A foreign threat actor breached a key U.S. nuclear weapons manufacturing site. The cyberattack on Jaguar Land Rover is the most financially damaging cyber incident in UK history. A new report from Microsoft’ warns that AI is reshaping cybersecurity at an unprecedented pace. The ToolShell vulnerability fuels Chinese cyber operations across four continents. Fake browser updates are spreading RansomHub, LockBit, and data-stealing malware. Hackers deface LA Metro bus stop displays. A Spyware developer is warned by Apple of a mercenary spyware attack. Pwn2Own payouts proceed. Ben Yelin from University of Maryland Center for Cyber Health and Hazard Strategies on a Federal Whistle Blower from the SSA. When the cloud goes down, beds heat up. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Ben Yelin from University of Maryland Center for Cyber Health and Hazard Strategies on a Federal Whistle Blower from the SSA. If you enjoyed Ben’s conversation, be sure to check out more from him over on the Caveat Podcast.

2025 Microsoft Digital Defense Report

To learn more about the 2025 Microsoft Digital Defense Report, join our partners on The Microsoft Threat Intelligence Podcast. On today’s episode, host Sherrod DeGrippo is joined by Chloé Messdaghi and Crane Hassold to unpack the key findings of the 2025 Microsoft Digital Defense Report; a comprehensive look at how the cyber threat landscape is accelerating through AI, automation, and industrialized criminal networks. You can listen to new episodes of The Microsoft Threat Intelligence Podcast every other Wednesday on your favorite podcast app.

Selected Reading

Foreign hackers breached a US nuclear weapons plant via SharePoint flaws (CSO Online)

JLR hack is costliest cyber attack in UK history, say analysts (BBC)

Microsoft 2025 digital defense report flags rising AI-driven threats, forces rethink of traditional defenses (Industrial Cyber)

The New Frontlines of Cybersecurity: Lessons from the 2025 Digital Defense Report (The Microsoft Threat Intelligence Podcast)  

Sharepoint ToolShell attacks targeted orgs across four continents (Bleeping Computer)

SocGholish Malware Using Compromised Sites to gDeliver Ransomware (Hackread)

LA Metro digital signs taken over by hackers (KTLA)

Apple alerts exploit developer that his iPhone was targeted with government spyware (TechCrunch)

Hackers Earn Over $520,000 on First Day of Pwn2Own Ireland 2025 (SecurityWeek)

AWS crash causes $2,000 Smart Beds to overheat and get stuck upright (Dexerto)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA warns a Windows SMB privilege escalation flaw is under Active exploitation. Microsoft issues an out of band fix for a WinRE USB input failure. Nation state hackers had long term access to F5. Envoy Air confirms it was hit by the zero-day in Oracle’s E-Business Suite. A nonprofit hospital system in Massachusetts suffers a cyberattack. Russian’s COLDRiver group rapidly retools its malware arsenal. GlassWorm malware hides malicious logic with invisible Unicode characters. European authorities dismantle a large-scale Latvian SIM farm operation. Myanmar’s military raids a notorious cybercrime hub. Josh Kamdjou, from Sublime Security discusses how teams should get ahead of Scattered Spider's next move. Eagle Scouts are soaring into cyberspace.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Josh Kamdjou, CEO and co-founder of Sublime Security and former DOD white hat hacker, is discussing how teams should get ahead of Scattered Spider's next move.

Selected Reading

CISA warns of active exploitation of Windows SMB privilege escalation flaw (Beyond Machines)

Windows 11 KB5070773 emergency update fixes Windows Recovery issues (Bleeping Computer)

Hackers Had Been Lurking in Cyber Firm F5 Systems Since 2023 (Bloomberg)

Envoy Air (American Airlines) Confirms Oracle EBS 0-Day Breach Linked to Cl0p (Hackread)

Cyberattack Disrupts Services at 2 Massachusetts Hospitals (BankInfo Security)

Russian Coldriver Hackers Deploy New ‘NoRobot’ Malware (Infosecurity Magazine)

Self-spreading GlassWorm malware hits OpenVSX, VS Code registries (Bleeping Computer)

Police Shutter SIM Farm Provider in Latvia, Bust 7 Suspects (Data Breach Today)

Myanmar Military Shuts Down Major Cybercrime Center and Detains Over 2,000 People (SecurityWeek)

Scouts will now be able to earn badges in AI and cybersecurity (CNN Business)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

On this episode, host Kim Jones is joined by Ethan Cook, N2K’s lead analyst and editor, for a deeper, more reflective conversation on cybersecurity regulation, privacy, and the future of policy. This episode steps back from the news cycle to connect the dots and explore where the regulatory landscape is heading — and why it matters.

Ethan, who will join the show regularly this season to provide big-picture analysis after major policy conversations, shares his perspective on the evolving balance between government oversight, innovation, and individual responsibility.

This episode of N2K Pro's CISO Perspectives podcast is brought to you by our sponsor, Meter. Meter provides a full-stack, enterprise-grade networking solution—wired, wireless, and cellular—designed, deployed, and managed end-to-end. From hardware to software, ISP to security, Meter delivers seamless, secure, and scalable connectivity for modern business environments. Learn more about Meter.

Learn more about your ad choices. Visit megaphone.fm/adchoices

An AWS outage sparks speculation. An F5 exposure and breach raise patching and supply-chain concerns. Salt Typhoon breaches a European telecom via a Netscaler flaw. A judge bans NSO Group from Whatsapp. China alleges “irrefutable evidence” of NSA hacking. Connectwise patches adversary in the middle risks. A Dolby decoder flaw enables zero-click remote code execution on Android. A Cyber M&A and funding surge signals a busy consolidation cycle.  Our guest Jeff Collins, CEO of WanAware, sharing how hospital consolidations are reshaping IT asset visibility and what it takes to close these gaps. One man’s quest to make AI art legit. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Jeff Collins, CEO of WanAware, sharing how hospital consolidations are reshaping IT asset visibility and what it takes to close these gaps.

Selected Reading

Cyberattack: Did China just bring Amazon down, along with Robinhood, Snapchat - what happened? Here's what experts are saying (The Economic Times)

F5 breach exposes 262,000 BIG-IP systems worldwide (Security Affairs)

Salt Typhoon Uses Citrix Flaw in Global Cyber-Attack (Infosecurity Magazine)

Israeli spyware company blocked from WhatsApp (Courthouse News Service)

China Says It Found Evidence of US Cyber Attack on State Agency (Bloomberg)

ConnectWise Patches Critical Flaw in Automate RMM Tool (SecurityWeek)

Vulnerability in Dolby Decoder Can Allow Zero-Click Attacks (SecurityWeek)

NSO Group acquired by American investors. LevelBlue to acquire Cybereason. (N2K Pro Business Briefing)

Creator of Infamous AI Painting Tells Court He's a Real Artist (404 Media)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of Career Notes.

Cybersecurity Associate Consultant at BARR Advisory, Kristin Strand, shares her journey from the military to teaching and now to cybersecurity. Kristin shares how she'd wanted to be a teacher since she was young. She joined the Army to help pay for college and throughout her career has taken advantage of programs to help her move on to her next challenge. From teaching, Kristin decided to transition to IT and came to cybersecurity through a Department of Labor program. She's also currently training to be a drill sergeant. Kristin advises you stand firm to your goals and know what you want. It will come around. We thank Kristin for sharing her story with us.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Eclypsium researchers Jesse Michael and Mickey Shkatov to share their work on "BadCam - Now Weaponizing Linux Webcams." Eclypsium researchers disclosed “BadCam,” a set of vulnerabilities in certain Lenovo USB webcams that run Linux and do not validate firmware signatures, allowing attackers to reflash the devices and turn them into BadUSB-style tools.

An adversary who supplies a backdoored camera or who gains remote code execution on a host can weaponize the webcam to emulate human-interface devices, inject keystrokes, deliver payloads, and maintain persistence — even re-infecting systems after OS reinstalls. The findings were presented at DEF CON 2025, Lenovo issued updated firmware/tools in coordination with SigmaStar, and researchers warn the same vector could affect other Linux-based USB peripherals, underscoring the need for firmware signing and stronger device attestation.

The research can be found here:

Learn more about your ad choices. Visit megaphone.fm/adchoices

Prosper data breach reportedly affected more than 17 million accounts. Microsoft revokes certificates used in Rhysida ransomware operation. Threat actors exploit Cisco flaw to deploy Linux rootkits. Europol disrupts cybercrime-as-a-service operation. BeaverTail and OtterCookie merge and display new functionality. Singapore cracks down on social media. On our Industry Voices segment, we are joined by Danny Jenkins who is talking about defending against AI. And who let the bots out?

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On our Industry Voices segment, we are joined by Danny Jenkins, CEO and Co-Founder of ThreatLocker, talking about defending against AI. You can tune into Danny’s full conversation here.

Selected Reading

Have I Been Pwned: Prosper data breach impacts 17.6 million accounts (BleepingComputer)

Microsoft Revokes Over 200 Certificates to Disrupt Ransomware Campaign (SecurityWeek)

Operation Zero Disco: Attackers Exploit Cisco SNMP Vulnerability to Deploy Rootkits (Trend Micro)

Critical ConnectWise Vulnerabilities Allow Attackers To Inject Malicious Updates  (Cybersecurity News)

European police bust network selling thousands of phone numbers to scammers (The Record)

North Korean operatives spotted using evasive techniques to steal data and cryptocurrency (CyberScoop)

New Singapore law empowers commission to block harmful online content (Reuters) 

Niantic’s Peridot, the Augmented Reality Alien Dog, Is Now a Talking Tour Guide (WIRED)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

F5 discloses long-term breach tied to nation-state actors. PowerSchool hacker receives a four-year prison sentence. Senator scrutinizes Cisco critical firewall vulnerabilities. Phishing campaign impersonates LastPass and Bitwarden. Credential phishing with Google Careers. Reduce effort, reuse past breaches, recycle into new breach. Qilin announces new victims. Manoj Nair, from Snyk, joins us to explore the future of AI security and the emerging risks shaping this rapidly evolving landscape. And AI faces the facts.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Manoj Nair, Chief Innovation Officer at Snyk, joins us to explore the future of AI security and the emerging risks shaping this rapidly evolving landscape. In light of the recent high-severity vulnerability in Cursor, Manoj discusses how threats like tool poisoning, toxic flows, and MCP vulnerabilities are redefining what secure AI-driven development means—and why organizations must move faster to keep up.

Selected Reading

F5 disclosures breach tied to nation-state threat actor (CyberScoop)

CISA Directs Federal Agencies to Mitigate Vulnerabilities in F5 Devices (CISA)

ED 26-01: Mitigate Vulnerabilities in F5 Devices (CISA) 

PowerSchool hacker sentenced to 4 years in prison (The Record) 

Cisco faces Senate scrutiny over firewall flaws (The Register)

Fake LastPass, Bitwarden breach alerts lead to PC hijacks (Bleeping Computer) 

Google Careers impersonation credential phishing scam with endless variation (Sublime Security) 

Elasticsearch Leak Exposes 6 Billion Records from Scraping, Old and New Breaches (HackRead) 

Qilin Ransomware announced new victims (Security Affairs) 

When Face Recognition Doesn’t Know Your Face Is a Face (WIRED)

Semperis Announces Midnight in the War Room: A Groundbreaking Cyberwar Documentary Featuring the World's Leading Defenders and Reformed Hackers (PR Newswire)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

A record-breaking Bitcoin seizure. Patch Tuesday notes. Capita fined for unlawful access to personal data. Unity site skimmed by malicious script. Vietnam Airlines breached potentially exposing 20 million passengers. An automotive giant experiences a third-party breach. Tim Starks from CyberScoop is discussing how Sen. Peters tries another approach to extend expired cyber threat information-sharing. In our latest Threat Vector, David Moulton⁠ sits down with⁠ Harish Singh about hybrid work. And inside North Korea's blueprints for deception.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Tim Starks from CyberScoop is discussing how Sen. Peters tries another approach to extend expired cyber threat information-sharing law.

Threat Vector

Hybrid work has changed the game, but has your security kept up? In this segment of Threat Vector, David Moulton⁠ sits down with⁠ Harish Singh⁠, Vice President and Global Head of Infrastructure and Application Management at Wipro, to unpack the evolving cybersecurity landscape at the intersection of digital transformation, SaaS expansion, and AI-powered operations. You can listen to their full discussion here, and catch new episodes every Thursday on your favorite podcast app.

Selected Reading

Feds Seize Record-Breaking $15 Billion in Bitcoin From Alleged Scam Empire (WIRED)

Microsoft October 2025 Patch Tuesday fixes 6 zero-days, 172 flaws (Bleeping Computer) 

Patch Tuesday, October 2025 ‘End of 10’ Edition (Krebs on Security)

Capita Fined £14m After 2023 Breach that Hit 6.6 Million People (Infosecurity Magazine)                    

Malicious Code on Unity Website Skims Information From Hundreds of Customers (SecurityWeek)

Airline with over 20 million passengers a year involved in customer data breach (Daily Mail)

Information Regarding Customer Data Breach (Vietnam Airlines)

Auto giant Stellantis discloses data breach affecting North American customers (Top Class Actions)

North Korean Scammers Are Doing Architectural Design Now (WIRED)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Fortra confirms an exploitation of the maximum-severity GoAnywhere flaw. Harvard investigates a claim of a breach. Banking Trojan targets Brazilian WhatsApp users. Reduction-in-force hits CISA. SimonMed says 1.2 million hit by Medusa ransomware. Netherlands invokes the Goods Availability Act against a Chinese company. We have our Business Breakdown. On today’s Industry Voices, we are joined by Mickey Bresman sharing insights on hybrid identity security. And, beware of the shuffler.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On today’s Industry Voices, we are joined by Mickey Bresman, Semperis CEO, sharing insights on hybrid identity security and their HIP Conference. Mickey joined us as their 2025 Hybrid Identity Protection (HIP) Conference wrapped up.  If you want to hear the full conversation, you can tune in here.

Selected Reading

Fortra cops to exploitation of GoAnywhere file-transfer service defect (CyberScoop)

Harvard Investigating Security Breach After Cybercrime Group Threatens To Release Stolen Data (The Crimson)

WhatsApp Worm Targets Brazilian Banking Customers (Sophos News) 

Government Shutdown Fallout: RIF Notices Hit CISA as Cyber Threats Rise (ClearanceJobs)

SimonMed says 1.2 million patients impacted in January data breach (Bleeping Computer) 

Netherlands invokes special powers against Chinese-owned semiconductor company Nexperia (The Record)

UK fines 4chan over noncompliance with Online Safety Act (The Record)  

Synechron acquires RapDev, Calitii, and Waivgen. (N2K Pro Business Briefing)  

Hackers Rig Casino Card-Shuffling Machines for ‘Full Control’ Cheating (WIRED)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices