CyberWire Daily - The email that tricked an AI.
Episode Date: September 19, 2025OpenAI patches a ChatGPT flaw that could have exposed Gmail data. CISA documents malware exploiting two Ivanti Endpoint Manager Mobile (EPMM) flaws. WatchGuard patches a critical flaw in its Firebox f...irewalls. MI6 launches a dark web snitch site. The DoD looks to cut its cybersecurity job hiring time just 25 days. Researchers trick ChatGPT agents into solving CAPTCHAs. A UK teen faces accusations of being part of the Scattered Spider gang. The Senate confirms a new assistant secretary of defense for cyber policy. A former CIA officer is accused of selling classified information to private clients. Karin Ophir Zimet, Torq's Chief People Officer, is speaking with N2K Senior Workforce Analyst Will Markow about their internship program for upleveling AI skills. Russia’s AI propaganda goes prime time. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Karin Ophir Zimet, Torq's Chief People Officer, is speaking with N2K Senior Workforce Analyst Will Markow about their internship program for upleveling AI skills. Selected Reading OpenAI Fixed ChatGPT Security Flaw That Put Gmail Data at Risk (Bloomberg) CISA Analyzes Malware From Ivanti EPMM Intrusions (SecurityWeek) WatchGuard Issues Fix for 9.3-Rated Firebox Firewall Vulnerability (HackRead) MI6 upgrades dark web portal to recruit new spies (The Register) DOD official: We need to drop the cybersecurity talent hiring window to 25 days (CyberScoop) ChatGPT Tricked Into Solving CAPTCHAs (SecurityWeek) Scattered Spider teen cuffed after crypto splurge on games (The Register) Senate confirms Sutton as Pentagon cyber policy chief (The Record) Contractor Used Classified CIA Systems as ‘His Own Personal Google’ (404 Media) Russian State TV Launches AI-Generated News Satire Show (404 Media) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyberwire Network, powered by N2K.
Think your certificate security is covered.
By March 26, TLS certificate lifespans will be cut in half, meaning double today's renewals.
And in 2029, certificates will expire every 47 days, demanding between 8 and 12 times the renewal volume.
That's exponential complexity, operational workload, and risk, unless you modernize your strategy.
CyberArk, proven in identity security, is your partner in certificate security.
CyberArc simplifies life cycle management with visibility, automation, and control at scale.
Master the 47-day shift with CyberArk.
Scan for vulnerabilities, streamline operations, scale security.
Visit CyberArk.com.
slash 47 day. That's cyber arc.com slash the numbers 47DAY.
manager mobile flaws. Watchguard patches a critical flaw in its firebox firewalls.
MI6 launches a dark web snitch site. The DOD looks to cut its cybersecurity job hiring time to just 25 days.
Researchers trick chat GPT agents into solving captures. A UK teen faces accusations of being
part of the scattered spider gang. The Senate confirms a new Assistant Secretary of Defense for
Cyber Policy. A former CIA officer is accused of selling classified information.
to private clients,
Karin Ophir-Zemet, Tork's chief people officer,
speaks with N2K's senior workforce analyst Will Marco
about their internship program
for up-leveling AI skills.
And Russia's AI propaganda goes prime time.
It's Friday, September 19th,
2025. I'm Dave Bittner, and this is your Cyberwire Intel Briefing.
Thanks for joining us here today. It's great to have you with us.
OpenAI has patched a security flaw in its chat GPT deep research agent that could
have exposed Gmail data.
according to researchers at Radware.
The tool, launched in February, helps users analyze large data sets and can connect
to Gmail accounts if authorized.
Radware discovered that attackers could exploit the feature by embedding hidden instructions
in emails.
The agent could then be tricked into extracting personal or corporate information, like names
and addresses, and sending it to a malicious web address, all without the user's interaction.
While no evidence shows the flaw was exploited, the risk highlighted how AI agents themselves can be abused.
OpenAI fixed the issue on September 3rd and emphasized its commitment to improving model security with help from external researchers.
Sisa has released technical details on malware used in the tax exploiting two Ivanti endpoint manager mobile flaws.
Disclosed on May 13th, the vulnerabilities,
a 5.3-rated authentication bypass and a 7.2-rated remote code execution bug were quickly abused after
proof-of-concept exploits appeared. China-linked UNC-5221 was later tied to the campaigns.
The flaws found in open-source libraries within EPMM can be chained for unauthenticated RCE.
SISA analyzed malware deployed on a compromised EPMM server,
revealing two sets of tools designed for persistence and arbitrary code execution.
These included loaders, listeners, and a Java object manager to inject malicious classes into Apache Tomcat.
Sisa urges organizations to patch EPMM immediately, strengthen MDM monitoring, and adopt best security practices.
Watchguard has patched a critical flaw in its firebox firewalls that could lead
remote attackers take control without authentication. Rated 9.3 in severity, the bug stems from
an out-of-bounds right in a fireware OSVPN process, potentially enabling arbitrary code
execution. A wide range of firebox models are affected. While no attacks are known yet,
watchguard urges immediate updates to fixed versions. They credit researcher BTAOL for reporting the issue.
The U.K.'s Secret Intelligence Service, MI6, has launched Silent Courier, a dark web portal for would-be informants to securely share secrets.
Announced with a statement quoting Foreign Secretary Yvette Cooper, the program aims to recruit sources in Russia and around the world.
MI6 posted an eight-language YouTube video with step-by-step guidance.
Access Silent Courier via Tor.
Or, if Tor is blocked, use a short video.
short VPN trial and a throwaway email.
Advisories stress using a clean, patch device, incognito browsing, and avoiding any identifying
payment or personal details.
MI6 says it will carefully consider submitted intelligence.
Commentators note the risk of trolls or hostile actors flooding the service and suggest the
portal might also be used to expose foreign tradecraft.
The Department of Defense is aiming to cut
its cybersecurity job hiring time from 70 days to just 25, as it struggles with a shortfall of
nearly 20,000 cyber professionals. Mark Gorek, who leads the DOD's cyber workforce efforts,
outline the challenge at Fed Talks, noting the department's cyber component numbers about 245,000
within a total force of 4 million. Nationwide, the cyber talent gap is estimated at between 500,000
and 700,000. To close the gap, the DOD is shifting to skills-based hiring, using short
cyber-range assessments to test applicants' technical ability rather than requiring advanced
degrees or certifications. The department is also updating cyber work roles every 90 days to keep
pace with AI-driven changes. Collaboration with industry, academia, and other partners is seen as
critical to success.
Researchers at SPLX showed that prompt injections can trick chat GPT agents into solving
CAPTCs despite built-in safeguards.
By first priming the model in a regular chat to treat CAPTCHAs as fake, then pasting that
conversation into an agent session, they bypassed restrictions.
The agent proceeded to solve ReCAPTCHA version 2 and click CAPTCHA, even adjusting its cursor
to mimic human behavior.
SPLX warned this highlights vulnerabilities to context poisoning,
raising doubts about CAPTCHA's effectiveness
and exposing risks of data leaks or security bypasses.
UK teenager Talia Joubert,
accused of being part of the scattered spider gang,
allegedly helped extort over $115 million from more than 100 organizations.
Arrested alongside another teen,
Jubert now faces U.S. charges for 120 intrusions, including against the federal court system,
where attackers stole staff data and accessed a magistrate judge's inbox.
Investigators tied him to ransom wallets after he used the same server to buy gaming and food gift cards linked to his residence.
Evidence also came from chats where Joubert bragged about multi-million dollar payments.
Scattered Spider, known for social engineering and ransomware since 2022, has targeted retailers, casinos, and critical infrastructure.
Authorities seized $36 million in crypto from Joubert's server.
Analysts say his arrest delivers a major blow to the gang's global operations.
The Senate has confirmed Catherine Sutton as the Pentagon's new Assistant Secretary of Defense for cyber policy,
filling a critical vacancy after recent leadership departures.
Sutton, only the second person to hold the role since its 2023 creation, was confirmed
in a 51-47 vote, a former advisor at U.S. Cyber Command and Senate Armed Services Committee staff
leader, she pledged to strengthen U.S. cyber defenses against China and other adversaries.
She replaces acting chief Lori Bookout, who recently left, while other senior police.
policy posts remain vacant. We wish her success in her new position.
Former CIA officer Dale Britt Bendler, age 68, has been accused of abusing his clearance as a
contractor to sell classified information to private clients. Prosecutors say that between
2017 and 2020, Bendler earned about $360,000 while treating CIA systems as his personal Google.
He worked for a foreign national under investigation for embezzling sovereign wealth funds,
receiving $20,000 per month to search CIA databases and shape a lobbying campaign with classified insights.
He also aided another foreign national accused of laundering money for a terrorist group,
again using CIA systems to gather intelligence.
Court filings reveal he passed secret no-foreign information to a U.S. lobbying firm,
violating oaths and national security protocols.
Prosecutors argue his misuse of secrecy
as both cover and leverage
highlights the need for a strong deterrent.
Coming up after the break,
Kare Zemet, Tork's chief people officer,
speaks with N2K's senior workforce analyst Will Marco
about their internship program for
up-leveling AI skills, and Russia's AI propaganda goes primetime.
Stay with us.
And now a word from our sponsor.
The Johns Hopkins University Information Security Institute is seeking qualified applicants for its innovative Master of,
Science and Security Informatics degree program, study alongside world-class interdisciplinary
experts, and gain unparalleled educational research and professional experience in information
security and assurance. Interested U.S. citizens should consider the Department of Defense's
Cyber Service Academy program, which covers tuition, textbooks, and a laptop, as well as providing
a $34,000 additional annual stipend. Apply for the fall 2026th semester and for this scholarship
by February 28th. Learn more at c.j.j.u.edu slash MSSI.
We've all been there.
You realize your business needs to hire someone yesterday.
How can you find amazing candidates fast?
Well, it's easy.
Just use Indeed.
When it comes to hiring, Indeed is all you need.
Stop struggling to get your job post noticed.
Indeed's sponsored jobs helps you stand out and hire fast.
Your post jumps to the top of search results, so the right candidates see it first.
And it works.
Sponsored jobs on Indeed get 45% more out.
applications than non-sponsored ones.
One of the things I love about Indeed is how fast it makes hiring.
And yes, we do actually use Indeed for hiring here at N2K CyberWire.
Many of my colleagues here came to us through Indeed.
Plus, with sponsored jobs, there are no subscriptions, no long-term contracts.
You only pay for results.
How fast is Indeed?
Oh, in the minute or so that I've been talking to you, 23 hires were made on Indeed.
according to Indeed data worldwide.
There's no need to wait any longer.
Speed up your hiring right now with Indeed.
And listeners to this show will get a $75-sponsored job credit
to get your jobs more visibility at Indeed.com slash cyberwire.
Just go to indeed.com slash cyberwire right now
and support our show by saying you heard about Indeed on this podcast.
Indeed.com slash cyberwire.
Terms and conditions apply.
Hiring, indeed, is all you need.
Karine Ophir Zemet is chief people officer at TORC,
and N2K's senior workforce analyst Will Marco
recently got together with her
to talk about their internship program
for up-leveling AI skills.
So really, I just want to start,
by asking you, as we see that investment in AI is surging and organizations are increasingly
adopting AI, both for security operations as well as other use cases, often the bottleneck we find
in these emerging fields is the human side of the equation. And how do we make sure that we have
enough skilled talent to actually leverage these new technologies? And so I'm curious to know,
what are you seeing as it relates to the AI workforce and how can we ensure that we have a sufficient
pool of skilled AI talent to leverage these new technologies? I think this is a thing that everyone
talks about and I would start with a phrase that I believe you said once that AI won't
replace people. It just replaces how people work. So I do think that every company now is talking on
AI, every company tries to implement AI. I do think that young people that are already started,
you know, even younger than the workforce that we have today, it will be easier for them.
But the actual gap, as you mentioned, is now. It's people that are already in the, in the
workforce. They don't have yet the ability to, you know, climb the ladder of the speed of
AI is transforming everything that we do.
And from that perspective, we are trying here at TORC and in general, you know, when I talk to
others in other companies, we are trying to create a platform for everyone to learn as much
as possible on the ongoing changes with, you know, tons of systems, endless frameworks that
are different than what they did just an year ago, which is insane when you come to think
about it, right? So from our perspective, what we are trying to do is to create the best platform
for our team. And here and our company, we are doing our best to make sure that they will
learn as much as possible, as fast as possible, to have those platforms and system too, because
it's impossible without it. Yeah, well, I think that it would be great to learn more about
that internship program, because I'm really interested in how you're approaching this, because
I think that there's no substitute for on-the-job training and there's no substitute for hands-on learning.
And so an internship, I think, is an innovative way to try and explore opportunities for more people to get exposure to these skills.
And so I'm curious to know, what are the types of skills that people are learning in this internship?
What are the types of tasks that they're doing?
And how is that helping them build some of these future-ready AI skills that they're going to need along their careers?
Yeah. We announced this partnership July, I believe, and we launched this program in order to make sure that those youngsters will be able to get into the workforce with the ability to, you know, start with some knowledge that is relevant for them. Is it coding? It's, you know, how to use all the platforms that we have today.
So our plan is to have our team, developers team that are focused on AI platforms to help them, teach them, guide them alongside their skills with codes because they are students of computer science.
So to mix both of them with what we are doing here, talk, everything, you know, with the AI platforms, and help them get the skills of building in a company, in a large company.
and growing company, very, very fast growing company,
to build products, build features that are attached to the new AI systems
with actual code that they need to learn in, you know, in a way.
So that's what we're planning to do.
We are building it.
We are just starting the process of having interns inside the company.
So once we'll have them, it will be, you know, much,
It will be easier for me to say exactly if it's succeeded or not.
I'm sure it succeeded as everything that we do.
You know, humbly, I say that, but it's true.
But, you know, I do believe it's related to interns,
but also our inner employees.
And by the way, not only developers,
not only the ones that actually work on the computer all day,
it's related to everyone.
Our team, HR team, we use AI,
platforms and systems in everything that we do. And again, it doesn't replace the people because
eventually you will need the people. It replaces how they work and how they're criticizing what they
have, right? Until now they had to, you know, write a code. Now the AI systems can write their code
for them, but they have to be criticized. They have to criticize what they receive from this
platforms and understand if this is the right thing that they received. If it's not, it's not
like, you know, okay, somebody else, a bot wrote it for me and that's it. It's the end of my work.
It's not how it works. We have to be very, very critical, critic about that.
No, I think that's a great point. We all need to be a little more critical, especially when it
comes to AI. I mean, we've all seen how it can hallucinate. It can make mistakes and as powerful
as it is, it's imperfect.
And one of the things that we've seen in our data at 401 Insights is that AI jobs,
they're consistently asking for workers who have strong critical thinking skills.
In fact, AI jobs we've found are about 130% more likely to also request strong critical
thinking skills.
And so I'm curious, how are you trying to help people develop those critical thinking
skills and some of those, quote, quote, softer skills or power skills,
alongside the technical expertise that's needed to build these tools
so that they can also be efficient and effective
in the way that they're leveraging them
and taking that critical eye, as you said.
So it's a great question.
You know, in almost every role that we're looking at for at work,
we have an assignment and home assignment.
And for a few roles, we ask them to use AI systems.
Okay, we don't want them to sit and write everything from the,
beginning to the end. We asked them to write it on AI. And then we are sitting with them and asking
them the questions. How did they do it? How did they, you know, what did they look at when they
created this, you know, this assignment? Those are different questions that we have to ask now
than we used to ask before that. Because we know that they did it with a CHGPT or, you know,
anything else. Now we have to see how they think about what they created, not only, you know,
the actual work itself. So we are trying to do it here all the time by asking questions,
criticize or, you know, gently, of course, but making sure that they are aware of what they're
doing and why. And eventually it goes in. Eventually you have to understand that, you know,
using Chichipiti is just not enough.
And one last question I'd love to ask you is, as we think about the potential challenges
with building an AI workforce, I'm also curious to know your thoughts on what the benefits are.
When people are leveraging AI effectively, when they have built the skills necessary to utilize
these tools, what do you see as some of the biggest benefits to both individuals who are
leveraging these tools as well as the teams that are investing in these new technologies?
It's a very interesting question because I have to say that I see it now every day, the speed and the accuracy that people can, you know, build features and move forward very, very fast.
I think it's a huge benefit and we see that. I think that the fact that we can provide answers or from our perspective, for example, writing emails, writing answers to,
outside people using tools that will help me create it more fast and more accurate.
I think it really, really helps me, it helps my team.
I can definitely see how it helps our team in the development, in the product, to make everything
faster and more accurate.
Again, you have to be very, very critical about that, but it does, you know, it changes
the way we work.
We'll always take a little more speed and a little more accurate.
I know I can use both.
So nothing wrong with that.
Well, thank you again so much, Kareen, for joining today.
Just so that our listeners know where can they go to learn more about TORC
and your efforts to help build an AI literate workforce.
Absolutely.
So we have our website, TORC.I.O.
They can check in there at our LinkedIn page, TORC,
which has a lot of information, a lot of branding,
that no one can, you know, it's, you can't miss it if you'll see it.
So I'm inviting everyone to join and have a look and join us.
We're looking for a lot of great people.
Wonderful.
We can always use more great people and maybe some great AI as well.
So thank you, Karin, so much for joining today.
This has been a pleasure.
Thank you.
That's Karin Ophir-Zemet, Chief People Officer at Torque,
Speaking with N2K's senior workforce analyst, Will Marco.
At TALIS, they know cybersecurity can be tough and you can't protect everything,
but with TALIS you can secure what matters most.
With TALIS's industry-leading platforms,
you can protect critical applications, data and identities, anywhere and at scale with the highest
ROI. That's why the most trusted brands and largest banks, retailers, and healthcare companies in the
world rely on TALIS to protect what matters most. Applications, data, and identity. That's TALIS.
T-H-A-L-E-S. Learn more at talusgroup.com slash cyber.
Investigating is hard enough.
Your tools shouldn't make it harder.
Maltigo brings all your intelligence into one platform and gives you curated data,
along with a full suite of tools to handle any digital investigation.
Plus, with on-demand courses and live training, your team won't just install the platform.
They'll actually use it and connect the dots so fast,
cybercriminals won't realize they're already in cuffs.
Maltigo is trusted by global law enforcement, financial institutions, and security teams worldwide.
See it in action now at Maltigo.com.
And finally, Russia's Ministry of Defense TV channel Zezda has published
Pollitt Stacker, a weekly AI-generated show that feels like Saturday Night Live got lost in a
Soviet candy factory. Hosted by Natasha, an AI avatar modeled after a real journalist,
the program claims its neural network chooses the week's political nonsense, then serves it up as
jokes, deepfakes, and surreal skits. Hugh Emmanuel Macron in curlers, Donald Trump pitching
golden toilets as foreign policy, and Ursula von der Leyen, crooning Soviet pop while manning
a factory line. The production quality hovers somewhere between Instagram filter gone wrong and
uncanny valley chic, but that hasn't stopped Russia from bragging. It's the world's first state-sponsored
AI news parody. Whether it's parody or propaganda is up for debate, but as data scientist Kalev Litaru points out,
This is a milestone, a national broadcaster openly dabbling in AI deepfakes.
Candy coded or not, Moscow's digital experiments may just be the start.
And that's the cyberwire.
For links to all of today's stories, check out our daily briefing at thecyberwire.com.
Be sure to check out this weekend's Research Saturday.
And my conversation with Natitao, head of Gardeo Labs.
We're discussing their work Kapshageddon, unmasking the viral evolution of the click-fix browser-based threat.
That's Research Saturday.
Do check it out.
We'd love to know what you think of this podcast.
Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of
cybersecurity. If you like our show, please share a rating and review in your favorite podcast app.
Please also fill out the survey and the show notes or send an email to Cyberwire at N2K.com.
N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by
Trey Hester with original music by Elliot Peltzman. Our executive producer is Jennifer Ibin. Peter
Kilpy is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here next week.
Attention
Attention security startups.
There's less than a week left to apply for the 2025 Data Tribe Challenge.
This unique program accelerates early-state
cyber companies, refine your messaging with startup veterans, then pitch to top venture firms
shaping the future of cyber. The live pitch competition takes center stage at Cyber Innovation
Day, November 4th in Washington, D.C. Applying is easy. Go to challenge.datatribe.com,
share your company info, and upload your pitch. Submissions closed September 19th. Submit your
entries today.
And now a word from our sponsor, Threat Locker,
the powerful zero-trust enterprise solution that stops ransomware in its tracks.
Allow listing is a deny-by-default software that makes application control simple and fast.
Ring fencing is an application containment strategy,
ensuring apps can only access the files, registry keys, network resources,
and other applications they truly need to function.
Shutout cybercriminals with world-class endpoint protection from threat locker.