Fortra flags a critical flaw in its GoAnywhere Managed File Transfer (MFT) solution. Cisco patches a critical vulnerability in its IOS and IOS XE software. Cloudflare thwarts yet another record DDoS attack. Rhysida ransomware gang claims the Maryland Transit cyberattack. The new “Obscura” ransomware strain spreads via domain controllers. Retailers’ use of generative AI expands attack surfaces. Researchers expose GitHub Actions misconfigurations with supply chain risk. Mandiant links the new BRICKSTORM backdoor to a China-based espionage campaign. Kansas students push back against an AI monitoring tool. Ben Yelin speaks with Michele Kellerman, Cybersecurity Engineer for Air and Missile Defense at Johns Hopkins University Applied Physics Lab, discussing Women's health apps and the legal grey zone that they create with HIPAA. Senators push the FTC to regulate your brainwaves. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Ben Yelin, co-host of Caveat, is speaking with Michele Kellerman, Cybersecurity Engineer for Air and Missile Defense at Johns Hopkins University Applied Physics Lab, about Women's health apps and the legal grey zone that they create with HIPAA. If you want to hear the full conversation, check it out on Caveat, here. Selected Reading Critical CVSS 10 Flaw in GoAnywhere File Transfer Threatens 20,000 Systems (HackRead) Cisco IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution Vulnerability (Cisco) Cloudflare mitigates new record-breaking 22.2 Tbps DDoS attack (Bleeping Computer) Ransomware gang known for government attacks claims Maryland transit incident (The Record) Obscura, an obscure new ransomware variant (Bleeping Computer) Threat Labs Report: Retail 2025 (Netskope) pull_request_nightmare Part 1: Exploiting GitHub Actions for RCE and Supply Chain Attacks (Orca) China-linked hackers use ‘BRICKSTORM’ backdoor to steal IP (The Record) AI safety tool sparks student backlash after flagging art as porn, deleting emails (The Washington Post) Senators introduce bill directing FTC to establish standards for protecting consumers’ neural data (The Record) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

British authorities arrest a man in connection with the Collins Aerospace ransomware attack. CISA says attackers breached a U.S. federal civilian executive branch agency last year. Researchers uncover two high-severity vulnerabilities in Supermicro server motherboards. A Las Vegas casino operator confirms a cyber attack. Analysts track multiple large-scale, automated email phishing campaigns. Libraesva issues an emergency patch for its Email Security Gateway. Our guest is Jason Clark, Chief Strategy Officer (CSO) at Cyera, tackling the security threat of Agentic AI. Robocars get misdirected by mirrors.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, we are joined by Jason Clark, Chief Strategy Officer (CSO) at Cyera, discussing tackling the security industry's biggest threat: Agent AI. If you want to hear the full conversation from Jason, you can check it out here. Selected Reading UK police arrest man over hack that affected European airports (Reuters) AI tool helped recover £500m lost to fraud, government says (BBC) CISA says hackers breached federal agency using GeoServer exploit (Bleeping Computer) Supermicro server motherboards can be infected with unremovable malware (Ars Technica) Boyd Gaming Suffers Cyberattack, Data Breach (Casino.org) Email Threat Radar – September 2025 (Barracuda) Revamped Phishing Techniques: How Telegram and Front-End Hosting Platforms Scale Campaigns (Forescout) GitHub notifications abused to impersonate Y Combinator for crypto theft (Bleeping Computer) Libraesva ESG issues emergency fix for bug exploited by state hackers (Bleeping Computer) Fooling a self-driving car with mirrors on traffic cones (The Register) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The Secret Service dismantles an illegal network. Jaguar Land Rover (JLR) extends the shutdown production plants. The EU probes tech giants over online scams. Iranian APT Nimbus Manticore expands operations in Europe. North Korean Kimsuky deploys a shortcut-based espionage campaign. Github and Ruby Central roll out supply-chain security upgrades. Lastpass warns of macOS ClickFix campaign using fake GitHub repos. AT&T’s CISO warns hackers mimic Salt Typhoon's unconventional tactics. CISO Perspectives host Kim Jones previews the upcoming season. An attorney pays $10K for AI hallucinations. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest CISO Perspectives host Kim Jones previews the upcoming season, sharing what’s ahead for listeners. From leadership challenges to the evolving role of the CISO, Kim highlights the conversations and insights you can expect this season.You can check out the season opener here. Selected Reading Cache of Devices Capable of Crashing Cell Network Is Found Near U.N. (The New York Times) Secret Service Disrupts Threat Network Near UN General Assembly (YouTube) JLR extends shutdown – again – as toll on workers laid bare (The Register) The EU is scrutinizing how Apple, Google, and Microsoft tackle online scams (The Verge) Nimbus Manticore Deploys New Malware Targeting Europe (Check Point Research) Kimsuky attack disguised as sex offender notice information (Logpresso) GitHub tightens npm security with mandatory 2FA, access tokens (Bleeping Computer) NPM package caught using QR Code to fetch cookie-stealing malware (Bleeping Computer) LastPass: Fake password managers infect Mac users with malware (Bleeping Computer) Telecom exec: Salt Typhoon inspiring other hackers to use unconventional techniques (CyberScoop) Attorney Slapped With Hefty Fine for Citing 21 Fake, AI-Generated Cases (PCMag) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Regulation is a double-edged sword. While it helps create structure, establish accountability, and set standards, it also creates unnecessary hurdles, slower response times, and overly rigid systems. With every administration, policy goals and subsequently regulatory stances change, which can have major impacts on business operations. In this episode of CISO Perspectives, host ⁠Kim Jones⁠ sits down with Ben Yelin, from the University of Maryland Center for Cyber Health and Hazard Strategies, to discuss the current state of regulation. Throughout the conversation, Ben and Kim discuss how the current administration views regulations and the future role of the federal government. Learn more about your ad choices. Visit megaphone.fm/adchoices

A major ransomware attack disrupts airport operations across Europe. Congress is on the verge of letting major cyber legislation expire. A critical flaw nearly allowed total compromise of every Entra ID tenant. Automaker Stellantis confirms a data breach. Fortra patches a critical flaw in its GoAnywhere MFT software. Europol leads a major operation against online child sexual exploitation. Three of the cybersecurity industry’s biggest players opt out of MITRE’s 2025 ATT&CK Evaluations. A compromised Steam game drains a cancer patient’s donations. Business Breakdown. Andrzej Olchawa and Milenko Starcik from VisionSpace join Maria Varmazis, host of T-Minus Space on hacking satellites. How one kid got tangled in Scattered Spider’s web. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Andrzej Olchawa and Milenko Starcik from VisionSpace are speaking with Maria Varmazis, host of T-Minus Space on hacking satellites. Selected Reading EU cyber agency says airport software held to ransom by criminals (BBC News) Cyber threat information law hurtles toward expiration, with poor prospects for renewal (CyberScoop) Microsoft Entra ID flaw allowed hijacking any company's tenant (Bleeping Computer) Stellantis says a third-party vendor spilled customer data (The Register) Fortra Patches Critical GoAnywhere MFT Vulnerability (SecurityWeek) AI Forensics Help Europol Track 51 Children in Global Online Abuse Case (HackRead) Cyber Threat Detection Vendors Pull Out of MITRE Evaluations Test (Infosecurity Magazine) Verified Steam game steals streamer's cancer treatment donations (Bleeping Computer) CrowdStrike and Check Point intend to acquire AI security firms. (N2K CyberWire Business Briefing)  ‘I Was a Weird Kid’: Jailhouse Confessions of a Teen Hacker (Bloomberg) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of Career Notes. CEO and Founder of KeyCaliber, Roselle Safran, takes us on her circuitous career journey from startup to White House and back to startup again. With a degree in civil engineering, Roselle veered off into a more technical role at a startup and she says "caught the startup bug." After convincing a hiring manager that she could learn on the job, she transitioned to computer forensics and started on the path of cybersecurity. Roselle worked in government for the Department of Homeland Security and then to the Executive Office of the President leading all of the security operations. She jumped back into the world of startups and has stayed there. Roselle tells people interested in a career in cybersecurity to just apply. Learn as much as you can and go for it. We thank Roselle for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

Today we are joined by Nati Tal, Head of Guardio Labs, discussing their work “CAPTCHAgeddon” or unmasking the viral evolution of the ClickFix browser-based threat. CAPTCHAgeddon — Shaked Chen’s deep dive into the ClickFix fake-captcha wave — reveals how a red-team trick morphed into a dominant, download-free browser threat that tricks users into pasting clipboard PowerShell/shell commands and leverages trusted infrastructure, including Google Scripts. Guardio’s DBSCAN-based payload clustering exposes distinct attacker toolkits and distribution paths — from malvertising and compromised WordPress to social posts and Git repos — and argues defenders need behavioral, intelligence-driven protections, not just signatures. The research can be found here: “CAPTCHAgeddon” Unmasking the Viral Evolution of the ClickFix Browser-Based Threat Learn more about your ad choices. Visit megaphone.fm/adchoices

OpenAI patches a ChatGPT flaw that could have exposed Gmail data. CISA documents malware exploiting two Ivanti Endpoint Manager Mobile (EPMM) flaws. WatchGuard patches a critical flaw in its Firebox firewalls. MI6 launches a dark web snitch site. The DoD looks to cut its cybersecurity job hiring time just 25 days. Researchers trick ChatGPT agents into solving CAPTCHAs. A UK teen faces accusations of being part of the Scattered Spider gang. The Senate confirms a new assistant secretary of defense for cyber policy. A former CIA officer is accused of selling classified information to private clients. Karin Ophir Zimet, Torq's Chief People Officer, is speaking with N2K Senior Workforce Analyst Will Markow about their internship program for upleveling AI skills. Russia’s AI propaganda goes prime time.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Karin Ophir Zimet, Torq's Chief People Officer, is speaking with N2K Senior Workforce Analyst Will Markow about their internship program for upleveling AI skills. Selected Reading OpenAI Fixed ChatGPT Security Flaw That Put Gmail Data at Risk (Bloomberg) CISA Analyzes Malware From Ivanti EPMM Intrusions (SecurityWeek) WatchGuard Issues Fix for 9.3-Rated Firebox Firewall Vulnerability (HackRead) MI6 upgrades dark web portal to recruit new spies (The Register) DOD official: We need to drop the cybersecurity talent hiring window to 25 days (CyberScoop) ChatGPT Tricked Into Solving CAPTCHAs (SecurityWeek) Scattered Spider teen cuffed after crypto splurge on games (The Register) Senate confirms Sutton as Pentagon cyber policy chief (The Record) Contractor Used Classified CIA Systems as ‘His Own Personal Google’ (404 Media) Russian State TV Launches AI-Generated News Satire Show (404 Media) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

SonicWall confirms a breach in its cloud backup platform. Google patches a high-severity zero-day in Chrome. Updates on the Shai-Hulud worm. Chinese phishing emails impersonate the chair of the House China Committee. The UK’s NCA takes the reins of the Five Eyes Law Enforcement Group. RevengeHotels uses AI to deliver VenomRAT to Windows systems. A major VC shares details of a recent ransomware attack. A lawsuit targets automated license plate readers. Our guest is Brock Lupton, Product Strategist at Maltego, discussing the human side of intelligence work. From mic check to malware, a crypto phishing story. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today on our Industry Voices segment, we are joined by Brock Lupton, Product Strategist at Maltego, discussing the human side of intelligence work. You can hear the full conversation with Brock here. Selected Reading SonicWall MySonicWall platform breached, firewall config files exposed (Beyond Machines) Google patches sixth Chrome zero-day exploited in attacks this year (Bleeping Computer) "Shai-Hulud" Worm Compromises npm Ecosystem in Supply Chain Attack (Palo Alto Networks) China-backed attackers spoof Congressman for US trade data (The Register) NCA Singles Out “The Com” as It Chairs Five Eyes Group (Infosecurity Magazine) New RevengeHotels attack targets Windows with VenomRAT (SC Media) VC Firm Insight Partners Notifies Victims After Ransomware Breach (Infosecurity Magazine) Police cameras tracked one driver 526 times in four months, lawsuit says (NBC) Fake Empire Podcast Invites Target Crypto Industry with macOS AMOS Stealer (HackRead) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

A new self-replicating malware infects the NPM repository. Microsoft and Cloudflare disrupt a Phishing-as-a-Service platform. Researchers uncover a new Fancy Bear backdoor campaign. The VoidProxy phishing-as-a-service (PhaaS) platform targets Microsoft 365 and Google accounts. A British telecom says its ransomware recovery may stretch into November. A new Rowhammer attack variant targets DDR5 memory. Democrats warn proposed budget cuts could slash the FBI’s cyber division staff by half at a heated Senate Judiciary Committee hearing. On our Industry Voices segment, we are joined by Abhishek Agrawal from Material security discussing challenges of securing the Google Workspace. Pompompurin heads to prison.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, we are joined by Abhishek Agrawal, CEO and Co-Founder of Material Security, discussing challenges of securing the Google Workspace. You can hear Abhishek’s full conversation here. Selected Reading Self-Replicating Worm Hits 180+ Software Packages (Krebs on Security) Microsoft disrupts the RaccoonO365 Phishing-as-a-Service operation, names alleged leader (Help Net Security) Fancy Bear attacks abuse Office macros, legitimate cloud services (SC Media) VoidProxy phishing operation targets Microsoft 365, Google accounts (SC Media) UK telco Colt’s cyberattack recovery seeps into November (The Register) Ruh-roh. DDR5 memory vulnerable to new Rowhammer attack (The Register) Senators, FBI Director Patel clash over cyber division personnel, arrests (CyberScoop) House lawmakers move to extend two key cyber programs, for now (The Record) BreachForums founder caged after soft sentence overturned (The Register) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

A controversial Trump administration deal gives the U.A.E. access to cutting-edge U.S. AI chips. FlowiseAI warns of a critical account takeover vulnerability. A new social engineering campaign impersonates Meta account suspension notices. A macOS Spotlight 0-day flaw  bypasses Apple’s Transparency, Consent, and Control (TCC) protections. Are cost saving from outsourced IT services worth the risk? Poland boosts its cybersecurity budget after a surge in Russian-backed attacks. NTT Group joins the Comm-ISAC. Jaguar Land Rover’s global shutdown continues. A data breach affects millions of customers of top luxury brands. On today's Threat Vector segment, David Moulton⁠ speaks with⁠ Palo Alto Networks’ Spencer Thellmann about the dual challenges of securing employee use of generative AI tools and defending internally built AI models and agents. AI chatbots hustle seniors for science. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector Segment On today's segment of Threat Vector, host⁠ David Moulton⁠, Director of Thought Leadership for Unit 42, speaks with⁠ Spencer Thellmann⁠, Principal Product Manager at Palo Alto Networks. David and Spencer explore the dual challenges of securing employee use of generative AI tools and defending internally built AI models and agents. You can listen to the full conversation here, and catch new episodes of Threat Vector each Thursday in your podcast app of choice. Selected Reading In Giant Deals, U.A.E. Got Chips, and Trump Team Got Crypto Riches (The New York Times) Critical FlowiseAI password reset flaw exposes accounts to complete takeover (Beyond Machines) New FileFix attack uses steganography to drop StealC malware (Bleeping Computer) From Spotlight to Apple Intelligence (Objective- See) The Elephant in The Biz: outsourcing of critical IT and cybersecurity functions risks UK economic security | by Kevin Beaumont | Sep, 2025 (DoublePulsar) Russian hackers target Polish hospitals and city water supply (The Financial Times) NTT Group Joins the U.S. Communications-ISAC (Topics) Jaguar Land Rover says cyberattack shutdown to last 'at least' another week (The Record) Bags of info stolen from multiple top luxury brands - double check your data now (TechRadar) We wanted to craft a perfect phishing scam. AI bots were happy to help (Reuters) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

This season on CISO Perspectives—your host, Kim Jones is digging into the issues shaping the future of cybersecurity leadership. From the regulations every CISO needs to understand, to the unexpected places privacy risks are emerging, to the new ways fraud and identity are colliding—these conversations will sharpen your strategies and strengthen your defenses. Industry leaders join the discussion to share their insights, challenges, and hard-earned lessons. Together, we’ll connect the dots across regulation, privacy, fraud, leadership, and talent—helping you build a stronger, more resilient cybersecurity ecosystem. This is CISO Perspectives. Real conversations. Real strategies. Real impact. Learn more about your ad choices. Visit megaphone.fm/adchoices

FBI botnet disruption leaves cybercriminals scrambling to pick up the pieces. Notorious ransomware gangs announce their retirement, but don’t hold your breath. Hacktivists leak data tied to China’s Great Firewall. A new report says DHS mishandled a key program designed to retain cyber talent at CISA. GPUGate malware cleverly evades analysis. WhiteCobra targets developers with malicious extensions. North Korea’s Kimsuky group uses AI to generate fake South Korean military IDs. My guest is Tim Starks from CyberScoop, discussing offensive cyber operations. A cyberattack leaves students hung out to dry. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined once again by Tim Starks from CyberScoop discussing offensive cyber operations. You can read Tim’s article Google previews cyber ‘disruption unit’ as U.S. government, industry weigh going heavier on offense for more background. Selected Reading The FBI Destroyed an Internet Weapon, but Criminals Picked Up the Pieces (Wall Street Journal) 15 ransomware gangs ‘go dark’ to enjoy 'golden parachutes' (The Register) 600 GB of Alleged Great Firewall of China Data Published in Largest Leak Yet (HackRead) China Enforces 1-Hour Cybersecurity Incident Reporting (The Cyber Express) ​​DHS watchdog finds mismanagement in critical cyber talent program (FedScoop) GPUGate Malware: Malicious GitHub Desktop Implants Use Hardware-Specific Decryption, Abuse Google Ads to Target Western Europe (Arctic Wolf) 'WhiteCobra' floods VSCode market with crypto-stealing extensions (Bleeping Computer) AI-Forged Military IDs Used in North Korean Phishing Attack (Infosecurity Magazine) Mitsubishi to acquire Nozomi Networks for nearly $1 billion. (N2K CyberWire Business Briefing)  Dutch students denied access to jailbroken laundry machines (The Register) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of Career Notes. Advisory CISO at Cisco, Helen Patton, shares that a combination of dumb luck, hard work and serendipity that got her to where she is today. Growing up in the country in Australia, Helen notes that computers were not really a thing. She happened into technology after moving to the US, as she was the only person in her office under 40. Of course she would be comfortable with computers and able to handle a database conversion, right? That launched her into a career that spanned supporting small nonprofits, working at one of the biggest banks on Wall Street while leading a global team, being the CISO of a major university, and now Advisory CISO at Cisco. Helen recently wrote a book, "Navigating the Cybersecurity Career Path," to help others know when it's time to move on from one role to another role as part of desire to give back to the community. We thank Helen for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

Today we are joined by Amanda Rousseau, Principal AI Security Researcher from Straiker, discussing their work on "The Silent Exfiltration: Zero‑Click Agentic AI Hack That Can Leak Your Google Drive with One Email." Straiker’s research found that enterprise AI agents can be silently manipulated to leak sensitive data, even without user clicks or alerts. By chaining small gaps across tools like Gmail, Google Drive, and calendars, attackers achieved zero-click exfiltration, system mapping, and even policy rewrites. The findings highlight that excessive agent autonomy creates a new attack surface, requiring least-privilege design, runtime guardrails, and continuous red-teaming to stay secure. The research can be found here: The Silent Exfiltration: Zero‑Click Agentic AI Hack That Can Leak Your Google Drive with One Email Learn more about your ad choices. Visit megaphone.fm/adchoices

Samsung patches a critical Android zero-day vulnerability. Microsoft resolves a global Exchange Online outage. CISA reaffirms its commitment to the CVE program. California passes a bill requiring web browsers to let users automatically send opt-out signals. Apple issues spyware attack warnings. The FTC opens an investigation into AI chatbots on how they protect children and teens. A hacker convicted of attempting to extort more than 20,000 psychotherapy patients is free on appeal. Our guest is Dave Lewis, Global Advisory CISO at 1Password, discussing how security leaders can protect M&A deal value and integrity. Schools face insider threats from students. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today’s guest is Dave Lewis, Global Advisory CISO at 1Password, discussing how security leaders can protect deal value and integrity.Selected Reading Samsung patches actively exploited zero-day reported by WhatsApp (Bleeping Computer) Microsoft fixes Exchange Online outage affecting users worldwide (Bleeping Computer) CISA looks to partners to shore up the future of the CVE Program (Help Net Security) California legislature passes bill forcing web browsers to let consumers automatically opt out of data sharing (The Record) Apple warns customers targeted in recent spyware attacks (Bleeping Computer) FTC to AI Companies: Tell Us How You Protect Teens and Kids Who Use AI Companions (CNET) Defence, Space and Cybersecurity. Why the General Assembly in Frascati matters (Decode39) DSEI Takeaways: Space and Cyber and the Invisible Front Line (Via Satellite)  Hacker convicted of extorting 20,000 psychotherapy victims walks free during appeal (The Record) Children hacking their own schools for 'fun', watchdog warns (BBC) - kicker Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The House passes a defense policy bill that includes new provisions on cybersecurity and artificial intelligence. Senator Wyden accuses Microsoft of “gross cybersecurity negligence” after a 2024 ransomware attack crippled healthcare giant Ascension. The White House shelves plans to split U.S. Cyber Command and the NSA. The Pentagon finalizes its long-awaited Cybersecurity Maturity Model Certification (CMMC 2.0) rule. Akira ransomware group targets SonicWall devices. Officials warn solar-powered highway infrastructure should be checked for hidden radios. The Atlantic Council maps the global spyware market. Researchers uncover serious flaws in Apple’s AirPlay. A European DDoS mitigation provider thwarts a record-breaking attack. My Caveat cohosts Ethan Cook and Ben Yelin unpack the cyber elements of the Big Beautiful Bill. Who fixes the vibe code?  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we have Ethan Cook joining Caveat hosts Dave Bittner and Ben Yelin for this month’s Policy Deep Dive. Together, they unpack HR1, the “Big Beautiful Bill”, and how its investments in technology, supply chain security, and defensive resiliency reflect the Trump administration’s push for long-term technological dominance. If you want to hear the full conversation, head over to Caveat. Selected Reading House moves ahead with defense bill that includes AI, cyber provisions (The Record) FTC should investigate Microsoft after Ascension ransomware attack, senator says (The Record) Cyber Command, NSA to remain under single leader as officials shelve plan to end 'dual hat' (The Record) Pentagon Releases Long-Awaited Contractor Cybersecurity Rule (GovInfo Security) Akira Ransomware Group Utilizing SonicWall Devices for Initial Access (Rapid7) Exclusive: US warns hidden radios may be embedded in solar-powered highway infrastructure (Reuters) Mythical Beasts: Diving into the depths of the global spyware market (Atlantic Council) Remote CarPlay Hack Puts Drivers at Risk of Distraction and Surveillance (SecurityWeek) DDoS defender targeted in 1.5 Bpps denial-of-service attack (Bleeping Computer) The Software Engineers Paid to Fix Vibe Coded Messes (404 Media) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Patch Tuesday. A data leak sheds light on North Korean APT Kimsuky. Apple introduces Memory Integrity Enforcement. Ransomware payments have dropped sharply in the education sector in 2025. A top NCS official warns ICS security lags behind, and a senator calls U.S. cybersecurity a “hellscape”. A Ukrainian national faces federal charges and an $11 million bounty for allegedly running multiple ransomware operations. Our guest is Jake Braun sharing the latest on Project Franklin. WhoFi makes WiFi a new spy. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Jake Braun, longtime DEF CON organizer, former White House official, and lead on DEF CON Franklin, sharing the latest on Project Franklin. Selected Reading Two Zero-Days Among Patch Tuesday CVEs This Month (Infosecurity Magazine) Fortinet, Ivanti, Nvidia Release Security Updates (SecurityWeek) ICS Patch Tuesday: Rockwell Automation Leads With 8 Security Advisories (SecurityWeek) SAP 'wins' Patch Tuesday with worse flaws than Microsoft  (The Register) Adobe Patches Critical ColdFusion and Commerce Vulnerabilities (SecurityWeek) Data leak sheds light on Kimsuky operations (SC Media) Apple Unveils iPhone Memory Protections to Combat Sophisticated Attacks (SecurityWeek) Learn about ChillyHell, a modular Mac backdoor (jamf) Ransomware Payments Plummet in Education Amid Enhanced Resiliency (Infosecurity Magazine) Critical infrastructure security tech needs to be as good as our smartphones, top NSC cyber official says (CyberScoop) Sen. King: Cyber domain is a ‘hellscape’ that will be made worse by cuts (The Record) US indicts alleged ransomware boss tied to $18B in damages (The Register)Jeremy Clarkson's pub has been 'swindled' out of £27,000 by hackers (Manchester Evening News) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The open source community heads off a major npm supply chain attack. The Treasury Department sanctions cyber scam centers in Myanmar and Cambodia. Scammers abuse iCloud Calendar invites to send callback phishing emails. Researchers discover a new malware variant exploiting exposed Docker APIs. Phishing attacks abuse the Axios user agent and Microsoft’s Direct Send feature. Plex warns users of a data breach.  Researchers flag a surge in scans targeting Cisco ASA devices. CISA delays finalizing its incident reporting rule. The GAO says federal cyber workforce figures are incomplete and unreliable. Our guest is Kevin Magee, Global Director of Cybersecurity Startups at Microsoft Security, discussing cybersecurity education going back to school. AI earns its own Darwin awards.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Kevin Magee, Global Director of Cybersecurity Startups at Microsoft Security discussing cybersecurity education going back to school. Selected Reading Hackers hijack npm packages with 2 billion weekly downloads in supply chain attack (Bleeping Computer) Open Source Community Thwarts Massive npm Supply Chain Attack (Infosecurity Magazine) US sanctions companies behind cyber scam centers in Cambodia, Myanmar (The Record) New Apple Warning, This iCloud Calendar Invite Is Actually An Attack (Forbes) New Docker Malware Strain Spotted Blocking Rivals on Exposed APIs (HackRead) Axios User Agent Helps Automate Phishing on “Unprecedented Scale” (Infosecurity Magazine) Plex Urges Password Resets Following Data Breach (SecurityWeek) Surge in networks scans targeting Cisco ASA devices raise concerns (Bleeping Computer) CISA pushes final cyber incident reporting rule to May 2026 (CyberScoop) US government lacks clarity into its infosec workforce (The Register) AI Darwin Awards launch to celebrate spectacularly bad deployments (The Register) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The EU fines Google $3.5 billion over adtech abuses. Cloudflare blocks record-breaking Distributed Denial of Service (DDoS) attacks. The Salesforce-Salesloft breach began months earlier with GitHub access. Researchers say the new TAG-150 cybercriminal group has been active since March. Hackers use stolen secrets to leak more than 6,700 Nx private repositories. Subsea cable outages disrupt internet connectivity across India, Pakistan, and parts of the UAE. Monday Business Breakdown. On our Industry Voices segment Todd Moore, Global Vice President, Data Security at Thales, unpacks the perils of insider risk. Hackers claim Burger King’s security flaws are a real whopper. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Industry Voices On our Industry Voices segment, we are joined by ⁠Todd Moore⁠, Global Vice President, Data Security at ⁠Thales⁠, discussing the biggest threat to your data has a badge, a password, and years of goodwill. Check out Todd's full conversation here. Selected Reading EU fines Google $3.5 billion for anti-competitive ad practices (Bleeping Computer) Cloudflare blocks massive 11.5 Tbps DDoS attack (SDxCentral) Salesloft GitHub Account Compromised Months Before Salesforce Attack (SecurityWeek) From CastleLoader to CastleRAT: TAG-150 Advances Operations with Multi-Tiered Infrastructure (Recorded Future) Over 6,700 Private Repositories Made Public in Nx Supply Chain Attack (SecurityWeek) Red Sea cable cuts disrupt internet across Asia and the Middle East (Reuters) ⁠N2K Pro Business Briefing update⁠ (N2K Networks) Burger King hacked, attackers 'impressed by the commitment to terrible security practices' — systems described as 'solid as a paper Whopper wrapper in the rain,’ other RBI brands like Tim Hortons and Popeyes also vulnerable (Tom’s Hardware) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices