CyberWire Daily

The nightmare you can’t ignore.

Mar 25, 2025

Ben Yelin, Caveat co-host and Program Director at the University of Maryland Center for Health and Homeland Security, dives into the alarming Signal national security leak. He discusses serious vulnerabilities in Kubernetes systems and details the shocking breach that revealed sensitive military discussions. The conversation extends to the rise of cybercrime in Africa and critiques the current administration's accountability issues surrounding national security communications. With expert insights, Yelin underscores the pressing need for secure digital practices in an ever-evolving cyber landscape.

30:57

Creator website

Episode guests

Ben Yelin

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

The recent discovery of severe vulnerabilities in the Kubernetes Ingress Nginx controller highlights the critical need for robust cybersecurity practices in enterprise systems.

A significant national security breach involving senior officials misusing Signal underscores the risks associated with unclassified communication platforms.

Deep dives

Critical Vulnerabilities in Kubernetes

Recent findings have identified four significant remote code execution vulnerabilities, known as Ingress Nightmare, within the Ingress Nginx controller for Kubernetes. These vulnerabilities present a risk to at least 6,500 clusters, including those in Fortune 500 companies, as they allow unauthenticated attackers to inject malicious configurations. The weaknesses stem from an unprotected admission controller, which is typically exposed to the public internet, thus heightening the potential for severe exploitation. Recommended mitigation strategies include updating software to the latest versions, securing the admission controller, and implementing stringent network policies to protect against such threats.

Intro

4min

Cybersecurity Exposed

6min

Combatting Cybercrime in Africa: Disruptions and Risks

3min

Security Breach and Accountability

6min

Challenges in Congress and AppSec

7min

Critical Remote Code Execution vulnerabilities affect Kubernetes controllers. Senior Trump administration officials allegedly use unsecured platforms for national security discussions. Even experts like Troy Hunt get phished. Google acknowledges user data loss but doesn’t explain it. Chinese hackers spent four years inside an Asian telecom firm. SnakeKeylogger is a stealthy, multi-stage credential-stealing malware. A cybercrime crackdown results in over 300 arrests across seven African countries. Ben Yelin, Caveat co-host and Program Director, Public Policy & External Affairs at the University of Maryland Center for Health and Homeland Security, joins to discuss the Signal national security leak. Pew Research Center figures out how its online polling got slightly forked.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

We are joined by Ben Yelin, Caveat co-host and Program Director, Public Policy & External Affairs at the University of Maryland Center for Health and Homeland Security, on the Signal national security leak.

Selected Reading

IngressNightmare: critical Kubernetes vulnerabilities in ingress NGINX controller (Beyond Machines)

Remote Code Execution Vulnerabilities in Ingress NGINX (Wiz)

Ingress-nginx CVE-2025-1974: What You Need to Know (Kubernetes)

Trump administration is reviewing how its national security team sent military plans to a magazine editor (NBC News)

The Trump Administration Accidentally Texted Me Its War Plans (The Atlantic)

How Russian Hackers Are Exploiting Signal 'Linked Devices' Feature for Real-Time Spying (SecurityWeek)

Troy Hunt: A Sneaky Phish Just Grabbed my Mailchimp Mailing List (Troy Hunt)

'Technical issue' at Google deletes some customer data (The Register)

Chinese hackers spent four years inside Asian telco’s networks (The Record)

Multistage Info Stealer SnakeKeylogger Attacking Individuals and Businesses to Steal Logins (Cyber Security News)

Over 300 arrested in international crackdown on cyber scams (The Record)

How a glitch in an online survey replaced the word ‘yes’ with ‘forks’ (Pew Research)

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.

CyberWire Daily

The nightmare you can’t ignore.

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Critical Vulnerabilities in Kubernetes

Concerns Over Secure Communication Practices

International Cybercrime Crackdown

CyberWire Guest

Selected Reading

Share your feedback.

Want to hear your company in the show?

Remember Everything You Learn from Podcasts