CyberWire Daily

For years, security teams had time between discovery and exploitation. Time to triage. Time to validate. Time to prioritize what to fix first. AI has compressed that window. Frontier models now discover and chain vulnerabilities faster than human analysts can confirm them, and the gap between finding and fixing is shrinking in both directions.

In this episode of CyberWire-X, N2K’s ⁠Dave Bittner⁠ and Federico Kirschbaum, Head of XBOW Security Lab, explore what it actually means to run autonomous offensive security, why validation workflows built for quarterly testing cycles struggle to keep up, and how practitioners are redefining what a tested application looks like when the pace of offense has fundamentally changed.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Traditionally, GPS jamming attacks have been confined to the ground; however, new data shows that these attacks could be moving to target signals before they even reach the ground.

In this week’s episode, host Maria Varmazis sits down with Dave Bittner and Brandon Karpf to discuss recent research that suggests the attack landscape for GPS attacks is expanding. If this research is accurate, these attacks represent a significant evolution for how defenders think about this critical technology.

Key sources:


Something is jamming GPS over Europe. Here's what we found.


Chasing Lightning: Detecting, Characterizing, and Identifying a Powerful Space-Based GNSS Interference Source.


EKS 5.

Like what you heard? Be sure to subscribe to our free Signals and Space Briefing⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠, our Sunday newsletter covering the intersection of cybersecurity and space. Subscribe at: https://thecyberwire.com/newsletters/signals-and-space 

Is there a topic or person you’d like to hear on our show? You can send your questions and feedback to space@n2k.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠. You can also fill our our audience survey: https://www.surveymonkey.com/r/NJYCN2P 

T-Minus: Space-Cyber Briefing is a production of N2K CyberWire. N2K is your nexus for discovery and connection for people, technology, and ideas shaping the future of secure innovation. Learn how at n2k.com.
Learn more about your ad choices. Visit megaphone.fm/adchoices

This week, we are joined by Tom Kellermann, Trend Micro's VP of AI Security and Threat Research, discussing their work on "Inside SHADOW-WATER-063’s Banana RAT: From Build Server to Banking Fraud." Researchers from Trend Micro's MDR team uncovered the full operation behind Banana RAT, a sophisticated banking trojan they track as SHADOW-WATER-063, by analyzing both attacker infrastructure and infected victim systems.

The malware uses fileless PowerShell execution, layered obfuscation, and remote-control capabilities to steal credentials, manipulate banking sessions, intercept Pix QR code payments, and facilitate financial fraud targeting Brazilian banks. The campaign appears to be operated by a Brazilian Portuguese-speaking cybercriminal group with ties to the broader Tetrade banking malware ecosystem and may be evolving toward a malware-as-a-service model.

The research and executive brief can be found here:

⁠Inside SHADOW-WATER-063’s Banana RAT: From Build Server to Banking Fraud

Learn more about your ad choices. Visit megaphone.fm/adchoices

In this special edition of CyberWire Daily’s 10th anniversary series, N2K CyberWire's Maria Varmazis and Dave Bittner discuss leaks, espionage and influence operations over the past 10 years.

Together they reflect on a decade of cybersecurity developments, focusing on the pivotal year 2016 where a shift occurred.

Join N2K as we cover the rise of nation-state cyber operations, major leaks like the Panama Papers and DNC email hacks, and the evolving landscape of cyber norms, trust, and threat perception.
Learn more about your ad choices. Visit megaphone.fm/adchoices

International law enforcement disrupts the SocGholish botnet. The UK’s cyber chief says cybersecurity is a contest, not a risk register. Ukraine joins the EU’s cyber reserve. The Gentlemen gang sharpens its ransomware toolkit. A WordPress supply chain attack spreads malware. Critical patches land from F5, Atlassian, and Splunk. Agentjacking targets AI coding assistants. And Kodak confirms a breach claimed by ShinyHunters. Our guest is Ben Yelin from University of Maryland Center for Cyber Health and Hazard Strategies on the failure of FISA section 702 to reauthorize. Criminal coders face automation anxiety.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Ben Yelin from University of Maryland Center for Cyber Health and Hazard Strategies, and coh-host of Caveat, as he discusses the failure of FISA section 702 to reauthorize.

Selected Reading

Police cleans nearly 15,000 SocGholish-infected sites tied to Evil Corp (Bleeping Computer)

Hostile States Behind 75% of Cyber-Attacks on UK CNI, NCSC Warns (Infosecurity Magazine)

Cyberspace Locked in a Nation-State Contest, Says NCSC CEO (BankInfo Security)

EU grants Ukraine access to cybersecurity reserve for major attacks (The Record)

Killing me gently: Inside Gentlemen’s EDR killer framework (ESET)

ShapedPlugin update flow hacked to infect WordPress sites (Bleeping Computer)

F5 issues out-of-band patches for critical NGINX vulnerabilities (Bleeping Computer)

Atlassian, Splunk Patch Critical Vulnerabilities (SecurityWeek)

Agentjacking: Researchers Show How One Fake Bug Report Can Hijack AI Coding Agents (HackRead)

Kodak Admits Data Breach After ShinyHunters Hack Claims (SecurityWeek)

Cybercriminals Are Worried About AI Taking Their Jobs Too (Infosecurity Magazine)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices