Major federal cybersecurity programs expire amidst the government shutdown. Global leaders and experts convene in Riyadh for the Global Cybersecurity Forum. NIST tackles removable media. ICE buys vast troves of smartphone location data. Researchers claim a newly patched VMware vulnerability has been a zero-day for nearly a year. ClickFix-style attacks surge and spread across platforms. Battering RAM defeats memory encryption and boot-time defenses. A new phishing toolkit converts ordinary PDFs into interactive lures. A trio of breaches exposes data of 3.7 million across North America. Tim Starks from CyberScoop unpacks a report from Senate Democrats on DOGE. The Lone Star State proves even the internet isn’t bulletproof.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Tim Starks, Senior Reporter from CyberScoop, is back and joins Dave to discuss a report from Senate Democrats on the Department of Government Efficiency (DOGE). You can read Tim’s article on the subject here. Selected Reading Cyber information-sharing law and state grants set to go dark as Congress stalls over funding (The Record) Live - Global Cybersecurity Forum in Riyadh tackles how technology can shape future of cyberspace (Euronews) NIST Publishes Guide for Protecting ICS Against USB-Borne Threats (SecurityWeek) ICE to Buy Tool that Tracks Locations of Hundreds of Millions of Phones Every Day (404 Media) Broadcom Fails to Disclose Zero-Day Exploitation of VMware Vulnerability (SecurityWeek) Don’t Sweat the ClickFix Techniques: Variants & Detection Evolution (Huntress) Battering RAM Attack Breaks Intel and AMD Security Tech With $50 Device (SecurityWeek) New MatrixPDF toolkit turns PDFs into phishing and malware lures (Bleeping Computer) 3.7M breach notification letters set to flood North America's mailboxes (The Register) A Bullet Crashed the Internet in Texas (404 Media) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.   Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA issues an urgent warning about active exploitation of a critical vulnerability in the sudo utility. Broadcom patches two high-severity vulnerabilities in VMware NSX. South Korea raises its national cyber threat level after a datacenter fire. Formbricks patches a critical token validation flaw. Microsoft blocks a credential phishing campaign that made use of malicious SVG files. Landlords are accused of scraping sensitive payroll data. Cybercriminals lay the groundwork for large-scale FIFA fraud. Burnout takes a heavy toll on cybersecurity professionals. On our Threat Vector segment, host David Moulton⁠ is joined by⁠ Kyle Wilhoit⁠ talking about the evolution of hacker culture and cybersecurity. London police bag the biggest bitcoin bust. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On this Threat Vector segment, host David Moulton⁠ is joined by⁠ Kyle Wilhoit⁠ of Unit 42 talking about the evolution of hacker culture and cybersecurity. You can listen to the full conversation⁠ here⁠, and catch new episodes of Threat Vector each Thursday in your podcast app of choice. Selected Reading CISA Issues Alert on Active Exploitation of Linux and Unix Sudo Flaw (GB Hackers) Broadcom fixes high-severity VMware NSX bugs reported by NSA (Bleeping Computer) South Korea raises cyber threat level after huge data centre fire sparks hacking fears (The Guardian) JWT signature verification bypass enables account takeover in Formbricks (Beyond Machines) Microsoft Flags AI Phishing Attack Hiding in SVG Files (Hackread) Landlords Demand Tenants’ Workplace Logins to Scrape Their Paystubs (404 Media) Playing Offside: How Threat Actors Are Warming Up for FIFA 2026 (Check Point Blog) Why burnout is a growing problem in cybersecurity (BBC) Chinese woman convicted after 'world's biggest' bitcoin seizure (BBC) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

A Chinese state-sponsored group exploited enterprise devices in a global espionage effort. The UK Government guarantees £1.5 billion financing to help Jaguar Land Rover’s recovery efforts. A maximum-severity flaw in Fortra’s GoAnywhere Managed File Transfer product is under active exploitation. The AI boom faces sustainability questions. Akira ransomware bypasses MFA on SonicWall devices. Dutch teens are arrested for allegedly spying for Russia. Luxury retailer Harrods confirms a data breach. An Interpol crackdown targets African cybercrime rings. We’ve got our Monday business briefing. Brandon Karpf joins us to discuss the cybersecurity ecosystem in Japan. Cyber crooks offer a BBC journalist an early retirement package. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today our guest is Brandon Karpf, friend of the show, and he joins to discuss the Cybersecurity ecosystem in Japan. Selected Reading Chinese hackers breached critical infrastructure globally using enterprise network gear (CSO Online) UK government bails out Jaguar Land Rover with $2 billion loan (Metacurity) Maximum severity GoAnywhere MFT flaw exploited as zero day (Bleeping Computer) The AI boom is unsustainable unless tech spending goes ‘parabolic,’ Deutsche Bank warns: ‘This is highly unlikely’ (Fortune) Akira ransomware breaching MFA-protected SonicWall VPN accounts (Bleeping Computer) Dutch teens arrested for trying to spy on Europol for Russia (Bleeping Computer) Harrods: Hackers contact firm after 430,000 customer records stolen (BBC) Africa cybercrime crackdown includes hundreds of arrests, Interpol says (The Record) Cyberbit acquires RangeForce. Terra Security raises $30 million. (N2K Pro)  'You'll never need to work again': Criminals offer reporter money to hack BBC (BBC) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of Career Notes. Senior security engineer with the Johns Hopkins University Information Security Institute and the Institute for Assured Autonomy, Joe Carrigan, shares what he calls his life mistake and what spurred him to finally choose a career in technology. Throughout his life, Joe had interest in technology, he even worked at the computer lab in college, but never set his sights on that for a career. A conversation with a stranger guided him in that direction and he's been there ever since. As co-host of the CyberWire's Hacking Humans, Joe sees some heartbreaking results of scams and feels education of the public will help to prevent these. Joe reminds us to build our networks as they include people we can always go back to either when searching for a position or looking to fill one on our teams. We thank Joe for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

This week, we are joined by Martin Zugec, Technical Solutions Director from Bitdefender, sharing their work and findings on "EggStreme Malware: Unpacking a New APT Framework Targeting a Philippine Military Company. A newly identified Chinese APT group has been observed deploying a sophisticated, fileless malware framework called EggStreme against a Philippine military company. The multi-stage toolkit uses DLL sideloading and in-memory execution to evade detection, with its core backdoor, EggStremeAgent, enabling reconnaissance, lateral movement, keylogging, and data theft. Researchers note the campaign’s persistence and stealth highlight professional, geopolitically motivated espionage activity linked to Chinese national interests. The research can be found here: EggStreme Malware: Unpacking a New APT Framework Targeting a Philippine Military Company Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA gives federal agencies 24 hours to patch a critical Cisco firewall bug. Researchers uncover the first known malicious MCP server used in a supply chain attack. The New York SIM card threat may have been overblown. Microsoft tags a new variant of the XCSSET macOS malware. An exposed auto insurance claims database puts PII at risk. Amazon will pay $2.5 billion to settle dark pattern allegations. Researchers uncover North Korea’s hybrid playbook of cybercrime and insider threats. An old Hikvision security camera vulnerability rears its ugly head. Dan Trujillo from the Air Force Research Laboratory’s Space Vehicles Directorate joins Maria Varmazis, host of T-Minus Space Daily to discuss how his team is securing satellites and space systems from cyber threats. DOGE delivers dysfunction, disarray, and disappointment. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.CyberWire Guest Dan Trujillo from the Air Force Research Laboratory’s Space Vehicles Directorate joins Maria Varmazis, host of T-Minus Space Daily to discuss how his team is securing satellites and space systems from cyber threats and also shares advice for breaking into the fast-growing field of space cybersecurity Selected Reading Federal agencies given one day to patch exploited Cisco firewall bugs (The Record) First malicious MCP Server discovered, stealing data from AI-Powered email systems (Beyond Machines) Secret Service faces backlash over SIM farm bust as experts challenge threat claims (Metacurity) Microsoft warns of new XCSSET macOS malware variant targeting Xcode devs (Bleeping Computer) Microsoft cuts off cloud services to Israeli military unit after report of storing Palestinians' phone calls (CNBC) Auto Insurance Platform Exposed Over 5 Million Records Including Documents Containing PII (Website Planet) Amazon pays $2.5 billion to settle Prime memberships lawsuit (Bleeping Computer) DeceptiveDevelopment: From primitive crypto theft to sophisticated AI-based deception (We Live Security) Critical 8 years old Hikvision Camera flaw actively exploited again (Beyond Machines) The Story of DOGE, as Told by Federal Workers (WIRED) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Fortra flags a critical flaw in its GoAnywhere Managed File Transfer (MFT) solution. Cisco patches a critical vulnerability in its IOS and IOS XE software. Cloudflare thwarts yet another record DDoS attack. Rhysida ransomware gang claims the Maryland Transit cyberattack. The new “Obscura” ransomware strain spreads via domain controllers. Retailers’ use of generative AI expands attack surfaces. Researchers expose GitHub Actions misconfigurations with supply chain risk. Mandiant links the new BRICKSTORM backdoor to a China-based espionage campaign. Kansas students push back against an AI monitoring tool. Ben Yelin speaks with Michele Kellerman, Cybersecurity Engineer for Air and Missile Defense at Johns Hopkins University Applied Physics Lab, discussing Women's health apps and the legal grey zone that they create with HIPAA. Senators push the FTC to regulate your brainwaves. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Ben Yelin, co-host of Caveat, is speaking with Michele Kellerman, Cybersecurity Engineer for Air and Missile Defense at Johns Hopkins University Applied Physics Lab, about Women's health apps and the legal grey zone that they create with HIPAA. If you want to hear the full conversation, check it out on Caveat, here. Selected Reading Critical CVSS 10 Flaw in GoAnywhere File Transfer Threatens 20,000 Systems (HackRead) Cisco IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution Vulnerability (Cisco) Cloudflare mitigates new record-breaking 22.2 Tbps DDoS attack (Bleeping Computer) Ransomware gang known for government attacks claims Maryland transit incident (The Record) Obscura, an obscure new ransomware variant (Bleeping Computer) Threat Labs Report: Retail 2025 (Netskope) pull_request_nightmare Part 1: Exploiting GitHub Actions for RCE and Supply Chain Attacks (Orca) China-linked hackers use ‘BRICKSTORM’ backdoor to steal IP (The Record) AI safety tool sparks student backlash after flagging art as porn, deleting emails (The Washington Post) Senators introduce bill directing FTC to establish standards for protecting consumers’ neural data (The Record) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

British authorities arrest a man in connection with the Collins Aerospace ransomware attack. CISA says attackers breached a U.S. federal civilian executive branch agency last year. Researchers uncover two high-severity vulnerabilities in Supermicro server motherboards. A Las Vegas casino operator confirms a cyber attack. Analysts track multiple large-scale, automated email phishing campaigns. Libraesva issues an emergency patch for its Email Security Gateway. Our guest is Jason Clark, Chief Strategy Officer (CSO) at Cyera, tackling the security threat of Agentic AI. Robocars get misdirected by mirrors.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, we are joined by Jason Clark, Chief Strategy Officer (CSO) at Cyera, discussing tackling the security industry's biggest threat: Agent AI. If you want to hear the full conversation from Jason, you can check it out here. Selected Reading UK police arrest man over hack that affected European airports (Reuters) AI tool helped recover £500m lost to fraud, government says (BBC) CISA says hackers breached federal agency using GeoServer exploit (Bleeping Computer) Supermicro server motherboards can be infected with unremovable malware (Ars Technica) Boyd Gaming Suffers Cyberattack, Data Breach (Casino.org) Email Threat Radar – September 2025 (Barracuda) Revamped Phishing Techniques: How Telegram and Front-End Hosting Platforms Scale Campaigns (Forescout) GitHub notifications abused to impersonate Y Combinator for crypto theft (Bleeping Computer) Libraesva ESG issues emergency fix for bug exploited by state hackers (Bleeping Computer) Fooling a self-driving car with mirrors on traffic cones (The Register) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The Secret Service dismantles an illegal network. Jaguar Land Rover (JLR) extends the shutdown production plants. The EU probes tech giants over online scams. Iranian APT Nimbus Manticore expands operations in Europe. North Korean Kimsuky deploys a shortcut-based espionage campaign. Github and Ruby Central roll out supply-chain security upgrades. Lastpass warns of macOS ClickFix campaign using fake GitHub repos. AT&T’s CISO warns hackers mimic Salt Typhoon's unconventional tactics. CISO Perspectives host Kim Jones previews the upcoming season. An attorney pays $10K for AI hallucinations. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest CISO Perspectives host Kim Jones previews the upcoming season, sharing what’s ahead for listeners. From leadership challenges to the evolving role of the CISO, Kim highlights the conversations and insights you can expect this season.You can check out the season opener here. Selected Reading Cache of Devices Capable of Crashing Cell Network Is Found Near U.N. (The New York Times) Secret Service Disrupts Threat Network Near UN General Assembly (YouTube) JLR extends shutdown – again – as toll on workers laid bare (The Register) The EU is scrutinizing how Apple, Google, and Microsoft tackle online scams (The Verge) Nimbus Manticore Deploys New Malware Targeting Europe (Check Point Research) Kimsuky attack disguised as sex offender notice information (Logpresso) GitHub tightens npm security with mandatory 2FA, access tokens (Bleeping Computer) NPM package caught using QR Code to fetch cookie-stealing malware (Bleeping Computer) LastPass: Fake password managers infect Mac users with malware (Bleeping Computer) Telecom exec: Salt Typhoon inspiring other hackers to use unconventional techniques (CyberScoop) Attorney Slapped With Hefty Fine for Citing 21 Fake, AI-Generated Cases (PCMag) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Regulation is a double-edged sword. While it helps create structure, establish accountability, and set standards, it also creates unnecessary hurdles, slower response times, and overly rigid systems. With every administration, policy goals and subsequently regulatory stances change, which can have major impacts on business operations. In this episode of CISO Perspectives, host ⁠Kim Jones⁠ sits down with Ben Yelin, from the University of Maryland Center for Cyber Health and Hazard Strategies, to discuss the current state of regulation. Throughout the conversation, Ben and Kim discuss how the current administration views regulations and the future role of the federal government. Learn more about your ad choices. Visit megaphone.fm/adchoices

A major ransomware attack disrupts airport operations across Europe. Congress is on the verge of letting major cyber legislation expire. A critical flaw nearly allowed total compromise of every Entra ID tenant. Automaker Stellantis confirms a data breach. Fortra patches a critical flaw in its GoAnywhere MFT software. Europol leads a major operation against online child sexual exploitation. Three of the cybersecurity industry’s biggest players opt out of MITRE’s 2025 ATT&CK Evaluations. A compromised Steam game drains a cancer patient’s donations. Business Breakdown. Andrzej Olchawa and Milenko Starcik from VisionSpace join Maria Varmazis, host of T-Minus Space on hacking satellites. How one kid got tangled in Scattered Spider’s web. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Andrzej Olchawa and Milenko Starcik from VisionSpace are speaking with Maria Varmazis, host of T-Minus Space on hacking satellites. Selected Reading EU cyber agency says airport software held to ransom by criminals (BBC News) Cyber threat information law hurtles toward expiration, with poor prospects for renewal (CyberScoop) Microsoft Entra ID flaw allowed hijacking any company's tenant (Bleeping Computer) Stellantis says a third-party vendor spilled customer data (The Register) Fortra Patches Critical GoAnywhere MFT Vulnerability (SecurityWeek) AI Forensics Help Europol Track 51 Children in Global Online Abuse Case (HackRead) Cyber Threat Detection Vendors Pull Out of MITRE Evaluations Test (Infosecurity Magazine) Verified Steam game steals streamer's cancer treatment donations (Bleeping Computer) CrowdStrike and Check Point intend to acquire AI security firms. (N2K CyberWire Business Briefing)  ‘I Was a Weird Kid’: Jailhouse Confessions of a Teen Hacker (Bloomberg) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of Career Notes. CEO and Founder of KeyCaliber, Roselle Safran, takes us on her circuitous career journey from startup to White House and back to startup again. With a degree in civil engineering, Roselle veered off into a more technical role at a startup and she says "caught the startup bug." After convincing a hiring manager that she could learn on the job, she transitioned to computer forensics and started on the path of cybersecurity. Roselle worked in government for the Department of Homeland Security and then to the Executive Office of the President leading all of the security operations. She jumped back into the world of startups and has stayed there. Roselle tells people interested in a career in cybersecurity to just apply. Learn as much as you can and go for it. We thank Roselle for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

Today we are joined by Nati Tal, Head of Guardio Labs, discussing their work “CAPTCHAgeddon” or unmasking the viral evolution of the ClickFix browser-based threat. CAPTCHAgeddon — Shaked Chen’s deep dive into the ClickFix fake-captcha wave — reveals how a red-team trick morphed into a dominant, download-free browser threat that tricks users into pasting clipboard PowerShell/shell commands and leverages trusted infrastructure, including Google Scripts. Guardio’s DBSCAN-based payload clustering exposes distinct attacker toolkits and distribution paths — from malvertising and compromised WordPress to social posts and Git repos — and argues defenders need behavioral, intelligence-driven protections, not just signatures. The research can be found here: “CAPTCHAgeddon” Unmasking the Viral Evolution of the ClickFix Browser-Based Threat Learn more about your ad choices. Visit megaphone.fm/adchoices

OpenAI patches a ChatGPT flaw that could have exposed Gmail data. CISA documents malware exploiting two Ivanti Endpoint Manager Mobile (EPMM) flaws. WatchGuard patches a critical flaw in its Firebox firewalls. MI6 launches a dark web snitch site. The DoD looks to cut its cybersecurity job hiring time just 25 days. Researchers trick ChatGPT agents into solving CAPTCHAs. A UK teen faces accusations of being part of the Scattered Spider gang. The Senate confirms a new assistant secretary of defense for cyber policy. A former CIA officer is accused of selling classified information to private clients. Karin Ophir Zimet, Torq's Chief People Officer, is speaking with N2K Senior Workforce Analyst Will Markow about their internship program for upleveling AI skills. Russia’s AI propaganda goes prime time.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Karin Ophir Zimet, Torq's Chief People Officer, is speaking with N2K Senior Workforce Analyst Will Markow about their internship program for upleveling AI skills. Selected Reading OpenAI Fixed ChatGPT Security Flaw That Put Gmail Data at Risk (Bloomberg) CISA Analyzes Malware From Ivanti EPMM Intrusions (SecurityWeek) WatchGuard Issues Fix for 9.3-Rated Firebox Firewall Vulnerability (HackRead) MI6 upgrades dark web portal to recruit new spies (The Register) DOD official: We need to drop the cybersecurity talent hiring window to 25 days (CyberScoop) ChatGPT Tricked Into Solving CAPTCHAs (SecurityWeek) Scattered Spider teen cuffed after crypto splurge on games (The Register) Senate confirms Sutton as Pentagon cyber policy chief (The Record) Contractor Used Classified CIA Systems as ‘His Own Personal Google’ (404 Media) Russian State TV Launches AI-Generated News Satire Show (404 Media) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

SonicWall confirms a breach in its cloud backup platform. Google patches a high-severity zero-day in Chrome. Updates on the Shai-Hulud worm. Chinese phishing emails impersonate the chair of the House China Committee. The UK’s NCA takes the reins of the Five Eyes Law Enforcement Group. RevengeHotels uses AI to deliver VenomRAT to Windows systems. A major VC shares details of a recent ransomware attack. A lawsuit targets automated license plate readers. Our guest is Brock Lupton, Product Strategist at Maltego, discussing the human side of intelligence work. From mic check to malware, a crypto phishing story. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today on our Industry Voices segment, we are joined by Brock Lupton, Product Strategist at Maltego, discussing the human side of intelligence work. You can hear the full conversation with Brock here. Selected Reading SonicWall MySonicWall platform breached, firewall config files exposed (Beyond Machines) Google patches sixth Chrome zero-day exploited in attacks this year (Bleeping Computer) "Shai-Hulud" Worm Compromises npm Ecosystem in Supply Chain Attack (Palo Alto Networks) China-backed attackers spoof Congressman for US trade data (The Register) NCA Singles Out “The Com” as It Chairs Five Eyes Group (Infosecurity Magazine) New RevengeHotels attack targets Windows with VenomRAT (SC Media) VC Firm Insight Partners Notifies Victims After Ransomware Breach (Infosecurity Magazine) Police cameras tracked one driver 526 times in four months, lawsuit says (NBC) Fake Empire Podcast Invites Target Crypto Industry with macOS AMOS Stealer (HackRead) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

A new self-replicating malware infects the NPM repository. Microsoft and Cloudflare disrupt a Phishing-as-a-Service platform. Researchers uncover a new Fancy Bear backdoor campaign. The VoidProxy phishing-as-a-service (PhaaS) platform targets Microsoft 365 and Google accounts. A British telecom says its ransomware recovery may stretch into November. A new Rowhammer attack variant targets DDR5 memory. Democrats warn proposed budget cuts could slash the FBI’s cyber division staff by half at a heated Senate Judiciary Committee hearing. On our Industry Voices segment, we are joined by Abhishek Agrawal from Material security discussing challenges of securing the Google Workspace. Pompompurin heads to prison.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, we are joined by Abhishek Agrawal, CEO and Co-Founder of Material Security, discussing challenges of securing the Google Workspace. You can hear Abhishek’s full conversation here. Selected Reading Self-Replicating Worm Hits 180+ Software Packages (Krebs on Security) Microsoft disrupts the RaccoonO365 Phishing-as-a-Service operation, names alleged leader (Help Net Security) Fancy Bear attacks abuse Office macros, legitimate cloud services (SC Media) VoidProxy phishing operation targets Microsoft 365, Google accounts (SC Media) UK telco Colt’s cyberattack recovery seeps into November (The Register) Ruh-roh. DDR5 memory vulnerable to new Rowhammer attack (The Register) Senators, FBI Director Patel clash over cyber division personnel, arrests (CyberScoop) House lawmakers move to extend two key cyber programs, for now (The Record) BreachForums founder caged after soft sentence overturned (The Register) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

A controversial Trump administration deal gives the U.A.E. access to cutting-edge U.S. AI chips. FlowiseAI warns of a critical account takeover vulnerability. A new social engineering campaign impersonates Meta account suspension notices. A macOS Spotlight 0-day flaw  bypasses Apple’s Transparency, Consent, and Control (TCC) protections. Are cost saving from outsourced IT services worth the risk? Poland boosts its cybersecurity budget after a surge in Russian-backed attacks. NTT Group joins the Comm-ISAC. Jaguar Land Rover’s global shutdown continues. A data breach affects millions of customers of top luxury brands. On today's Threat Vector segment, David Moulton⁠ speaks with⁠ Palo Alto Networks’ Spencer Thellmann about the dual challenges of securing employee use of generative AI tools and defending internally built AI models and agents. AI chatbots hustle seniors for science. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector Segment On today's segment of Threat Vector, host⁠ David Moulton⁠, Director of Thought Leadership for Unit 42, speaks with⁠ Spencer Thellmann⁠, Principal Product Manager at Palo Alto Networks. David and Spencer explore the dual challenges of securing employee use of generative AI tools and defending internally built AI models and agents. You can listen to the full conversation here, and catch new episodes of Threat Vector each Thursday in your podcast app of choice. Selected Reading In Giant Deals, U.A.E. Got Chips, and Trump Team Got Crypto Riches (The New York Times) Critical FlowiseAI password reset flaw exposes accounts to complete takeover (Beyond Machines) New FileFix attack uses steganography to drop StealC malware (Bleeping Computer) From Spotlight to Apple Intelligence (Objective- See) The Elephant in The Biz: outsourcing of critical IT and cybersecurity functions risks UK economic security | by Kevin Beaumont | Sep, 2025 (DoublePulsar) Russian hackers target Polish hospitals and city water supply (The Financial Times) NTT Group Joins the U.S. Communications-ISAC (Topics) Jaguar Land Rover says cyberattack shutdown to last 'at least' another week (The Record) Bags of info stolen from multiple top luxury brands - double check your data now (TechRadar) We wanted to craft a perfect phishing scam. AI bots were happy to help (Reuters) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

This season on CISO Perspectives—your host, Kim Jones is digging into the issues shaping the future of cybersecurity leadership. From the regulations every CISO needs to understand, to the unexpected places privacy risks are emerging, to the new ways fraud and identity are colliding—these conversations will sharpen your strategies and strengthen your defenses. Industry leaders join the discussion to share their insights, challenges, and hard-earned lessons. Together, we’ll connect the dots across regulation, privacy, fraud, leadership, and talent—helping you build a stronger, more resilient cybersecurity ecosystem. This is CISO Perspectives. Real conversations. Real strategies. Real impact. Learn more about your ad choices. Visit megaphone.fm/adchoices

FBI botnet disruption leaves cybercriminals scrambling to pick up the pieces. Notorious ransomware gangs announce their retirement, but don’t hold your breath. Hacktivists leak data tied to China’s Great Firewall. A new report says DHS mishandled a key program designed to retain cyber talent at CISA. GPUGate malware cleverly evades analysis. WhiteCobra targets developers with malicious extensions. North Korea’s Kimsuky group uses AI to generate fake South Korean military IDs. My guest is Tim Starks from CyberScoop, discussing offensive cyber operations. A cyberattack leaves students hung out to dry. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined once again by Tim Starks from CyberScoop discussing offensive cyber operations. You can read Tim’s article Google previews cyber ‘disruption unit’ as U.S. government, industry weigh going heavier on offense for more background. Selected Reading The FBI Destroyed an Internet Weapon, but Criminals Picked Up the Pieces (Wall Street Journal) 15 ransomware gangs ‘go dark’ to enjoy 'golden parachutes' (The Register) 600 GB of Alleged Great Firewall of China Data Published in Largest Leak Yet (HackRead) China Enforces 1-Hour Cybersecurity Incident Reporting (The Cyber Express) ​​DHS watchdog finds mismanagement in critical cyber talent program (FedScoop) GPUGate Malware: Malicious GitHub Desktop Implants Use Hardware-Specific Decryption, Abuse Google Ads to Target Western Europe (Arctic Wolf) 'WhiteCobra' floods VSCode market with crypto-stealing extensions (Bleeping Computer) AI-Forged Military IDs Used in North Korean Phishing Attack (Infosecurity Magazine) Mitsubishi to acquire Nozomi Networks for nearly $1 billion. (N2K CyberWire Business Briefing)  Dutch students denied access to jailbroken laundry machines (The Register) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of Career Notes. Advisory CISO at Cisco, Helen Patton, shares that a combination of dumb luck, hard work and serendipity that got her to where she is today. Growing up in the country in Australia, Helen notes that computers were not really a thing. She happened into technology after moving to the US, as she was the only person in her office under 40. Of course she would be comfortable with computers and able to handle a database conversion, right? That launched her into a career that spanned supporting small nonprofits, working at one of the biggest banks on Wall Street while leading a global team, being the CISO of a major university, and now Advisory CISO at Cisco. Helen recently wrote a book, "Navigating the Cybersecurity Career Path," to help others know when it's time to move on from one role to another role as part of desire to give back to the community. We thank Helen for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices