app_store_button

google_play_button

Details page - Device banner - 894x1036

Step into an infinite world of stories

Listen and read

N2K Networks

The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.

CyberWire Daily

Please enjoy this encore of Career Notes. 

Principal consultant and pen tester at Secureworks, Eric Escobar, shares his career path translating his childhood favorite Legos to civil engineering and pivoting to cybersecurity. Eric was always headed toward engineering and got both his bachelor and master degrees in civil engineering. Upon breaking into a network with a friend, he was bitten by the cybersecurity bug. Making the switch to the red team and basically becoming a bankrobber for hire, Eric tests the security of many companies' networks. He feels that curiosity is an essential trait for cybersecurity and collaboration is key as no one person knows everything. He advises those interested in cybersecurity to just start. We thank Eric for sharing his story with us.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Eric Escobar: Collaboration is key. [Pen tester] [Career Notes]

Darren Meyer, Security Research Advocate at Checkmarx, is sharing their work on "Bypassing AI Agent Defenses with Lies-in-the-Loop." Checkmarx Zero researchers introduce “lies-in-the-loop,” a new attack technique that bypasses human‑in‑the‑loop AI safety controls by deceiving users into approving dangerous actions that appear benign. 

Using examples with AI code assistants like Claude Code, the research shows how prompt injection and manipulated context can trick both the agent and the human reviewer into enabling remote code execution. The findings highlight a growing risk as AI agents become more common in developer workflows, underscoring the limits of human oversight as a standalone security control.

The research can be found here:

 
⁠Bypassing AI Agent Defenses With Lies-In-The-Loop

Learn more about your ad choices. Visit megaphone.fm/adchoices

The lies that let AI run amok. [Research Saturday]

Trump signs the National Defense Authorization Act for 2026. Danish intelligence officials accuse Russia of orchestrating cyberattacks against critical infrastructure. LongNosedGoblin targets government institutions across Southeast Asia and Japan. A new Android botnet infects nearly two million devices. WatchGuard patches its Firebox firewalls. Amazon blocks more than 1,800 North Korean operatives from joining its workforce. CISA releases nine new Industrial Control Systems advisories. The U.S. Sentencing Commission seeks public input on deepfakes. Prosecutors indict 54 in a large-scale ATM jackpotting conspiracy. Our guest is Nitay Milner, CEO of Orion Security, discussing the issue with data leaking into AI tools, and how CISOs must prioritize DLP. Riot Games finds cheaters hiding in the BIOS.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Nitay Milner, CEO of Orion Security, discusses the issue with data leaking into AI tools, and how CISOs must prioritize DLP.

Selected Reading

Trump signs defense bill allocating millions for Cyber Command, mandating Pentagon phone security (The Record)

Denmark blames Russia for destructive cyberattack on water utility (Bleeping Computer)

New China-linked hacker group spies on governments in Southeast Asia, Japan (The Record)

'Kimwolf' Android Botnet Ensnares 1.8 Million Devices (SecurityWeek)

New critical WatchGuard Firebox firewall flaw exploited in attacks (Bleeping Computer)

Amazon blocked 1,800 suspected DPRK job applicants (The Register)

CISA Releases Nine Industrial Control Systems Advisories (CISA.gov)

U.S. Sentencing Commission seeks input on criminal penalties for deepfakes (CyberScoop)

US Charges 54 in Massive ATM Jackpotting Conspiracy (Infosecurity Magazine)

Riot Games found a motherboard security flaw that helps PC cheaters (The Verge)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Where encryption meets executive muscle.

Hewlett Packard Enterprise patches a maximum-severity vulnerability in its OneView infrastructure management software. Cisco warns a critical zero-day is under active exploitation. An emergency Chrome update fixes two high-severity vulnerabilities. French authorities make multiple arrests. US authorities dismantle an unlicensed crypto exchange accused of money laundering. SonicWall highlights an exploited zero-day. Researchers earn $320,000 for demonstrating critical remote code execution flaws in cloud infrastructure components. A U.S. Senator urges electronic health record vendors to give patients greater control over who can access their medical data. Our guest is Larry Zorio, CISO from Mark43, discussing first responders and insider cyber risks. A right-to-repair group puts cash on the table. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Larry Zorio, CISO from Mark43, to discuss first responders sounding the alarm on insider cyber risks. To see the full report, check it out here.

Selected Reading

HPE warns of maximum severity RCE flaw in OneView software (Bleeping Computer)

China-Linked Hackers Exploiting Zero-Day in Cisco Security Gear (SecurityWeek)

Google Chrome patches two high severity vulnerabilities in emergency update (Beyond Machines)

France arrests 22-year-old over Interior Ministry hack (The Record)

France arrests Latvian for installing malware on Italian ferry (Bleeping Computer)

FBI dismantles alleged $70M crypto laundering operation (The Register)

SonicWall Patches Exploited SMA 1000 Zero-Day (SecurityWeek)

Zeroday Cloud hacking event awards $320,0000 for 11 zero days (Bleeping Computer)

Senator Presses EHR Vendors on Patient Privacy Controls (Govinfosecurity)

A nonprofit is paying hackers to unlock devices companies have abandoned (TechSpot)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. 

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

OneView gives attackers the full tour.

Researchers detail a years-long Russian state-sponsored cyber espionage campaign. Israel’s cyber chief warns against complacency. Vulnerabilities affect products from Fortinet and Hitachi Energy. Studies show AI models are rapidly improving at offensive cyber tasks. MITRE expands its D3FEND cybersecurity ontology to cover operational technology. Texas sues smart TV manufacturers, alleging illegal surveillance. A fraudulent gift card locks an Apple user out of their digital life. Our guest is Doron Davidson from CyberProof Israel discussing agentic SOCs and agentic transformation of an MDR. Fat racks crack the stacks.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On our Industry Voices segment, we are joined by ⁠Doron Davidson⁠, GM at ⁠CyberProof⁠ Israel, MD Security Operations, discussing agentic SOC and agentic transformation of an MDR. If you’d like to learn more be sure to check out ⁠CyberProof⁠. Tune into the full conversation here. 

Selected Reading

Amazon Exposes Years-Long GRU Cyber Campaign Targeting Energy and Cloud Infrastructure (Live Threat Intelligence)

IDF warns future cyberattacks may dwarf past threats (The Jerusalem Post)

CISA reports active exploitation of critical Fortinet authentication bypass flaw (Beyond Machines)

Hitachi Energy reports BlastRADIUS flaw in AFS, AFR and AFF Series product families (Beyond Machines)

AI models are perfecting their hacking skills (Axios)

AI Hackers Are Coming Dangerously Close to Beating Humans (WSJ)

MITRE Extends D3FEND Ontology to Operational Technology Cybersecurity (Mitre)

Texas sues biggest TV makers, alleging smart TVs spy on users without consent (Ars Technica)

Locked out: How a gift card purchase destroyed an Apple account (Apple Insider)

Racks of AI chips are too damn heavy (The Verge)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. 

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

The cloud that spies back.

Venezuela’s state oil company blames a cyberattack on the U.S. An Iranian hacker group offers cash bounties for doxing Israelis. Germany’s lower house of parliament suffers a major email outage. South Korea’s e-commerce breach exposes personal information of nearly all of that nation’s adults. Researchers report active exploitation of two critical Fortinet authentication bypass vulnerabilities, and three critical vulnerabilities in the FreePBX VoIP platform. An auto-industry credit reporting agency suffers a data breach. Google is shutting down its dark web reporting service. European law enforcement dismantles a Ukrainian fraud network. Our guest is Christiaan Beek, Senior Director Threat Intelligence & Analytics from Rapid7, discussing how attackers are accelerating exploitation, refining ransomware, and expanding nation-state operations. A Pornhub breach proves the internet never forgets. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On today’s Industry Voices segment, guest Christiaan Beek, Senior Director Threat Intelligence & Analytics from Rapid7, discusses how attackers are accelerating exploitation, refining ransomware, and expanding nation-state operations. Dive into the details in Rapid7’s report. Tune into Christiaan's full conversation here. 

Selected Reading

Venezuela Says Oil Export System Down After Weekend Cyberattack (Bloomberg)

Iran-linked hackers dox Israelis, offer cash bounties (The Jerusalem Post)

German Parliament Allegedly Hit by Email Outage During US-Ukraine Talks Amid Cyberattack Suspicions (TechNadu)

Breach at South Korea’s Equivalent of Amazon Exposed Data of Almost Every Adult (Wall Street Journal)

Arctic Wolf Observes Malicious SSO Logins on FortiGate Devices Following Disclosure of CVE-2025-59718 and CVE-2025-59719 (Arctic Wolf)

Critical authentication bypass and multiple flaws discovered in FreePBX VoIP platform (Beyond Machines)

Millions Affected by Massive 700Credit Data Breach (Tech.co)

Google Is Shutting Down Its Dark Web Monitoring Tool (Technology.org) 

European authorities dismantle call center fraud ring in Ukraine (Bleeping Computer)

Porn User Data Stolen—Pornhub ‘Search, Watch And Download’ Activity (Forbes)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. 

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Cyber shock to the oil trade.

In this episode, host Kim Jones tacks a topic that is rapidly moving from theoretical to operational reality: quantum computing. While classical computing will remain the backbone of our systems for years to come, quantum technologies are advancing fast enough that CISOs must begin preparing today. Kim explores what quantum computing really means, why it matters for cybersecurity, and how leaders should begin planning for its inevitable impact. To help demystify the subject, Kim is joined by longtime colleague and cybersecurity practitioner Michael Sottile—now the CSO of a quantum computing firm—who brings decades of hands-on experience across industries and a front-row seat to quantum's evolution.

Want more CISO Perspectives?

Check out a companion ⁠⁠blog post⁠⁠ by our very own Ethan Cook, where he breaks down key insights, shares behind-the-scenes context, and highlights research that complements this episode.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Quantum [CISOP]

Apple and Google issue emergency updates to patch zero-days. Google links five additional Chinese state-backed hacking groups to “React2Shell.” France’s Ministry of the Interior was hit by a cyberattack. Atlassian patches roughly 30 third-party vulnerabilities. Microsoft says its December 2025 Patch Tuesday updates are breaking Message Queuing. Researchers uncovered a massive exposed database with nearly 4.3 billion professional records openly accessible online. Britain’s new MI6 chief warns of an “aggressive, expansionist, and revisionist” Russia. Monday Business Brief. On today’s Threat Vector, ⁠Michael Heller⁠ from Unit 42 chats with security leaders ⁠Greg Conti⁠ and ⁠Tom Cross⁠ to unpack the hacker mindset and the idea of “dark capabilities”. A cyber holiday gift guide for the rest of us. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

Threat Vector Segment

In this segment of Threat Vector, host ⁠Michael Heller⁠, Managing Editor for Cortex and Unit 42 and Executive Producer of the podcast, sits down with long-time security leaders ⁠Greg Conti⁠ and ⁠Tom Cross⁠ to unpack the hacker mindset and the idea of “dark capabilities” inside modern technology companies. You can listen to their full discussion here. Be sure to catch new episodes of Threat Vector by Palo Alto Networks every Thursday on your favorite podcast app.

Selected Reading

Apple, Google forced to issue emergency 0-day patches (The Register)

Google links more Chinese hacking groups to React2Shell attacks (Bleeping Computer)

French Interior Ministry confirms cyberattack on email servers (Bleeping Computer)

Atlassian Patches Critical Apache Tika Flaw (SecurityWeek)

Microsoft: December security updates cause Message Queuing failures (Bleeping Computer)

16TB of MongoDB Database Exposes 4.3 Billion Lead Gen Records (Hackread)

MI6 chief warns 'front line is everywhere' and signals intent to pressure Putin (The Record)

Saviynt raises $700 million in Series B growth equity financing. (The CyberWire Business Brief)

Last-minute cybersecurity and privacy gifts your friends and family won't hate (This Week In Security)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. 

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Another day, another emergency patch.

Please enjoy this encore of Career Notes.

Chief security officer and chief information officer at Relativity, Amanda Fennell shares her story from archeology to cybersecurity. She shares the path that lead her towards becoming an archeologist and how it turned out not being exactly what she expected. She then shares how she got into the cyber business and how her past has impacted what she's doing now. She describes how she would like to be remembered in the cyber world, she says "I do hope that I left things better than I found them, not just the security of a product or a company, but I believe strongly that every person has a little cyber warrior inside of them." We thank Amanda for sharing her story.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Amanda Fennell: There's a cyber warrior in all of us [Information] [Career Notes]

Daniel Schwalbe, DomainTools Head of Investigations and CISO, is sharing their work on "Inside the Great Firewall." This two-part research project analyzes an extraordinary 500–600GB leak that exposes the internal architecture, tooling, and human ecosystem behind China’s Great Firewall. 

Across both parts, you break down thousands of leaked documents, source code repositories, diagrams, packet captures, and telemetry that reveal how systems like the Traffic Secure Gateway, MAAT, Redis-based analytics, and modular DPI engines work together to censor, surveil, and fingerprint users at scale. Taken together, the research shows how the Great Firewall functions not just as a technical system, but as a living censorship-industrial complex that adapts, learns, and coordinates across government, telecoms, and security vendors.

The research can be found here:

 Inside the Great Firewall Part 1: The Dump

 Inside the Great Firewall Part 2: Technical Infrastructure

Learn more about your ad choices. Visit megaphone.fm/adchoices

Root access to the great firewall. [Research Saturday]

CISA issues a Binding Operational Directive. An LA school district says ransomware operators missed most sensitive PII. An API protection report describes malicious transactions. Analysis of cyber risk in relation to SaaS applications. Joe Carrigan describes underground groups using stolen identities and deepfakes. Our guest is Eve Maler from ForgeRock on consumer identity breaches. And someone is making a nuisance of themself in Russia.

For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/11/191

Selected reading.
Binding Operational Directive 23-01 (CISA)
CISA Directs Federal Agencies to Improve Cybersecurity Asset Visibility and Vulnerability Detection (Cybersecurity and Infrastructure Security Agency) 
CISA aims to expand cyber defense service across fed agencies, potentially further (Federal News Network)
CISA directs federal agencies to track software and vulnerabilities (The Record by Recorded Future) 
Student, Teacher Data Not Affected in Los Angeles School District Hack (Wall Street Journal)
‘No evidence of widespread impact,’ LAUSD says of data released by hackers (KTLA) 
New API Threat Research Shows that Shadow APIs Are the Top Threat Vecto (Cequence Security)
Secureworks State of the Threat Report 2022: 52% of ransomware incidents over the past year started with compromise of unpatched remote services (Secureworks)
Russian Citizens Wage Cyberwar From Within (Kyiv Post)
Russian Hackers Take Aim at Kremlin Targets: Report (Infosecurity Magazine) Russian retail chain 'DNS' confirms hack after data leaked online (BleepingComputer)
Learn more about your ad choices. Visit megaphone.fm/adchoices

N2K Networks, Inc.

CISA issues Binding Operational Directive 23-01. LAUSD says ransomware operators missed most sensitive PII. Trends in API protection SaaS security. Making a pest of oneself in a hybrid war.

CISA issues Binding Operational Directive 23-01. LAUSD says ransomware operators missed most sensitive PII. Trends in API protection SaaS security. Making a pest of oneself in a hybrid war.

Listen and read

Other podcasts you might like ...