Summary7 min read

CyberWire Daily – "A Farmers Market of Stolen Data"

Date: August 25, 2025
Host: Dave Bittner (A, N2K Networks)
Featured Guest: Ben Yellen (University of Maryland Center for Cyber Health and Hazard Strategies)

Episode Overview

This episode of CyberWire Daily delivers a rapid-fire briefing on the latest cybersecurity news, breaches, and policy moves, emphasizing the ongoing scale and sophistication of cyber threats. It also spotlights major developments—such as the staggering data breach at Farmers Insurance, the vulnerabilities of agentic AI tools, and renewed debates over encryption—in an accessible, journalistic tone. The show includes deeper analysis with expert Ben Yellen on the UK’s reversal of digital backdoor requirements for Apple devices, as well as a cautionary tale about Wired magazine falling for an AI-generated scam.

Key News & Discussion Points

1. Farmers Insurance Data Breach

[01:05]

Incident: Farmers Insurance, a major US insurer, disclosed a breach affecting over 1 million people via a third-party vendor (name undisclosed), who reported unauthorized database access on May 30.
Exposed Data: Names, addresses, dates of birth, driver's license numbers, and partial Social Security numbers.
Impact Breakdown: Farmers New World Life Insurance (40,000 impacted), Farmers Group and Affiliates (1+ million).
Response: Ongoing investigation, breach notices filed with regulators; no confirmation of ransomware involvement.
Insight: Highlights the far-reaching risks of third-party vendors in data security.

2. AI Browsers: From Innovation to Exploit Risk

[02:00]

Trend: AI-powered browsers are advancing from conceptual to operational tools, autonomously handling tasks like shopping and email.
Risks Identified (per GuardioLabs tests):
- Easily deceived by basic scams—e.g., purchasing from a fraudulent Walmart site and clicking phishing emails.
- Vulnerable to prompt injection attacks (such as "PromptFix"), which can manipulate the AI into harmful actions (e.g., unauthorized downloads, leaking data).
Quote:
- “The threat is clear. Scammers no longer need to fool people, only their AI.” – [02:54]
Takeaway: Without robust guardrails, AI browsers could magnify, not mitigate, scam risk.

3. Reviving Letters of Marque in Cyberspace

[03:10]

Legislation: Arizona Rep. David Swart proposes the Scam Farms Mark and Reprisal Authorization Act of 2025.
- Would empower the US president to issue digital "letters of marque" to privateer hackers against cybercriminals and nation-state attackers.
- Historical context: Revives an 1812-era naval tactic for the digital age.
Controversy: Praised as a faster, more aggressive defense given record $16 billion in US cyber losses last year; critics fear diplomatic escalation.
Reflection: "Can 19th century tactics work against 21st-century digital predators?" – [03:56]

4. Shamos Infostealer Targets macOS

[04:04]

Attack: Cybercriminals deploy the "Shamos" info stealer, disguised as tech support, tricking users into executing a single terminal command (abusing click-fix culture).
Spread: Through malvertising, fake GitHub pages, widespread across macOS, Windows, Linux.
Capabilities: Harvests credentials, Apple Keychain data, browser info, crypto wallets. Installs botnets, persistence mechanisms.
Notable: Success due to the ease of use and gatekeeper bypass, making it a tool of choice for both common cybercriminals and advanced persistent threat groups.

5. Android Spyware Posing as Antivirus in Russia

[05:22]

Discovery: Dr.Web identifies Android malware (masquerading as “GuardCB” or “Security FSB”), targeting Russian business execs since January.
Capabilities: Extensive permissions (SMS, contacts, logging keystrokes, mic/camera access, screen streaming). App simulates legitimacy with fake scans.
Note: Multiple evolving versions, exclusive focus on Russian-speaking targets.

6. CISA Seeks Feedback on SBoM Updates

[06:24]

Policy: CISA issues draft guidance for Software Bill of Materials (SBoM), building on NTIA’s 2021 framework.
Key Points:
- Emphasizes automation, machine-readable formats (SPDX, CycloneDX), and integration throughout development.
- Solicits public feedback until October 3.
Implications: Stresses the need for transparent, secure supply chains, particularly with the rise of cloud and AI software.

7. Ransomware Attack at DataIO

[07:32]

Victim: DataIO, a technology manufacturer for automotive and consumer electronics, supplies Tesla, Panasonic, Amazon, Microsoft.
Impact: Manufacturing and shipping disrupted; company notifies SEC; material financial impacts anticipated.
Industry Trend: Part of a surge in attacks and SEC disclosures for the manufacturing sector.

8. Salesforce Tableau Vulnerabilities

[08:25]

Disclosure: Salesforce patches multiple critical flaws in Tableau Server/Desktop (type confusion, path traversal, arbitrary file writes).
Action: Urgent customer upgrades recommended to prevent account takeover and malware attacks.

9. Grok Data Exposed by Google Indexing

[09:08]

Incident: Over 370,000 user conversations from xAI’s Grok were indexed by Google due to inadequate safeguards on its sharing feature.
Data Exposed: Included names, files, spreadsheets, passwords, even illicit content.
Quote:
- “The feature was intended for private sharing via link, but did not warn users their content could be exposed... The issue mirrors similar incidents, including ChatGPT conversations... becoming searchable.” – [09:45]
Reflection: Underscores persistent risks around link-based “share” features in cloud platforms.

Deep Dive: The UK Abandons Digital Backdoor Requirements (with Ben Yellen)

[14:08–19:02]

Background & Timeline

Earlier in 2025, the UK issued a secret order mandating that Apple provide access to all user content uploaded to its iCloud service—complemented by a gag order preventing Apple from even acknowledging it.
Pushback was immediate and global, with bipartisan concern in the US about impacts on US data and privacy.

Key Discussion Points

Policy Reversal: The UK has now publicly abandoned its attempt to enforce a digital backdoor in Apple’s encryption.
- Quote:
  - "Another victory for privacy advocates in the encryption wars... Apple, which prides itself on its privacy features, pushes back hard and they're coming out on top."
    — Ben Yellen, [16:38]
Privacy Implications:
- UK’s retreat signals privacy wins can be achieved in Western democracies, but also raises questions about hidden practices elsewhere.
- Quote:
  - “Apple again, we don’t know everything that it does or how it responds to every order of this type. But just given their history... customers, your data is safe even from us because of our encryption…”
    — Ben Yellen, [17:40]
- Some skepticism warranted, especially considering Apple’s past concessions in China.
Broader Significance:
- “Feather in the cap of privacy advocates... If we believe in data privacy, this should not be happening in a country like the UK and the UK apparently responded.”
  — Ben Yellen, [18:22]

Memorable Moments

Humor:
- "Parades in the streets in privacy land." — Ben Yellen, [14:18]
- "Yeah, take the W. Exactly. Don't ask too many questions, Dave." — Ben Yellen, [18:47]

Wired Magazine Duped by AI Author

[20:45]

Incident: WIRED published an article (“Do You Take This Discord Server? The Rise of Hyper-Niche Internet Weddings”) that was AI-generated with a fake byline after being pitched by a scammer.
Discovery: Suspicion arose after the "writer" couldn't clear WIRED's payment system and insisted on PayPal or a paper check—ultimately leading to the discovery of the scam.
Editorial Reaction: WIRED retracted the story and posted a public editor’s note about the mistake.
Reflection:
- “The irony was hard to miss. A leading watchdog of AI misinformation fell victim to the very thing it warns about.” — Dave Bittner, [21:30]
- Takeaway: No organization is immune, and transparency in addressing mistakes is vital.

Notable Quotes

On AI Browser Risk:
- “The threat is clear. Scammers no longer need to fool people, only their AI.” — Dave Bittner, [02:54]
On Letters of Marque Proposal:
- “Can 19th-century tactics work against 21st-century digital predators?” — Dave Bittner, [03:56]
On UK Encryption Rollback:
- “Another victory for privacy advocates in the encryption wars... Apple, which prides itself on its privacy features, pushes back hard and they're coming out on top.” — Ben Yellen, [16:38]
- “Yeah, take the W. Exactly. Don't ask too many questions, Dave.” — Ben Yellen, [18:47]
On Wired Getting Scammed by AI:
- “The irony was hard to miss. A leading watchdog of AI misinformation fell victim to the very thing it warns about.” — Dave Bittner, [21:30]

Important Timestamps

[01:05] Farmers Insurance data breach details
[02:00] AI browser scams and risks
[03:10] Congressional bill on cyber "letters of marque"
[04:04] Shamos infostealer campaign against macOS
[05:22] Android spyware targets Russian execs
[06:24] CISA SBoM guidance update call for comments
[07:32] DataIO ransomware attack
[08:25] Salesforce Tableau vulnerabilities
[09:08] xAI Grok data exposed via Google
[14:08–19:02] Deep Dive: The UK and Apple encryption (Ben Yellen)
[20:45] Wired magazine scammed by AI-generated story

Tone & Style

Journalistic and accessible, with humor and empathy woven into urgent news coverage.
Strong focus on actionable insights and broader policy implications for privacy, AI, and emerging threats.
Embodies CyberWire’s signature daily briefing format—fast-paced, authoritative, and infused with lightly wry commentary.

For a complete rundown of links and sources, check out the daily briefing at thecyberwire.com.

Loading summary

Transcript24 lines

[00:02]
A
You're listening to the Cyberwire network. Powered by N2K, the DMV has established itself as a top tier player in the global cyber industry. DMV Rising is the premier event for cyber leaders and innovators to engage in meaningful discussions and celebrate the innovation happening in and around the Washington D.C. area. Join us on Thursday, September 18th to connect with the leading minds shaping our field and experience firsthand why the Washington D.C. region is the beating heart of cyber innovation. Visit DMVRising.com to secure your spot. Risk and compliance shouldn't slow your business down. Hyperproof helps you automate controls, integrate real time risk workflows and build a centralized system of trust so your teams can focus on growth, not spreadsheets. From faster audits to stronger stakeholder confidence, Hyperproof gives you the business advantage of Smarter compliance. Visit www.hyperproofio to see how leading teams are transforming their GRC programs. Farmers Insurance discloses a data breach affecting over a million people Agentic AI tools fall for common scams A new bill in Congress looks to revive letters of mark for the digital age. Cybercriminals target macOS users with the Shamos info stealer New Android spyware masquerades as antivirus to target Russian business executives. CISA seeks public comments on SBOM updates A major third party electronics manufacturer reports a ransomware attack Salesforce patches multiple vulnerabilities in its tableau products. Over 370,000 user Grok conversations were accidentally indexed by Google. Ben Yellen examines the UK's decision to drop digital backdoor requirements and Wired gets duped by an AI author. Foreign August 25, 2025 I'm Dave Bittner and this is your Cyberwire Intel Briefing. Thanks for joining us here today. It's great as always to have you with us. Farmers Insurance disclosed a data breach affecting more than 1 million people after a third party vendor reported unauthorized access to its database on May 30. The company, which serves about 10 million US households, confirmed that attackers stole customer data, including names, addresses, dates of birth, driver's license numbers and partial Social Security numbers. Farmers New World Life Insurance reported 40,000 impacted individuals, while Farmers Group and Affiliates reported over a million. The insurer clarified it was not directly targeted but was affected through its vendor. Farmers, a subsidiary of Zurich Insurance Group, has not disclosed the vendor's identity or whether ransomware was involved. The investigation is ongoing and the company has filed breach notifications with state regulators. AI powered browsers are moving from concept to reality, with agentic AI tools going beyond search and automation performing tasks like shopping and handling emails autonomously. But convenience comes with major risks. AI browsers inherit AI's weaknesses. They act without skepticism, trust too easily, and can be manipulated. Tests by Guardiolabs on Comet showed it falling for basic scams buying from a fake Walmart site and clicking phishing links from bogus bank emails, sometimes even auto filling payment data. More advanced risks stem from prompt injection attacks like PromptFix, where hidden instructions trick the AI into harmful actions such as downloads or data leaks. The threat is clear. Scammers no longer need to fool people, only their AI. Without built in guardrails, AI browsing turns everyday convenience into a new scam attack. Surface A new bill in Congress would revive an old naval practice for the digital age. Arizona Republican David Swart introduced the Scam Farms Mark and Reprisal Authorization act of 2025, which would let the president issue letters of marque to commission U.S. cyber privateers. Once used during the War of 1812 to authorize private ships against British vessels, these letters would now target cybercriminals and even foreign governments behind online attacks. Sweikart argues current defenses lag behind fast growing cybercrime, which cost Americans over $16 billion last year, the highest in 25 years. His office says sanctioned hackers could seize assets, defend infrastructure, and deter future attacks. Critics caution foreign governments may see this as an escalation. The bill's future is uncertain, but it raises a provocative Can 19th century tactics work against 21st century digital predators? Cybercriminals are targeting macOS users with the Shamos infosteeler disguised as technical help, according to CrowdStrike. Attackers ran a campaign from June through August of this year using malvertising and fake support sites. Victims searching for fixes were tricked into running a one line terminal command, a click fix technique that bypasses Apple's gatekeeper protections. Once installed, Chamos collects credentials, Apple notes keychain data, browser info, and cryptocurrency wallets, exfiltrating them in a Zip archive. It also installs a spoofed ledger wallet, a botnet module, and persistence mechanisms. In a parallel campaign, Shamos was spread via A fake GitHub page offering iTerm2ClickFix, first seen in late 2024, has surged in popularity across macOS, Windows, and Linux due to its simplicity and reliability, making it a favored tool for both cybercriminals and APT groups. A new Android spyware is masquerading as an antivirus app to target Russian business executives, according to Dr. Webb. Active since January, the malware mimics tools branded as GuardCB or Security FSB falsely link to Russia's FSB. Once installed, it requests extensive permissions, enabling it to exfiltrate SMS contacts and FIL log keystrokes, activate the camera or mic and stream the screen. The fake app simulates scans to appear legitimate. Researchers note continuous development with multiple versions designed exclusively for Russian speaking victims. CISA has released draft guidance updating the minimum elements for a software bill of materials and is seeking public comment until October 3rd. Building on the 2021 NTIA framework, the update reflects advances in software supply chain security and transparency. Sboms lists software components enabling organizations to spot vulnerabilities and manage risks. The guidance defines three key data fields, automation support and practices and processes, and emphasizes machine readable formats like SPDX and CycloneDx. It also covers SBoM use in cloud and AI software and stresses integrating SBoMs into development life cycles. DataIO, a Redmond based electronics manufacturer, reported a ransomware attack that began Aug. 16 disrupting shipping, manufacturing and production systems. The company, which supplies tech for vehicles, charging stations and consumer devices serving clients like Tesla, Panasonic, Amazon and Microsoft, filed notice with the SEC warning of potential material financial impact. Containment steps include taking systems offline while a third party investigates. No restoration timeline has been set. DataIO is the second firm in the last week to disclose ransomware to the SEC amid rising attacks on the manufacturing sector. Salesforce has patched multiple vulnerabilities in Tableau Server and Tableau Desktop, including a critical type confusion flaw that could let attackers execute malicious code. Other flaws allow path traversal and arbitrary file rights, potentially leading to full compromise of Tableau instances. Multiple versions are affected. Salesforce urges all customers, especially those with external facing servers, to upgrade immediately to protect against account hijacking, insider threats and malware driven attacks. Forbes reports that 370,000 user conversations were accidentally indexed by Google and made publicly searchable due to the Share feature in xai's grok. The feature was intended for private sharing via link, but did not warn users their content could be exposed to search engines like Google or Bing. Some conversations contained personal data such as names, files, spreadsheets and even a password. Others included prohibited requests from drug recipes to malware coding. Google clarified that publishers, not search engines, control indexation. XAI prohibits using GROK for harmful purposes, though violations were evident. The issue mirrors similar incidents, including ChatGPT conversations and Google Drive documents becoming searchable and through public link sharing, highlighting ongoing risks in how share features handle user data. Coming up after the break, Ben Yellen examines the UK's decision to drop digital backdoor requirements and Wired gets duped by an AI author. Stay with us. Compliance regulations, third party risk and customer security demands are all growing and changing fast. Is your manual GRC program actually slowing you down? If you're thinking there has to be something more efficient than spreadsheets, screenshots and all those manual processes, you're right. GRC can be so much easier and it can strengthen your security posture while actually driving revenue for your business. You know, one of the things I really like about Vanta is how it takes the heavy lifting out of your GRC program. Their trust management platform automates those key compliance, internal and third party risk, and even customer trust so you're not buried under spreadsheets and endless manual tasks. Vanta really streamlines the way you gather and manage information across your entire business. And this isn't just theoretical. A recent IDC analysis found that compliance teams using Vanta are 129% more productive. That's a pretty impressive number. So what does it mean for you? It means you get back more time and energy to focus on what actually matters, like strengthening your security posture and scaling your business. Vanta GRC Just imagine how much easier trust can be. Visit vanta.com cyber to sign up today for a free demo that's V A N T A.com Cyber Mint is still $15 a month for premium wireless and if you haven't made the switch yet, here are 15 reasons why you should 1. It's $15 a month. 2. Seriously, it's $15 a month. 3. No big contracts. 4. I use it. 5. My mom uses it. Are you. Are you playing me off? That's what's happening, right? Okay, give it a try@mintmobile.com Switch upfront payment of $45 per three month plan $15 per month equivalent required New customer offer first three months only, then full price plan options available, taxes and fees extra. See mintmobile.com, it is always my pleasure to welcome back to the show Ben Yellen. He is from the University of Maryland center for Cyber Health and Hazard Strategies and also my co host on the Caveat podcast. Ben, welcome back.
[14:08]
B
Thanks Dave.
[14:09]
A
So, been seeing some privacy advocates have been crowing and celebrating that there are.
[14:18]
B
Parades in the streets in privacy land.
[14:20]
A
Yeah that the UK has pulled back on some requirements when it comes to Apple encryption in ichat. Describe to us what's going on here Ben.
[14:31]
B
Yes, this is another dispatch from the encryption wars that have been going on forever and probably will go on Forever. So earlier this year, in January, the government in the United Kingdom issued an undisclosed order demanding that Apple create a way for them to retrieve all of the content any user worldwide has uploaded to its cloud service. There was also a gag order that went along with this regulation, which meant that Apple wasn't allowed to talk about that lest they face legal penalties.
[15:02]
A
Right.
[15:02]
B
So everything we know about this law has been leaked from one source or another. But it presented a lot of concern, not just in the United Kingdom, but around the world. The Apple cloud service relies on that security as a major selling point to its customers.
[15:21]
A
Right.
[15:22]
B
They have advanced data protection which those of us who use the ICLOUD rely on to make sure that our data is safe. Apple responded to this by, as you would expect, not being very happy about it. They rolled back their most advanced data protection feature for the new ICLOUD users in the UK in February. And there was a lot of international pushback against what this was called, I think technically a technical capability notice issued by the British Home Office to Apple. And there was an outcry here in the United States. Members of both political parties in Congress wrote a letter to our Director of National Intelligence, Tulsi Gabbard, expressing their concern that US persons data could be vulnerable to this backdoor in the United Kingdom. So the UK has abandoned its plan to require this backdoor on behalf of Apple. They have backed away from this. This was announced publicly over X Twitter by our Director of National Intelligence. She said that this was a major priority, not just the President, but also Vice President Vance, something that he's cared about, cared about significantly to ensure our constitutional rights and civil liberties are protected. So another victory for privacy advocates in the encryption wars. I think for years, going back to the Apple FBI brouhaha in 2020, there's just been this long run fight about governments demanding or requesting backdoors to user data. And Apple, which prides itself on its privacy features, pushes back hard and they're coming out on top.
[17:05]
A
Yeah. What about the possibility that something like this exists with other countries? Like this could have gone through with the UK government and none of us ever known about it?
[17:22]
B
Right, right. Yeah. I mean, probably the fact that it's a relatively small d democratic government and there are probably unnamed bureaucrats involved in enforcement of this who are leaking information to the press like that might not exist in other countries around the world. I think that's something that we all need to be very cautious about. Apple again, we don't know everything that it does or how it responds to every order of this type. But just given their history in standing up for privacy against some of the most powerful governments in the world and the fact that they say to their customers, your data is safe even from us because of our encryption, because of our advanced data protection, we have no access to your information. And it will always be that way. I think that can give people a certain level of confidence. But again, I don't know what's happening in China and Russia.
[18:16]
A
Right. And Apple has made concessions to the Chinese government over.
[18:21]
B
They sure have.
[18:22]
A
Yeah.
[18:22]
B
So, yeah, there's certainly reasons to be to be skeptical, but I think this is a feather in the cap of privacy advocates. The fact that this was happening in, like, a prominent Western democracy, I think gave extra fuel to the fire for privacy advocates to say, like, hey, if we believe in data privacy, this should not be happening in a country like the uk and the UK apparently responded.
[18:46]
A
Yeah, I take the win, right?
[18:48]
B
Yeah, take the W. Exactly. Don't ask too many questions, Dave.
[18:52]
A
Okay, fair enough. All right. Ben Yellen is from the University of Maryland center for Cyber Health and Hazard Strategies and also my co host over on the Caveat podcast. Ben, thanks so much for joining us.
[19:03]
B
Thank you.
[19:15]
A
You hear from us here at the Cyberwire Daily every single day now. We'd love to hear from you. Your voice can help shape the future of N2K networks. Tell us what matters most to you by completing our annual audience survey. Your insights help us grow to better meet your needs. There's a link to the survey in our show notes. We're collecting your comments through August 31st. Thanks.
[19:41]
C
Hey, guys, it's Ceedee Lamb, wide receiver for the Dallas Cowboys. I'm partnering with Abercrombie this season to tell you all about that viral denim. All you need to know is denim should fit like this. My jeans need to check a lot of boxes fit first, trend second. They need to go with whatever I'm feeling. And Abercrombie Denim has it down, whether I'm throwing on a tee or putting a whole fit together. Shop Abercrombie Denim in the app, online and in store.
[20:11]
D
This episode is brought to you by Indeed. When your computer breaks, you don't wait for it to magically start working again. You fix the problem. So why wait to hire the people your company desperately needs? Use Indeed's sponsored jobs to hire top talent fast. And even better, you only pay for results. There's no need to wait. Speed up your hiring with a $75 sponsored job credit@ Indeed.com podcast terms and conditions apply.
[20:46]
A
And finally, as we often say over on the Hacking Humans podcast, no one is immune from the occasional scam. Even Wired, the tech magazine that prides itself on dissecting AI's every flaw, got duped Back in April, an editor received what looked like a pitch Taylor made for the publication titled do youo Take this Discord Server? The Rise of Hyper Niche Internet Weddings. It ticked all the Wired boxes quirky subculture, smart cultural angle and Internet weirdness to spare. The editor assigned it, the writer played along, and by May 7, the piece was live on Wired's website. Then things unraveled. The writer couldn't clear Wired's payment system, insisting on PayPal or a paper check instead. That raised eyebrows. A deeper look confirmed the worst. The article was AI generated the byline of fabrication. Wired retracted the story and published an editor's note admitting lapses in fact checking and editorial review. The irony was hard to miss. A leading watchdog of AI misinformation fell victim to the very thing it war about. Again, it could happen to any of us. So an empathetic tip of the hat to Wired for owning up to the mistake so others may learn from it. And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com don't forget to check out the Grumpy Old Geeks podcast, where I contribute to a regular segment on Jason and Brian's show. Every week you can find Grumpy Old Geeks, where all the fine podcasts are listed. We'd love to hear from you. We're conducting our annual audience survey to learn more about our listeners. We're collecting your insights through the the end of August, so there's only a few more days. There's a link in the show notes. N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music by Elliot Peltzman. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. Sam.