Open vs closed source in supply-chain attacks

Organizations worldwide scramble to address the critical React2Shell vulnerability.  Major insurers look to exclude artificial intelligence risks from corporate policies. Three Chinese hacking groups converge on the same Sharepoint flaws. Ransomware crews target hypervisors. A UK hospital asks the High Court to block publication of data stolen by the Clop gang. The White House approves additional Nvidia AI chip exports to China. The ICEBlock app creator sues the feds over app store removal. The FBI warns of virtual kidnapping scams. The FTC upholds a ban on a stalkerware maker. Dave Lindner, CISO of Contrast Security, discusses nation-state adversaries targeting source code to infiltrate the government and private sector. Craigslist’s founder pledges support for cybersecurity, veterans and pigeons.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

⁠Dave Lindner⁠, CISO of ⁠Contrast Security⁠, discusses nation-state adversaries targeting source code to infiltrate the government and private sector.

Selected Reading

Researchers track dozens of organizations affected by React2Shell compromises tied to China’s MSS (The Record)

Insurers retreat from AI cover as risk of multibillion-dollar claims mounts (Financial Times)

Three hacking groups, two vulnerabilities and all eyes on China (The Record)

Researchers spot 700 percent increase in hypervisor ransomware attacks (The Register)

UK Hospital Asks Court to Stymie Ransomware Data Leak (Bank Infosecurity)

Trump says Nvidia can sell more powerful AI chips to China (The Verge)

ICEBlock developer sues Trump administration over App Store removal (The Verge)

New FBI alert urges vigilance on virtual kidnapping schemes (SC Media)

FTC upholds ban on stalkerware founder Scott Zuckerman (TechCrunch)

Craigslist founder signs the Giving Pledge, and his fortune will go to military families, fighting cyberattacks—and a pigeon rescue (Fortune)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices