Episodes

  • CISA secrets left sitting on GitHub.

    CISA secrets left sitting on GitHub.
    May 19 2026
    A CISA contractor leaks GovCloud credentials on GitHub. INTERPOL cracks down on phishing infrastructure across the Middle East and North Africa. Microsoft patches a critical Authenticator flaw, while Poland moves officials off Signal after targeted phishing campaigns. A stealthier SHub macOS infostealer emerges. Universal Robots fixes a critical vulnerability. A Dark Web marketplace dumps millions of stolen payment cards. Echo Protocol loses $76 million in a synthetic Bitcoin breach. Our guest is Chris Cochran, Field CISO & Vice President of AI Security at SANS, discussing their AI maturity model. Nathan Detroit rolls malware snake eyes. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Chris Cochran, Field CISO & Vice President of AI Security at SANS, discussing their SANS AI Security Maturity Model™. Selected Reading CISA Admin Leaked AWS GovCloud Keys on Github (Krebs on Security) INTERPOL Operation Ramz: 201 Apprehended in MENA Cybercrime Disruption (TechNadu) Microsoft Patches Critical Token Theft Vulnerability in Authenticator App (Beyond Machines) Poland shifts away from Signal following cyberattacks on officials’ accounts (Security Affairs) SHub macOS infostealer variant spoofs Apple security updates (Bleeping Computer) Critical Vulnerability Exposes Industrial Robot Fleets to Hacking (SecurityWeek) B1ack's Stash Releases 4.6 Million Stolen Credit Cards for Free (SOC Radar) Echo Protocol Hit by $76M eBTC Minting Exploit (SOC Radar) Chanhassen Dinner Theatres cancels more Guys and Dolls performances due to illness and cyberattack (KARE11) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
    Show More Show Less
    26 mins
  • The M5 just met its memory problem.

    The M5 just met its memory problem.
    May 18 2026
    Researchers crack Apple’s M5 memory protections with a kernel exploit. An IBM Security executive emerges as a possible CISA pick. Researchers uncover four malicious npm packages. AI-generated “slop” floods bug bounty programs. Major healthcare breaches hit the HHS tracker, 7-Eleven confirms a breach, and chained OpenClaw AI flaws could enable full host compromise. Santa Clara County sues Meta over alleged scam ads on Facebook and Instagram. Monday business breakdown. Our guest is Jason Madigan, Director of Commercial Cloud Security at Booz Allen, discussing the tension between resilience and data residency laws. A fond farewell for a security pioneer. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today’s Industry Voices segment we are joined by Jason Madigan, Director of Commercial Cloud Security at Booz Allen, discussing the tension between resilience and data residency laws. If you enjoyed this conversation, check out the full interview here. Selected Reading First public macOS kernel memory corruption exploit on Apple M5 (Calif) IBM executive floated for CISA director as concerns persist for agency (SC Media) Former CISA nominee Sean Plankey named US CEO of defense startup (CyberScoop) New Actors Deploy Shai-Hulud Clones: TeamPCP Copycats Are Here (OX Security) ‘Never-ending’ AI slop strains corporate hacking reward schemes (Financial Times) Millions Impacted Across Several US Healthcare Data Breaches (SecurityWeek) 7-Eleven Data Breach Confirmed After ShinyHunters Ransom Demand (SecurityWeek) 'Claw Chain' OpenClaw Flaws Allow Sandbox Escape, Backdoor Delivery (SecurityWeek) Santa Clara County sues Meta over alleged scam ads (San José Spotlight) Exaforce raises $125 million in Series B funding. (N2K Pro Business Briefing) Peter G. Neumann, Who Warned of Computer Security Risks, Dies at 93 (The New York Times) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
    Show More Show Less
    32 mins
  • From cyberspace to space-cyber. [T-Minus: Space-Cyber Briefing]

    From cyberspace to space-cyber. [T-Minus: Space-Cyber Briefing]
    May 17 2026
    For years, in-space internet capabilities were rarely worth the hassle. Now, that’s changing. In today’s episode, Maria Varmazis and Ethan Cook sit down to discuss how internet data moves through space systems and its recent advancements. For decades, GEO satellites made up most of the marketplace; however, LEO satellites are changing the landscape improving connectivity and speeds. Key sources: In-space relay and WiFi services. Space Development Agency On Orbit. Like what you heard? Be sure to subscribe to our free Signals and Space Briefing⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠, our Sunday newsletter covering the intersection of cybersecurity and space. Subscribe at: https://thecyberwire.com/newsletters/signals-and-space Is there a topic or person you’d like to hear on our show? You can send your questions and feedback to space@n2k.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠. T-Minus: Space-Cyber Briefing is a production of N2K CyberWire. N2K is your nexus for discovery and connection for people, technology, and ideas shaping the future of secure innovation. Learn how at n2k.com. Learn more about your ad choices. Visit megaphone.fm/adchoices
    Show More Show Less
    32 mins
  • Scam papers served. [Research Saturday]

    Scam papers served. [Research Saturday]
    May 16 2026
    ⁠⁠⁠Thomas Elkins⁠⁠⁠, SOC L3 Analyst from ⁠⁠⁠BlueVoyant⁠⁠⁠, is discussing "Unpacking Augmented Marauder’s Multi-Pronged Casbaneiro Campaigns." BlueVoyant researchers uncovered a large-scale phishing campaign by a Brazil-linked threat group targeting Spanish-speaking users across Latin America and Europe, using fake judicial summons emails, WhatsApp attacks, ClickFix tactics, and email phishing to spread the Casbaneiro banking trojan through the Horabot malware framework. The campaign uses sophisticated evasion methods including password-protected PDFs, dynamically generated ZIP filenames, anti-sandbox checks, fileless execution, and customized phishing lures to bypass security tools while turning infected systems into self-propagating botnets that hijack Outlook and webmail accounts to spread further attacks. Researchers say the operation highlights how the Augmented Marauder group (also known as Water Saci) is rapidly evolving its malware ecosystem, combining WhatsApp automation, dynamic phishing infrastructure, and advanced banking malware delivery into a highly adaptable, multi-pronged cybercrime operation. The research and executive brief can be found here: ⁠Unpacking Augmented Marauder’s Multi-Pronged Casbaneiro Campaigns⁠ Learn more about your ad choices. Visit megaphone.fm/adchoices
    Show More Show Less
    27 mins
  • One email could be all it takes.

    One email could be all it takes.
    May 15 2026
    Microsoft sounds the alarm on a critical Exchange zero-day, OpenAI and Mistral AI deal with fallout from a widening supply-chain attack campaign, and researchers uncover a thriving underground market for unlocking stolen iPhones. A stealthy macOS infostealer spreads through ClickFix scams, healthcare braces for major HIPAA security changes, and hackers cash in big at Pwn2Own Berlin after burning through two dozen zero-days. Maria Varmazis joins us with the latest from the T-Minus space cyber podcast. Researchers roll their eyes at ransomware reassurances. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, ⁠Daily Briefing⁠, and you’ll never miss a beat. And be sure to follow CyberWire Daily on ⁠LinkedIn⁠. CyberWire Guest Today we are joined by Maria Varmazis, host of T-Minus: Space-Cyber Briefing, talking about the evolution of the show. Join us on Sunday, May 17th for the first episode of T-Minus and tune in each Sunday for new episodes. Selected Reading ⁠Microsoft Reports Severe Zero-Day Flaw in On-Prem Exchange Servers⁠ (Infosecurity Magazine) ⁠OpenAI Hit by TanStack Supply Chain Attack⁠ (SecurityWeek) ⁠Mustang Panda Linked to New Modular FDMTP Backdoor⁠ (BankInfo Security) ⁠TeamPCP hackers advertise Mistral AI code repos for sale⁠ (Bleeping Computer) ⁠What's Next for the Proposed HIPAA Security Rule Overhaul?⁠ (GovInfo Security) ⁠American Lending Center Data Breach Affects 123,000 Individuals⁠ (SecurityWeek) ⁠Why AMOS matters: The macOS malware stealing data at scale⁠ (SOPHOS) ⁠Inside the Underground Market That Unlocks Stolen iPhones⁠ (Infoblox) ⁠Windows 11 and Microsoft Edge hacked at Pwn2Own Berlin 2026⁠ (Bleeping Computer) ⁠Nobody believes the 'criminals and scumbags' who hacked Canvas really deleted stolen student data⁠ (The Register) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our ⁠brief listener survey⁠. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at ⁠sponsor.thecyberwire.com⁠. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
    Show More Show Less
    25 mins
  • The era of AI-powered attacks is here.

    The era of AI-powered attacks is here.
    May 14 2026
    Google says AI-powered cybercrime has gone industrial scale. Two new Windows zero-days emerge. Signal threatens to leave Canada over lawful access legislation. Pentagon-linked influence operations shift to paid ads. Linux admins scramble to patch a new root-level flaw. FamousSparrow targets Azerbaijan’s energy sector. Cisco announces layoffs despite record revenue. An alleged Dream Market administrator faces cryptocurrency money laundering charges. Our guest is Cynthia Kaiser, SVP of Ransomware Research Center at Halcyon, discussing "Akira Ransomware Attacks in Under an Hour." The surveillance will continue until employee sentiment improves. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Cynthia Kaiser, SVP of Ransomware Research Center at Halcyon, is discussing "Akira Ransomware Attacks in Under an Hour." Selected Reading Adversaries Leverage AI for Vulnerability Exploitation, Augmented Operations, and Initial Access (Google Cloud Blog) Mystery Microsoft bug leaker keeps the zero-days coming (The Register) Signal warns it would pull out of Canada if made to comply with lawful access bill (The Globe and Mail) Fewer Bots, More Ads: The Pentagon’s Evolving Online Influence Campaigns (Lawfare) New Fragnesia Linux flaw lets attackers gain root privileges (Bleeping Computer) FamousSparrow Targeted Oil and Gas Industry via MS Exchange Server Exploit (Hackread) KongTuke hackers now use Microsoft Teams for corporate breaches (Bleeping Computer) Our Path Forward (Cisco Blogs) German citizen charged with laundering funds linked to prominent darknet marketplace “Dream Market” (United States Department of Justice) The Rise of Emotional Surveillance (The Atlantic) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
    Show More Show Less
    27 mins
  • Every layer needs a patch now.

    Every layer needs a patch now.
    May 13 2026
    Patch Tuesday. Global agencies update SBOM guidance. Iran-linked espionage group Seedworm breached a major South Korean electronics manufacturer. A telehealth platform breach affects 716,000. Foxconn confirms a cyberattack. Maria Varmazis has an update on orbital data centers. A lawmaker questions surveillance pricing. Brandon Karpf, friend of the show, is talking with Dave about "Japan’s space systems face growing cybersecurity threats." Robotic lawnmowers on the cutting edge. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today Brandon Karpf, friend of the show, is talking with Dave about "Japan’s space systems face growing cybersecurity threats." Selected Reading Microsoft Fixes 17 Critical Flaws in May Patch Tuesday (Infosecurity Magazine) Microsoft Patches Critical Zero-Click Outlook Vulnerability Threatening Enterprises (SecurityWeek) Adobe Patches 52 Vulnerabilities in 10 Products (SecurityWeek) Fortinet, Ivanti Patch Critical Vulnerabilities (SecurityWeek) Chipmaker Patch Tuesday: Intel and AMD 70 Vulnerabilities (SecurityWeek) ICS Patch Tuesday: New Security Advisories From Siemens, Schneider, CISA (SecurityWeek) Global Cyber Agencies Issue New SBOMs for AI Guidance to Tackle AI Supply Chain Risks (Infosecurity Magazine) Seedworm: Iran-Linked Hackers Breached Korean Electronics Maker in Global Spying Campaign (SECURITY.COM) 716,000 Impacted by OpenLoop Health Data Breach (SecurityWeek) Foxconn confirms cyberattack after ransomware crew claims it stole confidential Apple, Nvidia files (The Register) Congressman launches inquiry into how food retailers use surveillance pricing (The Record) Orbital Inference Data Center Bets On Space GPUs (IEEE Spectrum) Cowboy Space raises $275 million to launch AI data centers on brand-new rocket (Space.com) Yarbo responds to robot flaws that could mow down their owners (Malwarebytes) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
    Show More Show Less
    25 mins
  • China’s hackers aren’t invincible.

    China’s hackers aren’t invincible.
    May 12 2026
    Former NSA chief says the U.S. can beat China in cyberspace. Canvas cuts a deal with hackers. The FCC proposes KYC rules for phone users. SAP patches critical flaws. A poisoned TanStack npm supply chain attack spreads malware. Humanitarian aid lures deliver spyware. Japan launches an AI-driven cyber review. Texas sues Netflix over data practices. And Harvard experts debate the future of agentic AI security. On our Threat Vector segment David Moulton welcomes, Assaf Keren, CSO at Qualtrics and author of Lessons from the Frontlines. Our guest is Tim Starks from CyberScoop discussing changes to the CyberCorps Scholarship program. The Gentleman’s guide to awful OPSEC. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector AI is the most powerful tool defenders have ever had. It's also the most dangerous weapon attackers have ever had. Assaf Keren, CSO at Qualtrics and author of Lessons from the Frontlines, has seen AI reshape both sides of the threat equation. In this conversation, he gets specific about what happens when powerful tools fall into the wrong hands, and what leaders need to do before they get caught off-guard. You can listen to the full conversation here, and catch new episodes of Threat Vector with host David Moulton every Thursday on your favorite podcast app. CyberWire Guest Today we are joined by Tim Starks from CyberScoop discussing changes to the CyberCorps Scholarship program. You can read more in Tim’s article “Trump officials are steering a cybersecurity scholarship program toward AI.” Selected Reading I Ran the N.S.A. This Is How to Defeat China’s Hacker Army. (The New York Times) Canvas hack: company pays criminals to delete students' stolen data (BBC News) FCC Attempts to Solve Robocall Problem by Potentially Creating Even Bigger Privacy Problem (Gizmodo) SAP Patches Critical S/4HANA, Commerce Vulnerabilities (SecurityWeek) Cache-poisoning caper turns TanStack npm packages toxic (The Register) Operation HumanitarianBait Uses Fake Aid Documents to Deploy Python Spyware (Hackread) Japan’s PM orders cybersecurity review to stop Mythos going full CyberZilla (The Register) Texas sues Netflix over alleged data practices that create ‘surveillance machinery’ without user consent (The Record) Time for government, business leaders to figure out AI cybersecurity regulation (Harvard Gazette) Tables Turned: Gentlemen Ransomware Group Suffers Data Leak (BankInfo Security) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
    Show More Show Less
    38 mins