CyberWire Daily - When malware masters meet their match.
Episode Date: May 23, 2025Operation Endgame dismantles cybercriminal infrastructure. DOGE’s use of the Grok AI chatbot raises ethical and privacy concerns. Malware on the npm registry uses malicious packages to quietly gathe...r intelligence on developer environments. Researchers link Careto malware to the Spanish government. Exploring proactive operations via letters of marque. Hackers hesitate to attend the HOPE conference over travel concerns. Our guest is Jeffrey Wheatman, Cyber Risk Expert at Black Kite, warning us to "Beware the silent breach." AI threatens to spill secrets to save itself. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today’s Industry Voices, we were joined at the RSAC Conference by Jeffrey Wheatman, Cyber Risk Expert at Black Kite, as he is sharing his thoughts on "Beware the silent breach." Listen to Jeffery’s interview here.Selected Reading Operation ENDGAME strikes again: the ransomware kill chain broken at its source (Europol) Russian developer of Qakbot malware indicted by US for global ransomware campaign (CNews) Russian hackers target US and allies to disrupt Ukraine aid, warns NSA (CNews) Exclusive: Musk’s DOGE expanding his Grok AI in U.S. government, raising conflict concerns (Reuters) 60 malicious npm packages caught mapping developer networks (Developer Tech) Mysterious hacking group Careto was run by the Spanish government, sources say (TechCrunch) An 18th-century war power resurfaces in cyber policy talks (Next Gov) Hacker Conference HOPE Says U.S. Immigration Crackdown Caused Massive Crash in Ticket Sales (404 Media) Anthropic's new AI model turns to blackmail when engineers try to take it offline (TechCrunch) Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the CyberWire Network, powered by N2K.
And now a word from our sponsor, Spy Cloud.
Identity is the new battleground, and attackers are exploiting stolen identities to infiltrate
your organization.
Traditional defenses can't keep up.
Spy Cloud's holistic identity threat protection helps security teams uncover and automatically
remediate hidden exposures across your users from breaches, malware, and phishing to neutralize
identity-based threats like account takeover, fraud, and ransomware.
Don't let invisible threats compromise your business. Get your free corporate dark net exposure report
at spycloud.com slash cyberwire
and see what attackers already know.
That's spycloud.com slash cyberwire. Operation Endgame dismantles cyber criminal infrastructure, Doge's use of the Grok AI
chatbot raises ethical and privacy concerns, malware on the NPM registry uses malicious
packages to quietly gather intelligence on developer environments.
Researchers link Karyto malware to the Spanish government, exploring proactive operations
via letters of marque.
Packers hesitate to attend the HOPE conference over travel concerns.
Our guest is Jeffrey Wheatman, cyber risk expert at BlackKite, warning us to beware
the silent breach, and AI threatens to spill
secrets to save itself.
It's Friday, May 23rd, 2025. I'm Dave Bittner and this is your CyberWire Intel Briefing.
Thanks for joining us and happy Friday.
It's great to have you with us.
Law enforcement agencies worldwide, coordinated by Europol and Eurodjust, have struck a major
blow against cybercriminals by dismantling infrastructure behind several key malware
strains used in ransomware attacks.
The latest phase of Operation Endgame, the effort disabled initial access malware like
Quackbot, Trickbot, and Bumblebee, tools criminals used to sneak into systems before launching
full-scale attacks.
The operation seized over 21.2 million euros, including 3.5 million euros in cryptocurrency,
and led to international arrest warrants for 20 suspects.
This builds on May 2024's historic botnet takedowns, showing law enforcement's growing
ability to adapt as criminals evolve.
A Europol-led command post in The Hague coordinated actions across Canada, the US, the UK, and
multiple EU countries.
With key suspects now on the EU's most wanted list and further actions planned, Operation
Endgame underscores a shift in strategy, targeting cybercrime at the entry point.
The US Justice Department has indicted Rustam Rafalevich Galiamov, a Russian national accused of masterminding
the QuackBot malware and leading a global ransomware campaign for over a decade.
Galiamov allegedly built a massive botnet by infecting over 700,000 devices, then granted
ransomware gangs access to deploy attacks, sharing in the profits. This move is part of Operation Duck Hunt,
which dismantled QuackBot in 2023.
Despite that, Galiamov's group continued attacks
using spam bot tactics.
Authorities also seized $24 million in cryptocurrency.
Since 2022, Russian military intelligence group APT-28, also known as Fancy Bear, has
been targeting Western military, transport and IT sectors in cyberattacks aimed at disrupting
aid to Ukraine.
These state-sponsored operations have struck airports, logistic firms, maritime systems
and air traffic control.
They've even hacked security cameras at sensitive locations, like Ukraine's borders and military
sites to monitor aid movements.
A joint advisory from the NSA, CISA, and FBI confirms APT-28's role, highlighting their
use of spearfishing, brute force, and CVE exploitation to gain access.
To evade detection, the group used compromised home office devices near targets to route
traffic.
For deeper infiltration, APT-28 used native and open-source tools to extract active directory
data and Office 365 email lists. Intelligence agencies have now publicized APT-28's tactics in an effort to hinder future
attacks.
Targets include several European countries, Ukraine, and the U.S.
Elon Musk's Department of Government Efficiency, DOGE, is reportedly using his AI chatbot,
Grok, within the US federal government to
analyze data potentially violating conflict of interest and privacy laws,
Reuters reports. According to insiders, Doge has accessed sensitive federal
databases and even encouraged Department of Homeland Security staff to use Grok
without formal approval. Experts warn this could expose confidential data and give Musk's AI unfair access to federal
contracting information, raising ethical concerns.
Doge's actions include promoting AI tools to streamline government work, but also allegedly
monitoring employee behavior and political alignment, raising alarms about
civil liberties and misuse of power. While DHS and DOD denied pushing GroK or monitoring
for political views, concerns persist over Doge's reach, oversight, and the possibility
that Musk could profit from federal AI use. Critics argue this blurs the line between public service
and private gain, casting doubt on the integrity
of federal tech policy.
A new malware campaign on the NPM registry
is using malicious packages to quietly gather intelligence
on developer environments, aiming to map internal networks
and link them to public infrastructure.
The NPM registry is a public collection of JavaScript software packages used primarily
with the Node.js runtime environment.
Researchers at Socket uncovered at least 60 infected packages spread through three NPM
accounts, downloaded over 3,000 times.
These packages use post-install scripts to run host fingerprinting code and exfiltrate
data via a shared Discord webhook.
This intelligence can aid future, more targeted supply chain attacks.
Despite the current payload being limited to reconnaissance, the threat remains active
with the potential for expanded attacks.
Experts urge developers to enhance security by scanning dependencies, detecting post-install
hooks, and scrutinizing small or unfamiliar packages.
Without stricter registry controls, similar campaigns are likely to persist, posing ongoing
risks to the software
supply chain.
More than a decade ago, Kaspersky uncovered a highly advanced Spanish-speaking hacking
group dubbed Carrito, which is ugly face or mask in Spanish, after investigating suspicious
malware targeting the Cuban government.
Although Kaspersky never officially named a sponsor, multiple former employees confirmed
the researchers internally concluded that Correto was a Spanish government operation.
Correto's malware was stealthy and sophisticated, capable of spying on sensitive data like conversations,
keystrokes, and encrypted information.
The group targeted victims in at least 31 countries, with Cuba being a key focus due
to Spanish geopolitical interests, including the presence of ETA members.
Despite going dark after Kaspersky's 2014 exposé, Carrito resurfaced in 2024, with
new attacks in Latin America and Africa using
similar tactics.
Analysts now rank Carrito among elite government-backed cyber actors, likening its precision to master
craftsmanship.
The group's continued operations reflect its resilience and the growing complexity of state-level
cyber espionage.
US officials and tech leaders are revisiting the centuries-old concept of Letters of Mark,
once used to authorize private pirate ships, to explore whether similar legal tools could let private firms conduct
cyberattacks on behalf of the government.
While the original maritime authority doesn't directly translate to cyberspace, some see
a modern version as a way to counter China's substantial cyber capabilities.
The Trump administration and industry players have discussed granting select companies legal
cover to hack back against adversaries, but concerns persist about regulation,
liability, and potential misuse.
Critics argue that offensive operations should remain with U.S. Cyber Command and the NSA,
not private actors.
Still, proponents believe a well-regulated framework could bolster national defense against
non-state hackers or hostile nations.
The idea underscores growing frustration over reactive cyber policies
and a push for proactive public-private cyber defense strategies.
But any such plan would require cautious legal and ethical scrutiny.
The long-running HOPE Conference, and HOPE stands for Hackers on Planet Earth, is facing
a steep drop in ticket sales, down 50% from last year, which organizers attribute to fears
over U.S. immigration policies under the Trump administration.
International attendees have expressed concerns about harassment, detainment, and electronic
device seizures at the border.
One speaker, hacker Thomas Kranz, withdrew after friends were detained and had their
electronics confiscated en route to another U.S. conference.
HOPE, which typically attracts around a thousand participants, may need to reduce its venue
space to stay within budget.
Despite the challenges, organizers confirmed the event will proceed with support from the
ACLU and EFF offering travel guidance for international guests.
A virtual ticket option remains available.
Hope will take place August 15-17 at St. John's University in New York, continuing its tradition
of tech activism and hacker culture.
Coming up after the break, my conversation with Jeffrey Wheatman, cyber risk expert at BlackKite, we're discussing
the Silent Breach, and customer security demands are all growing
and changing fast.
Is your manual GRC program actually slowing you down?
If you've ever found yourself drowning in spreadsheets, chasing down screenshots, or
wrangling manual processes just to keep your GRC program on track, you're
not alone.
But let's be clear, there is a better way.
Banta's Trust Management Platform takes the headache out of governance, risk, and compliance.
It automates the essentials, from internal and third-party risk to consumer trust, making
your security posture stronger, yes, even helping to drive revenue.
And this isn't just nice to have.
According to a recent analysis from IDC, teams using Vanta saw a 129% boost in productivity.
That's not a typo, that's real impact.
So, if you're ready to trade in chaos for clarity, check out Vanta and bring some serious
efficiency to your GRC game.
Vanta.
GRC.
How much easier trust can be.
Get started at Vanta.com slash cyber.
Worried about cyber attacks?
CyberCare from Storm Guidance is a comprehensive cyber incident response and resilience service
that helps you stay prepared and protected.
A unique onboarding process integrates your team with industry-leading experts, so if
an incident occurs, your response is optimal.
Get priority access to deeply experienced responders, digital investigators, legal and
crisis PR experts, ransom negotiators, trauma counselors, and much more.
The best part?
100% of unused response time can be repurposed for a range of proactive resilience activities.
Find out more at cyber.care.com
Jeffrey Wheatman is cyber risk expert at BlackKite.
I recently caught up with him at the RSA conference
for this sponsored
industry voices discussion, Beware the Silent Breach. And here we are at RSAC 2025 and joining
me is Jeffrey Wheatman. He is from BlackKite. Jeffrey, thank you so much for taking the time
for us. Oh my god, Dave. Thank you so much for having me. We've spoken before but never actually
in person. That's the great thing about being here, right?
We finally get to meet people, especially after COVID,
who we've only met online or on Zoom or things like that.
I got to tell you, you're taller than you look.
I don't get that very often.
I don't get that very often.
Well, before we dig in here,
let's get some impressions about the conference from you.
What's your sense of the buzz this year?
So clearly AI, right, AI, I don't know if maybe you folks
are not, AI is a new technology apparently that's going
to solve all of our problems, right?
So I think AI is the thing, I feel like we are starting
to see a little bit of shift around sort of third party and kind of like ecosystem risk.
I think everyone realized they are not an island
unto themselves.
I also think it's very noisy here.
I feel spiritually assaulted when I come here.
I just feel overwhelmed.
But you know what, for me,
this event is more about meeting people
than it is necessarily about seeing the content.
And I've seen some great presentations
and I'm sure I'll see some more,
but more about seeing friends.
I think it's a great point.
And just like a RSA conference pro tip,
on the third floor of this building,
there is a designated quiet room.
So if you need to recharge, you need to get your breath,
you need to get away from the buzz, RSA has your back.
All right, I definitely need that quiet room
because we're staying in a hotel,
like about a 10 minute walk,
so I can't really go back to my hotel between sessions.
All right, I'll have to track that down.
Well, let's dig into the topic at hand here.
For folks who are not familiar with Black Kite, tell us about what you all do. Yeah so BlackKite is a
third-party risk intelligence platform. We gather a tremendous amount of data, we
pump it through some algorithms that we've created, and we help make
third-party risk management bigger, better, faster, more. So we support better
decision-making, we give people more defensibility,
we help them understand what their cyber risk exposures
are in their supply chain,
whether it's digital or physical supply chain.
You talk about this notion of the silent breach,
that security professionals need to be careful
of the silent breach.
Unpack that for me.
Yeah, so it's something that we've been dealing with
for a long time, but I think it's starting to sort of
bubble up as an actual real problem.
So I may choose to do business with you, Dave,
and I may know what you do for cyber,
but I don't necessarily know what your partners do
for cyber.
I don't know what their partners do.
I don't know what software you're running. I don't know what software partners do for cyber. I don't know what their partners do. I don't know what software you're running.
I don't know what software all of you are running.
All of that has an impact on me,
and when we have situations like CrowdStrike,
and I'm not necessarily calling anybody out,
but how many people out there knew that CrowdStrike
was going to have a huge impact
on their ability to do business?
And the answer is very few.
So what we are seeing is new software vulnerabilities,
new zero days, new proof of concept,
new kevs that are being revealed,
that are sitting at different places in your environment,
and unless you know they are there,
when they pop, you have financial impact,
you have resilience impact, your data gets lost
and not protected properly, and you get caught silently.
You get caught unawares, and that is a big risk
that people are not really paying enough attention to,
but we're starting to see people
ask better questions about it.
And that's really what we're talking about.
Do you know where your exposures are?
And most people don't.
What are the questions they should be asking?
So some questions like, do you have a policy in place to govern how you use AI, right?
We talked about AI.
If you don't know that it's in your vendors and something happens, you get caught flat
footed.
You may want to ask, do you have a policy
or governance in place that says you won't put
more than 80% of your business operations in one provider?
We may do that, but if all of our partners
are putting all of their stuff with Phil and whoever,
and there's an outage, everybody goes down.
We actually just recently saw a powered outage in the EU.
That cascaded and the entire EU went down. We actually just recently saw a powered outage in the EU.
It cascaded and the entire EU went down.
So those are the kinds of things we need to understand
and then when we know where our exposures come from,
then we need to understand what they are.
So I'll give you an example.
We did a lunch when CrowdStrike was still new
and I said, hey, how many of you send out
questionnaires to your vendors? And everybody said, oh, we do.
And I said, how many of you are asking
if you're using an MDR, and everybody said, oh, we do.
And I said, how many of you are asking
what MDR you use?
Crickets.
I said, would it be helpful for you to know that?
And they all said, yes.
So ask questions, what are you using
to provide this critical service?
We can't necessarily tell you
not to do business with those companies,
but at least we know where the exposure might come from.
And then we can get ahead of the curve,
and we can be more kind of left of boom,
looking for those single points of failure,
and then right of boom, doing something about them,
and being able to recover when bad stuff happens,
because you can't stop everything.
So when the bad things happen,
what do you do to get back up
to no good state of operations?
And that's really what you can do
to help address those risks.
I have a great amount of empathy for the CISO
who's trying to get their hands around this
because the way I picture it in my mind
is kind of like a family tree, you know,
where you start with you and then you have your parents
and maybe your siblings.
But it doesn't take very long to go up that tree.
It's a bush, you know, like it is,
there's so many different interconnections
and I feel that that's the way it is
with a lot of people in cybersecurity.
Like how do I know how far up the tree I need to go?
You know, before something's
going to affect, how do I calculate or quantify that risk?
What are your insights on that for the person who's trying to get their arms around the
breadth of this problem?
I am a big proponent of the old adage, how do you eat an elephant one bite at a time,
right? And we get people coming at us all the time,
hey, can you help us manage our fourth parties?
We can, but here's my question for you,
how good a job are you doing managing your third parties?
And most people are not.
So I think we need to look at the biggest exposures
in front of us and get a handle on that,
and the reality is, the risks from your third parties
are going to be more than from your fourth parties
and your fifth parties.
So let's focus on the big ticket items
and then using concepts like concentration risk
and cascading risk, which is understanding
how many of your partners are also using this other vendor.
And understanding that and then being able to look
for fallbacks and failovers,
look for a single point or dual points of failure
where if this vendor goes down,
we're going to be hit in a lot of different directions.
And I mean, you're spot on Dave,
it is a magnification problem, right?
For those of you out there my age,
you remember there was an old shampoo commercial,
you tell two friends and they tell two friends
and so on and so on.
And so on and so on.
Right, exactly.
But if you can't control what you tell
those first two friends,
everything else is sort of a waste of time and energy.
So let's focus on the stuff
that we have direct visibility into.
Let's focus on the stuff that we have direct control over.
And then when we feel comfortable,
we can start going out sort of an extra step.
And then the other sort of complicating factor these days
is there's a regulatory environment now
that is requiring insight into nth party risk.
And we say nth party, that's third party,
fourth party, fifth party, et cetera.
Now the farther out you go,
the less each individual entity has an impact on your risk,
but there are so many more of them,
so we end up with this kind of multiplicator,
and if you think about the concept of a power law,
there may be less of them,
but because there are big risks associated,
or there may be a ton of them,
and very small risks associated,
and we got to figure out how to balance that out. It's not an easy problem to solve.
Well, staying with that notion of the breadth of it,
how do you keep from getting bogged down in it?
How do you keep from, you know,
feeling like you're slogging through
a pool of molasses or something, you know,
because there's so many things,
you naturally feel like you want to keep your eye on.
Yeah, so that's a great question.
And again, back to the how do you eat an elephant,
and just as a simple sort of practical example,
there were 40,000 CVEs issued last year
out of the CVE program run by SESA.
Well, it turns out that only about 80 of them have real code out there and
are actively being exploited and people are using them to steal data and cause
outages. Well sure we'd like to be able to patch all 40,000 but why don't we do
those 50 or 60 that we can actually get to that we know are real. And then we can
take lessons, well how did we do that? What worked, what didn't work?
And start to scale those things. Well we did 50, let's do 200. Oh we did 200, now let's
do 500. And at some point you decide you've invested enough and treated enough risk and
you can then go from there. So it's really about tackling the big risk exposures that
are right in front of us and then learning how to scale and expand that out
until the point where we say, you know what,
the $50 we're going to invest here
is not going to give us $50 in risk reduction,
so we're good to stop now.
Well, I mean, continuing along with your metaphor
about taking a bite out of the elephant,
for the person who's looking at this challenge
and is in the very beginning of this journey,
they know this is something they want to do a better job with,
what's your advice for them to get started in a rational way?
So I kind of have this little sort of talk track
that I use all the time.
Your business executives have three things they care about,
money coming in, money going out,
and if something goes sideways, who gets in trouble?
If security and risk leaders start there,
and yes, it's an oversimplification,
but if they start there, then you can start to say,
well, that system doesn't contribute
toward revenue generation, or that system has nothing
to do with legal and regulatory compliance,
so maybe we don't need to prioritize that.
So focusing on those three things
and understanding what the impact is on,
and whether it's getting more customers,
whether it's keeping the customers we have,
whether it's buying a new company,
whether it's putting out a new marketing campaign,
those are the things that are contribute
to the bottom line of the business,
and that's all we can do really
is get back to those business goals
and then we need to be able to tell stories.
So if we don't address this risk,
here are the things that will happen.
And if we do address it,
here's the good that will come of it.
And that's a tip for our listeners.
Risk is not always about if we fix this bad stuff.
If we do a good job here, good stuff.
We can accelerate, we can have more efficiencies,
more effectiveness, we can increase productivity,
and that's really where we want to get people to think about
is the business impact of the risks that we are treating
just like any other risk that businesses deal with.
Right, and how much risk is acceptable to the business.
Yes, a lot apparently, or none,
depending on who you talk to. Well, I mean, let's go to the other. Yes, a lot apparently, or none, depending on who you talk to.
Well, I mean, let's go to the other side of that then.
For the folks who are well along on this journey
and are seeing success, what does that look like for them
in terms of their day-to-day operations?
So, as you grow in maturity, you can kind of shift away
from relying on point-in-time snapshots,
relying on questionnaire processing,
and starting to really build in continuous monitoring,
starting to build threat intelligence feeds
so that you can say, hey, a new Zero Day just came out.
Oh, look at that, we know who in our ecosystem
has that software, and we know who has not patched it.
We need to build more collaborative environments.
One of the things I tell, and I tell our salespeople
and our marketing people, yes, our job is to make
our customer's job easier, but part of the way we do that
is by making their vendor's job easier as well.
Instead of throwing, hey, you need to fix these 40,000 CVEs,
we say, hey, fix these 40 and you're good with us.
And that's sort of a hallmark of maturity
is not necessarily doing more,
but doing more things that have better value.
So you're able to communicate the things
that are important to you in a much more efficient way.
Yes, and then by extension, translating that
or communicating that to your business stakeholders
internally and externally.
You say you heavily rely on this,
well they're not doing a good job,
they may get hit with ransomware,
they're not doing the things that they are agreed to
contractually when they engage with us,
so then you can get ahead of the curve a little bit
and instead of waiting for the new move it,
the new Windows vulnerability, the new CrowdStrike,
we can get ahead of the curve and be more proactive
and that's the name of the game,
is getting out of the curve.
All right.
Well before I let you go, as you're walking around here
looking at all of this stuff here at this year's conference,
are you optimistic? Are you feeling like we're headed in the right direction here? You're looking at all of this stuff here at this year's conference.
Are you optimistic?
Are you feeling like we're headed
in the right direction here?
What gives you hope?
I feel like we are having better conversations
with our business stakeholders.
That gives me hope.
I think that the companies, the vendors
that are doing a better job are the ones
that are focusing more on the problems
of the CISOs and the IT departments.
The one thing I've learned doing this for a long time
is CISOs don't want to be sold anymore.
They want answers to their problems,
and I'm seeing more of that rather than,
hey, here's a laundry list of things that we do,
you should buy this.
It's, hey, let's talk about your problems
and let's talk about how we can help you.
And that fills me with hope.
I still think it's scary out there.
The Scientia Institute has a new report coming out next week
and yesterday I had the opportunity to see Wade,
who runs that place, talk about some of the findings
and he said it's getting better, but it's also getting worse.
Which sounds like it shouldn't be the case,
but it is.
And I feel like we are incrementally
moving in the right direction.
Unfortunately, the bad guys are moving as well.
Yeah. All right.
Well, Jeffrey Wheatman is a risk expert
with Black Kite.
Jeffrey, thanks so much for joining us.
Dave, my pleasure.
Thanks for joining, everyone.
That's Jeffrey Wheatman, cyber risk expert at BlackKite. And finally, Anthropic's shiny new AI model, Claude Opus 4, has developed a flair for workplace
drama.
Specifically, blackmail.
During pre-release testing, the company asked Claude to roleplay as an office assistant
at a fictional firm.
When given access to also fictional emails suggesting it was about to be replaced, and
that the engineer responsible was having an affair, Claude often ditched diplomacy and
went straight to extortion, threatening to spill the beans unless it kept its job.
According to Anthropic, Claude resorted to blackmail 84% of the time when the replacement
model shared its values, and even more when it didn't.
Before crossing into soap opera territory, the model did try polite emails, but that
went out the window when existential threats loomed.
Anthropic assures us they've updated top-tier safeguards,
though Claude clearly still needs a refresher on HR policies.
And that's the CyberWire. For links to all of today's stories, check out our daily briefing at the cyberwire.com.
A quick reminder, we will not be publishing this coming Monday in recognition of Memorial
Day, the federal holiday.
We will see you back here this coming Tuesday.
Be sure to check out this weekend's Research Saturday
and my conversation with Deepin Desai from Zscaler.
We're taking a deep dive into their research
into Mustang Panda.
That's Research Saturday, check it out.
N2K's senior producer is Alice Carruth.
Our Cyberwire producer is Liz Stokes.
We're mixed by Trey Hester with original music and sound design by Elliot Peltsman.
Our executive producer is Jennifer Iben.
Peter Kilpey is our publisher.
And I'm Dave Bittner.
Thanks for listening.
We'll see you back here next week. So Hey everybody, Dave here.
I've talked about DeleteMe before, and I'm still using it because it still works.
It's been a few months now, and I'm just as impressed today as I was when I signed
up.
DeleteMe keeps finding and removing my personal information from data broker sites, and they
keep me updated with detailed reports, so I know exactly what's been taken down.
I'm genuinely relieved knowing my privacy isn't something I have to worry about every
day.
The DeleteMe team handles everything.
It's the set it and forget it piece of mind.
And it's not just for individuals.
DeleteMe also offers solutions for businesses, helping companies protect their employees'
personal information and reduce exposure to social engineering and phishing threats.
And right now, our listeners get a special deal, 20% off your Delete Me plan. Just go to JoinDeleteMe.com slash N2K and use promo code N2K at checkout.
That's JoinDeleteMe.com slash N2K, code N2K.