CyberWire Daily - Undoing the undo bug.
Episode Date: August 20, 2025Microsoft releases emergency out-of-band (OOB) Windows updates. Trump targets NSA’s leading AI and cyber expert in clearance revocations. A breach may have compromised the privacy of Ohio medical ma...rijuana patients. Cybercriminals exploit an AI website builder to rapidly create phishing sites. Warlock ransomware operators target Microsoft’s SharePoint ToolShell vulnerability. Google and Mozilla patch Chrome and Firefox. European officials report two cyber incidents targeting water infrastructure. A federal appeals court has upheld fines against T-Mobile and Sprint for illegally selling customer location data. Authorities dismantle DDoS powerhouse Rapper Bot. On our Industry Voices segment, we are joined by Matt Radolec, VP - Incident Response, Cloud Operations, and Sales Engineering at Varonis, speaking about ShinyHunters and the problems with securing Salesforce. Microsoft Copilot gets creative with compliance. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, we are joined by Matt Radolec, VP - Incident Response, Cloud Operations, and Sales Engineering at Varonis, who is speaking about ShinyHunters and the problems with securing Salesforce. You can hear more from Matt here. Selected Reading Microsoft releases emergency updates to fix Windows recovery (Bleeping Computer) Trump Revokes Security Clearances of 37 Former and Current Officials (The New York Times) Highly Sensitive Medical Cannabis Patient Data Exposed by Unsecured Database (WIRED) AI Website Builder Lovable Abused for Phishing and Malware Scams (Hackread) Warlock Ransomware Hitting Victims Globally Through SharePoint ToolShell Exploit (InfoSecurity Magazine) High-Severity Vulnerabilities Patched in Chrome, Firefox (SecurityWeek) Russia-linked European attacks renew concerns over water cybersecurity (CSO Online) T-Mobile claimed selling location data without consent is legal, judges disagree (Ars Technica) Officials gain control of Rapper Bot DDoS botnet, charge lead developer and administrator (CyberScoop) Copilot Broke Your Audit Log, but Microsoft Won’t Tell You (Pistachio Blog) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyberwire Network, powered by N2K.
And now a word from our sponsor.
The Johns Hopkins University Information Security Institute is seeking qualified applicants
for its innovative Master of Science in Security Informatics degree program.
Study alongside world-class interdisciplinary experts
and gain unparalleled educational research and professional experience in information security and assurance.
Interested U.S. citizens should consider the Department of Defense's Cyber Service Academy program,
which covers tuition, textbooks, and a laptop, as well as providing a $34,000 additional annual stipend.
Apply for the fall 2026th semester and for this scholarship by February 28th.
Learn more at CS.com.
JhU.edu slash MSSI.
vacations. A breach may have compromised the privacy of Ohio medical marijuana patients.
Cyber criminals exploit an AI website builder to rapidly create fishing sites. Warlock ransomware
operators target Microsoft's SharePoint tool shell vulnerability. Google and Mozilla patched
Chrome and Firefox. European officials report two cyber incidents targeting water infrastructure.
A federal appeals court has upheld fines against T-Mobile and Sprint for illegally selling customer
location data. Authorities dismantled DDoS powerhouse wrapper bot. On our industry voices segment,
we're joined by Matt Rattelack, VP of Incident Response, Cloud Operations and Sales Engineering
at Veronis, speaking about shiny hunters and the problems with securing Salesforce. And
Microsoft co-pilot gets creative with compliance.
It's Wednesday, August 20th, 2025.
I'm Dave Vittner, and this is your Cyberwire Intel briefing.
Thanks for joining us here today.
It's great to have you with us.
Microsoft has released Emergency Outer.
of banned Windows updates to fix a bug that breaks reset and recovery tools after installing
the August 2025 security patches. The issue affects Windows 10 and older versions of Windows 11,
blocking users from resetting their PCs, reinstalling Windows while keeping files, or using the
fixed problems using Windows Update tool. IT admins using Remote Wipe CSP for remote resets are
also impacted. These cumulative out-of-band updates replace the faulty ones and can be installed
via Windows Update, Windows Update for Business, or the Microsoft Update Catalog. Microsoft advises
applying the out-of-band updates instead of the August security patches.
President Trump revoked security clearances for 37 current and former intelligence officials,
including Vin Noyan, a senior data scientist at the National Security Agency.
Noyan, a highly regarded mathematician and expert in quantum computing, artificial intelligence,
and cyber issues, has been central to the NSA's cutting-edge technology products.
His removal has alarmed current and former officials,
who warned that losing his expertise could significantly delay U.S. development in key emerging technologies.
Noyen was previously mentioned in reporting on the 2016 election intelligence assessments,
drawing political attention despite his reputation for nonpartisan work.
Critics say targeting him and others reflects a politically motivated effort
led by DNI Tulsi Gabbard at Trump's direction
to discredit intelligence findings on Russian interference in 2016.
A major data exposure may have compromised the privacy of Ohio,
biomedical marijuana patients, researcher Jeremiah Fowler discovered an unsecured 323 gigabyte database in July
that contained nearly a million records, including social security numbers, medical histories,
mental health evaluations, and scans of IDs such as driver's licenses. Some files detailed
qualifying conditions like cancer, HIV, or anxiety, while others included offender release cards
used for identification. Fowler traced the database to Ohio Medical Alliance LLC,
known as Ohio Marijuana Card, and alerted the company on July 14th. The database was secured the
next day, though the firm did not directly respond to him. Company President Cassandra Brooks
later said the incident was under investigation. Misconfigured databases like this remain a common
cybersecurity risk.
Cybercriminals are exploiting Loveable, an AI website builder, to rapidly create fishing sites,
drain cryptocurrency wallets, and spread malware, according to ProofPoint researchers.
Originally designed to let users generate functional websites in minutes, Lovable is now being abused
to mimic trusted brands like Microsoft and UPS.
ProofPoint has detected hundreds of thousands of malicious URLs hosting.
on lovable. app each month since February.
Campaigns include fake Microsoft logins powered by Tycoon Fishing as a Service,
fraudulent HR benefit portals, credit card harvesting UPS clones, and crypto wallet drainers.
Attackers have also distributed malware such as the ZG Rat Remote Access Trojan through fake
invoice pages.
Lovable says it's removed fishing clusters and added AI safeguards like real-time.
malicious prompt detection and daily project scans.
Warlock ransomware operators are aggressively exploiting Microsoft's SharePoint tool shell vulnerability,
rapidly compromising unpatched systems worldwide, according to Trend Micro.
First emerging on the Ramp Forum in June 2025, Warlock has quickly become a global threat,
hitting organizations in North America, Europe, Asia, and Africa,
Affiliates exploit authentication and deserialization flaws to gain code execution,
escalate privileges, move laterally, and deploy ransomware at scale.
Attacks include a July campaign linked to Chinese actor Storm 2603
and an August hit on UK Telecom Colt Technology Services.
Google and Mozilla have released new security patches for Chrome and Firefox,
addressing multiple high-severity flaws.
Chrome 139 fixes an out-of-bounds right bug in the V8 engine
that could be remotely exploited via crafted HTML pages.
The flaw was discovered by Google's Big Sleep AI Vulnerability Hunting System.
Mozilla patched nine Firefox issues,
including a sandbox escape, a same origin policy bypass,
and memory safety bugs that risk remote code execution.
Updates also cover Thunderbird and Firefox ESR.
Users are urged to update promptly.
European officials last week reported two alarming cyber incidents targeting water infrastructure.
In Norway, suspected Russian hackers opened a valve at the Bramanger Dam in April,
briefly increasing water flow but causing no damage.
A telegram video linked to pro-Russian Z-Pentrist alliance shows that,
the attack, though experts say the perpetrators seem inexperienced. In Poland, officials
disclosed a foiled cyber attack that could have cut water to a major city, also attributed to Russian
actors. Experts warn these incidents reflect Russia's long-standing strategy of poking and prodding
critical systems as precursors to larger attacks. Security researchers stress that water
utilities, often underfunded and poorly protected, must urgently improve defenses.
Free resources such as the DefCon Franklin Project and the Cyber Peace Initiative
are also available to help safeguard this critical infrastructure.
A federal appeals court has upheld $92 million in FCC fines against T-Mobile and Sprint
for illegally selling customer location data without consent. The court ruled the care
carriers knowingly shared real-time location information with aggregators like Location Smart and
Zumigo, even after abuses were exposed. Judges rejected claims that the FCC misapplied the law
or violated the Seventh Amendment, noting the carriers waived jury trial rights by paying fines
and seeking review. T-Mobile faces $80.1 million in penalties, Sprint $12.2 million, while AT&T and
Verizon continue separate appeals.
Authorities say they've dismantled RapperBot, one of the most powerful DDoS botnets ever
recorded following a U.S. investigation.
The takedown occurred after officials traced the operation to Ethan Fultz, age 22, of
Eugene, Oregon, who allegedly ram the botnet since 2021.
Fultz, charged with aiding and abetting computer intrusions, bases up to 10 years in prison.
RapperBot, also known as 1111 Botnet and CowBot, infected up to 95,000 IOT devices, conducting more than 370,000 attacks against 18,000 victims worldwide.
At its peak, it launched DDoS attacks exceeding 6 terabits per second.
Investigators linked faults to RapperBot through PayPal and Gmail accounts, and he later admitted to being its administrator.
Major tech firms assisted in the investigation, which officials say may have prevented millions of future attacks.
Coming up after the break, my conversation with Matt Radeleck from Veronis,
speaking about shiny hunters and the problems with securing Salesforce,
and Microsoft co-pilot gets creative with compliance.
Stay with us.
We've all been there.
You realize your business needs to hire someone yesterday.
How can you find amazing candidates fast?
Well, it's easy.
Just use Indeed.
When it comes to hiring, Indeed is all you need.
Stop struggling to get your job.
Post noticed. Indeed's sponsored jobs helps you stand out and hire fast. Your post jumps to the top of search results, so the right candidates see it first. And it works. Sponsored jobs on Indeed get 45% more applications than non-sponsored ones. One of the things I love about Indeed is how fast it makes hiring. And yes, we do actually use Indeed for hiring here at N2K Cyberwire. Many of my colleagues here came to us through Indeed.
Plus, with sponsored jobs, there are no subscriptions, no long-term contracts.
You only pay for results.
How fast is Indeed?
Oh, in the minute or so that I've been talking to you,
23 hires were made on Indeed, according to Indeed data worldwide.
There's no need to wait any longer.
Speed up your hiring right now with Indeed.
And listeners to this show will get a $75-sponsored job credit
to get your jobs more visibility at Indeed.com slash
cyberwire. Just go to Indeed.com slash cyberwire right now and support our show by saying you heard about Indeed on this podcast. Indeed.com slash cyberwire. Terms and conditions apply. Hiring, Indeed is all you need.
humans by more than 80 to 1, and without securing them, trust, uptime, outages, and compliance
are at risk. CyberArk is leading the way with the only unified platform purpose-built to
secure every machine identity, certificates, secrets, and workloads across all environments,
all clouds, and all AI agents. Designed for scale, automation, and quantum readiness,
CyberArk helps modern enterprises secure their machine future.
Visit cyberarc.com slash machines to see how.
Matt Radeleck is VP of Incident Response, Cloud Operations, and Sales Engineering at Veronis.
And on today's sponsored industry voices segment, we chat about shiny hunters and the problems with securing Salesforce.
course. We're very blessed. A lot of organizations trust us to assess the security of their data
and also to help them improve that, whether that be through using our software or even just
meeting with us. And our whole go-to-market strategy is around doing what we call data risk
assessments. And so as a result of that, we get to zoom out and see, well, what do we see everywhere,
whether it's at a big bank or a small retail shop or at a law firm or in fashion or in
manufacturing or in defense, like what is ubiquitous across all of those areas. And when it comes
to security in the cloud, a lot of people make the same mistakes. And when we think about Salesforce,
this is one of those areas where it's super common for organizations to even outsource their
Salesforce to a third-party provider and have either no in-house Salesforce expertise or simply
not even know what it is or it's used for on the security team. And one of the things I always say
back to that is, well, if there was an incident there, are you going to call the third
party or are they still come into the sock and IR team? Right. I mean, it's a really
interesting conundrum, I guess I could say. I mean, correct me if I'm wrong here, but my understanding
is that there can be a lot of frustration, mystery, black magic when it comes to Salesforce in
general. It can be a black box for folks and for non-technical people can feel almost impenetrable.
Am I off base there? No. And people, the Salesforce means different things to be from people.
They have different products and different companies that they've bought and integrated over time.
So there is like healthcare software that runs on Salesforce. There's order management software.
There's ticket management software. There's, you know, deal management software inside of
Salesforce. So when you say the bigger Salesforce, it can mean a lot of different things to different
people, and then unwinding how things like permissions, entitlements, or permission
sets, permissions that groups is the Salesforce terminology, or even API privileges.
Like, most people don't even know how to figure that out, let alone what it's supposed to
look like.
So you're spot on.
Yeah.
Well, I mean, let's talk about some of the potential vulnerabilities here.
Before we dig into what in your research, when you talked about the shiny hunters gang,
Can we still stay at the broad level and talk about some of the potential things?
The things that we found and we put out in our state of security report, for instance?
Yeah, let's do it.
Yeah.
So one thing that we'll see a lot is that a lot of people have the ability to view and export all information.
And, you know, sometimes that's referred to as like God-like privileges, right?
Or these super admin-like privileges.
And that exists in lots of different applications.
It could be in Salesforce.
It could be in box.
It could be, it's less common in, you know,
IAS like a AWS or Google or even Azure cloud compute because you just don't give out those
kinds of privileges. But it's pretty common in SaaS that we'll see that someone can do that.
Another one is some of the apps, like I'm sure you and a lot of your listeners use Microsoft 365
where you're able to create and share data via a link. A lot of people don't know this, but Salesforce
allows you to do that too. And no one thinks about Salesforce the way that they think about Office
365, but the functionality of creating a link and sharing it to anyone on the internet is there.
So there's a lot of power under the hood that people aren't aware of. They don't know what they
don't know. Yeah, and there's this bigger question about like posture management. So I think
what ends up happening is people look at a SaaS application as being inherently scamming
socials. Was that a $20 billion revenue company? Like they're big company, right? They have
they have secure data centers. You can go and look at their website and see their trust information
and how they take security seriously. But in this thing called the shared responsibility
model, which is not pure to Salesforce, it's in any cloud provider that you do business with.
You need to understand what's on you versus what's on them. And for Salesforce, like, they're going
to secure their data centers. They're going to deliver you a secure connection to their
website. But it's on you to configure your identities and your, you know, Salesforce records
and attachments, same as it would be, like, let's say, in Snowflake, you know, the rows of your
database and in your data lake and whether or not things are masked. These are configuration
settings that are on you, and that's what makes this shiny hunters thing so interesting.
And are these things specific to Salesforce or do they have their own peculiarities that present
certain challenges that some of the other providers may not have? Or is this par for the course
in this area?
I'd actually say, I mean, yes, Salesforce has a lot of uniqueness that makes permissions management very difficult, but let's zoom out from that and talk about cloud and SaaS posture management in general.
What is the issue that Shiny Hunters is, quote-unquote, exploiting?
It's not actually a vulnerability per se.
It's that people are allowed to make API queries or add and authorize applications at the user level to their Salesforce data.
You can also do this in Microsoft 365.
You can also do this in Box, in Dropbox, in Google Workspace, where you're allowed to add apps and connect different apps to what you do.
So in this case, Shiny Hunters is, you know, targeting high performance.
profile companies. They're posing to be, you know, IT or security people. They're convincing people
to authorize these applications into their tenants, which then harvest an actual trade data. So when we
tear that apart, there's a few things that they're getting wrong. One, that user has the ability
to add these apps. That's problem number one. Two, the permissions that that user had are probably
too broad. We call that at Veronis a big blast radius. So that means not only did they add this bad app,
but this bad app has the same privileges that they do,
and maybe they have view all or export all,
or maybe they have API access with an unlimited amount of API tokens.
That could be in any application.
Lots and lots of SaaS apps have all these features.
It's just that Salesforce and just how many different ways there are to use it,
people don't often know how to get to that least privilege
or that small blast radius, and so things are generally open.
Or like I mentioned before, Salesforce's uniqueness is it is very often managed by a third party.
And the third party is just trying to keep it running and keep your business running.
not necessarily thinking about, are, am I keeping you from, you know, having bleed over from
one, one object type to another? Yeah. What about shiny hunters themselves? I mean, for folks
who may not be familiar with them, how do you describe that specific group? Yeah, we, you know,
there's been a lot of talk associating Shiner hunters as a, shiny hunters as like a branch or a
carve out of scattered spider, which we all know has been, uh, targeting retailers and
insurance companies for it's that they've been like the hottest threat actor on the scene this summer
i even spoke about them in my rsa talk for instance and they're what's happening is they're
using social engineering in order to impersonate IT people or help desk people now the methods that
they use are changing for apps what we got google was they got someone to authorize a malicious
application like a data loader right and then they exaltrated data but they're also doing things like
getting into someone's octa or getting into someone's office 365 or getting
into their snowflake or getting into their service now.
Like there's other applications that get targeted because ultimately when you compromise
an identity and you assume control over an identity, the way that authentication works on
the internet is you have a lot of single sign on.
I'm sure like, again, like yourself and your listeners, when you click on a website, you
don't log in every time.
Credentials are cached.
It auto passes the token that you already have and you log into that website.
Well, when an attacker compromises you or they compromise your device, they get to do that
same thing.
They get to log in as you everywhere.
And that's what makes Scattered Spider and Shiny Hunter so successful is they are simply targeting users.
And they are getting users to do things with a big blast radius that leads to a data breach.
They are exploiting that user having too much access or having misconfigured API credentials
or having the ability to authorize applications on their tenant.
And so it's actually quite novel versus quite sophisticated.
That's the success behind their campaign, is what they're doing is novel and they're targeting large companies with lots of entry points.
Is there a sense that Shiny Hunters is specifically targeting organizations that are using Salesforce?
I mean, they've had a lot of success there, but a lot of the threat intelligence is tying them to, you know, kind of a branch out of scattered spider who just seems to be shifting industries and shifting applications to target.
So I think it's a target-rich environment, and when the Eye of Saran moves, it's successful, right?
So they've shifted industries a few times.
They've shifted regions.
They started in the UK, for instance.
I don't know if you remember all the grocery stores that were compromised in the UK earlier this summer, which I talked about on my podcast state of cybercrime.
But there's, like I said, the Eye of Saran seems to be shifting to different places.
And it looks like right now it's focused on Salesforce and very large companies.
I mean, Google being a massive, massive company.
Yeah.
What do you make of Shiny Hunter's success with social engineering,
of that being kind of, in my mind, the core of their success?
Yeah, it's 2025.
Our users and identities being compromised is still the most likely way that we're going to have a data breach,
and it's still one of the hardest things to defend against.
Can we really blame them, you know?
Yes, security and whatever.
can help, but I think anybody could be fooled. Even a security researcher can be fooled by a well-crafted ruse.
And so I think this really highlights the need for what people would call, you know, zero trust or against low blast radius, having detective controls and responsive controls, being able to know what happened when a breach happens, being able to respond to it quickly.
Because the bigger the company you are, the bigger, the number of entry points that there are going to be.
only, you know, shining honors
is also to find one weak link or as I always
like to say, an attacker only has to find
one weakness to get in
and you as a security practitioner have to
have to do 100% right 100%
at the time. And as
things get larger and more complex, that just
makes a job harder. So we're
in a time where the attackers have
an upper hand. Well, let's
talk about protecting yourself
against these sorts of things.
Can we start with low-hanging fruit?
I mean, are there common things that people
can do to just, you know, make the other people in the neighborhood maybe a little more
attractive than them? Yeah, limit, like, disable or limit the ability to share stuff via a link
on the internet to anyone in the public. Turn it off. Turn off the ability for your users to
add applications to their tenants. Like, what's the use case? Shouldn't that have to go through
IT anyway? Like, don't you, all the companies that allow this, we often find have very rigorous
change control processes and very rigorous, like, application vetting processes. But yet, when it
comes to Salesforce or it comes to their Google Workspace, they allow users to add apps.
They wouldn't do that on your laptop. Why allow that same thing in a SaaS application?
So I think it's about taking a lot of the security basics and extending them to your SaaS
apps and to your cloud environments. It's these simple best practices. And then, of course,
you know, like give people access to just what they need to do their job and apply that
principle everywhere. Take that little bit of extra time to do security the right way. And
when these incidents happen, the damage will be very small. The liability will be
capped, it won't be a, you know, a big, massive data breach that could be reputation damaging
or even, like, cripple your company's business or ability to do operations.
What are some of the more sophisticated things that people can do to prevent these kinds of
attacks? Yeah, I think on the preventative side, you can restrict connected app permissions
in Salesforce, maybe only read-only and maybe only to certain things. You can apply IP-based
logging controls. So, like, maybe people can only get to these apps if they're on your VPN as
opposed to, meaning they need to not only compromise an identity, but also compromise a device,
right? So think about, like, the multi-factor authentication. Multifactor authentication is another
good one. And also make sure that, like, for Salesforce, for instance, that you're deploying
Salesforce Shield and having some type of behavioral analytics run on top of that, that you're
monitoring authentications and looking for compromised identities, like, you know, behavioral analytics
or, you know, taking like a detection strategy
because you're not going to be able to prevent anything,
but what you can't prevent, you can probably detect.
And if you can't detect it,
then you can at least limit the impact of what happens
or you can react quickly.
And so if you think you have that mindset of I'm going to prevent it,
if I can't prevent it, I'm going to detect it.
If I can't detect it, I'm going to respond to it judiciously.
Like, you're doing everything again.
And so if you've got an enterprise app
that your business runs on
and you don't have a plan to do those three things,
probably start there.
I'm curious about something you touched on,
which is that organizations who are
otherwise secure, organizations who would not allow their users to just install apps on their
laptop, for example, seem to have this blind spot when it comes to Salesforce. Where do you
suppose that comes from? What would generate that kind of oversight? Yeah, Salesforce is often not
purchased by IT. Salesforce does a tremendous job, like hats off to their sales team at selling
into like the head of sales, the CEO, the CFO. And so as a result of that, it often
bypasses a lot of the standard software onboarding.
And when you do a move from like another CRM to a sales force, it's a humongous project.
And again, oftentimes run by a third party.
And, you know, people, everyone's squeezing the budget or they want things to be done faster.
And security is usually the first thing to get overlooked.
Or it's simply not in the wheelhouse of the third party provider that you hired to set
up your sales force because of that shared responsibility model.
Suppose I have a third party provider.
I mean, what kind of questions?
should I be asking them?
Can people in my Salesforce share data via links?
Can users connect via API?
Can users view and export all?
How many super admins do I have?
Can users add connected apps into their Salesforce?
Is multifactor authentication set up?
Is IP-based log-on restriction set up?
What public sites do I have available?
And if everything I'm saying sounds very overwhelming,
You could go to Veronis.com and ask for a free Salesforce state of risk assessment.
It takes us about 15 minutes to get connected to your Salesforce and answer all those questions for you with no obligation to move forward.
But there are a lot of, a lot of ways that you could also assess it yourself if that's above and beyond what your ability to influence things in your organization is.
That's Matt Radeleck, VP of Incident Response, Cloud Operations, and Sales Engineering at Veronis.
And now a word from our sponsor, Threat Locker, the powerful zero-trust enterprise solution that stops ransomware in its tracks.
Allow listing is a deny-by-default software that makes application control simple and fast.
Ring fencing is an application containment strategy, ensuring apps can only access.
the files, registry keys, network resources, and other applications they truly need to function.
Shut out cybercriminals with world-class endpoint protection from Threat Locker.
Longbendy Twizzler's candy keeps the fun going.
Keep the fun going.
Twizzlers, keep the fun going.
And finally, Microsoft's co-pilot is supposed to make life easier.
Summurize a file here, draft an email there, but it also came with a curious trick.
It could fetch files without leaving any record in the audit log.
For security teams and compliance officers, that's not a feature.
that's a horror movie. Researcher Zach Corman found the flaw and responsibly reported it,
only to discover that Microsoft's bug handling process was frustratingly opaque. The company quietly
patched the issue, labeling it important rather than critical, and decided no CVE or public
disclosure was necessary. For organizations bound by HIPAA or other regulations, that could be a major
problem. For everyone else, it's a reminder that co-pilot may be clever, but Microsoft's
communication strategy could use some debugging of its own.
And that's the Cyberwire for links to all. And that's the Cyberwire for links to all of
today's stories, check out our daily briefing at thecyberwire.com.
We'd love to hear from you. We're conducting our annual audience survey to learn more about
our listeners. We're collecting your insights through the end of August. There's a link in the show
notes. Please take a minute and check it out. N2K's senior producer is Alice Carruth. Our Cyberwire
producer is Liz Stokes. We're mixed by Trey Hester with original music by Elliot Peltzman.
Our executive producer is Jennifer Ibin. Peter Kilpy is our publisher, and I'm Dave Bittner.
Thanks for listening. We'll see you back here tomorrow.