CyberWire Daily - Cyber solidarity on the chopping block.
Episode Date: October 23, 2025CISA Layoffs threaten U.S. cyber coordination with states, businesses, and foreign partners. Google issues its second emergency Chrome update in a week, and puts Privacy Sandbox out of its misery. Ope...nAI’s new browser proves vulnerable to indirect prompt injection. SpaceX disables Starlink devices used by scam compounds. Reddit sues alleged data scrapers. Blue Cross Blue Shield of Montana suffers a data breach. A new Android infostealer abuses termux to exfiltrate data. Iran’s MuddyWater deploys a wide-ranging middle east espionage campaign. We’re joined by Lauren Zabierek and Camille Stewart Gloster discussing the next evolution of #ShareTheMicInCyber. When customer service fails, try human resources. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Lauren Zabierek and Camille Stewart Gloster, as they are discussing the next evolution of #ShareTheMicInCyber. Selected Reading CISA’s international, industry and academic partnerships slashed (Cybersecurity Dive) Google releases emergency security update for Chrome V8 Engine flaw (Beyond Machines) Google officially shuts down Privacy Sandbox (Search Engine Land) OpenAI defends Atlas as prompt injection attacks surface (The Register) SpaceX disables more than 2,000 Starlink devices used in Myanmar scam compounds (The Record) Reddit Accuses ‘Data Scraper’ Companies of Theft (The New York Times) Blue Cross Blue Shield of Montana under investigation for data breach (NBC Montana) Infostealer Targeting Android Devices (SANS ISC) Iranian hackers targeted over 100 govt orgs with Phoenix backdoor (Bleeping Computer) This Guy Noticed A Data Breach With A Company But Couldn’t Get Them To Respond, So He Infiltrated His Way Into An Interview To Drop The News (TwistedSifter) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyberwire Network, powered by N2K.
Are you ready for AI in cybersecurity?
Demand for these skills is growing exponentially for cybersecurity professionals.
It's why Comptia, the largest vendor-neutral certification authority, is developing SEC AI Plus.
It's their first ever AI certification focused on artificial intelligence and cybersecurity
and is designed to help mid-career cybersecurity professionals demonstrate their competencies with AI tools.
And that's why N2K's SEC AI Plus practice exam is coming out this year to help you prepare for this certification release in 2026.
To find out more about this new credential and how N2K can help you prepare today,
check out our blog at certify.
cybervista.net slash blog.
And thanks.
At TALIS, they know cybersecurity can be tough, and you can't protect everything.
But with TALIS, you can secure what matters most.
With TALIS's industry-leading platforms, you can protect critical applications,
data and identities, anywhere and at scale with the highest RR.
That's why the most trusted brands and largest banks, retailers, and health care companies in the world rely on TALIS to protect what matters most.
Applications, data, and identity.
That's TALIS.
T-H-A-L-E-S.
Learn more at talisgroup.com slash cyber.
CISA layoffs threaten U.S. cyber coordination with states, businesses, and foreign partners.
Google issues its second emergency Chrome update in a week and puts privacy sandbox out of its misery.
OpenAI's new browser proves vulnerable to indirect prompt injection.
SpaceX disables Starlink devices used by scam compounds.
Reddit sues alleged data scrapers.
Blue Cross Blue Shield of Montana suffers a data breach.
A new Android Info-Stealer abuses Termux to exfiltrate data.
Iran's muddy water deploys a wide-ranging Middle East espionage campaign.
We're joined by Lauren Zabrick and Camille Stuart Gloucester discussing the next evolution of Share the Mic in Cyber.
And when customer service fails, try human resources.
It's Thursday, October 23rd, 2025.
I'm Dave Bittner, and this is your Cyberwire Intel briefing.
Thanks for joining us here today.
It's great to have you with us.
The east wing of the White House isn't the only thing.
Trump administration is taking a wrecking ball to. The president has effectively shuttered the
cybersecurity and infrastructure security agency's stakeholder engagement division, a key unit
responsible for coordinating cybersecurity improvements with state, local, private, and international
partners. Sweeping layoffs in mid-October cut nearly all 95 staff, leaving only the sector
management unit intact. The move eliminates three vital offices, council management, strategic
relations, and international affairs, disrupting SISA's partnerships with critical infrastructure
operators, academic institutions, and foreign governments. Experts warn the cuts will erode trust,
reduce situational awareness, and weaken collaboration mechanisms essential for defending sectors
such as health care, energy, and telecommunications.
Former White House cybersecurity advisor Michael Daniels said
the downsizing risks leaving SISA blind to certain threats and trends.
Industry and government officials described the cuts as dangerous,
potentially isolating the U.S. from global cyber allies
and depriving defenders of shared intelligence and expertise.
Sissa said the restructuring was meant to realize,
line the agency's mission.
Google has issued its second emergency Chrome update in a week,
patching a high-severity flaw in the browser's V8 JavaScript engine.
The vulnerability was discovered by Google's AI-driven research project, Big Sleep.
Details remain undisclosed until most users update.
The fix appears in the latest version across Windows, Mac, Linux, and Android.
users can trigger the update manually via Chrome's About Google Chrome Settings page to ensure immediate protection.
Elsewhere, Google has officially ended its long-delayed privacy sandbox project,
abandoning plans to replace third-party cookies with privacy-focused ad technologies.
The company will retire 10 remaining sandbox APIs,
citing complexity, poor adoption, and regulatory pressure,
Google will instead maintain cookies alongside limited privacy tools like chips and FedCM.
The move restores short-term ad stability, but highlights the industry's continued lack of viable privacy-safe alternatives.
OpenAI's new Atlas browser has been found vulnerable to indirect prompt injection,
a technique where malicious instructions hidden in web content trick AI agents into uneneges.
intended actions. Brave Software's report this week confirmed the flaw as a systemic problem
across AI-powered browsers like Perplexities Comet and Felu. While Atlas resisted some tests,
researchers still demonstrated successful injections using Google Docs, prompting Atlas to output
manipulated text. OpenAI acknowledged the risk, calling prompt injection an unsolved security problem,
despite red-teaming, safety guardrails, and detection systems.
Experts warn that the threat undermines data confidentiality and integrity with no perfect fix yet.
Experts urge stronger downstream security and human oversight.
OpenAI maintains Atlas remains experimental and is refining protections for safer AI browsing.
SpaceX has disabled more than 2,000 Starlink.
satellite devices used by scam compounds in Myanmar after mounting pressure from politicians
and anti-trafficking advocates.
Lauren Dreyer, SpaceX's vice president of business operations, said the company proactively
shut down over 2,500 kits near suspected scam centers and is cooperating with global law enforcement.
The move follows reports that Starlink had enabled Internet access for cybercrime operations
near the Thai border, despite previous government crackdowns.
Thai and U.S. officials, including Senator Maggie Hassan,
had urged Elon Musk to prevent Starlink's use in human trafficking and large-scale fraud.
Myanmar authorities recently seized dozens of Starlink devices in a raid
that detained over 2,000 people at a major scam complex.
While some operations have been disrupted, reports suggest new compounds
continue to emerge despite ongoing enforcement.
Reddit has filed a lawsuit against four companies,
SERPAPI, OxyLabs, AWM Proxy, and Perplexity,
accusing them of illegally scraping Reddit content via Google search results
and selling it to AI developers like OpenAI and meta.
Reddit seeks a permanent injunction, damages, and a ban on using scrape data.
The company argues that AI firms are fueling a data laundering economy by exploiting its user-generated content without compensation.
While SERPAPI and perplexity deny wrongdoing, Reddit says it spent millions building anti-scraping defenses and even trapped perplexity with a hidden test post to prove its case.
The lawsuit underscores rising tensions between data owners and AI companies as content-rich-rich-pocket.
platforms move to license data rather than give it away. Reddit already has paid deals with Google
and OpenAI. Blue Cross Blue Shield of Montana is under investigation after a data breach exposed
personal and medical information for up to 462,000 residents. The breach spanning November 24 through
March of this year may have compromised names, addresses, and billing data. State auditor James
Brown called the incident deeply disturbing and launched an immediate probe, criticizing the insurer
for failing to notify customers or provide credit monitoring. Officials urge Montanans to monitor
benefit statements and report suspicious activity. Sands researcher Xavier Mertens has uncovered an
infostealer that uses Termux on Android to run Python, harvest contacts, messages,
location, app data, and banking-related files, and exfiltrate them via telegram.
The samples scored a zero out of 64 on virus total and includes Vietnamese comments, the researcher
reports.
The malware calls termux utilities and scans mapped storage paths for Facebook, WhatsApp, media,
and banking file names.
It installs a persistent backdoor script
that periodically logs location data
and sends information using a telegram-bought token.
The finding shows Android can be a vector
for info-stealers traditionally focused on Windows,
elevating risks to confidentiality
and integrity of user data.
Iranian state-sponsored hacking group Muddy Water,
also known as Static Kitten, Mercury, and Seed
worm, has targeted over 100 government entities across the Middle East and North Africa
using version four of its Phoenix back door, according to a new report from Group I.B.
The campaign began August 19th with phishing emails sent from a compromised account
accessed via NordVPN. Attached word documents contained malicious macros that deployed
the fake update loader, which decrypted and installed Phoenix Version 4. The new version
version features enhanced persistence through calm objects and supports commands for file
upload, download, and shell execution. Researchers also found an infostealer targeting
Chrome, Edge, Opera, and Brave browsers for credentials. Muddy Water additionally leveraged the
PDQ and Action One RMM tools for remote control. Most victims were embassies, consulates,
and foreign ministries
signaling continued
Iranian cyber espionage operations.
Coming up after the break,
Lauren Zabrick and Camille Stuart Gloucester
have the latest on Share the Mic in Cyber.
And when customer service fails,
try human resources.
Stay with us.
What's your 2 a.m. security worry? Is it, do I have the right controls in place? Maybe are my vendors secure? Or the one that really keeps you up at night? How do I get out from under these old tools and manual processes? That's where Vanta comes in. Vanta automates the manual work so you can stop sweating.
over spreadsheets, chasing audit evidence, and filling out endless questionnaires. Their trust
management platform continuously monitors your systems, centralizes your data, and simplifies your
security at scale. And it fits right into your workflows, using AI to streamline evidence
collection, flag risks, and keep your program audit ready all the time. With Vanta, you get everything
you need to move faster, scale confidently, and finally get back to sleep.
Get started at Vanta.com slash cyber.
That's V-A-N-T-A-com slash cyber.
And now a word from our sponsor.
The Johns Hopkins University Information Security Institute
is seeking qualified applicants
for its innovative Master of Science in Security Informatics
degree program.
Study alongside world-class international.
disciplinary experts and gain unparalleled educational research and professional experience in
information security and assurance. Interested U.S. citizens should consider the Department of Defense's
Cyber Service Academy program, which covers tuition, textbooks, and a laptop, as well as providing a
$34,000 additional annual stipend. Apply for the fall 2026th semester and for this scholarship by February 28th.
Learn more at c.j.j.j.edu slash MSSI.
the next evolution of that initiative.
Well, Camille, Lauren, it's so great to have both of you back.
We go back quite a ways with Share the Mic and Cyber.
Before we dig into some of the exciting changes that you're going to share with our audience today,
can we look back at some of the history of this initiative?
Camille, let me start with you.
Yes. First of all, thanks for having us.
Share the Mic and Cyber started in 2020.
It was launched to respond to an urgent need.
from the cyber community to be a collaborator, an ally, an open ecosystem that welcomed all members
of the cyber community in response to the tragedies, the murders that were happening in the black
community. And it started with a social media campaign where allies were giving their platforms
to black practitioners and an exchange of dialogue and insights on how different communities were
experiencing the cyber ecosystem became very clear and really honed this robust community
that we have continued to cultivate and grow. And one of the things that was most exciting to
Lauren and I is that everyone that came to it brought something. We started a scholarship fund
because Rachel Tobac from Wisp said, oh, well, I want to help figure out how folks get the
training and the resources they need. There was a cyber base, which was a
a database of diverse talent that got created out of our street because Tatiana Bolton was there.
We had a number of senior leaders across cyber give their time and talent, whether it was to
lead a session or to engage in one of the campaigns. And our goal is always to be responsive
to the needs of the moment. And so it evolved to a fellowship that we partnered with New
America on. And that fellowship really focused on research, both in the technical spaces and in the
policy space, with some professional development for mid-career talent. And we spent the last three
years focused on those candidates who came through the fellowship, as well as continuing to hone
the original community. Lauren, you've been involved with this really from the get-go. What
motivated you to share your time with this program? At that moment in 2020, I remember when I was
serving as the executive director of the Cyber Project at the Belfare Center, it really struck me
that I now had a platform. And to me, that also came with a lot of responsibility. And so when I
saw what was going on, but then when I also saw this example of Share the Mic Now, that I think both
Camille and I had seen on Instagram and at that point, Twitter, where prominent women in
media, entertainment, and politics were sharing their platforms with black women in those
industries that weren't getting the recognition that they deserved. And so I saw that and I thought,
oh my gosh, this could really work, I think, in the cybersecurity community. And at the same time,
Camille was having the same thoughts. And, you know, I love our story.
because I saw her post on Twitter and then I slid into her DMs and I was like,
hey girl, what if we did this? And literally in the next two weeks, this amazing campaign was born.
And then also I'd be remiss if I didn't mention Caitlin Ringrose, who also reached out and wanted
to build something too. So what the beautiful thing about this is that it was so grassroots. And as Camille said,
so many people came together to build this.
And we had five campaigns, five social media campaigns.
And at the height, I remember, we had over 100 million impressions on Twitter, right?
We had Congresswoman Lauren Underwood speak.
We had former CISA director, Jen Easterly, share her platform,
but former NSA Cyber Director Rob Joyce.
share his platform. Dave, you shared your platform. We just got so many people in the community
to come together and uplift the voices of these black cyber professionals that hadn't gotten
this recognition. And then, of course, what came out of that were things like new jobs and new
opportunities and, I think, most importantly, new connections. Well, five years is a long time,
and yet it seems like just yesterday that you all were spinning this up.
But you have some exciting new information to share with our audience.
What's the latest?
So essentially we are closing the chapter on the fellowship at New America.
And first, let me just say, how proud of the work that we've done there.
You know, we work together with Peter Singer at New America.
he kind of came in super early and, you know, helped us with this idea and to hone it.
And then we brought in our project manager, Bridget Chan, who really took this idea and brought it to life.
And so over three years, we worked with and supported 21 different fellows in their research.
And it really sparked, I think, and Camille thinks as well, these meaningful conversations that ultimately, I proved our founding.
thesis, which is that diverse voices strengthen cybersecurity and national security. And some of those
topics that came out, so we actually just released a paper yesterday that really focused on
the rise of youth cybercrime and, you know, why that is. And then some interventions that go,
you know, that don't necessarily veer into, say, traditional law enforcement. So what are some
other interventions that people can take.
But other things that we've published,
you know, look at the human impacts of augmented virtual reality devices,
brain computer interfaces,
artificial intelligence, kind of nutrition labels,
legal frameworks for civilian cybercore,
and then even the gendered impacts of cyber incidents.
So what happens to the people who do the most care in society
when those services are actually disrupted.
And so, yeah, Camille, I'd love for you to jump in, too,
and provide some thoughts on the impact that the fellowship made
and how we saw it.
Yeah, I mean, the incredible policy and operational frameworks,
the in-depth research, but you kind of captured that.
But I want to make sure to mention the professional development we saw.
Most of our fellows had very little exposure to public speaking or to media.
Some have been on your show, they've been on other podcasts, they've gotten opportunities to speak at conferences and to share their research in new venues and spaces.
We've seen them get new jobs and their work join larger initiatives.
And so we're really proud of what we were able to build and demonstrate the innovation that comes from elevating, including different lived experiences and perspectives.
right? Those new takes, those cutting edge takes on some of the challenges our industry has been
facing are going to have long-term impact. And so we're grateful for that time. We came into it
knowing that we had fundraised for three years. And so that time is ending now, which is crazy
to think that we spent three years last going into people. But now we're going to think about,
We thought about what would need to happen to meet this moment.
And based on what we've observed and the shifts in the industry and the shift in the industries that cyber practitioners serve, we really want to focus on cyber threat intelligence.
We want to refine and hone the skill set of understanding how Intel informs policy, how Intel informs operations and really help practitioners transition into that space if they want to or in the space that there is.
in, leverage that to be a stronger practitioner.
There has long been somewhat of a disconnect there.
And so we partnered with the Cyber Threat Alliance with Michael Daniel and supported by CAS
Strategies to launch the Share the Mic and Cyber Catalyst Fellowship for Cyber Intelligence.
So we're really excited about that.
And more information to come on how to apply, but we want to put it out there because
this is kind of returning to our grassroots roots.
routes, and we are pulling this together with community members. They will host the professional
development sessions. They will host some of the other content that goes into investing in the
fellows while CTA and the member companies will collaborate with these fellows to produce analytic
products and host webinars and things like that. Yeah, and I'll say from my perspective, too, that I'm
particularly excited about this. Obviously, I've been very excited about the other iterations,
too, as someone who's, you know, into cyber policy and things like that. But going back to my
roots, as a former intelligence analyst, as someone who is literally on the front lines, developing
actionable insights and information to drive operations, this is actually really cool. So
I'm super excited about it. And we hope that the rest of the community is really excited about
it and, you know, might offer their support, whether it's financial support. We would love
if any companies or individuals are interested in supporting this initiative, but also if you
have skills that you want to share with the community, such as analytic tradecraft in writing,
things like that, so that we can really just pour this development into the fellows in order to
help them with say job transitions or growing in their current careers because that's the whole
point of this is to help people and you know especially in this particular environment well i think
it's fair to say that the need is as great as ever as as you mentioned camille this particular
moment brings its own particular challenges and i wish you both the best and glad to be a continued
part of it. Thank you so much, Dave. That's Lauren Zabrick and Camille Stewart Gloucester from Share
the Micke in Cyber. We'll have a link to their organization in the show notes.
into the trip of a lifetime.
That's the powerful backing of Amex.
Pre-sale tickets for future events
subject to availability and varied by race.
Terms and conditions apply.
Learn more at amex.ca.orgia slash Yannex.
And finally, in a move equal parts mission impossible
and petty genius, a TikTok user named Colonel Dump
shared how he discovered a company's data breach
and when no one at customer service would listen, he applied for a job there.
After breezing through multiple interviews, he finally sat down with the chief information security officer
who cheerily asked what drew him to the company. His answer? The dark web alert showing his data
from their site for sale. He wasn't there for the paycheck. He was there to deliver the breach notice
in person. Then he declined the job.
Cybersecurity might be an arms race, but sometimes it takes one determined applicant to remind a company that defense in-depth should include answering your emails.
For links to all of today's stories, check out our daily briefing at thecyberwire.com.
We'd love to know what you think of this podcast.
Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity.
If you like our show, please share a rating and review in your favorite podcast app.
Please also fill out the survey in the show notes or send an email to Cyberwire at n2K.com.
N2K's senior producer is Alice Carruth.
Our Cyberwire producer is Liz Stokes.
We're mixed by Trey Hester with original music by Elliot Peltzman.
Our executive producer is Jennifer Ibin.
Peter Kilpe is our publisher, and I'm Dave Bittner.
Thanks for listening.
We'll see you back here tomorrow.
Cyber Innovation Day is the premier event for cyber startups,
researchers and top VC firms building trust into tomorrow's digital world.
Kick off the day with unfiltered insights and panels on securing tomorrow's technology.
In the afternoon, the eighth annual Data Tribe Challenge takes center stage.
as elite startups pitch for exposure, acceleration, and funding.
The Innovation Expo runs all day, connecting founders, investors, and researchers around
breakthroughs in cybersecurity.
It all happens November 4th in Washington, D.C.
Discover the startups building the future of cyber.
Learn more at cid.d. datatribe.com.
Thank you.