CyberWire Daily

• America’s tech turn.

  How might Trump’s new National Security Strategy impact cyber? The UK’s NCSC warns LLMs may never get over prompt injection. At least 18 U.S. universities were hit by a months-long phishing campaign. Russia blocks FaceTime. A bipartisan group of senators reviving efforts to strengthen protections across the health sector. Portugal provides legal safe harbor for good-faith security research. A large-scale campaign targets Palo Alto GlobalProtect portals. A Maryland man gets 15 months in prison for his part in a North Korean IT worker scam. Business Brief. Tim Starks from CyberScoop unpacks the President's pending cybersecurity strategy release. An AI image sends UK train schedules off the rails.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Tim Starks, senior reporter  from CyberScoop, discussing President Trump's pending cybersecurity strategy release and the end of Sean Plankey’s nomination process. Selected Reading National Security Strategy (The White House) The National Security Strategy: The Good, the Not So Great, and the Alarm Bells (CSIS) UK intelligence warns AI 'prompt injection' attacks might never go away (The Record) Over 70 Domains Used in Months-Long Phishing Spree Against US Universities (Hackread) Russia restricts FaceTime, its latest step in controlling online communications (AP News) Bipartisan health care cybersecurity legislation returns to address a cornucopia of issues (CyberScoop) Portugal updates cybercrime law to exempt security researchers (Bleeping Computer) New wave of VPN login attempts targets Palo Alto GlobalProtect portals (Bleeping Computer) Maryland man sentenced for N. Korea IT worker scheme involving US government contracts (The Record) ServiceNow reportedly intends to acquire Veza for more than $1 billion (N2K Pro Business Briefing) Trains cancelled over fake bridge collapse image (BBC News) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

  --------  

  27:04

  --------

  27:04
• Jon DiMaggio: Two roads diverged. [Strategy] [Career Notes]

  Please enjoy this encore of Career Notes. Chief security strategist from Analyst1, Jon DiMaggio shares his story on how he grew to become a part of the cybersecurity world. He describes different jobs that paved the way to the knowledge he has in the industry right now, and he even shares about an experience that led him to a path that split and which decision he would make, would be crucial in his career. He explains which way he ended up going and how a critical part of his career helped to determine that path. He says "there's two paths when you have that happen, you can either let it defeat you, or you know, you come back swinging." We thank Jon for sharing his story. Learn more about your ad choices. Visit megaphone.fm/adchoices

  --------  

  9:19

  --------

  9:19
• When macOS gets frostbite. [Research Saturday]

  Jaron Bradley, Director of Jamf Threat Labs, is sharing their work on "ChillyHell: A Deep Dive into a Modular macOS Backdoor." Jamf Threat Labs uncovers a newly notarized macOS backdoor called ChillyHell, tied to past UNC4487 activity and disguised as a legitimate applet. The malware showcases robust host profiling, multiple persistence mechanisms, timestomping, and flexible C2 communications over both DNS and HTTP. Its modular design includes reverse shells, payload delivery, self-updates, and a brute-force component targeting user credentials. The research can be found here: ⁠ChillyHell: A Deep Dive into a Modular macOS Backdoor Learn more about your ad choices. Visit megaphone.fm/adchoices

  --------  

  24:40

  --------

  24:40
• China’s quiet crawl into critical networks.

  Chinese threat actors deploy Brickstorm malware. The critical React2Shell vulnerability is under active exploitation. Cloudflare’s emergency patch triggered a brief global outage. Phishing kits pivot to fake e-commerce sites. The European Commission fines X(Twitter) €120 million for violating the Digital Services Act. Predator spyware has a new bag of tricks. A Russian physicist gets 21 years in prison for cybercrimes. Twin brothers are arrested for allegedly stealing and destroying government data. Our guest is Blair Canavan, Director of Alliances - PKI & PQC Portfolio from Thales, discussing post quantum cryptography. Smart toilet encryption claims don’t hold water.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today on our Industry Voices segment, we are joined by Blair Canavan, Director of Alliances - PKI & PQC Portfolio from Thales, discussing post quantum cryptography (PQC). Listen to Blair’s full conversation here. Selected Reading Chinese hackers used Brickworm malware to breach critical US infrastructure (TechRadar) React2Shell critical flaw actively exploited in China-linked attacks (BleepingComputer) Cloudflare blames today's outage on emergency React2Shell patch (Bleeping Computer) SMS Phishers Pivot to Points, Taxes, Fake Retailers (Krebs on Security) Threat Spotlight: Introducing GhostFrame, a new super stealthy phishing kit (Barracuda) EU issues €120 million fine to Elon Musk's X under rules to tackle disinformation  (The Record) Predator spyware uses new infection vector for zero-click attacks (Bleeping Computer) Russian scientist sentenced to 21 years on treason, cyber sabotage charges (The Record) Twins with hacking history charged in insider data breach affecting multiple federal agencies (Cyberscoop) ‘End-to-end encrypted’ smart toilet camera is not actually end-to-end encrypted (TechCrunch)- kicker Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

  --------  

  30:13

  --------

  30:13
• Pay cuts and a personnel freefall.

  CISA staff may see pay cuts in 2026. Threat actors advertise a full chain zero-day exploit for iOS. A US-led international coalition releases joint guidance on integrating AI into operational technology. Microsoft lowers sales growth targets for its agentic AI products. A major fintech provider suffers a ransomware-linked breach. Arizona’s Attorney General sues Temo over data collection practices. Lessons learned from Capita’s handling of Black Basta. The UK sanctions Russia’s GRU. My guest is Dave Baggett, co-founder and CEO of INKY (recently acquired by Kaseya), about the challenges of email security. A U.S. Bankruptcy Court insists on AI transparency. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, Dave Bittner speaks with Dave Baggett, co-founder and CEO of INKY (recently acquired by Kaseya), about the need to update email security that was built on a 1971 design. Selected Reading US Slashes Pay Incentives at Already Weakened Cyber Agency (Bloomberg) Zero-Day Alert: Alleged iOS 26 Full Chain Exploit for Sale (Dataminr) Principles for the Secure Integration of Artificial Intelligence in Operational Technology (CISA) Microsoft drops AI sales targets in half after salespeople miss their quotas (Ars Technica) Marketing and Compliance Software Vendor to Banks Breached (Data Breach Today) Arizona attorney general sues Chinese online retailer Temu over data theft claims (AP News) What organisations can learn from the record breaking fine over Capita’s ransomware incident (DoublePulsar) UK cracks down on Russian intelligence agency authorised by Putin to target Skripals (GOV.UK) General Order 210: Filings Using Generative Artificial Intelligence (Southern District of California, United States Bankruptcy Court) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

  --------  

  27:39

  --------

  27:39

More News podcasts

Trending News podcasts

About CyberWire Daily

CyberWire Daily: Podcasts in Family