CyberWire Daily

Microsoft granted the FBI access to laptops encrypted with BitLocker. The EU opens an investigation into Grok’s creation of sexually explicit images. Glimmers of access pierce Iran’s internet blackout. Koi Security warns npm fixes fall short against PackageGate exploits. Some Windows 11 devices fail to boot after installing the January Patch Tuesday updates. CISA warns of active exploitation of  multiple vulnerabilities across widely used enterprise and developer software. ESET researchers have attributed the cyberattack on Poland’s energy sector to Russia’s Sandworm. This week's business breakdown. Brandon Karpf joins us to talk space and cyber. CISA sits out RSAC. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Our guest today is cybersecurity executive and friend of the show Brandon Karpf with Dave Bittner and T-Minus Space Daily host Maria Varmazis, for our monthly space and cyber segment. Brandon, Maria and Dave discuss “No more free rides: it’s time to pay for space safety.”

Selected Reading

FBI Accessed Windows Laptops After Microsoft Shared BitLocker Recovery Keys (Hackread)

European Commission opens new investigation into X's Grok (The Register)

Amid Two-Week Internet Blackout, Some Iranians Are Getting Back Online (New York Times)

Hackers can bypass npm’s Shai-Hulud defenses via Git dependencies (Bleeping Computer)

Microsoft investigates Windows 11 boot failures after January updates (Bleeping Computer)

CISA says critical VMware RCE flaw now actively exploited (Bleeping Computer)

CISA confirms active exploitation of four enterprise software bugs (Bleeping Computer)

ESET Research: Sandworm behind cyberattack on Poland’s power grid in late 2025 (ESET) 

Aikido secures $60 million in Series B funding. (N2K Pro Business Briefing)

CISA won't attend infosec industry's biggest conference (The Register)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.  

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of Career Notes.

Lauren Van Wazer, Vice President, Global Public Policy and Regulatory Affairs for Akamai Technologies, shares her story as she followed her own North Star and landed where she is today. She describes her career path, highlighting how she went from working at AT&T to being able to work in the White House. She shares how she is a coach and a leader to the team she works with now, saying "my view is I've got their back, if they make a mistake, it's my mistake, and if they do well, they've done well." Lauren hopes she's made an impact in the world by making it a little bit better than before, and discusses how she doesn't let anyone stop her from her goals. Lauren shares her outlook on her experiences, calling attention to different roles in her life that made her journey all the better. We thank Lauren for sharing.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Today we have Andrew Northern, Principal Security Researcher at Censys, discussing "From Evasion to Evidence: Exploiting the Funneling Behavior of Injects". This research explains how modern web malware campaigns use multi-stage JavaScript injections, redirects, and fake CAPTCHAs to selectively deliver payloads and evade detection.

It shows that these attack chains rely on stable redirect and traffic-distribution chokepoints that can be monitored at scale. Using the SmartApe campaign as a case study, the report demonstrates how defenders can turn those chokepoints into high-confidence detection and tracking opportunities.

The research can be found here:

From Evasion to Evidence: Exploiting the Funneling Behavior of Injects

Learn more about your ad choices. Visit megaphone.fm/adchoices

At long last, a TikTok deal. Officials urge lawmakers to keep an eye on the quantum ball. Fortinet confirms active exploitation of a critical authentication bypass flaw. Ireland plans to authorize spyware for law enforcement. Okta warns customers of sophisticated vishing kits. Under Armour investigates data breach claims. CISA adds a Zimbra Collaboration Suite flaw to the known exploited vulnerabilities list. Poor OpSec enables recovery of data stolen by the INC ransomware gang. The DOJ deports a pair of Venezuelans convicted of ATM jackpotting. Our guest is Chris Nyhuis, Founder and CEO of Vigilant, sharing practical steps to protect money, identity, and devices.  Curl pulls the plug on bug bounties after drowning in AI slop.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Chris Nyhuis, Founder and CEO of Vigilant, sharing "practical steps consumers can take in 2026 to protect their money, identity, and devices."

Selected Reading

TikTok Strikes Deal to Create New U.S. Entity and Loosen App’s Ties to China (New York Times)

US Officials Urge Congress to Reauthorize Key Quantum Law (BankInfo Security)

Fortinet confirms critical FortiCloud auth bypass not fully patched (Bleeping Computer)

Ireland plans law allowing law enforcement to use spyware (The Record)

Okta SSO accounts targeted in vishing-based data theft attacks (Bleeping Computer)

Under Armour Investigates Data Breach (Infosecurity Magazine)

Organizations Warned of Exploited Zimbra Collaboration Vulnerability  (SecurityWeek)

INC ransomware opsec fail allowed data recovery for 12 US orgs (Bleeping Computer)

2 Venezuelans Convicted in US for Using Malware to Hack ATMs (SecurityWeek)

Curl ending bug bounty program after flood of AI slop reports (Bleeping Computer)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA’s acting director assures Congress the agency has “stabilized”. Google and Cisco patch critical vulnerabilities. Fortinet firewalls are being hit by automated attacks that create rogue accounts. A global spam campaign leverages unsecured Zendesk support systems. LastPass warns of attempted account takeovers. Greek authorities make arrests in a sophisticated fake cell tower scam. Executives at Davos express concerns over AI. Pwn2Own Automotive proves profitable. Our guest is Kaushik Devireddy, AI data scientist at Fable Security, with insights on a fake ChatGPT installer. New password, same as the old password. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Kaushik Devireddy, AI data scientist at Fable Security, discussing their work on "How a fake ChatGPT installer tried to steal my password".

Selected Reading

CISA Is 'Trying to Get Back on Its Mission' After Trump Cuts (CISA)

Google Patches High-Severity V8 Race Condition in Chrome 144 published: today (Beyond Machines)

Cisco Patches Actively Exploited Flaw in Unified Communications Products (Beyond Machines)

Hackers breach Fortinet FortiGate devices, steal firewall configs (Bleeping Computer)

Zendesk ticket systems hijacked in massive global spam wave (Bleeping Computer)

LastPass Warns of Phishing Campaign Attempting to Steal Master Passwords (Infosecurity Magazine)

Greek Police Arrest Scammers in Athens Using Fake Cell Tower for SMS Phishing Operation (TechNadu)

Execs at Davos say AI's biggest problem isn't hype — it's security (Business Insider)

Hackers exploit 29 zero-days on second day of Pwn2Own Automotive (Bleeping Computer)

Analysis of 6 Billion Passwords Shows Stagnant User Behavior (SecurityWeek)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices