CyberWire Daily - Eviction notice for Media Land.
Episode Date: November 20, 2025The US and allies sanction Russian bulletproof hosting providers. The White House looks to sue states over AI regulations. The US Border Patrol flags citizens’ “suspicious” travel patterns. Lawm...akers seek to strengthen the SEC’s cybersecurity posture. A new Android banking trojan captures content from end-to-end encrypted apps. A hidden browser API raises security concerns. Fortinet patches a zero-day. A Philippine former mayor gets life in prison for scam center human trafficking. Our guest is Cliff Crosland, CEO and Co-founder at Scanner.dev, discussing why security data lakes are ideal for AI in the SOC. Green energy gets hijacked for a blockchain side-hustle. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, we are joined by Cliff Crosland, CEO and Co-founder at Scanner.dev, discussing why security data lakes are ideal for AI in the SOC. Listen to Cliff's full conversation here. Selected Reading Russian bulletproof hosting provider sanctioned over ransomware ties (Bleeping Computer) White House drafts order directing Justice Department to sue states that pass AI regulations (Washington Post) Border Patrol is monitoring US drivers and detaining those with 'suspicious' travel patterns (Associated Press) Lawmakers reintroduce bill to bolster cybersecurity at Securities and Exchange Commission (The Record) Multi-threat Android malware Sturnus steals Signal, WhatsApp messages (Bleeping Computer) Hidden API in Comet AI browser raises security red flags for enterprises (CSO Online) Eternidade Stealer Trojan Fuels Aggressive Brazil Cybercrime (Infosecurity Magazine) Fortinet Patches Actively Exploited FortiWeb Zero Day Flaw (HIPAA Journal) Ex-Philippine mayor Alice Guo given life sentence for human trafficking (Reuters) Wind farm worker sentenced after turning turbines into a secret crypto mine (Bitdefender) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyberwire Network, powered by N2K.
From fishing to ransomware, cyber threats are constant, but with Nordlayer, your defense can be too.
Nordlayer brings together secure access and advanced threat protection in a single, seamless platform.
It helps your team spot suspicious activity before.
for it becomes a problem by blocking malicious links and scanning downloads in real time,
preventing malware from reaching your network.
It's quick to deploy, easy to scale, and built on zero-trust principles,
so only the right people get access to the right resources.
Get 28% off on a yearly plan at Nordlayer.com slash Cyberwire Daily with code Cyberwire-28.
That's Nordlayer.com slash Cyberwire Daily, code Cyberwire Daily, code Cyberwire Daily,
code Cyberwire dash 28.
That's valid through December 10th, 2025.
The U.S. and allies sanction Russian bulletproof hosting providers.
The White House looks to sue states over AI regulations.
The U.S. Border Patrol flagged citizens.
citizens' suspicious travel patterns.
Lawmakers seek to strengthen the SEC's cybersecurity posture.
A new Android banking Trojan captures content from end-to-end encrypted apps.
A hidden browser API raises security concerns.
Fortinette patches a zero-day.
A Philippine former mayor gets life in prison for scam center human trafficking.
Our guest is Cliff Crossland, CEO and co-founder at scanner.dev,
discussing why security data lakes are ideal for AI,
in the sock. And green energy gets hijacked for a blockchain side hustle.
It's Thursday, November 20, 2025. I'm Dave Bittner, and this is your Cyberwire Intel briefing.
Thanks for joining us here today.
It's great as always to have you with us.
The United States, United Kingdom, and Australia
announced new sanctions against Russian bulletproof hosting providers
that support ransomware gangs and broader cybercrime operations.
Bulletproof hosting providers lease infrastructure to threat actors
and ignore takedown requests,
enabling fishing campaigns, malware delivery,
command and control operations,
elicit content hosting,
and distributed denial of service attacks.
The U.S. Treasury's Office of Foreign Assets Control
designated Media Land and three affiliated companies,
noting the group's links to ransomware operations,
including LockBit, Blacksuit, and Play.
Three Media Land executives were also sanctioned,
with U.K. officials stating that, one, Alexander Velosovic, has worked with groups such as Evil Corps and BlackBasta.
OFAC additionally sanctioned ISA Group LLC, previously targeted in July, as well as HyperCore Limited and Related Support Entities.
Five Eyes Cybersecurity agencies issued accompanying guidance, urging defenders to use threat intelligence, traffic analysis, boundary filtering, and stronger customer.
verification. The sanctions freeze assets and expose intermediaries to secondary penalties.
The Trump administration is preparing an executive order that would direct the Justice Department
to sue states that pass laws regulating artificial intelligence, according to a draft reviewed
by the Washington Post. The move follows a failed Republican Senate effort to block state
AI rules amid concerns about risks to jobs, children, and energy consumption. The order argues that
state regulations interfere with interstate commerce, though legal experts say this likely exceeds
presidential authority. It would also create a federal task force to review state AI laws
and allow the Commerce Department to withhold broadband funding from states deemed out of line.
Trump continues to push for a single national AI standard,
though several Republican governors and lawmakers object to federal preemption.
The Associated Press reports that the U.S. Border Patrol is running a secretive surveillance program
that tracks millions of American drivers and flags suspicious travel patterns.
The system uses a vast network of license plate readers and algorithms to analyze where vehicles come from,
where they go and what routes they take.
Alerts lead to whisper or wall stops,
where local police pull drivers over for minor infractions,
then question and search them without revealing Border Patrol's role.
Cameras are often hidden in traffic equipment
and extend far beyond the traditional 100-mile border zone,
reaching deep into major metro areas.
Civil liberties experts say this mass data collection and pattern analysis
raises serious Fourth Amendment and free movement concerns.
A bipartisan pair of Georgia lawmakers, Democrat David Scott, and Republican Barry Loudermilk,
have reintroduced the SEC Data Protection Act of 2025 to strengthen the Securities and Exchange
Commission's cybersecurity posture. The bill would require the SEC to adopt modern
data protection protocols aligned with federal and national institutions.
of standards and technology best practices, create uniform policies for handling sensitive market
information, and improve internal accountability. The lawmakers say rising cyber attacks and recent
government breaches underscores the need for updated safeguards, warning that outdated frameworks
risk undermining trust in the U.S. financial system. The measure, which would take effect
one year after enactment previously stalled in 2020.
The SEC declined to comment.
A newly identified Android banking trojan named Sternus can capture content from
end-to-end encrypted apps like Signal, WhatsApp, and Telegram by reading messages
directly from the device screen after decryption.
Researchers at Threat Fabrics say the malware, still in development, but already fully
functional, targets European financial accounts using region-specific HTML overlays to steal
credentials.
Sturness supports full-device takeover through Android accessibility abuse and real-time
remote control via an AES-enc encrypted WebSocket VNC channel.
It spreads through malicious APKs designed as Chrome or Pre-Mix box apps, though its distribution
method remains unclear.
After installation, it establishes encrypted connections with its command and control server,
gains device administrator privileges, blocks removal attempts,
and can silently conduct actions such as transfers by hiding activity behind fake system update screens.
Elsewhere, researchers at Trustwave Spider Labs have identified a new Brazil-focused banking Trojan
called Eternidad Steeler that marks an escalation in the region's cybercrime activity.
The malware spreads through WhatsApp, using a Python-based worm to hijack accounts,
steal contact lists, and send personalized malicious messages.
An accompanying installer deploys a Delphi-built Steeler that activates only on systems
using Brazilian Portuguese and targets banking, fintech, and cryptocurrency apps
with credential harvesting overlays.
Eternidad also uses hard-coded email credentials
to retrieve fresh command and control details
via IMAP, improving resilience.
Additional scripts perform reconnaissance
and evade antivirus tools.
Researchers trace the infrastructure to interconnected domains,
observing more than 450 connection attempts
from 38 countries,
mainly from desktop systems,
despite the malware's Brazil,
centric design.
Researchers at SquareX have uncovered an undocumented system-level API inside the Comet
AI browser that allows its hidden embedded extensions to run arbitrary commands and launch
applications, bypassing protections enforced by mainstream browsers for more than a decade.
The custom MCP API, found in Comet's analytics extension, can be invoked directly from
perplexity.a.i and could be exploited through common techniques such as
compromised extensions, cross-site scripting, or phishing. Squarex demonstrated how
a spoofed extension used the API to execute want to cry on a device. Because
Comet conceals its embedded extensions, users cannot disable them, and
Squarex warns that other extensions may also gain access to the API.
Analysts say the finding reinforces Enterprise Reluctive
toward AI browsers and highlights the need for transparency,
independent audits, and user control.
A newly-patched Forta-Web Zero Day is being actively exploited
despite its medium CVS-6.7 rating.
The flaw allows authenticated attackers to execute unauthorized OS commands
via crafted HTTP requests or CLI input stemming from improper command neutralization.
Trend Micro's Jason McFadion discovered the issue, which affects multiple photo-web versions,
and fixes are now available.
It follows last week's silent patch of a separate critical Forta-Web path traversal flaw,
which allowed unauthenticated command execution and has also seen reported exploitation.
A Philippine trial court has sentenced former Bamban Mayor Alice Gwao to life imprisonment for
human trafficking, following a police raid that uncovered a scam center employing hundreds of
trafficked foreign and local workers. Authorities later identified Guao, who had run for office as a
Filipino citizen, as Chinese national Guao Huo Ping. The presidential anti-organized crime
commission called the ruling both a legal and moral victory. Seven others were also convicted,
and the facility was ordered forfeited to the state.
Guao removed from office in 24 and captured in Indonesia after fleeing Senate hearings
faces additional charges including graft and money laundering.
Her case has intensified national scrutiny of Chinese-linked criminal activity
and the now-banned Philippine offshore gaming operators sector.
Coming up after the break, Cliff Crosland from scanner.dev discusses why security data lakes are ideal for AI in the sock,
and green energy gets hijacked for a blockchain side hustle. Stick around.
At TALIS, they know cybersecurity can be tough and you can't protect everything.
But with TALIS, you can secure what matters most.
With TALIS's industry-leading platforms, you can protect critical applications,
data and identities, anywhere and at scale with the highest ROI.
That's why the most trusted brands and largest banks,
retailers, and health care companies in the world rely on TALIS to protect what matters most.
Applications, data, and identity.
That's Talis. T-H-A-L-E-S.
Learn more at talusgroup.com slash cyber.
Ever wished you could rebuild your network from scratch to make it more secure, scalable, and simple?
Meet Meter, the company reimagining enterprise networking from the ground up.
Meter builds full-stack zero-trust networks, including hardware, firmware, and software, all designed to work seamlessly together.
The result? Fast, reliable, and secure connectivity without the constant patching, vendor-juggling, or hidden costs.
From wired and wireless to routing, switching, firewalls, DNS security, and VPN, every layer is integrated and continuously protected in one unified platform.
And since it's delivered as one predictable monthly service, you skip the heavy capital costs and endless upgrade cycles.
Meter even buys back your old infrastructure to make switching effortless.
Transform complexity into simplicity and give your team time to focus on what really matters, helping your business and customers thrive.
Learn more and book your demo at meter.com slash cyberwire.
That's M-E-T-E-R-com.com.
Cibrewire.
Cliff Crossland is CEO and co-founder at scanner. Dev.
And in today's sponsored industry voices conversation,
we discuss why security data lakes are ideal for AI in the SOC.
The most common way that people construct data lakes is to store significant amounts of messy-ish data.
in object storage buckets.
So this might be like AWSS3 or Azure blob storage
or Google Cloud storage buckets.
It's just basically storage locations
that can scale forever
and they tend to interact with this data
with various kinds of SQL-based engines.
That's the most common way to query this data.
But yes, data lakes,
the most common way that the people build their data lakes
is to build them on top of object storage.
And so when we're talking about AI,
and its ability to improve the lives of people in the SOC,
how do these two things cross paths?
Yes, it's super interesting.
So we found that more than half of our customers
are building agentic AI workflows on top of their data lakes
and on top of many other tools for all of their SECOPs responsibilities
just to speed things along.
No one is fully removing people from the workflows,
but they are finding a tremendous amount of value,
in speeding up things like
investigations when an alert
is triggered
by having a data lake
that's easy to access
with a huge amount of data
just way easier to get lots of data
into a data lake than into a traditional
SIM, then the
agents can go and pull in rich
context from many different sources.
So AI together with data lakes
we think is really the future
of doing
sec ops investigations and diving
into log data. There's just a lot of
power and having access to more and more log sources and more historical data, too, going back
not just a few weeks, but months or years, to do like a deep dive threat hunt. It's super
cool. Well, can we dig into some of the details here? I mean, when somebody has this sort of thing
up and running, how does it work? Yes. So what folks tend to do is their first cut at building a
data lake, it tends to be using a SQL-based tool, like maybe it's Apache Press
or Amazon Athena is very common
in our world. We're very AWS-focused.
But what they
will do is they will then
use different kinds of
SDKs that interact with
MCP servers. So model context
protocol. It's very cool.
And then they will use that to go
and interact with their data lake
and interact with different security
tools that they have. So like a very
concrete example might be something like an alert
lands from something like Amazon
Guard duty. And then the agent
will then go and pick up
the ticket that got created in Jira
and then we'll go do an investigation
in the data lake. It might ping
some other tools. It might write up
a little summary in Slack and write some comments
in the Jira ticket. And then it might also
do something cool like
open a pull request in
the team's GitHub repository
to tweak like some code
or maybe a detection rule that they have
in there. And then humans can kind of review
everything that it just did. The code
review, the change that it's making against the code, they'll go and review the comments that
are being added to the ticket. So it can be very cool. If your data link is working well for you
and you've done the work to make it fast, it can be a very cool source of additional rich
context for agents to use when they're doing investigations. Now, my understanding is that
query speed in particular is really critical for enabling these AI agents. Can you unpack that
for us? Why does that matter?
Yes, it is really interesting.
So this is a common theme that we run into and why people come and talk to us is when they are trying to use Amazon Athena or Presto to go and query a data lake, sometimes the query will run for hours.
And then the agentic workflow just doesn't work.
It's just sitting there constantly pinging over and over again, waiting for a query to return.
And so what you really want, if you want an agent to do a good job at doing an investigation,
quickly on an alert that comes in, you want your data lake to be really fast to go and query.
We really are obsessed with what the future of data lakes looks like. We think data lakes are
just going to get faster and faster. And this common complaint about data lakes being slow,
that's going to go away over time. It's getting easier to do data engineering on like traditional
data lakes to make them faster to query with like Apache iceberg and parquet formats and
so on. But there are also other cool things going on, like being able to support full-text search,
just even on the messiest of log data and getting results back rapidly. That's something that
we are super excited about. As data lakes get faster, it'll just be easier and easier for agents
to rapidly investigate incidents, like do detection engineering on your behalf and speed up
everyone's job in the sock.
You know, years ago when AI was just starting to become the hot thing, along with machine learning,
of course, I remember reading an article, and it was about the state of a computer's ability
to play chess against humans.
And they were talking to a chess grandmaster, and they were saying that, you know,
humans can play against the machine, the machine can play against another machine, but really
the human combined with the AI was the best chess.
test player in the world. And that combination was hard to beat. Is my understanding correct that
you all have done some testing on this internally and you're finding similar sorts of results?
Yes. We definitely think that, I mean, we could be wrong as like artificial general intelligence
or artificial superintelligence lands on the scene in a decade if we're lucky. I don't know if that's
really going to happen. But maybe at that point, the AI can just take over the job. But it was really
interesting. There was some research done at Stanford that showed that doctors actually by using
AI, that the AI does better on its own rather than doctor plus AI at doing diagnosis for a certain
kind of like symptom evaluation testing that they were doing, which was surprising. And so
in our minds, we thought, wouldn't it be really cool to see if AI can do the job of a SOC
analyst better than humans can by themselves or even humans plus AI?
The interesting thing that we found there is that human plus AI together does far better.
There are a couple of different interesting findings.
One is that it just seems to be that there is a lot more medical data out there for foundation models to train on, like millions of research papers.
And so it makes sense that they're good at diagnosing medical problems.
But in cybersecurity, the false negative rate, that's the scary thing.
If a true positive alert, if a real threat is present in your log data and you're under attack,
and the agent doesn't find it and thinks everything is peachy, that is scary, and that was
very common with AI running entirely by itself. But what we found to be really effective was
AI and humans working together where a human can kind of just use their judgment to nudge the AI along
and iterate together on an investigation report,
like in an artifact that they can continue to develop together.
So, like, the AI will do a first stab in the investigation.
A human can say, you totally, like, missed something over here.
You mentioned it, but you didn't really deep dive.
Go dive deeply into this weird data exfiltration.
Like, what is happening there?
Why are there so many downloads from an S3 bucket in the logs?
And then the AI will often say, like, wow,
you're right. This is actually really bad. Let me like go dive more deeply into this. But the cool thing is, instead of a human taking hours to piece, to like write queries, to dig through logs, you can really just start to use your intuition, your judgment as a person and as a security practitioner to just come up with great ideas for the AI to go and explore. And then there's this really fast translation between the messy data, the deep like heart.
to understand obscure data sources
and then insights from it.
So we think together humans
and AI are awesome
and in our own testing
the false positive rate
got a lot better when humans were involved
but also the false negative
rate was a lot better. Humans were like
we're better at being maybe a little
paranoid and nudging the AI along in the right direction.
How do you go about
dialing in the degree
to which the humans
are having oversight over the AI?
Yes. This is really tricky. I think what you want is you want an AI agent and like a bunch of agentic workflows to make your life easier. You don't want to have to micromanage them. And so it could be a challenge if you have hundreds or like maybe even thousands of alerts being triggered per day. So if you don't want to have to go and do a deep dive review on every single response that your agent is making to these alerts. But what you, but what is really,
effective is to keep humans in the loop, but then to do things like let the AI give you a batch
understanding, like a global understanding of the patterns of those hundreds of alerts and then
surface the highest priority things for you to go review. We don't think it's time to let agents
go and make a final call on really important investigations and do things like
immediately change your code. We think and change your detections.
We think instead, if it can open up a poll request for humans to review,
if it can add comments for humans to review,
and then humans can just like click accept or approve
or dive deeply into the details if they want to.
It can really speed people along.
So, yes, it is a challenge.
I think, like, if you can get your detections to be tuned,
to reduce your alerts to something that is reviewable,
like maybe dozens of alerts a day,
that that can be wonderful.
And we actually find that AI agents are really helpful
in helping you tune your detections to remove the noise
and giving you ideas for how to reduce the false positive rate.
So, yeah, I think, like, you kind of need to get your alerts under control
and then only have a volume at which humans can afford to go and review
what the agents are doing and what their investigation conclusions are.
Yeah, it strikes me that approaching it this way, maybe it's an opportunity for your humans in the loop to stay sharper because they're not being, they don't have that grunt work of like, as you said, you know, going through so much data manually, they're able to apply their intuition where it really matters.
Yes. There was a, there was a fun interview with Ali Mellon who talked about how in the future, the SOC analyst,
like the low-level SOC analyst role is going to evolve and it will become more about detection
engineering together with an AI. And we definitely see that. It's really fun to watch with our
users. They will build workflows where if an alert is really noisy, an AI will do an initial
attempt at writing a code to change the detection rule, to make it less noisy, to reduce the
false positive rate, humans can review. And then it's just so much more fun than going and manually
triaging dozens or hundreds of alerts per day. You can just use your high-level judgment,
your creative ideas to look at, instead of getting into the weeds and into the details on every
single alert that happens, you can guide and shape almost like managing agents to write code for you
and get a lot of great work done
and clean up your detections,
tune them better.
Yeah, we see a lot of people
instead of just trusting
the out-of-the-box detections
from their SIM
or their security data lake tool,
they will customize and tune
hundreds of detections
from their vendor
to be more appropriate
to their business context.
And they can only do that
because AI is helping them
speed that along.
They're not doing it all by hand.
They're just doing code review,
and maybe giving the agent feedback and maybe tuning the code a little bit more.
But, yeah, I completely agree that it helps people be sharper, see,
and focus on better, more high-leverage projects.
It's exciting.
What are some of the things that you and your colleagues have learned along the way?
You know, in terms of having your own unique approach to this,
the things that you believe differentiates you from other folks who are out there doing this?
Yes, I think what's going to happen is all of the efforts that a lot of organizations are going to
try to do data engineering to get all of their data and their data lake to conform to a common
schema. That's not going to be important anymore. In the future, instead of every single one of
your 50 log sources, you have to get to conform to a schema like OCSF. Instead, tools are going to be
very good at handling messiness.
And that's something that our tool at scanner we really care about is
logs can be very messy.
And because of the way that we're approaching running queries and analyzing data
and data leaks is about embracing the messy and text-based nature,
deeply nested JSON, like schemelous nature of logs in security,
it just makes it much easier to gather,
many different log sources together.
You don't need to do as much engineering work
to get them to conform to a common schema.
But it's really critical that that data be fast to search through
so that the agent can actually make progress.
So, yeah, we're excited about adopting many of the same ideas
that you see in tools like Lucene or Elasticsearch
building like an inverted index,
but making that inverted index extremely friendly to data lakes and data lake scale and object storage,
that allows you to go and execute very, very fast searches over massive data sets
without doing a significant amount of data engineering to get your data to conform to a particular schema.
Just let the logs come in as they may and be messy.
And then what the future looks like is gathering more and more log source.
resources cheaply in data lakes and an object storage and then letting agents do the really cool
fuzzy sorts of correlations and searching across them to do deep dives and powerful investigations.
So yeah, we're excited about that. We think that that is the direction things will go in
with object storage and data leaks in the future is more and more friendliness to unstructured
and semi-structured data and faster and faster search across that data.
That's Cliff Crossland, CEO and co-founder at scanner.dev.
in place. Maybe are my vendors secure? Or the one that really keeps you up at night? How do I get
out from under these old tools and manual processes? That's where Vanta comes in. Vanta automates the
manual works, so you can stop sweating over spreadsheets, chasing audit evidence, and filling out
endless questionnaires. Their trust management platform continuously monitors your systems,
centralizes your data, and simplifies your security at scale. And it fits right into your workflows.
Using AI to streamline evidence collection, flag risks, and keep your program audit ready all the time.
With Vanta, you get everything you need to move faster, scale confidently, and finally, get back to sleep.
Get started at Vanta.com slash cyber. That's V-A-N-T-A-com slash cyber.
At Desjardin, we speak business. We speak starting.
up funding and comprehensive game plans.
We've mastered made-to-measure growth and expansion advice, and we can talk your ear-off
about transferring your business when the time comes.
Because at Desjardin business, we speak the same language you do, business.
So join the more than 400,000 Canadian entrepreneurs who already count on us, and contact
Desjardin today.
We'd love to talk, business.
And finally, Nordex.
wind turbines were built to power communities, though one technical manager apparently believed
they should also bankroll his crypto ambitions. While the company was still recovering from a
Conti ransomware attack, he slipped three mining rigs into a substation and hid two helium nodes
inside the turbines themselves, treating critical infrastructure like a very large, very noisy
piggy bank. From August through November 22, his setup quietly siphoned energy until Nordex discovered
that its clean power was moonlighting as a blockchain side hustle. A court later noted he showed
no concern about interfering with equipment that keeps thousands of homes running. The judge
rewarded this creative misuse of renewable energy with 120 hours of community service and more than
8,000 euros in damages.
It is, if nothing else, a gentle reminder that insider threats are alive and well,
and that even in the age of green tech, not every watt is yours to monetize.
And that's the CyberWire.
For links to all of today's stories,
check out our daily briefing at thecyberwire.com.
We'd love to know what you think of this podcast.
Your feedback ensures we deliver the insights
that keep you a step ahead
in the rapidly changing world of cybersecurity.
If you like our show,
please share a rating and review
in your favorite podcast app.
Please also fill out the survey in the show notes
or send an email to Cyberwire at N2K.com.
N2K's senior producer is Alice Carruth.
Our Cyberwire producer is Liz Stokes.
We're mixed by Trey Hester with original music by Elliot Peltzman.
Our executive producer is Jennifer Ivan.
Peter Kilpe is our publisher, and I'm Dave Bittner.
Thanks for listening.
We'll see you back here tomorrow.
At the National Post, we don't just report the news.
We dive into the stories that shape Canada and the world.
From politics to pop culture, we question, we investigate,
and we bring you insights with a fresh perspective.
This Black Friday, get our best deal of the year.
Just $12 for an entire year of unlimited digital access.
Subscribe now at Nationalpost.com.
That's nationalpost.com slash Spotify.