Chrome’s high-risk bug gets squashed.

The UK sanctions Russian military intelligence officers tied to GRU cyber units. An AI-powered malware called LameHug targets Windows systems. Google files a lawsuit against the operators of the Badbox 2.0 botnet. A pair of healthcare data breaches impact over 3 million individuals. Researchers report a phishing attack that bypasses FIDO authentication by exploiting QR codes. A critical flaw in Nvidia’s Container Toolkit threatens managed AI cloud services. A secure messaging app is found exposing sensitive data due to outdated configurations. Meta investors settle their $8 billion lawsuit. Our guest is Will Markow, CEO of FourOne Insights and N2K CyberWire Senior Workforce Analyst, with a data-driven look at how AI is affecting jobs. Belgian police provide timely cyber tips, baked right in. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we have Will Markow, CEO of FourOne Insights and N2K CyberWire Senior Workforce Analyst, discussing how AI is affecting jobs. Got cybersecurity, IT, or project management certification goals? For the past 25 years, N2K's practice tests have helped more than half a million professionals reach certification success. Grow your career and reach your goals faster with N2K’s full exam prep of practice tests, labs, and training courses for Microsoft, CompTIA, PMI, Amazon, and more at n2k.com/certify. Selected Reading Breaking: UK sanctions Russian cyber spies accused of facilitating murders (The Record) Russia Linked to New Malware Targeting Email Accounts for Espionage (Infosecurity Magazine) New “LameHug” Malware Deploys AI-Generated Commands (Infosecurity Magazine) Google Sues Operators of 10-Million-Device Badbox 2.0 Botnet (SecurityWeek) 1.4 Million Affected by Data Breach at Virginia Radiology Practice  (SecurityWeek) Anne Arundel Dermatology Data Breach Impacts 1.9 Million People (SecurityWeek) Phishing attack abuses QR codes to bypass FIDO keys  (SC Media) Critical Nvidia Toolkit Flaw Exposes AI Cloud Services to Hacking (SecurityWeek) New TeleMessage SGNL Flaw Is Actively Being Exploited by Attackers (Hackread) Meta investors, Zuckerberg settle $8 billion privacy lawsuit tied to Cambridge Analytica scandal (The Record) Loaf and order: Belgian police launch bread-based cybersecurity campaign (Graham Cluley) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Pro-Russian Hackers, scam lords, and ransomware gangs face global justice. Louis Vuitton ties customer data breaches to a single cyber incident. The White House is developing a “Zero Trust 2.0” cybersecurity strategy. OVERSTEP malware targets outdated SonicWall Secure Mobile Access (SMA) devices. An Australian political party suffers a massive ransomware breach. Our guest Jacob Oakley speaks with T-Minus Space Daily host Maria Varmazis. Jacob is Technical Director at SIXGEN and Space Lead for the DEFCON Aerospace Village. An Italian YouTuber faces a retro reckoning. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest Jacob Oakley joins us from today’s episode of T-Minus Space Daily host Maria Varmazis. Jacob is Technical Director at SIXGEN and Space Lead for the DEFCON Aerospace Village. He and Maria discuss space cybersecurity. Selected Reading Global operation targets NoName057(16) pro-Russian cybercrime network - The offenders targeted Ukraine and supporting countries, including many EU Member States (Europol) Cambodia makes 1,000 arrests in latest crackdown on cybercrime (NBC News) Armenian National Extradited to the United States Faces Federal Charges for Ransomware Extortion Conspiracy (US Department of Justice) Italian police dismantle Romanian ransomware gang targeting nonprofits, film companies (The Record) Louis Vuitton says regional data breaches tied to same cyberattack (Bleeping Computer) Trump admin focuses on ‘zero trust 2.0,’ cybersecurity efficiencies (Federal News Network) SonicWall SMA devices hacked with OVERSTEP rootkit tied to ransomware (Bleeping Computer) Clive Palmer's political parties suffer data breach affecting 'all emails ... documents and records' (Crikey) YouTuber faces jail time for showing off Android-based gaming handhelds (Ars Technica) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Google and Microsoft issue critical updates. CISA warns of active exploitation of a critical flaw in Wing FTP Server. Cloudflare restores their DNS Resolver service following a brief outage. A critical vulnerability in a PHP documentation tool allows attackers to execute code on affected servers. NSA and FBI officials say they’ve disrupted Chinese cyber campaigns targeting U.S. critical infrastructure. A UK data breach puts Afghan soldiers and their families at risk. Researchers find malware hiding in DNS records. A former U.S. Army soldier pleads guilty to charges of hacking and extortion. Ben Yelin joins us with insights on the Senate Armed Services Committee’s response to rising threats to critical infrastructure.The large print giveth and the small print taketh away.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Ben Yelin, co host of our Caveat podcast and Program Director for Public Policy & External Affairs at the University of Maryland Center for Cyber Health and Hazard Strategies, discussing the Senate Armed Services Committee’s and Trump administration nominees’ recent conversation about rising threats to critical infrastructure. You can find the article Ben discusses here. Selected Reading Google fixes actively exploited sandbox escape zero day in Chrome (Bleeping Computer) Windows KB5064489 emergency update fixes Azure VM launch issues (Bleeping Computer) Exploited Wing file transfer bug risks ‘total server compromise,’ CISA warns (The Record) Cloudflare 1.1.1.1 incident on July 14, 2025 (Cloudflare) Critical template Injection flaw in LaRecipe Documentation Package enables remote code execution (Beyond Machines) NSA: Volt Typhoon was ‘not successful’ at persisting in critical infrastructure (The Record) Defence secretary 'unable to say' if anyone killed after Afghan data breach  (BBC News) Hackers exploit a blind spot by hiding malware inside DNS records (Ars Technica) 21-year-old former US soldier pleads guilty to hacking, extorting telecoms  (The Record) WeTransfer says files not used to train AI after backlash (BBC News) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

A DOGE employee leaks private API keys to GitHub. North Korea’s “Contagious Interview” campaign has a new malware loader. A New Jersey diagnostic lab suffers a ransomware attack. A top-grossing dark web marketplace goes dark in what experts believe is an exit scam. MITRE launches a cybersecurity framework to address threats in cryptocurrency and digital financial systems. Experts fear steep budget cuts and layoffs under the Trump administration may undermine cybersecurity information sharing. A Maryland IT contractor settles federal allegations of cyber fraud. Kim Jones and Ethan Cook reflect on CISO perspectives. A crypto hacker goes hero and gets a hefty reward.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today Kim Jones, host of CISO perspectives, sits down with N2K’s analyst Ethan Cook to reflect on highlights from this season of CISO Perspectives. They revisit key moments, discuss recurring themes like the cybersecurity workforce gap, and get Ethan’s outsider take on the conversations. It’s all part of a special wrap-up to close out the season finale. If you like this conversation and want to hear more from CISO Perspectives, check it out here. Selected Reading DOGE Employee exposes AI API Keys in source code, giving access to advanced xAI models (Beyond Machines) DOGE Denizen Marko Elez Leaked API Key for xAI (Krebs on Security) North Korean Actors Expand Contagious Interview Campaign with New Malware Loader (Infosecurity Magazine) Avantic Medical Lab hit by ransomware attack, data breach (Beyond Machines) Abacus Market Shutters After Exit Scam, Say Experts (Infosecurity Magazine) MITRE Unveils AADAPT Framework to Tackle Cryptocurrency Threats (SecurityWeek) How Trump's Cyber Cuts Dismantle Federal Information Sharing (BankInfo Security) UK launches vulnerability research program for external experts (Bleeping Computer) Federal IT contractor to pay $14.75 fine over ‘cyber fraud’ allegations (The Record) Crypto Hacker Who Drained $42,000,000 From GMX Goes White Hat, Returns Funds in Exchange for $5,000,000 Bounty (The Daily Hodl) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

British and Romanian authorities make arrests in a major tax fraud scheme. The Interlock ransomware gang has a new RAT. A new vulnerability in Google Gemini for Workspace allows attackers to hide malicious instructions inside emails. Suspected Chinese hackers breach a major DC law firm.  Multiple firmware vulnerabilities affect products from Taiwanese manufacturer Gigabyte Technology. Nvidia warns against Rowhammer attacks across its product line. Louis Vuitton joins the list of breached UK retailers. Indian authorities dismantle a cyber fraud gang. CISA pumps the brakes on a critical vulnerability in American train systems. Our guest is Cynthia Kaiser, SVP of Halcyon’s Ransomware Research Center and former Deputy Assistant Director at the FBI’s Cyber Division, with insights on Scattered Spider. Hackers ransack Elmo’s World.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Cynthia Kaiser, SVP of Halcyon’s Ransomware Research Center and former Deputy Assistant Director at the FBI’s Cyber Division, discussing "Scattered Spider and Other Criminal Compromise of Outsourcing Providers Increases Victim Attacks." You can check out more from Halcyon here. Selected Reading Romanian police arrest 13 scammers targeting UK’s tax authority (The Record) Interlock Ransomware Unleashes New RAT in Widespread Campaign (Infosecurity Magazine) Google Gemini flaw hijacks email summaries for phishing (Bleeping Computer) Chinese hackers suspected in breach of powerful DC law firm (CNN Politics) Flaws in Gigabyte Firmware Allow Security Bypass, Backdoor Deployment (Security Week) Nvidia warns of Rowhammer attacks on GPUs (The Register) Louis Vuitton UK Latest Retailer Hit by Data Breach (Infosecurity Magazine) Indian Police Raid Tech Support Scam Call Center (Infosecurity Magazine) Security vulnerability on U.S. trains that let anyone activate the brakes on the rear car was known for 13 years — operators refused to fix the issue until now (Tom's Hardware) End-of-Train and Head-of-Train Remote Linking Protocol (CISA) Hacker Makes Antisemitic Posts on Elmo’s X Account (The New York Times) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Today we are joined by ⁠Selena Larson⁠, Threat Researcher at ⁠Proofpoint⁠, and co-host of ⁠Only Malware in the Building⁠, as she discusses their work on "Amatera Stealer - Rebranded ACR Stealer With Improved Evasion, Sophistication." Proofpoint researchers have identified Amatera Stealer, a rebranded and actively developed malware-as-a-service (MaaS) variant of the former ACR Stealer, featuring advanced evasion techniques like NTSockets for stealthy C2 communication and WoW64 Syscalls to bypass user-mode defenses. Distributed via ClearFake web injects and the ClickFix technique, Amatera leverages multilayered PowerShell loaders, blockchain-based hosting, and creative social engineering to compromise victims. With enhanced capabilities to steal browser data, crypto wallets, and other sensitive files, Amatera poses a growing threat in the wake of disruptions to competing stealers like Lumma. Complete our annual ⁠audience survey⁠ before August 31. The research can be found here: ⁠Amatera Stealer: Rebranded ACR Stealer With Improved Evasion, Sophistication Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of Career Notes. Director of Google Cloud's Office of the CISO, MK Palmore, dedicated much of his life to public service and now brings his experience working for the greater good to the private sector. A graduate of the US Naval Academy, including the Naval Academy Prep School that he calls the most impactful educational experience of his life, MK commissioned into the US Marine Corps following his service academy time. He joined the FBI and that is where he came into the cybersecurity realm. MK is passionate about getting more diversity, equity and inclusion into industry. We thank MK for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

Fortinet patches a critical flaw in its FortiWeb web application firewall.  Hackers are exploiting a critical vulnerability in Wing FTP Server. U.S. Cyber Command’s fiscal 2026 budget includes a new AI project.  Czechia’s cybersecurity agency has issued a formal warning about Chinese AI company DeepSeek. The DoNot APT group targets Italy’s Ministry of Foreign Affairs. Mexico’s former president is under investigation for alleged bribes to secure spyware contracts. The FBI seizes a major Nintendo Switch piracy site. CISA releases 13 ICS advisories.  A retired US Army lieutenant colonel pleads guilty to oversharing classified information on a dating app. Our guest is Catherine Woneis, VP of Product at Fingerprint, to discuss how bots are being used to facilitate music royalty fraud. A federal judge is not impressed with a crypto-thief’s lack of restitution. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Catherine Woneis, VP of Product at Fingerprint, to discuss how bots are being used to facilitate music royalty fraud and how companies can protect themselves. Selected Reading Critical SQL injection vulnerability in Fortinet FortiWeb enables unauthenticated remote code execution (Beyond Machines) Critical Wing FTCritical Wing FTP Server Vulnerability Exploited - SecurityWeekP Server Vulnerability Exploited (SecurityWeek) Cyber Command creates new AI program in fiscal 2026 budget (DefenseScoop) DeepSeek a threat to national security, warns Czech cyber agency (The Record) Indian Cyber Espionage Group Targets Italian Government (Infosecurity Magazine) Former Mexican president investigated over allegedly taking bribes from spyware industry (The Record) Major Nintendo Switch Piracy Website Seized By FBI (Kotaku) CISA Releases Thirteen Industrial Control Systems Advisories (CISA) Lovestruck US Air Force worker admits leaking secrets on dating app (The Register) Crypto Scammer Truglia Gets 12 Years Prison, Up From 18 Months (Bloomberg) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

UK police make multiple arrests in the retail cyberattack case.  French authorities arrest a Russian basketball player at the request of the U.S. A German court declares open season on Meta’s tracking pixels. The European Union unveils new rules to regulate artificial intelligence. London’s Iran International news confirms cyberattacks from Banished Kitten. Treasury sanctions a North Korean hacker over fake IT worker schemes. Microsoft confirms a widespread issue preventing organizations from deploying the latest Windows updates. Agreements over AI help end a year-long Hollywood strike. Researchers take an  in-depth look at ClickFix. I’m joined by Ben Yelin and Ethan Cook for a look at Congress’ recent attempt to limit AI regulation through preemption. Password insecurity with a side of fries. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we’re sharing our latest Caveat Policy Deep Dive—a special segment where we explore the legal and policy forces shaping our digital lives. In this episode, Ethan Cook joins hosts Dave Bittner and Ben Yelin to break down a recent attempt by Congress to use preemption as a way to block state-level AI laws, and what this means for the ongoing tug-of-war over who should regulate AI in America. For the full conversation and a deeper dive into the implications of this federal vs. state showdown, check out the Caveat podcast Selected Reading UK police arrest four in connection with M&S and Co-op cyberattacks (Reuters) Russian Basketball Player Arrested in France at Request of United States (The Moscow Times) German court rules Meta tracking technology violates European privacy laws (The Record) European Union Unveils Rules for Powerful A.I. Systems (The New York Times) Leaked materials came from previously reported cyberattacks, Iran International confirms (Iran Insight) Treasury sanctions North Korean over IT worker malware scheme (Bleeping Computer) Microsoft confirms Windows Server Update Services (WSUS) sync is broken (Bleeping Computer) Industry video game actors pass agreement with studios for AI security (Reuters) Fix the Click: Preventing the ClickFix Attack Vector (Palo Alto Networks) McDonald’s AI Hiring Bot Exposed Millions of Applicants' Data to Hackers Using the Password ‘123456’ (WIRED) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Patch Tuesday. An Iranian ransomware group puts a premium on U.S. and Israeli targets. Batavia spyware targets Russia’s industrial sector. HHS fines a Texas Behavioral Health firm for failed risk analysis. The Anatsa banking trojan targets financial institutions in the U.S. and Canada. Hackers abuse a legitimate commercial evasion framework to package infostealer payloads. Researchers discovered malicious browser extensions infecting over 2.3 million users. Joe Carrigan, co-host on Hacking Humans discusses phishing kits targeting CFOs. Can felines frustrate algorithms? Purr-haps… Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Joe Carrigan, a co-host of Hacking Humans, as he discusses phishing kits targeting CFOs. Selected Reading Microsoft July 2025 Patch Tuesday fixes one zero-day, 137 flaws (Bleeping Computer) SAP Patches Critical Flaws That Could Allow Remote Code Execution, Full System Takeover (SecurityWeek) CISA Releases One Industrial Control Systems Advisory (CISA) Iranian ransomware group offers bigger payouts for attacks on Israel, US (The Record) New spyware strain steals data from Russian industrial companies (The Record) Mental Health Provider Fined $225K for Lack of Risk Analysis (BankInfo Security) Anatsa mobile malware returns to victimize North American bank customers (The Record) Legitimate Shellter Pen-Testing Tool Used in Malware Attacks (SecurityWeek) Researchers Reveal 18 Malicious Chrome and Edge Extensions Disguised as Everyday Tools (Infosecurity Magazine) Cat content disturbs AI models (Computerworld) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices