app_store_button

google_play_button

Device Banner Block-copy 894x1036

Astu lugude lõputusse maailma

Loe ja kuula

N2K Networks

The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.

CyberWire Daily

Operation “Chargeback” takes down global fraud networks. An investigation reveals the dangers of ADINT. M&S profits plunge after a cyberattack. Google patches a critical Android flaw. Asian prosecutors seize millions from an accused Cambodian scam kingpin. Ohio residents are still guessing water bills months after a cyberattack. Houston firefighters deny blame in city data breach. Nikkei reports a slack breach exposing 17,000 records.The Google–Wiz deal clears DOJ review. Ann Johnson welcomes her Microsoft colleague Frank X. Shaw⁠ to Afternoon Cyber Tea. Norway parks its Chinese Bus in a cave, just in case. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

Afternoon Cyber Tea

On this month's segment from Afternoon Cyber Tea, host Ann Johnson welcomes Frank X. Shaw⁠, Chief Communications Officer at Microsoft, to explore the critical role of communication in cybersecurity. They discuss how transparency and trust shape effective response to cyber incidents, the importance of breaking down silos across teams, and how AI is transforming communication strategies. You can listen to Ann and Frank's full conversation here, and catch new episodes of Afternoon Cyber Tea every other Tuesday on your favorite podcast app. 

Selected Reading

Operation Chargeback: 4.3 million cardholders affected, EUR 300 million in damages - Three criminal networks suspected of misusing credit card data from cardholders across 193 countries; 18 suspects arrested (Europol)

Databroker Files: Targeting the EU (Netzpolitik)

M&S profits almost wiped out after cyber hack left shelves empty (BBC News)

Google releases November 2025 Android patch, fixes critical zero-click flaw (Beyond Machines)

Prosecutors seize yachts, luxury cars from man accused of running Cambodia cyberscams (NPR)

Cyberattack that crippled Middletown's systems shows how hackers target smaller cities (Cincinnati.com)

Houston data breach exposes firefighters’ personal info, union says they’re being blamed (Click2Houston)

Japanese publishing company Nikkei suffers Slack compromise exposing data of over 17,000 people (Beyond Machines)

Google Clears DOJ Antitrust Hurdle for $32 Billion Wiz Deal (Bloomberg)

Dybt i et norsk fjeld blev en kinesisk bybus splittet ad. En status på vores frygt (Zetland)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

From small charges to big busts.

China-Linked hackers target Cisco firewalls. MIT Sloan withdraws controversial “AI-Driven Ransomware” paper. A new study questions the value of cybersecurity training. Hackers exploit OpenAI’s API as a malware command channel. Apple patches over 100 Security flaws across devices. A Florida-based operator of mental health and addiction treatment centers exposes sensitive patient information. OPM plans a “mass deferment” for Cybercorps scholars affected by the government shutdown. Lawmakers urge the FTC to investigate Flock Safety’s cybersecurity gaps. Cybercriminals team with organized crime for high-tech cargo thefts. Ben Yelin from University of Maryland Center for Cyber Health and Hazard Strategies discussing ICE’s controversial facial scanning initiative. A priceless theft meets a worthless password. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

We are joined by Ben Yelin from University of Maryland Center for Cyber Health and Hazard Strategies discussing ICE’s controversial facial scanning initiative. You can read more about Ben’s topic from 404 Media: You Can't Refuse To Be Scanned by ICE's Facial Recognition App, DHS Document Says.

Selected Reading

China-Linked Hackers Target Cisco Firewalls in Global Campaign (Hackread)

MIT Sloan shelves paper about AI-driven ransomware (The Register)

CyberSlop — meet the new threat actor, MIT and Safe Security (DoublePulsar)

Study concludes cybersecurity training doesn’t work (KPBS Public Media)

Microsoft: OpenAI API moonlights as malware HQ (The Register)

Apple Patches 19 WebKit Vulnerabilities (SecurityWeek)

Data Theft Hits Behavioral Health Network in 3 States (Bank Infosecurity)

OPM plans to give CyberCorps members more time to find jobs after shutdown ends (CyberScoop)

Lawmakers ask FTC to probe Flock Safety’s cybersecurity practices (The Record)

Cybercriminals, OCGs team up on lucrative cargo thefts (The Register)

Louvre Robbery: Security Flaws: The (Obviously) Password Was "Louvre" (L’Unione Sarda)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. 

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

A storm brews behind the firewall.

When discussing privacy risks, many often look to implementing strong encryption, secure data storage practices, and data sanitization processes to help ensure sensitive information remains protected. Though these practices are good and should be prioritized, many often miss other key areas that need just as much focus. As the internet of things has only continued to grow larger and larger, so has the risk these devices inherently create as they collect and store more information than many would instinctively assume.

In this episode of CISO Perspectives, host ⁠Kim Jones⁠ sits down with Merry Marwig, the Vice President of Global Communications & Advocacy at Privacy4Cars, to explore how privacy risks are in places many do not think to look. Together, Merry and Kim discuss why security leaders need to rethink how they approach privacy and consider how the devices we use every day could inadvertently expose our sensitive information.

This episode of N2K Pro's CISO Perspectives podcast is brought to you by our sponsor, Meter. Meter provides a full-stack, enterprise-grade networking solution—wired, wireless, and cellular—designed, deployed, and managed end-to-end. From hardware to software, ISP to security, Meter delivers seamless, secure, and scalable connectivity for modern business environments. Learn more about ⁠Meter⁠.

Want more CISO Perspectives?

Check out a companion ⁠⁠blog post⁠⁠ by our very own Ethan Cook, where he breaks down key insights, shares behind-the-scenes context, and highlights research that complements this episode.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Privacy needs where you least expect it. [CISO Perspectives]

The FCC plans to roll back cybersecurity mandates that followed Salt Typhoon. The alleged cybercriminal MrICQ has been extradited to the U.S. Ransomware negotiators are accused of conducting ransomware attacks. Ernst & Young accidentally exposed a 4-terabyte SQL Server backup. A hacker claims responsibility for last week’s University of Pennsylvania breach. The UK chronicles cyberattacks on Britain’s drinking water suppliers. Monday business brief. Our guest is Caleb Tolin, host of Rubrik's Data Security Decoded podcast. Hackers massage the truth. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Caleb Tolin, host of Rubrik's Data Security Decoded podcast, as he is introducing himself and his show joining the N2K CyberWire network. You can catch new episodes of Data Security Decoded the first and third Tuesdays of each month on your favorite podcast app. 

Selected Reading

FCC plans vote to remove cyber regulations installed after theft of Trump info from telecoms (The Record)

Alleged Jabber Zeus Coder ‘MrICQ’ in U.S. Custody (Krebs on Security)

Chicago firm that resolves ransomware attacks had rogue workers carrying out their own hacks, FBI says (Chicago Sun Times)

Ernst & Young cloud misconfiguration leaks 4TB SQL Server backup on Microsoft Azure (Beyond Machines)

Penn hacker claims to have stolen 1.2 million donor records in data breach (Bleeping Computer)

Hackers are attacking Britain’s drinking water suppliers (The Record)

JumpCloud acquires Breez. Chainguard secures $280 million in growth financing. Sublime Security closes $150 million Series C round. (N2K Pro)

Hackers steal data, extort $350,000 from massage parlor clients (Korea JoongAng Daily)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

FCC resets cyber oversight.

Risk Management and Privacy Knowledge Leader at A-LIGN, Arti Lalwani shares her story from finance to risk management and how she made the transition. Arti started her career in finance after graduating with a finance degree. Quickly learning the field was not for her, she decided to dip her toes into the tech world. She credits her mentors for helping her and said "they were able to push me up and get me there faster than I even thought." Arti says that she would like to be a part, and hopes to be apart, of the change where women are supporting women in the field. We thank Arti for sharing her story.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Arti Lalwani: Supporting and being the change. [Risk Management] [Career Notes]

Today we are joined by Dario Pasquini, Principal Researcher at RSAC, sharing the team's work on WhenAIOpsBecome “AI Oops”: Subverting LLM-driven IT Operations via Telemetry Manipulation. A first-of-its-kind security analysis showing that LLM-driven AIOps agents can be tricked by manipulated telemetry, turning automation itself into a new attack vector. 

The researchers introduce AIOpsDoom, an automated reconnaissance + fuzzing + LLM-driven telemetry-injection attack that performs “adversarial reward-hacking” to coerce agents into harmful remediations—even without prior knowledge of the target and even against some prompt-defense tools. They also present AIOpsShield, a telemetry-sanitization defense that reliably blocks these attacks without harming normal agent performance, underscoring the urgent need for security-aware AIOps design.

The research can be found here:

 
⁠When AIOps Become “AI Oops”:
Subverting LLM-driven IT Operations via Telemetry Manipulation

Learn more about your ad choices. Visit megaphone.fm/adchoices

Attack of the automated ops. [Research Saturday]

CISA says cooperation between federal agencies and the private sector remains steady. Long-standing Linux kernel vulnerability in active ransomware campaigns confirmed. A Chinese-linked group targets diplomatic organizations in Hungary, Belgium, and other European nations. A government contractor breach exposes data of over 10 million Americans. Luxury fashion brands fall victim to impersonation scams. Phishing shifts from email to LinkedIn. Advocacy groups urge the FTC to block Meta from using chatbot interactions to target ads. A man pleads guilty to selling zero-days to the Russians. Emily Austin, Principal Security Researcher at Censys, discusses why nation state attackers continue targeting critical infrastructure. When M&S went offline, shoppers hit ‘Next’.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Emily Austin, Principal Security Researcher at Censys, as she discusses why nation state attackers continue targeting critical infrastructure.

Selected Reading

Cyber info sharing ‘holding steady’ despite lapse in CISA 2015, official says (The Record)

CISA: High-severity Linux flaw now exploited by ransomware gangs (Bleeping Computer)

CISA and NSA share tips on securing Microsoft Exchange servers (Bleeping Computer)

UNC6384 Weaponizes ZDI-CAN-25373 Vulnerability to Deploy PlugX Against Hungarian and Belgian Diplomatic Entities (Arctic Wolf)

More than 10 million impacted by breach of government contractor Conduent (The Record)

Luxury Fashion Brands Face New Wave of Threats in Lead-up to 2025 Holiday Shopping Season (BforeAI)

LinkedIn phishing targets finance execs with fake board invites (Bleeping Computer)

Coalition calls on FTC to block Meta from using chatbot interactions to target ads, personalize content (The Record)

Ex-L3Harris exec pleads guilty to selling zero-day exploits to Russian broker (CyberScoop)

Business rival credits cyberattack on M&S for boosting profits (The Record)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. 

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA’s steady hand in a stalled senate.

Happy Halloween from the team at N2K Networks! 

We hope you share in our Halloween tradition of listening to the Malware Mash. You can check out our video ⁠here⁠. 

Lyrics

I was coding in the lab late one night

when my eyes beheld an eerie sight 

for my malware threat score began to rise 

and suddenly to my surprise...

It did the Mash 

It did the Malware Mash 

The Malware Mash 

It was a botnet smash 

It did the Mash 

It caught on 'cause of Flash 

The Malware Mash 

It did the Malware Mash

From the Stuxnet worm squirming toward the near east 

to the dark web souqs where the script kiddies feast 

the APTs left their humble abodes 

to get installed from rootkit payloads. 

They did the Mash 

They did the Malware Mash 

The Malware Mash 

It was an adware smash 

They did the Mash 

It caught on 'cause of Flash 

The Malware Mash 

They did the Malware Mash

The botnets were having fun 

The DDoS had just begun 

The viruses hit the darknet, 

with ransomware yet to come. 

The keys were logging, phishing emails abound, 

Snowden on chains, backed by his Russian hounds. 

The Shadow Brokers were about to arrive 

with their vocal group, "The NotPetya Five."

They did the Mash 

They played the Malware Mash

The Malware Mash 

It was a botnet smash 

They did the Mash 

It caught on 'cause of Flash 

The Malware Mash 

They played the Malware Mash

Somewhere in Moscow Vlad's voice did ring 

Seems he was troubled by just one thing. 

He opened a shell then shook his fist 

and said, "Whatever happened to my Turla Trojan twist." 

It's now the Mash 

It's now the Malware Mash 

The Malware Mash 

And it's a botnet smash 

It's now the Mash 

It caught on 'cause of Flash 

The Malware Mash 

It's now the Malware Mash

Now everything's cool, Vlad's a part of the band 

And the Malware Mash is the hit of the land. 

For you, defenders, this mash was meant to 

when you get to my door, tell them Creeper sent you.

Then you can Mash 

Then you can Malware Mash 

The Malware Mash 

And be a botnet smash 

It is the Mash 

Don't you dare download Flash 

The Malware Mash 

Just do the Malware Mash
Learn more about your ad choices. Visit megaphone.fm/adchoices

The Malware Mash!

A Texas telecom confirms a nation-state attack. A global outage disrupts Azure and Microsoft 365 services. Malicious npm packages steal sensitive data from Windows, Linux, and macOS systems. Hacktivists have breached multiple critical infrastructure systems across Canada. Major chipmakers spill the TEE. TP-Link home routers fall under federal scrutiny. Cloud Atlas targets Russia’s agricultural sector. Israel’s cloud computing deal with Google and Amazon allegedly includes a secret “winking mechanism.”The FCC tamps down on overseas robocalls. Mike Anderson, from Netskope, discusses why CIOs should think like HR leaders when considering Agentic AI. Danes Draw the line at digital doppelgängers. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Mike Anderson, Netskope’s Chief Digital and Information Officer, to discuss why CIOs must think like HR leaders when considering Agentic AI.

Selected Reading

US company with access to biggest telecom firms uncovers breach by nation-state hackers (Reuters)

Huge Microsoft outage hit 365, Xbox, and beyond — deployment of fix for Azure breakdown rolled out (Tom's Hardware)

Malicious NPM packages fetch infostealer for Windows, Linux, macOS (Bleeping Computer)

Canada says hacktivists breached water and energy facilities (Bleeping Computer)

New physical attacks are quickly diluting secure enclave defenses from Nvidia, AMD, and Intel (Ars Technica)

U.S. agencies back banning top-selling home routers on security grounds (The Washington Post)

Cloud Atlas hackers target Russian agriculture sector ahead of industry forum (The Record)

Revealed: Israel demanded Google and Amazon use secret ‘wink’ to sidestep legal orders (The Guardian)

FCC adopts new rule targeting robocalls (The Record)

Denmark to tackle deepfakes by giving people copyright to their own features (The Guardian)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Dial M for malware.

Explosions rock a shuttered Myanmar cybercrime hub. The Aisuru botnet shifts from DDoS to residential proxies. Dentsu confirms data theft at Merkle. Boston bans biometrics. Proton restores journalists’ email accounts after backlash. Memento labs admits Dante spyware is theirs. Australia accuses Microsoft of improperly forcing users into AI upgrades. CISA warns of active exploitation targeting manufacturing management software. A covert cyberattack during Trump’s first term disabled Venezuela’s intelligence network. Our guest is Ben Seri, Co-Founder and CTO of Zafran, discussing the trend of AI native attacks. New glasses deliver fashionable paranoia.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today’s guest is Ben Seri, Co-Founder and CTO of Zafran, discussing the trend of AI native attacks and how defenders should use AI to defend and remediate.

Selected Reading

Stragglers from Myanmar scam center raided by army cross into Thailand as buildings are blown up (AP News)

Aisuru Botnet Shifts from DDoS to Residential Proxies (Krebs on Security)

Advertising giant Dentsu reports data breach at subsidiary Merkle (Bleeping Computer)

Boston Police Can No Longer Use Facial Recognition Software (Built in Boston)

Proton Mail Suspended Journalist Accounts at Request of Cybersecurity Agency (The Intercept)

CEO of spyware maker Memento Labs confirms one of its government customers was caught using its malware (TechCrunch)

Australia sues Microsoft for forcing Copilot AI onto Office 365 customers (Pivot to AI)

CISA warns of actively exploited flaws in Dassault DELMIA Apriso manufacturing software (Beyond Machines)

CIA cyberattacks targeting the Maduro regime didn’t satisfy Trump in his first term. Now the US is flexing its military might (CNN Politics)

Zenni’s Anti-Facial Recognition Glasses are Eyewear for Our Paranoid Age (404 Media)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Attack of the automated ops. [Research Saturday]

Loe ja kuula

Muud podcastid, mis võivad sulle meeldida ...