CyberWire Daily

Martin Zugec, Technical Solutions Director at Bitdefender, discussing their work on "FamousSparrow APT Targets Azerbaijani Oil and Gas Industry." Bitdefender researchers uncovered a sustained cyber espionage campaign by the China-linked FamousSparrow group targeting an Azerbaijani oil and gas company, highlighting the growing focus on critical energy infrastructure in the South Caucasus. The attackers repeatedly exploited the same vulnerable Microsoft Exchange server over multiple months, deploying evolving versions of Deed RAT and Terndoor malware through sophisticated DLL sideloading techniques designed to evade detection and maintain persistence. The operation underscores FamousSparrow's adaptability and persistence, demonstrating how advanced threat actors continually refine their tooling and return to compromised environments until vulnerabilities are fully remediated and access is cut off.

The research and executive brief can be found here:

FamousSparrow APT Targets Azerbaijani Oil and Gas Industry

Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA directs agencies to “patch smarter, not harder.” The House fails to extend FISA. Europol pulls over AudiA6. GitHub announces npm security updates. Anthropic rejects Fable 5 jailbreak claims. CISA gives feds three days to patch a critical Ivanti Sentry vulnerability. Google confirms ShinyHunters exploited a critical Oracle PeopleSoft vulnerability. FancyBear shifts part of its infrastructure to compromised edge devices. Pundits push for CyberCorps scholarship budgets. Our guest is Dr. Renée Burton, VP of Threat Intelligence at Infoblox, to discuss scams targeting the World Cup. Amazon drivers sweat through a software update. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Dr. Renée Burton, VP of Threat Intelligence at Infoblox, to discuss the World Cup and fans possibly getting caught out if they use SuperBox to view it.

Selected Reading

CISA directive orders agencies to prioritize vulnerability patching in a new way (CyberScoop)

House votes against extending controversial wiretapping law set to lapse Friday (The Washington Post)

Ransomware gangs cut off from EUR 336 million ‘AudiA6’ crypto laundering pipeline - Europol analysis links the criminal service to over 15 international cybercrime investigations (Europol)

GitHub to Update npm to Thwart Software Supply Chain Attacks (Infosecurity Magazine)

Anthropic Disputes Fable 5 AI Jailbreak (SecurityWeek)

CISA orders feds to patch actively exploited Ivanti flaw by Sunday (Bleeping Computer)

Google Confirms Exploitation of Oracle PeopleSoft Zero-Day by ShinyHunters (SecurityWeek)

GRU-Linked APT28 Uses MooBot Botnet and Compromised EdgeRouters for Cyber Operations (GB Hackers)

CyberCorps is adapting to AI. The budget isn't keeping up. (CyberScoop)

Software Update Automatically Turns off Amazon Delivery Drivers’ AC During Dangerous Summer Heat (404 Media)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Google faces liability for AI-generated claims. Washington pauses public AI model assessments. Anthropic ships a safer AI model. OpenAI disrupts influence operations. Ransomware operators get a powerful new backdoor. Urgent patches land for Ivanti and Veeam. PyPI supply chain attacks evolve. And a massive data breach triggers a record fine in South Korea. Our guest is Peter Barker, Chief Product Officer at Ping Identity, sharing how identity increasingly becomes the control plane for how work gets done. AI analyzes the FIFA World cup, one cliché at a time. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On today’s Industry Voices, we are joined by Peter Barker, Chief Product Officer at Ping Identity, sharing how identity increasingly becomes the control plane for how work gets done across humans, automation, and AI agents. You can read more from Ping Identity here. If you enjoyed this conversation, be sure to check out the full interview here.

Selected Reading

Landmark German ruling declares Google's AI Overviews are Google's own words and makes it liable for false answers (The Decoder)

White House Reins In AI-Testing Unit as National-Security Concerns Grow (Wall Street Journal)

Anthropic Releases ‘Safe’ Version of Its Mythos A.I. Technology (The New York Times)

PRC-linked influence operations are targeting AI debates in the US (OpenAI)

Technical Analysis of MLTBackdoor (ThreatLabz)

CVE-2026-10520, CVE-2026-10523 - Multiple critical vulnerabilities affecting Ivanti Sentry (Rapid7)

Mini Shai-Hulud, Miasma, and Hades Worms Target Bioinformatics and MCP Developers via Malicious PyPI Wheels (Socket)

Veeam Patches Critical RCE Vulnerability in Backup & Replication published: yesterday (Beyond Machines)

‘Amazon.com of South Korea’ Is Fined a Record $409 Million (The New York Times)

The 2026 big soccer tournament, in clichés. (Sinch)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Patch Tuesday goes big. Congress looks to harden critical infrastructure. A new Windows zero-day drops. Mobile AI creates security blind spots. AI agents fall for phishing. Browser extensions expose millions. Spammers hide behind Google Cloud Storage. CISA crowns its cyber champions. Our guest is Joe Sykora, CEO from Coro, discussing the MSP space and how to address it. Relentless robocalls retreat.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On today’s Industry Voices segment, we are joined by Joe Sykora, CEO from Coro, discussing the MSP space and how to address it. If you enjoyed this conversation be sure to check out the full interview here. 

Selected Reading

Microsoft’s biggest-ever Patch Tuesday fixes 206 bugs, including 3 zero-days (Malwarebytes)

ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Schneider, Phoenix Contact (SecurityWeek)

Adobe Patches 123 Vulnerabilities (SecurityWeek)

Warner proposes overhaul of critical infrastructure cyber plans as AI threats rise (Nextgov/FCW)

New Windows Zero-Day Exploit 'RoguePlanet' Released (SecurityWeek)

Lookout Study Reveals 93% of CISOs Blinded by False AI Confidence as 59% of Mobile AI Traffic Flows "Dark" (Lookout)

Phishing for Lobsters: How We Tricked OpenClaw into Spilling Secrets (Varonis)

MaXSS & Spyder: How two Chrome extensions allow websites to compromise over 10 million browsers (Rebora)

How Spammers Are Hiding Behind Google and the New York Times (Comparitech)

CISA names winners of seventh annual President’s Cup cybersecurity competition (Industrial Cyber)

U.S. Consumers Received Just Over 4.1 Billion Robocalls in May, According to YouMail Robocall Index (PR Newswire)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Miasma malware meddles with Microsoft. SAP fixes critical flaws, Google patches an exploited Chrome zero-day, CanisterWorm spreads through npm, Mac users face a new malvertising threat, France investigates a breach of its secure messaging platform, insurers rethink AI risk, the FBI launches a Most Wanted Fraudsters list, and a U.S. citizen admits to spying for China. Our guest is Steve Winterfeld, Advisory CISO from Akamai, discussing how AI-powered bots are driving financial services attacks. Unpacking a million dollar hotel fee. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Steve Winterfeld, Advisory CISO from Akamai, discussing how AI-powered bots are driving financial services attacks.

Selected Reading

For the 2nd time in weeks, Microsoft packages laced with credential stealer (Ars Technica)

SAP Patches Critical NetWeaver, Commerce Vulnerabilities (SecurityWeek) 

Google fixes fifth actively exploited Chrome zero-day of 2026 (Security Affairs)

CanisterWorm: How TeamPCP Turned the npm Ecosystem Into a Weapon (Picussecurity)

Operation FlutterBridge Uses Fake Google Ads to Spread macOS Backdoor (Hackread)

French govt messaging service breached in account hijacking attack (Bleeping Computer)

AI Exclusions in Insurance Policies: Broad Language, Uncertain Impact (Policyholder Pulse)

FBI Announces New Wanted List Dedicated to Fraudsters (FBI)

American citizen pleads guilty to spying for China | brief (SC Media)

Teacher’s $1 million AR hotel bill reversed after cyber-attack (WREG.com)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our ⁠brief listener survey⁠. Thank you for helping us continue to improve our show.  

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at ⁠sponsor.thecyberwire.com⁠.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices