CyberWire Daily - Legislating in the shadow of hackers.
Episode Date: November 7, 2025The CBO was hacked by a suspected foreign actor. Experts worry Trump’s budget cuts weaken U.S. cyber defenses. Regulation shapes expectations. ClickFix evolves on macOS. Notorious cybercrime groups ...form a new “federated alliance.” Congressional leaders look to counter China’s influence in 6G networks. An EdTech firm pays $5.1 million to settle data breach claims. Nevada did not pay the ransom. Our guest is CEO and Co-Founder Ben Nunez from Evercoast, winner of the 8th Annual DataTribe Challenge. The FBI tries to uncover the archivist. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Evercoast, winner of the 8th Annual DataTribe Challenge, is redefining Training Data for Embodied AI with enriched 4D spatial data from real-world environments to better train robots. CEO and Co-Founder Ben Nunez joins Dave Bittner to discuss their win and what’s next for the company. Selected Reading Congressional Budget Office believed to be hacked by foreign actor (The Washington Post) Trump budget cuts, agency gutting, leave Americans and economy at greater risk of being hacked, experts warn (CNBC) The quiet revolution: How regulation is forcing cybersecurity accountability (CyberScoop) ClickFix Attacks Against macOS Users Evolving (SecurityWeek) “I Paid Twice” Phishing Campaign Targets Booking.com (Infosecurity Magazine) Scattered Spider, LAPSUS$, and ShinyHunters form extortion alliance (SC Media) Congressional leaders want an executive branch strategy on China 6G, tech supply chain (CyberScoop) Ed tech company fined $5.1 million for poor data security practices leading to hack (The Record) Nevada government declined to pay ransom, says cyberattack traced to breach in May (The Record) FBI Tries to Unmask Owner of Infamous Archive.is Site (404 Media) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyberwire Network, powered by N2K.
At TALIS, they know cybersecurity can be tough and you can't protect everything,
but with TALIS, you can secure what matters most.
With TALIS's industry-leading platforms, you can protect critical applications,
data and identities, anywhere and at scale with the highest RR.
That's why the most trusted brands and largest banks, retailers, and health care companies in the world rely on TALIS to protect what matters most.
Applications, data, and identity.
That's TALIS.
T-H-A-L-E-S.
Learn more at talusgroup.com slash cyber.
The CBO was hacked by a suspected foreign actor.
Experts worry Trump's budget cuts weaken U.S. cyber defenses.
Regulation shapes expectations.
ClickFix evolves on MacOS.
Notorious cybercrime groups form a new federated alliance.
Congressional leaders look to counter China's influence in 6G networks.
An ed tech firm pays $5.1 million to settle data breach claims.
Nevada did not pay the ransom.
Our guest is CEO and co-founder Ben Nunez from Evercoast,
winner of the eighth annual Data Tribe Challenge.
And the FBI tries to uncover the archivist.
It's Friday, November 7, 2025.
and this is your Cyberwire Intel briefing.
Thanks for joining us here today.
It's great to have you with us.
The Congressional Budget Office, Congress's nonpartisan fiscal analyst, was hacked by a suspected foreign actor,
potentially exposing sensitive communications and financial data used in crafting legislation.
Officials discovered the breach recently and worry adversaries may have accessed internal emails,
chats, and correspondence with lawmakers.
According to a spokesperson, the CBO quickly contained the incident, added new monitoring,
and continues its work while the investigation proceeds.
Some congressional offices have reportedly paused email contact with the
agency over security concerns. The CBO provides independent economic projections and cost
estimates for every bill, serving as a vital counterweight to the White House's budget
agencies. Its analyses frequently influence legislative debates and fiscal policy across
both chambers of Congress. Experts warn that budget cuts and restructuring under President
Trump's administration have weakened U.S. cybersecurity defenses.
leaving the nation and economy more vulnerable to attack.
A new assessment from the Cyberspace Solarium Commission
found declining progress toward key national cyber goals,
citing reduced funding and staff at agencies such as SISA and the State Department.
The lapse of an information-sharing law
and the disbanding of key coordination councils
have further hampered public-private collaboration.
Experts say this death-by-a-thousand-paper cuts
erodes visibility into nation-state threats like China's Volt Typhoon campaign,
even as artificial intelligence accelerates attack capabilities.
Analysts warn that cutting federal resources while shifting responsibility to states and
industry heightens national cyber risk.
According to CNBC, a quiet but profound shift is reshaping cybersecurity.
Regulation is making accountability a daily expectation.
rather than a compliance exercise.
Frameworks like the EU's Digital Operational Resilience Act,
U.S. Secure by Design Principles, and new SEC disclosure rules
are driving cultural change across organizations.
Regulators now demand proof of readiness, transparency, and incident response,
and evidence that systems were built securely from the start.
This evolution pushes security, engineering, and legal teams to collaborate
continuously instead of treating compliance as an annual checkbox.
Experts say the focus has moved from bureaucracy to behavior, embedding accountability into design,
operations, and communication.
In this new landscape, transparency and preparedness are emerging as competitive advantages
rather than regulatory burdens.
Click-fix attacks have rapidly evolved on MacOS, with threat actors refined.
finding fake cloud flare verification pop-ups that mimic legitimate pages, and even include
instructional videos and countdown timers.
The tactic, long used against Windows users, tricks victims into manually executing malicious
commands that install malware, often bypassing security tools.
Recent macOS variants, such as one deploying the Shamos InfoStealer, show greater sophistication
and fewer execution steps.
Experts warn that user awareness remains the strongest defense
as attackers continue adapting.
Speaking of ClickFix,
cybersecurity researchers uncovered a large-scale fishing campaign
exploiting booking.com partner accounts
to steal customer data.
According to Sequoia.io,
attackers compromised hotel systems
using the ClickFix social engineering tactic,
tricking victims into executing
power shell commands that installed
the pure rat remote access Trojan.
The malware enabled credential theft,
system control, and data exfiltration.
Stolen credentials were traded
or used in payment scams.
Fraudulent messages mimic legitimate
booking details directing victims
to fake payment pages.
The campaign remains active
and highly profitable.
A new federated alliance
of three notorious cybercrime groups,
Scattered Spider, Shiny Hunters, and Lapsis
has formed to launch extortion-as-a-service operations,
according to researchers at Trustwave.
Operating under the handle,
Scattered Lapsis Hunters,
the coalition combines elite skills in social engineering,
lateral movement, and data exfiltration,
posing a major threat to enterprises.
Experts describe this merger
as the evolution of cybercrime
into coordinated business-style operations,
targeting weak identity controls
and legacy multi-factor authentication.
SLH reportedly plans to release its own ransomware,
shiny spider, and collaborate with other criminal clusters.
Researchers warn this marks a new phase
of organized cyber extortion,
emphasizing collaboration, efficiency,
and credential-based compromise.
Congressional leaders are demanding more transparency
from federal agencies on strategies to counter China's growing influence in technology and
cybersecurity, especially in developing 6G networks. Representative Raha Krista Mourthi urged Secretary
of State Marco Rubio to strengthen international coalitions promoting secure non-Chinese telecommunications
infrastructure and to prevent a repeat of U.S. missteps during 5G's rollout. Lawmakers warn that China is
already shaping global 6G standards through partnerships and summits. Meanwhile, congressional
Republicans are pressing the Commerce Department to curb Chinese technology in U.S. supply chains,
citing risks to infrastructure, AI systems, and industrial control networks. Both parties agree that
technological dominance and security in next generation communications represent critical
national interests, requiring coordinated investment, diplomacy, and stronger standards leadership.
Educational technology firm Illuminate Education will pay $5.1 million and overhaul its security
practices to settle claims tied to a 2021 data breach that exposed sensitive student information.
The breach, affecting students in 49 states and 3 million in California, stemmed from poor access
controls, weak monitoring, and unsecured databases.
California, Connecticut, and New York attorneys general said
Illuminate failed to revoke ex-employee credentials
and misled users about compliance.
The company has agreed to strengthen monitoring and data protection measures.
Officials in Nevada confirmed the state did not pay ransom
after an August ransomware attack that disrupted critical government systems.
Working with the FBI,
Mandeant and others, the state restored operations in 28 days, recovering about 90% of affected data.
The attack began when a state employee unknowingly downloaded a malware-laced tool from a spoofed website,
part of a search engine optimization poisoning campaign.
The attacker gained persistence, moved laterally, and deployed ransomware after deleting backups.
No data exfiltration was detected, and only one file contained personal.
information. The state spent roughly $1.6 million on recovery costs and overtime. Governor Joe
Lombardo praised teams for restoring payroll and essential services without paying criminals,
pledging further network segmentation and stronger cybersecurity defenses.
Coming up after the break, my interview.
with the winner of the 8th annual Data Tribe Challenge,
CEO and co-founder Ben Nunez from Evercoast,
and the FBI tries to uncover the archivists.
Stay with us.
What happens when cybercrime
becomes as easy as shopping online.
SpyCloud's Trevor Hillegas joined Dave Bittner on the CyberWire Daily
to explain how a wave of cybercrime enablement services
are lowering the barrier to entry
and making sophisticated attacks available to anyone.
I think it's a pretty good general term
that describes kind of an umbrella of tools and services
that I would kind of tag as criminal or criminal adjacent.
Instead of having, you know, sort of the smaller pool of high sophistication actors that are able to kind of carry out these really vast and costly cyber attacks, you know, we see that being given to much lower sophistication, lower tech folks that are, you know, a much lower barrier to entry to get into this field.
The person that's buying access to this, they basically need a phone and a Bitcoin wallet.
Make sure you hear this full conversation and learn how the underground economy is reshaping cyber risk.
Visit explore.thecyberwire.com slash spy cloud.
That's explore.
Thecyberwire.com slash spy cloud.
What's your 2 a.m. security worry? Is it, do I have the right controls in place? Maybe are my vendors secure? Or the one that really keeps you up at night? How do I get out from under these old tools and manual processes? That's where Vanta comes in. Vanta automates the manual work, so you can stop sweating over spreadsheets, chasing audit evidence, and filling out endless questionnaires. Their trust management platform continuously monitors your systems, centralizes your
data and simplifies your security at scale. And it fits right into your workflows, using AI to
streamline evidence collection, flag risks, and keep your program audit ready all the time.
With Vanta, you get everything you need to move faster, scale confidently, and finally, get back to
sleep. Get started at Vanta.com slash cyber. That's V-A-N-T-A-com slash cyber.
Get no frills delivered.
Shop the same in-store prices online and enjoy unlimited delivery with PC Express Pass.
Get your first year for $2.50 a month.
Learn more at p.c.express.ca.
This past week saw the 8th annual Data Tribe Challenge at Cyber Innovation Day in Washington, D.C.
I sat down with the Data Tribe Challenge winner, CEO and co-founder Ben Nunez from Evercoast.
So you just walked off the stage, having won the Data Tribe Challenge, what's in your mind right now?
What are you feeling?
Well, I'm excited to be a part of an alumni group, like I mentioned out there.
You know, there's a bunch of successful companies that have won this in the past.
And, you know, we're just excited to be part of this community.
You know, I think Data Tribe is an incredible organization to be able to sort of help us
get to that next level and create these unfair advantages and, you know,
going and executing and building a real, you know, sustainable commercial company.
Well, tell us about the product. What's your value of proposition here?
So we help train robots to do their jobs. You know, right now there's a frantic effort
underway to go collect real world data in order to be able to train robots to perform tasks.
And it's not just about sort of imitation learning and sort of, you know, teaching a robot to do
something that a human can do. It's really about an ongoing monitoring and maintenance of robots
to be able to understand their performance. And is it staying in line with, you know,
expectations of what they're supposed to be doing? So our product really helps button all that up
with a seamless platform. Tell me about your team, the folks that you've assembled,
I saw in your presentation, it's quite an impressive group. It is an impressive group. We've got
14 people. You know, a lot of them are, you know, PhDs, masters, senior engineers who, you know,
have been at the forefront of spatial data for many years.
A lot of this technology actually came out of Hollywood.
So we've got guys from Pixar and Weta Digital
and really teams that sort of perfected this kind of technology
and getting a human right.
You know, if you can get a human to look exactly right,
you know, chances are that technology is going to be applicable
to a lot of other verticals and industries.
And robotics has always been in our mission statement from day one.
And now we're kind of bringing that to fruition.
You know, when I was watching the presentation, I was sizing up all the competitors today,
I thought two things about your group.
One was, I thought you were the most interesting.
It was different from what anyone else did.
But I wondered if it was too far off the beaten path that the judges might be afraid that they didn't really understand it.
Is that something that you have to deal with of explaining exactly what you all are?
It depends on the audience.
I think it did.
I mean, I kind of thought the same thing coming in here at Data Tribe.
I mean, data is in the name, but it's also very much a cybersecurity company.
I think our last statement at the very end really brought it home
and that this is a data integrity problem.
You know, we have physical AI companies that are training AI on, you know,
not using real world data, or at least not using real world data properly.
So we solved that, and so we knew there was a strong data angle.
And ultimately, this is, you know, this is the next cyberbathes,
battlefield is not virtual. It is embodied. And, you know, we're just here to make sure that it's rooted in
ground truth and not guesswork. What happens next? You're a winner here. Where do you launch off tomorrow?
We continue to get back to work and build the business and build the company. And, you know, we are raising
around right now. So it's really about sort of closing that round as quickly as possible so that we can
continue to grow and move fast. This world is, this industry is moving incredibly fast. So in order to keep pace,
I think this capital will help us get there.
What's your advice for folks out there
who might be considering taking part in the Data Tribe challenge?
If you get selected, I mean, it is an incredible opportunity.
I think any time an entrepreneur has an opportunity
to get up in front of a few hundred people
and pitch their company, I don't care what it is,
get up and do it, particularly if it's in front of a crowd
like Data Tribe Assembles here.
It is an audience full of incredibly smart people
and successful entrepreneurs and investors and press
And, you know, I think any opportunity that an entrepreneur has to get up and pitch their wares, no matter what, do it.
And Data Tribe Challenge is an incredible opportunity to do that.
Well, good luck to you.
Thank you very much.
That's Ben Nunez from Evercoast, the eighth annual Data Tribe Challenge winner.
it's better than the one big thing?
Two big things.
Exactly.
The new iPhone 17 Pro
on TELUS' five-year rate plan price lock.
Yep, it's the most powerful iPhone ever,
plus more peace of mind with your bill over five years.
This is big.
Get the new iPhone 17 Pro at TELUS.com
slash iPhone 17 Pro on select plans.
Conditions and exclusions apply.
And finally, the FBI has apparently set its sites on one of the Internet's more eccentric institutions.
Archive Today, the site beloved by journalists, researchers, and anyone allergic to paywalls.
According to a subpoena posted by the site itself, a characteristically defiant move,
the Bureau wants to unmask whoever runs the operation, demanding everything from IP addresses to payment details.
The request was sent to two cows, the Canadian registrar, with the usual Don't Tell Anyone Clause, that archive today, of course, promptly told everyone about.
Launched in the early 2010s, the site became infamous during the Gamergate era for archiving web pages so users could quote without sending traffic to the originals.
Since then, it's become the Internet's attic, part preservation project, part paywall circumvention machine,
and wholly mysterious.
No one quite knows who runs it.
Rumor has it, a solitary Russian
with a soft spot for dead links.
The FBI, it seems,
would very much like to know more.
And that's The CyberWire.
For links to all of today's stories, check out our daily briefing at thecyberwire.com.
Be sure to check out this weekend's Research Saturday
and my conversation with Tal Peleg and Kobe Abrams from Veronis.
We're discussing their work on Rusty Pearl,
remote code execution in post-gress instances.
That's Research Saturday. Check it out.
We'd love to know what you think of this podcast.
Your feedback ensures we deliver the insights that keep you a step ahead,
in the rapidly changing world of cybersecurity.
If you like our show,
please share a rating and review
in your favorite podcast app.
Please also fill out the survey
and the show notes
or send an email to Cyberwire
at N2K.com.
N2K's senior producer is Alice Carruth.
Our Cyberwire producer is Liz Stokes.
We're mixed by Trey Hester
with original music by Elliot Peltzman.
Our executive producer is Jennifer Iben.
Peter Kilpe is our publisher,
and I'm Dave Bittner.
Thanks for listening.
We'll see you back here.
week.