CyberWire Daily - Ghost students “haunting” online colleges.
Episode Date: June 11, 2025Patch Tuesday. Mozilla patches two critical FireFox security flaws. A critical flaw in Salesforce OmniStudio exposes sensitive customer data stored in plain text. The Badbox botnet continues to evol...ve. AI-powered “ghost students” enrolling in online college courses to steal government funds. Hackers steal nearly 300,000 vehicle crash reports from the Texas Department of Transportation. ConnectWise rotates its digital code signing certificates. The chair of the House Homeland Security Committee announces his upcoming retirement. Our guest is Matt Radolec, VP of Incident Response, Cloud Operations & SE EU from Varonis, wondering if AI may be the Cerberus of our time. Friendly skies…or friendly spies? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, we have Matt Radolec, VP of Incident Response, Cloud Operations & SE EU from Varonis, sharing insights on AI: The Cerberus of our time. You can hear Matt’s full interview here. The State of Data Security: Quantifying AI’s Impact on Data Risk report from Varonis reveals how much sensitive data is exposed and at risk in the AI era. Learn more and get State of Data Security Report. Selected Reading Microsoft warns of 66 flaws to fix for this Patch Tuesday, and two are under active attack (The Register) Microsoft slows Windows 11 24H2 Patch Tuesday due to a 'compatibility issue' (The Register) ICS Patch Tuesday: Vulnerabilities Addressed by Siemens, Schneider, Aveva, CISA (SecurityWeek) Firefox Patches Multiple Vulnerabilities That Could Lead to Browser Crash (Cyber Security News) Salesforce OmniStudio Vulnerabilities Exposes Sensitive Customer Data in Plain Text (Cyber Security News) CISO who helped unmask Badbox warns: Version 3 is coming (The Register) How Scammers Are Using AI to Steal College Financial Aid (SecurityWeek) 300K Crash Reports Stolen in Texas DOT Hack (BankInfoSecurity) ConnectWise rotating code signing certificates over security concerns (Bleeping Computer) House Homeland Chairman Mark Green’s departure could leave congressional cyber agenda in limbo (CyberScoop) Airlines Don't Want You to Know They Sold Your Flight Data to DHS (404 Media) Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the CyberWire Network, powered by N2K.
We've all been there.
You realize your business needs to hire someone yesterday.
How can you find amazing candidates fast?
Well, it's easy.
Just use indeed.
When it comes to hiring, Indeed is all you need.
Stop struggling to get your job post noticed.
Indeed's Sponsored Jobs helps you stand out and hire fast.
Your post jumps to the top of search results, so the right candidates see it first.
And it works.
Sponsored jobs on Indeed get 45% more applications than non-sponsored ones.
One of the things I love about Indeed is how fast it makes hiring.
And yes, we do actually use Indeed for hiring here at N2K Cyberwire.
Many of my colleagues here came to us through Indeed.
Plus, with sponsored jobs there are no subscriptions, no long-term contracts.
You only pay for results.
How fast is Indeed?
Oh, in the minute or so that I've been talking to you, 23 hires were made on Indeed, according
to Indeed data worldwide.
There's no need to wait any longer.
Speed up your hiring right now with Indeed.
And listeners to this show will get a $75 sponsored job credit to get
your jobs more visibility at indeed.com slash cyber wire. Just go to indeed.com slash cyber
wire right now and support our show by saying you heard about indeed on this podcast. Indeed.com
slash cyber wire. Terms and conditions apply. H hiring indeed is all you need.
We've got notes on Patch Tuesday.
Mozilla patches two critical Firefox security flaws.
A critical flaw in Salesforce OmniStudio exposes sensitive customer data stored in plain text.
The bad box botnet continues to evolve. AI-powered ghost students enrolling in online college
courses steal government funds. Packers nab nearly 300,000 vehicle crash reports from
the Texas Department of Transportation, ConnectWise rotates its digital code signing certificates,
the chair of the House Homeland Security Committee announces his upcoming retirement, our guest
is Matt Rataleck, VP of Incident Response and Cloud Operations at Varonis, wondering if AI may be the Cerberus of our time,
and friendly skies or friendly spies.
It's Wednesday, June 11, 2025. I'm Dave Bittner and this is your CyberWire Intel Briefing.
Thanks for joining us here. It's great to have you with us.
This month's Patch Tuesday rolled out with a bang.
Microsoft released fixes for over 60 vulnerabilities, including one actively exploited zero day,
nine critical severity issues covering remote code execution and privilege escalation, and
around 56 other patches addressing memory corruption, information leaks, and more.
One headline grabber, a WebDAV0 day actively exploited in the wild, dubbed a top priority
fix.
Other high-risk patches include a public SMB client privilege escalation and several office
component heap overflow and use-after free bugs, all teed up for urgent deployment.
However, the rollout hit a snag for some Windows 11 users.
Microsoft throttled its own June cumulative update due to a compatibility issue with a
limited number of devices.
The company assures admins a revised version with all security fixes would be released
by the end
of the day.
In a rare move, they paused the full-scale deployment, a reminder that even well-tested
updates can misfire in production.
Beyond OS and Office, the industrial realm isn't off the hook either.
Siemens, Schneider Electric, Aviva, and CISA released critical advisories this
week in support of OT infrastructure. Siemens' standout fix plugs a glaring flaw, default
admin credentials in the G5 digital fault recorder that could let remote attackers hijack
recording equipment. Schneider and Aviva have joined in with their own mitigations, closing loopholes
before they can be weaponized.
Mozilla has released a Firefox update to patch two critical security flaws that could crash
the browser or allow hackers to run malicious code.
The first flaw involves memory corruption in Firefox's Canvas rendering system.
If triggered by specially crafted web content, it could let attackers exploit memory issues
and compromise browser stability.
The second flaw is an integer overflow in Firefox's JavaScript engine, specifically
in the ordered hash table structure.
This could lead to heap buffer overflows and similar risks when handling JavaScript-heavy
websites.
Both vulnerabilities are rated high severity, with CVSS scores over 8.
Mozilla urges users and enterprise admins to update immediately via the built-in updater
or Mozilla's website to protect against potential exploitation.
A critical flaw in Salesforce OmniStudio
exposes sensitive customer data stored in plain text,
affecting thousands of organizations.
The vulnerability stems from misconfigurations
in OmniStudio's data pipeline,
allowing input fields to bypass encryption.
Simple API requests can exploit the flaw,
which impacts key components like FlexCard and Omniscript.
Healthcare, finance, and retail sectors
are particularly at risk,
with exposed data including names,
social security numbers, and payment info.
About 15% of implementations show signs of the flaw,
often due to disabled advanced security settings.
App Omni researchers found that weak or missing encryption
in data transmissions between components
leads to GDPR, CCPA, and HIPAA compliance risks.
The issue enables potential privilege escalation and identity theft.
Organizations are urged to audit configurations and enforce encryption until patches are issued.
Badbox 2.0, a botnet infecting millions of low-cost Android smart devices is evolving toward a new wave of fraud, according
to Gavin Reed, CISO at Human Security.
First uncovered in 2022 by Reed's team, Badbox used backdoored firmware to spread malware
across streaming boxes, projectors, and infotainment systems.
Despite takedowns by Human Security, the FBI, and others, Badbox
resurfaced in 2025 with more advanced tactics.
Reid and VP of Threat Intel Lindsay Kay report that attackers have shifted from ad fraud
to residential proxy services, exploiting real user IPs for attacks like DDoS and data theft.
A new malware variant uses rotating command and control domains to evade detection.
With continued demand for cheap, insecure Android devices,
Reed warns that Badbox 3 is likely on the horizon.
Financial aid fraud is on the rise, fueled by identity theft and AI-powered ghost students
enrolling in online college courses to steal government funds.
Criminals use stolen personal data to apply for grants and loans, often enrolling in community
colleges where low tuition means more aid goes directly to students. In 2024 alone, California colleges reported 1.2 million fake applications,
leading to over 223,000 suspected fraudulent enrollments
and at least $11.1 million in unrecoverable aid.
Victims often learn about the fraud only after seeing credit score drops or loan notifications.
Clearing their names can take years.
To combat the trend, the U.S. Education Department now requires ID verification for new aid applicants.
However, federal staffing cuts may undermine efforts to detect and prevent these increasingly sophisticated scams.
to detect and prevent these increasingly sophisticated scams. Hackers accessed a compromised user account to steal nearly 300,000 crash reports
from the Texas Department of Transportation.
The stolen data included names, addresses, drivers licenses, insurance policy numbers, and license plates.
Although not legally required, the agency notified affected individuals after detecting
unusual activity on May 12.
The compromised account was disabled and security measures are being enhanced.
The department advises victims to file taxes early and stay alert for suspicious emails
or messages related to vehicle crash data.
ConnectWise is rotating its digital code signing certificates for ScreenConnect, Automate,
and RMM tools after a third-party security researcher raised concerns about potential
misuse of configuration data.
The issue involves how the ScreenConnect installer handles certain settings, which
could be exploited by threat actors with system-level access. While ConnectWise states this action
is not linked to any security breach, including a recent nation-state attack, it is also releasing
updates to improve configuration handling. The certificates issued by Digicert were initially set to be revoked on June 10, but the deadline
was extended to June 13 to allow time for updates.
On-prem and cloud users must update builds to avoid service disruptions.
Cloud users will receive automatic updates but should verify their agents are current.
Representative Mark Green, a key advocate for cybersecurity and chair of the House Homeland
Security Committee, announced his upcoming retirement, potentially shifting the landscape
for cyber legislation.
Green prioritized cyber workforce development and the reauthorization of the 2015 Cybersecurity
Information Sharing Act,
which expires in September. His departure could delay or complicate progress on these initiatives.
Possible successors include Representative Michael McCall, a past chair and cyber policy veteran,
and Representative Clay Higgins, who also has a cybersecurity focus.
The committee says it will maintain cyber as a top priority,
with increased responsibility likely falling to Representative Andrew Garbarino,
who leads the cybersecurity subcommittee.
Green is leaving for a private sector role after a final vote on a domestic policy bill.
The fate of key cyber programs remains uncertain in his absence.
Coming up after the break, my conversation with Matt Radelek from Varonis, wondering if AI may be the Cerberus of our
times.
And friendly skies or friendly spies?
Stay with us.
Hey everybody, Dave here.
I've talked about DeleteMe before, and I'm still using it because it still works.
It's been a few months now and I'm just as impressed today as I was when I signed
up.
DeleteMe keeps finding and removing my personal information from data broker sites, and they
keep me updated with detailed reports so I know exactly what's been taken down.
I'm genuinely relieved knowing my privacy isn't something I have to worry about every
day.
The DeleteMe team handles everything.
It's the set it and forget it piece of mind.
And it's not just for individuals.
DeleteMe also offers solutions for businesses, helping companies protect their employees'
personal information and reduce exposure to social engineering and phishing threats.
And right now, our listeners get a special deal, 20% off your DeletMe plan.
Just go to JoinDeletMe.com slash N2K and use promo code N2K at checkout.
That's JoinDeletMe.com slash N2K, code N2K. And now, a word from our sponsor, ThreatLocker. Keeping your system secure shouldn't mean constantly reacting to threats.
Threatlocker helps you take a different approach by giving you full control over what software can run in your environment.
If it's not approved, it doesn't run. Simple as that.
It's a way to stop ransomware and other attacks before they start without adding extra complexity to your day.
See how ThreatLocker can help you lock down your environment at www.threatlocker.com. Matt Rataleck is VP of Incident Response and Cloud Operations at Varonis.
In today's sponsored industry voices conversation, we wonder if AI may be the Cerberus of our
time.
AI is kind of all the same thing, right?
Like, the idea that we're going to use some combination of either models or learning that's taking place
on a particular data set.
And there are three main things
we're all trying to do with it.
One is we wanna get the business gains
and we wanna leverage it to level up our businesses
or make us more productive or better as humanity.
So that's one head of the dog.
But then squared right next to it is how do we
as like security professionals
use it for defense. But next to that one is how does an attacker use it against us? And
so there's really these three ways that we have to look at AI all the time as security
practitioners, when a lot of the world is really only looking at it one way. A lot of
the world is thinking about how do I get business gains from it? And so to them, AI is like Pandora's box.
Whereas to a security practitioner, we have to see all three heads of the dog.
Well, I mean, let's continue that metaphor as a security practitioner.
How do you make it so that those three heads of the dog are able to coexist?
Some of the basic stuff like understanding where and how your organization is leveraging
AI. And I think one growing concern for people is that
Apps that they purchased before are now getting AI embedded in them
And so something that they already bought that maybe they already did the terms and conditions with
Released a new AI feature that they didn't realize was maybe using their data in a training set
So this like concept of like an an inventory of where you have data
and how it's being used has never
been more paramount than today.
You need to know with every kind of SaaS or PaaS application
or even cloud storage that you're using,
how is the data that you're exchanging with it being
processed, stored, and transmitted,
and is it being used to train an AI model,
whether it's localized to your tenant
or a part of that
vendor's larger learning.
So I think that's one aspect of it.
I think the second piece of it is endorsing it
for your business.
I find there are still some security practitioners
and security pros that are hesitant to kind of push
their business to go all in with it.
But I think it's like a survive or die
type of environment
where you need to be using AI or your competitors are going to be using it before you.
And then you should be partnering with people that have it as well.
And these are all ways that you can, like, on the lower risk side,
get a handle on what and how your organization is leveraging artificial intelligence,
but then also get a handle on how your security teams can benefit from it while staying educated
about how attackers are using it.
Do you have a certain amount of empathy,
or dare I say, you know, sympathy for folks in security
who feel a little overwhelmed by all of this?
That, you know, they're trying to turn those knobs
to make sure that the business gets the best benefit,
but at the same time, they see the potential risks that are there.
I mean, yeah, I have empathy for those people, but this is just cloud 2.0 in a lot of ways.
Didn't we just do this 10 years ago?
What was I on a podcast and talking about adoption of the cloud and whether you were
going to use Box or whether you're going to use S3 object storage,
and we were talking about rapid elasticity
and the benefits of cloud, and the resilience of cloud,
and new data sharing agreements.
And is this really fundamentally that different?
Well, so the notion is that the time for questioning
whether or not this is going to be a thing is over.
Yeah, it's not only over, but if you're in the mindset of this is going to be difficult,
I don't know how I'm going to weather this storm, what about what comes next?
Cloud file sharing services was first. Cloud containerization like Kubernetes
and moving your workloads out of your data centers
into just-in-time Kubernetes clusters.
That was five years ago, three years ago for a lot of companies right now.
And now we're talking about using agentic AI instead of having a call center.
The risk has just changed.
Where you store process and store the data and how the data is put at risk, it's just moved again.
And so it's inevitable that it's going to move again,
that it's going to happen again.
There's going to be another in five or 10 years from now,
another major technological breakthrough
that makes us all have to re-question our security program.
Maybe it's going to be quantum, right?
That makes us all have to question our security programs
and adapt our security programs.
But I think we as senior professionals to use your own language is we have to have empathy and sympathy for
our businesses. We have to usher that change in. And I think what AI really represents
is the need to have good underlying like fundamental data security.
So what are your recommendations then for the people who are trying to get their arms
around this trying to get ahead rather than playing catch-up. What sort of words of wisdom do you have?
I think the first one is you got a lot of data to protect, right?
And so you could think of I'm gonna try to protect all of it all the time or you could also
I have a saying aim small that comes from the precision marksmanship community. Like if you aim small you might miss small and
You should try to protect the really important stuff first.
You can get a grasp around like your intellectual property or your customer data or your employee
data, you know, mergers and acquisitions information.
If you can focus on that really, really high value data asset, figure out where it is,
where it's put at risk, what AI is using it, if any, and then make a decision about it, you'll learn a lot along the way about what you did or didn't know or what
you could or couldn't answer about your data, and then you could look more broadly.
The other end of the spectrum is assume everything is going to get gobbled up by some Pac-Man
co-pilot at some point and make sure that you have good access control.
Because ultimately a lot of AI is a test of access control.
Do you have developers that can just dump an entire data set into a new model?
Do you have users that can enter a prompt and access far too much information?
Like do you fundamentally know the kind of data you want to put into AI or not?
These are the questions that somebody needs to answer and really think about in order
to get a handle on it and it's not that hard.
I guess I'm trying to understand the difference
between being cautious and resignation.
Does that make sense?
Yeah, I'll try to give you like a customer example.
Yeah, that'd be great.
A lot of companies that are looking at Microsoft Co-Pilot,
even still to this day, are thinking about
how deep do they go with copilot.
And the difference between,
let's say you're a 10,000 employee company,
300 users and 3000 users isn't that much.
Like, what do you trust those other 2,700 people
slightly more than the first 300?
It just doesn't make a lot of sense to me.
Yes, like you should do an initial pilot,
but once you break out of like IT and security
and you start getting into business users that have different interests in mind or don't
know that everything is logged and monitored or could be logged and monitored, you start
to get people that abuse these co-pilots.
The more users, the higher the likelihood that you're going to have some insider that's
going to abuse something like that or some compromised account, but you're just delaying
the benefits.
And so I think if you pair security with productivity and you teach people how to use prompts,
but you let them know that all your prompts are logged and monitored,
well, next thing you know, people are sharing what good is coming of it and you're
learning what data that you have exposed.
But unfortunately, companies don't even know what that is.
They don't realize how much of their 365 is wide open.
And as soon as Copa gets connected, all the obscurity that existed before is gone.
And so now you can just use Copa to say, well, what did so and so make?
Or what were the last trades that were made?
Or are we buying any companies?
Or what were the bonuses that were handled that last year?
Or are there any passwords that I have access to?
And realize how quickly it is to get answers back.
So if you didn't have good data security, what does 300 versus 3000 employees having
access to copilot do for that problem?
Yeah.
You know, I mean, again, like there's slightly less likelihood of exploitation because the
more people, the higher the likelihood you got a bad Apple, I guess.
But is it really fundamentally that big of a difference of a risk profile?
And what about that?
3,000 to your full 10,000 the same vulnerability exists the likelihood of being exploited goes up slightly
Well, let me turn the question around in a way and ask
In your experience the companies who are seeing success in adapting to this
What are some of the common elements that they share?
They've thought about data classification and data management for a long time.
Maybe it was data archiving and stale data management that drove it,
like some time with compliance regulation that made them think,
you know, we have to keep X data type for five years or X data type for seven years or X data type for ten years
And they knew they needed to solve that problem
And so they started to think about like where their data was and what they could do about it
But a company that has us like a sense of access control already
Even if it's only at the identity layer is gonna have a much easier time at thinking about well
How do I make my data ready for AI then one that they think of security as like harden the perimeter and throw EDR everywhere.
Before we run out of time, I want to touch on a report that you and your colleagues at Veronis have published.
This is your state of data security report.
I want to make our listeners aware of that, but also ask you, what prompts the creation of this report?
Yeah.
So we run risk assessments.
It's what we do.
It's our go-to-market strategy.
It's also how we engage with existing customers.
And so companies will have us come in and help them.
Am I prepared for copilot?
Or is my data ready to connect to a large language model? Or can I put some
type of masking or encryption in place on my databases or my snowflake to be better prepared?
Can I do a cloud transformation project? How we help them is we'll come in and we'll assess
that risk. We'll say, hey, you got a lot of data that's open or you got a lot of data
that's exposed. And every so often when we run those assessments,
we zoom out and we look at, well, what are the trends?
And what we saw with the cloud data store specifically
is that there's a lot of the same problems that
existed in the on-prem, and we've
had enough time in the cloud to say,
yeah, people don't use all the access that they have.
There's a lot of third party guest identities
or third party apps that are unverified and unregistered
that have access to your data.
There's AI apps that are connected to everything.
And a lot of times,
and I'll give you Salesforce an example,
users have the abilities to install plugins and add-ons
either to like a Salesforce or a 365,
and they don't understand that they're connecting
corporate data to a third partyparty app when they click allow
But because they have the permissions to do so they think it's okay
What are some of the key things in the report that stood out to you and anything particularly surprising?
I don't know. I do assessments every day so I can't say that
That anything is gonna surprise me
But the number of third party identities that are unused
and still have access to data, I thought
people had better contractor management,
that when someone stopped working with them,
they wanted to off board them.
Maybe I just got lucky at all the different places
that I worked where off boarding was a really big deal.
But I see that a lot.
The amount of data that someone has access to and doesn't use doesn't surprise me.
But for something that's so new, like a data lake or an object repository or like a Salesforce
or a company just moved there two years ago, for most of your employees to have access
to most of everything means you never set it up properly.
And so I am surprised sometimes that we aren't investing in security from the get-go when we undergo these cloud transformation
projects or these cloud migration projects, which
is real common for databases to data lakes right now,
that we're not thinking about security from the forefront
and we're still coming back to do it later.
I wasn't expecting that to be as pervasive as it is,
but the cynical part of me goes, well, why did I
expect anything less?
It reminds me of a statement I saw in the past week or so as an engineer saying, well,
of course, this is just a temporary solution, unless of course it works.
Yeah, I think that's really well stated.
Right?
Like, well, we were just trying it out and then it kind of just works.
So we stuck with it.
I also think it's like, you know, you go from pilot to production
and then you say you're going to do security
and then the next project comes along.
And look, to an extent that that's okay,
that's risk acceptance.
Risk acceptance is a part of risk management.
But where it's going to get you is when that data
is private to you and ends up in a model
that's served to more people.
That's where you, it's kind of hard to get undone.
Or you unleash a bunch of data on copilot that's private to your company or to smaller
groups at your company and now anyone with copilot can get to it.
These things are not easy to undo, to take out of the semantic index.
And I think this is the play why justfully so. Some people are a bit more cautious because they don't want to get bit.
But also why I don't know that everyone fully understands the risk that it poses.
All the more reason to figure out again like AIMSMALL.
What data do you not want to get there?
Can you take some steps to make sure that that doesn't happen?
You might learn a lot along the way.
That's Matt Radelek, VP of Incident Response and Cloud Operations at Varonis.
Compliance regulations, third-party risk, and customer security demands are all growing
and changing fast.
Is your manual GRC program actually slowing you down?
If you've ever found yourself drowning in spreadsheets, chasing down screenshots, or
wrangling manual processes just to keep your GRC program on track. You're not alone, but let's be clear
There is a better way
Banta's trust management platform takes the headache out of governance risk and compliance
It automates the essentials from internal and third-party risk to consumer trust making your security posture stronger
Yes, even helping to drive revenue.
And this isn't just nice to have.
According to a recent analysis from IDC, teams using Vanta saw a 129% boost in productivity.
That's not a typo, that's real impact.
So, if you're ready to trade in chaos for clarity, check out Vanta and bring some serious
efficiency to your GRC game.
Vanta. GRC. How much easier trust can be. Get started at Vanta.com slash cyber.
And finally, it turns out the major US airlines, you know, the ones who can't find your luggage, have
been quietly selling your domestic flight data to Customs and Border Protection.
An investigative report from 404 Media reveals that through a data broker the airlines own,
called ARC, airlines shared names, itineraries, and payment
information, all while telling CBP not to mention them by name.
This cloak-and-dagger data deal, documented through FOIA requests, supports tracking persons
of interest without pesky things like warrants.
The program, known as the Travel Intelligence Program, updates daily and holds over a billion
records.
Civil liberties advocates are unsurprisingly unimpressed.
One called it a digital age revival of the collect-it-all mentality.
Meanwhile, Congress is starting to ask airlines why their loyalty programs apparently come
with complementary government surveillance.
Turns out, when it comes to data collection, the sky's the CyberWire.
We'd love to hear from you.
We're conducting our annual audience survey to learn more about our listeners.
We're collecting your insights through the end of August.
There is a link in the show notes.
Please do check it out.
N2K's senior producer is Alice Carruth.
Our Cyberwire producer is Liz Stokes.
We're mixed by Trey Hester,
with original music and sound design by Elliot Peltsman.
Our executive producer is Jennifer Iben.
Peter Kilpey is our publisher, and I'm Dave Bittner.
Thanks for listening.
We'll see you back here tomorrow. And now a word from our sponsor, Spy Cloud.
Identity is the new battleground, and attackers are exploiting stolen identities to infiltrate
your organization.
Traditional defenses can't keep up.
Spy Cloud's holistic
identity threat protection helps security teams uncover and automatically
remediate hidden exposures across your users from breaches, malware, and phishing
to neutralize identity-based threats like account takeover, fraud, and
ransomware. Don't let invisible threats compromise your business. Get your free
corporate darknet exposure report at spycloud.com slash cyberwire and see what
attackers already know.
That's spycloud.com slash cyberwire.