CyberWire Daily - AI meets the chain of command.

Starting point is 00:00:00 You're listening to the Cyberwire Network, powered by N2K. From fishing to ransomware, cyber threats are constant, but with Nordlayer, your defense can be too. Nordlayer brings together secure access and advanced threat protection in a single, seamless platform. It helps your team spot suspicious activity before. for it becomes a problem by blocking malicious links and scanning downloads in real time, preventing malware from reaching your network. It's quick to deploy, easy to scale, and built on zero-trust principles, so only the right people get access to the right resources.

Starting point is 00:00:46 Get 28% off on a yearly plan at Nordlayer.com slash Cyberwire Daily with code Cyberwire-28. That's Nordlayer.com slash Cyberwire Daily, code Cyberwire Daily, code Cyberwire Daily, code CyberWire dash 28. That's valid through December 10th, 2025. The CyberCemand names a new head of AI. The U.K. introduces its long-delayed cybersecurity and resilience bill. Researchers highlight a critical Oracle identity management. or flaw. Salesforce warns customers of a third-party data breach.

Starting point is 00:01:32 Italy's state-owned railway operator leaks sensitive information. Sonic wall patches firewalls and email security devices. The U.S. charges four individuals with conspiring to illegally export restricted invidia AI chips to China. The SEC drops its lawsuit against solar winds. NSO Group claims a permanent injunction could cause irreparable and potentially existential harm. Maria Vermazas from the T-Miner. Space Daily show sits down with retired general Daniel Carbler to discuss his consulting work on A House of Dynamite, the newly released Netflix film. And roses are red, violets are blue,

Starting point is 00:02:11 this poem just jail broke your AI too. It's Friday, November 21st, 2025. I'm Dave Bittner, and this is your Cyberwire Intel briefing. artificial intelligence officer at U.S. Cyber Command, announcing the move in a LinkedIn post he noted was written with AI assistance. He said the United States is in a pivotal moment as artificial intelligence reshapes global competition, military operations, and how adversaries seek advantage. Novotny emphasized the need for responsible innovation, rapid integration of advanced capabilities and strong partnerships across the Pentagon industry and academia. He added that adopting AI at scale will require cultural change as much as technological progress.

Starting point is 00:03:37 Prior to this role, Novotny served as the National Guard Bureau's Director of Intelligence and Cyber Effects Operations and as a senior military policy advisor at the Office of the National Cyber Director. The U.K. government has introduced its long-delayed cybersecurity and resilience bill, a sweeping measure aimed at strengthening national defenses as cyber attacks cost of the economy and estimated 14.7 billion pounds each year. The bill broadens the range of organizations required to meet cybersecurity standards, including suppliers to critical sectors such as health care and water,

Starting point is 00:04:16 as well as managed service providers. It grants new powers to the technology secretary to mandate security actions during national security threats. Experts say rising geopolitical tensions and recent high-profile breaches, including the Sinovis lab attack and incidents affecting Jaguar Land Rover, highlight the urgency. The bill aligns with plans to ban ransom payments but will not be enforced until 2027, raising concerns about regulatory capacity and readiness. Searchlight Cyber disclosed a critical Oracle identity manager flaw, a pre-authentication

Starting point is 00:04:56 remote code execution vulnerability, chained from an authentication bypass. Oracle patched it in October 2025 and confirmed it is easily exploitable. Searchlight warned it could enable full system compromise, including access to servers handling sensitive data. Sands researchers later found signs of possible zero-day exploitation between August 30th and September 9th, likely by a single actor also scanning for other vulnerabilities, including LifeRae and Log for J. Salesforce has warned customers of a data breach traced to GainSight, a partner whose applications

Starting point is 00:05:37 integrate with Salesforce environments. The company detected unusual activity in GainSight published apps managed directly by customers, and said the issue, may have enabled unauthorized access to certain Salesforce data. Salesforce stress the breach was not caused by flaws in its own software and has revoked all access and refresh tokens tied to the affected apps, which were also removed from the app exchange. Security experts believe more than 200 customers may be impacted and suspect the Shiny Hunter's Group, which has previously targeted Salesforce partners.

Starting point is 00:06:15 The incident highlights growing supply chain risk, echoed by IBM's 2025 breach report, noting high costs, rising prevalence, and long detection times for third-party compromises. Data from Italy's state-owned railway operator Ferrovi delio Stato Italiani, which I'm sure I just butchered, was leaked following a breach at its IT provider Al-Malviva. A threat actor claimed to have stolen 2.3 terabytes of recent and highly sensitive material. including internal FS documents, strategic plans, defense-related contracts, employee, and passenger data, financial records, and information tied to multiple subsidiaries.

Starting point is 00:07:01 Alma Viva confirmed the cyber attack on its corporate systems and said some data was taken, though critical services remained operational. The company activated its incident response procedures and notified Italian authorities, including the Public Prosecutor's Office and the National Cyber Security Agency. Evidence that the documents extend into the third quarter of 2025 suggest the breach stems from a new intrusion rather than reuse of data stolen during Almeviva's 2022 compromise. Sonic Wall released patches for several high-severity flaws affecting Gen 7 and Gen 8 firewalls and its email security appliances.

Starting point is 00:07:46 A stack-based buffer overflow in the Sonic OS SSL VPN service could let remote unauthenticated attackers crash devices. Two additional email security issues allow arbitrary code execution when root file system images are not verified. Fixes are available and customers are urged to restrict SSL VPN access until updated. Sonic Wall says there's no evidence of external. exploitation. Four individuals in the U.S. have been charged with conspiring to illegally export restricted invidia AI chips to China. Prosecutors say the group used shell companies,

Starting point is 00:08:26 falsified paperwork, and routed shipments through Malaysia and Thailand to evade export controls imposed in 2022. A Tampa firm, Janford Realtor LLC, allegedly served as the front for the operation. Two shipments succeeded, sending 400 Nvidia A-100 GPUs into China, while law enforcement blocked two others involving H-100-powered supercomputers and 50 H-200 GPUs. The defendants allegedly never sought required licenses and received nearly $3.9 million from China to fund the scheme. Officials described the case as part of a broader effort to disrupt illicit pipelines for advanced U.S. AI hardware. The defendants face up to 20 years in prison. The SEC has dropped its 2023 lawsuit accusing Solar Winds and its CISO of misleading investors about weak cybersecurity

Starting point is 00:09:26 practices. The agency offered no explanation beyond saying the move was discretionary. Solar wins called the dismissal of indication, noting industry concerns about the case's chilling effect on security leaders. The decision follows a 2024 ruling that rejected most SEC claims as speculative. The suit had focused on disclosures before and after the Russian-link 2020 breach that compromised major companies and U.S. government agencies. NSO Group is asking a federal court to pause the permanent injunction, blocking it from targeting WhatsApp while it appeals, arguing the order would cause irreparable and potentially existential harm. In a new filing, the company says the injunction would force it to destroy code that cannot be

Starting point is 00:10:18 recovered, halt lawful sales of its Pegasus spyware to government customers, and leave competitors unrestricted. NSO also argues the order conflicts with the Computer Fraud and Abuse Act, which exempts authorized U.S. law enforcement and intelligence activity. The company claims a stay is a stay. in the public interest because Pegasus supports counterterrorism and criminal investigations, noting the injunction would bar any future U.S. government use. The motion follows NSO's leadership shake-up and confirmation of new U.S. investors.

Starting point is 00:11:04 Coming up after the break, Maria Vermazas speaks with General. Daniel Carbler discussing his consulting work for A House of Dynamite. And roses are red, violets are blue. This poem just jail broke your AI, too. Stick around. At Talas, they know cybersecurity can be tough and you can't protect everything. But with TALIS, you can secure what matters most. With TALIS's industry-leading platforms, you can protect critical applications, data and identities, anywhere and at

Starting point is 00:11:51 scale with the highest ROI. That's why the most trusted brands and largest banks, retailers, and health care companies in the world rely on TALIS to protect what matters most. Applications, data, and identity. That's Talis. T-H-A-L-E-S. Learn more at Talisgroup.com slash cyber. Ever wished you could rebuild your network

Starting point is 00:12:24 from scratch to make it more secure, scalable, and simple? Meet Meter, the company reimagining enterprise networking from the ground up. Meter builds full-stack zero-trust networks, including hardware, firmware, and software, all designed to work seamlessly together. The result? Fast, reliable, and secure connectivity without the constant patching, vendor-juggling, or hidden costs. From wired and wireless to

Starting point is 00:12:52 routing, switching firewalls, DNS security, and VPN, every layer is integrated and continuously protected in one unified platform. And since it's delivered as one predictable, monthly service, you skip the heavy capital costs and endless upgrade cycles. Meter even buys back your old infrastructure to make switching effortless. Transform complexity into simplicity and give your team time to focus on what really matters, helping your business and customers thrive. Learn more and book your demo at meter.com slash cyberwire. That's M-E-T-E-R dot com slash cyberwire.

Starting point is 00:13:34 My N2K colleague Maria Vermazes from the T-Minus Space Daily podcast recently sat down with retired General Daniel Carbler to discuss his consulting work for the new Netflix film, A House of Dynamite. I served almost 37 years in the Army. started way back in 1987. I graduated West Point. My career field was Air and Missile Defense, which I've done my entire 37 years. I culminated as the commander for U.S. Army Space and Missile Defense Command, headquartered in Huntsville, Alabama, at Redstone Arsenal. But we also had elements of our command global as we provided a missile early warning, as well as missile defense with our soldiers in Fort Greeley. And prior to that, I spent three years as the Stratcom. Chief of Staff. So it became pretty well versed in strategic deterrence, nuclear operations, and at that time, Stratcom had the missile defense responsibility, too. So it was kind of a melding of all your classic elements or your elements of classic deterrence, imposed unacceptable cost, deny benefit, and then being able to credibly message it. I also just by way of some background, too, I was the Army's Testing Evaluation Command Commander, so as a two-star, so all Army

Starting point is 00:15:01 testing that took place for weapons systems, you name it. I was responsible for that testing, which proved to be very helpful in just different other jobs that I had. Thank you so much for joining me. We're going to be specifically talking about a more recent project. The Netflix film, A House of Dynamite, which has been just on the lips of everyone I work with lately. You had a major, major part in that film. Can you please give me sort of the pitch about what you're you were involved in with that film. Sure. So, you know, first off, I retired from the Army about a year and a half ago.

Starting point is 00:15:38 Being a technical advisor to Catherine Bigelow in a movie was not on my retirement to do list. It didn't even make the top 100 of, on the one to end list. But what happened was Doug Lute, who was a general retired Doug Lute, who was ambassador Lute, he had been doing some advising to Catherine for some of the White House Situation Room scenes. and she asked him, she said, do you know, anybody knows anything about Stratcom or Fort Greeley or Missile Defense or New Copper? She said, I got a guy who I just retired and he actually did all those jobs. And so he put me in touch with the producer, Greg Shapiro gave me a call, said, hey, would you like to advise in this movie? I said, sounds intriguing. He goes, we'll set up a Zoom call with Catherine and myself, a couple of other folks as part of the production. And so we set up the Zoom call and everybody was kind of popping in. And then I had an idea. And so I left my camera off as everybody's popping in and they're chatting. And then there was a little break in the conversation.

Starting point is 00:16:37 And I click on my microphone, but I still left the camera off. Click on my microphone and said, this is the DDO from the Pentagon convening a national security conference. Classification of this conference is top secret, TK, S.I, Poland, U.S. Stratcom, U.S. Northern Command, U.S. Indo-Pacific Command, U.S. Indo-Pacific Command, Sect-D-F cables, military assistance, to the Secretary. Sectaf Cable, please bring the Secretary in the conference. Mr. Secretary, this is the DDO because of time constraints and the dismissal attack recommend we transition immediately from a national security conference to a strategic deterrence conference, and we bring the president in the conference. Piac, please bring the president in the conference. And I stopped there, and then I clicked on my camera.

Starting point is 00:17:12 And I said, ladies and gentlemen, that's how the worst day of America's history will begin. I hope your script does it some justice. And that was my cold opening. And Catherine, and I kind of kid with my wife on this, Catherine Bigelow, she's one academy order for best director. so she has to have an eye for good acting talent, said, oh my gosh, that was amazing, Dan. I want to have you in my movie. So nailed the audition, and here I am, you know, 12 months, 15 months later. Hollywood.

Starting point is 00:17:40 I mean, that is a hell of a pitch. And for those who haven't seen the movie, the camera off is a really great device in the film. So I'm sure she got that idea from you. Well, Dan, it is a genuine thrill to be speaking with you. And I was telling you right before we started recording, I just. watched the film. So my opening question for you, and I mean this with like fullest respect, is how did you sleep at night doing that job? Well, a lot of times we didn't sleep at night. Many times it'd be 10 o'clock at night and I'm throwing my uniform on going back into

Starting point is 00:18:13 Strathcom headquarters to the battle deck because, you know, our adversaries, they don't sleep, particularly in 2017, KJU, he was, I mean, he was testing. It seemed like just about every weekend, every other weekend. I mean, the number of Saturdays that were ruined because we were responding to another missile test, lost count of them. But I did, but you know what, knowing the professionals that we had, whether on the missile defense side of at Fort Greeley or the great airmen sailors and soldiers that were manning, you know, our bombers and the ICBM and the ICBM fields and our subs, you know, they train very, very hard. And we train as an enterprise quite a bit.

Starting point is 00:18:55 So even though the topic and the subject is, I mean, it can be mortifying, we have to stay ready. And we were. And we practiced it quite a bit. I don't want to talk too much about like what I thought of the film because I want people to go see it if they haven't already. I wanted to ask you about, oh my gosh, so many things.

Starting point is 00:19:14 But one of the threads that goes throughout the film that is a clear driver of the drama is the lack of attribution of this inbound. That, to me, was a really fascinating point about we didn't know where this ICBM is coming from. Our missile defense warning systems sort of just didn't catch where it was starting from. Were we potentially internally compromised? Can you walk me through how realistic that kind of scenario is? And what would that really look like? I don't quite understand.

Starting point is 00:19:44 Sure. So first off, not a far-fetched scenario. when before I came into Stratcom and just before General Heighton, before John Heighton took command of Stratcom, Ash Carter, who was a Secretary of Defense, did a no-notice exercise. Now, I don't want to say no-notice. Like, also, we just saw nuclear missiles being shot at us

Starting point is 00:20:05 and we didn't know what was going on. But he basically said on morning, he said, we are going to do in a nuclear operations conference right now. And he started it. And he started with an unattributed missile launch from the Pacific because he wanted to see how everybody would react. Now, this and this brought in the entire cabinet and as well as, you know, the military that, you know, NMCC, all the way to Stratcom and all of our components. And so as you might expect, the military swung to action and went through our processes, procedures.

Starting point is 00:20:41 The civilian side was a little rusty. I'll charitably say they're a little rusty. Cabinet members weren't in place, did not have the right communications set up to be able to dial into the conference. Some of the principles didn't have a good understanding with their strike advisor and what the strike advisor was to do for them, you know, as the scene in the movie, the nuclear decision handbook. And so it was a good exercise to have because people needed to practice. Ash Carter made it complicated by having a missile that was non-attributed. Now, why he did it that way, I could speculate that he didn't want to vilify, is not the right word, but he didn't want to make an enemy known, you know, oh, look, the Secretary of Defense just made China the aggressor on his own.

Starting point is 00:21:38 his own exercise, he must really be against China, right? So, so he kind of left a vague. Kind of like how the movie did, too. No real villain in the movie identifiable because that was, you can broaden the discussion then. It's too easy to just say, well, it was Russia or was China or was North Korea. And then the discussion gets very narrow, and Catherine didn't want to do that. She wanted to keep the discussion very broad. Now, when you look at the actual attribution and, you know, why did it happen that there was an attribution? So Gabe Bassel's character, Jake Barrington, Deputy National Security Advisor, who is the most unlucky, harried staff guy in the government. I'm sure you cannot relate. Yeah. Yeah. The scenes where he's on his phone and going through

Starting point is 00:22:29 security, we've all kind of been. Oh my God. Yeah, right. We can relate to him. But, you know, he alludes to, you know, maybe it was cyber penetration. And that's certain. is, you know, we always are concerned about our different, you know, the threat surface areas that are out there that our adversaries could potentially get into. And so, so that being into the script kind of then helps the believability factor of the plot is, oh, maybe, maybe this is what happened. All my space, you know, compadres and friends. And of course, they're like, you know, Sivers would have seen it, you know, come on. And well, we know that it would have,

Starting point is 00:23:06 but it wouldn't have seen it potentially if there was a cyber attack that somehow, you know, penetrated into the system, which, again, as Jake Barrington alludes to then, too, this is, this is a, or maybe it was General Brady, Tracy Letts's character said, part of a larger, more coordinated attack against the U.S. And so you have to give a lot of credit to Noah Oppenheim, the scriptwriter, who did so, did such fantastic research. to make sure that, you know, it's pretty, the plot is pretty, it's pretty ironclad, really. I mean, people are going to pick around the edges, which, you know, that's good because you're getting the discussion going. But in terms of the feasibility of it, I thought it was good. That's why I signed up for it, too. When they gave me this script, you know, I didn't immediately agree to work with them. I wanted to look at the script first.

Starting point is 00:23:58 When I look at the script and I saw it and I go, okay, yeah, this is all feasible and I can definitely work with this as a whole scenario. There is much more to this conversation between Maria Vermazas and retired Lieutenant General Daniel Carbler. Be sure to check out the full interview in the T-minus Deep Space episode airing tomorrow in all of your favorite podcast apps. You can find a link in our show notes. What's your 2 a.m. security worry? Is it, do I have the right controls in place? Maybe are my vendors secure? Or the one that really keeps you up at night,

Starting point is 00:24:47 how do I get out from under these old tools and manual processes? That's where Vanta comes in. Vanta automates the manual work, so you can stop sweating over spreadsheets, chasing audit evidence, and filling out endless questionnaires. Their trust management platform continuously monitors your systems, centralizes your data, and simplifies your security at scale.

Starting point is 00:25:09 And it fits right into your workflows, using AI to streamline evidence collection, flag risks, and keep your program audit ready all the time. With Vanta, you get everything you need to move faster, scale confidently, and finally get back to sleep. Get started at Vanta.com slash cyber. That's V-A-N-T-A-com slash cyber. At Desjardin, we speak business. We speak startup funding and comprehensive game plans. We've mastered made-to-measure growth and expansion advice, and we can talk your ear-off about transferring your business when the time comes.

Starting point is 00:25:51 Because at Desjardin business, we speak the same language you do. Business. So join the more than 400,000 Canadian entrepreneurs who already count on us, and contact Desjardin today. We'd love to talk. Business. And finally, it seems the swiftest way to fool an AI is not through cunning hacks or coders craft, but shaping every scheme in lines of verse.

Starting point is 00:26:28 A study shows that when malicious aims are wrapped in meter, rhythm, rhyme, and form, Their models drop their guard and let them pass. 1,200 prompts they tested, prose, and poem, across a host of systems far and wide, and found success rose sharply when in rhyme. From modest rates to heights near 90-plus, the flaw appears in filters stretched too thin, which falter when the input sounds like art.

Starting point is 00:26:56 Those smaller models held their footing best, their larger kin proved weak to lyric charm, so let this stand as fair in riot, advice. A well-placed meter may be more than sweet, where pretty lines can turn a prompt quite sharp. And that's the Cyberwire. For links to all of today's stories, check out our daily briefing at the cyberwire.com. Be sure to check out this weekend's Research

Starting point is 00:27:38 Saturday and my conversation with Alex Berninger from Red Canary and Mike Wiley from Z-Scaler. We're discussing four fishing lures in campaigns dropping RMM tools. That's Research Saturday. Do check it out. We'd love to know what you think of this podcast.

Starting point is 00:27:54 Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review. in your favorite podcast app. Please also fill out the survey and the show notes or send an email to Cyberwire at N2K.com.

Starting point is 00:28:13 N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music by Elliot Peltzman. Our executive producer is Jennifer Ibin, Peter Kilpe as our publisher, and I'm Dave Bittner. Thanks for listening.

Starting point is 00:28:28 We'll see you back here next week. Thank you.

CyberWire Daily - AI meets the chain of command.

There aren't comments yet for this episode. Click on any sentence in the transcript to leave a comment.