Cloudflare’s cloudy day resolved.

Cloudflare says yesterday’s widespread outage was not caused by a cyberattack. Predator mobile spyware remains highly active. Microsoft is investigating ongoing Microsoft 365 authentication services issues. An account takeover campaign targets Entra ID users by abusing a popular pen testing tool. Palo Alto Networks documents a JavaScript obfuscation method dubbed “JSFireTruck.” Trend Micro and Mitel patch multiple high-severity vulnerabilities. CISA issues multiple advisories. My Hacking Humans cohost Joe Carrigan joins us to discuss linkless recruiting scams. Uncle Sam wants an AI chatbot. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today, we are joined by Joe Carrigan, one of Dave’s Hacking Humans co-hosts, to talk about linkless recruiting scams. You can learn more in this article from The Record: FIN6 cybercriminals pose as job seekers on LinkedIn to hack recruiters. Tune in to Hacking Humans each Thursday on your favorite podcast app to hear the latest on the social engineering scams that are making the headlines from Joe, Dave and their co-host Maria Varmazis. 

Selected Reading

Cloudflare: Outage not caused by security incident, data is safe (Bleeping Computer)

Predator Mobile Spyware Remains Consistent with New Design Changes to Evade Detection (Cyber Security News)

Microsoft confirms auth issues affecting Microsoft 365 users (Bleeping Computer)

TeamFiltration Abused in Entra ID Account Takeover Campaign (SecurityWeek)

270K websites injected with ‘JSF-ck’ obfuscated code (SC Media)

Palo Alto Networks Patches Series of Vulnerabilities (Infosecurity Magazine)

SimpleHelp Vulnerability Exploited Against Utility Billing Software Users (SecurityWeek)

Trend Micro fixes critical vulnerabilities in multiple products (Bleeping Computer)

Critical Vulnerability Exposes Many Mitel MiCollab Instances to Remote Hacking  (SecurityWeek)

CISA Releases Ten Industrial Control Systems Advisories (CISA)

Trump team leaks AI plans in public GitHub repository (The Register)

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices