CyberWire Daily – “A storm brews behind the firewall.”

Date: November 4, 2025
Host: Dave Bittner (N2K Networks)
Guest Analyst: Ben Yellen (University of Maryland Center for Cyber Health and Hazard Strategies)

Overview

In this episode, CyberWire Daily delivers key news and expert analysis on recent high-impact cybersecurity incidents, ongoing debates concerning AI in attacks, persistent threats from nation-state actors, escalating cyber-enabled cargo thefts, and controversial government surveillance methods. Notably, the episode also includes a detailed discussion with Ben Yellen regarding ICE’s use of facial recognition, along with a cautionary tale about poor password security at a world-famous museum.

Key News & Analysis Segments

1. China-Linked Attackers Breach Cisco Firewalls

[00:53–02:15]

Storm 1849 (UAT 4356), a China-affiliated threat group, exploited known vulnerabilities in Cisco Adaptive Security Appliance firewalls.
Scope: Attacks hit US federal/state agencies, defense contractors, financial institutions, and organizations across Europe, Asia, Africa, and the Middle East.
Persistence: Attacks continued despite CISA’s emergency patch directive, with only a brief pause during China’s Golden Week.
Expert Warning: Victims must patch, reset configs, and change credentials to eradicate access.
- “Experts warn that affected entities must not only patch but also reset configurations and credentials to fully remove intrusions.”

2. MIT Sloan Retracts Controversial AI-Ransomware Study

[02:15–03:38]

Paper Withdrawn: MIT Sloan retracted a widely criticized study claiming “over 80% of ransomware attacks in 2024 involved artificial intelligence.”
Criticism: Researchers, notably Kevin Beaumont and Marcus Hutchins, slammed the report:
- Kevin Beaumont: “[The report is] ridiculous and nonsense.”
Faults: Lacked credible evidence; included obsolete malware like Emotet. Even Google’s AI found the statistic dubious.
MIT Response: Co-author Michael Siegel clarified intent was to explore AI’s growing ransomware role, not cite an exact figure.

3. Study Questions Effectiveness of Cybersecurity Training

[03:38–04:18]

UC San Diego Health Study (20,000 employees): Training barely affects phishing susceptibility.
- “Trained workers were about as likely to click phishing links as untrained ones.”
Recommendation: Emphasize technical defenses (MFA, spam filters) over training alone.

4. Hackers Exploit OpenAI API as Stealth Malware Channel

[04:18–05:10]

Microsoft Discovery: Backdoor “Sesame OP” used hijacked OpenAI’s Assistance API for covert command and control.
Technique: Attackers disguised malicious traffic as normal AI activity, bypassing traditional detection.
- “Instead of using the API for normal chatbot interactions, attackers use it as a covert command and control channel, blending malicious traffic with legitimate AI activity.”
Microsoft: It’s a misuse, not a vulnerability in OpenAI; indicators shared, OpenAI account disabled.
Warning: As AI adoption spreads, trusted cloud services become attractive for malicious repurposing.

5. Apple’s Security Mega Patch

[05:10–06:02]

Major Releases: iOS, iPadOS, and macOS patches fix 100+ vulnerabilities (including 19 in WebKit; total of 105 in iOS Tahoe 26.1).
Discovery: Many found by Google’s “Big Sleep AI.”
Potential Impact: Vulnerabilities risk data theft, memory corruption, sandbox escapes.
Coverage: Also affected: TVOS, WatchOS, Vision OS, Safari.

6. Sensitive Data Breach at Mental Health Provider

[06:02–07:00]

Oglethorpe Inc. (FL, OH, LA) notified 92,000+ patients of info breach—names, SSNs, medical details.
Remediation: Systems rebuilt, FBI notified, 12 months of credit monitoring offered.
Expert Concern:
- Dave Bailey: “Such incidents erode patient trust and urged healthcare providers to go beyond compliance by prioritizing risk based protections for sensitive health information.”

7. US Cyber Corps Scholars Get Deferment Amid Government Shutdown

[07:00–08:20]

Program Impacted: Mass deferment for federal Cyber Corps Scholarship for Service participants facing job shortages.
Scholar Fear: Potential six-figure repayments due to hiring freezes.
OPM Statement: No forced repayments yet; recruiting cybersecurity and AI expertise still national priority.

8. Lawmakers Urge FTC to Probe Flock Safety Over Security Gaps

[08:20–09:04]

Lawmakers: Ron Wyden (OR), Raha Krishnamoorthy (IL) urge FTC to investigate Flock’s weak account security (35+ known breaches).
Issue: No MFA requirement, poor protection for massive amounts of location data (Flock runs LPRs in >8,000 communities).

9. Cybercriminals & Organized Crime Target Logistical Cargo

[09:04–10:44]

Proofpoint: Modern cargo theft wave–cybercriminals infiltrate brokers, hijack shipments using RMM tools.
Impact: Escalating theft—over $111 million in losses in Q3 2025; average stolen shipment: $336,000.
- “Experts expect these cyber enabled social engineering schemes to grow more sophisticated as attackers exploit public load board data to value shipments.”

Featured Interview: The Rise of Cybercrime Enablement Services

[12:41–14:11]

Guest: Trevor Hilligoss (SpyCloud)

Trend: Proliferation of tools/services giving low-tech criminals the ability to execute complex attacks.
- “You know, we see that [capability] being given to much lower sophistication, lower tech folks… the person that's buying access to this, they basically need a phone and a Bitcoin wallet.” (Trevor Hilligoss, [13:00])
Key Takeaway: Sophisticated attack capability is now commoditized, lowering the technical barrier dramatically.

Deep Dive: ICE’s Facial Recognition Controversy

[15:27–22:38]

With: Ben Yellen (University of Maryland, Caveat Podcast co-host)

1. The Technology:

ICE/CBP’s “Mobile Fortify” App: Facial recognition checks citizenship/legal status against a DB of 200M+ faces, with results stored for 15 years.
- “This biometric data can be stored for 15 years.” (Ben Yellen, [15:43])
- “Agents take a photo… checked against Customs and Border Protection’s Traveler Verification System… system returns relevant details, name, date of birth, nationality, et cetera.” (Ben Yellen, [16:20])

2. Privacy & Civil Rights Concerns:

No way to refuse scan; potential for Fourth Amendment infringement—especially since many scanned are not confirmed as non-citizens.
- “It’s going to implicate the rights of US persons.” (Ben Yellen, [17:38])
DHS policy: facial scan non-negotiable.
Facial recognition less accurate on people of color—concern for discriminatory impact.
- “Facial recognition frequently fails ... when reviewing faces of people of color.” (Ben Yellen, [19:03])

3. Legal and Political Pushback:

Congressman Bennie Thompson (MS):
- “This practice is frightening, repugnant, and unconstitutional.” (Dave Bittner quoting, [18:34])
Supreme Court: Race considered permissible in initial screening, raising red flags for civil liberties.
Legal challenge unlikely to succeed immediately; meaningful reform may need congressional action.

4. Practical Enforcement Reality:

No “opt-out”—noncompliance may result in physical compulsion.
- “They could probably make you comply with the use of physical force.” (Ben Yellen, [21:54])

Noteworthy: The Louvre’s $90 Million Blunder

[22:56–24:48]

Incident: $90M in crown jewels stolen in daylight; investigation found the surveillance server’s password was simply “Louvre.”
Quote:
- “A password so weak it could have been guessed by a tourist in line for tickets.”
Lesson: Insider threats and password neglect can undermine even the world’s most prestigious institutions.

Memorable Quotes

Trevor Hilligoss (SpyCloud):
- “The person that's buying access to [cybercrime enablement services] … basically need a phone and a Bitcoin wallet.” [13:00]
Ben Yellen (re: facial recognition):
- “Given that this is a pretty invasive use of technology, it’s data that can be collected and used against you for up to 15 years.” [17:15]
- “They could probably make you comply with the use of physical force.” [21:54]
Dave Bittner (on the Louvre heist):
- “A password so weak it could have been guessed by a tourist in line for tickets.” [24:48]

Timestamps for Key Segments

China/Cisco Firewalls: [00:53–02:15]
MIT Sloan AI Study Retraction: [02:15–03:38]
Cybersecurity Training Ineffectiveness: [03:38–04:18]
OpenAI API Exploited: [04:18–05:10]
Apple Security Updates: [05:10–06:02]
Healthcare Data Breach: [06:02–07:00]
Cyber Corps Scholar Deferment: [07:00–08:20]
Flock Safety Security Gaps: [08:20–09:04]
Cybercriminals & Cargo Theft: [09:04–10:44]
Cybercrime Enablement Services Interview: [12:41–14:11]
ICE’s Facial Recognition Deep Dive: [15:27–22:38]
Louvre Heist, Weak Password: [22:56–24:48]

Overall Tone

The episode maintains CyberWire’s trademark mix of precise, urgent industry updates with analytically rigorous, sometimes wry, commentary—delivering both technical detail and accessible context for a broad professional audience.

CyberWire Daily – “A storm brews behind the firewall.”

Date: November 4, 2025
Host: Dave Bittner (N2K Networks)
Guest Analyst: Ben Yellen (University of Maryland Center for Cyber Health and Hazard Strategies)

Overview

Key News & Analysis Segments

1. China-Linked Attackers Breach Cisco Firewalls

[00:53–02:15]

Storm 1849 (UAT 4356), a China-affiliated threat group, exploited known vulnerabilities in Cisco Adaptive Security Appliance firewalls.
Scope: Attacks hit US federal/state agencies, defense contractors, financial institutions, and organizations across Europe, Asia, Africa, and the Middle East.
Persistence: Attacks continued despite CISA’s emergency patch directive, with only a brief pause during China’s Golden Week.
Expert Warning: Victims must patch, reset configs, and change credentials to eradicate access.
- “Experts warn that affected entities must not only patch but also reset configurations and credentials to fully remove intrusions.”

2. MIT Sloan Retracts Controversial AI-Ransomware Study

[02:15–03:38]

Paper Withdrawn: MIT Sloan retracted a widely criticized study claiming “over 80% of ransomware attacks in 2024 involved artificial intelligence.”
Criticism: Researchers, notably Kevin Beaumont and Marcus Hutchins, slammed the report:
- Kevin Beaumont: “[The report is] ridiculous and nonsense.”
Faults: Lacked credible evidence; included obsolete malware like Emotet. Even Google’s AI found the statistic dubious.
MIT Response: Co-author Michael Siegel clarified intent was to explore AI’s growing ransomware role, not cite an exact figure.

3. Study Questions Effectiveness of Cybersecurity Training

[03:38–04:18]

UC San Diego Health Study (20,000 employees): Training barely affects phishing susceptibility.
- “Trained workers were about as likely to click phishing links as untrained ones.”
Recommendation: Emphasize technical defenses (MFA, spam filters) over training alone.

4. Hackers Exploit OpenAI API as Stealth Malware Channel

[04:18–05:10]

Microsoft Discovery: Backdoor “Sesame OP” used hijacked OpenAI’s Assistance API for covert command and control.
Technique: Attackers disguised malicious traffic as normal AI activity, bypassing traditional detection.
- “Instead of using the API for normal chatbot interactions, attackers use it as a covert command and control channel, blending malicious traffic with legitimate AI activity.”
Microsoft: It’s a misuse, not a vulnerability in OpenAI; indicators shared, OpenAI account disabled.
Warning: As AI adoption spreads, trusted cloud services become attractive for malicious repurposing.

5. Apple’s Security Mega Patch

[05:10–06:02]

Major Releases: iOS, iPadOS, and macOS patches fix 100+ vulnerabilities (including 19 in WebKit; total of 105 in iOS Tahoe 26.1).
Discovery: Many found by Google’s “Big Sleep AI.”
Potential Impact: Vulnerabilities risk data theft, memory corruption, sandbox escapes.
Coverage: Also affected: TVOS, WatchOS, Vision OS, Safari.

6. Sensitive Data Breach at Mental Health Provider

[06:02–07:00]

Oglethorpe Inc. (FL, OH, LA) notified 92,000+ patients of info breach—names, SSNs, medical details.
Remediation: Systems rebuilt, FBI notified, 12 months of credit monitoring offered.
Expert Concern:
- Dave Bailey: “Such incidents erode patient trust and urged healthcare providers to go beyond compliance by prioritizing risk based protections for sensitive health information.”

7. US Cyber Corps Scholars Get Deferment Amid Government Shutdown

[07:00–08:20]

Program Impacted: Mass deferment for federal Cyber Corps Scholarship for Service participants facing job shortages.
Scholar Fear: Potential six-figure repayments due to hiring freezes.
OPM Statement: No forced repayments yet; recruiting cybersecurity and AI expertise still national priority.

8. Lawmakers Urge FTC to Probe Flock Safety Over Security Gaps

[08:20–09:04]

Lawmakers: Ron Wyden (OR), Raha Krishnamoorthy (IL) urge FTC to investigate Flock’s weak account security (35+ known breaches).
Issue: No MFA requirement, poor protection for massive amounts of location data (Flock runs LPRs in >8,000 communities).

9. Cybercriminals & Organized Crime Target Logistical Cargo

[09:04–10:44]

Proofpoint: Modern cargo theft wave–cybercriminals infiltrate brokers, hijack shipments using RMM tools.
Impact: Escalating theft—over $111 million in losses in Q3 2025; average stolen shipment: $336,000.
- “Experts expect these cyber enabled social engineering schemes to grow more sophisticated as attackers exploit public load board data to value shipments.”

Featured Interview: The Rise of Cybercrime Enablement Services

[12:41–14:11]

Guest: Trevor Hilligoss (SpyCloud)

Trend: Proliferation of tools/services giving low-tech criminals the ability to execute complex attacks.
- “You know, we see that [capability] being given to much lower sophistication, lower tech folks… the person that's buying access to this, they basically need a phone and a Bitcoin wallet.” (Trevor Hilligoss, [13:00])
Key Takeaway: Sophisticated attack capability is now commoditized, lowering the technical barrier dramatically.

Deep Dive: ICE’s Facial Recognition Controversy

[15:27–22:38]

With: Ben Yellen (University of Maryland, Caveat Podcast co-host)

1. The Technology:

ICE/CBP’s “Mobile Fortify” App: Facial recognition checks citizenship/legal status against a DB of 200M+ faces, with results stored for 15 years.
- “This biometric data can be stored for 15 years.” (Ben Yellen, [15:43])
- “Agents take a photo… checked against Customs and Border Protection’s Traveler Verification System… system returns relevant details, name, date of birth, nationality, et cetera.” (Ben Yellen, [16:20])

2. Privacy & Civil Rights Concerns:

No way to refuse scan; potential for Fourth Amendment infringement—especially since many scanned are not confirmed as non-citizens.
- “It’s going to implicate the rights of US persons.” (Ben Yellen, [17:38])
DHS policy: facial scan non-negotiable.
Facial recognition less accurate on people of color—concern for discriminatory impact.
- “Facial recognition frequently fails ... when reviewing faces of people of color.” (Ben Yellen, [19:03])

3. Legal and Political Pushback:

Congressman Bennie Thompson (MS):
- “This practice is frightening, repugnant, and unconstitutional.” (Dave Bittner quoting, [18:34])
Supreme Court: Race considered permissible in initial screening, raising red flags for civil liberties.
Legal challenge unlikely to succeed immediately; meaningful reform may need congressional action.

4. Practical Enforcement Reality:

No “opt-out”—noncompliance may result in physical compulsion.
- “They could probably make you comply with the use of physical force.” (Ben Yellen, [21:54])

Noteworthy: The Louvre’s $90 Million Blunder

[22:56–24:48]

Incident: $90M in crown jewels stolen in daylight; investigation found the surveillance server’s password was simply “Louvre.”
Quote:
- “A password so weak it could have been guessed by a tourist in line for tickets.”
Lesson: Insider threats and password neglect can undermine even the world’s most prestigious institutions.

Memorable Quotes

Trevor Hilligoss (SpyCloud):
- “The person that's buying access to [cybercrime enablement services] … basically need a phone and a Bitcoin wallet.” [13:00]
Ben Yellen (re: facial recognition):
- “Given that this is a pretty invasive use of technology, it’s data that can be collected and used against you for up to 15 years.” [17:15]
- “They could probably make you comply with the use of physical force.” [21:54]
Dave Bittner (on the Louvre heist):
- “A password so weak it could have been guessed by a tourist in line for tickets.” [24:48]

Timestamps for Key Segments

China/Cisco Firewalls: [00:53–02:15]
MIT Sloan AI Study Retraction: [02:15–03:38]
Cybersecurity Training Ineffectiveness: [03:38–04:18]
OpenAI API Exploited: [04:18–05:10]
Apple Security Updates: [05:10–06:02]
Healthcare Data Breach: [06:02–07:00]
Cyber Corps Scholar Deferment: [07:00–08:20]
Flock Safety Security Gaps: [08:20–09:04]
Cybercriminals & Cargo Theft: [09:04–10:44]
Cybercrime Enablement Services Interview: [12:41–14:11]
ICE’s Facial Recognition Deep Dive: [15:27–22:38]
Louvre Heist, Weak Password: [22:56–24:48]

A storm brews behind the firewall.

Powered by Wave AI

Summary

CyberWire Daily – “A storm brews behind the firewall.”

Overview

Key News & Analysis Segments

1. China-Linked Attackers Breach Cisco Firewalls

2. MIT Sloan Retracts Controversial AI-Ransomware Study

3. Study Questions Effectiveness of Cybersecurity Training

4. Hackers Exploit OpenAI API as Stealth Malware Channel

5. Apple’s Security Mega Patch

6. Sensitive Data Breach at Mental Health Provider

7. US Cyber Corps Scholars Get Deferment Amid Government Shutdown

8. Lawmakers Urge FTC to Probe Flock Safety Over Security Gaps

9. Cybercriminals & Organized Crime Target Logistical Cargo

Featured Interview: The Rise of Cybercrime Enablement Services

Guest: Trevor Hilligoss (SpyCloud)

Deep Dive: ICE’s Facial Recognition Controversy

With: Ben Yellen (University of Maryland, Caveat Podcast co-host)

1. The Technology:

2. Privacy & Civil Rights Concerns:

3. Legal and Political Pushback:

4. Practical Enforcement Reality:

Noteworthy: The Louvre’s $90 Million Blunder

Memorable Quotes

Timestamps for Key Segments

Overall Tone

Summary

CyberWire Daily – “A storm brews behind the firewall.”

Overview

Key News & Analysis Segments

1. China-Linked Attackers Breach Cisco Firewalls

2. MIT Sloan Retracts Controversial AI-Ransomware Study

3. Study Questions Effectiveness of Cybersecurity Training

4. Hackers Exploit OpenAI API as Stealth Malware Channel

5. Apple’s Security Mega Patch

6. Sensitive Data Breach at Mental Health Provider

7. US Cyber Corps Scholars Get Deferment Amid Government Shutdown

8. Lawmakers Urge FTC to Probe Flock Safety Over Security Gaps

9. Cybercriminals & Organized Crime Target Logistical Cargo

Featured Interview: The Rise of Cybercrime Enablement Services

Guest: Trevor Hilligoss (SpyCloud)

Deep Dive: ICE’s Facial Recognition Controversy

With: Ben Yellen (University of Maryland, Caveat Podcast co-host)

1. The Technology:

2. Privacy & Civil Rights Concerns:

3. Legal and Political Pushback:

4. Practical Enforcement Reality:

Noteworthy: The Louvre’s $90 Million Blunder

Memorable Quotes

Timestamps for Key Segments

Overall Tone