CyberWire Daily

In this three-part series, Maria Varmazis, host of T-Minus Space Daily and CyberWire Producer Liz Stokes, take you inside NATO’s flagship cyber defense exercise, Cyber Coalition 2025. Hosted by the NATO Cooperative Cyber Defence Centre of Excellence in Tallinn, Estonia, the exercise brings together military, government, and industry teams from across the alliance to respond to realistic, high-pressure cyberattack scenarios targeting critical infrastructure and operational networks.

Throughout the series, Maria and Liz will guide you through what they witnessed on the ground — from real-time threat detection and incident response to the strategic collaboration shaping NATO’s cyber resilience in an increasingly contested digital landscape.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of Career Notes.

Mike Arrowsmith, Chief Trust Officer at NinjaOne, leads the organization’s IT, security, and support infrastructure to ensure they meet customers’ security and data privacy demands as it scales. Mike discusses how his career path has led him to the position he currently holds and how exciting the world of cybersecurity can be. He mentioned how he mentored students in college thinking of going into the field, and he used a metaphor to help describe the industry, saying "We are working against adversaries that are always typically one step ahead. Figuratively, if you could imagine, you're trying to chase a ball, but you never can quite get your hands on it." He shares how he loves the evolving field and that he thrives in a situation where things are constantly changing. We thank Mike for sharing his story.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Today we have Ziv Mador, VP of Security Research from LevelBlue SpiderLabs discussing their work on "SpiderLabs IDs New Banking Trojan Distributed Through WhatsApp." Researchers at LevelBlue SpiderLabs have identified a new Brazilian banking Trojan dubbed Eternidade Stealer, spread through WhatsApp hijacking and social engineering campaigns that use a Python-based worm to steal contacts and distribute malicious MSI installers.

The Delphi-compiled malware targets Brazilian victims, profiles infected systems, dynamically retrieves its command-and-control server via IMAP email, and deploys banking overlays to harvest credentials from financial institutions and cryptocurrency platforms. The campaign reflects the continued evolution of Brazil’s cybercrime ecosystem, combining WhatsApp propagation, geofencing, encrypted C2 communications, and process injection to maintain stealth and persistence.

The research can be found here:

SpiderLabs IDs New Banking Trojan Distributed Through WhatsApp

Learn more about your ad choices. Visit megaphone.fm/adchoices

Global leaders call for collaboration at the Munich Cyber Security Conference. Phishing campaigns exploit fake video conference invitations. Italian authorities say cyber attacks on the Winter Olympics have met overall mitigation. AI reshapes the economics of ransomware attacks. CISA tags a critical Microsoft Configuration Manager vulnerability. Foxveil is a new malware loader targeting legitimate platforms. Researchers examine macOS infostealers. California fines Disney $2.75 million for violating the Consumer Privacy Act. Maria Varmazis, host of T-Minus space daily and CyberWire Producer Liz Stokes preview their coverage of the NATO Cyber Coalition 2025 Cyber Exercise in Tallinn, Estonia. When pull requests get personal.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Maria Varmazis, host of T-Minus space daily and CyberWire Producer Liz Stokes as they share  their coverage of the NATO Cyber Coalition 2025 Cyber Exercise in Tallinn, Estonia.

Selected Reading

US wants cyber partnerships to send ‘coordinated, strategic message’ to adversaries (The Record) 

Europe must adapt to ‘permanent’ cyber and hybrid threats, Sweden warns (The Record) 

Attackers Weaponize Signed RMM Tools via Zoom, Meet, & Teams Lures (Netskope)

Winter Olympics 2026: Hacktivism Surges Ahead of Protests and Suspected Sabotage (Intel 471)

How AI is and is Not Changing Ransomware (Halcyon)

CISA flags critical Microsoft SCCM flaw as exploited in attacks (Bleeping Computer)

Foxveil malware loader abuses Discord, Cloudflare, Netlify for staging (SC Media)

AMOS infostealer targets macOS through a popular AI app (Bleeping Computer)

California fines Disney $2.75 million for data privacy violations (The Record)

An AI Agent Published a Hit Piece on Me (The Shamblog)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Malicious Chrome extensions pose as AI tools. Google says nation-states are increasingly abusing its Gemini artificial intelligence tool.  Data extortion group World Leaks deploys a new malware tool called RustyRocket. An Atlanta healthcare provider data breach affects over 625,000. Apple patches an iOS zero-day that’s been around since version 1.0. A government shutdown would furlough more than half of CISA’s staff. Dutch police arrest the alleged seller of the JokerOTP phishing automation service. Our guest is Simon Horswell, Senior Fraud Specialist at Entrust, discussing evolving romance scams for Valentine's Day. Fun with filters provides fuel for phishers. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Simon Horswell, Senior Fraud Specialist at Entrust, discussing evolving romance scams for Valentine's Day. If you enjoyed this conversation, tune into Hacking Humans to hear the full interview.

Selected Reading

Fake AI Chrome extensions with 300K users steal credentials, emails (Bleeping Computer)

Nation-state hackers ramping up use of Gemini for target reconnaissance, malware coding, Google says (The Record)

World Leaks Ransomware Adds Custom Malware ‘RustyRocket' to Attacks (Infosecurity Magazine)

ApolloMD Data Breach Impacts 626,000 Individuals (SecurityWeek)

Apple patches decade-old iOS zero-day exploited in the wild (The Register)

CISA: DHS Funding Lapse Would Sideline Federal Cyber Staff (Gov Infosecurity)

CISA Shares Lessons Learned from an Incident Response Engagement (CISA.gov)

Police arrest seller of JokerOTP MFA passcode capturing tool (Bleeping Computer)

What Can the AI Work Caricature Trend Teach Us About the Risks of Shadow AI? (Fortra)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices