CyberWire Daily - Dial M for malware.
Episode Date: October 30, 2025A Texas telecom confirms a nation-state attack. A global outage disrupts Azure and Microsoft 365 services. Malicious npm packages steal sensitive data from Windows, Linux, and macOS systems. Hackt...ivists have breached multiple critical infrastructure systems across Canada. Major chipmakers spill the TEE. TP-Link home routers fall under federal scrutiny. Cloud Atlas targets Russia’s agricultural sector. Israel’s cloud computing deal with Google and Amazon allegedly includes a secret “winking mechanism.”The FCC tamps down on overseas robocalls. Mike Anderson, from Netskope, discusses why CIOs should think like HR leaders when considering Agentic AI. Danes Draw the line at digital doppelgängers. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Mike Anderson, Netskope’s Chief Digital and Information Officer, to discuss why CIOs must think like HR leaders when considering Agentic AI. Selected Reading US company with access to biggest telecom firms uncovers breach by nation-state hackers (Reuters) Huge Microsoft outage hit 365, Xbox, and beyond — deployment of fix for Azure breakdown rolled out (Tom's Hardware) Malicious NPM packages fetch infostealer for Windows, Linux, macOS (Bleeping Computer) Canada says hacktivists breached water and energy facilities (Bleeping Computer) New physical attacks are quickly diluting secure enclave defenses from Nvidia, AMD, and Intel (Ars Technica) U.S. agencies back banning top-selling home routers on security grounds (The Washington Post) Cloud Atlas hackers target Russian agriculture sector ahead of industry forum (The Record) Revealed: Israel demanded Google and Amazon use secret ‘wink’ to sidestep legal orders (The Guardian) FCC adopts new rule targeting robocalls (The Record) Denmark to tackle deepfakes by giving people copyright to their own features (The Guardian) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyberwire Network, powered by N2K.
Risk and compliance shouldn't slow your business down.
Hyperproof helps you automate controls, integrate real-time risk workflows,
and build a centralized system of trust so your teams can focus on growth, not spreadsheets.
From faster audits to stronger stakeholder confidence,
hyperproof gives you the business advantage of smarter compliance.
Visit www.hyperproof.io to see how leading teams are transforming their GRC programs.
A Texas Telecom confirms a nation state attack,
A global outage disrupts Azure and Microsoft 365 services.
Malicious NPM packages steal sensitive data from Windows, Linux, and MacOS systems.
Pactivists have breached multiple critical infrastructure systems across Canada.
Major chipmakers spill the T.P. Link home routers fall under federal scrutiny.
Cloud Atlas targets Russia's agricultural sector.
Israel's cloud computing deal with Google and Amazon allegedly includes a secret winking mechanism.
The FCC tamps down on overseas robocalls.
Our guest is Mike Anderson from Netscope,
discussing why CIOs should think like HR leaders
when considering agentic AI.
And Danes draw the line at digital doppelgangers.
It's Thursday, October 30th, 2025.
I'm Dave Bittner, and this is your Cyberwire,
Entail Briefing.
Thanks for joining us here.
It's great to have you with us.
Hackers linked to an unnamed nation state
infiltrated the network of ribbon communications
and remained undetected for nearly a year,
the Texas-based telecom company confirmed,
Ribbon disclosed in an SEC filing that attackers gained access in December 24 and were discovered only last month.
The breach affected three small customers, and while investigators found no evidence that sensitive or government data was compromised,
several older customer files were accessed.
Ribbon said it has hardened its network and continues working with outside experts.
The incident underscores growing risks to telecom provides.
that support government and critical infrastructure clients,
with researchers warning that such firms have become high-value espionage targets.
The company has not identified the nation-state involved.
Yesterday, Microsoft suffered a widespread global outage
disrupting Azure and Microsoft 365 services
after an Azure front-door configuration change triggered a DNS failure.
The disruption prevented customers, including healthcare,
organizations and critical infrastructure operators from accessing portals like Azure, Intune,
and Exchange.
Authentication failures locked many employees out of company networks with reports of downtime
from sectors including transportation and government.
Microsoft initially blamed a DNS issue, later confirming an inadvertent configuration change
as the root cause.
Engineers blocked further updates, rolled back systems to a stable state, and
and rerouted traffic to healthy infrastructure.
Early this morning, Microsoft confirmed mitigation and recovery.
The outage follows a recent AWS DNS failure,
emphasizing ongoing fragility in cloud service dependencies.
Ten malicious NPM packages impersonating popular software libraries
were found stealing credentials and sensitive data from Windows, Linux, and MacOS systems.
Researchers at Socket said the fake packages uploaded July 4th
used typo squatting and multiple obfuscation layers to evade detection,
amassing nearly 10,000 downloads.
Upon installation, a hidden post-install script
launched an obfuscated loader that displayed a fake captia
before downloading a 24-Mabyte information stealer
built with Pi installer.
The malware targeted browser data,
system key rings, SSH keys, and authentication tokens,
exfiltrating them to an attacker-controlled server.
Despite being reported, the malicious packages remain live on NPM.
Developers who installed them are urged to remove infections
and rotate credentials immediately.
The Canadian Center for Cybersecurity has warned
that hacktivists have breached multiple critical infrastructure systems
across Canada, manipulating industrial controls and creating potentially dangerous conditions.
Recent incidents affected a water treatment plant, an oil and gas company, and a grain facility,
disrupting operations and triggering false alarms. Authorities say these opportunistic attacks
sought publicity and public distrust rather than causing physical damage. The warning highlights
the risk of exposed industrial control systems like PLCs and SCADA devices.
Organizations are urged to restrict internet access to ICS components, enforce VPN and
multi-factor authentication, and follow national cybersecurity readiness goals.
Though no severe damage occurred, officials warn the incidents exposed serious vulnerabilities
in Canada's critical infrastructure.
A new hardware-based exploit known as T-Fail has broken key protections in trusted execution
environments, that's T, from Intel, AMD, and Nvidia, technologies that safeguard confidential
data in cloud, AI, and blockchain systems. Researchers showed that by inserting a small device
between a memory chip and motherboard, and with kernel-level access, attackers can defeat
trusted execution environments within minutes. The flaws stem from deterministic encryption,
which allows repeated cipher text patterns exploitable for replay attack.
Despite chipmaker's claims of secure enclaves,
all exclude physical attacks from their threat models,
leaving widespread misconceptions about their guarantees.
The findings reveal that even low-cost physical attacks
can compromise T's across industries,
exposing sensitive workloads once thought secure.
Experts warn organizations to reassess reliance on T's
for private computation, especially in untrusted or remote environments.
More than half a dozen U.S. federal agencies have supported a Commerce Department proposal
to ban sales of T.P. Link home routers, citing national security concerns over the company's
ties to China. The Interagency Review, backed by Homeland Security, Defense, and Justice,
concluded that T.P. Link Systems' U.S. products could still be influenced by Chinese
government directives through its former parent T.P. Link technologies. T.P. Link disputes the claim,
saying it's a fully American company with independent operations. If enacted, the ban would
affect over one third of U.S. home routers, marking one of the largest consumer tech
prohibitions in history. The proposal remains under Commerce Review amid U.S. China trade tensions,
With critics warning, TP-linked devices could expose sensitive U.S. data or be manipulated through software updates.
State-backed hacker group Cloud Atlas has launched a new cyber espionage campaign targeting Russia's agricultural sector ahead of a major industry forum in Moscow.
Researchers at F6 say attackers used fishing emails disguised as official event materials to exploit an old Microsoft office flaw.
The campaign mirrors previous Cloud Atlas attacks on Russian agro and defense entities,
showing continued use of outdated vulnerabilities and social engineering.
Active since 2014, Cloud Atlas remains a persistent espionage threat across Eastern Europe.
In 2021, Israel secured a $1.2 billion cloud computing deal,
Project Nimbus, with Google and Amazon, that included a secret,
winking mechanism to discreetly alert Israel if its data was handed to foreign law enforcement,
the Guardian reports. According to leaked government documents, the system used coded payments tied to
country dialing codes, enabling Israel to detect data disclosures despite gag orders. The contract also
prohibits Google and Amazon from restricting Israel's access to cloud services, even over human rights
concerns. Israeli officials designed the arrangement to protect data sovereignty and ensure
uninterrupted access amid global scrutiny of its use of cloud technology in military operations.
Legal experts say the mechanism could breach secrecy laws in the U.S. or other jurisdictions.
Both companies deny evading legal obligations or breaching international law. The deal highlights
Israel's extensive control over its government and military data
and raises questions about tech firms' accountability in global surveillance.
The FCC has approved a new rule expanding caller ID requirements
to curb the surge in robocalls, especially those originating overseas.
The measure broadens the definition of caller identity information,
mandates providers to verify caller names, and requires alerts when calls.
come from abroad or misuse U.S. area codes.
Providers must also display verified caller names and additional data, such as logos or call purposes.
Officials say the rule enhances transparency and may help deter fraudulent international calls.
Coming up after the break, Mike Anderson from Netsko,
discusses why CIOs should think like HR leaders
and Danes draw the line at digital doppelgangers.
Stick around.
At TALIS, they know cybersecurity can be tough
and you can't protect everything,
but with TALIS you can secure.
what matters most. With Talis's industry-leading platforms, you can protect critical applications,
data and identities, anywhere and at scale with the highest ROI. That's why the most trusted brands
and largest banks, retailers, and healthcare companies in the world rely on Talis to protect what
matters most. Applications, data, and identity. That's Talis. T-H-A-L-E-S. Learn more at
talusgroup.com slash cyber.
What's your 2am security worry?
Is it, do I have the right controls in place?
Maybe are my vendors secure?
Or the one that really keeps you up at night,
how do I get out from under these old tools and manual processes?
That's where Vanta comes in.
Vanta automates the manual.
work so you can stop sweating over spreadsheets, chasing audit evidence, and filling out
endless questionnaires. Their trust management platform continuously monitors your systems,
centralizes your data, and simplifies your security at scale. And it fits right into your
workflows, using AI to streamline evidence collection, flag risks, and keep your program audit ready
all the time. With Vanta, you get everything you need to move faster, scale confidently, and
finally get back to sleep. Get started at vanta.com slash cyber. That's v-a-n-ta-com
slash cyber.
Mike Anderson is chief digital and information officer at Netscope. I recently got together with him
to discuss why CEOs should think more like HR leaders when considering agentic
If you think about our traditional generative AI that we've got today, you know, it's all prompt-based.
We have users that are prompting something to occur.
And it's usually, you know, a question or a very long question with lots of guidance on how to answer things.
And what we're starting to see now with agentic is more agency where there's a, in a lot of ways, it's an AI front-ending a workflow.
So I have a typical process, business process that I would have followed.
I have an agent that's frontends that workflow that has a natural language interface to it.
And it's like asking a coworker to go do something for me, but within the guardrails of a specific task.
And so when I think about agentic AI and where we where we are today, that's really, you know, how I think about agentic.
We, I think we're probably a couple years away from kind of the, what I would say is true agency where the agent just wakes up and says,
hmm, let me go do some work today, where it has the agent.
agency to work like your typical employee without direction.
I think we're not quite there yet.
I think in the next couple of years, maybe sooner,
with the pace of change that's happening, we'll get there.
But I think what's probably further out is that super AI ability,
where it has the ability to think independently like a human would,
where it has that kind of super agency.
I think we're probably a few years out from that occurring.
That's kind of the sky net that we all kind of get worried about when we think about
AI.
Yeah.
Well, you've made the point that security professionals might approach this from the point of view of HR leaders, maybe borrow some elements from them.
Yeah, I mean, if I think about an employee and we think about agents, you know, if we think about a lot of the work that is being automated with the AI today, it's a lot of the very task-oriented work.
If we think in the cyber world, it could be a sock analyst.
There's a lot of focus there today from industry to go build automation and agents around the sock.
analyst to go automate all the work, looking for the, do some of the hunting in the incident
research. So a lot of that's being automated. If we think about IT, it's the service desk,
help desk type roles. How do I use agents to supplement that? If you think in the consulting
world, it's the research, research analyst going to do all the research work. If you think in
the law firm, it's the paralegals that are pulling things together. That's where, you know,
you see things like Harvey, where a lot of law firms using today to build
their own AI around that they stand behind.
So when we think about this from an HR standpoint,
we wouldn't just hire that entry employee and say,
okay, good luck.
You know, we would have guardrails.
We would probably,
we're going to restrict what access they have.
So if they have access to an HR system,
if they're someone that's writing job descriptions,
we wouldn't give them full carte blanche access to our workday environment
to go in and see everyone's salaries in the company.
We would probably have some restricted access.
And so as we start thinking about agents, we have to think about this just the way we wouldn't employ.
We wouldn't give an employee super admin rights to our systems, and nor should we do that with AI either.
That's a really interesting insight.
It also makes me wonder about, you know, anyone who has hired an assistant, you go through that transitional period where maybe at first it takes more work to get them up to speed than the time that they're saving you.
So is that a peril here with getting an agentic AI up to speed as well?
Yeah, absolutely.
I think it's a great example, too.
If you think about, you know, assistant where they start to learn your travel preferences,
which airlines you like to fly, what kind of hotels you like to stay in, where do you like
to book dinners, you know, those are all preferences.
They learn over time.
How much time?
How do you manage your time and do time management?
They learn kind of what your personal, they'll help you a lot, but they also learn
your personal preferences.
I think that's a great example.
And when I think about it in the context of agentic, I think you end up having the agent that is your travel planner.
You have your agent that you're planning your dinners and booking your dinners.
You have the agent that is, you know, helping you manage your calendar.
So I think what we have today is, you know, to get to that assistant is going to be the coordination of multiple agents to drive the outcome or the role of my assistant that helps me every day.
And I suppose each of those assistants would have their own set of restrictions and
guard rails dependent on the potential peril that each of them presents?
Absolutely.
I mean, if you're thinking about travel, you have travel policies you have to operate within.
So those are some guardrails you would have.
So they may go search and find the different options and no based on your preferences.
You know, you prefer, you know, one airline utility program over another.
So, you know, all things being equal, pick that one over this one, which are all, a lot of
the things that, you know, you would do today if I log into our travel booking tool.
It's going to present me options.
It doesn't book the one automatically, but it presents them to me.
It may present the ones that I favor as a preference first.
But ultimately, the AI may do all the work for you.
And may come back to you with the options, just like your assistant does and says,
hey, here's three options for your flight based on your preferences.
Which one do you want to book?
I think that'll be our first step.
And then at some point you go, you do a pretty good job recommending options to me.
So I'm going to make you autonomous.
And I think that's, you know, we'll see that happen over time.
Is that more autonomous?
but they're still going to be the human in the loop.
But I think if, you know, the person that supports me today,
she brings options to me.
Sometimes she just books it.
And then sometimes she brings options.
And that's because she knows me.
I think that's the, I think we're going to be on that same journey with Agentic as well.
You know, I'm reminded that there was an old chestnut at this point, you know,
from the earlier days of computing.
You'd see people would have a sign on their office wall that said,
to air is human, but to really screw up requires a computer.
And I think part of what that joke speaks to is velocity
and that a computer can do so much more,
so much faster than a computer.
How much is that velocity aspect a concern here?
I think with any technology, that's a concern.
I think a lot of people automatically have a problem.
They jump to what technology is out there that can solve my problem for me.
And the problem isn't really the technology.
that there's a lack of a process or understanding what the process should be and documentation
of that process.
And so if you go layer technology, even AI on top of a bad process, you just get to the same
bad outcome faster.
So I think you need to have an outcome-oriented thinking around the problem.
And then basically make sure you really understand what is the current process we have today.
And then how can AI reinvent or rethink that process to get to the same outcome you really
want, which ideally is a good outcome versus a bad.
outcome. And again, a lot of times people race to apply technology to something when there's a
broken business process and it's not really delivering the outcome I want. They think it's going
to change the outcome and all it does is get you to the bad outcome faster. What's your opinion
on how quickly people should be adopting these sorts of things? Is there, how much do you think
the risk of being left behind is a real thing compared to your competitors, for example?
I think we have to be doing a lot of people say we're testing AI we have tons of use cases
you know if I consider on any any roundtable with peers that's what they say
I think there are areas today where we know there are use cases we know deliver value
that we can that we can go after so I think those are the ones that you know we should be
investing in today right to the ones I talk about like IT how do you automate IT how do you
help on the support side how do you help on some of the content marketing aspects you know those are some of the how do you help on research for sales reps those are very easy ones that i think
have been proven out to have a lot of value associated to them but then it's you start to get into some more advanced use cases now and i think that
if you aren't placing some bets now there's a there's a great book a guy named john rossman wrote a book called the amazon way he just released another book called big bet leadership
And one of the concepts there is basically, if you don't make a bunch of, you know,
what would be big bets, but in small ways along your journey,
then you're going to be making bet the company bets later.
And so when I think about AI, if you're not placing at least some small bets or, you know,
a series of, you know, what could be big bets in the future, I think you are going to be
at a disadvantage.
And so if I think about the world today, we think about how Uber disrupted the taxi industry.
in that world or the executive limousine area and how that whole got transformed with Uber,
you know, there's going to be some of these new tech companies that don't have the legacy
baggage, you're going to move very quickly. And if you aren't placing those bets, you may be
the taxi business in the future that's being disrupted by Uber. And so I think that's the,
I think that's the risky run of just standing on the sideline and not doing some testing
and placing some bets. That's Mike Anderson from Netsco.
And finally, Denmark has decided it's time to stop letting AI borrow people's faces, voices, and dignity without permission.
In what it claims is a European first, the Danish government plans.
to rewrite copyright law
so that everyone legally owns their own face,
and presumably their own bad hair days too.
Culture Minister Jacob Engels Schmidt
declared the law will send a clear message.
Humans are not open-source material.
The proposal, backed by nearly all MPs,
would give citizens the right to demand removal
of deepfakes and digital impersonations.
Parody and satire remain safe.
Engel Schmidt warned that if
platforms fail to comply, fines will follow, and he's even eyeing Europe's chair for
inspiration sharing. Denmark, it seems, is politely but firmly telling AI, hands off the humans.
And that's the CyberWire.
For links to all of today's stories,
check out our daily briefing at thecyberwire.com.
We'd love to know what you think of this podcast.
Your feedback ensures we deliver the insights
that keep you a step ahead
in the rapidly changing world of cybersecurity.
If you like our show,
please share a rating and review
in your favorite podcast app.
Please also fill out the survey in the show notes
or send an email to Cyberwire at n2K.com.
N2K's senior producer is Alice Carre
Ruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music by
Elliot Peltzman. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher,
and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow.
Cyber Innovation Day is the premier event for cyber startups, researchers, and top VC firms
building trust into tomorrow's digital world.
Kick off the day with unfiltered insights and panels on securing tomorrow's technology.
In the afternoon, the eighth annual Data Tribe Challenge takes center stage as elite startups
pitch for exposure, acceleration, and funding.
The Innovation Expo runs all.
all day, connecting founders, investors, and researchers around breakthroughs in cyber security.
It all happens November 4th in Washington, D.C.
Discover the startups building the future of cyber.
Learn more at cid.d. datatribe.com.