New sandbox escape looks awfully familiar.

Mozilla patches Firefox flaw similar to actively exploited Chrome vulnerability. Russia-based RedCurl gang deploys ransomware for the first time. Ukraine's railway operator recovers from cyberattack. India cracks down on Google’s billing monopoly. Morphing Meerkat's phishing kit abuses DNS mail exchange records. 300,000 attacks in three weeks. Our guest is Chris Wysopal, Founder and Chief Security Evangelist of Veracode, who sits down with Dave to discuss the increase in the average fix time for security flaws. And Liz Stokes joins with another Fun Fact Friday. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Chris Wysopal, Founder and Chief Security Evangelist of Veracode, discussing increase in the average fix time for security flaws and percent of organizations that carry critical security debt for longer than a year.

Selected Reading

After Chrome patches zero-day used to target Russians, Firefox splats similar bug (The Register)

Microsoft fixes Remote Desktop issues caused by Windows updates (Bleeping Computer)

Firefox fixes flaw similar to Chrome zero-day used against Russian organizations (The Record)

RedCurl's Ransomware Debut: A Technical Deep Dive (Bitdefender)

Ukraine’s state railway restores online ticket sales after major cyberattack (The Record)

Google App Store Billing Policy Anti-Competitive, India Court Rules (Bloomberg)

Morphing Meerkat PhaaS Platform Spoofs 100+ Brands - Infosecurity Magazine (Infosecurity Magazine)

Fresh Grandoreiro Banking Trojan Campaigns Target Latin America, Europe (SecurityWeek)

Malware distributed via fake DeepSeek ads on Google (SC Media)

GorillaBot Attacks Windows Devices With 300,000+ Attack Commands Across 100+ Countries (Cyber Security News) 

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices