app_store_button

google_play_button

is Device Banner Block 894x1036

Stígðu inn í heim af óteljandi sögum

Hlustaðu og lestu

N2K Networks

The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.

CyberWire Daily

Researchers detail a years-long Russian state-sponsored cyber espionage campaign. Israel’s cyber chief warns against complacency. Vulnerabilities affect products from Fortinet and Hitachi Energy. Studies show AI models are rapidly improving at offensive cyber tasks. MITRE expands its D3FEND cybersecurity ontology to cover operational technology. Texas sues smart TV manufacturers, alleging illegal surveillance. A fraudulent gift card locks an Apple user out of their digital life. Our guest is Doron Davidson from CyberProof Israel discussing agentic SOCs and agentic transformation of an MDR. Fat racks crack the stacks.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On our Industry Voices segment, we are joined by ⁠Doron Davidson⁠, GM at ⁠CyberProof⁠ Israel, MD Security Operations, discussing agentic SOC and agentic transformation of an MDR. If you’d like to learn more be sure to check out ⁠CyberProof⁠. Tune into the full conversation here. 

Selected Reading

Amazon Exposes Years-Long GRU Cyber Campaign Targeting Energy and Cloud Infrastructure (Live Threat Intelligence)

IDF warns future cyberattacks may dwarf past threats (The Jerusalem Post)

CISA reports active exploitation of critical Fortinet authentication bypass flaw (Beyond Machines)

Hitachi Energy reports BlastRADIUS flaw in AFS, AFR and AFF Series product families (Beyond Machines)

AI models are perfecting their hacking skills (Axios)

AI Hackers Are Coming Dangerously Close to Beating Humans (WSJ)

MITRE Extends D3FEND Ontology to Operational Technology Cybersecurity (Mitre)

Texas sues biggest TV makers, alleging smart TVs spy on users without consent (Ars Technica)

Locked out: How a gift card purchase destroyed an Apple account (Apple Insider)

Racks of AI chips are too damn heavy (The Verge)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. 

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

The cloud that spies back.

Venezuela’s state oil company blames a cyberattack on the U.S. An Iranian hacker group offers cash bounties for doxing Israelis. Germany’s lower house of parliament suffers a major email outage. South Korea’s e-commerce breach exposes personal information of nearly all of that nation’s adults. Researchers report active exploitation of two critical Fortinet authentication bypass vulnerabilities, and three critical vulnerabilities in the FreePBX VoIP platform. An auto-industry credit reporting agency suffers a data breach. Google is shutting down its dark web reporting service. European law enforcement dismantles a Ukrainian fraud network. Our guest is Christiaan Beek, Senior Director Threat Intelligence & Analytics from Rapid7, discussing how attackers are accelerating exploitation, refining ransomware, and expanding nation-state operations. A Pornhub breach proves the internet never forgets. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On today’s Industry Voices segment, guest Christiaan Beek, Senior Director Threat Intelligence & Analytics from Rapid7, discusses how attackers are accelerating exploitation, refining ransomware, and expanding nation-state operations. Dive into the details in Rapid7’s report. Tune into Christiaan's full conversation here. 

Selected Reading

Venezuela Says Oil Export System Down After Weekend Cyberattack (Bloomberg)

Iran-linked hackers dox Israelis, offer cash bounties (The Jerusalem Post)

German Parliament Allegedly Hit by Email Outage During US-Ukraine Talks Amid Cyberattack Suspicions (TechNadu)

Breach at South Korea’s Equivalent of Amazon Exposed Data of Almost Every Adult (Wall Street Journal)

Arctic Wolf Observes Malicious SSO Logins on FortiGate Devices Following Disclosure of CVE-2025-59718 and CVE-2025-59719 (Arctic Wolf)

Critical authentication bypass and multiple flaws discovered in FreePBX VoIP platform (Beyond Machines)

Millions Affected by Massive 700Credit Data Breach (Tech.co)

Google Is Shutting Down Its Dark Web Monitoring Tool (Technology.org) 

European authorities dismantle call center fraud ring in Ukraine (Bleeping Computer)

Porn User Data Stolen—Pornhub ‘Search, Watch And Download’ Activity (Forbes)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. 

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Cyber shock to the oil trade.

In this episode, host Kim Jones tacks a topic that is rapidly moving from theoretical to operational reality: quantum computing. While classical computing will remain the backbone of our systems for years to come, quantum technologies are advancing fast enough that CISOs must begin preparing today. Kim explores what quantum computing really means, why it matters for cybersecurity, and how leaders should begin planning for its inevitable impact. To help demystify the subject, Kim is joined by longtime colleague and cybersecurity practitioner Michael Sottile—now the CSO of a quantum computing firm—who brings decades of hands-on experience across industries and a front-row seat to quantum's evolution.

Want more CISO Perspectives?

Check out a companion ⁠⁠blog post⁠⁠ by our very own Ethan Cook, where he breaks down key insights, shares behind-the-scenes context, and highlights research that complements this episode.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Quantum [CISOP]

Apple and Google issue emergency updates to patch zero-days. Google links five additional Chinese state-backed hacking groups to “React2Shell.” France’s Ministry of the Interior was hit by a cyberattack. Atlassian patches roughly 30 third-party vulnerabilities. Microsoft says its December 2025 Patch Tuesday updates are breaking Message Queuing. Researchers uncovered a massive exposed database with nearly 4.3 billion professional records openly accessible online. Britain’s new MI6 chief warns of an “aggressive, expansionist, and revisionist” Russia. Monday Business Brief. On today’s Threat Vector, ⁠Michael Heller⁠ from Unit 42 chats with security leaders ⁠Greg Conti⁠ and ⁠Tom Cross⁠ to unpack the hacker mindset and the idea of “dark capabilities”. A cyber holiday gift guide for the rest of us. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

Threat Vector Segment

In this segment of Threat Vector, host ⁠Michael Heller⁠, Managing Editor for Cortex and Unit 42 and Executive Producer of the podcast, sits down with long-time security leaders ⁠Greg Conti⁠ and ⁠Tom Cross⁠ to unpack the hacker mindset and the idea of “dark capabilities” inside modern technology companies. You can listen to their full discussion here. Be sure to catch new episodes of Threat Vector by Palo Alto Networks every Thursday on your favorite podcast app.

Selected Reading

Apple, Google forced to issue emergency 0-day patches (The Register)

Google links more Chinese hacking groups to React2Shell attacks (Bleeping Computer)

French Interior Ministry confirms cyberattack on email servers (Bleeping Computer)

Atlassian Patches Critical Apache Tika Flaw (SecurityWeek)

Microsoft: December security updates cause Message Queuing failures (Bleeping Computer)

16TB of MongoDB Database Exposes 4.3 Billion Lead Gen Records (Hackread)

MI6 chief warns 'front line is everywhere' and signals intent to pressure Putin (The Record)

Saviynt raises $700 million in Series B growth equity financing. (The CyberWire Business Brief)

Last-minute cybersecurity and privacy gifts your friends and family won't hate (This Week In Security)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. 

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Another day, another emergency patch.

Please enjoy this encore of Career Notes.

Chief security officer and chief information officer at Relativity, Amanda Fennell shares her story from archeology to cybersecurity. She shares the path that lead her towards becoming an archeologist and how it turned out not being exactly what she expected. She then shares how she got into the cyber business and how her past has impacted what she's doing now. She describes how she would like to be remembered in the cyber world, she says "I do hope that I left things better than I found them, not just the security of a product or a company, but I believe strongly that every person has a little cyber warrior inside of them." We thank Amanda for sharing her story.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Amanda Fennell: There's a cyber warrior in all of us [Information] [Career Notes]

Daniel Schwalbe, DomainTools Head of Investigations and CISO, is sharing their work on "Inside the Great Firewall." This two-part research project analyzes an extraordinary 500–600GB leak that exposes the internal architecture, tooling, and human ecosystem behind China’s Great Firewall. 

Across both parts, you break down thousands of leaked documents, source code repositories, diagrams, packet captures, and telemetry that reveal how systems like the Traffic Secure Gateway, MAAT, Redis-based analytics, and modular DPI engines work together to censor, surveil, and fingerprint users at scale. Taken together, the research shows how the Great Firewall functions not just as a technical system, but as a living censorship-industrial complex that adapts, learns, and coordinates across government, telecoms, and security vendors.

The research can be found here:

 Inside the Great Firewall Part 1: The Dump

 Inside the Great Firewall Part 2: Technical Infrastructure

Learn more about your ad choices. Visit megaphone.fm/adchoices

Root access to the great firewall. [Research Saturday]

A new executive order targets states’ AI regulations, while the White House shifts course on an NSA deputy director pick. The UK fines LastPass over inadequate security measures. Researchers warn of active attacks against Gladinet CentreStack instances. OpenAI outlines future cybersecurity plans. MITRE ranks the top 25 vulnerabilities of 2025. CISA orders U.S. federal agencies to urgently patch a critical GeoServer vulnerability. An anti-piracy coalition shuts down one of India’s most popular illegal streaming services. Our guest Mark Lance, Vice President, DFIR & Threat Intelligence, GuidePoint Security, unpacks purple team table top exercises to prepare for AI-generated attacks. Hackers set their sights on DNA.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Mark Lance, Vice President, DFIR & Threat Intelligence, GuidePoint Security, is discussing purple team table top exercises to prepare for AI-generated attacks.

Selected Reading

Trump Signs Executive Order to Block State AI Regulations (SecurityWeek)

Announced pick for No. 2 at NSA won’t get the job as another candidate surfaces (The Record)

LastPass Data Breach — Insufficient Security Exposed 1.6 Million Users (Forbes)

Gladinet CentreStack Flaw Exploited to Hack Organizations (SecurityWeek)

OpenAI lays out its plan for major advances in AI cybersecurity features (SC Media)

MITRE Releases 2025 List of Top 25 Most Dangerous Software Vulnerabilities (SecurityWeek)

CISA orders feds to patch actively exploited Geoserver flaw (Bleeping Computer)

MKVCinemas streaming piracy service with 142M visits shuts down (Bleeping Computer)

The Unseen Threat: DNA as Malware (BankInfoSecurity)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

One rule to rule them all.

CISA warns that pro-Russia hacktivist groups are targeting US critical infrastructure. Google patches three new Chrome zero-day vulnerabilities. North Korean actors exploit React2Shell to deploy a new backdoor. Researchers claim Docker Hub secret leakage is now a systemic problem. Attackers exploit an unpatched zero-day in Gogs, the self-hosted Git service. IBM patches more than 100 vulnerabilities across its product line. Storm-0249 abuses endpoint detection and response tools. The DOJ indicts a former Accenture employee for allegedly misleading federal customers about cloud security. Our guest is Kavitha Mariappan, Chief Transformation Officer at Rubrik, talking about understanding & building resilience against identity-driven threats. A malware tutor gets schooled by the law.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On today’s Industry Voices segment, we are joined by Kavitha Mariappan, Chief Transformation Officer at Knowledge Partner Rubrik, talking about understanding and building resilience against identity-driven threats. Tune into Kavitha’s full conversation here. 

 
New Rubrik Research Finds Identity Resilience is Imperative as AI Wave Floods the Workplace with AI Agents (Press release)

 
The Identity Crisis: Understanding and Building Resilience Against Identity-Driven Threats (Report) 

 
Agentic AI and Identity Sprawl (Data Security Decoded podcast episode) Host Caleb Tolin and guest ⁠Joe Hladik⁠, Head of Rubrik Zero Labs, to unpack the findings from their the report Kavitha addresses. 

Resources: Rubrik’s Data Security Decoded podcast airs semi-monthly on the N2K CyberWire network with host Caleb Tolin. You can catch new episodes twice a month on Tuesdays on your favorite podcast app. 

Selected Reading

CISA: Pro-Russia Hacktivists Target US Critical Infrastructure

New cybersecurity guidance paves the way for AI in critical infrastructure | CyberScoop

Google Releases Critical Chrome Security Update to Address Zero-Days - Infosecurity Magazine

North Korea-linked ‘EtherRAT’ backdoor used in React2Shell attacks | SC Media

Thousands of Exposed Secrets Found on Docker Hub - Flare

Hackers exploit unpatched Gogs zero-day to breach 700 servers

IBM Patches Over 100 Vulnerabilities - SecurityWeek

Ransomware IAB abuses EDR for stealthy malware execution

US charges former Accenture employee with misleading feds on cloud platform’s security - Nextgov/FCW

Man gets jail for filming malware tutorials for syndicate; 129 Singapore victims lost S$3.2m - CNA

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Weak passwords meet strong motives

Patch Tuesday. Federal prosecutors charge a Houston man with smuggling Nvidia chips to China, a Ukrainian woman for targeting critical infrastructure, and an Atlanta activist for wiping his phone. The power sector sees cyber threats doubling. The new Spiderman phishing kit slings its way across the dark web. Our guest is Dick O'Brien, Principal Intelligence Analyst from Symantec and Carbon Black Threat Hunter Team, discussing “Unwanted Gifts: Major Campaign Lures Targets with Fake Party Invites.” The Pentagon unveils a killer chatbot. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Dick O'Brien, Principal Intelligence Analyst from Symantec and Carbon Black Threat Hunter Team, is discussing “Unwanted Gifts: Major Campaign Lures Targets with Fake Party Invites."

Selected Reading

Microsoft Patches 57 Vulnerabilities, Three Zero-Days (SecurityWeek)

Google Patches Gemini Enterprise Vulnerability Exposing Corporate Data (SecurityWeek)

Adobe Patches Nearly 140 Vulnerabilities (SecurityWeek)

ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Rockwell, Schneider (SecurityWeek)

Fortinet Patches Critical Authentication Bypass Vulnerabilities (SecurityWeek)

Smuggling Ring Charged as Trump Okays Nvidia Sales to China (Gov Infosecurity)

Cybersecurity in power: supply chain most vulnerable, varying confidence in resilience (Power Technology)

Spiderman Phishing Kit Targets European Banks with Real-Time Credential Theft (Hackread)

Hospice Firm, Eye Care Practice Notifying 520,000 of Hacks (Bank Infosecurity)

Ukrainian hacker charged with helping Russian hacktivist groups (Bleeping Computer)

Man Charged for Wiping Phone Before CBP Could Search It (404 Media)

Pete Hegseth Says the Pentagon's New Chatbot Will Make America 'More Lethal' (404 Media)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

When preview pane becomes preview pain.

Organizations worldwide scramble to address the critical React2Shell vulnerability. Major insurers look to exclude artificial intelligence risks from corporate policies. Three Chinese hacking groups converge on the same Sharepoint flaws. Ransomware crews target hypervisors. A UK hospital asks the High Court to block publication of data stolen by the Clop gang. The White House approves additional Nvidia AI chip exports to China. The ICEBlock app creator sues the feds over app store removal. The FBI warns of virtual kidnapping scams. The FTC upholds a ban on a stalkerware maker. Dave Lindner, CISO of Contrast Security, discusses nation-state adversaries targeting source code to infiltrate the government and private sector. Craigslist’s founder pledges support for cybersecurity, veterans and pigeons.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

⁠Dave Lindner⁠, CISO of ⁠Contrast Security⁠, discusses nation-state adversaries targeting source code to infiltrate the government and private sector.

Selected Reading

Researchers track dozens of organizations affected by React2Shell compromises tied to China’s MSS (The Record)

Insurers retreat from AI cover as risk of multibillion-dollar claims mounts (Financial Times)

Three hacking groups, two vulnerabilities and all eyes on China (The Record)

Researchers spot 700 percent increase in hypervisor ransomware attacks (The Register)

UK Hospital Asks Court to Stymie Ransomware Data Leak (Bank Infosecurity)

Trump says Nvidia can sell more powerful AI chips to China (The Verge)

ICEBlock developer sues Trump administration over App Store removal (The Verge)

New FBI alert urges vigilance on virtual kidnapping schemes (SC Media)

FTC upholds ban on stalkerware founder Scott Zuckerman (TechCrunch)

Craigslist founder signs the Giving Pledge, and his fortune will go to military families, fighting cyberattacks—and a pigeon rescue (Fortune)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

The bug that got everyone’s attention.

This joint Cybersecurity Advisory highlights continued malicious cyber activity by advanced persistent threat actors affiliated with the Iranian Government’s Islamic Revolutionary Guard Corps. The IRGC-affiliated actors are actively targeting a broad range of entities, including entities across multiple U.S. critical infrastructure sectors as well as Australian, Canadian, and United Kingdom organizations. 
AA22-257A Alert, Technical Details, and Mitigations
AA22-257A.stix
CISA’s Iran Cyber Threat Overview and Advisories
FBI’s Iran Threat webpage.
Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activities
Technical Approaches to Uncovering and Remediating Malicious Activity
All organizations should report incidents and anomalous activity to CISA’s 24/7 Operations Center at central@cisa.dhs.gov or (888) 282-0870 and to the FBI via your local FBI field office or the FBI’s 24/7 CyWatch at (855) 292-3937 or CyWatch@fbi.gov.
Learn more about your ad choices. Visit megaphone.fm/adchoices

N2K Networks, Inc.

CISA Alert AA22-257A – Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations. [CISA Cybersecurity Alerts]

CISA Alert AA22-257A – Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations. [CISA Cybersecurity Alerts]

Hlustaðu og lestu

Other podcasts you might like ...