Federal agencies become battlegrounds in an unprecedented power struggle. XE Group evolves from credit-card skimming to exploiting zero-day vulnerabilities. WhatsApp uncovers a zero-click spyware attack linked to an Israeli firm.Texas expands its ban on Chinese-backed AI and social media apps. Data breaches expose the personal and medical information of over a million people.NVIDIA patches multiple critical vulnerabilities. Arm discloses critical vulnerabilities affecting its Mali GPU Kernel Drivers and firmware. The UK government aims to set the global standard for securing AI. Tim Starks from CyberScoop has the latest from Senate confirmation hearings. The National Cryptologic Museum rights a wrong. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Joining us today is Tim Starks, Senior Reporter from CyberScoop, to discuss two of his recent articles: 

• FBI nominee Kash Patel getting questions on cybercrime investigations, Silk Road founder, surveillance powers
• Even the US government can fall victim to cryptojacking

Selected Reading

Top Security Officials at Aid Agency Put on Leave After Denying Access to Musk Team (New York Times)

Exclusive: Musk aides lock workers out of OPM computer system (Reuters)

Federal Workers Block Doors of Admin Building Over Elon Musk Data Breach (DC Media Group)

Trump Broke the Federal Email System and Government Employees Got Blasted With Astonishingly Vulgar Messages (Futurism)

CISA employees told they are exempt from federal worker resignation program (The Record)

From credit card fraud to zero-day exploits: Xe Group expanding cybercriminal efforts (CyberScoop)

Israeli Firm Paragon Attack WhatsApp With New Zero-Click Spyware (Cyber Security News)

Texas Gov. Greg Abbott bans DeepSeek, RedNote and other Chinese-backed AI platforms (Statesman)

Hundreds of Thousands Hit by Data Breaches at Healthcare Firms in Colorado, North Carolina (SecurityWeek)

Insurance Company Globe Life Notifying 850,000 People of Data Breach (SecurityWeek)

NVIDIA GPU Display Driver Vulnerability Lets Attackers Steal Files Remotely - Update Now (Cyber Security News)

Arm Mali GPU Kernel Driver 0-Day Vulnerability Actively Exploited in the Wild (Cyber Security News)

UK Announces “World-First” AI Security Standard (Infosecurity Magazine)

Larry Pfeiffer on Bluesky (Bluesky)

• Possibly related to the Bluesky post: Trailblazers in U.S. Cryptologic History 

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices