CyberWire Daily

Piotr Wojtyla, Head of Threat Intel and Platform at Abnormal AI, is discussing their work on "InboxPrime AI: New Phishing Kit Fueling Scalable, AI-Powered Cybercrime." A new AI-powered phishing kit called InboxPrime AI is rapidly gaining traction in underground forums, automating the creation and delivery of highly believable phishing emails that mimic legitimate business communications and leverage Gmail’s web interface to evade detection.

First spotted in October 2025, the kit combines AI-generated content, template variation, sender identity spoofing, and built-in spam checks to maximize inbox placement and dramatically lower the barrier to running large-scale phishing campaigns. Its shift to a one-time $1,000 purchase and growing user base underscore the industrialization of phishing and highlight how quickly AI-driven attack tools are outpacing legacy email defenses.

The research can be found here:


⁠⁠⁠InboxPrime AI: New Phishing Kit Fueling Scalable, AI-Powered Cybercrime

Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA cracks down on aging edge devices. Congress looks to sure up energy sector security. DHS facial recognition software may fall short. Romania’s national oil pipeline operator suffers a cyberattack. The European Commission may fine TikTok for being addictive. DKnife is a China-linked threat actor operating a long-running adversary-in-the-middle framework. Researchers say OpenClaw is being abused at scale. Our guest is Mike Carr, Field CTO at Xona, talking about how Italy should be thinking about protecting the 2026 Winter Olympics. A BASE jumper attempts a daring AI alibi.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Mike Carr, Field CTO at Xona, talking about how Italy should be thinking about protecting the 2026 Winter Olympics.

Selected Reading

CISA: Remove EOL edge kit before cybercriminals strike (The Register)

5 Bills to Boost Energy Sector Cyber Defenses Clear House Panel (SecurityWeek)

ICE and CBP’s Face-Recognition App Can’t Actually Verify Who People Are (WIRED)

Romania’s oil pipeline operator confirms cyberattack as hackers claim data theft (The Record) 

Flickr discloses potential data breach exposing users' names, emails (Bleeping Computer)

17% of 3rd-Party Add-Ons for OpenClaw Used in Crypto Theft and macOS Malware (Hackread)

EU says TikTok faces large fine over "addictive design" (Bleeping Computer)

'DKnife' Implant Used by Chinese Threat Actor for Adversary-in-the-Middle Attacks (SecurityWeek)

All gas, no brakes: Time to come to AI church (Talos Intelligence) 

Man who videotaped himself BASE jumping in Yosemite arrested, federal officials say. He says it was AI (LA Times)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Cyber weapons knock out Iranian air defenses during strikes on nuclear sites. ShinyHunters dump more than a million stolen records from Harvard and Penn. Betterment confirms a breach exposing data from roughly 1.4 million accounts. Researchers uncover a sprawling scam network impersonating law firms. Italy blocks cyberattacks aimed at Olympics infrastructure. Critical bugs put n8n and Google Looker servers at risk of full takeover. A state-backed Shadow Campaign hits governments worldwide. OpenClaw shows how AI-powered attacks are becoming faster, cheaper, and harder to stop. Our guest is Tony Scott, CEO of Intrusion and former federal CIO, sharing his perspective on evolving regulation and the realities behind critical policy shifts. Your smartphone may testify against you.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Our guest today comes as a segment from our Caveat podcast. Tony Scott, CEO of Intrusion and former federal CIO, joins Dave Bittner to share his perspective on evolving regulation and the realities behind critical policy shifts. You can listen to Tony and Dave’s full conversation on this week’s episode of Caveat, and catch new episodes of Caveat every Thursday on your favorite podcast app.

Selected Reading

Exclusive: US used cyber weapons to disrupt Iranian air defenses during 2025 strikes (The Record)

Personal data stolen during Harvard and UPenn data breaches leaked online - over a million details, including emails, home addresses and more, all published (TechRadar)

Data breach at fintech firm Betterment exposes 1.4 million accounts (Bleeping Computer)

Researchers Expose Network of 150 Cloned Law Firm Websites in AI-Powered Scam Campaign (SecurityWeek)

Italy Averted Russian-Linked Cyberattacks Targeting Winter Olympics Websites, Foreign Minister Says (SecurityWeek)

n8n security woes roll on as new critical flaws bypass December fix (The Register)

LookOut: Discovering RCE and Internal Access on Looker (Google Cloud & On-Prem) (Tenable)

Cyberspy Group Hacked Governments and Critical Infrastructure in 37 Countries (SecurityWeek)

The Rise of OpenClaw (SECURITY.COM)

Smartphones Now Involved in Nearly Every Police Investigation (Infosecurity Magazine)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

The White House preps a major overhaul of U.S. cybersecurity policy. A key Commerce security office loses staff as regulatory guardrails weaken. Lawmakers Press AT&T and Verizon after months of silence on Salt Typhoon. A vulnerability in the React Native Metro development server is under active exploitation. Amaranth Dragon leverages a WinRAR flaw. A coordinated reconnaissance campaign targets Citrix NetScaler infrastructure. CISA warns a SolarWinds Web Help Desk flaw is under active exploitation. Zach Edwards, Senior Threat Researcher at Silent Push, is discussing a hole in the kill chain leaving law enforcement empty-handed. Cops in Northern Ireland get an unwanted data breach encore. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Zach Edwards, Senior Threat Researcher at Silent Push, discussing a hole in the kill chain leaving law enforcement empty-handed. You can read more from Zach’s team here.

Selected Reading

White House Cyber Director Charts New Course for Digital Defense Through Private Sector Partnership (Web Pro News)

Another Misstep in U.S.-China Tech Security Policy (Lawfare)

Cantwell claims telecoms blocked release of Salt Typhoon report (Cyberscoop)

Hackers exploit critical React Native Metro bug to breach dev systems (Bleeping Computer)

New Amaranth Dragon cyberespionage group exploits WinRAR flaw (Bleeping Computer)

Wave of Citrix NetScaler scans use thousands of residential proxies (Bleeping Computer)

Fresh SolarWinds Vulnerability Exploited in Attacks (SecurityWeek)

‘It defies belief’: Names of PSNI officers published on court website in new breach (Belfast Telegraph)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

French police raid X’s Paris offices. The Feds take over $400 million from a dark web cryptocurrency mixer. The NSA says zero-trust goes beyond authentication. Researchers warn of a multi-stage phishing campaign targeting Dropbox credentials. A new GlassWorn campaign targets macOS developers. Critical zero-day vulnerabilities in Ivanti Endpoint Manager Mobile are under active exploitation. Researchers disclose a major data exposure on Moltbook, a social network built for AI agents. States bridge the gaps in election security. Nitrogen ransomware has a fatal flaw that permanently destroys data. Supersize your passwords — you want fries with that?

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

Threat Vector

Aaron Isaksen leads AI Research and Engineering at Palo Alto Networks, where he advances state-of-the-art AI in cybersecurity while overseeing Cortex Xpanse's teams automating attack surface management across some of the world's largest networks. In this episode of Threat Vector, host David Moulton sits down with Dr. Aaron Isaksen to explore why engineering excellence must precede ethical AI debates, how adversarial AI is reshaping cybersecurity, and what it actually takes to build AI systems resilient enough to operate in hostile environments.

Selected Reading

French cops raid X's Paris office in algorithmic bias probe (The Register)

US seizes over $400 million in assets from dark web money laundering operation Helix (SC Media)

NSA Tells Feds: Zero Trust Must Go Beyond Login (GovInfo Security)

New Password-Stealing Phishing Campaign Targets Corporate Dropbox Credentials (Infosecurity Magazine)

New GlassWorm attack targets macOS via compromised OpenVSX extensions (Bleeping Computer)

Ivanti Issues Urgent Fix for Critical Zero-Day Flaws Under Active Attack (Hackread)

Vibe-Coded Moltbook Exposes User Data, API Keys and More (Infosecurity Magazine)

As feds pull back, states look inward for election security support (CyberScoop)

Nitrogen Ransomware: ESXi malware has a bug! (Coveware)

McDonald's is not lovin' your bigmac, happymeal, and mcnuggets passwords (The Register)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices