"Signed, sealed, exploitable...."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 22 June 2025, 2331 UTC.

Content and Source:  "The CyberWire."

 https://feedly.com/i/subscription/feed%2Fhttps%3A%2F%2Fthecyberwire.com%2Ffeeds%2Frss.xml

Please check email subscription link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecuritiyjournal.net).

The CyberWire

11K followers22 articles per week

#security#ciso#tech

36

Jun 20, 2025

Signed, sealed, exploitable.

1d

⁠Dustin Childs⁠, Head of Threat Awareness at ⁠Trend Micro Zero Day Initiative⁠, joins to discuss their work on "ZDI-23-1527 and ZDI-23-1528: The Potential Impact of Overly Permissive SAS Tokens on PC Manager Supply Chains." The research explores two critical vulnerabilities (ZDI-23-1527 and ZDI-23-1528) that could have enabled attackers to hijack the Microsoft PC Manager supply chain via overly pe

Scattered Spider shifts targeting to the US insurance sector. Pro-Israel hackers hit Iranian financial entities.

Scattered Spider targets US insurance

•

1d

Billions of previously stolen credentials were exposed in unsecured databases.

A blast from the breached past.

7 TTPs

•

2d

An historic data breach that wasn’t. Aflac says it stopped a ransomware attack. Cloudflare thwarts a record breaking DDoS attack. Mocha Manakin combines clever social engineering with custom-built malware. The Godfather Android trojan uses a sophisticated virtualization technique to hijack banking and crypto apps. A British expert on Russian information warfare is targeted in a sophisticated spear

Italy opens investigation into DeepSeek.

2d

GENIUS Act passed by the Senate.

Aflac hit by suspected Scattered Spider attack.

3 TTPs

•

2d

Pro-Israel hackers burn $90 million stolen from Iranian crypto exchange. Billions of stolen credentials were exposed in unsecured databases.

Jun 18, 2025

Juneteenth: Reflecting, belonging, and owning your seat at the table.

3d

We put together an open conversation between our podcast hosts, CyberWire Daily's ⁠Dave Bittner⁠, ⁠T-Minus Space Daily⁠’s ⁠Maria Varmazis⁠, and ⁠CISO Perspectives⁠ podcast’s ⁠Kim Jones⁠. Their conversation goes deeper than just the historical significance of Juneteenth, diving into candid conversations on allyship, representation, and the enduring value of diversity in the cybersecurity and space

US DOJ opens antitrust review of Google's Wiz acquisition.

Google's Wiz acquisition faces antitrust review

•

4d

Bitdefender to acquire Mesh Security.

Typhoon on the line.

4d

Viasat confirms it was breached by Salt Typhoon. Microsoft’s June 2025 security update giveth, and Microsoft’s June 2025 security update taketh away. Local privilege escalation flaws grant root access on major Linux distributions. BeyondTrust patches a critical remote code execution flaw. SMS low cost routing exposes users to serious risks. Erie Insurance says their ongoing outage isn’t ransomware

Viasat identified as a victim of Salt Typhoon hacks.

4d

Pro-Israel hackers take credit for attack on Iranian bank. Veeam patches critical flaw affecting backup servers.

Jun 17, 2025

Free Forever, No BS: Inside Bitwarden’s Growth Playbook with Gary Orenstein

4d

Most cybersecurity vendors lead with fear, gate their best features, and hide behind complexity. Bitwarden did the opposite and still won. In this episode, Gianna and Maria sit down with Gary Orenstein, the Chief Customer Officer at Bitwarden, to break down how an open-source password manager with a “free forever” product became a trusted global brand across consumers and enterprises. No gimmicks.

Cut the Noise, Ditch the Nonsense, Earn the Trust

4d

In this episode of Threat Vector, host ⁠David Moulton⁠ sits down with ⁠Tyler Shields⁠, Principal Analyst at ⁠ESG⁠, entrepreneur, and cybersecurity marketing expert, to discuss the fine line between thought leadership and echo chambers in the industry.

Can’t DOGE the inquiry.

5d

A House oversight committee requests DOGE documents from Microsoft. Predatory Sparrow claims a cyberattack on an Iranian bank. Microsoft says data that happens in Europe will stay in Europe. A complex malware campaign is using heavily obfuscated Visual Basic files to deploy RATs. A widely used CMS platform suffers potential RCE bugs. North Korea’s Kimsuky targets academic institutions using passwo

Scattered Spider shifts targeting to the US insurance sector.

Scattered Spider targets US insurance

•

5d

Water Curse distributes malware via weaponized GitHub repositories. United Natural Foods continues recovery from cyberattack.

Jun 16, 2025

The Human Firewall: People-First Cybersecurity

5d

Dr. Aleise McGowan⁠, Chief Information Security Officer of BlackGirlsHack and a 20-year cybersecurity veteran, joins Ann on this week's episode of Afternoon Cyber Tea. Aleise shares how a career-defining hack early on shifted her trajectory from developer to defender, and why she believes the future of security lies in resilience, diversity, and human-centered leadership. She talks about what sepa

How do we address talent strategically?

5d

When hiring new employees, organizations often struggle with how to strategically acquire cyber talent in ways that truly strengthen their teams and overall security posture.

Strategic approaches to talent: A practical guide.

5d

Even as cybersecurity has grown and become universially accepted, the field has continued to struggle when attempting to assess and aquire talent. Oftentimes, there is a disconnect between what organizations need and what they interview for leading vague job postings and ineffective hirings. In this episode of CISO Perspectives, host ⁠Kim Jones⁠ sits down with Jeff Welgan, the Chief Strategist and

Darknet drug marketplace closed for business.

6d

International law enforcement takes down a darknet drug marketplace. The Washington Post is investigating a cyberattack targeting several journalists' email accounts. Anubis ransomware adds destructive capabilities. The GrayAlpha threat group uses fake browser update pages to deliver advanced malware. Researchers uncover a stealthy malware campaign that hides a malicious payload in a JPEG image. T

Hackers compromise Washington Post email accounts.

6d

WestJet investigates cybersecurity incident. Google attributes last week's outage to API management bug.

Jun 13, 2025

Hiding in plain sight with vibe coding.

8d

This week, Dave is joined by ⁠Ziv Karliner⁠, ⁠Pillar Security⁠’s Co-Founder and CTO, sharing details on their work on "New Vulnerability in GitHub Copilot and Cursor: How Hackers Can Weaponize Code Agents." Vibe Coding - where developers use AI assistants like GitHub Copilot and Cursor to generate code almost instantly - has become central to how enterprises build software today. But while it’s tu

Spyware industry news. Patch Tuesday notes.

8d

UK calls for blood donors following last year's cyberattack. United Natural Foods disrupted by cyberattack. Trump Administration amends cybersecurity policies.

Cloudflare’s cloudy day resolved.

9d

Cloudflare says yesterday’s widespread outage was not caused by a cyberattack. Predator mobile spyware remains highly active. Microsoft is investigating ongoing Microsoft 365 authentication services issues. An account takeover campaign targets Entra ID users by abusing a popular pen testing tool. Palo Alto Networks documents a JavaScript obfuscation method dubbed “JSFireTruck.” Trend Micro and Mit

Google Cloud outage knocks major services offline.

9d

Citizen Lab documents use of Paragon's Graphite spyware against Apple devices. Intellexa's Predator continues operations despite sanctions.

Is AI Getting Too Real?

9d

On this week's show: OpenAI's models are reportedly resisting human commands to shut down. A controversial new research paper questions whether AI systems actually "think" or just create an illusion of reasoning. How generative AI exploits the same psychological triggers as gambling—"just one more prompt, bro!" Google's VEO-3 and ElevenLabs 3 are creating deepfakes so convincing they're fooling bo

Jun 12, 2025

Italy and paragon have ended their relationship.

10d

Getty involved in a landmark UK copyright case.

Scam operations disrupted across Asia.

Exfiltration (Enterprise TA0010)

•

10d

Interpol’s Operation Secure dismantles a major cybercrime network, and Singapore takes down scam centers. GitLab patches multiple vulnerabilities in its DevSecOps platform. Researchers unveil a covert method for exfiltrating data using smartwatches. EchoLeak allows for data exfiltration from Microsoft Copilot. Journalists are confirmed targets of Paragon’s Graphite spyware. France calls for commen

Law enforcement disrupts scam operations across Asia.

10d

Stealth Falcon APT exploited Windows zero-day. Erie Insurance confirms cyberattack.

Jun 11, 2025

Secure Your Summer: Top Cyber Myths, Busted

10d

In this episode of Threat Vector, ⁠David Moulton⁠ talks with ⁠Lisa Plaggemier⁠, Executive Director of the ⁠National Cybersecurity Alliance⁠. Lisa shares insights from this year’s “Oh Behave!” report and dives into why cybersecurity habits remain unchanged—even when we know better. From password reuse to misunderstood AI risks, Lisa explains how emotion, storytelling, and system design all play a r

Managing online security throughout the decades.

10d

This week, our hosts⁠⁠⁠⁠⁠⁠⁠ ⁠Dave Bittner⁠, ⁠⁠⁠⁠⁠⁠Joe Carrigan⁠⁠⁠⁠⁠⁠, and ⁠⁠⁠⁠⁠⁠Maria Varmazis⁠⁠⁠⁠⁠⁠ (also host of the ⁠⁠⁠⁠⁠⁠T-Minus⁠⁠⁠⁠⁠⁠ Space Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start off with some more chicken follow up, this week, delving into malware-related chicken names. Dave’s got the story o

Policy Deep Dive: Revisiting Antitrust

10d

In this special policy series, the Caveat team is taking a deep dive into key topic areas that are likely to generate notable conversations and political actions throughout the next administration.

The art of the breakup: Trump’s antitrust surge.

10d

This week on Caveat, Dave and Ben welcome back N2K’s own ⁠⁠Ethan Cook⁠⁠ for our latest policy deep dive segment. As a trusted expert in law, privacy, and surveillance, Ethan is joining the show regularly to provide in-depth analysis on the latest policy developments shaping the cybersecurity and legal landscape.

AI: Cybersecurity’s three-headed beast.

11d

Matt Radolec, VP - Incident Response, Cloud Operations & SE EU at Varonis, joins Dave Bittner on the CyberWire Daily podcast for a sponsored Industry Voices interview. Matt explores the triple threat AI poses to cybersecurity—fueling business innovation, strengthening defenses, and empowering attackers—while sharing key findings from Varonis' State of Data Security report on data exposure in the A

Cyera secures $540 million in Series E round.

11d

Cellebrite acquires Corellium.

Ghost students “haunting” online colleges.

11d

Patch Tuesday. Mozilla patches two critical FireFox security flaws. A critical flaw in Salesforce OmniStudio exposes sensitive customer data stored in plain text. The Badbox botnet continues to evolve. AI-powered “ghost students” enrolling in online college courses to steal government funds. Hackers steal nearly 300,000 vehicle crash reports from the Texas Department of Transportation. ConnectWise

Patch Tuesday notes.

11d

Interpol operation disrupts infostealer domains. Texas Department of Transportation discloses breach of crash reports.

Jun 10, 2025

A Peek Inside Microsoft’s Global Fight Against Cyber Threats

11d

Recorded live at RSAC 2025, this special episode of the Microsoft Threat Intelligence Podcast, hosted by⁠ ⁠⁠Sherrod DeGrippo,⁠ brings together ⁠Jeremy Dallman⁠ from the Microsoft Threat Intelligence and ⁠Steven Masada⁠ from Microsoft’s Digital Crimes Unit. The panel explores the psychology and techniques behind nation-state and criminal cyber actors, how Microsoft innovatively uses legal and techn

Ignore Ram Shankar Siva Kumar’s Previous Directions

11d

In this episode of The BlueHat Podcast, host ⁠Nic Fillingham⁠ and ⁠Wendy Zenone⁠ share ⁠Ram Shankar Siva Kumar’s⁠ dynamic keynote from BlueHat India 2025, where he explores the evolving threat landscape of AI through the lens of the Microsoft AI Red Team. From adversarial machine learning to psychosocial harms and persuasive AI, Ram highlights real-world case studies, including prompt injection, c

End of feed