Brace for an AI-driven patch surge. Google fixes a critical Android flaw. Trellix confirms a source code breach. Apache Software Foundation ships urgent fixes. Data tied to Liberty Mutual leaks. CloudZ evolves to steal OTPs. Ouroboros persistence raises the stakes. A vishing suspect faces U.S. charges. Our guest is Markus Rauschecker, Executive Director for the University of Maryland Center for Cyber, Health and Hazard Strategies (CHHS), on the importance of the non-technical aspects of good cybersecurity preparedness and response. Our Threat Vector segment focuses on incident response. If you think UK age verification is working, I mustache you a question.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

Industry Voices

Markus Rauschecker, Executive Director for the University of Maryland Center for Cyber, Health and Hazard Strategies (CHHS), discussing the importance of the non-technical aspects of good cybersecurity preparedness and response. If you enjoyed this conversation check out the full interview here.

Threat Vector Segment

On this segment of Threat Vector by Palo Alto Networks, host David Moulton speaks with guest Steve Elovitz. In this conversation, Steve reflects on what two decades of incident response actually teaches you about the people on the other side of a breach. You can listen to the full conversation here, and catch new episodes of Threat Vector every Thursday on your favorite podcast app.

Selected Reading

NCSC Warns of an AI-Fuelled “Vulnerability Patch Wave” (Infosecurity Magazine)

AI Adoption Outpaces Safety Policies, Leaving Organizations Exposed (Infosecurity Magazine)

Critical Remote Code Execution Vulnerability Patched in Android (SecurityWeek)

Trellix Reveals Unauthorized Access to Source Code (Infosecurity Magazine)

Critical, High-Severity Vulnerabilities Patched in Apache MINA, HTTP Server (SecurityWeek)

Everest Group Begins Leaking Alleged Liberty Mutual Data (GovInfo Security)

CloudZ malware abuses Microsoft Phone Link to steal SMS and OTPs (Bleeping Computer)

dMSA Ouroboros: Self-Sustaining Credential Extraction in Windows Server 2025 (Huntress)

Western District of North Carolina | Romanian National Appears in Federal Court Following Extradition from Romania on Bank Fraud Charges Stemming From “Vishing” Scheme (United States Department of Justice)

Kids can bypass some age checks with a drawn-on mustache (The Register)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices