CyberWire Daily

Fortinet releases an emergency update for a critical vulnerability. A major outage disrupts Russian banking apps. A new report highlights critical skills gaps. CyberCorp scholars struggle to secure jobs. Scammers use QR codes in fake traffic violation schemes. A proposed lawsuit accuses Perplexity of oversharing users’ AI transcripts. Cambodia outlaws scam centers. Scammers impersonate Harvard IT staff. With “wrench attack” threats of violence, life imitates art. Kevin Magee from Microsoft for Startups describes emerging trends. On Afternoon Cyber Tea with Ann Johnson, Ann speaks with Allie Mellen about her new book "Code War: How Nations Hack, Spy, and Shape the Digital Battlefield." Users find Copilot’s terms of use highly entertaining.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today on our Industry Voices segment, we are joined by Kevin Magee from Microsoft for Startups discussing how cybersecurity startups can succeed by focusing on real problems and navigating emerging trends. Tune into the full conversation here.

Afternoon Cyber Tea

On this segment of Afternoon Cyber Tea with Ann Johnson, Ann speaks with Allie Mellen about her new book "Code War: How Nations Hack, Spy, and Shape the Digital Battlefield." You can listen to the full conversation here and catch new episodes of Afternoon Cyber Tea every other Tuesday on your favorite podcast app.

Selected Reading

New FortiClient EMS flaw exploited in attacks, emergency patch released (Bleeping Computer)

Major outage hits Russian banking apps, metro payments across regions (The Record)

SANS 2026 report flags cybersecurity skills crisis, putting critical infrastructure and OT sectors at measurable breach risk (Industrial Cyber)

CyberCorps grads consider private sector as fed hiring challenges persist (Federal News Network)

Traffic violation scams switch to QR codes in new phishing texts (Bleeping Computer)

Perplexity's "Incognito Mode" is a "sham," lawsuit says (Ars Technica)

Cambodian parliament passes landmark cybercrime law after scam centre scrutiny (Reuters)

Harvard Warns of Active Cyberattack Impersonating IT Staff and Targeting Affiliates (The Crimson)

Wealthy California crypto holders targeted in violent ‘wrench attacks’ (KTLA)

Security (xkcd)

Censys raises $70 million in a Series D round. (N2K Pro Business Briefing)  

Even Microsoft know Copilot can't be trusted (The Register)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our ⁠brief listener survey⁠. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at ⁠sponsor.thecyberwire.com⁠.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of Career Notes.
Anjali Hansen, a Senior Privacy Counselor from Noname Security shares her story as she climbed through the ranks to get to where she is today. When Anjali started, she wanted to do international law. She started working for the International Trade Commission after law school, where she was able to gain most of her experience and real world abilities. Working with online fraud and abuse, she shares, concerned her, because it felt like governments could not protect organizations from threats occurring, which is how she got interested in cybercrime. From there, she moved to Noname Security, and in working there, she found that she is working with every group in the organization, creating a cross team collaboration, saying how much she admires that type of model. She says "We have to help other departments protect the data because the data's throughout an organization, it's in HR, it's in sales and marketing, it's in IT, it's in finance. So you have to be able to work with all these teams." We thank Anjali for sharing her story.
Learn more about your ad choices. Visit megaphone.fm/adchoices

This week, we are joined by Santiago Pontiroli, Threat Intelligence Research Lead from Acronis TRU team, discussing their work on "New year, new sector: Transparent Tribe targets India’s startup ecosystem." The Acronis Threat Research Unit uncovered a new campaign by Transparent Tribe showing the group has expanded beyond traditional government and defense targets to India’s startup ecosystem, especially cybersecurity and OSINT-focused firms.

The attackers use startup-themed lures delivered via ISO files and malicious shortcuts to deploy Crimson RAT, a highly obfuscated tool capable of surveillance, data theft, and system control. Despite this shift, the campaign closely mirrors the group’s long-standing espionage tactics, suggesting startups are being targeted for their connections to government, law enforcement, and sensitive intelligence networks.

The research and executive brief can be found here:

New year, new sector: Transparent Tribe targets India’s startup ecosystem

Learn more about your ad choices. Visit megaphone.fm/adchoices

Cloud data centers come under fire in wartime. A massive dark web intelligence database is exposed. Chinese hackers exploit a video conferencing zero-day. The intelligence community rolls out cyber modernization plans. React2Shell attacks spread at scale. Iowa sues UnitedHealth over the Change Healthcare breach. France moves to bar kids from social media. Researchers warn about hidden risks in power regulation. An insider extortion plot locks admins out of hundreds of servers. Our guest Brandon Karpf, friend of the show, with insights on the war in Iran. Espresso exploit exposes executive emails. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Brandon Karpf, friend of the show, discussing defending critical infrastructure against Iran.

Selected Reading

What Happens When Data Centers Become Military Targets? (GovInfo Security)

Shared EnemShared Enemy: Inside a Chinese Dark Web Monitoring Database | UpGuardy: Inside a Chinese Dark Web Monitoring Database (UpGuard)

TrueConf Zero-Day Exploited in Asian Government Attacks (SecurityWeek)

ODNI tackles AI, threat hunting, app cybersecurity in year-one tech review (CyberScoop)

React2Shell Exploited in Large-Scale Credential Harvesting Campaign (SecurityWeek)

State AG Sues Change Healthcare in 2024 Ransomware Attack (GovInfo Security)

French Senate passes bill that would ban children under 15 from social media (The Record)

The silent dependency: DC power regulation in cyber‑physical security (NCC Group)

Man admits to locking thousands of Windows devices in extortion plot (Bleeping Computer)

The company's biggest security hole lived in the breakroom (The Register)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

A fake WhatsApp spreads spyware. The State Department pushes embassies to counter influence ops. Cisco patches critical bugs. CrystalRAT hits Telegram. A Texas hospital breach affects 250,000. HHS reshuffles IT oversight. China-linked spies target Europe. EvilTokens hijacks Microsoft accounts. Ransomware hits a North Dakota water plant. Sumedh Thakar, President and CEO of Qualys, discusses how cybersecurity is shifting toward managing real business risk. Tales of a tortoise's termination have been greatly exaggerated. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

We will be sharing a series of interviews we held at RSAC 2026 over the next few weeks. Sumedh Thakar, President and CEO of Qualys, discusses how cybersecurity is shifting toward managing real business risk amid rapid technological change. If you enjoyed this interview, check out the full conversation here.

Selected Reading

WhatsApp notifies hundreds of users who installed a fake app made by government spyware maker (TechCrunch)

Trump Officials Try to Fight Foreign Disinformation They Once Dismissed (The New York Times)

Cisco Patches Critical and High-Severity Vulnerabilities (SecurityWeek)

New CrystalRAT malware adds RAT, stealer and prankware features (Bleeping Computer)

250,000 Affected by Data Breach at Nacogdoches Memorial Hospital (SecurityWeek)

HHS Shuffles Internal Cyber, AI Oversight Back to CIO Office (GovInfo Security)

European-Chinese geopolitical issues drive renewed cyberespionage campaign (CyberScoop)

New EvilTokens service fuels Microsoft device code phishing attacks (Bleeping Computer)

North Dakota water treatment plant reports March ransomware attack (The Record) 

World’s oldest tortoise caught in viral crypto death scam | St Helena (The Guardian)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices