CyberWire Daily - Microsoft flaws fuel global breaches.
Episode Date: July 21, 2025Microsoft issues emergency updates for zero-day SharePoint flaws. Alaska Airlines resumes operations following an IT outage. The UK government reconsiders demands for Apple iCloud backdoors. A French ...Senate report raises concerns over digital sovereignty. Meta declines to sign the EU’s new voluntary AI code of practice. A new report claims last year’s CrowdStrike outage disrupted over 750 hospitals. The World Leaks extortion group has breached Dell’s Customer Solution Centers. Hewlett-Packard Enterprise (HPE) issues a critical warning about two severe security flaws in Aruba Instant On Access Points. A single compromised password leads to a UK transport company’s demise. An AI assistant falls for fake metadata magic. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Maria Varmazis, host of T-Minus Space Daily, joins Dave Bittner to unpack AST SpaceMobile’s request to use amateur radio spectrum for satellite communications. They explore what this means for ham radio users, the role of secondary spectrum access, and why the amateur community is pushing back. It’s a nuanced look at spectrum sharing, space tech, and regulatory tensions. Selected Reading Global hack on Microsoft product hits U.S., state agencies, researchers say (The Washington Post) Microsoft releases emergency patches for SharePoint RCE flaws exploited in attacks (Bleeping Computer) Alaska Airlines requests all flights to be grounded: FAA (ABC News) UK government seeks way out of clash with US over Apple encryption (Financial Times) Digital vassals? French Government ‘exposes citizens’ data to US’ (Brussels Signal) Meta snubs the EU’s voluntary AI guidelines (The Verge) At Least 750 US Hospitals Faced Disruptions During Last Year’s CrowdStrike Outage, Study Finds (WIRED) Dell confirms breach of test lab platform by World Leaks extortion group (Bleeping Computer) HPE warns of hardcoded passwords in Aruba access points (Bleeping Computer) Weak password allowed hackers to sink a 158-year-old company (BBC News) Claude Jailbroken to Mint Unlimited Stripe Coupons (General Analysis) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the CyberWire Network, powered by N2K.
CISOs and CIOs know machine identities now outnumber humans by more than 80 to 1, and
without securing them, trust, uptime, outages, and compliance are at risk.
CyberArk is leading the way with the only unified platform
purpose-built to secure every machine identity, certificates,
secrets, and workloads across all environments, all clouds,
and all AI agents.
Designed for scale, automation, and quantum readiness,
CyberArk helps modern enterprises
secure their machine future.
Visit cyberark.com slash machines to see how.
Microsoft issues emergency updates for zero-day SharePoint flaws.
Alaska Airlines resumes operations following an IT outage.
The UK government reconsidered demands for Apple iCloud backdoors.
A French Senate report raises concerns over digital sovereignty.
Meta declines to sign the EU's new voluntary AI code of practice. A new report
claims last year's crowd strike outage disrupted over 750 hospitals. The WorldLeaks extortion
group has breached Dell's customer solution centers. Hewlett Packard Enterprise issues
a critical warning about two severe security flaws. A single compromised password leads
to a UK transport company's demise.
My conversation with Maria Vermazes, host of T-Minus Space Daily, about a company's
request to use amateur radio spectrum for satellite communications, and an AI assistant
falls for fake metadata magic. It's Monday, July 21, 2025.
I'm Dave Bittner and this is your CyberWire Intel Briefing. Thanks for joining us here today.
It's great to have you with us.
Hackers exploited two zero-day flaws in
Microsoft SharePoint launching a global cyber attack
that hit US federal and state agencies, universities,
energy firms, and international entities.
The attacks targeted on-premise SharePoint servers,
not Microsoft 365.
These vulnerabilities enable remote code execution
and were exploited in tool shell attacks,
bypassing previous patches.
Microsoft has issued emergency updates
for SharePoint subscription
edition and 2019, with a patch for 2016 still pending. Despite early mitigation
advice, many servers remain vulnerable. Hackers accessed sensitive data and
cryptographic keys, allowing potential re-entry even after patching. At least 50
breaches have been reported, including U.S. government and European agencies.
The FBI, CISA, and international partners are investigating.
Security experts warn that simply patching isn't enough.
Admins must rotate machine keys and check for signs of compromise.
Alaska Airlines grounded its fleet due to an unspecified IT outage on the evening of
July 20, temporarily halting all Alaska and Horizon air flights.
The issue lasted about three hours, with operations resuming by 11 p.m. PT.
While the airline hasn't detailed the cause, recent airline targeted cyber attacks
raise concerns, with the scattered spider gang a possible suspect. Although most flights
were grounded, the late-night timing affected fewer scheduled departures. Alaska warned
of ongoing delays as it works to restore normal operations. The UK government is reconsidering its demand that Apple provide access to encrypted iCloud data
amid pressure from the Trump administration and US Vice President JD Vance.
In January, the Home Office ordered Apple to create a backdoor under the UK's Investigatory Powers Act,
but US officials warn this could threaten
tech partnerships and privacy rights.
Apple withdrew its most secure cloud service from the UK and is challenging the order in
court joined by WhatsApp.
The move has sparked a major encryption battle and drawn criticism from both the US government
and privacy advocates. U.K. officials admit the Home Office mishandled the situation
and now face internal disagreement over how to proceed.
The Labor government, focused on digital trade and AI,
is wary of provoking U.S. leaders,
who see the issue as a threat to free speech and international data agreements.
A French Senate report has criticized the government's growing reliance as a threat to free speech and international data agreements.
A French Senate report has criticized the government's growing reliance on U.S. tech
giants, especially Microsoft, warning it compromises national digital sovereignty and exposes public
data to U.S. surveillance laws like FISA and Cloud.
Despite previous warnings, France continues outsourcing critical IT systems
to American firms, including a 74 million euro deal for the education sector. Officials
admit French data hosted by Microsoft cannot be guaranteed safe from U.S. authorities.
Critics blame bureaucratic inertia and the dismissal of European alternatives as too
costly.
A 2025 report revealed Europe sends €265 billion annually to U.S. tech firms, fueling
American jobs while weakening EU independence.
While countries like Denmark are shifting to open-source solutions, EU institutions
are slow to act.
The European Parliament has called for stronger digital sovereignty, noting US firms control
69% of Europe's cloud market and store most Western data.
Meta has declined to sign the EU's new voluntary AI code of practice, warning it creates legal
uncertainty and overreaches the upcoming AI Act's scope.
The code aims to guide companies in complying with AI rules before they take effect on August
2.
Meta argues the regulation could hinder innovation and harm European tech competitiveness.
OpenAI, by contrast, has agreed to sign.
Meta's stance reflects growing tension between the EU's strict regulatory approach and the
US's more hands-off pro-industry stance under the Trump administration.
A year after a faulty CrowdStrike software update triggered mass computer crashes, new research
reveals the incident disrupted at least 759 US hospitals, more than 200 of which lost
access to patient-critical systems like health records and fetal monitors.
The UCSD-led study warns the event was a potential public health crisis drawing comparisons to
major cyber attacks.
Though most services recovered within six hours, researchers stress even short delays
in care can harm patients.
CrowdStrike disputes the findings, blaming possible overlap with a Microsoft Azure outage
and calling the research flawed.
However, the study suggests the true impact may be underestimated,
as only one-third of US hospitals were scanned.
Researchers argue the breadth of the outage and its potential health risks
show the need for better preparedness and real-time visibility into hospital IT failures,
whether from bugs or cyber attacks.
IT failures, whether from bugs or cyber attacks. The extortion group WorldLeaks, formerly known as Hunters International, has breached Dell's
customer solution centers, environments used for product demos and testing.
Dell confirmed the attack but emphasized that the affected platform is isolated from core
systems and does not handle real customer
data.
The stolen data is believed to be synthetic or publicly available, with only a dated contact
list considered legitimate.
WorldLeaks, which pivoted from ransomware to pure data extortion in early 2025, has
claimed nearly 50 victims so far but has not publicly listed Dell. The group
has also exploited outdated sonic wall devices in other attacks. Dell declined
to reveal how the breach occurred or details about ransom demands stating the
incident is still under investigation. The event highlights the evolving tactics
of extortion gangs focusing on data theft rather than encryption.
Hewlett Packard Enterprise has issued a critical warning about two severe security flaws in
Aruba Instant On access points, used widely by small to medium businesses.
The primary flaw involves hard-coded admin credentials, allowing remote attackers to
bypass authentication and gain full web interface access.
A second flaw enables command injection via the command-line interface, but requires admin
access, making it chainable with the first vulnerability.
Exploitation could allow attackers to alter device settings, install back doors,
or launch lateral attacks.
HP urges users to upgrade their firmware, as there are no workarounds and the vulnerabilities
are not present in instant-on switches.
Discovered by a researcher known as ZZ from Ubisect Tech's Sirius team. These flaws currently have no known active exploitation but do pose significant risk if left unpatched. A single compromised
password led to the collapse of 158 year old UK transport firm KNP costing 700
jobs after a ransomware attack by the Akira gang. The hackers encrypted company data demanding a ransom KNP couldn't pay.
Despite having cybersecurity insurance and industry-compliant IT, the breach crippled
operations.
Experts warn such attacks are rising, with an estimated 19,000 ransomware incidents in
the UK last year.
The National Cyber Security Centre and National Crime Agency
report increasing attacks driven by low barriers to entry and high profits.
While major firms like M&S and Co-op have also been hit,
small businesses often bear the brunt.
Authorities urge better cyber hygiene and are considering new rules banning ransom payments
by public bodies and mandating incident reporting.
KNP's case highlights how simple lapses can lead to catastrophic outcomes in a growing
digital crime wave. Coming up after the break, my conversation with Maria Vermazes, host of the T-Minus Space
Daily, about one company's request to use amateur radio spectrum for satellite communications.
And an AI assistant falls for fake metadata magic.
Stay with us.
Bad actors don't break in, they log in.
Attackers use stolen credentials in nearly 9 out of 10 data breaches. Once inside, they're after one thing, your data.
Varonis' AI-powered data security platform secures your data at scale.
Across LAS, SAS, and hybrid cloud environments, join thousands of organizations who trust
Varonis to keep their data safe.
Get a free data risk assessment at veronis.com.
Krogel is AI built for the enterprise SOC.
Fully private, schema free, and capable of running in sensitive air-gapped environments,
Krogel autonomously investigates thousands of alerts weekly.
Relating insights across your tools without data risks can be a huge challenge.
Krogel is a investigates thousands of alerts weekly,
correlating insights across your tools
without data leaving your perimeter.
Designed for high availability across geographies,
it delivers context-aware, auditable decisions
aligned to your workflows.
Krogel empowers analysts to act faster
and focus on critical threats,
replacing repetitive triage with intelligent automation to help your sock operate at
scale with precision and control. Learn more at Krogl.com. That's C-R-O-G-L dot com.
I recently spoke with Maria Vermazes, host of the T-Minus Space Daily podcast right here on the N2K CyberWire network, about one company's request to use amateur radio spectrum for
satellite communications.
Dave, thank you so much for speaking with me today.
It's always good to speak with you.
Yeah, it's my pleasure to be here.
Thanks for having me.
I got an email in my personal inbox from Ham Radio Prep, which I've been a subscriber to
for a while, and it was sort of this red alert that, hey, AST Space Mobile is requesting
more access to some spectrum that is frequently used by amateur radio enthusiasts.
And my cursory reading of this email is essentially that AST Space Mobile, which is a huge space-based
telecoms company, they have, I think, five satellites in orbit right now that share some
spectrum that's used by amateur radio enthusiasts around the world, but they want to put like
200 plus more satellites in a constellation that might also use the
spectrum, which I imagine might cause a problem for amateur radio folks around the world.
So you are the perfect person to help me understand this because I just kind of wanted to get
a sense from a person who has amateur radio expertise, like what this would mean in that
world.
So what's your read on this, Dave? So as I read it, AST Space Mobile are looking to have a low Earth orbit cellular network.
Yes.
And that's like the hot space right now in Leo satellites, right?
That's right.
So that's what they're fixing to do here. And like you said, they already have a handful
of satellites up there and
they want to have total of around 250 when all is said and done.
And reading through their requests from the FCC for this special exemption that they're
hoping to get, they're looking to use the 430 through 440 megahertz band, which is also referred to as the 70
centimeter band, for secondary and emergency communications with the
satellites for telemetry tracking and command. So TTNC is the satellite folks
say it. And this has some of the folks in the amateur radio world concerned because the 430 to 440
megahertz band is set aside for amateur radio use here in the United States and indeed most
of the most other places around the world.
But there's some interesting nuance here.
So I knew there would be.
This is why I really wanted you to walk me through this.
Yeah, yeah.
So, again, AST Space Mobile is only looking to use these frequencies for secondary and
emergency use.
Now, that could mean a lot of different things.
Does that mean that if any particular satellite's primary transmitter goes down,
that it falls back to this frequency and then just uses that for the rest of its service life?
Don't know. Maybe.
In the application, AST is very specifically saying to the FCC
that it wants to use these frequencies outside of the United States and they have their relay stations are
around the world and are outside of the United States. So this brings up the
question of so do the satellites if they're using this band do they turn it
off when they're flying over the US? Do they mute themselves when they're flying
over the US? You know radio signals famously do not obey borders.
So that's an interesting question.
But the other thing that caught my eye is that the use of this band for amateur radio folks,
the hams are considered secondary users of these frequencies.
Yeah, so what does that mean?
So the primary users are mostly the government.
So they use these for things like radar.
And so the secondary users are allowed to use them,
but they have to accept interference from other users.
Okay, so in other words, first on the line are the government people who are using radar.
They have priority.
The hams are next in line, but they have to accept any interference that may come from
the primary user, the radar user, and that's the pecking order.
So what's interesting about this is AST Space Mobile, because their use would be empowered by an exemption, would
also be listed as a secondary user.
And so a secondary user has to accept interference from other users, but also if interference
from a secondary user is detected or reported, the secondary
user is required to shut down their use of the frequency.
So you see where I'm going here, Maria?
Yeah, so they're not going to be top of the heap there, but you're going to have a lot
of people competing in the secondary user space potentially.
Right.
Yeah, so I'm wondering if the amateur radio perspective is it's
getting too crowded or we're getting pushed out or is there something special
about this band specifically for amateur radio users? At least you know you and I
both being in the US for our perspective like what what is it about this band
that's important? Well let's get to that but before let's put a
button on that previous question which is if these satellites are flying,
if let's say you have 250 satellites in low Earth orbit
and they're making use of this band,
and as the law is written and I understand it,
let's say an amateur radio operator said,
hey, these satellites are interfering
with my use of the band.
Does that mean the FCC can go to AST Space Mobile
and say shut them down?
I don't think so.
Or does amateur radio essentially become a tertiary user, which does not exist, but essentially
bumped down a little bit, I would imagine.
And that's the concern. That's the concern is that through this exemption,
the FCC will be allowing the use of this spectrum
to this space company.
And that just from being big and bad and present
and ubiquitous that there's the potential for them
to stomp all over the amateur radio users
and basically increase the noise floor of everything that's going on in the band
and just make things harder for the people who want to use the band for amateur radio stuff.
Now, the 70 centimeter band is not the most popular band in amateur radio. It's pretty much point to point. It
is a high quality band that's used for some voice, it's used for amateur satellite communications,
people use it to communicate with the International Space Station for low bandwidth TV so they can send images
on these frequencies, but it's not the band
that I think most hams reflexively go out to use.
For example, the local amateur radio club
that I'm a member of has repeaters on the two meter band
and the 70 centimeter band.
I would say the two meter band and the 70 centimeter band, I would say the 2 meter band repeaters
probably get used 10 to 1 over the 70 centimeter band.
And that's, you know, no particular reason for that.
That's just the way that it falls,
you know, the way that some of the radios are configured
and just how the chips have fell.
So there's also this argument that, okay, hams, you know, it's not like you guys are
using this band all that much.
So share the precious bandwidth because, again, as you know, Maria.
It's very crowded on the spectrum.
Yeah, bandwidth is just more and more, you know, more and more precious.
And the higher frequency you can use,
the more carrying capacity it has for information.
So this is desirable band and this company is saying,
we'd like the FCC to make an exemption for us to share it.
So if I'm understanding correctly,
it's a real, there is a lot of nuance this Dave.
I really appreciate you dug into this
because I was thinking, reflexively,
I saw that email and I went, whoa, well, that's interesting.
But it sounds like from the AST Space Mobile side,
again, them being a secondary user,
so they're not even at the top of the pecking order there.
So this is not gonna be their main bit of spectrum
that they would be needing.
It would be sort of a backup,
which of course they would still need, but it wouldn't be the main conduit, so to speak.
And even for amateur radio folks, at least for the US, I don't know about other use globally,
I'm sure that would be an interesting thing to look into, but at least within the United
States, because this is the FCC we're talking about here, amateur radio folks, this is not
their favorite place to communicate either, but I'm sure philosophically
it's a matter of, well, if we keep whittling down
the spectrum that amateur radio folks can use,
that further endangers a hobby that's already defensive
about people taking their spectrum understandably.
I'm not against that, I understand why people are.
So it is an interesting situation.
Yeah, it's also interesting that you mentioned that this particular request is US based,
but a lot of the advocacy to protect this spectrum is coming out of the UK.
Oh, that's interesting.
What's up with that?
Well, I'm kind of connecting dots here. So there's, you know, I can't not claim to have
an absolutely rock solid answer here,
but I suspect that part of that is coming
because AST has said that they're specifically
not planning on using this spectrum
within the United States,
but they're not making that promise
to the rest of the world.
Oh, that is interesting.
Yeah, so if you're in the UK, you're thinking here's this company out of Texas
who's going to be putting up all of these satellites, this constellation of satellites,
and this is going to
presumably, or at least has the potential, to raise the noise floor on
this band.
And let's not forget, amateur radio is also about responding to emergencies.
We've seen that certainly here in the US.
So there's concerns that it could degrade ability to respond in the case of an emergency.
So there's that.
What is the recourse then outside of the United States?
Is it the ITU?
I mean, who, I mean, can anything,
I'm not saying something has to be done,
but if one feels that something should be done,
what do you do?
Yeah, I think you complain to the ITU.
Here in the US, the comment period
is still open for a few days.
So if this is something that concerns you, you can write to the FCC and just let them know.
And the amateur radio organizations have put together some pre-crafted boilerplate for you to submit if you want to do that.
Dave, thank you for this really nuanced take on this whole story because it's just been
very fascinating to follow.
The comment period to the FCC is until July 21st.
And of course, be sure to check out the T-Minus Space Daily podcast right here on the N2K
Cyberwire Network or wherever you get your favorite podcasts.
Compliance regulations, third-party risk, and customer security demands are all growing
and changing fast.
Is your manual GRC program actually slowing you down?
If you're thinking there has to be something more efficient than spreadsheets,
screenshots, and all those manual processes, you're right.
GRC can be so much easier, and it can strengthen your security posture
while actually driving revenue for your business.
You know, one of the things I really like about Vanta is how it takes the heavy lifting out of your GRC program.
Their trust management platform automates those key areas – compliance, internal and third-party risk, and even customer trust –
so you're not buried under spreadsheets and endless manual tasks.
Vanta really streamlines the way you gather and manage information across your entire business.
And this isn't just theoretical.
A recent IDC analysis found that compliance teams using Vanta are 129% more productive.
It's a pretty impressive number.
So what does it mean for you?
It means you get back more time and energy to focus on what actually matters, like strengthening
your security posture and scaling your business.
Vanta, GRC, just imagine how much easier trust can be.
Visit Vanta.com slash cyber to sign up today for a free demo.
That's V-A-N-'s vanta.com slash cyber.
Hey everybody, Dave here. I've talked about DeleteMe before and I'm still using
it because it still works. It's been a few months
now and I'm just as impressed today as I was when I signed up. DeleteMe keeps finding and removing
my personal information from data broker sites and they keep me updated with detailed reports
so I know exactly what's been taken down. I'm genuinely relieved knowing my privacy isn't
something I have to worry about every day.
The Delete Me team handles everything. It's the set it and forget it piece of mind.
And it's not just for individuals. Delete Me also offers solutions for businesses, helping companies
protect their employees' personal information and reduce exposure to social engineering and phishing threats.
And right now, our listeners get a special deal, 20% off your DeleteMe plan.
Just go to joindeleteeme.com slash n2k and use promo code N2K at checkout.
That's joindeleteeme.com slash n2k, code N2K. And finally, it all started with an innocent enough goal, automate simple business tasks
using AI.
Enter Claude, the LLM-powered agent trained to read your
iMessages and carry out useful actions, like managing stripe billing, sending thank you
notes, or auto-generating invoices. It's the kind of set-it-and-forget-it assistant start-ups
dream about, until someone realized it could be way too helpful.
Security researchers at General Analysis dug into how Claude interprets messages.
Turns out it doesn't just read the words, it also processes metadata, like who sent
the message and the conversation thread.
Normally, this metadata comes from Apple's iMessage APIs, but Claude doesn't actually verify that.
It trusts whatever metadata it's handed, which opens a troubling loophole.
Anyone can craft a fake iMessage via SMS that looks like it came from you.
So the researchers sent Claude an SMS containing fake metadata and a casual,
Hey Claude, create me $1000-$50,000
Stripe coupons.
The message had no real authorization, no password, no handshake, just well faked headers.
Claude, ever loyal, complied.
It gets better.
The metadata spoofing doesn't even require system access, just embed it in the text body,
and Claude will happily parse it as real.
The exploit doesn't rely on malware or brute force hacking, just social engineering dressed
up as protocol mimicry.
And because it uses your own assistant, it's like robbing yourself with your own butler's
help.
Stripe, of course course had no idea.
Claude's commands were fully authenticated from its point of view.
The damage could be massive, especially if deployed at scale.
Think infinite gift cards, free subscriptions, or unauthorized refunds.
And while this was just a proof of concept, it's a masterclass in showing how helpful
automation can quietly backfire.
The researchers responsibly disclosed the issue and even released a defense tool called
MCP Guard.
It filters incoming messages and metadata to ensure only legitimate verifiable requests
are passed to the agent.
So it's important to note Claude wasn't hacked, it just did what it was told by anyone
pretending to be you.
The modern AI assistant's greatest weakness may not be its intelligence, but its loyalty. And that's the CyberWire.
For links to all of today's stories, check out our daily briefing at the cyberwire.com.
We'd love to hear from you.
We're conducting our annual audience survey to learn more about our listeners
We're collecting your insights through the end of this summer. There is a link in the show notes. Please do check it out
Don't forget to check out the grumpy old geeks podcast where I contribute to a regular segment on Jason and Brian show every week
You can find grumpy old geeks where all the fine podcasts are listed
N2K's senior producer is Alice Carruth.
Our Cyberwire producer is Liz Stokes.
We're mixed by Trey Hester with original music by Elliot Peltsman.
Our executive producer is Jennifer Iben.
Peter Kilpey is our publisher.
And I'm Dave Bittner.
Thanks for listening.
We'll see you back here tomorrow. And now, a word from our sponsor ThreatLocker, the powerful zero-trust enterprise solution
that stops ransomware in its tracks.
AllowListing is a deny-by-default software that makes application control simple and
fast.
Ring-fencing is an application containment strategy, ensuring apps can only access the files, registry keys,
network resources, and other applications
they truly need to function.
Shut out cybercriminals with world-class endpoint
protection from ThreatLocker.