CyberWire Daily

Federal agencies warn Iranian-linked hackers are probing U.S. critical infrastructure, while the DOJ disrupts a Russian router hijacking campaign. Cyberattacks hit Minnesota government systems and force a Massachusetts hospital to divert ambulances. Anthropic limits access to its new AI bug-hunting model, hackers leak terabytes of LAPD data, and researchers warn of a rise in AI recommendation poisoning. Our guest is Benny Czarny, Founder and CEO of OPSWAT, discussing his book "Cybersecurity Upside Down: Rethink Your Cybersecurity Strategy." Japan trades red tape for training data. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On today’s Industry Voices, we are joined by Benny Czarny, Founder and CEO of OPSWAT, discussing his book "Cybersecurity Upside Down: Rethink Your Cybersecurity Strategy." If you enjoyed this interview, check out the full conversation here.

Selected Reading

Iran-Linked Hackers Are Sabotaging US Energy and Water Infrastructure (WIRED)

Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure (FBI Internet Crime Complaint Center (IC3))

Pro-Iran Group Takes Credit for Cyberattacks on Chime, Pinterest (Bloomberg)

US disrupts Russian military-run DNS hijacking network, Justice Department says (Reuters)

Frostarmada forest blizzard dns hijacking (Lumen Technologies Black Lotus Labs) 

Minnesota governor orders emergency support for cyberattack disrupting county's 'critical systems' (StateScoop)

Massachusetts hospital turning ambulances away after cyberattack (The Record)

What Anthropic Glasswing reveals about the future of vulnerability discovery (CSO Online)

Sensitive LAPD records leaked in hack of L.A. city attorney's office (LA Times) 

Manipulating AI memory for profit: The rise of AI Recommendation Poisoning (Microsoft Security Blog)

Japan relaxes privacy laws to make AI development easy (The Register)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA faces a $700 million budget cut. Russian and Iranian cyber cooperation raises concerns. New BPFDoor variants emerge. Cybercrime losses climb again. Researchers advance a GPU Rowhammer attack. Northern Ireland schools go offline after a breach. An alleged hacker-for-hire faces U.S. charges. And German police name the suspected REvil mastermind. Our guest is John Anthony Smith, Founder and Chief Security Officer at Fenix24, explaining why more technology hasn't made us more secure. A frustrated researcher drops the hammer. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On today’s Industry Voices segment, John Anthony Smith, Founder and Chief Security Officer at Fenix24, discusses why more technology hasn't made us more secure. Check out the full conversation here.

Selected Reading

White House Seeks to Slash CISA Funding by $707 Million (SecurityWeek)

Exclusive: Russia supplies Iran with cyber support, spy imagery to hone attacks, Ukraine says (Reuters)

New Whitepaper: Stealthy BPFDoor Variants are a Needle That Looks Like Hay (Rapid7)

 FBI Internet Crime Complaint Center (IC3) Report 2025 (FBI Internet Crime Complaint Center (IC3))

GPUBreach: Root Shell Access Achieved via GPU Rowhammer Attack (SecurityWeek)

Cyberattack hits Northern Ireland’s centralized school network, disrupting access for thousands (The Record)

Suspect in Hacking of Climate Activists Is Extradited to New York (New York Times) 

German Police Unmask REvil Ransomware Leader (SecurityWeek)

Disgruntled researcher leaks “BlueHammer” Windows zero-day exploit (Bleeping Computer)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Fortinet releases an emergency update for a critical vulnerability. A major outage disrupts Russian banking apps. A new report highlights critical skills gaps. CyberCorp scholars struggle to secure jobs. Scammers use QR codes in fake traffic violation schemes. A proposed lawsuit accuses Perplexity of oversharing users’ AI transcripts. Cambodia outlaws scam centers. Scammers impersonate Harvard IT staff. With “wrench attack” threats of violence, life imitates art. Kevin Magee from Microsoft for Startups describes emerging trends. On Afternoon Cyber Tea with Ann Johnson, Ann speaks with Allie Mellen about her new book "Code War: How Nations Hack, Spy, and Shape the Digital Battlefield." Users find Copilot’s terms of use highly entertaining.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today on our Industry Voices segment, we are joined by Kevin Magee from Microsoft for Startups discussing how cybersecurity startups can succeed by focusing on real problems and navigating emerging trends. Tune into the full conversation here.

Afternoon Cyber Tea

On this segment of Afternoon Cyber Tea with Ann Johnson, Ann speaks with Allie Mellen about her new book "Code War: How Nations Hack, Spy, and Shape the Digital Battlefield." You can listen to the full conversation here and catch new episodes of Afternoon Cyber Tea every other Tuesday on your favorite podcast app.

Selected Reading

New FortiClient EMS flaw exploited in attacks, emergency patch released (Bleeping Computer)

Major outage hits Russian banking apps, metro payments across regions (The Record)

SANS 2026 report flags cybersecurity skills crisis, putting critical infrastructure and OT sectors at measurable breach risk (Industrial Cyber)

CyberCorps grads consider private sector as fed hiring challenges persist (Federal News Network)

Traffic violation scams switch to QR codes in new phishing texts (Bleeping Computer)

Perplexity's "Incognito Mode" is a "sham," lawsuit says (Ars Technica)

Cambodian parliament passes landmark cybercrime law after scam centre scrutiny (Reuters)

Harvard Warns of Active Cyberattack Impersonating IT Staff and Targeting Affiliates (The Crimson)

Wealthy California crypto holders targeted in violent ‘wrench attacks’ (KTLA)

Security (xkcd)

Censys raises $70 million in a Series D round. (N2K Pro Business Briefing)  

Even Microsoft know Copilot can't be trusted (The Register)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our ⁠brief listener survey⁠. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at ⁠sponsor.thecyberwire.com⁠.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of Career Notes.
Anjali Hansen, a Senior Privacy Counselor from Noname Security shares her story as she climbed through the ranks to get to where she is today. When Anjali started, she wanted to do international law. She started working for the International Trade Commission after law school, where she was able to gain most of her experience and real world abilities. Working with online fraud and abuse, she shares, concerned her, because it felt like governments could not protect organizations from threats occurring, which is how she got interested in cybercrime. From there, she moved to Noname Security, and in working there, she found that she is working with every group in the organization, creating a cross team collaboration, saying how much she admires that type of model. She says "We have to help other departments protect the data because the data's throughout an organization, it's in HR, it's in sales and marketing, it's in IT, it's in finance. So you have to be able to work with all these teams." We thank Anjali for sharing her story.
Learn more about your ad choices. Visit megaphone.fm/adchoices

This week, we are joined by Santiago Pontiroli, Threat Intelligence Research Lead from Acronis TRU team, discussing their work on "New year, new sector: Transparent Tribe targets India’s startup ecosystem." The Acronis Threat Research Unit uncovered a new campaign by Transparent Tribe showing the group has expanded beyond traditional government and defense targets to India’s startup ecosystem, especially cybersecurity and OSINT-focused firms.

The attackers use startup-themed lures delivered via ISO files and malicious shortcuts to deploy Crimson RAT, a highly obfuscated tool capable of surveillance, data theft, and system control. Despite this shift, the campaign closely mirrors the group’s long-standing espionage tactics, suggesting startups are being targeted for their connections to government, law enforcement, and sensitive intelligence networks.

The research and executive brief can be found here:

New year, new sector: Transparent Tribe targets India’s startup ecosystem

Learn more about your ad choices. Visit megaphone.fm/adchoices