CyberWire Daily

Starkiller represents a significant escalation in phishing infrastructure. A blockchain lender breach affects nearly a million users. The Kimwolf botnet disrupts a peer-to-peer privacy network. Researchers identifiy vulnerabilities in widely used Visual Studio Code extensions. DEF CON bans three men named in the Epstein files. Texas sues TP-Link over supply chain security. Experts question the impact of cyber versus kinetic damage in Venezuela. African law enforcement arrest hundreds of suspected scammers. Tim Starks from CyberScoop explains CISA’s upcoming town hall meetings over ICS reporting rules. Warsaw walls off Wi-Fi-wired wheels. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Tim Starks from CyberScoop discussing “CISA to host industry feedback sessions on cyber incident reporting regulation.”

Selected Reading

Starkiller: New ‘Commercial-Grade’ Phishing Kit Bypasses MFA (Infosecurity Magazine)

Nearly 1 Million User Records Compromised in Figure Data Breach (SecurityWeek)

Kimwolf Botnet Swamps Anonymity Network I2P (Krebs on Security)

Flaws in Popular IDE Extensions Allow Data Exfiltration (Infosecurity Magazine)

DEF CON bans three Epstein-linked men from future events (The Register)

Texas sues TP-Link over Chinese hacking risks, user deception (Bleeping Computer)

The Caracas operation suggests cyber was part of the plan – just not the whole operation (CyberScoop)

Police arrests 651 suspects in African cybercrime crackdown (Bleeping Computer)

Nigerian man gets eight years in prison for hacking tax firms (Bleeping Computer)

Poland bans camera-packing cars made in China from military bases (The Register)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

A China-linked group exploits a critical Dell zero-day for 18 months. A Microsoft 365 Copilot bug risks sensitive email oversharing. A new Linux botnet leans on old-school IRC for command and control. Switzerland tightens critical infrastructure rules with mandatory cyber reporting. AstarionRAT emerges as a custom post-exploitation implant. Researchers find serious flaws in popular PDF platforms. A suspected Iranian-aligned campaign targets protest supporters. Notepad++ rolls out a “double-lock” update fix. And a Spanish court orders NordVPN and ProtonVPN to block illegal football streams. Our guest is Keith Mularski, Former FBI Special Agent and Chief Global Ambassador at Qintel, reflecting on the 25th anniversary of notorious spy Robert Hanssen's arrest. Dutch Defense flaunt F-35 firmware freedom. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Keith Mularski, Former FBI Special Agent and Chief Global Ambassador at Qintel, to talk about the 25th anniversary of Robert Hanssen's arrest. If you enjoyed Keith’s conversation, you can hear more from him over on the Only Malware in the Building podcast.

Selected Reading

Chinese hackers exploited a Dell zero-day for 18 months before anyone noticed (CyberScoop) 

Microsoft says bug causes Copilot to summarize confidential emails (Bleeping Computer)

New Linux Botnet Discovered (Linux Magazine)

Switzerland’s NCSC boosts operational capabilities, mandates cyberattack reporting on critical infrastructure (Industrial Cyber)

ClickFix Won't Die. Neither Will Matanbuchus. A New RAT and a Hands-on-Keyboard Intrusion (Huntress)

Vulnerabilities in Popular PDF Platforms Allowed Account Takeover, Data Exfiltration (SecurityWeek)

CRESCENTHARVEST: Iranian protestors and dissidents targeted in cyberespionage campaign (Acronis)

Notepad++ boosts update security with ‘double-lock’ mechanism (Bleeping Computer)

Spain orders NordVPN, ProtonVPN to block LaLiga piracy sites (Bleeping Computer)

Dutch defense chief: F-35s can be jailbroken like iPhones (The Register)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

The government shutdown leaves CISA at reduced capacity. Ransomware and misconfigured AI threaten cyber-physical infrastructure. Operation DoppelBrand targets Fortune 500 financial and technology firms. Researchers uncover infostealers targeting OpenClaw AI. Identity-based attacks accounted for nearly two-thirds of initial intrusions last year. Researchers compromise popular cloud-based password managers. Authorities have arrested a man suspected of links to Phobos ransomware. Monday business breakdown. On Threat Vector, host David Moulton talks with Steve Elovitz about the 750 major breaches his team analyzed in a single year. Digital detour delivers a Dutchman to detention.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

Threat Vector

On today’s Threat Vector segment, David Moulton is joined by Steve Elovitz from Unit 42's North America consulting and incident response practice. After analyzing 750+ major breaches in a single year, he's seen exactly which security investments save companies and which ones fail when attackers strike. You can hear David and Steve’s full conversation on Thursday’s episode of Threat Vector and listen to new episodes each Thursday on your favorite podcast app.

Selected Reading

CISA Navigates DHS Shutdown With Reduced Staff (SecurityWeek)

Significant Rise in Ransomware Attacks Targeting Industrial Operations (Infosecurity Magazine)

A Misconfigured AI Could Trigger Infrastructure Collapse (BankInfo Security)

Operation DoppelBrand Weaponizes Trusted Brands For Credential Theft (Infosecurity Magazine)

Infostealer malware found stealing OpenClaw secrets for first time (Bleeping Computer)

Unit 42: Nearly two-thirds of breaches now start with identity abuse (CyberScoop)

Password Managers Vulnerable to Vault Compromise Under Malicious Server (SecurityWeek)

Poland arrests suspect linked to Phobos ransomware operation (Bleeping Computer)

Vega raises $120 million in a Series B round led by existing investor Accel (N2K Pro Business Briefing)

Dutch police arrest man who refused to delete confidential files shared by mistake (The Record)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

In this three-part series, Maria Varmazis, host of T-Minus Space Daily and CyberWire Producer Liz Stokes, take you inside NATO’s flagship cyber defense exercise, Cyber Coalition 2025. Hosted by the NATO Cooperative Cyber Defence Centre of Excellence in Tallinn, Estonia, the exercise brings together military, government, and industry teams from across the alliance to respond to realistic, high-pressure cyberattack scenarios targeting critical infrastructure and operational networks.

Throughout the series, Maria and Liz will guide you through what they witnessed on the ground — from real-time threat detection and incident response to the strategic collaboration shaping NATO’s cyber resilience in an increasingly contested digital landscape.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of Career Notes.

Mike Arrowsmith, Chief Trust Officer at NinjaOne, leads the organization’s IT, security, and support infrastructure to ensure they meet customers’ security and data privacy demands as it scales. Mike discusses how his career path has led him to the position he currently holds and how exciting the world of cybersecurity can be. He mentioned how he mentored students in college thinking of going into the field, and he used a metaphor to help describe the industry, saying "We are working against adversaries that are always typically one step ahead. Figuratively, if you could imagine, you're trying to chase a ball, but you never can quite get your hands on it." He shares how he loves the evolving field and that he thrives in a situation where things are constantly changing. We thank Mike for sharing his story.
Learn more about your ad choices. Visit megaphone.fm/adchoices