CyberWire Daily

GPS constellations have become foundational in modern society supporting everything from navigation to financial services, making the impacts of GPS disruptions all the more concerning. As reliance on these systems have grown, so too have efforts by threat actors to disrupt them through techniques such as jamming and spoofing. As these attacks have become more effective, they are becoming increasingly common, especially in conflict zones where disruption and confusion can prove exceedingly valuable. Key sources: Information about GPS Jamming What is GPS Spoofing? GPS jamming: The invisible battle in the Middle East Like what you heard? Be sure to subscribe to our free Signals and Space Briefing⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠, our Sunday newsletter covering the intersection of cybersecurity and space. Subscribe at: https://thecyberwire.com/newsletters/signals-and-space  Is there a topic or person you’d like to hear on our show? You can send your questions and feedback to [email protected]⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠. You can also fill our our audience survey: https://www.surveymonkey.com/r/NJYCN2P  T-Minus: Space-Cyber Briefing is a production of N2K CyberWire. N2K is your nexus for discovery and connection for people, technology, and ideas shaping the future of secure innovation. Learn how at n2k.com. Learn more about your ad choices. Visit megaphone.fm/adchoices

Ismael Valenzuela, Arctic Wolf’s VP of Labs, Threat Research and Intelligence, discusses their work on "BlueNoroff Uses ClickFix, Fileless PowerShell, and AI-Generated Fake Zoom Meetings to Target Web3 Sector." Arctic Wolf researchers uncovered a sophisticated campaign by North Korean threat group Lazarus Group subgroup BlueNoroff that targets cryptocurrency and Web3 executives through fake Zoom and Microsoft Teams meetings, using typo-squatted links, ClickFix-style attacks, and AI-generated deepfakes to steal credentials and cryptocurrency-related data. The attackers built a self-reinforcing operation that captures victims’ webcam footage and Telegram sessions, then repurposes those assets alongside AI-generated images to create increasingly convincing fake meeting participants for future attacks. Researchers identified more than 100 victims across 20 countries, with the campaign primarily targeting CEOs, founders, investors, and senior leaders in the cryptocurrency, blockchain, and financial sectors as part of a long-running effort to steal digital assets and gain access to high-value networks. The research and executive brief can be found here: BlueNoroff Uses ClickFix, Fileless PowerShell, and AI-Generated Fake Zoom Meetings to Target Web3 Sector Learn more about your ad choices. Visit megaphone.fm/adchoices

Anthropic brings Mythos to the NSA. A Palantir executive emerges as a possible CISA pick. A Linux flaw is under active attack. Minecraft malware goes commercial. An npm package gets caught in the Miasma worm campaign. Researchers document the first AI-driven container escape. A browser supply-chain compromise and a university breach with unexpected victims. Our guest is Ashu Savani, Co-Founder at TryHackMe, discussing building high performing SOC & IR teams. The web becomes machine majority. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today’s Industry Voices segment, we are joined by Ashu Savani, Co-Founder from TryHackMe, discussing building high performing SOC & IR teams. You can listen to the full conversation here. Selected Reading US National Security Agency using Anthropic’s Mythos for cyber attacks (Financial Times) Trump considers Palantir exec to lead CISA (The Record) CISA Warns of Active Exploitation of Linux Container Escape Flaw (Beyond Machines) Game Over: WeedHack - The Rise of Minecraft Malware-as-a-Service Campaigns (McAfee Blog) Detecting Claude Cowork Insider Threat Activity (DTEX) Trojanized ai-sdk-ollama Delivers Miasma, a Self-Replicating npm Worm via binding.gyp (Endor Labs) Agentic threat actor hits the orchestration plane: AI agent-driven container escape (Sysdig) You do surprise me.exe: An unexpected executable in Hola Browser (SOPHOS) My SSN was exposed in a breach at Columbia—a school I have no connection with (Ars Technica) ‘Bots have now passed human traffic online,’ Cloudflare boss laments — says agentic traffic wasn’t expected to eclipse real people until next year (Tom's Hardware) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The Five Eyes issue a rare joint warning on China. Jen Easterly weighs in on Trump’s AI EO. Researchers warn everyday notifications can become AI attack vectors. IronWorm is a sophisticated Rust-based infostealer targeting software developers. Cisco patches a critical vulnerability in its Unified Communications Manager platform. Anthropic maps AI-enabled cyber activity to the MITRE ATT&CK framework. Authorities dismantle an online counterfeit identity marketplace. Our guest is Jason Kikta, CTO from Automox, discussing AI vulnerabilities, real risk, and the speed problem. An extortion crew is forced to open a customer support ticket. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today on our Industry Voices segment, we are joined by Jason Kikta, CTO from Automox, who is discussing AI vulnerabilities, real risk, and the speed problem. If you enjoyed this conversation, check out the full interview here.  Selected Reading⁠ U.S. and intelligence allies issue rare joint warning about China (Washington Post) Safeguarding Our Secrets (MI5) Opinion | The Government Is Finally Taking A.I. Risk Seriously (New York Times) CISA directive for AI executive order to be released this week, Andersen says (The Record) Gemini Voice Assistant Hijacked via Messaging Notifications (SecurityWeek) IronWorm: Shai-Hulud's rustier cousin (JFrog Security Research) Cisco warns of critical Unified CM flaw with PoC exploit code (Bleeping Computer) Mapping AI-enabled cyber threats: Insights from the LLM ATT&CK Navigator (Anthropic) Police dismantles fake ID marketplace used by migrant smugglers (Bleeping Computer) Over 1.4 Million Accounts Disrupted in Cybercrime Crackdown (SecurityWeek)  'Dumbass' criminal breaks the 'first rule of ransomware club' (The Register) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.   Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

AI oversight arrives at the White House. A Cyber Force gains momentum. Critical infrastructure comes under cyberattack. Acer faces zero-day trouble. A stock exchange executive gets spied on for months. HTTP/2 Bomb threatens web servers. Quantum’s classical side grows bigger. Britain's military chooses Starshield. Spain’s infamous hacker gets sentenced. Our guest is Benjamin Morrell, Vice President, Security Strategy at Coro Cybersecurity, discussing the role of MSPs. Meta’s productivity panopticon pauses for personal pitstops.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today’s Industry Voices, we are joined by Benjamin Morrell, Vice President, Security Strategy at Coro Cybersecurity, discussing the role MSPs are playing in cybersecurity. If you enjoyed this conversation be sure to check out the full conversation here.  Selected Reading Trump Signs Executive Order Seeking Oversight of A.I. Models (The New York Times) New cyber force would cost up to $11 billion to start, commission says (The Record) CISA Warns of Cyberattacks Targeting U.S. Tank Gauge Systems (GB Hackers) Acer working to patch max severity zero-days in Wave 7 routers (Bleeping Computer) Espionage Campaign Targeted Stock Exchange Executive for Five Months (Security.com) 'HTTP/2 Bomb' Exploit Knocks Web Servers Offline in Seconds (SecurityWeek) The Classical Advances Needed to Make Quantum Computers Tick (IEEE) Alcasec, "Robin Hood of Spanish Hackers," Jailed for 31 Months Over Data Theft (Hackread) Exclusive: UK adopts SpaceX's Starshield for military operations, sources say (Reuters) Meta will reportedly let employees take 30-minute breaks from its tracking program (Engadget) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.   Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices