Organizations worldwide scramble to address the critical React2Shell vulnerability.  Major insurers look to exclude artificial intelligence risks from corporate policies. Three Chinese hacking groups converge on the same Sharepoint flaws. Ransomware crews target hypervisors. A UK hospital asks the High Court to block publication of data stolen by the Clop gang. The White House approves additional Nvidia AI chip exports to China. The ICEBlock app creator sues the feds over app store removal. The FBI warns of virtual kidnapping scams. The FTC upholds a ban on a stalkerware maker. Dave Lindner, CISO of Contrast Security, discusses nation-state adversaries targeting source code to infiltrate the government and private sector. Craigslist’s founder pledges support for cybersecurity, veterans and pigeons. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest ⁠Dave Lindner⁠, CISO of ⁠Contrast Security⁠, discusses nation-state adversaries targeting source code to infiltrate the government and private sector. Selected Reading Researchers track dozens of organizations affected by React2Shell compromises tied to China’s MSS (The Record) Insurers retreat from AI cover as risk of multibillion-dollar claims mounts (Financial Times) Three hacking groups, two vulnerabilities and all eyes on China (The Record) Researchers spot 700 percent increase in hypervisor ransomware attacks (The Register) UK Hospital Asks Court to Stymie Ransomware Data Leak (Bank Infosecurity) Trump says Nvidia can sell more powerful AI chips to China (The Verge) ICEBlock developer sues Trump administration over App Store removal (The Verge) New FBI alert urges vigilance on virtual kidnapping schemes (SC Media) FTC upholds ban on stalkerware founder Scott Zuckerman (TechCrunch) Craigslist founder signs the Giving Pledge, and his fortune will go to military families, fighting cyberattacks—and a pigeon rescue (Fortune) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode, host Kim Jones examines the rapid rise of enterprise AI and the tension between innovation and protection, sharing an RSA anecdote that highlights both excitement and concern. He outlines the benefits organizations hope to gain from AI while calling out often-overlooked risks like data quality, governance, and accountability. Kim is joined by technologist Tony Gauda to discuss why AI represents a fundamental shift in how systems and decisions are designed. Together, they explore AI-driven operations, cultural barriers to experimentation, and how CISOs can adopt AI responsibly without compromising security. Want more CISO Perspectives? Check out a companion ⁠⁠blog post⁠⁠ by our very own Ethan Cook, where he breaks down key insights, shares behind-the-scenes context, and highlights research that complements this episode. Learn more about your ad choices. Visit megaphone.fm/adchoices

How might Trump’s new National Security Strategy impact cyber? The UK’s NCSC warns LLMs may never get over prompt injection. At least 18 U.S. universities were hit by a months-long phishing campaign. Russia blocks FaceTime. A bipartisan group of senators reviving efforts to strengthen protections across the health sector. Portugal provides legal safe harbor for good-faith security research. A large-scale campaign targets Palo Alto GlobalProtect portals. A Maryland man gets 15 months in prison for his part in a North Korean IT worker scam. Business Brief. Tim Starks from CyberScoop unpacks the President's pending cybersecurity strategy release. An AI image sends UK train schedules off the rails.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Tim Starks, senior reporter  from CyberScoop, discussing President Trump's pending cybersecurity strategy release and the end of Sean Plankey’s nomination process. Selected Reading National Security Strategy (The White House) The National Security Strategy: The Good, the Not So Great, and the Alarm Bells (CSIS) UK intelligence warns AI 'prompt injection' attacks might never go away (The Record) Over 70 Domains Used in Months-Long Phishing Spree Against US Universities (Hackread) Russia restricts FaceTime, its latest step in controlling online communications (AP News) Bipartisan health care cybersecurity legislation returns to address a cornucopia of issues (CyberScoop) Portugal updates cybercrime law to exempt security researchers (Bleeping Computer) New wave of VPN login attempts targets Palo Alto GlobalProtect portals (Bleeping Computer) Maryland man sentenced for N. Korea IT worker scheme involving US government contracts (The Record) ServiceNow reportedly intends to acquire Veza for more than $1 billion (N2K Pro Business Briefing) Trains cancelled over fake bridge collapse image (BBC News) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of Career Notes. Chief security strategist from Analyst1, Jon DiMaggio shares his story on how he grew to become a part of the cybersecurity world. He describes different jobs that paved the way to the knowledge he has in the industry right now, and he even shares about an experience that led him to a path that split and which decision he would make, would be crucial in his career. He explains which way he ended up going and how a critical part of his career helped to determine that path. He says "there's two paths when you have that happen, you can either let it defeat you, or you know, you come back swinging." We thank Jon for sharing his story. Learn more about your ad choices. Visit megaphone.fm/adchoices

Jaron Bradley, Director of Jamf Threat Labs, is sharing their work on "ChillyHell: A Deep Dive into a Modular macOS Backdoor." Jamf Threat Labs uncovers a newly notarized macOS backdoor called ChillyHell, tied to past UNC4487 activity and disguised as a legitimate applet. The malware showcases robust host profiling, multiple persistence mechanisms, timestomping, and flexible C2 communications over both DNS and HTTP. Its modular design includes reverse shells, payload delivery, self-updates, and a brute-force component targeting user credentials. The research can be found here: ⁠ChillyHell: A Deep Dive into a Modular macOS Backdoor Learn more about your ad choices. Visit megaphone.fm/adchoices

Chinese threat actors deploy Brickstorm malware. The critical React2Shell vulnerability is under active exploitation. Cloudflare’s emergency patch triggered a brief global outage. Phishing kits pivot to fake e-commerce sites. The European Commission fines X(Twitter) €120 million for violating the Digital Services Act. Predator spyware has a new bag of tricks. A Russian physicist gets 21 years in prison for cybercrimes. Twin brothers are arrested for allegedly stealing and destroying government data. Our guest is Blair Canavan, Director of Alliances - PKI & PQC Portfolio from Thales, discussing post quantum cryptography. Smart toilet encryption claims don’t hold water.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today on our Industry Voices segment, we are joined by Blair Canavan, Director of Alliances - PKI & PQC Portfolio from Thales, discussing post quantum cryptography (PQC). Listen to Blair’s full conversation here. Selected Reading Chinese hackers used Brickworm malware to breach critical US infrastructure (TechRadar) React2Shell critical flaw actively exploited in China-linked attacks (BleepingComputer) Cloudflare blames today's outage on emergency React2Shell patch (Bleeping Computer) SMS Phishers Pivot to Points, Taxes, Fake Retailers (Krebs on Security) Threat Spotlight: Introducing GhostFrame, a new super stealthy phishing kit (Barracuda) EU issues €120 million fine to Elon Musk's X under rules to tackle disinformation  (The Record) Predator spyware uses new infection vector for zero-click attacks (Bleeping Computer) Russian scientist sentenced to 21 years on treason, cyber sabotage charges (The Record) Twins with hacking history charged in insider data breach affecting multiple federal agencies (Cyberscoop) ‘End-to-end encrypted’ smart toilet camera is not actually end-to-end encrypted (TechCrunch)- kicker Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA staff may see pay cuts in 2026. Threat actors advertise a full chain zero-day exploit for iOS. A US-led international coalition releases joint guidance on integrating AI into operational technology. Microsoft lowers sales growth targets for its agentic AI products. A major fintech provider suffers a ransomware-linked breach. Arizona’s Attorney General sues Temo over data collection practices. Lessons learned from Capita’s handling of Black Basta. The UK sanctions Russia’s GRU. My guest is Dave Baggett, co-founder and CEO of INKY (recently acquired by Kaseya), about the challenges of email security. A U.S. Bankruptcy Court insists on AI transparency. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, Dave Bittner speaks with Dave Baggett, co-founder and CEO of INKY (recently acquired by Kaseya), about the need to update email security that was built on a 1971 design. Selected Reading US Slashes Pay Incentives at Already Weakened Cyber Agency (Bloomberg) Zero-Day Alert: Alleged iOS 26 Full Chain Exploit for Sale (Dataminr) Principles for the Secure Integration of Artificial Intelligence in Operational Technology (CISA) Microsoft drops AI sales targets in half after salespeople miss their quotas (Ars Technica) Marketing and Compliance Software Vendor to Banks Breached (Data Breach Today) Arizona attorney general sues Chinese online retailer Temu over data theft claims (AP News) What organisations can learn from the record breaking fine over Capita’s ransomware incident (DoublePulsar) UK cracks down on Russian intelligence agency authorised by Putin to target Skripals (GOV.UK) General Order 210: Filings Using Generative Artificial Intelligence (Southern District of California, United States Bankruptcy Court) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The DOJ shuts down another scam center in Myanmar. OpenAI confirms a Mixpanel data breach. A new phishing campaign targets company executives. A bipartisan bill looks to preserve the State and Local Cybersecurity Grant Program. Universities suffer Oracle EBS data breaches. India reports GPS jamming at eight major airports. Kaiser Permanente settles a class action suit over tracking pixels. The FTC plans to require a cloud provider to delete unnecessary student data. An international initiative is developing guidelines for commercial spyware. Our N2K Producer Liz Stokes speaks with Kristiina Omri, Director of Special Programs for CybExer Technologies about the cyber ranges for NATO and ESA. Iranian hackers give malware a retro reboot.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, we bring you a conversation our N2K Producer Liz Stokes and Kristiina Omri, Director of Special Programs for CybExer Technologies, had during Liz’s  visit to Tallinn, Estonia about the cyber ranges for NATO and ESA. We are pleased to share that our N2K colleagues Liz Stokes and Maria Varmazis were in Tallinn, Estonia this week for the NATO Cyber Coalition 2025 Cyber Range Exercise. Their visit marks the CyberWire as the only United States podcasters invited to attend. We’ll be sharing interviews and insights from the event, starting today with our producer Liz Stokes’ conversation with  Kristiina Omri, Director of Special Programs for CybExer Technologies. Selected ReadingDOJ takes down Myanmar scam center website spoofing TickMill trading platform (The Record) OpenAI Confirms Mixpanel Data Breach—Was Your Data Stolen? (KnowTechie) New “Executive Award” Scam Exploits ClickFix to Deliver Stealerium Malware (GB Hackers) Hassan and Cornyn bring in bipartisan bill to keep state and local cyber grant program alive (Industrial Cyber) Penn and Phoenix Universities Disclose Data Breach After Oracle Hack (SecurityWeek) Indian government reveals GPS spoofing at eight major airports (The Register) Kaiser Permanente to Pay Up to $47.5M in Web Tracker Lawsuit (BankInfo Security) FTC settlement requires Illuminate to delete unnecessary student data (Bleeping Computer) Pall Mall Process to Define Responsible Commercial Cyber Intrusion (Infosecurity Magazine) Iran Hackers Take Inspiration From Snake Video Game (GovInfo Security) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.   Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Enjoy this episode of Cyber things from Armis. Catch the next episode on your favorite podcast app on December 15th. Welcome to Cyber Things, a special edition podcast produced in partnership by Armis and N2K CyberWire that plunges into the hidden world beneath our connected reality. Inspired by Stranger Things, we explore the digital realm's own Upside Down - a space teeming with unseen devices, silent intruders, and invisible threats that quietly impact our everyday lives. In this first episode, we tackle the core challenge of modern defense: seeing the unseen. Rebecca Cradick, VP of Global Communications at Armis, is joined by Kam Chumley-Soltani, Director of OT Solutions Engineering at Armis. They discuss what it truly takes for cybersecurity professionals to achieve full visibility and how early intelligence acts as a crucial barrier, stopping a devastating cyber storm before it breaks through the gate. Tune in now to hear how defenders are fighting back against the digital demons that lurk in the shadows. Learn more about your ad choices. Visit megaphone.fm/adchoices

ShadyPanda plays the long game. India mandates tracking software on mobile devices. Korea weighs punitive damages after a massive breach. Qualcomm patches a critical boot flaw impacting millions. OpenAI patches a Codex CLI vulnerability. Google patches Android zero-days. Cybersecurity issues prompt an FDA permanent recall for an at-home ventilator system. Switzerland questions the security of hyperscale clouds and SaaS services. One of the world’s largest cyber insurers pulls back from the market. On our Threat Vector segment, ⁠David Moulton⁠ sits down with ⁠Stav Setty to unpack the Jingle Thief campaign.  In Russia, Porsches take a holiday.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector segment In today’s Threat Vector segment, host ⁠David Moulton⁠, Senior Director of Thought Leadership for Unit 42, sits down with ⁠Stav Setty⁠, Principal Researcher at Palo Alto Networks, to unpack Jingle Thief a cloud-only, identity-driven campaign that turned Microsoft 365 into a gift card printing press. Stav explains how the Morocco-based group known as Atlas Lion lived off the land inside M365 for months at a time, using tailored phishing and smishing pages, URL tricks, and internal phishing to compromise one user and quietly pivot to dozens more. To listen to the full conversation on Threat Vector, listen here. You can catch new episodes of Threat Vector every Thursday on your favorite podcast app.  Selected Reading Browser extensions pushed malware to 4.3M Chrome, Edge users (The Register) India plans to verify and record every smartphone in circulation (TechCrunch) Apple to Resist India's Order to Preload Government App on iPhones (MacRumors) President orders probe into Coupang breach (The Korea Herald) Qualcomm Alerts Users to Critical Flaws That Compromise the Secure Boot Process (GB Hackers) Vulnerability in OpenAI Coding Agent Could Facilitate Attacks on Developers (SecurityWeek) Google Releases Patches for Android Zero-Day Flaws Exploited in the Wild (Infosecurity Magazine) 'Cyber Issue' Leads to FDA Recall of Baxter Respiratory Gear (GovInfoSecurity) Swiss government bans SaaS and cloud for sensitive info (The Register) Publication: Resolution on outsourcing data processing to the cloud (Privatim) Insurer Beazley Steps Back From Cyber Market as Attacks Surge (PYMNTS.com) Hundreds of Porsche Owners in Russia Unable to Start Cars After System Failure (The Moscow Times) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.  Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode, Kim Jones sits down with Eric Nagel, a former CISO with a rare blend of engineering, legal, and patent expertise, to unpack what responsible AI really looks like inside a modern enterprise. Eric breaks down the difference between traditional machine learning and generative AI, why nondeterministic outputs can be both powerful and risky, and how issues like bias, hallucinations, and data leakage demand new safeguards—including AI firewalls. He also discusses what smaller organizations can do to manage AI risk, how tools like code-generation models change expectations for developers, and the evolving regulatory landscape shaping how companies must deploy AI responsibly. Want more CISO Perspectives? Check out a companion ⁠⁠blog post⁠⁠ by our very own Ethan Cook, where he breaks down key insights, shares behind-the-scenes context, and highlights research that complements this episode. Learn more about your ad choices. Visit megaphone.fm/adchoices

European authorities take down an illegal cryptomixer. An Australian man is sentenced for running an airport evil twin WiFi campaign. Researchers unmask a Scattered LAPSUS$ Hunters impresario. CISA flags a cross-site scripting flaw in OpenPLC ScadaBR. A major South Korean retailer suffers a data breach affecting over 33 million customers. Threat actors abuse digital calendar subscription features. New York’s new hospital cybersecurity mandates may raise the bar nationwide. Scammers target Cyber Monday shoppers. Monday business brief. Ann Johnson speaks with Microsoft’s Amy Hogan-Burney on the Afternoon Cyber Tea segment. Google gets caught reheating someone else’s holiday recipe.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, ⁠Daily Briefing⁠, and you’ll never miss a beat. And be sure to follow CyberWire Daily on ⁠LinkedIn⁠. Afternoon Cyber Tea segment Afternoon Cyber Tea host Ann Johnson speaks with Amy Hogan-Burney, Corporate Vice President of Customer Trust and Security at Microsoft, about how Microsoft Is redefining global cyber defense. Ann and Amy discuss Microsoft’s evolving approach to combating global cybercrime and the importance of collaboration across the private and public sectors. You can listen to their full conversation here and catch new episodes of Afternoon Cyber Tea every other Tuesday on your favorite podcast app.  Selected Reading Cryptomixer crypto laundering service taken down by law enforcement (Help Net Security) Man behind in-flight Evil Twin WiFi attacks gets 7 years in prison (Bleeping Computer) Meet Rey, the Admin of ‘Scattered Lapsus$ Hunters’ (Krebs on Security) U.S. CISA adds an OpenPLC ScadaBR flaw to its Known Exploited Vulnerabilities catalog (Security Affairs) Data breach hits 'South Korea's Amazon,' potentially affecting 65% of country’s population (The Record) Threat Actors Exploit Calendar Subscriptions for Phishing and Malware (Infosecurity Magazine) New York Hospital Cyber Rules to 'Raise the Bar' Nationwide (GovInfo Security) Over 2,000 Fake Shopping Sites Spotted Before Cyber Monday (Hackread) Guardio secures $80 million in new funding. (N2K Pro Business Briefing) Google deletes X post after getting caught using a ‘stolen’ AI recipe infographic (Bleeping Computer) Share your feedback.What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.   Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of Career Notes. Operational technology cybersecurity strategist from Nozomi Networks, Danielle Jablanski shares her story of building a target map to end up where she is today. She shares how she started in college and how different paths in life got her to be on the target of success where she is today. She says " you build out that kind of target of where you want to be, and understand that getting to that point might mean doing things you don't enjoy for a number of years, but figuring that out is another way to get to that target without having like a clear bullseye" She goes on to explain how this target map is helping her to create real change and ultimately makes an impact. We thank Danielle for sharing her story. Learn more about your ad choices. Visit megaphone.fm/adchoices

Join us for a timely and insightful live discussion on the evolving role of artificial intelligence in governance, risk, and compliance. Host Dave Bittner from N2K | CyberWire is joined by Kayne McGladrey from Hyperproof, Matthew Cassidy, PMP, CISA from Grant Thornton (US), and Alam Ali from Hyperproof to explore the current state of artificial intelligence in governance, risk, and compliance. The panel will discuss what AI is truly doing well today, the risks and challenges organizations need to watch for, and how AI is poised to influence the future of GRC. They will also share practical insights and real-world guidance for teams looking to adopt AI responsibly and effectively. Don’t miss this timely conversation as our experts break down what’s real, what’s risky, and what’s next in AI for GRC. Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of Research Saturday. This week, we are joined by ⁠Michael Gorelik⁠, Chief Technology Officer from ⁠Morphisec⁠, discussing their work on "New Noodlophile Stealer Distributes Via Fake AI Video Generation Platforms." A new threat dubbed Noodlophile Stealer is exploiting the popularity of AI-powered content tools by posing as fake AI video generation platforms, luring users into uploading media in exchange for malware-laced downloads. Distributed through convincing Facebook groups and viral campaigns, the malware steals browser credentials, cryptocurrency wallets, and can deploy a remote access trojan like XWorm. The campaign uses a layered, obfuscated delivery chain disguised as legitimate video editing software, making it both deceptive and difficult to detect. The research can be found here: ⁠⁠⁠New Noodlophile Stealer Distributes Via Fake AI Video Generation Platforms Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of Only Malware in the Building. Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is ⁠⁠⁠⁠⁠Selena Larson⁠⁠⁠⁠⁠, ⁠⁠⁠⁠⁠Proofpoint⁠⁠⁠⁠⁠ intelligence analyst and host of their podcast ⁠⁠⁠⁠⁠DISCARDED⁠⁠⁠⁠⁠. Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by her co-hosts ⁠⁠⁠⁠⁠N2K Networks⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠ and ⁠⁠⁠⁠Keith Mularski⁠⁠⁠⁠, former FBI cybercrime investigator and now Chief Global Ambassador at ⁠⁠⁠⁠Qintel⁠⁠⁠⁠. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we explore what makes information sharing actually work. From public-private partnerships to actionable intelligence, our guests discuss how organizations can prioritize, process, and operationalize shared cyber threat data to stay ahead of emerging risks. Plus, catch Dave, Selena, and Keith on their road trip adventure in our video on ⁠⁠YouTube⁠⁠ — full of laughs, unexpected detours, and plenty of sleuthing! Learn more about your ad choices. Visit megaphone.fm/adchoices

We dive into a nostalgic yet revealing journey through classic hacker films, from WarGames to The Net and beyond, to assess what they got right, what they wildly imagined, and what those stories say about culture, fears, and cyber reality today. David Moulton, Senior Director of Thought Leadership for Unit 42  talks with Ben Hasskamp, Global Content Leader at Palo Alto Networks, who has been writing deeply on this intersection of media, tech, and risk. Together, we’ll examine how cinematic depictions of hacking have shaped public perception, influenced policy, and sometimes eerily foreshadowed modern cyber threats. Expect a blend of film critique, security insight, and cultural reflection. Join the conversation on our social media channels: Website:⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠https://www.paloaltonetworks.com/⁠⁠⁠⁠⁠⁠ Threat Research:⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠https://unit42.paloaltonetworks.com/⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Facebook:⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠https://www.facebook.com/LifeatPaloAltoNetworks/⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ LinkedIn:⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠https://www.linkedin.com/company/unit42/⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ YouTube:⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@paloaltonetworks⁠⁠⁠⁠⁠ Twitter:⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/PaloAltoNtwks⁠⁠⁠⁠⁠⁠⁠⁠⁠ About Threat Vector Threat Vector by Palo Alto Networks is your premier podcast for security thought leadership. Join us as we explore pressing cybersecurity threats, robust protection strategies, and the latest industry trends. The podcast features in-depth discussions with industry leaders, Palo Alto Networks experts, and customers, providing crucial insights for security decision-makers. Whether you're looking to stay ahead of the curve with innovative solutions or understand the evolving cybersecurity landscape, Threat Vector equips you with the knowledge needed to safeguard your organization. Palo Alto Networks Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile.⁠⁠⁠⁠⁠⁠ ⁠http://paloaltonetworks.com.⁠ Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of T-Minus Deep Space. BigBear.ai is at the forefront of innovation for national security, and is committed to supporting the critical infrastructure driving America’s competitive edge. The company deploys cutting-edge Al, machine learning, and computer vision solutions to defend critical operations and win with decision advantage. Our guests are ⁠Eric Conway,⁠ Vice President of Technology, and ⁠Joe Davis⁠, Cybersecurity Research Scientist  at ⁠Bigbear.ai.⁠  Remember to leave us a 5-star rating and review in your favorite podcast app. Be sure to follow T-Minus on ⁠LinkedIn⁠ and ⁠Instagram⁠. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our ⁠media kit⁠. Contact us at ⁠space@n2k.com⁠ to request more info. Want to join us for an interview? Please send your pitch to ⁠space-editor@n2k.com⁠ and include your name, affiliation, and topic proposal. T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Report sheds light on cyber activity targeting space-related organizations during the Gaza War. Russian threat actor targets US civil engineering firm. FBI says $262 million has been stolen in account takeover scams this year. HashJack attack tricks AI browser assistants. London councils disrupted by cyberattacks. Russia’s Gamaredon and North Korea’s Lazarus Group appear to be sharing infrastructure. Canon says subsidiary was breached by Oracle EBS flaw. Dave Bittner was joined by Cynthia Kaiser, SVP of the Ransomware Research Center at Halcyon, sharing a deep dive on Akira ransomware. And Campbell’s Soup CISO placed on leave following lawsuit. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Dave Bittner was joined by Cynthia Kaiser, SVP of the Ransomware Research Center at Halcyon, sharing a deep dive on Akira ransomware. Learn more on Halcyon’s threat actor profile of Akira, and how they fit into their latest Malicious Quartile Report. Selected Reading New Report Warns Space Sector Faces Rising Cyber Threats Amid Modern Conflicts (Orbital Today)  Russian RomCom Utilizing SocGholish to Deliver Mythic Agent to U.S. Companies Supporting Ukraine (Arctic Wolf) FBI says $262 million has been stolen in account takeover scams this year (IC3) HashJack – Novel Indirect Prompt Injection Against AI Browser Assistants (Cato Networks) Multiple London councils 'hit by cyber-attacks' (BBC) London Cyberattacks Confirmed — Security Experts Issue Multiple Warnings (Forbes) Russian and North Korean Hackers Forge Global Cyberattack Alliance (GB Hackers) Canon Allegedly Breached by Clop Ransomware via Oracle E-Business Suite 0-Day Hack (Cyber Security News)   A Campbell Soup VP is on leave after secret recording appears to show him mocking 'poor' customers, '3D-printed chicken' (Business Insider) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA warns of spyware targeting messaging apps. CodeRED, this is not a test. Infostealer campaign spreads via malicious Blender files. Shai-Hulud’s second coming. Real estate finance firm SitusAMC investigates breach. Dartmouth College discloses Oracle EBS breach. Dave Bittner is joined by Tim Starks, Senior reporter from CyberScoop, to discuss the Trump administration’s upcoming cyber strategy. And tis the season for deals — and digital deception. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Dave Bittner is joined by Tim Starks, Senior reporter from CyberScoop, to discuss the Trump administration’s upcoming cyber strategy. Read Tim’s piece on the topic “Completed draft of cyber strategy emphasizes imposing costs, industry partnership”. Selected Reading ​​Spyware Allows Cyber Threat Actors to Target Users of Messaging Applications​ (CISA) CodeRED cyber attack leaves emergency notification system down, exposes user data (First Alert 4) Morphisec Thwarts Russian-Linked StealC V2 Campaign Targeting Blender Users via Malicious .blend Files (Morphisec) Shai-Hulud’s Second Coming: NPM Malware Attack Evolved (Checkmarx) SitusAMC confirms breach of client data after cyberattack (The Register) Clop's Oracle EBS rampage reaches Dartmouth College (The Register) 2025 Retail Holiday Threat Report: Scams and Impersonation Attacks Targeting Retailers (BforeAI) The data privacy costs of Black Friday bargains: 100 Black Friday apps analyzed (Comparitech) 2025 Ransomware Holiday Risk Report (Semperis) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices