A

You're listening to the Cyberwire Network powered by N2K.

B

Most environments trust far more than they should, and attackers know it. ThreatLocker solves that by enforcing default deny at the point of execution. With ThreatLocker allow listing, you stop unknown executables cold. With ring Fencing, you control how trusted.

C

Applications behave, and with threatlocker DAC defense against configurations, you get real assurance that your environment is free of misconfigurations and.

B

Clear visibility into whether you meet compliance standards.

C

ThreatLocker is the simplest way to enforce.

B

Zero trust principles without the operational pain.

C

It's powerful protection that gives CISOs real.

B

Visibility, real control, and real peace of mind. ThreatLocker makes zero trust attainable even for small security teams.

C

See why thousands of organizations choose Threat Locker to minimize alert fatigue, stop ransomware.

B

At the source and regain control over their environments. Schedule your demo@threatlocker.com N2K today.

C

The F FBI Warns of Kim Suki Quishing Singapore warns of a critical vulnerability in Advantech IoT management platforms. Russia's fancy bear targets energy research, defense, collaboration and government communications. Malaysia and Indonesia suspend access to X Twitter Researchers warn a large scale fraud operation is using AI generated Personas to trap mobile users in a social engineering scam. Breach Forums gets breached the NSA names a new Deputy director We got our Monday Business Brief. Our guest is Sasha Ingber, host of the International Spy Museum's Spycast podcast and the commuter who hacked his scooter. It's Monday, january 12, 2025. I'm dave bittner and this is your cyberwire intel brief. Thanks for joining us here today. It's great as always to have you with us.

B

The FBI is warning that North Korea.

C

Linked Advanced Persistent Threat Group.

B

Kim Suki is using QR code based spear phishing known as quishing to target governments, think tanks and academic institutions. According to the FBI, the campaigns embed malicious QR codes in emails that bypass traditional security tools by hiding destination URLs when scanned. The codes redirect victims through attacker controlled infrastructure that profiles devices and presents mobile optimized fake login pages and impersonating services like Microsoft 365 Google or VPN portals. The activity observed in May and June of last year involved impersonation of trusted figures such as foreign advisors and embassy staff with lures including fake questionnaires and conference invitations. These attacks often begin on unmanaged mobile devices and can enable session token theft, allowing attackers to bypass multi factor authentication. The FBI says this makes quishing a highly effective MFA resilient identity attack vector and urges layered defenses including user training, mobile security controls and phishing resistant authentication to reduce risk from groups like Kim Suki. The Cybersecurity Agency of Singapore is warning of a critical vulnerability in multiple Advantech IoT management management platforms.

C

The flaw is a SQL injection bug.

B

That allows unauthenticated attackers to run database commands and achieve remote code execution. Affected products include several IoT suite and IoT Edge versions on Linux, Windows and Docker. Advantech urges immediate patching, noting some fixes require direct customer coordination.

C

Researchers at Recorded Future report that Russian state sponsored threat group APT28 is conducting an ongoing credential harvesting campaign against organizations.

B

Tied to energy research, defense collaboration and government communications. Also known as Fancy Bear and Sophosy, the group has been active since at least 2004 and is linked to Russia's gruff. The campaign relies on phishing pages impersonating Microsoft Outlook, Web access, Google and Sophos VPN portals, often paired with PDF lures and redirection to legitimate sites after credentials are stolen. Recorded Future says APT28 heavily abuses free hosting, tunneling and link shortening services to host phishing infrastructure, collect victim data and obscure attribution, suggesting the activity is likely to continue.

C

Malaysia and Indonesia have suspended access to.

B

X Twitter, citing concerns that the service enables the creation of non consensual sexual imagery. Malaysia's communications regulator said X failed to implement safeguards required under local law, prompting a block until compliance is achieved. Indonesia's communications minister said sexual deepfakes violate human rights and digital safety. India has also warned X over similar issues. Owner Elon Musk has argued the actions amount to censorship, though the countries have a history of restricting platforms over objectionable content. Security researchers at Checkpoint warn that a large scale fraud operation dubbed opco Procedures is using AI generated Personas and fake communities to trap mobile users in a long running social engineering scam. The campaign begins with SMS messages impersonating brands like Goldman Sachs promising outsized investment returns. Victims who click the links are funneled into private WhatsApp groups populated largely by bots posing as enthusiastic investors and guided by fictional experts with AI generated profiles. After weeks of trust building, targets are directed to download a fraudulent opco Pro app from the Apple App Store or Google Play Store, lending false legitimacy. The app contains no real trading functionality, but collects identity documents and selfies under the guise of know your customer checks. Researchers say the stolen identities enable financial theft, account takeovers and SIM swapping, making opco Pro a highly scalable industrialized fraud model. The latest version of Breach Forums has suffered another data breach, with a leaked user database and administrative PGP key circulating online. The leak appeared in a 7zip archive posted on a site named after the Shiny Hunters gang, though Shiny Hunters denied involvement, according to Bleeping Computer. The archive contains a MYBB users table with nearly 324,000 records, including usernames, registration dates and IP addresses. While most IPs resolve to a local loopback address, more than 70,000 map to public IPs, raising operational security concerns. Breach Forum's administrator said the data originated from an August 2025 backup briefly exposed during site recovery and claimed it was downloaded only once. However, researchers later confirmed the leaked PGP key password was also published, increasing potential risk to users.

C

The National Security Agency has named veteran intelligence official Tim Kosiba as its new.

B

Deputy director, ending months of leadership uncertainty. Kosiba returns after more than three decades of government service, including senior roles at the NSA and FBI, and most recently as deputy commander of NSA Georgia. The appointment follows the administration's decision to drop a previous nominee amid political backlash, a move first reported by Recorded Future News. As deputy, Kosiba will oversee daily operations and support. The NSA director, who also leads U.S. cyber Command attention, now shifts to Senate confirmation hearings for the agency's permanent leader, scheduled later this month.

C

Turning to our Monday business brief, a.

B

Wave of global funding and consolidation highlights continued investor confidence in cybersecurity and adjacent markets. Israeli security analytics Firm Vega raised $120 million in a series B led by Excel, valuing the company at $700 million, while Saudi OT security provider DS Shield secured $54 million to scale operations and prepare for a potential public listing. Israeli AI identity startup Act Security closed a $40 million Series A and U S based Armadin, founded by Kevin Mandia, raised $24 million in seed funding amid talks of a much larger round. Smaller raises included South Korea's Logpresso, Utah based Paramify, Belgium's Wodan AI and Turkey's Guardian. The sector also saw multiple MSSP acquisitions across Australia, Europe and the United States, underscoring ongoing market consolidation.

C

Coming up after the break, my conversation with Sascha Ingber, host of the International Spy Museum's Spycast podcast, and the commuter who hacked his scooter. Stay with us.

A

Starting a business can seem like a daunting task unless you have a partner like Shopify. They have the tools you need to start and grow your business. From designing a website to marketing to selling and beyond, Shopify can help with everything you need. There's a reason millions of Companies like Mattel, Heinz and Allbirds continue to trust and use them. With Shopify on your side, turn your big business idea into sign up for your $1 per month trial@shopify.com Specialoffer shopping is hard, right?

D

But I found a better way. Stitch Fix online Personal styling makes it easy. I just give my stylist my size, style and budget preferences. I order boxes when I want and how I want. No subscription required. And he sends just for me, pieces plus outfit recommendations and styling tips. I keep what works and send back the rest. It's so easy. Make style easy. Get started today@stitch fix.com Spotify that's stitchfix.com Spotify.

B

Sasha Ingber is host of the International Spy Museum's Spycast Podcast. We sat down to discuss that show's return to the N2K CyberWire network.

C

Sasha, I am so pleased to welcome you here to the Cyberwire Daily Podcast.

B

Welcome back. I suppose I should say.

E

Well, thank you for having me, Dave.

C

It's very exciting that Spycast is joining the N2K CyberWire network. You were with us for a few.

B

Years there and then went away for a little while. But now you're back and we couldn't be more excited.

E

Well, we're glad to be back with you.

B

Well, let's talk about the Spycast podcast. What's the origin story and what's the value proposition for your listeners?

E

Oh, I didn't know we were starting from all the way back. Like, I wasn't really ready for that one, but. All right, all right, I got you. I got a little something I can share with you, Dave. So Spycast is actually the first podcast on espionage and spying in the United States. This is our 20th year and our first host was the founding director of the International Spy Museum, Peter Earnest, who himself was a spy.

F

So some good credentials there for starting a spy focused podcast.

E

Yeah, we're not making things up.

C

No, no, not at all.

F

And I'll add that anyone who has had the chance to visit your facilities in Washington, D.C. if you haven't, you're.

B

In for a treat.

F

It really is one of the premier museums in Washington.

E

I mean, how many places can you go where you can see a bra with a camera between the bulges and also cross all through a duct.

B

That's right.

C

And let's not forget James Bond's car.

B

Right?

E

Yeah, we have that. We used to have a Iranian drone in the lobby that had actually been taken from Ukraine during the full scale invasion. I mean, we have a lot here.

B

Well, let's talk about the podcast itself. What do you all talk about week to week?

E

Well, every week, it's a different voice from the spy community here in the United States or abroad. Some of my favorite episodes in the past year, when I started hosting it, include Bill Evanina, who was the former Director of Counterintelligence. And we talked about how the massive layoffs that we were seeing across the federal government opened up this new threat vector for foreign intelligence services to start recruiting think China and Russia on places like LinkedIn. And that conversation we had actually led the federal government to institute a new policy to educate people before they left their jobs. I also remember a conversation with a former CIA officer named Ralph Marani, who talked about he was serving, who talked about how he was serving in Athens and the station chief was assassinated by a terrorist organization called the 17 of November. This led the agency to start building, building in more protections for their officers. There's this guy, Nick F. Timiotis, who used to work at the CIA, and it's just an encyclopedia of information about Chinese espionage tactics, from the impressive to the laughably bad. And he's been building this database of more than 900 cases from around the world that he's continued to follow. There was one woman named Christine Kuhn. She talked about how her family history was really a mystery to her. She gets a phone call one day asking her about her grandfather. And this ultimately unfolds what becomes years of research where she learns that her family actually spied for the Japanese and the Nazis. And her grandfather was the only person who was ever convicted and charged of gathering information on the eve of Pearl harbor for the Japanese. How you handle the shame of that? She wrote a book called Family of Spies. And one other person who stands out to me was this journalist, Fariba Nawa. She is based in Turkey, and she talked about how this is a country that is rife with spy games between the Israelis and the Iranians, who are both looking to recruit those who have left Iran, and how dangerous it really ultimately becomes.

B

Well, tell us a little bit about yourself, Sasha.

C

How did you find yourself hosting this podcast?

E

Well, my story definitely starts before this moment, when I, as a journalist who specializes in the intelligence community, was just looking for a job, looking to pay my bills in Washington, D.C. where I live. I couldn't find a job in journalism, so I ended up taking a job as a writer and an editor at the State Department. Somehow I got pulled into this tiny team that was tasked with debunking Russian disinformation. After Russia seized the Crimean Peninsula from Ukraine. And that catapulted me into this fascinating world where all of a sudden, now I'm meeting with the CIA and Ukrainians who are trying to dispel the Russian propaganda that has been pervading their country. When I left that job, I did eventually break into journalism. Became a breaking news reporter at npr, where I got to cover the dissolution of important treaties between the United States and Russia.

B

And.

E

And then I moved into a job at an organization called Scripps News, where I became their national security correspondent. A lot of my reporting had to do with intelligence. It took me into China's secret police station above a ramen shop in New York City. I was the only journalist who got in. The FBI had just raided it. I was shocked that they actually let me in. Dave. And then I started my own media outlet. It's on substack. It's called humint, standing for Human Intelligence. And I do these reports, I do these reports on what's happening inside the intelligence community. A couple times a week. It could be the developments in Venezuela and the United States involvement in taking Maduro out of the country. China, Russia, Iran, what's happening inside the CIA and nsa. All of it is fair game. So I come into this role with all of those experiences. And for some reason, this museum pays me to ask questions.

F

I joke, half joke. I suppose that that is one of the things I love most about my job, is that I get to talk to smart people about interesting things. And it sounds like you have. You enjoy the same privilege.

E

It's one of the coolest things that any human can ever do. And it's weird to kind of consider yourself a professional conversationalist. But I definitely like the side of asking questions more than what you're making me do right now.

B

Fair enough.

C

Well, can you give us a preview.

F

Of some of the things that you.

C

Have, things that you have planned for this coming year?

E

Our first interview of the year. And again, it's our 20th year. So we wanted to start off big Features a person who you've probably, probably never, ever heard of, you've never seen. You don't even know his name. It's Brian Carbaugh. He's the head of the Special Activities center. That's the CIA's arm for covert action, which is authorized by the President. They do the most secretive, dangerous work in our country. And we ticked through what it was like to serve in this center in the years where we saw the fall of Afghanistan, Covid, China rising up. So that's one example of what we have awaiting listeners. We're also about to do a month of content on operations in Latin America. So we start off by talking about the anniversary of the US Invasion of Panama. And then we also move into other topics. And then we also move into the stories of a former DEA agent who created the country's first intelligence database on gangs and how he literally walked from prison to prison in Guatemala to gather the data for this database. And we end on Brian Stern, a man who actually went into Venezuela a few weeks ago and extracted Maria Karina Machado, the Nobel Peace Prize winner who is the opposition leader who wants to go back into Venezuela and try to run that country.

C

So explain to me how the podcast.

B

Has evolved over time, how this new version differs from some of the previous ones.

E

Well, Peter Earnest was Peter Earnest. So he was dropping f bombs and talking as long as he wanted. He got to do whatever he wanted. We were living in a very, very different kind of world than we are today. It was also just a free flowing conversation. By this time we have a format that specific to about 30 minutes basically to try to join you on your commute home. And it's tighter, it's more focused, but still retains the, the intimacy as well as the expertise. And you know, we have just gotten some really, really exclusive voices from the spy world that you will not hear anywhere else.

F

Well, I can say with confidence that the crossover of interests of the folks who are listening to us here on.

B

The Cyberw and Spycast is huge.

F

I mean there's it is the type of thing that if you enjoy listening to this every day, you really should.

B

Do yourself a favor and check out the Spycast podcast.

F

It's really compelling edge of your seat stories quite regularly.

C

So Sasha, thank you so much for taking the time and like I said.

B

We'Re really thrilled to have you back joining our network.

E

Thanks. It's good to be with you you and we're really excited for the year ahead.

C

Be sure to check out the Spy Museum's Spycast podcast Wherever you get your.

B

Favorite podcasts, you can also find a link to it on our website.

G

It's okay not to be perfect with finances. Experian is your big financial friend and here to help. Did you know you can get matched with credit cards on the app? Some cards are labeled no Ding decline which means if you're not approved they won't hurt your credit scores. Download the Experian app for free today. Applying for no Ding Decline cards won't hurt your credit scores. If you aren't initially approved. Initial approval will result in a hard inquiry, which may impact your credit scores.

B

And finally, a few years ago, a self described ethical hacker named Rasmith Moratz bought a new electric scooter not because it was the best on paper, but because it was proudly local, custom built in his home nation of Estonia. And that felt right. The charm dulled when the scooter maker went bankrupt and their cloud dependent app began quietly losing features. Since even basic functions like unlocking depended on servers that might disappear, Marat did what any calm, rational commuter would do and reverse engineered the entire system. Digging through a React native app, Bluetooth traffic, and some unhelpfully obscure bytecode, he uncovered an awkward Every scooter shared the same default Bluetooth authentication key. In practice, that meant anyone nearby could unlock any of this particular brand of scooter. Oops. With a bit more work, he mapped the scooter's command structure, wrote his own control app, and restored independence from the cloud. The scooter still works, the servers can vanish and the lesson stands. Local pride is great, but cryptographic defaults are forever.

C

And that's the Cyber Wire.

B

For links to all of today's stories.

C

Check out our daily briefing@thecyberwire.com don't forget to check out the Grumpy Old Geeks podcast, where I contribute to a regular segment on Jason and Brian's show every week.

B

Week you can find Grumpy Old Geeks, where all the fine podcasts are listed.

C

We'd love to know what you think of this podcast.

B

Your feedback ensures we deliver the insights.

C

That keep you a step ahead in.

B

The rapidly changing world of cybersecurity.

C

If you like our show, please share a rating and review in your favorite podcast app.

B

Please also fill out the survey in.

C

The show notes or send an email to cyberwire2k.com N2K's senior producer is Alice Carruthers Truth. Our CyberWire producer is Liz Stokes.

B

We're mixed by Trey Hester with original.

C

Music by Elliot Peltzman.

B

Our executive producer is Jennifer Ibin.

C

Peter Kilby is our publisher and I'm Dave Bittner.

B

Thanks for listening.

C

We'll see you back here tomorrow. If you only attend one cybersecurity conference this year, make it RSAC 2026.

B

It's happening March 23rd through the 26th.

C

In San Francisco, bringing together the global.

B

Security community for four days of expert.

C

Insights, hands on learning, and real innovation.

B

I'll say this plainly, I never miss this conference. The ideas and conversations stay with me all year join thousands of practitioners and.

C

Leaders tackling today's toughest challenges and shaping what comes next. Register today@rsaconference.com cyberwire26 I'll see you in San Francisco.