Malicious MCP Server Discovered in Supply Chain Attack

CISA gives federal agencies 24 hours to patch a critical Cisco firewall bug. Researchers uncover the first known malicious MCP server used in a supply chain attack. The New York SIM card threat may have been overblown. Microsoft tags a new variant of the XCSSET macOS malware. An exposed auto insurance claims database puts PII at risk. Amazon will pay $2.5 billion to settle dark pattern allegations. Researchers uncover North Korea’s hybrid playbook of cybercrime and insider threats. An old Hikvision security camera vulnerability rears its ugly head. Dan Trujillo from the Air Force Research Laboratory’s Space Vehicles Directorate joins Maria Varmazis, host of T-Minus Space Daily to discuss how his team is securing satellites and space systems from cyber threats. DOGE delivers dysfunction, disarray, and disappointment.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest

Dan Trujillo from the Air Force Research Laboratory’s Space Vehicles Directorate joins Maria Varmazis, host of T-Minus Space Daily to discuss how his team is securing satellites and space systems from cyber threats and also shares advice for breaking into the fast-growing field of space cybersecurity

Selected Reading

Federal agencies given one day to patch exploited Cisco firewall bugs (The Record)

First malicious MCP Server discovered, stealing data from AI-Powered email systems (Beyond Machines)

Secret Service faces backlash over SIM farm bust as experts challenge threat claims (Metacurity)

Microsoft warns of new XCSSET macOS malware variant targeting Xcode devs (Bleeping Computer)

Microsoft cuts off cloud services to Israeli military unit after report of storing Palestinians' phone calls (CNBC)

Auto Insurance Platform Exposed Over 5 Million Records Including Documents Containing PII (Website Planet)

Amazon pays $2.5 billion to settle Prime memberships lawsuit (Bleeping Computer)

DeceptiveDevelopment: From primitive crypto theft to sophisticated AI-based deception (We Live Security)

Critical 8 years old Hikvision Camera flaw actively exploited again (Beyond Machines)

The Story of DOGE, as Told by Federal Workers (WIRED)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices