CyberWire Daily

This week we are joined by Daniel Schwalbe, Chief Information Security Officer & Head of Investigations at DomainTools, discussing their work on "ZionSiphon OT Malware First Attempts? Psyops? Both?" Researchers at DomainTools take a closer look at ZionSiphon, a purported operational technology malware sample targeting the water sector, and find that despite its alarming appearance, it lacks many of the capabilities needed to function as a credible cyber-physical weapon.

They break down the malware's architecture, its operational shortcomings, and why it may be more of a prototype or proof of concept than a deployable threat. With heightened concern surrounding attacks on critical infrastructure amid the ongoing U.S.-Iran conflict, the research offers timely insight into separating genuine OT threats from overhyped malware.

The research and executive brief can be found here:

Threat Intelligence Report: ZionSiphon OT Malware First Attempts? Psyops? Both?

Learn more about your ad choices. Visit megaphone.fm/adchoices

Tata Electronics and Bajaj Auto continue recovery from cyberattacks. FCC tightens undersea cable rules to bolster national security. CISA warns of actively exploited PTC vulnerability. Gamaredon expands toolkit, hides behind legitimate services. Iran-linked hackers turn public warning systems into psychological weapons. Threat actors target critical infrastructure across Southeast Asia. DCloud framework behind global scam economy. Polish police disrupt SIM-swapping gang. French statistics agency reports cyberattack affecting nearly 13,000 staff. Our guest is Michael Fanning, CISO at Splunk, discussing how AI doesn’t create problems, it exposes them. And an open-book exam for hackers.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Michael Fanning, CISO at Splunk, discussing how AI doesn’t create problems, it exposes them.

Selected Reading

Apple supplier Tata tightens internal controls after data breach, sources say (Reuters) 

Bajaj Auto resumes normal operations as cyberattack probe continues (Storyboard18) 

FCC passes new cybersecurity rules for emergency systems, undersea cables (CyberScoop)

U.S. CISA adds Cisco and PTC Windchill and FlexPLM flaws to its Known Exploited Vulnerabilities catalog (SecurityAffairs) 

Gamaredon in 2025: Leveraging tunnels, workers, dead drops, and new alliances (ESET) 

A Cyber-Psychological Operation: Iran-Linked Attackers Target Warning Systems (Claroty) 

CL-STA-1062 Targets Southeast Asian Governments and Critical Infrastructure (Unit 42)

From San Pedro to Salinas: How a Chinese Framework “DCloud Uni-App” Powers a Global Scam Economy (Infoblox)

Poland busts SIM-swapping gang tied to millions in crypto theft (BleepingComputer)

France's statistics department reports cyberattack on staff data (Reuters)

UK school’s network left wide open for invasion, student found (The Register)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

International operation disrupts Amadey and StealC malware infrastructure. Australian spy chief warns nation-state hackers are prepositioning for future sabotage. Stealthy new backdoor may be tied to initial access broker. Researchers uncover "Cordyceps" supply chain flaw. Iran-linked MuddyWater disguises espionage as ransomware attack. Cal Water says Handala's hacking claims were overstated. Report says Russia continued using Cellebrite phone-cracking tools after the ban. Chinese cybersecurity firm unveils AI tools to rival Anthropic's Mythos. DraftKings hacker is sentenced to eighteen months. Our guest is Erich Kron, CISO Advisor at KnowBe4, sharing the details of the CAPY program. And more Than Meets the Eye-P.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Erich Kron, CISO Advisor at KnowBe4, sharing the details of the CAPY (Cyber Awareness Program for You) program that offers free cybersecurity training for families.

Selected Reading

Three ‘cybercrime as a service’ operations undercut by Microsoft, law enforcement (The Record)

Scaling cybercrime disruption through innovation and AI (Microsoft)

Nation-state actors cracked critical Australian infrastructure to ‘cripple it at a time of their choosing’ (The Register) 

Backdoor.Mistic: New Backdoor May be Linked to Ransomware Access Broker (Security.com)

Cordyceps: The Silent Parasite Consuming Your Supply Chain (Novee) 

Iran-Linked MuddyWater Poses as Ransomware Gang to Mask Cyber Espionage (Infosecurity Magazine)

Cal Water Finds No Evidence of OT Activity After Hackers Claimed They Could Disrupt Water Supply (SecurityWeek)

Russia used Cellebrite phone-hacking tool to crack down on dissident after firm cut off country (The Record)

China’s 360 says it has developed tools to match Anthropic’s Mythos (Reuters)

DraftKings hacker 'Snoopy' sentenced to 18 months in prison (BleepingComputer)

Nearly Half of LG Smart TV Apps Contain Residential Proxy SDKs (Spur Intelligence)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

LastPass says Klue breach affected customer information, but passwords remain secure. Attackers begin exploiting Cisco Unified CM vulnerability. CISA flags actively exploited Ubiquiti and Lantronix flaws, urges rapid patching. DifyTap flaws could expose private AI conversations across tenants. Researchers find AI plugin registry let unofficial tools masquerade as trusted software. xpl0itrs launches leak site, signaling shift toward full-service cyber extortion. Ransomware attack hits Indian auto giant Bajaj Auto. U.S. presses Meta to submit AI models for national security reviews. Alleged criminal marketplace administrator extradited to the US. U.S. expands sanctions against Cambodian scam network tied to cyber fraud operations. On today’s Industry Voices segment, we are joined by Mike Masciulli, Managing Director, Migration Products and Services at Semperis, discussing RC4 and AD Migration: The Break Scenarios Hiding in Your Source Domain. And a lesson in access control.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On today’s Industry Voices segment, we are joined by Mike Masciulli, Managing Director, Migration Products and Services at Semperis, discussing RC4 and AD Migration: The Break Scenarios Hiding in Your Source Domain. If you enjoyed this conversation, check out the full interview here.

Selected Reading

Password manager maker LastPass says hackers stole customer support case data during Klue breach (TechCrunch)

Klue says hackers stole credential from 2022 that led to customer data breaches (TechCrunch)

Cisco Unified CM flaw CVE-2026-20230 now exploited in attacks (BleepingComputer)

U.S. CISA adds Ubiquiti UniFi OS and Lantronix EDS5000 plugin flaws to its Known Exploited Vulnerabilities catalog (SecurityAffairs) 

DifyTap: Zafran discovers how attackers can silently wiretap AI data across tenants on a platform powering 1M+ apps  (Zafran) 

23 ClawHub Plugins Squat Official Org Scopes (Manifold Security) 

Cyber Intel Brief: xpl0itrs Leak Site Launch (Dataminr) 

Indian auto giant Bajaj Auto hit by ransomware incident (The Record) 

U.S. Presses Meta to Agree to A.I. Reviews as Security Concerns Rise (NY Times)

Algerian Man Extradited to US for Running Cybercrime Marketplaces (SecurityWeek)

US adds sanctions against accused Cambodian scammers Prince Group (Reuters)

Ushering in the Next Frontier of Quantum Innovation (The White House) 

Meta Exposed Data Internally From Its Controversial Employee-Tracking Program (WIRED) 

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Five Eyes warns AI could supercharge cyberattacks within months. Tata Electronics confirms breach as stolen data allegedly includes Apple and Tesla documents. Researchers publish new analysis of FortiBleed. Gizmodo breach exposes readers to ClickFix malware campaign. BootROM exploit can bypass Apple's SecureROM. Scattered Spider members plead guilty in the UK. Attackers exploit Gravity SMTP flaw to harvest secrets From WordPress sites. Executive Order accelerates federal shift to post-quantum cryptography. Dave Bittner sits down with Ellen Boehm, the Senior Vice President of IoT Strategy & Operations at Keyfactor, to discuss NIST's progress in its PQC efforts. Keeping tabs on the tab-keepers.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today Dave Bittner sits down with Ellen Boehm, the Senior Vice President of IoT Strategy & Operations at Keyfactor, to discuss NIST's progress in its PQC efforts and where more effort needs to be made to get the U.S. and its critical infrastructure quantum-ready.

Selected Reading

'Five Eyes' intelligence alliance warns that new AI models pose urgent cyber risk (Reuters)

Intel agencies: Frontier AI models will reshape cybersecurity faster than expected (CyberScoop)

Anthropic's Mythos AI broke into almost all NSA classified systems in hours (SecurityAffairs) 

Tata Electronics, a major tech supplier to Apple and Tesla, confirms data breach (TechCrunch)

FortiBleed campaign used custom FortiGate sniffer to steal credentials (BleepingComputer)

Gizmodo readers hit with ClickFix malware prompts after account compromise (The Register)

New Exploit Bypasses Apple's Boot Defenses, Affects Millions of iPhones (SecurityWeek)

TFL Hackers Admit Carrying Out Cyberattack That Cost £39M (Law360)

Attackers Actively Exploiting Sensitive Information Exposure Vulnerability in Gravity SMTP Plugin (Wordfence) 

Trump Signs Executive Order Accelerating Post-Quantum Cryptography Migration (Security Week)

Madison Square Garden Made Dossier on Activists Who Opposed Facial Recognition (404 Media)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices