CyberWire Daily

New sandbox escape looks awfully familiar.

Mar 28, 2025

Chris Wysopal, the Founder and Chief Security Evangelist of Veracode, delves into the alarming increase in the average fix time for security flaws, shedding light on how modern technology complicates the issue. He reveals that many organizations are sitting on critical security debt for over a year. The conversation also touches on significant vulnerabilities affecting both Firefox and Chrome. Additionally, the RedCurl gang's first foray into ransomware adds a chilling twist to current cyber threats, while innovative automation in cybersecurity is showcased.

35:01

Creator website

Episode guests

Chris Wysopal

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Mozilla's recent Firefox vulnerability, akin to a Chrome flaw, illustrates ongoing cybersecurity challenges in addressing emerging threats swiftly.

The RedCurl gang's deployment of ransomware signifies a worrying trend toward more complex and severe cyberattacks demanding enhanced defensive strategies.

Deep dives

Critical Vulnerabilities and Response

A notable concern highlighted is the critical vulnerability recently patched in Mozilla Firefox, which allowed attackers to bypass sandbox protections. This flaw mirrored an exploited vulnerability in Google Chrome, which targeted Russian entities through phishing links. In addressing these vulnerabilities, Mozilla emphasized a proactive approach in recognizing patterns that led to potential dangers. Such incidents underline the ongoing challenge in cybersecurity regarding the speed and effectiveness of responses to emerging threats.

Intro

6min

Phishing Kits and Evolving Cyber Threats

5min

Enhancing Compliance and Security Visibility with Innovative Automation

3min

Navigating Software Vulnerabilities

10min

The Intersection of AI and Cybersecurity: A Historical Perspective on Passwords

6min

Mozilla patches Firefox flaw similar to actively exploited Chrome vulnerability. Russia-based RedCurl gang deploys ransomware for the first time. Ukraine's railway operator recovers from cyberattack. India cracks down on Google’s billing monopoly. Morphing Meerkat's phishing kit abuses DNS mail exchange records. 300,000 attacks in three weeks. Our guest is Chris Wysopal, Founder and Chief Security Evangelist of Veracode, who sits down with Dave to discuss the increase in the average fix time for security flaws. And Liz Stokes joins with another Fun Fact Friday.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Chris Wysopal, Founder and Chief Security Evangelist of Veracode, discussing increase in the average fix time for security flaws and percent of organizations that carry critical security debt for longer than a year.

Selected Reading

After Chrome patches zero-day used to target Russians, Firefox splats similar bug (The Register)

Microsoft fixes Remote Desktop issues caused by Windows updates (Bleeping Computer)

Firefox fixes flaw similar to Chrome zero-day used against Russian organizations (The Record)

RedCurl's Ransomware Debut: A Technical Deep Dive (Bitdefender)

Ukraine’s state railway restores online ticket sales after major cyberattack (The Record)

Google App Store Billing Policy Anti-Competitive, India Court Rules (Bloomberg)

Morphing Meerkat PhaaS Platform Spoofs 100+ Brands - Infosecurity Magazine (Infosecurity Magazine)

Fresh Grandoreiro Banking Trojan Campaigns Target Latin America, Europe (SecurityWeek)

Malware distributed via fake DeepSeek ads on Google (SC Media)

GorillaBot Attacks Windows Devices With 300,000+ Attack Commands Across 100+ Countries (Cyber Security News)

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.

CyberWire Daily

New sandbox escape looks awfully familiar.

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Critical Vulnerabilities and Response

Emergence of Ransomware Threats

Delays in Security Flaw Remediation

CyberWire Guest

Selected Reading

Share your feedback.

Want to hear your company in the show?

Remember Everything You Learn from Podcasts