Interpol’s Operation Secure dismantles a major cybercrime network, and Singapore takes down scam centers. GitLab patches multiple vulnerabilities in its DevSecOps platform. Researchers unveil a covert method for exfiltrating data using smartwatches. EchoLeak allows for data exfiltration from Microsoft Copilot. Journalists are confirmed targets of Paragon’s Graphite spyware. France calls for comments on tracking pixels. Fog ransomware operators deploy an unusual mix of tools. Skeleton Spider targets recruiters by posing as job seekers on LinkedIn and Indeed. Erie Insurance suffers ongoing outages following a cyberattack. Our N2K Lead Analyst Ethan Cook shares insights on Trump’s antitrust policies. DNS neglect leads to AI subdomain exploits.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today, we share a selection from today’s Caveat podcast where Dave Bittner and Ben Yelin are joined by N2K’s Lead Analyst, Ethan Cook, to take a Policy Deep Dive into “The art of the breakup: Trump’s antitrust surge.” You can listen to the full episode here and find new episodes of Caveat in your favorite podcast app each Thursday.  

Selected Reading

Interpol takes down 20,000 malicious IPs and domains (Cybernews)

Singapore leads multinational operation to shutter scam centers tied to $225 million in thefts (The Record)

GitLab patches high severity account takeover, missing auth issues (Bleeping Computer)

SmartAttack uses smartwatches to steal data from air-gapped systems (Bleeping Computer)

Critical vulnerability in Microsoft 365 Copilot AI called EchoLeak enabled data exfiltration (Beyond Machines)

Researchers confirm two journalists were hacked with Paragon spyware (TechCrunch)

Tracking pixels: CNIL launches public consultation on its draft recommendation (CNIL)

Fog ransomware attack uses unusual mix of legitimate and open-source tools (Bleeping Computer)

FIN6 cybercriminals pose as job seekers on LinkedIn to hack recruiters (The Record)

Erie Insurance confirms cyberattack behind business disruptions (Bleeping Computer)

Why Was Nvidia Hosting Blogs About 'Brazilian Facesitting Fart Games'? (404 Media) 

Secure your public DNS presence from subdomain takeovers and dangling DNS exploits (Silent Push)

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices