Dave Bittner

You're listening to the CyberWire network powered by N2K.

Podcast Host / CyberWire Announcer

Most environments trust far more than they should, and attackers know it. ThreatLocker solves that by enforcing default deny at the point of execution. With ThreatLocker allow listing, you stop unknown executables cold. With ring Fencing, you control how trusted applications behave and with threatlocker DAC defense against configurations, you get real assurance that your environment is free of misconfigurations and clear visibility into whether you meet compliance standards. ThreatLocker is the simplest way to enforce zero trust principles without the operational pain. It's powerful protection that gives CISOs real visibility, real control, and real peace of mind. ThreatLocker makes zero trust attainable even for small security teams. See why thousands of organizations choose Threat Locker to minimize alert fatigue, stop ransomware at the source, and regain control over their environments. Schedule your demo@threatlocker.com N2K today. Hit by a major wireless outage, Poland blocks an attack on its power grid. A massive database of French citizens is exposed. Microsoft shuts down a cybercrime as a service operation, the UK backs away from digital ID plans, CA probes Grok deepfakes, the FTC settles with GM over location data, Palo Alto networks patches a serious firewall flaw. Plus John Serafini of Hawkeye on modern signals intelligence and federal agents seize devices. From a Washington Washington Post reporter. It's Thursday, january 15th, 2026. I'm dave bittner and this is your cyberwire intel briefing. Thanks for joining us here today. It's great as always to have you with us. Verizon said it restored full service late Wednesday after a widespread wireless outage across the United States that lasted most of the day. The company apologized and said it would issue account credits but did not disclose the cause, adding earlier that there was no indication of a cyber attack. According to Down Detector, customers began reporting problems shortly before noon in New York, with complaints peaking at more than 177,000. The most affected cities included New York, Houston, Atlanta, Dallas and Miami. Smaller numbers of issues were reported by AT and T and T Mobile users, partly due to call routing effects. The FCC said it was monitoring the outage and and FCC member Anna Gomez called for an investigation. Experts noted such disruptions are often linked to external factors, including third party vendors or software deployment issues. Poland said it stopped what officials described as the most serious cyberattack on its energy infrastructure in years, narrowly avoiding a nationwide power outage. The late December attack targeted communications between renewable energy sites, including wind and solar installations and electricity distributors. Officials said the incident nearly caused a blackout and showed signs of coordinated sabotage, which they blamed on Russia. Ministers warned the tactic was new, could recur and reflects rising threats to Polish infrastructure since Russia's invasion of Ukraine. Security Researchers at Cybernews uncovered a massive exposed database containing tens of millions of records on French citizens, likely compiled from at least five separate data breaches. The archive, found on an unsecured cloud server in France, included voter and demographic data, healthcare registry records, contact details, financial information and vehicle data. Researchers believe a cybercriminal or data broker merged the data sets to increase resale value. The database was taken down after notification of but posed significant privacy and fraud risks. Microsoft said it has disrupted Red vds, a cybercrime as a service platform linked to fraud campaigns that caused more than $40 million in losses in the US alone. In coordinated legal action with partners in the US and for the first time, the UK Microsoft seized red VDS infrastructure on January 14th. The service sold low cost access to disposable virtual servers used for phishing and business email compromise scams impacting nearly 190,000 organizations worldwide, mainly in the US, Canada and the UK. Microsoft said attackers used generative AI, deepfake, video and voice cloning to create realistic scams. International law enforcement, including Europol, supported the takedown, and Microsoft urged victims to report incidents to help disrupt future cybercrime. The UK government has dropped plans to require workers to sign up for a new digital ID system to prove their right to work following political backlash and falling public support. Instead, labor ministers say existing right to work checks using documents such as biometric passports will be fully digitized by 2029. The reversal is the latest in a series of recent policy U turns, drawing criticism from opposition parties and frustration within labor's own ranks. Ministers insist mandatory digital checks will still apply, arguing they reduce fraud and illegal working compared to paper systems. The government now says digital ID should be framed more broadly as a tool to access public services, though details of how the system will operate remain unclear. California Attorney General Rob Bonta announced an investigation into XAI over the alleged proliferation of non consensual sexually explicit images generated by its AI model Grok. According to Bonta, Grok has been used at scale to create deepfake images that sexualize women and children without consent or often using publicly available photos and distributing the results online, including On X. Reports cite Grok's explicit spicy mode as a contributing factor. Bonta said the material has been used for harassment and may include child sexual abuse content, raising serious legal concerns. The investigation will examine whether XAI violated state laws. Bonta emphasized California's zero tolerance stance and reiterated his broader efforts to hold AI companies accountable for protecting children and preventing AI enabled abuse. The U.S. federal Trade Commission finalized a settlement with General Motors and its OnStar unit over allegations that they collected and sold drivers location and behavior data without consent. The FTC said millions of vehicles transmitted precise geolocation and driving data every few seconds via OnStar's Smart Driver feature, which was marketed as a self assessment tool. The data was sold to third parties, including insurers. The order bans certain data sharing for five years and requires explicit consent, greater transparency and consumer controls. For 20 years, Palo Alto Networks has patched a high severity vulnerability that could allow unauthenticated attackers to trigger denial of service attacks and force firewalls into maintenance mode. The flaw affects next generation firewalls running Panos 10.1 or later, as well as Prisma Access deployments with Global Protect enabled, the company said most cloud based Prisma Access customers have already been upgraded with with remaining upgrades scheduled. While nearly 6,000 Palo Alto firewalls are visibly online, there is no confirmation of active exploitation. Palo Alto Networks has released fixes for all affected versions and urges administrators to update promptly. The disclosure comes amid continued attention on Palo Alto firewalls, which have been repeatedly targeted in recent years by both zero day and denial of service attacks. Federal agents searched the home of Washington Post reporter Hannah Natanzin this week, seizing her personal and work devices in a leak investigation that's alarmed press freedom advocates and security professionals alike. The FBI says Natanzen is not a target, but the search was tied to a government contractor accused of improperly retaining classified materials and allegedly messaging the reporter. Such raids on journalists are exceptionally rare, and critics say they send a chilling message to reporters and sources. Beyond the constitutional concerns, the incident underscores a practical lesson for journalists and professionals encrypt both personal and work devices and assume sensitive data may one day face government scrutiny. With policy changes weakening long standing protections for reporters records, digital security is no longer just best practice, it is a frontline defense for press independence. Advocacy groups warned the move risks deterring vital reporting and eroding trust between journalists and their sources. Coming up after the break, John Serafini from Hawkeye360 discusses modern signals intelligence and when emails fail, try the CEO's password. Stay with us.

Commercial / Advertiser Voice

Go further with the American Express Business Gold Card. Earn 3 times Membership Rewards points on flights and prepaid hotels when you book through amextravel.com whether your destination is a business conference or a client meeting. Your purchases will help you earn more points for future trips. Experience more on your travels with Amex Business Gold Terms apply. Learn more@americanexpress.com Business Gold AmEx Business Gold Card Built for business by American Express. I have created the most advanced AI soldier.

Podcast Host / CyberWire Announcer

The wait is over.

Commercial / Advertiser Voice

Tron Ares now streaming on Disney plus. We are looking for something, something you've discover. And some of us will stop at.

John Serafini

Nothing to get it ready.

Commercial / Advertiser Voice

The countdown is complete.

Podcast Host / CyberWire Announcer

There's no going back.

Commercial / Advertiser Voice

Our directive is clear.

John Serafini

Hang on.

Commercial / Advertiser Voice

Tron Ares now streaming on Disney. Rated PG 13.

Podcast Host / CyberWire Announcer

John Serafini is founder and CEO of Hawkeye360. He recently sat down with my colleague Maria Vermazes on the T Minus podcast to discuss commercial signals intelligence. Here's their conversation.

John Serafini

I'm John Serafini. I'm the founder and CEO of a company named Hawkeye360. It's about a decade old. We started in 2015 timeframe. We just hit 10 years. The company performs on orbit commercial signals intelligence. We have a constellation of 30 plus satellites that very uniquely flying clusters of three. So think one satellite out front, a second satellite behind a couple hundred kilometers. You're talking about 550 or so kilometers in low Earth orbit. And then a third satellite that oscillates back and forth between the two in a cross track maneuver. And that satellite architecture allows us to geolocate signals. Basically any signal emitting on the face of the earth or in the air or in space above a watt in power, generally between 30 MHz and 18 GHz. We can detect it, we can process it, we can geolocate it, we can analyze it and we can convert that into actionable intelligence for our customers. And our customers are principally governments, defense, intelligence, national security, some humanitarian and sustainability applications as well, but were really built from the bottom up to support government users. As for myself, I've been a national security oriented venture capitalist and small company operator for about 20 years. Previously I was a US army infantry officer and a proud graduate of the United States military camp.

Dave Bittner

Well, it's so wonderful to speak with you and meet you, John. Hawkeye360 is such an incredible company and you all have just closed some fantastic news. Both completing the acquisition of Innovative Signal Analysis and also closing a series E. Congratulations. I'm wondering if you can walk me through both these pieces of news.

John Serafini

Yeah, thank you. So much. Enormous value created when we closed those deals. And they represent, geez, in some cases two years worth of work. We've long been in modern ISA. It's a wonderful company that for 30 years has been supporting the US defense customer base in providing the very best processing of certain types of space based RF data and converting that into intelligence products for the US government. So it's a company with an exquisite set of technologies in processing that we're very excited to be able to acquire. Very infrequently. Do you see an acquisition occur that's so perfectly fit between two companies? Right. We have our own commercial constellation of satellites that produces RF data. We have our own commercial platform for processing and analyzing that data. And ISA is truly the best in the world at doing the processing off of certain other types of data that when fused together it makes our own processing capabilities that much better for our customers. Both the US government and now will be able to better classify different signals, be able to automate the detection of new signal of interest waveforms and be able to perform geolocation at even better rates than previously was available. So from a strategic fit, this is a home run now to finance it because a great company like ISA is not cheap. We need to go off and raise some capital. Recognizing that we're further along in our development and that the debt markets are available to us, we wanted to kind of split the cost between debt and equity. And so we were able to raise a Series E round from a phenomenal new investor named Center15 and couple them with a fellow co lead in Night Dragon who's been a great investor for us for the past five years. And they co led the Series E round together along with some other investors. With that, we then paired a significant amount of debt from excellent lenders SVB and Hercules. So those organizations coming together provide the capital in part for us to acquire the company and off we go.

Dave Bittner

Fantastic. Well, thank you for that fantastic context. And I'm wondering, just going back to the acquisition of ISA before we'll get into sort of the funding side of things. Both are fascinating threads. I'd love if you could help me understand the importance of understanding complex RF activity. This seems to dovetail really well with the acquisition of ISA and also what Hawkeye360 has been doing. The environment is ever noisier and you all are very well known for helping people understand and cut through that noise. So can you help me understand that a bit?

John Serafini

Yeah. So I mean think of basically two value chains. On the commercial side you've got the paradigm of Hawkeye putting satellites into space. We own 30 plus satellites in space that generate an enormous amount of RF data. It's all commercial, it's all privately owned by Hawkeye. And then below that in the value chain is Hawkeye doing all of that and analyzing the data, converting it into actionable intelligence products. And we have a suite of different offerings from raw IQ data all the way to finished intelligence products for certain domains that we offer to customers. That's one value chain. On the second, think about the US Government paradigm where the US Government spends a significant amount of money with traditional defense industrial based entities like Northrop, Lockheed, Raytheon, Boeing, etc. To build certain types of of sensors. Those sensors generate data and those that data gets analyzed and processed by companies. The very best of those companies in our mindset is this company, isa. So you have a paradigm now of where Hawkeye dominates the commercial value chain, not just collection, but processing. It now has a really important position within the US Government chain for signals intelligence, where we're now doing the processing work for certain US Government customers. I think that that collectively matching those two together enables us to really unlock a lot of value for our customers.

Dave Bittner

And I'm wondering about that processing, what the two year, five year, the look ahead for that looks like in terms of capabilities, because again, the potential there is huge. And I imagine you all are busy planning around that too.

Podcast Host / CyberWire Announcer

Yeah.

John Serafini

So one of the reasons for the acquisition, Maria, was this is shovel ready. The technologies can be integrated together, they're very nicely overlapping and we can start generating incremental value for our customers, both the US government and international, right off the bat. I mean, there's a little bit of time of technical development work that's gotta be invested. But we've done a lot of work to analyze the value of their processing and how well it fits with our RF data. To feel extremely confident that this is gonna be a one plus one equals a lot more than two outcome for the company. So great acquisition for both ISA and for Hawkeye and hopefully as well for our customers.

Dave Bittner

Thank you for that and I'd love to switch a little bit to sort of the investment side of things. Was very interested and I know Nightdragon's been a big supporter of Hawkeye360 for quite some time. If you could tell me about a little bit about the investors that were part of this round, including Nightdragon. I'd love to hear about that.

John Serafini

Sure. Well, I can't ask for a better set of investors than we have in the Series E round. Night Dragon led our Series C round. This is Dave DeWalt and Ken Gonzalez and they've been fantastic members of our cap table and in both cases have been a wonderful provider of corporate governance on our board. I've been blessed to have Night Dragon on our cap table and I wish for all of my defense tech peer companies for them to have investors as great as Night Dragon. So that's thing one, thing two is I'm exceptionally pleased to welcome Center 15 to our cap table. Ian Weiner is the is the lead here at center 15. He's been investing in fantastic defense technology companies for many years. Extremely thoughtful and very well known on Wall street given his background there and the breadth of his limited partners is very significant and will be very helpful to Hawkeye as we grow further. So exceptionally pleased to have Ian involved with Hawkeye as well as the co lead at center 15. So those two together, plus our fantastic LPs who have been investing in Hawkeye since the beginning, such as SHIELD Capital and others, you know, we're very fortunate to have them participating so meaningfully in the Series E round.

Dave Bittner

And I'm curious, something that was mentioned in the release about the Series E was about how the acquisition actually I should mention with isa, the big differentiator here seems to be on improving signal processing, as you've mentioned several times, as opposed to just increasing satellite capacity. Can you talk a bit about that differentiation? Because it is an interesting angle and we often hear more about just like more satellite capacity and this seems to be about also getting a lot smarter, right?

John Serafini

Yeah, that's a great question. I mean ultimately they're not mutually exclusive. We need to build lots of collection capacity and lots of new sensors in space as well as other domains. Right. Like, you know, we want to dominate from geo all the way down to ground. We want to be the best in the world at collecting lots of different types of RF data and fusing it all together and doing the processing and the analysis. And so that will include over time, I would believe, sensors terrestrially, sensors aerially, sensors in space and being able to operate those at cost effective means we don't want to invest a significant amount of capital for stuff that's not unique and not cost efficient. And so we're very thoughtful about the sensors that we build and we have a robust plan for building out our architecture over the next couple of years. But that's definitively on its own pathway and that architecture has been well known for us for a while and we're executing against our playbook to do that. At the same time, there's two sides of this coin. There's the RF data and that Best in class RF RAW data that we collect with these sensors. And there's what we can do with it. Like how do you convert, convert that into something that's understood and valuable to customers? I mean, RF data is not understandable by a typical human unless you analyze it through the certain processing tools that we have available to us. It's not like an image where you can take a picture from space and look at and you're like, okay, there's 15 cars in that parking lot. I understand that intuitively. If I deliver to you raw IQ data from space, you're looking at a bunch of weird stuff. It's not until you actually do the processing and the analysis that you can start to extract intelligence about what might be occurring, which is always related to human activity. Right? Because a lake doesn't naturally emit rf, a bear doesn't key a mic. It comes when you see RF activity. You know, it's from a human or some set of humans or some set of vehicles or other apparatus that's tied to human activity. And if you look at long enough, as you know, you start to understand human activities and you can start to extract information about, or assess information about intentions. Which is really the holy grail here is when you've developed an exquisite set of sensors and you compare that to really great processing capabilities, the faster you can get access to that data and the faster the revisit rate and then be the very best at geolocating those emitters and converting that into actionable intelligence. That's the basis of extremely high quality, competitive, long term going concern for signals intelligence, which is our goal.

Dave Bittner

And you've mentioned in our conversation a lot of things that I think would be considered force multipliers. And I'm curious what other things you're considering or thinking about for the future that are force multipliers like that.

John Serafini

Sure, sure. So a couple of items. I mean, obviously getting the revisit rate down is an important metric. So the more satellites you have overhead, depending upon what orbits they're in, the faster you can be over any given spot on Earth. Right. So that you can increase the tactical relevance of that data. Secondly, how quickly can you get the data down to the ground?

Dave Bittner

Right.

John Serafini

You can address that through data, the ground station densifications, you can address that through onboard processing, you can address that through crosslinks and being able to use mesh relay networks to move that data down to the war fighter, the intelligence analyst, that much faster. Those are two key levers that we're constantly pushing on. If you were to unpack our long term vision for our architecture. You see, we're constantly looking to optimize the revisit rate and we're constantly looking for ways in which to get that data down to the ground faster. So that's on the space based part or the sensor part because we are going to look at other sensory types. But at the same time, the ability to process that data and convert it into the actionable intelligence using artificial intelligence, you know, AI, machine learning, that's, that's extremely valuable to us. And that comes to the third lever, which is the amazing people that I get a chance to work with. And we have today, now 400 individuals working within Hawkeye and ISA together combined. These are some of the world's experts in signals intelligence who live in, who just live to access RF data and convert it and to process it. And so we've been able to pull together 400 of these exceptional, thoughtful individuals and we look forward to working with all of them into the future.

Podcast Host / CyberWire Announcer

You can hear more of the conversation between Maria Vermazes and John Serafini from Hawkeye360 on the T Minus podcast. Wherever you get your favorite podcasts.

Dave Bittner

Chronic migraine 15 or more headache days a month, each lasting four hours or more can make me feel like a spectator in my own life. Botox Onobotulinum Toxin a prevents headaches in adults with chronic migraine. It's not for those with 14 or fewer headache days a month. It's the number one prescribed branded chronic migraine preventive treatment prescription.

Commercial / Advertiser Voice

Botox is injected by your doctor. Effects of Botox may spread hours to weeks after injection causing serious symptoms. Alert your doctor right away as difficulty swallowing, speaking, breathing, eye problems or muscle weakness can be signs of a life threatening condition. Patients with these conditions before injection are at highest risk. Side effects may include allergic reactions, neck and injection site pain, fatigue and headache. Allergic reactions can include rash, welts, asthma symptoms and dizziness. Don't receive Botox if there's a skin infection. Tell your doctor your medical medical history, muscle or nerve conditions including als, Lou Gehrig's disease, myasthenia gravis or Lambert Eaton syndrome and medications including botulinum toxins as these may increase the risk of serious side effects.

Dave Bittner

Why wait? Ask your doctor, visit botoxchronicmigraine.com or call 1-844botox to learn more.

Commercial / Advertiser Voice

Oh, such a clutch off season pickup. Dave. I was worried we'd bring back the same team. I meant Those blackout motorized shades. Lines.com made it crazy affordable to replace our old blind. Hard to install? No, it's easy. I installed these and then got some from my mom. She talked to a design consultant for free and scheduled a professional measure and install hall of Fame son. They're the number one online retailer of custom window coverings in the world. Blinds.com is the goat. Visit blinds.com now for up to 45% off site wide plus a free professional measure. Rules and restrictions apply.

Podcast Host / CyberWire Announcer

And finally, for over a year now, researchers have warned that hackers and old fashioned organized crime are teaming up to turn cyber flaws into stolen cargo, with the occasional truckload of vapes or missing lobsters as proof of concept. Enter Blue Spark Global, a little known New York shipping tech firm whose software quietly helps move a sizable chunk of the world's goods. Unfortunately, it also left the digital equivalent of the warehouse doors wide open. Security researcher Eaton zvere discovered that BlueSpark's platform exposed plain text passwords, admin access, and decades of shipment data through an unauthenticated API. Reporting the flaws proved harder than finding them. After weeks of unanswered messages, attention finally followed when TechCrunch demonstrated the risk by emailing part of the CEO's password. BlueSpark says the bugs are fixed and new security policies are coming. There's no evidence of misuse, according to the company, though the episode neatly illustrates how cybercrime sometimes thrives less on brilliance and more on silence. And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music by Elliot Peltzman. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. If you only attend one cyber security conference this year, make it RSAC 2026. It's happening March 23rd through the 26th in San Francisco, bringing together the global security community for four days of expert insights, hands on learning, and real innovation. I'll say this plainly, I never miss this conference. The ideas and conversations stay with me all year. Join thousands of practitioners and leaders tackling today's toughest challenges and shaping what comes next. Register today@rsaconference.com cyberwire26 I'll see you in San Francisco.