CyberWire Daily - China’s hackers aren’t invincible.
Episode Date: May 12, 2026Former NSA chief says the U.S. can beat China in cyberspace. Canvas cuts a deal with hackers. The FCC proposes KYC rules for phone users. SAP patches critical flaws. A poisoned TanStack npm supply cha...in attack spreads malware. Humanitarian aid lures deliver spyware. Japan launches an AI-driven cyber review. Texas sues Netflix over data practices. And Harvard experts debate the future of agentic AI security. On our Threat Vector segment David Moulton welcomes, Assaf Keren, CSO at Qualtrics and author of Lessons from the Frontlines. Our guest is Tim Starks from CyberScoop discussing changes to the CyberCorps Scholarship program. The Gentleman’s guide to awful OPSEC. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector AI is the most powerful tool defenders have ever had. It's also the most dangerous weapon attackers have ever had. Assaf Keren, CSO at Qualtrics and author of Lessons from the Frontlines, has seen AI reshape both sides of the threat equation. In this conversation, he gets specific about what happens when powerful tools fall into the wrong hands, and what leaders need to do before they get caught off-guard. You can listen to the full conversation here, and catch new episodes of Threat Vector with host David Moulton every Thursday on your favorite podcast app. CyberWire Guest Today we are joined by Tim Starks from CyberScoop discussing changes to the CyberCorps Scholarship program. You can read more in Tim’s article “Trump officials are steering a cybersecurity scholarship program toward AI.” Selected Reading I Ran the N.S.A. This Is How to Defeat China’s Hacker Army. (The New York Times) Canvas hack: company pays criminals to delete students' stolen data (BBC News) FCC Attempts to Solve Robocall Problem by Potentially Creating Even Bigger Privacy Problem (Gizmodo) SAP Patches Critical S/4HANA, Commerce Vulnerabilities (SecurityWeek) Cache-poisoning caper turns TanStack npm packages toxic (The Register) Operation HumanitarianBait Uses Fake Aid Documents to Deploy Python Spyware (Hackread) Japan’s PM orders cybersecurity review to stop Mythos going full CyberZilla (The Register) Texas sues Netflix over alleged data practices that create ‘surveillance machinery’ without user consent (The Record) Time for government, business leaders to figure out AI cybersecurity regulation (Harvard Gazette) Tables Turned: Gentlemen Ransomware Group Suffers Data Leak (BankInfo Security) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyberwire Network, powered by N2K.
Maybe that's an urgent message from your CEO,
or maybe it's a deep fake trying to target your business.
Dopple is the AI-native social engineering defense platform
fighting back against impersonation and manipulation.
As attackers use AI to make their tactics more sophisticated,
Dopple uses it to fight back.
from automatically dismantling cross-channel attacks to building team resilience and more.
Doppel. Outpacing what's next in social engineering.
Learn more at doppel.com.
That's Doppel.com.
The former NSA chief says the U.S. can beat China in cyberspace.
Canvas cuts a deal with hackers.
The FCC proposes KYC rules for phone users,
SAP patches critical flaws,
A poisoned tan-stack NPM supply chain attack spreads malware.
Humanitarian aid lures deliver spyware.
Japan launches an AI-driven cyber review.
Texas sues Netflix over data practices.
Harvard experts debate the future of agentic AI security.
On our threat vector segment, David Moulton, welcomes Asaf Karen, CSO at Qualtricks,
an author of Lessons from the Front Lines.
Our guest is Tim Starks from CyberSoup, discussing changes to the CyberCore
scholarship program and the gentleman's guide to awful opsec. It's Tuesday, May 12, 26. I'm Dave
Bittner, and this is your Cyberwire Intel briefing. Thanks for joining us here today. It's great as
always to have you with us. Former NSA and U.S. Cyber Command leader Timothy Hogg says China's long-running
cyber campaign against the United States is serious, but far from unbeatable. In a New York
Times editorial, he points to intrusions tied to groups like Volt Typhoon and Salt Typhoon,
which targeted utilities, telecommunications networks, and senior officials.
Hogg argues the United States already holds a major advantage through its private sector.
American cybersecurity firms, cloud providers, and telecom companies operate at unmatched global
scale and can often detect malicious activity faster than governments.
He cites a recent Google disrupt.
of a Chinese espionage campaign as proof that industry-led action can work quickly and effectively.
Hogg believes voluntary cooperation is no longer enough. He calls for clearer laws authorizing
companies to disrupt foreign cyber operations, more funding for critical infrastructure defense,
and stronger public consequences for Chinese cyber activity, including sanctions and coordinated
disruption efforts.
He also warns that U.S. Cyber Command remains underfunded relative to the scale of the threat.
Infrastructure, the company behind the widely used Canvas learning platform, says it reached an agreement
with the Shiny Hunter's extortion group after a cyber attack disrupted services at roughly
9,000 educational institutions across the U.S., Canada, Australia, and the U.K.
The attackers claimed to have stolen 3.5 terabytes of university and student data and threatened to publish it online unless a ransom was paid.
Instructure says the agreement resulted in the return of data, digital confirmation of its destruction, and assurances that affected institutions and students would not face further extortion.
The incident interrupted exams and coursework for many students.
Security experts and law enforcement agencies generally discourage ransom payments because attackers may still retain or resell stolen data.
Instructure said its priority was protecting customer information and minimizing harm to students and schools.
The Federal Communications Commission is proposing new Know Your Customer Rules aimed at reducing illegal robocalls.
But critics warn the changes could create major problems.
privacy concerns and effectively end anonymous burner phones in the United States.
Under the proposed rules, prepaid phone customers could be required to provide government-issued
identification, a physical address, a legal name, and an existing phone number before
receiving service. The FCC is also considering behavioral red flags, including cryptocurrency
payments, virtual office addresses, and suspicious websites or email accounts.
The FCC says telecom providers are best positioned to stop illegal calls before they reach consumers.
But civil liberties advocates argue the plan could expand surveillance and make it harder for vulnerable people,
including abuse survivors and refugees, to access anonymous communications.
Proposed enforcement measures could fine telecom providers $2,500 per illegal call,
creating strong incentives for aggressive customer monitoring.
SAP has released 15 new security notes for its May 26 Security Patch Day,
including two critical vulnerabilities with a CVS score of 9.6,
affecting S4 HANA and SAP Commerce.
The S4 HANA flaw is an SQL injection vulnerability
that could allow authenticated attackers to access sensitive data.
A second issue affects SAP Commerce and could enable unauthenticated attackers to upload malicious
configurations and execute arbitrary server-side code.
SAP also patched a high-severity OS command injection flaw in forecasting and replenishment,
along with additional medium and low severity bugs across multiple products.
SAP says there's no evidence these vulnerabilities are being actively exploited,
but customers are urged to apply patches quickly.
Attackers published 84 malicious versions of official 10-stack NPM packages
in a six-minute supply chain attack that exposed developers to credential theft,
self-propagating malware, and potential disk wiping.
Researchers say the attackers exploited a GitHub action's cash poisoning weakness
to steal NPM publishing tokens without compromising,
tan-stack maintainers directly. The malicious packages uploaded on May 11th were removed within
roughly 30 minutes after detection by Step Security. Analysis from socket and step security found
the malware searched more than 100 locations for cloud credentials, SSH keys, crypto wallets, and developer
secrets. Researchers also identified a dead man switch that could wipe an infected system
if stolen GitHub tokens were revoked.
The incident highlights ongoing risks in software supply chains
and the danger posed by routine package installation commands
in developer environments.
Researchers at Sibel Research and Intelligence Labs
have identified a new espionage campaign
called Operation Humanitarian Bait
that uses fake humanitarian aid documents
to deliver Python-based spyware
to Russian-speaking targets.
The attack begins with fishing emails carrying a malicious shortcut file hidden inside a RAR archive.
The malware uses power shell and fileless execution techniques to evade automated detection
while displaying a decoy PDF related to humanitarian assistance.
Researchers say the spyware is hosted through GitHub releases and heavily obfuscated using Pi Armor.
Once installed, the malware can steal browser credentials,
telegram session data, cryptocurrency wallets, and screenshots, while also logging keystrokes
and enabling remote desktop access through Rust Desk or Any Desk.
The campaign demonstrates how attackers are increasingly blending trusted services,
social engineering, and stealth-focused malware to maintain long-term access and evade security
tools.
Japanese Prime Minister Senei Takiachi has ordered a government-wide,
cyber security review following concerns that advanced artificial intelligence models,
including Anthropics bug hunting system mythos, could dramatically increase the speed and scale
of cyber attacks.
Takiachi directed cybersecurity minister Hisashi Matsumoto to assess whether government agencies
and critical infrastructure operators can effectively detect and remediate vulnerabilities.
The move reflects growing concern.
that AI systems capable of rapidly identifying software flaws may also help attackers automate
exploitation efforts. The announcement follows broader warnings from regulators and security experts
worldwide that frontier AI models could reshape the cyber threat landscape. Some researchers,
however, argue mythos does not uncover vulnerabilities beyond human capability and may not significantly
outperform existing open source tools.
governments are increasingly treating AI-enabled cyber risk as a national security issue,
requiring policy-level responses and infrastructure readiness.
Texas Attorney General Ken Paxton has sued Netflix,
alleging the streaming company collected and shared sensitive user data with advertisers,
data brokers, and ad tech firms without meaningful consent from subscribers.
The lawsuit claims Netflix tracked viewing habits,
device information, locations, and behavioral data from both adults and children,
despite past public statements from company leadership suggesting the platform did not engage
in advertising-related data collection.
Texas also alleges Netflix combined user demographics, IP-based location data, and viewing
activity to build detailed advertising profiles.
The state is seeking financial penalties and a court order barring what it describes as
unlawful data collection practices.
Texas also wants Netflix to disable
AutoPlay by default on children's profiles.
The case highlights growing scrutiny
of how streaming platforms
collect, analyze, and monetize behavioral data,
particularly involving children's accounts
and targeting advertising ecosystems.
Cybersecurity researchers and policy experts say
increasingly autonomous agentic AI systems
could transform both cyber defense and cybercrime,
raising urgent questions about regulation, liability, and national security.
During a discussion hosted by Harvard's Berkman-Klein Center,
experts pointed to rising AI-assisted cyber attacks,
including fishing campaigns and software exploitation efforts
that can rapidly identify vulnerabilities.
IBM data cited during the panel showed attacks targeting public-facing applications
rose 44% year-over-year in 26.
Panelists argued businesses and governments
need clearer security standards
and liability frameworks
before AI-driven threats escalate further.
Concerns included AI-enhanced fishing,
autonomous cyber-retaliation,
and the difficulty of securing sprawling software ecosystems.
At the same time, researchers said
Agentic AI could strengthen defenses
by detecting fraud patterns and suspicious behavior in real time.
Coming up after the break on our Threat Vector segment, David Moulton, welcomes Asafkaren CSO at Qualtricks,
and author of Lessons from the Frontlines.
Tim Starks from CyberScoop discusses changes in the CyberCore Scholarship Program
and the Gentleman's Guide to Awful Opsack.
Stay with us.
When it comes to mobile application security,
good enough is a risk.
A recent survey shows that 72% of organizations reported at least one mobile application security
incident last year, and 92% of responders reported threat levels have increased in the past two years.
Guard Square delivers the highest level of security for your mobile apps without compromising
performance, time to market, or user experience.
Discover how Guard Square provides industry-leading security for your Android and iOS apps.
apps at www.gardesquare.com.
No, it's not your imagination.
Risk and regulation are ramping up, and customers expect proof of security just to do business.
That's where Vanta comes in.
Vanta automates your compliance process and brings compliance, risk, and customer trust together
on one AI-powered platform.
Whether you're preparing for a SOC 2 or managing an enterprise GRC program, Vanta
helps keep you secure and your deals moving.
Companies like Ramp and Writer reports spending 82% less time on audits.
That's not just faster compliance.
That's more time to focus on growth.
When I look around the industry, I see over 10,000 companies from startups to big enterprises
trusting Vanta.
Get started at Vanta.com slash cyber.
On our latest threat vector segment, host David Moulton welcomes a soft Karen.
CEO at Qualtricks.
He's also author of Lessons from the Frontlines.
Hi, I'm David Moulton, host of the Threatpector podcast, where we break down cybersecurity threats, resilience, and the industry trends that matter most.
What you're about to hear is a snapshot from my conversation with Asaf Karin, SVP, and Chief Security Officer at Qualtricks, and the author of a new book, Lessons from the Frontlines.
Out now from Wiley.
AI is the most powerful tools defenders have ever had.
It is also the most capable weapon attackers have ever had.
And right now, attackers are using it.
Asov has spent 25 years protecting some of the world's most targeted digital environments
from the Israeli government to PayPal to Qualtrics.
He's not speculating about what AI-powered attacks look like.
He's watching them happen.
In this episode, we get into why AI doesn't just lower the barrier
to entry for attackers, it removes the ceiling.
What prompt injection actually means for defenders
and why it's different from any threat most teams are built to handle,
and the moment your organization deploys an AI tool,
why your threat model has to change immediately.
Asap has a phrase that stuck with me.
The moment you bring AI into your environment, you have less slack.
You can't skip steps.
Most organizations are skipping steps.
If your security program hasn't caught up to what AI means for your attack surface,
this is the conversation to start with.
Asaf, welcome to ThreatVector.
I'm really glad to have you here.
I know there had been some scheduling nonsense, but we finally got it, man.
We're finally on the mic together.
So let's have a good conversation.
Six rescheduling to get to this point if I counted correctly.
But let's go.
I'm excited.
In your book you wrote about this danger of feeling like you know enough
and how that confidence can
quietly become a liability
in a field that's moving as fast as AI security
I think that trap feels easy to fall into
where do you see that showing up now?
Specifically with AI, I think that
I'm seeing a lot of security teams
not understanding how pivotal this moment is
and using legacy thinking in making decisions
and maybe defaulting to the default of security teams,
which is being the Department of No.
I think especially there is a gap of knowledge
in security teams understanding AI and machine.
in learning. I think it has been there for a while, but the, but with the explosion happening
right now, that fear is dangerous. And I, that lack of curiosity that I'm seeing in a lot of
places is bothering me because I think that we're creating more impact than good when we're
doing it. How do you catch yourself from falling into that trap?
Sometimes successful, sometimes I'm not, by the way.
I don't want to make it sound like I'm always curious,
but I do curiosity checkups.
I sit down and generally say to myself,
what did I miss?
There is a friend of mine, Leah,
who's the CISO of LinkedIn,
and they wrote on LinkedIn,
something I agree with completely
that there is a superpower
in willing to look
like you don't know the answer
or willing to look like you're stupid
and ask questions like you're stupid
and
sometimes I'm successful
sometimes I'm not
in the day-to-day
accelerated day-to-day pace that we're in
a lot of time it's just easy to come in
and say, hey, this is the answer, move on.
Right.
And I do have a good team around me
that knows to also challenge me when I'm that way.
And tell me, hey, Asaf, you're wrong here.
Let's have a conversation.
And that's really really humbling,
and it's great to have that support structure.
So one of the things that you may have noticed, and I certainly have, and it's counterintuitive to think this way, I think, is that there's a lot of focus on AI, and I think that that is warranted.
On the other hand, have we pulled so much of our focus away from some of the basics that seem like we need to be able to go in and deal with the discipline and grit work that isn't all that sexy and new, but needs to be done.
such that the attack that you're talking about isn't so damned easy.
Yes, yes, thank you for that.
We need to say this more.
The best solution, two good solutions for AI attacks.
One is minimization.
If it doesn't need to be on the internet, it shouldn't be on the internet.
If it doesn't need to be on the endpoint, it doesn't need to be on the endpoint.
if it doesn't need to be in a package in the source repo,
it shouldn't be there.
And we have been in a world where we're maximizing things.
We need to minimize.
We need to reduce the attack surface
to a point where the attack is not possible,
not get to the point where we're trying to defend
a growing attack surface.
And the other is baseline,
boring architecture.
We need to do identity
right, we need to do data, right,
we need to do scoping, right,
we need to do network segmentation, right,
we need to do recovery, BCP, right.
And these are hard things,
and we've been glossing, as an industry,
we've been glossing over them
with mitigating controls
and good enough and all of those.
There is no good enough anymore.
Because what we're doing
is even worse
than attackers using AI?
We're putting AI on top of broken mechanisms.
And so we're putting a nondeterministic engine on top of a broken deterministic architecture
that can go and do whatever it wants.
And our ability to control a non-deterministic engine is very, very low right now.
Until we get into the world where there is runtime security for the AI solutions that we provide to our customers,
there has to be very strong architectural guardrails on the bottom.
And if we put on an AI agent on bad identity infrastructure,
it will find a way through prompt injection,
through other means, through, I don't know,
to get to the data that he wants to get to
or the attacker wants to get to using our own bad infrastructure.
So completely agree with you.
there is in my mind a whole resurgence of being brilliant at the basics.
I want to end on hopefully a positive note.
You've written this book about what it takes to lead in this field long term.
You're watching everything that's going on with AI right now.
Is there anything that gives you confidence that defenders may come out ahead in this era?
Yeah, to steal a quote from Phil Venables, I'm a short-term pessimist, long-term optimist.
I think that the next couple of years are going to be either hilarious or daunting, depending on who you are.
But we, I think, in the end, this technology is so exciting that we're going to be able to do something that we've been trying to do for years and years and years unsuccessfully, which is to free up people to do people work and not to do manual labor tasks.
and we're going to have,
we're already at the deficiency
of the amount of people in the profession,
and people are burning out
because they need to handle incidents on day-by-day basis.
So copy-paste answers into questionnaires
or do third-party risk management things
that don't bring value but are part of the process.
And we're going to be able to automate a lot of these processes
and reduce the amount of time people are actually doing stuff
like von triage or incident triage
and have them work on the larger picture
that it's going to be much easier,
not easier,
it's going to be much more exciting
to be a security professional in two years
than it is right now
because you're going to work on big picture stuff
more than you are today.
And I think that that's exciting
and I think we will get ahead of the curve.
We need to adopt the technology
as fast as attackers, that will not happen.
So that's why we have two years of catching up.
I think we'll catch up.
The episode is called AI in the wrong hands,
and it's live now in your Threat Vector Feet.
Thanks for listening.
Stay secure.
Goodbye for now.
Be sure to check out the Complete Threat Vector podcast
wherever you get your favorite shows.
It's always my pleasure to welcome back to the show.
Tim Starks.
He is a senior reporter at CyberScoop.
Tim, welcome back.
Hi, Dave.
Really interesting article you've written here about this cybersecurity scholarship program,
which I feel like has kind of been through the ringer lately.
Can you unpack it for us?
What's going on?
Yeah, we can start with the ringer, the beginning of the ringer,
which is the scholarship service program, CyberCore,
is the government gives you scholarship funding,
and then you commit to work for them for a little while.
If you've been paying attention to the way things have been going with federal employment
of cybersecurity personnel lately, not been a lot of jobs.
The first shoot-a-drop on this was a few months back,
where I wrote about another other wrote about the way in which students that we spoke to
were really struggling to fulfill their side of the bargain.
They were worried about having to be left with debt.
So that was part one.
Then part two was SISA, when it was in a...
its funding lapse, canceling all summer internships that were related to the program.
Right.
That left them even fewer avenues for completing their commitment, the scholars who were
part of this program.
Now, they're just changing the program.
They're making it something else.
They're turning it into cyber AI SFS.
They're saying, if you're, you know, everybody who's going to be entering this program now
needs to demonstrate some AI capabilities as students, some proficient.
And while, you know, there was actually a dollop of good news, which we can get to in the,
and this a little later, this was bad news for some of the students who were like, well, wait,
where does this leave me? Because it explicitly said that people entering this program
without AI experience would be unemployable within the next two to three years.
So just to be clear here, you know, for our listeners' sake, like the people,
who entered this program in good faith, the deal that they were engaging with was that they would,
in exchange for agreeing to work for the federal government for X number of years, they would get
scholarship money to continue their studies. Is that a simple way to explain it? Perfectly accurate.
Yeah. So then the feds say, well, there aren't as many jobs as we thought there would be. In fact,
we're trying to cut a lot of jobs with things like Doge and other things have been going on with this administration.
And so that leaves the students without the opportunities,
but they're still on the hook to pay back the money if they don't find a job in the federal government.
Yeah, that's the gist of it.
Now, there has been talk of deferments as a way to deal with some of that or delays.
and people being able to fulfill this commitment within a certain amount of time.
But if you look at where the federal budget is going,
they're looking to cut SISA even further,
just as one avenue of working for the government.
They've lost lots of cyber jobs at lots of other agencies as well.
There's some talk of them trying to hire some people, you know,
from positions they've eliminated or people that they'd lost.
But how confident are you if you're in this program that,
that a one-year extension will do the trick, you're not terribly.
Yeah.
So then let's dig into this sort of change of direction here.
If I'm a student and I'm midway through my process here,
and again, in good faith, I've been studying cyber,
hoping to come out and enjoy my time with the federal government,
this is kind of a reset, right?
It is.
And so, you know, one of the things that the people who are in the program
were telling me this go-round were, where does this leave us on placements?
Like, are we, does this affect us?
you know, if we're unemployable, according to the program that we're in, if we're legacy,
there's the term they used, if we're legacy scholars and we're unemployable, are you going to do anything
to help us with some extra curriculum, with some extra coursework?
Now, you know, from the government standpoint, they say this shouldn't affect placements,
but, you know, the students haven't heard that from the agencies that are running the program
themselves, and they are skeptical for lots of reasons.
Yeah. Well, stay tuned on this one, hoping for the best for all those students.
Before I let you go, this story kind of slipped under my radar, so I wanted to catch up on it with you.
We've got a new person who's running things in the House Cybersecurity Committee,
the subcommittee on cybersecurity and infrastructure protection.
Yes, the new top Democrat is Delio Ramirez.
She's taking over for Eric Swalwell, who has had,
Some issues to say the leads?
One or two.
I think you could say he was probably an effective person in that position
before his troubles came to light.
So she stands to have the same potential to influence things.
She's going to be a new voice on cyber that we're hearing.
I think it'll be interesting to see, you know,
this is kind of a full turnover of the leadership of that committee
because on the Republican side, you know,
once Andrew Garberino became the full committee chairman,
they had to appoint so many new, and that was Andy Ogles.
But Andy, I don't want to use his first name like that,
like we're, you know, colloquial,
but Congressman Ogles has not quite yet demonstrated what his priorities are going to be.
He hasn't signaled, you know, much of what his focus is going to be.
You know, there was a hearing recently where she was there for the hearing longer than he was.
So I think if you look at where the leadership of this committee is, she has a chance to make a difference here, I think.
Yeah, I guess that's my question.
Is she in a position to really have some influence here?
The way that this committee is stacked and packed, can she matter?
I think so.
You know, the subcommittee prior to, actually for the last several iterations of the subcommittee with leadership changes,
It's been pretty bipartisan in its leadership.
I mean, not universally, but pretty bipartisan,
certainly by today's congressional standards.
Yeah.
And Andrew Garberino has had that style of leadership of the full committee in general.
So it's not like they're not moving Democrat bills
the way a lot of other committees just are ignoring them
and completely neglecting them and kind of shunning Democrats
and saying, we're not going to work with you.
She doesn't have a cyber background, per se,
but she has prior to this, despite being a relatively new lawmaker,
shown some zeal for these issues when talking in committee hearings,
getting into nitty-gritty of things like Microsoft's handling of Salt Typhoon.
So she's not someone who hasn't shown an interest in this.
She's shown an interest in it.
She's been particularly vocal on things like Doge and its elimination of people at these agencies.
I don't know if she can make as much of a difference there,
but if she wants to get her hand-sturdy legislatively,
I think there's room for her to do that.
and get into some nitty-gritty policy issues.
And maybe depending on how the Chairman Ogles is going to be running the committee,
I think she has a chance to make a difference, for real.
All right.
Well, that's good to hear.
We'll have links to both of the stories we talked about today in our show notes.
Again, Tim Starks is senior reporter at CyberScoop.
Tim, thanks so much for taking the time for us.
You're welcome. Thanks, thanks, Dan.
Most environments trust far more than they should, and attackers know it.
Threat Locker solves.
that by enforcing default deny at the point of execution. With Threat Locker Allow listing,
you stop unknown executables cold. With ring fencing, you control how trusted applications behave,
and with Threat Locker DAC, defense against configurations, you get real assurance that your
environment is free of misconfigurations and clear visibility into whether you meet
compliance standards. Threat Locker is the simplest way to enforce zero-trust principles without
the operational pain. It's power. It's power.
protection that gives SISO's real visibility, real control, and real peace of mind.
Threat Locker make zero trust attainable, even for small security teams.
See why thousands of organizations choose Threat Locker to minimize alert fatigue,
stop ransomware at the source, and regain control over their environments.
Schedule your demo at Threatlocker.com slash N2K today.
And finally, in a development that might qualify as occupational irony,
the ransomware as a service group known as the gentleman has itself been hacked,
with thousands of lines of internal chats and operational details spilled online.
The leak data reportedly includes discussions about compromised Fortinet credentials,
command and control tooling, EDR killer software,
and even recommended YouTube tutorials for sharpening ransomware skills.
Researchers at dinah risks say the chats provide a rare real-time look inside modern extortion operations,
complete with Bitcoin wallet addresses, infrastructure management, and debates over fake CVE scripts.
The gentleman emerged in 2025 and quickly built a reputation for aggressive tactics,
targeting healthcare, manufacturing, and critical infrastructure organizations.
Researchers say the group relied heavily on credential theft,
living off the land techniques, and careful reconnaissance before deploying encryption.
The leak exposes both the industrialization and the occasional fragility of modern ransomware operations.
Even cybercriminals, it seems, struggle with operational security.
And that's the Cyberwire, or link to the,
to all of today's stories, check out our daily briefing at thecyberwire.com.
We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights
that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show,
please share a rating and review in your favorite podcast app. Please also fill out the survey and
the show notes or send an email to Cyberwire at N2K.com. N2K's lead producer is Liz Stokes.
We're mixed by Trey Hester with original music and sound designed by Elliot Peltzman.
Our contributing host is Maria Vermazas.
Our executive producer is Jennifer Ibin.
Peter Kilpe is our publisher, and I'm Dave Bittner.
Thanks for listening.
We'll see you back here tomorrow.