CyberWire Daily – Episode 404: “Cybercrime Not Found.”

Date: November 13, 2025
Host: Dave Bittner (N2K Networks)
Featured Guest: Garrett Hoffman, Senior Manager of Cloud Security Engineering, Adobe

Episode Overview

This episode of CyberWire Daily covers major developments in global cybercrime crackdowns, new government initiatives against cyber scams, fresh vulnerability disclosures, and trends in cloud security. The show features an in-depth interview with Garrett Hoffman from Adobe, who shares actionable insights on achieving cloud security at scale, fostering a shared-security culture, and navigating emerging challenges like AI.

Key News Highlights

Operation Endgame: Major Global Takedowns

[01:04]

Authorities in Europe dismantled three major cybercrime platforms: Ratamanthis Infostealer, Venom Rat Remote Access Trojan, and the Elysium Botnet.
Over 1,000 servers removed, 20 domains seized, searches across Germany, Greece, and the Netherlands.
"Hundreds of thousands of computers were infected and millions of stolen credentials were stored in the dismantled infrastructure."
The key Venom Rat suspect was arrested on November 3rd in Greece.
Victims are urged to check for undetected infections.

U.S. “Scam Center Strike Force”

[02:20]

U.S. government forms a multi-agency team (DOJ, Secret Service, State, FBI) targeting Southeast Asian scam compounds in Burma, Cambodia, Laos.
Tactics include sanctions, asset seizure, prosecutions.
Estimated $10B lost by Americans in 2024 to online scams, with new sanctions targeting entities involved in human trafficking and civil war funding.

Microsoft Teams: New “Prevent Screen Capture”

[03:30]

Microsoft rolls out a long-awaited feature blocking screenshots/recordings in Teams Premium meetings.
"[The] feature restricts visual content capture by forcing screenshots to display a black box or show a warning message."
Only available for Windows/Android; must be enabled per meeting.

Proton Pass Clickjacking Flaw Fixed

[04:20]

Proton Pass updates its browser extension after a DEFCON-demonstrated vulnerability allowed invisible UI triggers and forced autofill.
Fixes harden the UI against manipulation; users urged to update and disable autofill on untrusted sites.

New Zero-Day: Citrix & Cisco ISE

[05:10]

Amazon's Threat Intelligence uncovers two critical, previously undisclosed flaws:
- Citrix Bleed 2 and a Cisco ISE pre-authentication RCE.
"The actor weaponized both vulnerabilities before patches were available, a sign of advanced capability."
Stealthy exploitation through custom in-memory web shells; focus on identity/network access infrastructure.

CISA & Cisco Emergency

[06:25]

CISA directs federal agencies to patch two actively exploited Cisco firewall vulnerabilities (zero-day, Arcane Door campaign).
"Some [agencies] mistakenly applied incomplete updates." ShadowServer finds 30,000+ vulnerable devices still online.

Android Photo Frames: Malware Risks

[07:15]

Quokka researchers find Uhail-branded Android digital photo frames riddled with malware and critical vulnerabilities.
"Devices ship with SELinux disabled, are rooted by default, and use insecure configurations that enable remote code execution, command injection and unauthorized file access."
Vendor unresponsive to disclosures.

Loomis Stealer Malware Rebounds

[08:15]

Trend Micro: Loomis Stealer recovers after doxxing, using browser fingerprinting and process injection.
Enhanced C2 infrastructure, targeting endpoints and deploying more second-stage payloads.

X (Twitter) Passkey Chaos

[29:10]

Users locked out of X after a migration to x.com broke compatibility with older Twitter passkeys.
"Those keys still think Twitter exists, and they refuse to make the jump."

Interview: Achieving Cloud Security at Scale (with Garrett Hoffman, Adobe)

Guest Introduction & Background

[13:42]

Garrett Hoffman has nearly 8 years at Adobe; prior experience at Microsoft.
"I've been in a variety of security roles at Adobe, both as an individual contributor and as a technical leader."

Defining “Cloud Security at Scale”

[15:06]

"Cloud security at scale means three different things..."
1. Strategy & Baseline: Establish broad, company-specific standards using industry frameworks and provider best practices.
  - “Each company needs to define what this means for them...based on your risk tolerance, your compliance certifications, the data you protect, and just overall the experience that you want to give to your customers.”
2. Comprehensive Visibility: Use tools (e.g., CNAPPs) and in-house solutions to identify and track posture vs. standard.
  - "The outcome that you want to look for is defining a comprehensive visibility into where you're deficient compared to your cloud security standard."
3. Continuous Improvement: Secure by default and prevent security drift via lifecycle integration and ongoing remediation.

Misconceptions in Scaling Cloud Security

[18:41]

“First...focusing so much on remediation that you don't address risk prevention...The best practice...is to assess the risk that you're discovering and then determine how to prevent new ones from being created.”
"Second… effective cloud security belongs to the security team…And that's absolutely not correct. Security is everyone's responsibility."

Fostering Organization-Wide Buy-In

[20:27]

Awareness: “Ensure that everyone is aware that the actions they take can impact our cloud security.”
Trust: "We have to ensure that the product teams trust the security team...that as they work with us...they'll have better outcomes over time."

Architectural Lessons from Adobe

[21:52]

“One of the biggest things I could think of would be a lack of shared standards. So not building security in from the beginning or taking a secure by default approach...If they don't implement security best practices from the beginning...they'll have to go back and fix the infrastructure after it's deployed.”

Lessons and Benefits of Standardization

[22:50]

“Now is the best time to implement standardized practices so that as your company continues to grow, that will be in there from the beginning...It helps them be more efficient as well.”

Future Trends: AI & Cloud Security

[23:52]

“AI systems can present cloud security professionals with both a new risk and an opportunity…AI is a powerful tool to enhance security, but not necessarily to replace human oversight.”
Adobe’s approach: Grounded in “accountability, responsibility, and transparency.”
New cloud features require rapid security adaptation.

Managing Scale at Large Enterprises

[26:08]

“Making sure that you have great relationships with your partner teams so that you can work together and put together a holistic strategy...where, where one team isn't trying to tackle all of security by themselves..."

Notable Quotes

“Security is everyone's responsibility.”
– Garrett Hoffman, [18:58]
“AI is a powerful tool to enhance security, but not necessarily to replace human oversight.”
– Garrett Hoffman, [24:35]
“The outcome that you want to look for is defining a comprehensive visibility into where you're deficient compared to your cloud security standard...”
– Garrett Hoffman, [16:40]

Important Segment Timestamps

Operation Endgame takedown: [01:04]
Scam Center Strike Force: [02:20]
Microsoft Teams screen capture feature: [03:30]
Proton Pass patch: [04:20]
Amazon finds Citrix/Cisco zero-days: [05:10]
CISA/Cisco emergency directive: [06:25]
Android digital frame vulnerabilities: [07:15]
Loomis Stealer rebounds: [08:15]
Interview with Garrett Hoffman (Adobe): [13:42]–[27:04]
- Defining cloud security at scale: [15:06]
- Misconceptions: [18:41]
- Getting buy-in: [20:27]
- Architectural challenges: [21:52]
- Standardization lessons: [22:50]
- Future (AI) trends: [23:52]
- Managing enterprise scale: [26:08]
X passkey lockout issue: [29:10]

Memorable Moment

The X.com passkey migration lockout situation:
- "Those keys still think Twitter exists, and they refuse to make the jump. ...X has yet to comment, perhaps still circling the login page with the rest of us." [29:45]

This episode provides a comprehensive briefing on leading security headlines and insights on building cloud security at scale, emphasizing collaboration, proactive prevention, and adapting to technological change.

CyberWire Daily – Episode 404: “Cybercrime Not Found.”

Date: November 13, 2025
Host: Dave Bittner (N2K Networks)
Featured Guest: Garrett Hoffman, Senior Manager of Cloud Security Engineering, Adobe

Episode Overview

Key News Highlights

Operation Endgame: Major Global Takedowns

[01:04]

Authorities in Europe dismantled three major cybercrime platforms: Ratamanthis Infostealer, Venom Rat Remote Access Trojan, and the Elysium Botnet.
Over 1,000 servers removed, 20 domains seized, searches across Germany, Greece, and the Netherlands.
"Hundreds of thousands of computers were infected and millions of stolen credentials were stored in the dismantled infrastructure."
The key Venom Rat suspect was arrested on November 3rd in Greece.
Victims are urged to check for undetected infections.

U.S. “Scam Center Strike Force”

[02:20]

U.S. government forms a multi-agency team (DOJ, Secret Service, State, FBI) targeting Southeast Asian scam compounds in Burma, Cambodia, Laos.
Tactics include sanctions, asset seizure, prosecutions.
Estimated $10B lost by Americans in 2024 to online scams, with new sanctions targeting entities involved in human trafficking and civil war funding.

Microsoft Teams: New “Prevent Screen Capture”

[03:30]

Microsoft rolls out a long-awaited feature blocking screenshots/recordings in Teams Premium meetings.
"[The] feature restricts visual content capture by forcing screenshots to display a black box or show a warning message."
Only available for Windows/Android; must be enabled per meeting.

Proton Pass Clickjacking Flaw Fixed

[04:20]

Proton Pass updates its browser extension after a DEFCON-demonstrated vulnerability allowed invisible UI triggers and forced autofill.
Fixes harden the UI against manipulation; users urged to update and disable autofill on untrusted sites.

New Zero-Day: Citrix & Cisco ISE

[05:10]

Amazon's Threat Intelligence uncovers two critical, previously undisclosed flaws:
- Citrix Bleed 2 and a Cisco ISE pre-authentication RCE.
"The actor weaponized both vulnerabilities before patches were available, a sign of advanced capability."
Stealthy exploitation through custom in-memory web shells; focus on identity/network access infrastructure.

CISA & Cisco Emergency

[06:25]

CISA directs federal agencies to patch two actively exploited Cisco firewall vulnerabilities (zero-day, Arcane Door campaign).
"Some [agencies] mistakenly applied incomplete updates." ShadowServer finds 30,000+ vulnerable devices still online.

Android Photo Frames: Malware Risks

[07:15]

Quokka researchers find Uhail-branded Android digital photo frames riddled with malware and critical vulnerabilities.
"Devices ship with SELinux disabled, are rooted by default, and use insecure configurations that enable remote code execution, command injection and unauthorized file access."
Vendor unresponsive to disclosures.

Loomis Stealer Malware Rebounds

[08:15]

Trend Micro: Loomis Stealer recovers after doxxing, using browser fingerprinting and process injection.
Enhanced C2 infrastructure, targeting endpoints and deploying more second-stage payloads.

X (Twitter) Passkey Chaos

[29:10]

Users locked out of X after a migration to x.com broke compatibility with older Twitter passkeys.
"Those keys still think Twitter exists, and they refuse to make the jump."

Interview: Achieving Cloud Security at Scale (with Garrett Hoffman, Adobe)

Guest Introduction & Background

[13:42]

Garrett Hoffman has nearly 8 years at Adobe; prior experience at Microsoft.
"I've been in a variety of security roles at Adobe, both as an individual contributor and as a technical leader."

Defining “Cloud Security at Scale”

[15:06]

"Cloud security at scale means three different things..."
1. Strategy & Baseline: Establish broad, company-specific standards using industry frameworks and provider best practices.
  - “Each company needs to define what this means for them...based on your risk tolerance, your compliance certifications, the data you protect, and just overall the experience that you want to give to your customers.”
2. Comprehensive Visibility: Use tools (e.g., CNAPPs) and in-house solutions to identify and track posture vs. standard.
  - "The outcome that you want to look for is defining a comprehensive visibility into where you're deficient compared to your cloud security standard."
3. Continuous Improvement: Secure by default and prevent security drift via lifecycle integration and ongoing remediation.

Misconceptions in Scaling Cloud Security

[18:41]

“First...focusing so much on remediation that you don't address risk prevention...The best practice...is to assess the risk that you're discovering and then determine how to prevent new ones from being created.”
"Second… effective cloud security belongs to the security team…And that's absolutely not correct. Security is everyone's responsibility."

Fostering Organization-Wide Buy-In

[20:27]

Awareness: “Ensure that everyone is aware that the actions they take can impact our cloud security.”
Trust: "We have to ensure that the product teams trust the security team...that as they work with us...they'll have better outcomes over time."

Architectural Lessons from Adobe

[21:52]

“One of the biggest things I could think of would be a lack of shared standards. So not building security in from the beginning or taking a secure by default approach...If they don't implement security best practices from the beginning...they'll have to go back and fix the infrastructure after it's deployed.”

Lessons and Benefits of Standardization

[22:50]

“Now is the best time to implement standardized practices so that as your company continues to grow, that will be in there from the beginning...It helps them be more efficient as well.”

Future Trends: AI & Cloud Security

[23:52]

“AI systems can present cloud security professionals with both a new risk and an opportunity…AI is a powerful tool to enhance security, but not necessarily to replace human oversight.”
Adobe’s approach: Grounded in “accountability, responsibility, and transparency.”
New cloud features require rapid security adaptation.

Managing Scale at Large Enterprises

[26:08]

“Making sure that you have great relationships with your partner teams so that you can work together and put together a holistic strategy...where, where one team isn't trying to tackle all of security by themselves..."

Notable Quotes

“Security is everyone's responsibility.”
– Garrett Hoffman, [18:58]
“AI is a powerful tool to enhance security, but not necessarily to replace human oversight.”
– Garrett Hoffman, [24:35]
“The outcome that you want to look for is defining a comprehensive visibility into where you're deficient compared to your cloud security standard...”
– Garrett Hoffman, [16:40]

Important Segment Timestamps

Operation Endgame takedown: [01:04]
Scam Center Strike Force: [02:20]
Microsoft Teams screen capture feature: [03:30]
Proton Pass patch: [04:20]
Amazon finds Citrix/Cisco zero-days: [05:10]
CISA/Cisco emergency directive: [06:25]
Android digital frame vulnerabilities: [07:15]
Loomis Stealer rebounds: [08:15]
Interview with Garrett Hoffman (Adobe): [13:42]–[27:04]
- Defining cloud security at scale: [15:06]
- Misconceptions: [18:41]
- Getting buy-in: [20:27]
- Architectural challenges: [21:52]
- Standardization lessons: [22:50]
- Future (AI) trends: [23:52]
- Managing enterprise scale: [26:08]
X passkey lockout issue: [29:10]

Memorable Moment

The X.com passkey migration lockout situation:
- "Those keys still think Twitter exists, and they refuse to make the jump. ...X has yet to comment, perhaps still circling the login page with the rest of us." [29:45]

404: Cybercrime not found.

Powered by Wave AI

Summary

CyberWire Daily – Episode 404: “Cybercrime Not Found.”

Episode Overview

Key News Highlights

Operation Endgame: Major Global Takedowns

U.S. “Scam Center Strike Force”

Microsoft Teams: New “Prevent Screen Capture”

Proton Pass Clickjacking Flaw Fixed

New Zero-Day: Citrix & Cisco ISE

CISA & Cisco Emergency

Android Photo Frames: Malware Risks

Loomis Stealer Malware Rebounds

X (Twitter) Passkey Chaos

Interview: Achieving Cloud Security at Scale (with Garrett Hoffman, Adobe)

Guest Introduction & Background

Defining “Cloud Security at Scale”

Misconceptions in Scaling Cloud Security

Fostering Organization-Wide Buy-In

Architectural Lessons from Adobe

Lessons and Benefits of Standardization

Future Trends: AI & Cloud Security

Managing Scale at Large Enterprises

Notable Quotes

Important Segment Timestamps

Memorable Moment

Summary

CyberWire Daily – Episode 404: “Cybercrime Not Found.”

Episode Overview

Key News Highlights

Operation Endgame: Major Global Takedowns

U.S. “Scam Center Strike Force”

Microsoft Teams: New “Prevent Screen Capture”

Proton Pass Clickjacking Flaw Fixed

New Zero-Day: Citrix & Cisco ISE

CISA & Cisco Emergency

Android Photo Frames: Malware Risks

Loomis Stealer Malware Rebounds

X (Twitter) Passkey Chaos

Interview: Achieving Cloud Security at Scale (with Garrett Hoffman, Adobe)

Guest Introduction & Background

Defining “Cloud Security at Scale”

Misconceptions in Scaling Cloud Security

Fostering Organization-Wide Buy-In

Architectural Lessons from Adobe

Lessons and Benefits of Standardization

Future Trends: AI & Cloud Security

Managing Scale at Large Enterprises

Notable Quotes

Important Segment Timestamps

Memorable Moment