app_store_button

google_play_button

DK - Details page - Device banner - 894x1036

Nyd den ubegrænsede adgang til tusindvis af spændende e- og lydbøger - helt gratis

Lyt når som helst, hvor som helst 

N2K Networks

The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.

CyberWire Daily

This week, we are joined by Or Eshed, Co-Founder and CEO from LayerX Security, discussing their work on "How We Discovered A Campaign of 16 Malicious Extensions Built to Steal ChatGPT Accounts." Researchers uncovered a coordinated campaign of 16 malicious browser extensions posing as ChatGPT productivity tools while secretly stealing user accounts. 

The extensions intercept ChatGPT session authentication tokens and send them to attacker-controlled servers, allowing threat actors to impersonate users and access their conversations, files, and connected services like Google Drive or Slack. The findings highlight how AI-focused browser extensions are creating a new attack surface, emphasizing the need for organizations to closely monitor and restrict third-party AI tools.

The research can be found here:

 
⁠⁠⁠How We Discovered A Campaign of 16 Malicious Extensions Built to Steal ChatGPT Accounts

Learn more about your ad choices. Visit megaphone.fm/adchoices

Your AI sidekick might be a spy. [Research Saturday]

Europol dismantles the SocksEscort proxy service. Cyber operations highlight imbalance in the war in Iran. Google rushes Chrome zero-day patches. Veeam fixes critical backup flaws. A former incident responder faces ransomware charges. Thomson Reuters staff push back on an ICE contract. Attackers abuse backup tools for data theft. CISA flags a critical n8n vulnerability. Maria Varmazis is joined by Jack R. Bialik, engineer and author, to discuss the hidden risks of a fully-digital society, and talk about his book "In Lost in Time: Our Forgotten and Vanishing Knowledge." A Phony photo fuels a phantom flight fiasco.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

N2K CyberWire’s Maria Varmazis is joined by Jack R. Bialik, engineer and author, to discuss the hidden risks of a fully-digital society, and talk about his book "In Lost in Time: Our Forgotten and Vanishing Knowledge." 

Selected Reading

Europol and international partners disrupt ‘SocksEscort’ proxy service - Joint operation targeted malicious proxy service exploiting residential routers worldwide (Europol)

War in Iran – asymmetry in cyberspace (IISS)

Google fixes two new Chrome zero-days exploited in attacks (Bleeping Computer) 

Veeam warns of critical flaws exposing backup servers to RCE attacks (Bleeping Computer)

Former Employee of Cybersecurity Companies Charged in ALPHV (BlackCat) Ransomware Extortion Case (TechNadu)

They Don’t Want Their Company’s Surveillance Tool Used by ICE (The New York Times)

Data Exfiltration and Threat Actor Infrastructure Exposed (Huntress)

CISA adds n8n RCE flaw to list of known exploited vulnerabilities (SC Media)

Cyber National Mission Force to get new commander amid broader leadership turnover (The Record)

AI Used to Promote Non-Existent Evacuation Flights From the Middle East (Bellingcat)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. 

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Socks pulled, patches pushed.

Show Notes:

As cybersecurity has matured, the field has become more formalized within businesses with CISOs leading the way. However, despite the value of the CISO and its widespread adoption, the role has continued to lose agency with other board members. In this episode of CISO Perspectives, host ⁠Kim Jones⁠ sits down with Patty Ryan, the CISO at QuidelOrtho, to assess the value of the role. Throughout the conversation, Patty and Kim will discuss the challenges facing CISOs, why the role has lost its agency, and what can be done to reverse the current trajectory.

Want more CISO Perspectives?:

Check out a companion ⁠⁠blog post⁠⁠ by our very own Ethan Cook, where he breaks down key insights, shares behind-the-scenes context, and highlights research that complements this episode. It’s the perfect follow-up if you’re curious about the cyber talent crunch and how we can reshape the ecosystem for future professionals.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Is the role of the CISO adding to the confusion? [CISOP]

Iran threatens tech firms as hackers strike Stryker. The EU advances efforts toward digital sovereignty. A foreign hacker stumbles upon the FBI’s Epstein files. DOGE used ChatGPT to cull humanities grants. Meta claims increased efforts against scams. A Wisconsin ambulance provider discloses a data breach. CISA shortens the patch deadline for a critical SolarWinds vulnerability. We preview this year’s RSAC 2026 Innovation Sandbox with Cecilia Marinier and Paul Kocher. Dangerous digital diets miss the mark. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On our Industry Voices segment, we share a RSAC 2026 Conference innovation preview with Cecilia Marinier and Innovation Sandbox judge Paul Kocher talking about this year's Top 10 Finalists. 

Selected Reading

Iran-linked hackers claim responsibility for attack on US medical device maker Stryker (Reuters)

'Legitimate targets': Iran issues warning to US tech firms including Google, Amazon, Microsoft, Nvidia (The Times of India)

Iranian trolls are flooding social media with pro-Tehran, anti-war propaganda (MS Now)

Commission announces €75 million EURO-3C Project to build a federated Telco-Edge-Cloud infrastructure for digital sovereignty (European Commission)

Hacker broke into FBI and compromised Epstein files, report says (TechCrunch)

When DOGE Unleashed ChatGPT on the Humanities (The New York Times)

Meta says it culled millions of scam ads amid accusations that it profits from them (The Record)

Bell Ambulance Ransomware Attack Impacts Over 237,000 Individuals (Beyond Machines)

CISA Mandates Emergency Patching for SolarWinds Web Help Desk Vulnerabilities (Beyond Machines)

AI Chatbots Are Giving Teens Absolutely Terrible Diet Advice, Study Warns (Gizmodo)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. 

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Oops, those were the FBI files.

In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo is joined by Greg Schlomer and Vlad Honyanyy to discuss new research on Jasper Sleet, a North Korean–aligned threat actor incorporating AI into active operations. 

The conversation examines how AI is being integrated across the attack lifecycle — from highly tailored phishing lures and fabricated job applicant personas to accelerating malware development and refining operational workflows. Rather than treating AI as a novelty, Jasper Sleet is using it to increase speed, scale, and adaptability while reducing many of the friction points that once slowed campaigns. 

They also explore what this shift means for defenders. As AI compresses iteration cycles and lowers barriers to entry, traditional attribution signals evolve, influence operations become more convincing, and defensive teams must tighten the loop between intelligence, detection, and response. This is less about experimentation and more about the operationalization of AI as part of modern tradecraft. 

In this episode you’ll learn: 

 
How AI is changing the speed at which cyber operations evolve 

 
Why jailbreaking AI models is often trivial for motivated adversaries 

 
 The strategic implications of AI leveling the playing field between threat actors 

Some questions we ask: 

 
Is there resistance among experienced malware authors to adopting AI? 

 
Are we seeing fully AI-written malware in the wild? 

 
What stands out about Jasper Sleet’s use of AI? 

 

Resources: 

View Greg Schloemer on LinkedIn 

View Sherrod DeGrippo on LinkedIn 

 

Related Microsoft Podcasts: 

 
Afternoon Cyber Tea with Ann Johnson 

 
The BlueHat Podcast 

 
Uncovering Hidden Risks 

Discover and follow other Microsoft podcasts at microsoft.com/podcasts 

Get the latest threat intelligence insights and guidance at Microsoft Security Insider 

 

The Microsoft Threat Intelligence Podcast is produced by Microsoft, Hangar Studios and distributed as part of N2K media network. 
Learn more about your ad choices. Visit megaphone.fm/adchoices

AI as Tradecraft: How Threat Actors Are Operationalizing AI [Microsoft Threat Intelligence Podcast]

In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo is joined by Greg Schlomer and Vlad H. to discuss new research on Jasper Sleet, a North Korean–aligned threat actor incorporating AI into active operations. 

The conversation examines how AI is being integrated across the attack lifecycle — from highly tailored phishing lures and fabricated job applicant personas to accelerating malware development and refining operational workflows. Rather than treating AI as a novelty, Jasper Sleet is using it to increase speed, scale, and adaptability while reducing many of the friction points that once slowed campaigns. 

They also explore what this shift means for defenders. As AI compresses iteration cycles and lowers barriers to entry, traditional attribution signals evolve, influence operations become more convincing, and defensive teams must tighten the loop between intelligence, detection, and response. This is less about experimentation and more about the operationalization of AI as part of modern tradecraft. 

In this episode you’ll learn: 

 
How AI is changing the speed at which cyber operations evolve 

 
Why jailbreaking AI models is often trivial for motivated adversaries 

 
 The strategic implications of AI leveling the playing field between threat actors 

Some questions we ask: 

 
Is there resistance among experienced malware authors to adopting AI? 

 
Are we seeing fully AI-written malware in the wild? 

 
What stands out about Jasper Sleet’s use of AI? 

 

Resources: 

View Greg Schloemer on LinkedIn 

View Sherrod DeGrippo on LinkedIn 

 

Related Microsoft Podcasts: 

 
Afternoon Cyber Tea with Ann Johnson 

 
The BlueHat Podcast 

 
Uncovering Hidden Risks 

Discover and follow other Microsoft podcasts at microsoft.com/podcasts 

Get the latest threat intelligence insights and guidance at Microsoft Security Insider 

 

The Microsoft Threat Intelligence Podcast is produced by Microsoft, Hangar Studios and distributed as part of N2K media network. 
Learn more about your ad choices. Visit megaphone.fm/adchoices

Rudd takes the helm at NSA and Cyber Command. A watchdog probes alleged Social Security data mishandling. Patch Tuesday lands. Governments brace for cyber fallout from Iran. BeatBanker spreads via a fake Starlink app. InstallFix targets developers. ZombieZIP hides malware in archives. And DHS reassigns CBP officials in a FOIA secrecy dispute. Ben Yelin unpacks Anthropic’s lawsuit against the Pentagon. AI eyewear leads to awkward exposures.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Our guest today is Ben Yelin from University of Maryland Center for Cyber Health and Hazard Strategies and Caveat cohost talking about Anthropic suing the Pentagon. You can read more on the topic here. 

Selected Reading

Senate approves Joshua Rudd as dual-hat leader of Cyber Command, NSA (POLITICO)

Whistleblower claims ex-DOGE member says he took Social Security data to new job (Washington Post)

Microsoft Patches 83 Vulnerabilities (SecurityWeek)

Adobe Patches 80 Vulnerabilities Across Eight Products (SecurityWeek)

Fortinet, Ivanti, Intel Patch High-Severity Vulnerabilities (SecurityWeek)

ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Schneider, Moxa, Mitsubishi Electric (SecurityWeek)

Iran war will bring wave of 'low-level cyber activity,' says intelligence group (StateScoop)

New BeatBanker Android malware poses as Starlink app to hijack devices (Bleeping Computer)

Fake Claude Code install guides push infostealers in InstallFix attacks (Bleeping Computer)

New 'Zombie ZIP' technique lets malware slip past security tools (Bleeping Computer)

DHS Ousts CBP Privacy Officers Who Questioned ‘Illegal’ Orders (WIRED)

Meta sued over AI smart glasses' privacy concerns, after workers reviewed nudity, sex, and other footage (TechCrunch)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. 

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

New command amid mounting cyber risks.

Russian hackers target Signal and WhatsApp. Permit scammers impersonate local officials. Anthropic sues over a Pentagon blacklist. The White House moves to restore fraud victims. ShinyHunters target Salesforce data. Ericsson reports a breach. macOS users face ClickFix malware. AWS credentials are phished. And CISA warns of an exploited Ivanti flaw. Our guest is Brian Baskin, Threat Researcher at Sublime Security, discussing tax season employee impersonation scams. Who fact-checks the fact-checkers? 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Our guest today is Brian Baskin, Threat Researcher at Sublime Security, discussing how tax season employee impersonation scams are conducted and what to look out for as we prepare our returns.

Selected Reading

Russia targets Signal and WhatsApp accounts in cyber campaign (AIVD)

FBI warns of phishing attacks impersonating US city, county officials (Bleeping Computer)

Anthropic sues Trump administration over Pentagon blacklist (CNBC)

White House floats Victims Restoration Program for millions affected by cyber fraud (The Record)

CybercrimeHundreds of Salesforce Customers Allegedly Targeted in New Data Theft Campaign (SecurityWeek)

Ericsson US discloses data breach after service provider hack (Bleeping Computer)

Fake CleanMyMac Site Uses ClickFix Trick to Install SHub Stealer on macOS (Hackread)

Behind the console: Active phishing campaign targeting AWS console credentials (Datadog Security Labs)

CISA: Recently patched Ivanti EPM flaw now actively exploited (Bleeping Computer)

AI fake-news detectors may look accurate but fail in real use, study finds (Tech Xplore)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. 

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Signals, scams, and a Salesforce snatch.

Show Notes:

Cybersecurity has continued to grow and mature as a field over the past decade which has given rise to numerous degree pathways across dozens of collegiate institutions; however, the value of these degrees has continued to be a topic of debate. In this episode of CISO Perspectives, host ⁠Kim Jones⁠ sits down with Dr. Lara Ferry, the Vice President of Research at Arizona State University, to explore higher education's role in cyber. Throughout the conversation, Lara and Kim will discuss the challenges facing degree programs, the disconnects between organizations and institutions, and how the gap can be better addressed.

Want more CISO Perspectives?:

Check out a companion ⁠⁠blog post⁠⁠ by our very own Ethan Cook, where he breaks down key insights, shares behind-the-scenes context, and highlights research that complements this episode. It’s the perfect follow-up if you’re curious about the cyber talent crunch and how we can reshape the ecosystem for future professionals.
Learn more about your ad choices. Visit megaphone.fm/adchoices

What role does higher education play in cyber? [CISOP]

Israel claims a strike on Iran’s cyber warfare headquarters. The Trump administration releases a new national cyber strategy. DHS shakes up its IT and cybersecurity leadership. Velvet Tempest uses ClickFix to drop loaders and RATs. Researchers uncover a Linux cryptocurrency clipboard hijacker. The DOJ brings a Ghanaian romance scammer to justice. Online advertising enables government tracking. Monday business breakdown. Our guest is Jon France, CISO from ISC2, sharing some insights and findings from their 2025 ISC2 Cybersecurity Workforce Study. An Apple II app gets audited by AI. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest 

Joining us today is Jon France, CISO from ISC2, sharing some insights and findings from their 2025 ISC2 Cybersecurity Workforce Study. For further detail, you can also check out ISC2’s just released Women in Cybersecurity report.

Selected Reading

Iranian cyber warfare HQ allegedly hit by Israel | brief (SC Media)

Iran internet blackout reaches 6th day as rights groups call for end to digital shutdown (The Record)

The long-awaited Trump cyber strategy has arrived (CyberScoop)

DHS CISO, deputy CISO exit amid reported IT leadership overhaul (FedScoop)

Termite ransomware breaches linked to ClickFix CastleRAT attacks (Bleeping Computer)

ClipXDaemon: Autonomous X11 Clipboard Hijacker Delivered Via Bincrypter-Based Loader (Cyble)

Ghanaian Pleads Guilty to Role in $100m Romance Scam (Infosecurity Magazine)

The Government Uses Targeted Advertising to Track Your Location. Here's What We Need to Do. (Electronic Frontier Foundation)

Zurich Insurance Group intends to acquire UK cyber insurer Beazley for approximately $11 billion. (N2K Pro Business Briefing)

Microsoft Azure CTO says Claude found vulns in Apple II code (The Register)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. 

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

From Tehran to the Apple II.

This week we are joined by Marcelle Lee, cybersecurity consultant and researcher, discussing "CTI tradecraft: Investigating a mobile scareware campaign." She details how a routine click on a Google News story led to a mobile scareware pop-up—and a deeper investigation into a broader campaign.

Using free tools like Censys, URLScan, VirusTotal, and CyberChef, she pivoted from two domains to uncover more than 100 related domains, shared infrastructure, and links to questionable antivirus apps in the Google Play Store. The findings are mapped to the MITRE ATT&CK framework, showing how freely available resources can power meaningful, actionable threat intelligence.

The research can be found here:

 
⁠CTI tradecraft: Investigating a mobile scareware campaign

Learn more about your ad choices. Visit megaphone.fm/adchoices

The scareware rabbit hole. [Research Saturday]

Lyt når som helst, hvor som helst

Other podcasts you might like ...