CyberWire Daily

Please enjoy this encore of Career Notes.

David Nosibor, Product Lead for SafeCyber at UL Solutions, started his career in a unique way by not letting himself be pigeonholed. Within his company, David was able to grow to the position he is in now and says that his position feels like a lot of roles tied into one. He says that on any given day he is tackling all sorts of elements, such as marketing, operations, working with the engineering team, figuring out ways to acquire customers, retain them, and also working on sales and business development capabilities. He also says that constantly learning and getting new opportunities was how he ended up being where he is today. David states that staying focused and being on the lookout for ways to accomplish the mission is the best way for him in his company to democratize product security. He quotes the famous singer Sean Carter in saying that he firmly believes in taking calculated risks to get where you need to be going. We thank David for sharing his story.
Learn more about your ad choices. Visit megaphone.fm/adchoices

In this special edition of CyberWire Daily’s 10th anniversary series, N2K CyberWire's Maria Varmazis and Dave Bittner discuss the biggest breaches over the past 10 years.

The foundational 2014 Sony hack kicks off our conversation, then Maria and Dave highlight:

the 2015 OPM breach, which exposed sensitive security-clearance data and was attributed to long-term access by China amid outdated government systems and security

2017’s WannaCry and NotPetya's global disruption and Equifax's ongoing fallout

the 2020 SolarWinds breach underscored supply-chain risks and raised concerns about potential personal criminal liability for CISOs.

The conversation illustrates two main threat-actor categories—nation-state espionage and financially motivated criminals—and the increasingly blurred lines between them. Join us as we reflect on how the industry and cybercrime have evolved over the past decade.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Omer Ninburg, CTO of Novee Security, joins us on this episode of Research Saturday to discuss their work on "From PDF to Pwn: Scalable 0day Discovery in PDF Engines and Services Using Multi-Agent LLMs." Historically, Portable Document Formats – the immutable, localized PDF – was once considered a “safe” component inside enterprise environments. That is no longer the case.

To demonstrate how PDF services and engines can be exploited, the team at Novee used their proprietary, multi-agent LLM system to uncover vulnerability patterns, and systematically scale them into a broad discovery campaign across two PDF vendor ecosystems.

The research uncovered 16 verified vulnerabilities across client-side PDF viewers, embedded plugins, and server-side PDF services.

The research and executive brief can be found here:

⁠From PDF to Pwn: Scalable 0day Discovery in PDF Engines and Services Using Multi-Agent LLMs

Hacker-Trained AI Discovers 16 New 0-Day Vulnerabilities in PDF Engines

Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA warns of actively exploited Langflow vulnerability. CISA flags critical PTC Windchill vulnerability. Phishing activity surges amid war in Iran. Google moves up their post-quantum timeline. Alleged RedLine infostealer developer faces thirty years in a US prison. Bearlyfy hacktivists launch disruptive ransomware campaign in Russia. FCC moves to crack down on robocallers and foreign call centers. Anti-piracy group takes down AnimePlay streaming platform. N2K’s  Maria Varmazis and Dave Bittner are previewing the biggest breaches in the past 10 years. And what happens when hackers call the game?

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Daily at 10: The breaches we still talk about.  

This installment celebrating 10 years of the CyberWire Daily podcast finds N2K’s  Maria Varmazis and Dave Bittner previewing the biggest breaches in the past 10 years. You can tune in Sunday to your CyberWire Daily podcast feed to hear their full conversation.

Selected Reading

CISA: New Langflow flaw actively exploited to hijack AI workflows (Bleeping Computer) 

CISA Flags Critical PTC Vulnerability That Had German Police Mobilized (SecurityWeek)

War in the Middle East Triggers Surge in Phishing and Malware Campaigns Targeting Gulf Countries (Bitdefender)

Google moves post-quantum encryption timeline up to 2029 (CyberScoop)

Alleged RedLine malware developer extradited to US, faces up to 30 years (The Record)

Pro-Ukraine hacker group Bearlyfy targets Russian companies with custom ransomware (The Record)

FCC pushes new rules to crack down on robocallers, foreign call centers (CyberScoop)

Anti-piracy coalition takes down AnimePlay app with 5 million users (Bleeping Computer) 

AFC Ajax drops ball as hackers transfer tickets, lift bans (The Register)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

As the emphasis on improving cybersecurity has continued to grow, so has the number of vendors offering a range of cybersecurity services. However, despite the value many of these vendors bring, the relationship between vendors and clients has become strained. In this episode, Kim explores this relationship, offering his thoughts on this relationship and what both sides can do to better to improve this dynamic.

Want more CISO Perspectives?

Check out a companion ⁠⁠blog post⁠⁠ by our very own Ethan Cook, where he breaks down key insights, shares behind-the-scenes context, and highlights research that complements this episode. It’s the perfect follow-up if you’re curious about the cyber talent crunch and how we can reshape the ecosystem for future professionals.
Learn more about your ad choices. Visit megaphone.fm/adchoices