GPS constellations have become foundational in modern society supporting everything from navigation to financial services, making the impacts of GPS disruptions all the more concerning.

As reliance on these systems have grown, so too have efforts by threat actors to disrupt them through techniques such as jamming and spoofing. As these attacks have become more effective, they are becoming increasingly common, especially in conflict zones where disruption and confusion can prove exceedingly valuable.

Key sources:

• Information about GPS Jamming

• What is GPS Spoofing?

• GPS jamming: The invisible battle in the Middle East

Like what you heard? Be sure to subscribe to our free Signals and Space Briefing⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠, our Sunday newsletter covering the intersection of cybersecurity and space. Subscribe at: https://thecyberwire.com/newsletters/signals-and-space 

Is there a topic or person you’d like to hear on our show? You can send your questions and feedback to [email protected]⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠. You can also fill our our audience survey: https://www.surveymonkey.com/r/NJYCN2P 

T-Minus: Space-Cyber Briefing is a production of N2K CyberWire. N2K is your nexus for discovery and connection for people, technology, and ideas shaping the future of secure innovation. Learn how at n2k.com.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Ismael Valenzuela, Arctic Wolf’s VP of Labs, Threat Research and Intelligence, discusses their work on "BlueNoroff Uses ClickFix, Fileless PowerShell, and AI-Generated Fake Zoom Meetings to Target Web3 Sector." Arctic Wolf researchers uncovered a sophisticated campaign by North Korean threat group Lazarus Group subgroup BlueNoroff that targets cryptocurrency and Web3 executives through fake Zoom and Microsoft Teams meetings, using typo-squatted links, ClickFix-style attacks, and AI-generated deepfakes to steal credentials and cryptocurrency-related data.

The attackers built a self-reinforcing operation that captures victims’ webcam footage and Telegram sessions, then repurposes those assets alongside AI-generated images to create increasingly convincing fake meeting participants for future attacks. Researchers identified more than 100 victims across 20 countries, with the campaign primarily targeting CEOs, founders, investors, and senior leaders in the cryptocurrency, blockchain, and financial sectors as part of a long-running effort to steal digital assets and gain access to high-value networks.

The research and executive brief can be found here:

• BlueNoroff Uses ClickFix, Fileless PowerShell, and AI-Generated Fake Zoom Meetings to Target Web3 Sector

Learn more about your ad choices. Visit megaphone.fm/adchoices

Anthropic brings Mythos to the NSA. A Palantir executive emerges as a possible CISA pick. A Linux flaw is under active attack. Minecraft malware goes commercial. An npm package gets caught in the Miasma worm campaign. Researchers document the first AI-driven container escape. A browser supply-chain compromise and a university breach with unexpected victims. Our guest is Ashu Savani, Co-Founder at TryHackMe, discussing building high performing SOC & IR teams. The web becomes machine majority.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On today’s Industry Voices segment, we are joined by Ashu Savani, Co-Founder from TryHackMe, discussing building high performing SOC & IR teams. You can listen to the full conversation here.

Selected Reading

US National Security Agency using Anthropic’s Mythos for cyber attacks (Financial Times)

Trump considers Palantir exec to lead CISA (The Record)

CISA Warns of Active Exploitation of Linux Container Escape Flaw (Beyond Machines)

Game Over: WeedHack - The Rise of Minecraft Malware-as-a-Service Campaigns (McAfee Blog)

Detecting Claude Cowork Insider Threat Activity (DTEX)

Trojanized ai-sdk-ollama Delivers Miasma, a Self-Replicating npm Worm via binding.gyp (Endor Labs)

Agentic threat actor hits the orchestration plane: AI agent-driven container escape (Sysdig)

You do surprise me.exe: An unexpected executable in Hola Browser (SOPHOS)

My SSN was exposed in a breach at Columbia—a school I have no connection with (Ars Technica)

‘Bots have now passed human traffic online,’ Cloudflare boss laments — says agentic traffic wasn’t expected to eclipse real people until next year (Tom's Hardware)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

The Five Eyes issue a rare joint warning on China. Jen Easterly weighs in on Trump’s AI EO. Researchers warn everyday notifications can become AI attack vectors. IronWorm is a sophisticated Rust-based infostealer targeting software developers. Cisco patches a critical vulnerability in its Unified Communications Manager platform. Anthropic maps AI-enabled cyber activity to the MITRE ATT&CK framework. Authorities dismantle an online counterfeit identity marketplace. Our guest is Jason Kikta, CTO from Automox, discussing AI vulnerabilities, real risk, and the speed problem. An extortion crew is forced to open a customer support ticket.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today on our Industry Voices segment, we are joined by Jason Kikta, CTO from Automox, who is discussing AI vulnerabilities, real risk, and the speed problem. If you enjoyed this conversation, check out the full interview here. 

Selected Reading⁠

U.S. and intelligence allies issue rare joint warning about China (Washington Post)

Safeguarding Our Secrets (MI5)

Opinion | The Government Is Finally Taking A.I. Risk Seriously (New York Times)

CISA directive for AI executive order to be released this week, Andersen says (The Record)

Gemini Voice Assistant Hijacked via Messaging Notifications (SecurityWeek)

IronWorm: Shai-Hulud's rustier cousin (JFrog Security Research)

Cisco warns of critical Unified CM flaw with PoC exploit code (Bleeping Computer)

Mapping AI-enabled cyber threats: Insights from the LLM ATT&CK Navigator (Anthropic)

Police dismantles fake ID marketplace used by migrant smugglers (Bleeping Computer)

Over 1.4 Million Accounts Disrupted in Cybercrime Crackdown (SecurityWeek) 

'Dumbass' criminal breaks the 'first rule of ransomware club' (The Register)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.  

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

AI oversight arrives at the White House. A Cyber Force gains momentum. Critical infrastructure comes under cyberattack. Acer faces zero-day trouble. A stock exchange executive gets spied on for months. HTTP/2 Bomb threatens web servers. Quantum’s classical side grows bigger. Britain's military chooses Starshield. Spain’s infamous hacker gets sentenced. Our guest is Benjamin Morrell, Vice President, Security Strategy at Coro Cybersecurity, discussing the role of MSPs. Meta’s productivity panopticon pauses for personal pitstops. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On today’s Industry Voices, we are joined by Benjamin Morrell, Vice President, Security Strategy at Coro Cybersecurity, discussing the role MSPs are playing in cybersecurity. If you enjoyed this conversation be sure to check out the full conversation here. 

Selected Reading

Trump Signs Executive Order Seeking Oversight of A.I. Models (The New York Times)

New cyber force would cost up to $11 billion to start, commission says (The Record)

CISA Warns of Cyberattacks Targeting U.S. Tank Gauge Systems (GB Hackers)

Acer working to patch max severity zero-days in Wave 7 routers (Bleeping Computer)

Espionage Campaign Targeted Stock Exchange Executive for Five Months (Security.com)

'HTTP/2 Bomb' Exploit Knocks Web Servers Offline in Seconds (SecurityWeek)

The Classical Advances Needed to Make Quantum Computers Tick (IEEE)

Alcasec, "Robin Hood of Spanish Hackers," Jailed for 31 Months Over Data Theft (Hackread)

Exclusive: UK adopts SpaceX's Starshield for military operations, sources say (Reuters)

Meta will reportedly let employees take 30-minute breaks from its tracking program (Engadget)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.  

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

A federal watchdog questions NIST over its vulnerability database backlog. Google patches an Android zero-day. Citizen Lab exposes a powerful location-tracking platform. Malware hides commands in Steam comments. Researchers spot AI-assisted malware development. Attackers compromise Red Hat’s npm namespace. DriveSurge spreads malware through ClickFix and fake updates. FreePBX patches a critical flaw. And Dashlane responds to a brute-force attack. Our guest is ⁠Laure Lydon⁠, Opening Chair for Infosecurity Europe and VP of Security and Infrastructure, Flo Health, sharing her expertise on digital health platforms. Meta’s AI support bot proves a bit too eager to help.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today, Maria Varmazis speaks with ⁠Laure Lydon⁠, Opening Chair for Infosecurity Europe and VP of Security and Infrastructure, Flo Health, sharing her expertise on privacy, security, and trust in digital health platforms, especially in sensitive areas like women's health. This interview is part of our partnership with Infosecurity Europe.

Selected Reading

Inspector general finds NIST mistakes have made vulnerability database ineffective (The Record)

Google fixes one actively exploited Android zero-day, 124 flaws (Bleeping Computer)

Uncovering Webloc: An Analysis of Penlink’s Ad-based Geolocation Surveillance Tech (The Citizen Lab)

GoDaddy found malware on 1,980 WordPress sites using Steam as C2 infrastructure (Security Affairs)

Threat Actor Uses AI to Build EDR Evasion Tools (Infosecurity Magazine)

Attackers Hijack Red Hat npm Scope to Steal Cloud Secrets (Infosecurity Magazine)

Hackers hijack thousands of sites for ClickFix and FakeUpdate attacks (Bleeping Computer)

Critical Hard-Coded Credentials Vulnerability in FreePBX User Control Panel (Beyond Machines)

Dashlane password manager users locked out by brute force attacks (Bleeping Computer)

Hackers Simply Asked Meta AI to Give Them Access to High-Profile Instagram Accounts. It Worked (404 Media)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Battlefield AI sparks debate. Election cyber threats rise. A critical Windows flaw is under active attack. CISA weighs new reporting rules. Russian targets face a stealthy hacking campaign. A 19-year-old Linux bug gets its day in the sun. Today’s business update. Our guest is Heather Ceylan,  CISO at Box, discussing how governed AI starts with solving the unstructured data problem. Microsoft hits refresh on research relations. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On today’s Industry Voices we are joined by Heather Ceylan,  CISO at Box, discussing how governed AI starts with solving the unstructured data problem. If you enjoyed this conversation, you can catch the full interview here.

Selected Reading

As the Pentagon Pushes for Battlefield AI, Some Military Leaders Urge Caution (SecurityWeek)

Why a surge of election-related websites could spell rising cyber threats for the midterms (PBS News)

Election threats are focused on campaign systems, not voting machines (CyberScoop)

Critical Windows Netlogon RCE flaw now exploited in attacks (Bleeping Computer)

U.S. CISA adds Palo Alto Networks PAN-OS flaw to its Known Exploited Vulnerabilities catalog (Security Affairs)

CISA Town Halls Set Final Stage for CIRCIA Debate (BankInfo Security)

Unknown hacker group targeted Russian maritime universities, diplomats for nearly two years (The Record)

19-Year-Old Linux Kernel Vulnerability Exposes Systems to Root Access (SecurityWeek)

Indian Exam Board Admits to Cybersecurity Holes Found by Teen (Bloomberg)

Zscaler intends to acquire identity mapping company Symmetry Systems. (N2K Pro Business Briefing)

Microsoft says it will not pursue security researchers after zero-day backlash (The Record)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

In this special edition of CyberWire Daily’s 10th anniversary series, N2K CyberWire's Maria Varmazis and Dave Bittner consider the tactics, trends, and turning points that shaped the threat landscape over the last decade of ransomware.

Ransomware has evolved from small-scale extortion and opportunistic attacks to sprawling, sophisticated, organized crime and state-sponsored attacks. Cryptocurrency plays a pivotal role in enabling ransomware's growth by providing untraceable payment methods.

Join us as we explore key incidents like WannaCry and NotPetya, the shift from street crime to organized and nation-state cyber threats, and AI's impact on the future of ransomware.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Since its original creation in the 1970s, GPS has evolved from a technology primarily used by the military to a foundation for modern society. 

After the removal of selective availability for civilians in 2000, GPS’s value has significantly expanded. In the past two decades, nearly every critical infrastructure sector–telecommunications, transportation, energy, agriculture, emergency services, and financial services–relies on GPS constellations to ensure that timing and location accuracy are precise. Though many do not see its utility in day-to-day efforts, GPS has become entrenched in modern networks and services. Key sources:

• Removal of selective availability.

• Satellite Navigation - GPS - How It Works.

• What can GPS do?

Like what you heard? Be sure to subscribe to our free Signals and Space Briefing⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠, our Sunday newsletter covering the intersection of cybersecurity and space. Subscribe at: https://thecyberwire.com/newsletters/signals-and-space

Is there a topic or person you’d like to hear on our show? You can send your questions and feedback to [email protected]⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠. You can also fill our our audience survey: https://www.surveymonkey.com/r/NJYCN2P

T-Minus: Space-Cyber Briefing is a production of N2K CyberWire. N2K is your nexus for discovery and connection for people, technology, and ideas shaping the future of secure innovation. Learn how at n2k.com.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Today we are joined by Marco Giuliani, Vice President & Head of Research at ThreatDown, discussing their work on "GachiLoader adopts AI skill lure." Threat actors are now using fake AI agent “skills” as highly convincing social engineering lures, with a new campaign disguising the GachiLoader malware as a legitimate OpenClaw tool for automated Polymarket betting.

Victims are tricked through fake installation guides and polished Electron apps into downloading malware that deploys the Rhadamanthys infostealer using fileless injection and blockchain-based command-and-control infrastructure. Researchers say the campaign marks an evolution in cybercrime, turning AI skill ecosystems into a new phishing-style attack surface.

The research and executive brief can be found here:

• ⁠GachiLoader adopts AI skill lure

Learn more about your ad choices. Visit megaphone.fm/adchoices

Iranian hackers hit LA transit. Chinese cyber operators target Middle East infrastructure. Dutch police take down a 17-million-device botnet. Researchers uncover a phishing risk in ChatGPT. Anthropic prepares its Mythos model for release. Chrome patches 22 critical bugs. Zapier fixes a dangerous vulnerability chain. ShinyHunters claims a Charter breach. A data broker who fueled scams against millions of seniors heads to prison. Maria Varmazis joins Dave Bittner for a look back at a decade of ransomware. A Google insider allegedly went from threat hunting to bet hunting.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today CyberWire hosts Maria Varmazis and Dave Bittner take a look at how ransomware has evolved over the past decade, from opportunistic attacks to today’s sprawling criminal enterprises, and discuss the tactics, trends, and turning points that shaped the threat landscape. You can catch the full conversation on Sunday in the CyberWire Daily podcast feed. We hope you’ll join us! 

Selected Reading

Iranian hackers behind March's LA transport cyberattack, Gambit finds (The Jerusalem Post)

Chinese Hackers Exploit Iran War to Target Maritime and Energy Firms (Infosecurity Magazine)

Dutch cops wrest 17M devices from mystery botnet's clutches (The Register)

ChatGPT blindly trusts browser content, turning the page into a payload (The Register)

Anthropic confirms Claude Mythos-class models will roll out to the public (Bleeping Computer)

Chrome 148 Update Patches 151 Vulnerabilities (SecurityWeek)

Zapier fixes bug chain that researchers say risked widespread account takeover (CyberScoop)

Charter Communications data breach affects 4.9 million accounts (Bleeping Computer)

Man sent to prison for selling data of 7 millions elderly Americans (Bleeping Computer)

US charges Google security engineer with Polymarket insider trading (Bleeping Computer)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our ⁠brief listener survey⁠. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at ⁠sponsor.thecyberwire.com⁠.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices