CyberWire Daily

Malicious Chrome extensions pose as AI tools. Google says nation-states are increasingly abusing its Gemini artificial intelligence tool.  Data extortion group World Leaks deploys a new malware tool called RustyRocket. An Atlanta healthcare provider data breach affects over 625,000. Apple patches an iOS zero-day that’s been around since version 1.0. A government shutdown would furlough more than half of CISA’s staff. Dutch police arrest the alleged seller of the JokerOTP phishing automation service. Our guest is Simon Horswell, Senior Fraud Specialist at Entrust, discussing evolving romance scams for Valentine's Day. Fun with filters provides fuel for phishers. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Simon Horswell, Senior Fraud Specialist at Entrust, discussing evolving romance scams for Valentine's Day. If you enjoyed this conversation, tune into Hacking Humans to hear the full interview.

Selected Reading

Fake AI Chrome extensions with 300K users steal credentials, emails (Bleeping Computer)

Nation-state hackers ramping up use of Gemini for target reconnaissance, malware coding, Google says (The Record)

World Leaks Ransomware Adds Custom Malware ‘RustyRocket' to Attacks (Infosecurity Magazine)

ApolloMD Data Breach Impacts 626,000 Individuals (SecurityWeek)

Apple patches decade-old iOS zero-day exploited in the wild (The Register)

CISA: DHS Funding Lapse Would Sideline Federal Cyber Staff (Gov Infosecurity)

CISA Shares Lessons Learned from an Incident Response Engagement (CISA.gov)

Police arrest seller of JokerOTP MFA passcode capturing tool (Bleeping Computer)

What Can the AI Work Caricature Trend Teach Us About the Risks of Shadow AI? (Fortra)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Patch Tuesday. Preliminary findings from the European Commission come down on TikTok. Switzerland’s military cancels its contract with Palantir. Social engineering leads to payroll fraud. Google hands over extensive personal data on a British student activist. Researchers unearth a global espionage operation called “The Shadow Campaigns.” Notepad’s newest features could lead to remote code execution. Our guest is Hazel Cerra, Resident Agent in Charge of the Atlantic City Office for the United States Secret Service. Ring says it’s all about dogs, but critics hear the whistle.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today, we’re joined by Hazel Cerra, Resident Agent in Charge of the Atlantic City Office for the United States Secret Service, as she discusses the evolution of the Secret Service’s investigative mission—from its early focus on financial crimes such as counterfeit currency and credit card fraud to the growing challenges posed by cryptocurrency-related crime.

Selected Reading

Microsoft February 2026 Patch Tuesday Fixes 58 Vulnerabilities, Six actively Exploited Flaws (Beyond Machines)

Adobe Releases February 2026 Patches for Multiple Products (Beyond Machines)

ICS Patch Tuesday: Vulnerabilities Addressed by Siemens, Schneider, Aveva, Phoenix Contact (SecurityWeek)

Chipmaker Patch Tuesday: Over 80 Vulnerabilities Addressed by Intel and AMD (SecurityWeek)

Commission preliminarily finds TikTok's addictive design in breach of the Digital Services Act (European Commission)

Palantir's Swiss Exit Highlights Global Data Sovereignty Challenge (NewsCase)

Payroll pirates conned the help desk, stole employee’s pay (The Register)

Google Fulfilled ICE Subpoena Demanding Student Journalist’s Bank and Credit Card Numbers (The Intercept)

The Shadow Campaigns: Uncovering Global Espionage (Palo Alto Networks Unit 42)

Notepad's new Markdown powers served with a side of RCE (The Register)

With Ring, American Consumers Built a Surveillance Dragnet (404 Media)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

ZeroDayRAT delivers full mobile compromise on Android and iOS. The UK warns infrastructure operators to act now as severe cyber threats mount. Russia moves to block Telegram. The FTC draws a line on data sales to foreign adversaries. Researchers unpack DeadVax, a stealthy new malware campaign, while an old-school Linux botnet resurfaces. BeyondTrust fixes a critical flaw. And in AI, are we moving too fast? One mild training prompt may be enough to knock down safety guardrails. Our guest is Omer Akgul, Researcher at RSA Conference, discussing his work on "The Case for LLM Consistency Metrics in Cybersecurity (and Beyond)." A pair of penned pentesters provoke a pricey payout. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Omer Akgul, PhD, Researcher at RSA Conference, discussing his work on "The Case for LLM Consistency Metrics in Cybersecurity (and Beyond)."

Selected Reading

New ‘ZeroDayRAT’ Spyware Kit Enables Total Compromise of iOS, Android Devices (SecurityWeek)

NCSC Issues Warning Over “Severe” Cyber-Attacks Targeting Critical National Infrastructure (Infosecurity Magazine)

Russian Watchdog Starts Limiting Access to Telegram, RBC Reports (Bloomberg)

FTC Reminds Data Brokers of Their Obligations to Comply with PADFAA (FTC)

Dead#Vax: Analyzing Multi-Stage VHD Delivery and Self-Parsing Batch Scripts to Deploy In-Memory Shellcode (secureonix)

New ‘SSHStalker’ Linux Botnet Uses Old Techniques (SecurityWeek)

BeyondTrust Patches Critical RCE Vulnerability (SecurityWeek)

Critics warn America’s 'move fast' AI strategy could cost it the global market  (CyberScoop)

Microsoft boffins figured out how to break LLM safety guardrails with one simple prompt (The Register)

County pays $600,000 to pentesters it arrested for assessing courthouse security (Ars Technica)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of CISO Perspectives.

In the season finale of CISOP, Kim Jones is joined by N2K’s own Ethan Cook to reflect on the conversations that shaped this season. Together, they revisit standout moments from Kim’s interviews, unpacking their significance and getting Ethan’s fresh perspective on the cybersecurity workforce challenge—as someone viewing the industry from the outside.

Since the mid-season reflection, Kim has explored a wide range of workforce issues, including skills mapping, talent identification, and the evolving strategies needed to close cybersecurity’s talent gap.

Survey:

We want to hear your perspectives on this season, fill out our audience survey before August 31st.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Ivanti zero-days trigger emergency warnings around the globe. Singapore blames a China-linked spy crew for hitting all four major telcos. DHS opens a privacy probe into ICE surveillance. Researchers flag a zero-click RCE lurking in LLM workflows. Ransomware knocks local government payment systems offline in Florida and Texas. Chrome extensions get nosy with your URLs. BeyondTrust scrambles to patch a critical RCE. A Polish data breach suspect is caught eight years later. It’s the Monday Business Breakdown. Ben Yelin gives us the 101 on subpoenas. And federal prosecutors say two Connecticut men bet big on fraud, and lost.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Our guest is Ben Yelin, Program Director for Public Policy & External Affairs at the University of Maryland Center for Cyber Health and Hazard Strategies, talking about weaponized administrative subpoenas.

Selected Reading

EU, Dutch government announce hacks following Ivanti zero-days (The Record)

Singapore says China-linked hackers targeted telecom providers in major spying campaign (The Record)

Inspector General Investigating Whether ICE's Surveillance Tech Breaks the Law (404 Media)

Critical 0-Click RCE Vulnerability in Claude Desktop Extensions Exposes 10,000+ Users to Remote Attacks (Cyber Security News) 

Payment tech provider for Texas, Florida governments working with FBI to resolve ransomware attack (The Record)

Chrome extensions can use unfixable time-channel to leak tab URLs (CyberInsider)

BeyondTrust warns of critical RCE flaw in remote support software (Bleeping Computer)

Hacker Poland’s largest data leaks arrested (TVP World)

LevelBlue will acquire MDR provider Alert Logic from Fortra. (N2K Pro Business Briefing)

Men charged in FanDuel scheme fueled by thousands of stolen identities (Bleeping Computer)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices