Patch Tuesday. Federal prosecutors charge a Houston man with smuggling Nvidia chips to China, a Ukrainian woman for targeting critical infrastructure, and an Atlanta activist for wiping his phone. The power sector sees cyber threats doubling. The new Spiderman phishing kit slings its way across the dark web. Our guest is Dick O'Brien, Principal Intelligence Analyst from Symantec and Carbon Black Threat Hunter Team, discussing “Unwanted Gifts: Major Campaign Lures Targets with Fake Party Invites....
Dec 10, 2025•24 min•Season 10Ep. 2450
Organizations worldwide scramble to address the critical React2Shell vulnerability. Major insurers look to exclude artificial intelligence risks from corporate policies. Three Chinese hacking groups converge on the same Sharepoint flaws. Ransomware crews target hypervisors. A UK hospital asks the High Court to block publication of data stolen by the Clop gang. The White House approves additional Nvidia AI chip exports to China. The ICEBlock app creator sues the feds over app store removal. The F...
Dec 09, 2025•27 min•Season 10Ep. 244
In this episode, host Kim Jones examines the rapid rise of enterprise AI and the tension between innovation and protection, sharing an RSA anecdote that highlights both excitement and concern. He outlines the benefits organizations hope to gain from AI while calling out often-overlooked risks like data quality, governance, and accountability. Kim is joined by technologist Tony Gauda to discuss why AI represents a fundamental shift in how systems and decisions are designed. Together, they explore...
Dec 09, 2025•41 min•Season 17Ep. 120
How might Trump’s new National Security Strategy impact cyber? The UK’s NCSC warns LLMs may never get over prompt injection. At least 18 U.S. universities were hit by a months-long phishing campaign. Russia blocks FaceTime. A bipartisan group of senators reviving efforts to strengthen protections across the health sector. Portugal provides legal safe harbor for good-faith security research. A large-scale campaign targets Palo Alto GlobalProtect portals. A Maryland man gets 15 months in prison fo...
Dec 08, 2025•27 min•Season 10Ep. 2448
Please enjoy this encore of Career Notes. Chief security strategist from Analyst1, Jon DiMaggio shares his story on how he grew to become a part of the cybersecurity world. He describes different jobs that paved the way to the knowledge he has in the industry right now, and he even shares about an experience that led him to a path that split and which decision he would make, would be crucial in his career. He explains which way he ended up going and how a critical part of his career helped to de...
Dec 07, 2025•9 min•Season 2Ep. 98
Jaron Bradley, Director of Jamf Threat Labs, is sharing their work on "ChillyHell: A Deep Dive into a Modular macOS Backdoor." Jamf Threat Labs uncovers a newly notarized macOS backdoor called ChillyHell, tied to past UNC4487 activity and disguised as a legitimate applet. The malware showcases robust host profiling, multiple persistence mechanisms, timestomping, and flexible C2 communications over both DNS and HTTP. Its modular design includes reverse shells, payload delivery, self-updates, and ...
Dec 06, 2025•25 min•Season 9Ep. 404
Chinese threat actors deploy Brickstorm malware. The critical React2Shell vulnerability is under active exploitation. Cloudflare’s emergency patch triggered a brief global outage. Phishing kits pivot to fake e-commerce sites. The European Commission fines X(Twitter) €120 million for violating the Digital Services Act. Predator spyware has a new bag of tricks. A Russian physicist gets 21 years in prison for cybercrimes. Twin brothers are arrested for allegedly stealing and destroying government d...
Dec 05, 2025•30 min•Season 10Ep. 2447
CISA staff may see pay cuts in 2026. Threat actors advertise a full chain zero-day exploit for iOS. A US-led international coalition releases joint guidance on integrating AI into operational technology. Microsoft lowers sales growth targets for its agentic AI products. A major fintech provider suffers a ransomware-linked breach. Arizona’s Attorney General sues Temo over data collection practices. Lessons learned from Capita’s handling of Black Basta. The UK sanctions Russia’s GRU. My guest is D...
Dec 04, 2025•28 min•Season 10Ep. 2446
The DOJ shuts down another scam center in Myanmar. OpenAI confirms a Mixpanel data breach. A new phishing campaign targets company executives. A bipartisan bill looks to preserve the State and Local Cybersecurity Grant Program. Universities suffer Oracle EBS data breaches. India reports GPS jamming at eight major airports. Kaiser Permanente settles a class action suit over tracking pixels. The FTC plans to require a cloud provider to delete unnecessary student data. An international initiative i...
Dec 03, 2025•30 min•Season 10Ep. 2445
Enjoy this episode of Cyber things from Armis. Catch the next episode on your favorite podcast app on December 15th. Welcome to Cyber Things, a special edition podcast produced in partnership by Armis and N2K CyberWire that plunges into the hidden world beneath our connected reality. Inspired by Stranger Things , we explore the digital realm's own Upside Down - a space teeming with unseen devices, silent intruders, and invisible threats that quietly impact our everyday lives. In this first episo...
Dec 03, 2025•27 min•Season 1Ep. 1
ShadyPanda plays the long game. India mandates tracking software on mobile devices. Korea weighs punitive damages after a massive breach. Qualcomm patches a critical boot flaw impacting millions. OpenAI patches a Codex CLI vulnerability. Google patches Android zero-days. Cybersecurity issues prompt an FDA permanent recall for an at-home ventilator system. Switzerland questions the security of hyperscale clouds and SaaS services. One of the world’s largest cyber insurers pulls back from the marke...
Dec 02, 2025•22 min•Season 10Ep. 2444
In this episode, Kim Jones sits down with Eric Nagel, a former CISO with a rare blend of engineering, legal, and patent expertise, to unpack what responsible AI really looks like inside a modern enterprise. Eric breaks down the difference between traditional machine learning and generative AI, why nondeterministic outputs can be both powerful and risky, and how issues like bias, hallucinations, and data leakage demand new safeguards—including AI firewalls. He also discusses what smaller organiza...
Dec 02, 2025•41 min•Season 17Ep. 119
European authorities take down an illegal cryptomixer. An Australian man is sentenced for running an airport evil twin WiFi campaign. Researchers unmask a Scattered LAPSUS$ Hunters impresario. CISA flags a cross-site scripting flaw in OpenPLC ScadaBR. A major South Korean retailer suffers a data breach affecting over 33 million customers. Threat actors abuse digital calendar subscription features. New York’s new hospital cybersecurity mandates may raise the bar nationwide. Scammers target Cyber ...
Dec 01, 2025•26 min•Season 10Ep. 2443
Please enjoy this encore of Career Notes. Operational technology cybersecurity strategist from Nozomi Networks, Danielle Jablanski shares her story of building a target map to end up where she is today. She shares how she started in college and how different paths in life got her to be on the target of success where she is today. She says " you build out that kind of target of where you want to be, and understand that getting to that point might mean doing things you don't enjoy for a number of ...
Nov 30, 2025•9 min•Season 2Ep. 97
Join us for a timely and insightful live discussion on the evolving role of artificial intelligence in governance, risk, and compliance. Host Dave Bittner from N2K | CyberWire is joined by Kayne McGladrey from Hyperproof , Matthew Cassidy, PMP, CISA from Grant Thornton (US) , and Alam Ali from Hyperproof to explore the current state of artificial intelligence in governance, risk, and compliance. The panel will discuss what AI is truly doing well today, the risks and challenges organizations need...
Nov 30, 2025•1 hr 3 min•Season 10Ep. 88
Please enjoy this encore of Research Saturday. This week, we are joined by Michael Gorelik , Chief Technology Officer from Morphisec , discussing their work on "New Noodlophile Stealer Distributes Via Fake AI Video Generation Platforms." A new threat dubbed Noodlophile Stealer is exploiting the popularity of AI-powered content tools by posing as fake AI video generation platforms, luring users into uploading media in exchange for malware-laced downloads. Distributed through convincing Facebo...
Nov 29, 2025•22 min•Season 9Ep. 380
Please enjoy this encore of Only Malware in the Building. Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is Selena Larson , Proofpoint intelligence analyst and host of their podcast DISCARDED . Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by her co-hosts N2K Networks Dave Bittner and ...
Nov 28, 2025•38 min•Season 1Ep. 17
We dive into a nostalgic yet revealing journey through classic hacker films, from WarGames to The Net and beyond, to assess what they got right, what they wildly imagined, and what those stories say about culture, fears, and cyber reality today. David Moulton , Senior Director of Thought Leadership for Unit 42 talks with Ben Hasskamp , Global Content Leader at Palo Alto Networks, who has been writing deeply on this intersection of media, tech, and risk. Together, we’ll examine how cinematic depi...
Nov 27, 2025•47 min•Season 8Ep. 95
Please enjoy this encore of T-Minus Deep Space. BigBear.ai is at the forefront of innovation for national security, and is committed to supporting the critical infrastructure driving America’s competitive edge. The company deploys cutting-edge Al, machine learning, and computer vision solutions to defend critical operations and win with decision advantage. Our guests are Eric Conway, Vice President of Technology, and Joe Davis , Cybersecurity Research Scientist at Bigbear.ai. Remember to l...
Nov 27, 2025•21 min•Season 1Ep. 115
Report sheds light on cyber activity targeting space-related organizations during the Gaza War. Russian threat actor targets US civil engineering firm. FBI says $262 million has been stolen in account takeover scams this year. HashJack attack tricks AI browser assistants. London councils disrupted by cyberattacks. Russia’s Gamaredon and North Korea’s Lazarus Group appear to be sharing infrastructure. Canon says subsidiary was breached by Oracle EBS flaw. Dave Bittner was joined by Cynthia Kaiser...
Nov 26, 2025•26 min•Season 10Ep. 2442
CISA warns of spyware targeting messaging apps. CodeRED, this is not a test. Infostealer campaign spreads via malicious Blender files. Shai-Hulud’s second coming. Real estate finance firm SitusAMC investigates breach. Dartmouth College discloses Oracle EBS breach. Dave Bittner is joined by Tim Starks, Senior reporter from CyberScoop, to discuss the Trump administration’s upcoming cyber strategy. And tis the season for deals — and digital deception. Remember to leave us a 5-star rating and review...
Nov 25, 2025•24 min•Season 10Ep. 2441
In this mid-season episode, Kim takes a step back to reflect on the conversations he has had so far. During the episode, Kim sits down with N2K's own Ethan Cook to connect the dots across episodes, diving into how new technologies are impacting longstanding challenges, both from a security standpoint and from an attacker's view. Whether you're catching up or tuning in weekly, this episode offers a thoughtful recap and fresh perspective on where we've been—and what's still to come. Learn more abo...
Nov 25, 2025•47 min•Season 17Ep. 118
CrowdStrike fires an insider who allegedly shared screenshots with hackers. Google agrees, it wasn’t Salesforce. Cox Enterprises confirms Oracle EBS breach. Alleged Transport for London hackers plead not guilty. Hackers exploit new WSUS bug to deploy ShadowPad backdoor. Iberia discloses breach of customer data. Harvard discloses voice-phishing breach exposing alumni and donor data. We have our Monday Business Briefing. Our guest today is Brandon Karpf, friend of the show discussing maritime GPS ...
Nov 24, 2025•34 min•Season 10Ep. 2440
The new Netflix movie A House of Dynamite , chronicles what happens when the unthinkable unfolds. How realistic is it? We ask the movie’s advisor and expert, Lieutenant General Daniel Karbler (Ret.). Remember to leave us a 5-star rating and review in your favorite podcast app. Be sure to follow T-Minus on LinkedIn and Instagram . Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit . Contact us at space@n2k.com ...
Nov 24, 2025•36 min•Season 1Ep. 126
Please enjoy this encore of Career Notes. Co-founder and CTO of Virsec, Satya Gupta shares his story of how he has over 25 years of expertise in embedded systems, network security and systems architecture. He also talks about how a colleague of his told him something that resinated with him, he said " that was really a remarkable statement that I heard from that person. You rise to the point where you can actually contribute." He also discusses how he got into the startup atmosphere and how diff...
Nov 23, 2025•10 min•Season 2Ep. 96
On this Special Edition podcast, we share a panel from DataTribe 's Cyber Innovation Day 2025, "Cyber: The Wake of Tech Innovation." The podcast tech host panel included Dave Bittner , host of CyberWire Daily podcast, Maria Varmazis , host of T-Minus Space Daily podcast, and Daniel Whitenack , co-host of Practical AI podcast, sharing a wide-ranging discussion. Together, Dave, Maria and Dan examine the intersection of frontier innovation and cyber innovation through the lens of cyber, space, and ...
Nov 23, 2025•48 min•Season 10Ep. 87
Alex Berninger , Senior Manager of Intelligence at Red Canary , and Mike Wylie , Director, Threat Hunting at Zscaler , join to discuss four phishing lures in campaigns dropping RMM tools. Red Canary and Zscaler uncovered phishing campaigns delivering legitimate remote monitoring and management (RMM) tools—like ITarian, PDQ, SimpleHelp, and Atera—to gain stealthy access to victim systems. Attackers used four main lures (fake browser updates, meeting invites, party invitations, and fake government...
Nov 22, 2025•24 min•Season 9Ep. 403
Cyber Command names a new head of AI. The UK introduces its long-delayed Cyber Security and Resilience Bill. Researchers highlight a critical Oracle Identity Manager flaw. Salesforce warns customers of a third-party data breach. Italy’s state-owned railway operator leaks sensitive information. SonicWall patches firewalls and email security devices. The US charges four individuals with conspiring to illegally export restricted Nvidia AI chips to China. The SEC drops its lawsuit against SolarWinds...
Nov 21, 2025•28 min•Season 10Ep. 2439
In this special episode of Threat Vector, host David Moulton , Senior Director of Thought Leadership for Unit 42, sits down with Stav Setty , Principal Researcher at Palo Alto Networks, to unpack Jingle Thief a cloud-only, identity-driven campaign that turned Microsoft 365 into a gift card printing press. Stav explains how the Morocco based group known as Atlas Lion lived off the land inside M365 for months at a time, using tailored phishing and smishing pages, URL tricks, and internal phishing ...
Nov 21, 2025•36 min•Season 8Ep. 904
The US and allies sanction Russian bulletproof hosting providers. The White House looks to sue states over AI regulations. The US Border Patrol flags citizens’ “suspicious” travel patterns. Lawmakers seek to strengthen the SEC’s cybersecurity posture. A new Android banking trojan captures content from end-to-end encrypted apps. A hidden browser API raises security concerns. Fortinet patches a zero-day. A Philippine former mayor gets life in prison for scam center human trafficking. Our guest is ...
Nov 20, 2025•34 min•Season 10Ep. 2438
