A

You're listening to the Cyberwire Network, powered by N2K.

B

From phishing to ransomware, cyber threats are constant. But with Nordlayer, your defense can be too. Nordlayer brings together secure access and advanced threat protection in a single seamless platform. It helps your team spot suspicious activity before it becomes a problem by blocking blocking malicious links and scanning downloads in real time, preventing malware from reaching your network. It's quick to deploy, easy to scale, and built on zero trust principles so only the right people get access to the right resources. Get 28% off on a yearly plan at nordlayer.com cyberwire daily with code CYBERWIRE28 that's nordlayer.com CyberWire Daily Code CYBERWIRE28 that's valid through December 10, 2025. Cloudflare had a bad morning Google issues an emergency Chrome update. Logitech discloses a data breach. CISA plans a major hiring push. The House renews the state and local cybersecurity grant program. The GAO warns military personnel are oversharing online. Tech groups urged governments worldwide to reject proposals that weaken or bypass encryption. Australian authorities blamed outdated software for the death of a telecom customer. An alleged Void Blizzard hacker faces extradition to the U.S. our guest is Kevin Kennedy from Mantech discussing the future battlefield and the importance of integrating non kinetic effects and AI meets the IRS what could possibly go wrong? It's Tuesday, November 18, 2025. I'm Dave Buettner and this is your Cyberwire Intel Brief. Foreign. Thanks for joining us here today. It's great as always to have you with us. A major outage at Cloudflare disrupted access to numerous websites today, highlighting how much the Internet relies on a few core providers. The company said a spike in unusual traffic caused errors across multiple services, but preventing some users from reaching sites and blocking customers from viewing performance dashboards. Cloudflare reported partial recovery, although elevated error rates continued during remediation. Engineers disabled the warp encryption service in London as they worked to stabilize traffic. Maintenance had been scheduled in several data centers, but the company said the cause of the anomaly remains unknown. Experts noted that the scale of Cloudflare's network makes a cyberattack unlikely. Google has issued an emergency Chrome Update to patch 2 high severity type confusion vulnerabilities in the V8 JavaScript engine, including one zero day already under active exploitation. The first vulnerability discovered by Google's Threat Analysis Group on November 12th is being used in real world attacks, which Google says likely involve government backed actors or commercial spyware operators. A second flaw was reported earlier by Google's Big sleep AI agent. Though there's no evidence of active abuse type confusion, bugs can lead to memory corruption and let attackers escape Chrome security boundaries. The fixes arrive in Chrome versions across major platforms and will roll out gradually. Users and administrators should update immediately, including those running other Chromium based browsers. Logitech has disclosed to the securities and Exchange Commission that attackers exploited a zero day vulnerability in a third party software platform, allowing them to copy some data from the company's internal IT systems. Logitech said the flaw was patched once the vendor released a fixed and noted that the stolen data likely included limited information about employees, consumers, customers and suppliers. The company does not believe sensitive personal data such as national ID numbers or payment information was involved and said its products, operations and financials were unaffected. The disclosure follows Klopp's claim that it breached Logitech using a zero day in Oracle's E business suite, though Logitech has not confirmed this. The broader campaign has impacted multiple organizations, with Klopp listing dozens of victims. CISA plans a major hiring push through 2026 to recover from deep staffing losses under the Trump administration and to prepare for potential conflict with China, According to a Nov. 5 memo from Acting Director Madhu Gadamukkala. He said personal cuts left the agency with about a 40% vacancy rate across key mission areas, limiting its ability to meet national security needs. CISA will prioritize hiring state cybersecurity coordinators and regional advisors, expand use of DHS's Cyber Talent Management system to bring in specialized talent at market rates and streamline hiring with dhs. The agency also plans more flexible workplace policies, expanded university partnerships and renewed internship pipelines to rebuild expertise and restore strained relationships with critical infrastructure partners. The House has overwhelmingly passed the Pillar act, renewing the state and local cybersecurity grant program through 2033 after its Sept. 30 expiration. The initiative has supplied $1 billion to help state and local governments bolster cybersecurity, and lawmakers pushed for a stable long term reauthorization rather than continued short term extensions. Bill sponsor Representative Andy Ogles said the measure drew strong bipartisan support because defending local networks is essential to national security. The chamber also approved the Strengthening Cyber Resilience Against State Sponsored Threats act in a 4028 vote. That legislation establishes an interagency task force led by the FBI and CISA to focus on countering cyber operations linked to China, which House leaders say represent a growing strategic threat. The Government Accountability Office warned that the Defense Department is not adequately training military personnel or civilian staff to prevent sensitive information from leaking online. In tests where auditors posed as threat actors, GAO investigators were able to use publicly available social media posts, family support groups and even Pentagon press releases to trace service members, identify their units, uncover family details and identify operational activities, GAO said. Such data can enable coercion, blackmail or threats to active missions. Ten DoD components showed gaps in training or threat assessments, with most focusing narrowly on operational security while overlooking insider threats and force protection. GAO issued 12 recommendations. DoD agreed to most but argued it cannot fully control the personal online activity of service members and their families. More than 60 digital commerce and technology groups are urging governments worldwide to reject any proposals that weaken or bypass encryption, arguing that strong encryption is essential for privacy, data security and global digital trust. In a joint letter, groups including the App Association, BSA and the Information Technology Industry Council said backdoors, key escrow or technical mandates would harm all users while offering limited benefits to law enforcement. The appeal comes as several countries pursue lawful access measures, from UK disputes over Apple's encrypted services to Ireland's exploration of new access authorities. Europe also nearly advanced the chat control regulation, which critics warned would enable mass device scanning and end digital privacy before opposition halted the vote. Australia's TPG Telecom says a customer died after their Samsung phone running outdated software could not connect to Triple Zero, the country's nationwide emergency number equivalent to 911 in the United States. The failed call occurred on November 13th on TPG's Budget Lebara service, and the relative needing help later died. TPG said its network was functioning normally and that early findings show the Samsung device's outdated software made it incompatible with 000 routing requirements, which ensure calls connect on any available mobile network. Regulators are now investigating whether emergency access rules were breached, especially since older Samsung devices were already known to struggle with automatic network switching. Samsung urged users to keep devices updated, and TPG said it warned customers on November 7th to update older models. Authorities in Thailand have arrested Russian national Denis Abrezko, whom the United States seeks to extradite on cybercrime charges. Police say the 35 year old is linked to Void Blizzard, a cyber espionage group that Microsoft associates with hacking operations aligned with Russian state interests. Abrezko arrived in Thailand on October 30 and was detained on November 6 in a joint operation with the FBI. Thailand's cybercrime investigation Bureau says he previously breached government systems in both Europe and the US Police seized electronic devices from his hotel room for forensic review, and he's being held in Bangkok pending extradition Microsoft reports Void Blizzard typically uses stolen credentials and basic techniques like password spraying to access organizations across government, defense, transportation, media, NGOs and Ukraine related sectors. Coming up after the break, Kevin Kennedy from ManTech explores the future battlefield and the importance of integrating non kinetic effects and AI meets the irs. What could possibly go wrong? Stay with us. Foreign. They know cybersecurity can be tough and you can't protect everything, but with Thales you can secure what matters most. With Thales industry leading platforms, you can protect critical applications, data and identities anywhere and at scale with the highest roi. That's why the most trusted brands and largest banks, retailers and healthcare companies in the world rely on Thales to protect what matters most applications, data and identity. That's Thales T H A L E S learn more@talasgroup.com cyber. Ever wished you could rebuild your network from scratch to make it more secure, scalable and simple? Meet Meter, the company reimagining enterprise networking from the ground up. Meter builds full stack zero trust networks including hardware, firmware and software, all designed to work seamlessly together. The result? Fast, reliable and secure connectivity without the constant patching, vendor juggling or hidden costs. From wired and wireless to routing, switching, firewalls, DNS security and vpn, every layer is integrated and continuously protected in one unified platform. And since it's delivered as one predictable monthly service, you skip the heavy capital costs and endless upgrade cycles. Meter even buys back your old infrastructure to make switching effortless, transform complexity into simplicity and give your team time to focus on what really matters helping your business and customers thrive. Learn more and book your demo@meter.com cyberwire that's M E T E R.com cyberwire. Kevin Kennedy is Vice President for Defense Strategy and War Fighting Integration at Mantech and a retired Lieutenant General in the United States Air Force. In today's sponsored Industry Voices segment, we get together to discuss the future battlefield and the importance of integrating non kinetic effects.

A

So right now where I see us standing is we are looking as a force and I say when I say I mean the United States, our partners and our allies as that's going to have to integrate across all of the domains of warfare at levels that we haven't done to date. It's becoming increasingly important and what I mean by that is the physical domains of air, land, sea, space. Cyberspace is the new part, right? And so when we think about that is when you add that to the element you say okay, so how do we integrate across those domains? And there's two areas that really come to me, when we think about that, the first one is the information that transits all of that, all of those different domains and finally the electromagnetic spectrum that also connects all of those domains. And so that's kind of where I see us now. And as we're going into future, what's becoming increasingly apparent to me and to many of my colleagues is that is going to be contested in a way and shaped in a way that previous technology wasn't available to enable it, but now we can, and we can gain advantage as well as deny our adversaries advantage.

B

So the cost of entry into this battle space has gone way down because of the cyber domain. Is that a fair way to say it?

A

Yeah, Dave, I completely agree with you. It's been democratized in a way and commoditized in a way. Especially we saw in the cyber domain that unitary actors, not necessarily even state actors, have access to criminal activities generally that would enable access as well as infrastructure that they were able to stand up quickly, use quickly, and then take down just as quickly as after. They've usually most of the criminal actors, you'll see the ransomware actors and things like that. Well, we can also see that for other types of effects that states are now adopting to do that type of activity as well, and then stand up the infrastructure quickly maintain the effect or gain access and then very quickly move using our infrastructure that's out there and then commercial infrastructure.

B

I mentioned that you have been at the front lines of a lot of this. Can you share with our audience some of your background? Where did you get your start and what led you to where you are today?

A

Absolutely. So I just recently retired. Well, I still say recently, but last fall, so it's been a year. Recently retired from the United States air force after 34 years in that capacity. I had kind of a three chapter career. First portion was flying B1 aircraft and commanding small flights elements training largely focused on the tactical and operational level. Second chapter of that career focused on strategy at the Air Force and Joint Staff level as well as leading larger teams in squadrons and wings and culminating as a base commander out in Ellsworth air Force Base, South Dakota for B1s. And then the third chapter was when I became a general officer. I joined the CIO and cyber enterprises for the United States Air Force as well as on the Secretary of Staff for the department and up at Cyber Command where I was the J3. And my final job was I was the 16th Air Force Commander which had all of the information warfare capabilities responsible for organized training and Equipping and then as the component to the National Security Agency as well as the component to U.S. cyber Command.

B

And today you're at ManTech. What's your day to day like there?

A

So at Mantec I joined the team for the primary reason is it's a highly focused organization on the mission of national security. We're about 50% veterans and 70% of our workforce has served in government in some capacity. And my day to day role there is I'm the defense strategy and war fighting integration. So our president of the defense sector has asked us to ask me to look across all of our divisions and see how we can bring capabilities, capabilities and to the market that we require for the future battlefield capabilities focusing in cyber, non kinetic effects, cybersecurity aspects and then leveraging the capabilities we have across our company which we're organized with some practices. We're focusing on data and AI, cyber and cybersecurity, intelligent engineering as well as digital engineering.

B

Well, looking at the global situation these days, when we look at our adversaries or even our friendly competitors out there, how are the nations around the world posturing for this new world that includes the cyber element Where I see just.

A

Take the cyber domain first. What I see out there for our adversaries is they're leveraging the domain for three primary reasons or activities. The first one will be pre positioning for potential military operation. The second one's espionage and the third one is criminal activity. And so when you look at the criminal activity this is there are nations out there primarily when you think about North Korea, that they're using the cyber domain to fund their illicit activities and evade sanctions. When you look at the Volt series, Volt Typhoon as well as Salt Typhoon, this PRC and what they're doing is pre positioning primarily for potential military operations. There doesn't seem to be an espionage motivation behind their activity. And we saw that most recently with the Volt Typhoon with our critical infrastructure and our water and our waste treatment and our transportation systems and the opportunities they're seeking there to preposition for potential operations where the theory is if they are able to prevent the United States from flowing forces or increase pain on the United States, then we may not take military action in the Pacific. I think that's a miscalculation, but that's my understanding of the theory.

B

Yeah, you mentioned the electronic magnetic spectrum. Where do we stand there? What are your concerns?

A

Well, as we think through of the cross domain operations in the future, the coin of that and the means of that is the exchange of Information and data. And the spectrum is how we do that. Generally, whether it's radio frequencies or Internet protocol based, we generally use that to make sure we can synchronize our activities, coordinate our activities and integrate to levels that we hadn't before. Primarily in the last few decades, we've been pretty much in a non contested environment for that. As we, you know, we didn't have any active jamming by the adversaries. But what we're seeing now is active jamming. And what I mean by that is if you look at what's happening on the Ukraine battlefield right now, that there is active efforts by both sides to deny the spectrum for navigation, communications and sharing of information. And as we go forward, we need to think through how we can be agile in that manner to ensure that we understand how we need to leverage the spectrum, how we can assure our access to it while dividing our adversary, the same thing. And so this is more than historically electronic warfare kind of capabilities focused on electronic attack and electronic protection. In other words, creating a condition upon adversary systems that made them less effective or providing techniques that enabled our systems to continue to operate. And through jamming, well, now we have the ability we need to think through like, okay, how do we shape the environment in ways that make it more conducive for our systems and less conducive for theirs?

B

Help me understand and kind of, I suppose calibrate here, does this future require more of a public private partnership than we had in the past? I'm thinking particularly when it comes to critical infrastructure.

A

With respect to critical infrastructure, yes. I think we need to think through how we do the information sharing and then how do we respond to activities and then how do we assess our current posture? And what I mean by that is a large portion of producing military capabilities is understanding how resilient your systems are and how you can posture yourself to overcome fog or friction. And what I mean by that is friction is things that just make large scale operations difficult. When you think about the redundancy on critical infrastructure, or sorry, not the redundancy, when I think about the dependency on critical infrastructure, then you need to think, okay, how do I understand the current posture that a certain base post station port is reliant on a civilian sector. If we don't understand that to a level of understanding how they're resilient, what's their cybersecurity posture, how quickly can they respond to incidents? If we don't tabletop that, if we don't war game that out with exercises and training together, then we really won't know how successful or how quickly we can adapt to an environment that is going to be contested. So I think as we move forward, we'll have to think through as a nation, the authorities and how do we align our, from state and local all the way to federal about the ability to defend ourselves in the nation, in the cyber domain to ensure that we can protect our citizens and our interests.

B

You know, recently we've seen budget cuts, organizations like cisa. At the same time we have others who are pushing that in addition to, for example, a space force that we should stand up, a cyber force. Do you have any insights for those?

A

I do. So I was on the air staff when we had, when the Space force was born and understand the desire to really focus the war fighting aspects of that domain and ensure we're building capabilities for that domain. The difference I would say between that and a cyber force is the cyber is, as I mentioned before, the needs for cyber across all domains of warfare to include space is prevalent. And having a separate force to do that wholly like lock, stock and barrel, move it to a separate force, I think would be problematic. Now, I do think there are different models that we can for generating cyberpower and the one we, you know, the model that's generally produced is the SOCOM model, the Special Operations Command and how we generate forces through the services and then present them to Special Operations Command and they generally do the care and feeding and development of the doctrine and then the extra capabilities that need to roll on that. I think that model is about 75% of what we need to do in the forest. But the next step on that is understanding, okay, how do we do the talent management of the cyber operators as they come forward on that? Because I do think the model breaks down there and I think Cyber Command probably given some authorities to help generate that force, would then enable the capability, then enable the large scale scaling of the capabilities that we need for the command. A separate force or service, A separate service would be difficult because I think the overhead that comes with being a service would make it very difficult to meet the tooth to tail ratio. And what I mean by that is like the folks that are focused on mission versus the infrastructure that goes around to generating everything that would be necessary as a standalone service. So the relationship between the existing services and a force for US Cyber Command I think is an area that we should explore. And as we continue moving out in that way, we. Just recently the department mentioned an update to Cyber Command 2.0. I think that's a Step in the right direction. I do think that the department should look closely at how they accelerate those timelines to the left.

B

Well, let me come at the question from a different direction. I mean, you have hung up your hat as a member of the military, but just as a thought exercise, suppose you were put in charge and it was up to you to organize our future cyber fighting force. What sort of things do you think should be put in place?

A

Well, I would look focus on the life cycle of a cyber operator and as we're assessing and then as we then bring them into U.S. cyber Command and then as we continue to develop and employ the operators across the force. And then the key is how do we continue to develop leaders for the Cyber Command enterprise as well as the services, develop leaders that have expertise in the domain. So different authorities given to the commander of U.S. cyber Command within his role or her role as a joint force trainer. If we think through, okay, what does that actually mean? More than just defining what it means to be a cyber operator, also having a active participation in the promotion and retention within the services? I think that is the area that we should explore. And that would be the one thing if I think the commissions that are out there and looking at a cyber force could make some good recommendations about how to give that commander of U.S. cyber Command a bit more authority on the development of the force as it's going forward in the constant development, not just the basic training elements, but also the further development and promotion of the force. The second one is the warfare center that was stood up in cyber, that they're mentioned in Cyber Command 2.0 I think is also vital. It's a way to look at the future of the domain in a very domain centric. That's underneath the leadership of leaders that have spent time focused on the domain for their professional career. And that's how we'll get the innovation and bring it across to the other services. And I think those are some of the key aspects that I would focus on and bringing real capability because then we could have the discussion maybe down the road about, okay, is it to the point of a separate service necessary? Do we need further resourcing, direct accession paths that go straight into the domain? And right now I do not think that the, I do not think the investment is available to really scale that, nor the human capital to fill all those positions.

B

When you look at organizations like Mantech and the other folks who are in the same space, what is their part to play in this? What are the opportunities there?

A

Right. So I think the key in all military domains, the partnership between academia, industry and the public sector is important. At mantech, the way we're looking at is how do we bring our expertise, as I mentioned earlier, about 50% veterans, 75% former govies. How do we bring that expertise as well as our access to some of the industry leading technologies into the department and so how do we leverage that? One of the areas we're looking for thinking through very, very closely is how do you create a digital environment that really we can provide to our clients and enable the government to look at the capabilities across domain within a digital virtual environment where we have digital twins and where we can develop the capabilities, test the capabilities and then when they're fielding and continue to support their operational development and then have that lead into a training environment that now the operators from any domain, whether it's a cyber domain, air, sea, space or the ground, can then test these capabilities in an environment that is shielded from the adversary. As we think through non kinetic effects and electromagnetic spectrum operations, exercising those in the physical domains is difficult. One, there's concerns for other civilian type of infrastructure that leverages the domain. The second is you don't want to expose your capabilities for the adversary to see them. So I think that's one of the areas, you know, that close partnership bring the new technologies enable a foundry for non kinetic effects. But that's really supported by a digital environment that has built with digital twins and the way we can play out different capability to see their interactions without having to take them out into the physical domains.

B

That's Kevin Kennedy, Vice president for defense strategy and war fighting integration at mantech. What's your 2am Security worry? Is it do I have the right controls in place? Maybe are my vendors secure or the one that really keeps you up at night? How do I get out from under these old tools and manual processes? That's where Vanta comes in. Vanta automates the manual work so you can stop sweating over spreadsheets, chasing audit evidence and filling out endless questionnaires. Their trust management platform continuously monitors your systems, centralizes your data and simplifies your security at scale. And it fits right into your workflows. Using AI to streamline evidence collection, flag risks and keep your program audit ready all the time. With Vanta, you get everything you need to move faster, scale confidently and finally get back to sleep. Get started@vanta.com cyber that's V A N T A dot com cyber.

A

So good, so good, so good.

C

New markdowns are on at your Nordstrom rack store save even more up to 70% on drop dresses, tops, boots and handbags to give and get cause I.

A

Always find something amazing just so many good brands.

C

I get an extra 5% off with my Nordstrom credit card Total Queen treatment Join the Nordy Club at Nordstrom Rack to unlock our best deals. Big gifts, big perks. That's why you rack.

B

And finally our what could possibly go wrong? Desk reports that Intuit has decided that if everyone is going to chat with an AI anyway, it might as well be the one helping them file taxes. The company signed a multi year deal worth more than $100 million with OpenAI giving TurboTax credit, Karma, QuickBooks and Mailchimp a cozy new home inside ChatGPT users will be able to ask the usual life or death questions, like whether they can finally deduct their home espresso machine. And with permission, Intuit's tools will even dip into their financial data to estimate refunds, review credit options, or nudge clients about overdue invoices. This move puts Intuit among a growing crowd of companies building ChatGPT accessible apps, though few others are letting AI whisper directly into customers. Financial decision making Intuit insists it has guardrails, validation layers and years of tax lore to keep hallucinations at bay, though it stayed politely vague about who pays if the AI makes an expensive oops. Still, the company is expanding its use of OpenAI models across products and internally through ChatGPT Enterprise, all in pursuit of a more automated financial future, hopefully with fewer surprises than tax Season usually delivers. And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music by Elliot Heltzman. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher, and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. Sam.