App Store

Google Play

Copy of Device Banner Block 894x1036 3

Descubre un mundo infinito de historias

Escucha y lee

N2K Networks

The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.

CyberWire Daily

A fast-spreading malware campaign is abusing WhatsApp as both lure and launchpad. Carmaker Renault suffers a data breach. DrayTek patches a critical router flaw. CISA alerts cover a range of vulnerabilities. A new phishing kit lowers the bar for convincing lures. A Catholic hospital network pays $7.6 million to settle data breach litigation. A major breach at FEMA exposes employee data. Google expands Gmail’s end-to-end encryption (E2EE) capabilities. On our Industry Voices segment, we are joined by Brian Vecci, Field CTO at Varonis, discussing move fast but don’t break things: Innovating at light speed without putting data at risk. The UK’s digital ID is a solution in search of a mandate.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On our Industry Voices segment, we are joined by Brian Vecci, Field CTO at Varonis, discussing move fast but don’t break things: Innovating at light speed without putting data at risk. You can listen to Brian’s full conversation here. 

Selected Reading

Threat Actors Leveraging WhatsApp Messages to Attack Windows Systems With SORVEPOTEL Malware (Cybersecurity News)

Major car maker confirms customer data stolen in cyber attack (The Independent)

Unauthenticated RCE Flaw Patched in DrayTek Routers (SecurityWeek)

Organizations Warned of Exploited Meteobridge Vulnerability (SecurityWeek)

CISA Releases Two Industrial Control Systems Advisories (CISA.gov)

New ‘point-and-click’ phishing kit simplifies malicious attachment creation (SC Media)

Hospital Chain to Pay $7.6M to Settle Breach Litigation (Bank Inforsecurity)

FEMA cyber breach exposes employee data (SC Media)

Gmail business users can now send encrypted emails to anyone (Bleeping Computer)

UK government says digital ID won't be compulsory – honest (The Register)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

WhatsApp worm spreads.

CISA furloughs most of its workforce due to the government shutdown. The U.S. Air Force confirms it is investigating a SharePoint related breach. Google warns of a large-scale extortion campaign targeting executives. Researchers uncover Android spyware campaigns disguised as popular messaging apps. An extortion group claims to have breached Red Hat’s private GitHub repositories. A software provider for recreational vehicle and power sport dealers suffers a ransomware breach. Patchwork APT deploys a new Powershell loader using scheduled tasks for persistence. A Tennessee Senator urges aggressive U.S. action to prepare for a post-quantum future. Cynthia Kaiser, SVP of Halcyon’s Ransomware Research Center and former Deputy Assistant Director at the FBI’s Cyber Division, joins us with insights on the government shutdown. A Malaysian man pleads guilty to supporting a massive crypto fraud. Protected health info is not a marketing tool. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Cynthia Kaiser, SVP of Halcyon’s Ransomware Research Center and former Deputy Assistant Director at the FBI’s Cyber Division, joins us with insights on the government shutdown.

Selected Reading

Shutdown guts U.S. cybersecurity agency at perilous time (CISA)

Air Force admits SharePoint privacy issue; reports of breach (The Register)

Google warns executives are being targeted for extortion with leaked Oracle data (IT Pro)

Researchers uncover spyware targeting messaging app users in the UAE (The Record)

Red Hat confirms security incident after hackers claim GitHub breach (Bleeping Computer)

766,000 Impacted by Data Breach at Dealership Software Provider Motility (Security Week)

Patchwork APT: Leveraging PowerShell to Create Scheduled Tasks and Deploy Final Payload (GB Hackers)

GOP senator confirms pending White House quantum push, touts legislative alternatives (CyberScoop)

Bitcoin Fixer Convicted for Role in Money Laundering Scheme (Bank Infosecurity)

Nursing Home Fined $182K for Posting Patient Photos Online (Bank Infosecurity)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA furlough sparks fears.

Major federal cybersecurity programs expire amidst the government shutdown. Global leaders and experts convene in Riyadh for the Global Cybersecurity Forum. NIST tackles removable media. ICE buys vast troves of smartphone location data. Researchers claim a newly patched VMware vulnerability has been a zero-day for nearly a year. ClickFix-style attacks surge and spread across platforms. Battering RAM defeats memory encryption and boot-time defenses. A new phishing toolkit converts ordinary PDFs into interactive lures. A trio of breaches exposes data of 3.7 million across North America. Tim Starks from CyberScoop unpacks a report from Senate Democrats on DOGE. The Lone Star State proves even the internet isn’t bulletproof. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Tim Starks, Senior Reporter from CyberScoop, is back and joins Dave to discuss a report from Senate Democrats on the Department of Government Efficiency (DOGE). You can read Tim’s article on the subject here.

Selected Reading

Cyber information-sharing law and state grants set to go dark as Congress stalls over funding (The Record)

Live - Global Cybersecurity Forum in Riyadh tackles how technology can shape future of cyberspace (Euronews)

NIST Publishes Guide for Protecting ICS Against USB-Borne Threats (SecurityWeek)

ICE to Buy Tool that Tracks Locations of Hundreds of Millions of Phones Every Day (404 Media)

Broadcom Fails to Disclose Zero-Day Exploitation of VMware Vulnerability (SecurityWeek)

Don’t Sweat the ClickFix Techniques: Variants & Detection Evolution (Huntress)

Battering RAM Attack Breaks Intel and AMD Security Tech With $50 Device (SecurityWeek)

New MatrixPDF toolkit turns PDFs into phishing and malware lures (Bleeping Computer)

3.7M breach notification letters set to flood North America's mailboxes (The Register)

A Bullet Crashed the Internet in Texas (404 Media) 

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. 

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

When politics break the firewall.

CISA issues an urgent warning about active exploitation of a critical vulnerability in the sudo utility. Broadcom patches two high-severity vulnerabilities in VMware NSX. South Korea raises its national cyber threat level after a datacenter fire. Formbricks patches a critical token validation flaw. Microsoft blocks a credential phishing campaign that made use of malicious SVG files. Landlords are accused of scraping sensitive payroll data. Cybercriminals lay the groundwork for large-scale FIFA fraud. Burnout takes a heavy toll on cybersecurity professionals. On our Threat Vector segment, host David Moulton⁠ is joined by⁠ Kyle Wilhoit⁠ talking about the evolution of hacker culture and cybersecurity. London police bag the biggest bitcoin bust.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On this Threat Vector segment, host David Moulton⁠ is joined by⁠ Kyle Wilhoit⁠ of Unit 42 talking about the evolution of hacker culture and cybersecurity. You can listen to the full conversation⁠ here⁠, and catch new episodes of Threat Vector each Thursday in your podcast app of choice.

Selected Reading

CISA Issues Alert on Active Exploitation of Linux and Unix Sudo Flaw (GB Hackers)

Broadcom fixes high-severity VMware NSX bugs reported by NSA (Bleeping Computer)

South Korea raises cyber threat level after huge data centre fire sparks hacking fears (The Guardian)

JWT signature verification bypass enables account takeover in Formbricks (Beyond Machines)

Microsoft Flags AI Phishing Attack Hiding in SVG Files (Hackread)

Landlords Demand Tenants’ Workplace Logins to Scrape Their Paystubs (404 Media)

Playing Offside: How Threat Actors Are Warming Up for FIFA 2026 (Check Point Blog)

Why burnout is a growing problem in cybersecurity (BBC)

Chinese woman convicted after 'world's biggest' bitcoin seizure (BBC)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

One flaw to rule the root.

A Chinese state-sponsored group exploited enterprise devices in a global espionage effort. The UK Government guarantees £1.5 billion financing to help Jaguar Land Rover’s recovery efforts. A maximum-severity flaw in Fortra’s GoAnywhere Managed File Transfer product is under active exploitation. The AI boom faces sustainability questions. Akira ransomware bypasses MFA on SonicWall devices. Dutch teens are arrested for allegedly spying for Russia. Luxury retailer Harrods confirms a data breach. An Interpol crackdown targets African cybercrime rings. We’ve got our Monday business briefing. Brandon Karpf joins us to discuss the cybersecurity ecosystem in Japan. Cyber crooks offer a BBC journalist an early retirement package.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today our guest is Brandon Karpf, friend of the show, and he joins to discuss the Cybersecurity ecosystem in Japan.

Selected Reading

Chinese hackers breached critical infrastructure globally using enterprise network gear (CSO Online)

UK government bails out Jaguar Land Rover with $2 billion loan (Metacurity)

Maximum severity GoAnywhere MFT flaw exploited as zero day (Bleeping Computer)

The AI boom is unsustainable unless tech spending goes ‘parabolic,’ Deutsche Bank warns: ‘This is highly unlikely’ (Fortune)

Akira ransomware breaching MFA-protected SonicWall VPN accounts (Bleeping Computer)

Dutch teens arrested for trying to spy on Europol for Russia (Bleeping Computer)

Harrods: Hackers contact firm after 430,000 customer records stolen (BBC)

Africa cybercrime crackdown includes hundreds of arrests, Interpol says (The Record)

Cyberbit acquires RangeForce. Terra Security raises $30 million. (N2K Pro) 

'You'll never need to work again': Criminals offer reporter money to hack BBC (BBC)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

The November that never ended.

Please enjoy this encore of Career Notes. 

Senior security engineer with the Johns Hopkins University Information Security Institute and the Institute for Assured Autonomy, Joe Carrigan, shares what he calls his life mistake and what spurred him to finally choose a career in technology. Throughout his life, Joe had interest in technology, he even worked at the computer lab in college, but never set his sights on that for a career. A conversation with a stranger guided him in that direction and he's been there ever since. As co-host of the CyberWire's Hacking Humans, Joe sees some heartbreaking results of scams and feels education of the public will help to prevent these. Joe reminds us to build our networks as they include people we can always go back to either when searching for a position or looking to fill one on our teams. We thank Joe for sharing his story with us.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Joe Carrigan: Build your network. [Security engineer] [Career Notes]

This week, we are joined by Martin Zugec, Technical Solutions Director from Bitdefender, sharing their work and findings on "EggStreme Malware: Unpacking a New APT Framework Targeting a Philippine Military Company. A newly identified Chinese APT group has been observed deploying a sophisticated, fileless malware framework called EggStreme against a Philippine military company. 

The multi-stage toolkit uses DLL sideloading and in-memory execution to evade detection, with its core backdoor, EggStremeAgent, enabling reconnaissance, lateral movement, keylogging, and data theft. Researchers note the campaign’s persistence and stealth highlight professional, geopolitically motivated espionage activity linked to Chinese national interests.

The research can be found here:

 EggStreme Malware: Unpacking a New APT Framework Targeting a Philippine Military Company

Learn more about your ad choices. Visit megaphone.fm/adchoices

Sunny-side spyware. [Research Saturday]

CISA gives federal agencies 24 hours to patch a critical Cisco firewall bug. Researchers uncover the first known malicious MCP server used in a supply chain attack. The New York SIM card threat may have been overblown. Microsoft tags a new variant of the XCSSET macOS malware. An exposed auto insurance claims database puts PII at risk. Amazon will pay $2.5 billion to settle dark pattern allegations. Researchers uncover North Korea’s hybrid playbook of cybercrime and insider threats. An old Hikvision security camera vulnerability rears its ugly head. Dan Trujillo from the Air Force Research Laboratory’s Space Vehicles Directorate joins Maria Varmazis, host of T-Minus Space Daily to discuss how his team is securing satellites and space systems from cyber threats. DOGE delivers dysfunction, disarray, and disappointment.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.CyberWire Guest

Dan Trujillo from the Air Force Research Laboratory’s Space Vehicles Directorate joins Maria Varmazis, host of T-Minus Space Daily to discuss how his team is securing satellites and space systems from cyber threats and also shares advice for breaking into the fast-growing field of space cybersecurity

Selected Reading

Federal agencies given one day to patch exploited Cisco firewall bugs (The Record)

First malicious MCP Server discovered, stealing data from AI-Powered email systems (Beyond Machines)

Secret Service faces backlash over SIM farm bust as experts challenge threat claims (Metacurity)

Microsoft warns of new XCSSET macOS malware variant targeting Xcode devs (Bleeping Computer)

Microsoft cuts off cloud services to Israeli military unit after report of storing Palestinians' phone calls (CNBC)

Auto Insurance Platform Exposed Over 5 Million Records Including Documents Containing PII (Website Planet)

Amazon pays $2.5 billion to settle Prime memberships lawsuit (Bleeping Computer)

DeceptiveDevelopment: From primitive crypto theft to sophisticated AI-based deception (We Live Security)

Critical 8 years old Hikvision Camera flaw actively exploited again (Beyond Machines)

The Story of DOGE, as Told by Federal Workers (WIRED)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA sounds the alarm on Cisco flaws.

Fortra flags a critical flaw in its GoAnywhere Managed File Transfer (MFT) solution. Cisco patches a critical vulnerability in its IOS and IOS XE software. Cloudflare thwarts yet another record DDoS attack. Rhysida ransomware gang claims the Maryland Transit cyberattack. The new “Obscura” ransomware strain spreads via domain controllers. Retailers’ use of generative AI expands attack surfaces. Researchers expose GitHub Actions misconfigurations with supply chain risk. Mandiant links the new BRICKSTORM backdoor to a China-based espionage campaign. Kansas students push back against an AI monitoring tool. Ben Yelin speaks with Michele Kellerman, Cybersecurity Engineer for Air and Missile Defense at Johns Hopkins University Applied Physics Lab, discussing Women's health apps and the legal grey zone that they create with HIPAA. Senators push the FTC to regulate your brainwaves.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Ben Yelin, co-host of Caveat, is speaking with Michele Kellerman, Cybersecurity Engineer for Air and Missile Defense at Johns Hopkins University Applied Physics Lab, about Women's health apps and the legal grey zone that they create with HIPAA. If you want to hear the full conversation, check it out on Caveat, here.

Selected Reading

Critical CVSS 10 Flaw in GoAnywhere File Transfer Threatens 20,000 Systems (HackRead)

Cisco IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution Vulnerability (Cisco)

Cloudflare mitigates new record-breaking 22.2 Tbps DDoS attack (Bleeping Computer)

Ransomware gang known for government attacks claims Maryland transit incident (The Record)

Obscura, an obscure new ransomware variant (Bleeping Computer)

Threat Labs Report: Retail 2025 (Netskope)

pull_request_nightmare Part 1: Exploiting GitHub Actions for RCE and Supply Chain Attacks (Orca)

China-linked hackers use ‘BRICKSTORM’ backdoor to steal IP (The Record)

AI safety tool sparks student backlash after flagging art as porn, deleting emails (The Washington Post)

Senators introduce bill directing FTC to establish standards for protecting consumers’ neural data (The Record)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Critical GoAnywhere bug exposed.

British authorities arrest a man in connection with the Collins Aerospace ransomware attack. CISA says attackers breached a U.S. federal civilian executive branch agency last year. Researchers uncover two high-severity vulnerabilities in Supermicro server motherboards. A Las Vegas casino operator confirms a cyber attack. Analysts track multiple large-scale, automated email phishing campaigns. Libraesva issues an emergency patch for its Email Security Gateway. Our guest is Jason Clark, Chief Strategy Officer (CSO) at Cyera, tackling the security threat of Agentic AI. Robocars get misdirected by mirrors. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On our Industry Voices segment, we are joined by Jason Clark, Chief Strategy Officer (CSO) at Cyera, discussing tackling the security industry's biggest threat: Agent AI. If you want to hear the full conversation from Jason, you can check it out here. 

Selected Reading

UK police arrest man over hack that affected European airports (Reuters)

AI tool helped recover £500m lost to fraud, government says (BBC)

CISA says hackers breached federal agency using GeoServer exploit (Bleeping Computer)

Supermicro server motherboards can be infected with unremovable malware (Ars Technica)

Boyd Gaming Suffers Cyberattack, Data Breach (Casino.org)

Email Threat Radar – September 2025 (Barracuda)

Revamped Phishing Techniques: How Telegram and Front-End Hosting Platforms Scale Campaigns (Forescout)

GitHub notifications abused to impersonate Y Combinator for crypto theft (Bleeping Computer)

Libraesva ESG issues emergency fix for bug exploited by state hackers (Bleeping Computer)

Fooling a self-driving car with mirrors on traffic cones (The Register)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

AI to the rescue.

This week, we are joined by Andrew Morris, Founder and CTO of GreyNoise, to discuss their work on "GreyNoise Intelligence Discovers Zero-Day Vulnerabilities in Live Streaming Cameras with the Help of AI." GreyNoise discovered two critical zero-day vulnerabilities in IoT-connected live streaming cameras, used in sensitive environments like healthcare and industrial operations, by leveraging its AI-powered detection system, Sift. 
The vulnerabilities, CVE-2024-8956 (insufficient authentication) and CVE-2024-8957 (OS command injection), could allow attackers to take full control of affected devices, manipulate video feeds, or integrate them into botnets for broader attacks. This breakthrough underscores the transformative role of AI in identifying threats that traditional systems might miss, highlighting the urgent need for robust cybersecurity measures in the expanding IoT landscape.
The research can be found here: 
GreyNoise Intelligence Discovers Zero-Day Vulnerabilities in Live Streaming Cameras with the Help of AI

Learn more about your ad choices. Visit megaphone.fm/adchoices

Watching the watchers. IoT vulnerabilities exposed by AI. [Research Saturday]

Escucha y lee

Otros podcasts que te pueden gustar...