Weak passwords meet strong motives

CISA warns that pro-Russia hacktivist groups are targeting US critical infrastructure. Google patches three new Chrome zero-day vulnerabilities. North Korean actors exploit React2Shell to deploy a new backdoor.  Researchers claim Docker Hub secret leakage is now a systemic problem. Attackers exploit an unpatched zero-day in Gogs, the self-hosted Git service. IBM patches more than 100 vulnerabilities across its product line. Storm-0249 abuses endpoint detection and response tools. The DOJ indicts a former Accenture employee for allegedly misleading federal customers about cloud security. Our guest is Kavitha Mariappan, Chief Transformation Officer at Rubrik, talking about understanding & building resilience against identity-driven threats. A malware tutor gets schooled by the law. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today’s Industry Voices segment, we are joined by Kavitha Mariappan, Chief Transformation Officer at Knowledge Partner Rubrik, talking about understanding and building resilience against identity-driven threats. Tune into Kavitha’s full conversation here.  New Rubrik Research Finds Identity Resilience is Imperative as AI Wave Floods the Workplace with AI Agents (Press release) The Identity Crisis: Understanding and Building Resilience Against Identity-Driven Threats (Report)  Agentic AI and Identity Sprawl (Data Security Decoded podcast episode) Host Caleb Tolin and guest ⁠Joe Hladik⁠, Head of Rubrik Zero Labs, to unpack the findings from their the report Kavitha addresses.  Resources: Rubrik’s Data Security Decoded podcast airs semi-monthly on the N2K CyberWire network with host Caleb Tolin. You can catch new episodes twice a month on Tuesdays on your favorite podcast app. Selected Reading CISA: Pro-Russia Hacktivists Target US Critical Infrastructure New cybersecurity guidance paves the way for AI in critical infrastructure | CyberScoop Google Releases Critical Chrome Security Update to Address Zero-Days - Infosecurity Magazine North Korea-linked ‘EtherRAT’ backdoor used in React2Shell attacks | SC Media Thousands of Exposed Secrets Found on Docker Hub - Flare Hackers exploit unpatched Gogs zero-day to breach 700 servers IBM Patches Over 100 Vulnerabilities - SecurityWeek Ransomware IAB abuses EDR for stealthy malware execution US charges former Accenture employee with misleading feds on cloud platform’s security - Nextgov/FCW Man gets jail for filming malware tutorials for syndicate; 129 Singapore victims lost S$3.2m - CNA Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices