CyberWire Daily

Monzy Merza, Co-Founder and CEO of Crogl, dives into the pressing issues faced by Chief Information Security Officers in a rapidly evolving AI landscape. The podcast discusses a critical vulnerability in Samsung’s MagicINFO, which is currently being exploited. Malware threats like ClickFix and sophisticated phishing tactics from the Luna Moth Group are highlighted. Merza also emphasizes the need for innovative tools to enhance security analysis, as traditional methods struggle to keep up with increasing cyber threats.

Critical vulnerabilities in a Signal messaging app used by top government officials bring hard-coded credentials to light. A leaked API key from xAI raises questions about security practices. The discussion includes a new SS7 zero-day exploit and the implications of SteelC malware updates. Experts advocate for viewing cybersecurity as a business-wide responsibility, emphasizing effective collaboration and communication. The move towards a passwordless future with Passkeys also highlights innovation in cybersecurity practices.

Discover Joe Bradley’s fascinating journey from aspiring opera singer to Chief Scientist in tech. He reflects on how diverse interests, like music and literature, enhance mathematical intuition. Joe emphasizes the importance of deep exploration in one's field to foster growth and innovation. The conversation also touches on the interplay between science and effective management within teams, highlighting how structured processes can lead to better outcomes and a focus on cybersecurity risks.

Shaked Reiner, Security Principal Security Researcher at CyberArk, dives into the intriguing realm of Agentic AI and its security challenges. He elaborates on how these AI systems can perform autonomous tasks, but also become potential threats through vulnerabilities like prompt injections. Shaked emphasizes treating agent outputs as untrusted code to mitigate risks. The conversation also touches on the vital need for monitoring, auditing, and innovative security strategies to keep pace with the rapidly evolving landscape of AI threats.

The podcast unpacks recent cybersecurity incidents like the Canadian power company's breach and the attempted attack on Harrods. Key insights from the RSA Conference 2025 reveal the vital role of AI in cybersecurity and the need for better networking. Kevin Magee shares energetic interviews with industry leaders discussing innovation, compliance challenges, and startup journeys. Plus, there's a dive into regulatory actions, including the EU's fine on TikTok for GDPR violations, highlighting the ever-evolving landscape of cyber threats and solutions.

At RSAC 2025, experts express concerns about AI developing advanced software exploits. A former NSA chief identifies China as a primary threat to U.S. infrastructure. North Korean IT operatives are infiltrating global companies, while France accuses a Russian group of targeting its government. New high-severity vulnerabilities are surfacing, and a Scottish hacker is extradited to the U.S. Meanwhile, emerging malware like Gremlin Stealer poses serious risks. Innovations in cybersecurity are discussed, highlighting the need for continuous adaptation.

We're sharing a episode from another N2K show we thought you might like. It's the third episode of the new season of the show CISO Perspectives with Kim Jones. Enjoy! Show Notes: While the cybersecurity industry has expanded and grown in recent years, newcomers still struggle to gain relevant "experience" before officially beginning their cyber careers. In this episode of CISO Perspectives, host Kim Jones sits down with Kathleen Smith, the Chief Outreach Officer at clearedjobs.net and the co-host of Security Cleared Jobs: Who’s Hiring & How, to discuss this dilemma and what new entrants can do to account for these difficulties. Throughout the conversation, Kathleen and Kim will discuss the challenges associated with entry-level cyber positions, how to gain meaningful experience, and how the industry as a whole contributes to this problem. Want more CISO Perspectives?: Check out a companion ⁠blog post⁠ by our very own Ethan Cook, where he breaks down key insights, shares behind-the-scenes context, and highlights research that complements this episode. It’s the perfect follow-up if you’re curious about the cyber talent crunch and how we can reshape the ecosystem for future professionals. Learn more about your ad choices. Visit megaphone.fm/adchoices

DHS Secretary Kristi Noem justifies budget cuts in her RSAC keynote. The EFF pens an open letter to Trump backing Chris Krebs. Scattered Spider is credited with the Marks & Spencer cyberattack. Researchers discover a critical flaw in Apple’s AirPlay protocol. The latest CISA advisories. On our Industry Voices segment, we are joined by Neil Gad, Chief Product and Technology Officer at RealVNC, who is discussing a security-first approach in remote access software development. What do you call an AI chatbot that finished at the bottom of its class in med school? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, we are joined by Neil Gad, Chief Product and Technology Officer at RealVNC, who is discussing a security-first approach in remote access software development. Kevin on the Street Joining us this week from RSAC 2025, we have our partner Kevin Magee, Global Director of Cybersecurity Startups at Microsoft for Startups. Stay tuned to the CyberWire Daily podcast for “Kevin on the Street” updates on all things RSAC 2025 from Kevin all week. Today Kevin is joined by Ryan Lasmaili Co-Founder and CEO of Vaultree and Stan Golubchik CEO and co-founder of Contraforce, here are their conversations. You can also catch Kevin on our Microsoft for Startups⁠ Spotlight, brought to you by N2K CyberWire and Microsoft, where we shine a light on innovation, ambition, and the tech trailblazers building the future right from the startup trenches. Kevin and Dave talk with startup veteran and Cygenta co-founder FC about making the leap from hacker to entrepreneur, then speak with three Microsoft for Startups members: Matthew Chiodi⁠ of ⁠Cerby⁠, ⁠Travis Howerton⁠ of ⁠RegScale⁠, and ⁠Karl Mattson⁠ of ⁠Endor Labs⁠. Whether you are building your own startup or just love a good innovation story, https://explore.thecyberwire.com/microsoft-for-startups. Selected Reading DHS Secretary Noem: CISA needs to get back to ‘core mission’ (CyberScoop) Noem calls for reauthorization of cyberthreat information sharing law during RSA keynote (The Record) Cyber experts, Democrats urge Trump administration not to break up cyber coordination in State reorg (CyberScoop) Infosec pros rally against Trump's attack on Chris Krebs (The Register) Scattered Spider Suspected in Major M&S Cyberattack (Hackread) AirPlay Zero-Click RCE Vulnerability Enables Remote Device Takeover via Wi-Fi (Cyber Security News) CISA Adds One Known Exploited Vulnerability to Catalog (CISA) CISA Releases Three Industrial Control Systems Advisories (CISA) Instagram's AI Chatbots Lie About Being Licensed Therapists  (404 Media) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Daniel B. Rosenzweig, founder of DBR Tech Law, specializes in data privacy and AI law. He discusses the intricate challenges of privacy compliance in an era dominated by big data and AI. Dan emphasizes the importance of aligning tech operations with legal obligations to build trust. They tackle U.S. state privacy laws, the global landscape for data transfers, and the impact of AI on compliance. The conversation also touches on privacy-enhancing technologies and the rising threat of deepfakes in cybersecurity.

A massive power outage strikes the Iberian Peninsula. Iran says it repelled a “widespread and complex” cyberattack targeting national infrastructure. Researchers find hundreds of SAP NetWeaver systems vulnerable to a critical zero-day. A British retailer tells warehouse workers to stay home following a cyberattack. VeriSource Services discloses a breach exposing personal data of four million individuals. Global automated scanning surged 16.7% in 2024. CISA discloses several critical vulnerabilities affecting Planet Technology’s industrial switches and network management products. A Greek court upholds a VPN provider’s no-logs policies. Law enforcement dismantles the JokerOTP phishing tool. Our guest is Tim Starks from CyberScoop with developments in the NSO Group trial. How Bad Scans and AI Spread a Scientific Urban Legend. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Special Edition On our ⁠Microsoft for Startups⁠ Spotlight, brought to you by N2K CyberWire and Microsoft, we are shining a light on innovation, ambition, and the tech trailblazers building the future right from the startup trenches. This episode is part of our exclusive RSAC series where we dive into the real world impact of the Microsoft for Startups Founders Hub.  Along with Microsoft’s ⁠Kevin Magee⁠, Dave Bittner talks with an entrepreneur and startup veteran, and founders from three incredible startups who are part of the Founders Hub, each tackling big problems with even bigger ideas.  Dave and Kevin set the stage speaking with startup veteran and Cygenta co-founder FC about making the leap from hacker to entrepreneur. Dave and Kevin then speak with three founders: ⁠Matthew Chiodi⁠ of ⁠Cerby⁠, ⁠Travis Howerton⁠ of ⁠RegScale⁠, and ⁠Karl Mattson⁠ of ⁠Endor Labs⁠. So whether you are building your own startup or just love a good innovation story, listen in. For more information, visit the ⁠Microsoft for Startups website⁠. CyberWire Guest We are joined by Tim Starks from CyberScoop who is discussing Judge limits evidence about NSO Group customers, victims in damages trial Selected Reading Nationwide Power Outages in Portugal & Spain Possibly Due to Cyberattack (Cyber Security News) Iran claims it stopped large cyberattack on country’s infrastructure (The Record) 400+ SAP NetWeaver Devices Vulnerable to 0-Day Attacks that Exploited in the Wild (Cyber Security News) M&S warehouse workers told not to come to work following cyberattack (The Record) 4 Million Affected by VeriSource Data Breach (SecurityWeek) Researchers Note 16.7% Increase in Automated Scanning Activity (Infosecurity Magazine) Critical Vulnerabilities Found in Planet Technology Industrial Networking Products (SecurityWeek) Court Dismisses Criminal Charges Against VPN Executive, Affirms No-Log Policy (Hackread) JokerOTP Dismantled After 28,000 Phishing Attacks, 2 Arrested (Hackread) A Strange Phrase Keeps Turning Up in Scientific Papers, But Why? (ScienceAlert) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices