center (SOC) approach. Check out the full conversation from Steve here. 

Selected Reading

Understanding and Mitigating CVE-2025-53786: A Critical Microsoft Exchange Vulnerability (The DefendOps Diaries)

CISA Issues Urgent Advisory to Address Microsoft Exchange Flaw (GB Hackers)

SoupDealer Malware Evades Sandboxes, AVs, and EDR/XDR in Real-World Attacks (GB Hackers)

Google Calendar invites let researchers hijack Gemini to leak user data (Bleeping Computer)

North Korean Group ScarCruft Expands From Spying to Ransomware Attacks (Hackread)

Russian Hackers Exploited WinRAR Zero-Day in Attacks on Europe, Canada (SecurityWeek)

BadCam: New BadUSB Attack Turns Linux Webcams Into Persistent Threats (SecurityWeek)

DEF CON hackers plug security holes in US water systems (The Register)

DARPA announces $4 million winner of AI code review competition at DEF CON (The Record)

'Chairmen' of $100 million scam operation extradited to US (Bleeping Computer)

Guy Gives Himself 19th Century Psychiatric Illness After Consulting With ChatGPT (404 Media) 

Audience Survey

Complete our annual audience survey before August 31.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Deadlines in the cloud.

Dustin Childs, Head of Threat Awareness at Trend Micro Zero Day Initiative, joins to discuss their work on "ZDI-23-1527 and ZDI-23-1528: The Potential Impact of Overly Permissive SAS Tokens on PC Manager Supply Chains." The research explores two critical vulnerabilities (ZDI-23-1527 and ZDI-23-1528) that could have enabled attackers to hijack the Microsoft PC Manager supply chain via overly permissive SAS tokens in WinGet and official Microsoft domains. 

While the issues have since been resolved, the findings highlight how misconfigured cloud storage access can put trusted software distribution at risk. The post also includes detection strategies to help defenders identify and mitigate similar threats.

The research can be found here:

 ZDI-23-1527 and ZDI-23-1528: The Potential Impact of Overly Permissive SAS Tokens on PC Manager Supply Chains

Learn more about your ad choices. Visit megaphone.fm/adchoices

Signed, sealed, exploitable. [Research Saturday]

Lyt når som helst, hvor som helst

Other podcasts you might like ...