CyberWire Daily - AI to the rescue.
Episode Date: September 24, 2025British authorities arrest a man in connection with the Collins Aerospace ransomware attack. CISA says attackers breached a U.S. federal civilian executive branch agency last year. Researchers uncover... two high-severity vulnerabilities in Supermicro server motherboards. A Las Vegas casino operator confirms a cyber attack. Analysts track multiple large-scale, automated email phishing campaigns. Libraesva issues an emergency patch for its Email Security Gateway. Our guest is Jason Clark, Chief Strategy Officer (CSO) at Cyera, tackling the security threat of Agentic AI. Robocars get misdirected by mirrors. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, we are joined by Jason Clark, Chief Strategy Officer (CSO) at Cyera, discussing tackling the security industry's biggest threat: Agent AI. If you want to hear the full conversation from Jason, you can check it out here. Selected Reading UK police arrest man over hack that affected European airports (Reuters) AI tool helped recover £500m lost to fraud, government says (BBC) CISA says hackers breached federal agency using GeoServer exploit (Bleeping Computer) Supermicro server motherboards can be infected with unremovable malware (Ars Technica) Boyd Gaming Suffers Cyberattack, Data Breach (Casino.org) Email Threat Radar – September 2025 (Barracuda) Revamped Phishing Techniques: How Telegram and Front-End Hosting Platforms Scale Campaigns (Forescout) GitHub notifications abused to impersonate Y Combinator for crypto theft (Bleeping Computer) Libraesva ESG issues emergency fix for bug exploited by state hackers (Bleeping Computer) Fooling a self-driving car with mirrors on traffic cones (The Register) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyberwire Network, powered by N2K.
AI adoption is exploding, and security teams are under pressure to keep up.
That's why the industry is coming together at the Datasec AI conference,
the premier event for cybersecurity data and AI leaders, hosted by data security leader,
Saira, built for the industry by the industry by the,
the industry, this two-day conference is where real-world insights and bold solutions take
center stage. Datasec AI 25 is happening November 12th and 13th in Dallas. There's no cost to
attend. Just bring your perspective and join the conversation. Register now at Datasek AI
2025.com backslash cyberwire.
British authorities arrest a man in connection with the Collins Aerospace Ransomware attack.
SISA says attackers breached a U.S. Federal Civilian Executive Branch Agency last year.
Researchers uncover two high-sever vulnerabilities in super micro-server motherboards.
A Las Vegas casino operator confirms a cyber attack.
Analysts track multiple large-scale automated email fishing campaign.
LeBresva issues an emergency patch for its email security gateway.
Our guest is Jason Clark, chief strategy officer at Sierra,
tackling the security threat of agentic AI.
And robocars get misdirected by mirrors.
It's Wednesday, September 24th, 2025.
I'm Dave Bittner, and this is your Cyberwire Intel briefing.
Thanks for joining us.
It is great to have you with us.
British authorities arrested a man in connection with a ransomware attack on Collins'
Aerospace, a subsidiary of RTX, that disrupted airport check-in systems and caused widespread
travel delays across Europe. The National Crime Agency said the suspect was detained under the
Computer Misuse Act and released on conditional bail, adding the investigation remains in its early
stages. No group has yet claimed responsibility and monitoring sites have not detected related
leaks on the dark web.
Meanwhile, the U.K. government says a new artificial intelligence tool has helped recover
nearly 500 million pounds in fraud over the past year, the largest amount ever reclaimed
by anti-fraud teams.
About 186 million pounds of that total was linked to COVID-19 schemes, including fraudulent
bounce-back loans, the Fraud Risk Assessment Accelerator developed by a
the Cabinet Office, cross-references departmental data, and scans policies for weaknesses before
they can be exploited. Officials plan to license the tool internationally with interest from
the U.S., Canada, Australia, and New Zealand. Ministers say the recovered funds will support
frontline services, but critics warn of risks around bias and civil liberties. Campaign groups
have previously accused government fraud detection AI of unfairly targeting vulnerable groups.
SISA disclosed that attackers breached a U.S. federal civilian executive branch agency last year
by exploiting an unpatched geoserver flaw. The remote code execution bug, patched in June
in 2024 was later added to SISA's known exploited vulnerabilities catalog after proof-of-concept
exploits emerged online. Shadow Server observed active attacks beginning July 9th, with threat actors
compromising two agency servers within weeks. They deployed web shells like China Chopper,
used brute force to steal passwords, and escalated privileges through compromised service accounts.
The intruders went undetected for three weeks until an endpoint detection tool flagged suspicious activity.
SISA urged agencies to prioritize patching, closely monitor alerts, and strengthen incident response.
Researchers have uncovered two high-sever vulnerabilities in super micro-server motherboards
that let attackers install malicious firmware, which runs before the operating system,
making infections extremely persistent and hard to remove.
Security firm, Binarly, says one flaw stems from an incomplete January patch for an earlier issue,
and a second critical bug was also found.
The weaknesses target baseboard management controllers, or BMCs,
which can reflash UEFI firmware stored in a soldered SPI chip.
Exploids let attackers replace signed firmware images without tripping
verification, and they could be deployed after gaining BMC admin access or via compromised
update servers.
This matters because implanted firmware survives OS reinstalls and hard drive replacement.
That persistence can enable long-term espionage, data destruction, or control of servers,
including those in AI data centers.
Defenders should prioritize verified BMC firmware updates, audit update updates, audit update
servers and assume firmware integrity may be at risk.
Boyd Gaming Corporation confirmed hackers accessed its internal systems, stealing employee data
and information tied to some individuals. The Las Vegas-based operators stressed that hotel
and casino operations were not disrupted. In a filing with the U.S. Securities and Exchange
Commission, Boyd said it had notified affected parties, regulators, and law enforcement. The company
engaged external cybersecurity experts, activated insurance coverage, and stated it does not expect
a material financial impact. Boyd operates 11 casinos in Las Vegas and additional sites nationwide.
Analysts at Barracuda tracked multiple large-scale automated email fishing campaigns,
abusing o-off flows, cloud platforms, and popular online tools. Kits such as Tycoon and Evil
proxy, exploit Microsoft OAuth to steal tokens, bypass multi-factor authentication, and register
malicious apps that request broad scopes. Attackers also host fishing pages on serverless platforms,
website builders, and productivity tools, notably Logo Kit, and weaponize trusted services
like Google Translate to mask malicious domains. Other campaigns target Twilio's SendGrid accounts to
send authenticated fishing and abuse Google Classroom and meet to funnel victims to WhatsApp
scams. Barakuta urges organizations to restrict trusted redirect URLs, limit Oath scopes,
validate short-lived tokens, enforce explicit account selection, monitor logs for anomalies,
and train users and developers to spot these evolving Fishing-as-a-service threats.
elsewhere four scouts the dairy labs reports a surge in fishing that pairs telegram bots with
front-end hosting platforms enabling rapid low-cost reputation shielded campaigns researchers analyze
9100 domains between april 2020 and august of this year generic tldes dominated with dot com
dot app and dot dev prominent hosting was clustered on server
from CloudflareNet, Fastly, and Amazon.
Attackers automate site spin-up, embed bot tokens, and reuse them across domains, enabling
easy clustering.
Campaign spoof banks, webmail, and enterprise tools, and often target meta-admins and
cryptocurrency users.
FHP abuse rose steadily since 2021, with recent shifts toward surge.
It's significant because trusted provider domains help.
Fishing Bypass filters at scale.
Defenders should control Telegram-Bot API traffic,
monitor FHP access,
apply DNS policies, enforce MFA,
detect risky sign-ins,
and accelerate takedowns using exposed tokens.
A large fishing campaign abused GitHub's notification system
to target developers with cryptocurrency draining malware
disguised as Y Combinator Winter 2026 invitation,
Attackers created hundreds of fake issues in repositories, tagging usernames, so GitHub's automated emails delivered the lure directly to inboxes.
Victims were urged to apply for $15 million in YC funding via a fake site using a misspelled domain.
The site ran obfuscated JavaScript that tricked users into verifying wallets, which instead authorized malicious withdrawals.
Reports to GitHub, IC3, and Google Safe Browsing prompted taked takedowns, though it remains unclear if assets were stolen.
Experts advise any developers who connected wallets to migrate funds immediately.
The real YC application portal is hosted by Y Combinator and closes November 10th.
Libresva issued an emergency patch for its email security gateway after detecting active exploitation of a
command injection flaw. The medium severity bug, triggered by malicious compressed attachments,
allowed arbitrary command execution from non-privileged accounts. At least one attack attributed to a
suspected state actor has been confirmed. The vulnerability affects ESG versions 4.5 and later,
with fixes deployed automatically across cloud and on-premise systems. LeBrasva released the update
within 17 hours, adding improved sanitation,
compromise scanning, and self-assessment checks.
Coming up after the break, my conversation with Jason Clark from Sierra,
we're tackling the security threat of agentic AI.
And robocars get misdirected by mirrors.
Stay with us.
SISO Perspectives is back with an all-new season.
This season is all about change.
Whether it be emerging technologies like AI,
shifting governmental roles, or evolving threats.
We are sitting down with security experts
and getting their insights to help you make sense of these changes.
We are part of a larger ecosystem.
And if you look at the largest cyber incidents,
they have massive downstream effects.
I'm Ethan Cook, editor of SISO Perspectives at N2K CyberWire.
This week, host Kim Jones with his first guest, Ben Yellen,
to discuss the current state of regulation.
Absolent security, by definition, is an oxymoron.
I can secure you absolutely if you shutter your doors,
wipe your computers, wrap them in Lusite,
and drop them in the Marnas Trench.
But then again, you aren't going to make no money.
Sissot Perspectives is an N2K Pro exclusive show.
But for this season, we're sharing the first two episodes free on the CyberWire Daily.
To hear the full season, visit thecyberwire.com and click on subscribe now to become an N2K Pro member.
At Talus, they know cybersecurity can be tough and you can't protect everything.
But with Talas, you can secure what matters most.
With Talas' industry-leading platforms, you can protect critical applications, data and identities,
anywhere and at scale with the highest ROI.
That's why the most trusted brands and largest banks,
retailers, and healthcare companies in the world
rely on TALIS to protect what matters most.
Applications, data, and identity.
That's TALES.
T-H-A-L-E-S.
Learn more at talusgroup.com slash cyber.
Compliance regulations, third-party risk, and customer security demands are all growing and changing fast.
Is your manual GRC program actually slowing you down?
If you're thinking there has to be something more efficient than spreadsheets, screenshots, and all those manual processes, you're right.
GRC can be so much easier.
And it can strengthen your security posture while,
actually driving revenue for your business.
You know, one of the things I really like about Vanta
is how it takes the heavy lifting out of your GRC program.
Their trust management platform automates those key areas,
compliance, internal and third-party risk, and even customer trust,
so you're not buried under spreadsheets and endless manual tasks.
Vanta really streamlines the way you gather and manage information
across your entire business.
And this isn't just theoretical.
A recent IDC analysis found that compliance teams using Vanta are 129% more productive.
It's a pretty impressive number.
So what does it mean for you?
It means you get back more time and energy to focus on what actually matters,
like strengthening your security posture and scaling your business.
Vanta, GRC, just imagine how much easier trust can be.
Visit Vanta.com slash cyber to sign up today for a free
demo. That's V-A-N-T-A-com slash cyber.
Jason Clark is chief strategy officer at Saera, and in today's sponsored industry voices
segment, we tackle the security threat of agentic AI.
When you look at it, you had the internet, which kind of connected the world, and then humans still searched, clicked, and decided what to build on that and what to do.
And then you had mobile, which all of a sudden made it, you know, portable computing, which is also just, you know, built off top of the internet, right?
Which was already been done before.
And then cloud was another way of it, then just really just unlocked scale.
But still the humans had to orchestrate, operate it, decide to move to the cloud.
I remember even when cloud started happening, people were saying, oh, yeah, well, there's no way we'll ever go to the cloud.
Even mobile, as I was a C-So at a Fortune 100, everybody said, yeah, there's no way that we're adopting, you know, those mobile devices.
We're keeping, you know, or Apple, we're keeping that battery because it's super secure and, you know, we all love it.
And what's big difference here is, one, everybody's saying, wow, like we have no choice.
we have to adopt this.
If our business or enterprise or organization is going to be able to be competitive in the world,
we have no choice but to adopt it.
That's having every single boardroom.
That didn't happen with the internet in the beginning, the cloud in the beginning,
and mobile in the beginning.
So I kind of say that, you know, AI is a tsunami where the others were waves.
Now, that's a really interesting analogy.
I'm curious when we look at this from a security point of view,
why is it that these traditional security architectures
break down when faced with agentic AI?
What happens is it pushes the boundaries of traditional controls.
Today we rely on segmented systems, static rules,
visibility limited by kind of a role or platform.
So the software does what is told.
The humans initiate actions and the systems follow predictable patterns.
And that's really how security has always been built.
It's been rule-based, if then else.
Just, you know, regular expression.
And then all of a sudden, what happens is you're empowering the system to act as a human, to learn and to watch what you do, to improve what you do.
And as soon as you do that, you have kind of unbounded behavior where the agents, you know, don't follow code.
They interpret intent.
And that creates a big, you know, unpredictability and risk for us.
It breaks scale.
Because if I have thousand agents that are acting as Jason on my behalf,
trying to help me scale and do, you know, a lot more things than what I can do today.
They're having to make decisions on their own about the things that I would want done.
How would I have done that?
And so that breaks the scale because I can't have a human in the loop checking and assessing
every single thing.
And, you know, it's the explosion of the access then.
You've got, you know, let's say call it a thousand agents per human.
That's just, that's a lot of identities that have a lot of access.
and they're creating a lot of data.
And data is the main reason we exist in information security.
And so all of a sudden, you've got this,
you know, we think those data is growing fast now.
Just imagine what will happen when you've got a thousand agents act on inner half.
So then you have an attribution collapse where all those thousand agents that were acting
on my behalf, are they me or are they not me?
And who's responsible?
And what was their intent?
What was their motive?
And can they be convinced to do something back?
add with the access that they've been given.
Can you give us some examples here of where things with agentic AI could potentially spin out
of control?
Yeah, absolutely.
One, I talked to a lot of CSOs where they are being told by their boards, by their
CEOs, look, we need a plan where some percent of HR, some percent of legal, some percent
of customer success and support and IT help desk,
just the work is done by agents acting as humans.
There's got to be some level of work and go figure that out.
And you even have C.C.E. is where they're challenging now.
Okay, you're asking for these hundred heads.
I want to know why 20 of those can't be done by AI.
Give me the analysis or your existing people.
Why can't it be done by AI?
So an example in the real world is HR.
Think about the interactions.
a large enterprise where you're asking HR for, hey, can you help me with leave policies or
with onboarding? Or can you explain the different benefit packages compared against each other
for my specific situation? Here's my family. You can slack or email HR asking something about
compensation and payroll that pretty much some human then has to go and log into workday
and go figure out versus you can just engage with a bot that can do do that.
that same with legal most you know kind of if i want a legal contract reviewed most of it is
basic stuff um or even asking hey does this does this contract need to comply under gdpr and it will say
well can you answer these three other questions um or if i wanted to you know draft a custom
nda real quick i don't need to go and have an expensive person going and doing that so those are
examples of what's happening today in the real world that you know other than what everybody else is
witnessing just around when they engage now with agents in a customer success environment.
What should security teams be looking out for here?
I mean, it's funny, I was interviewing somebody just a few days ago, and we all talk about
shadow IT, and they use the term shadow AI, and that was the first time I'd heard that.
It makes perfectly good sense, but does that term resonate with you?
Yeah, I mean, I think that's going to be the majority of AI.
It's not going to be, this is where IT or technology starts to happen in the business
and not in the business at the sea level.
Just, you know, every business is going to find out that they've got hundreds of people
building models and using agents.
It's just, it's just too, you know, the business exists to acquire and retain profitable
customers.
And I think the days of IT being able to control and maintain, except in highly regulated
environments where you're going to better, you know, slow everything down or just, that's not
going to work whenever, you know, getting the business is trying to go fast. And so really the
what the security teams and chief data officers need to do is focus on just having full
awareness of the shadow AI and understanding the use cases and under, and really just giving
awareness to it and then protecting where it's just highly at risk. And then trying to help guide them
monopath that is better for the business from an efficiency standpoint where people aren't trying
to do the same thing over and over again, but also security, right? That is the responsibility.
And the day, but, you know, AI is, is a consumer of data at epic proportions and a creator
of data at epic proportions. And so it's the largest security risk I think security teams has ever
seen in their life. And if they're not ready for it, it's going to break security.
What do you suppose the path forward is?
I mean, if we agree that legacy security tools aren't going to be sufficient here,
how do we design these controls that are going to keep up with these autonomous agents?
So the way I think we've always thought about things is where I kind of say we had these basic little muscles
connected to a kind of almost like an insect brain where it's if then else, right?
We just had these sensors all over the place.
what we need to do is just have a holistic view of all of our data, all of the access,
all of our users, and therefore all of the models, all of the agents.
And if I can understand everything that's accessing the stuff I care about,
and then everything that's being created that I might care about,
then all of a sudden, I've got complete visibility.
So it all starts with just having full visibility to the models, to my data,
and to my users, and to the agents.
And then it's, are they doing the right things?
Then it becomes behavior.
So, you know, then it's analytics on top of that.
It's basically data and access, you know, versus we've got threat platforms, vulnerability
platforms, cloud platforms, network security platforms, but you don't have a data and access
kind of operating system to be able to give you this visibility.
So it all starts with visibility.
And then you start making the security protection compliance decisions behind
that. How do you suppose organizations are going to find balance here or are going to find that
equilibrium? On one side, we've got this promise of agentic AI, all the productivity and
efficiency that it can provide. But on the other hand, we've got the risks that it introduces
to the enterprise. How do you turn that dial? I mean, it's, you know, it's just like anything
when the first cars were there, right, they didn't have seatbelts, they didn't have airbags.
and they went fast and and things bad did happen but you know they they built
them to to accomplish something to get somebody somewhere then they
accomplish them to go fast and so it's it's the job to quickly again not stop
say nobody could own cars I know we can go fast you know you just start
building controls in place and guard rails and safety mechanisms and some
laws about speed limits and then you build seat belts and and you know
breaks and airbags.
And so that's really what we need to do is just know that this is going to happen,
but quickly, much quicker than we ever have, is build the safeguards in place.
And then just the hyper focus on the risky scenario.
I was like, what should somebody not be doing?
And what models or what agent behaviors are super risky, right?
giving a model access to all of your snowflake environment,
or an entire database versus segmenting it to some table specific to its purpose.
Those are these rules and safeguards, just like everything else.
I would say that security strategy is not changed.
It's the tactics that change.
Every time there's new technology, the tactics change.
But fundamental principles of know yourself, know your data,
what's the attack surface, minimize that attack surface,
and then complicate access
and then monitor and respond
has been the same for the last 30 years.
Looking towards the future here,
I mean, the next year,
the next year and a half or so,
what do you think is going to separate
the organizations that can adapt successfully to this
from those that are going to struggle
with agentic AI?
They'll treat AI agents like it's a user
with a lot more power
so not as a tool with limits
they
will have
they will start to see
that data and access have to converge
you can't treat them separately
they're two sides of the same coin
and they will have a solution
that is AI and
agent aware basically
data and access solution which
converges data security converges
IAM so that they kind of have this one
central view of visibility
and then be able to action containment and protection.
And then third, they'll build AI security teams and governance programs
in the same way that we have with every other topic and every other wave
that's faced us for the last many decades, right?
It just becomes a norm.
People don't really talk about being a mobile company or a cloud-native company anymore.
or it's just automatic.
Everybody will be A.I. Native at some point in the future.
That's Jason Clark, Chief Strategy Officer at Saira.
Investigating is hard enough.
Your tools shouldn't make it harder.
Maltigo brings all your intelligence into one place,
platform and gives you curated data, along with a full suite of tools to handle any digital
investigation. Plus, with on-demand courses and live training, your team won't just install
the platform. They'll actually use it and connect the dots so fast, cybercriminals won't realize
they're already in cuffs. Maltigo is trusted by global law enforcement, financial institutions,
and security teams worldwide. See it in action now at Maltigo.com.
With Amex Platinum, $400 in annual credits for travel and dining
means you not only satisfy your travel bug, but your taste buds too.
That's the powerful backing of Amex.
Conditions apply.
And finally, turns out autonomous vehicles may be less self-driving,
more easily distracted magpies. Researchers in France and Germany discovered that mirrors can fool
LIDAR, the laser-based navigation tech used in most robocars, into either ignoring real obstacles
or swerving to avoid ones that don't exist. In campus parking lot trials, a traffic cone vanished
entirely behind strategically placed mirrors, a so-called object removal attack. With a different setup,
the car slammed on the brakes for a phantom obstacle conjured by an object addition attack.
Two mirrors were enough to fool the system most of the time, and six produced even more
convincing illusions. While Tesla famously avoids LIDAR, nearly everyone else relies on it,
raising uncomfortable questions about whether $100 in hardware store mirrors could send
your robotaxy into an existential crisis. Researchers suggest thermal image,
as a partial defense, though admit it's far from a silver bullet.
And that's the Cyberwire. For links to all of today's stories, check out our daily
briefing at the Cyberwire.com. We'd love to know what you think of this podcast.
Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity.
If you like our show, please share a rating and review in your favorite podcast app.
Please also fill out the survey in the show notes or send an email to Cyberwire at N2K.com.
N2K senior producer is Alice Carruth.
Our Cyberwire producer is Liz Stokes.
We're mixed by Trey Hester with original music by Elliot Peltzman.
Our executive producer is Jennifer Ibin.
Peter Kilpe is our publisher, and I'm Dave Bittner.
Thanks for listening.
We'll see you back here tomorrow.
Cyber Innovation Day is the premier event for cyber startups, researchers, and top VC firms
building trust into tomorrow's digital world.
Kick off the day with unfiltered insights and panels on securing tomorrow's technology.
In the afternoon, the eighth annual Data Tribe Challenge takes center stage as elite startups
pitch for exposure, acceleration, and funding.
The Innovation Expo runs all day, connecting founders,
and researchers around breakthroughs in cyber security.
It all happens November 4th in Washington, D.C.
Discover the startups building the future of cyber.
Learn more at cid.d. datatribe.com.