A

You're listening to the Cyberwire Network powered by N2K.

B

From phishing to ransomware, cyber threats are constant. But with Nordlayer, your defense can be too. Nordlayer brings together secure access and advanced threat protection in a single seamless platform. It helps your team spot suspicious activity before it becomes a problem by blocking blocking malicious links and scanning downloads in real time, preventing malware from reaching your network. It's quick to deploy, easy to scale, and built on zero trust principles so only the right people get access to the right resources. Get 28% off on a yearly plan at nordlayer.com cyberwire daily with code CYBERWIRE28 that's nordlayer.com CyberWire Daily Code CYBERWIRE28 that's valid through December 10, 2025. Cyber Command names a new head of AI the UK introduces its long delayed cybersecurity and resilience bill. Researchers highlight a critical Oracle Identity Manager flaw. Salesforce warns custom rumors of a third party data breach. Italy's state owned railway operator leaks sensitive information, sonicwall patches, firewalls and email security devices. The US Charges four individuals with conspiring to illegally export restricted Nvidia AI chips to China. The SEC drops its lawsuit against Solar Winds. NSO Group claims a permanent injunction could cause irreparable and potentially existential harm. Maria Vermazes from the T Minus Space Daily show sits down with retired general Daniel Karbler to discuss his consulting work on A House of Dynamite, the newly released Netflix film, and Roses are red, violets are blue. This poem just jailbroke your AI too. It's Friday, november 21, 2025. I'm dave pittner and this is cyberwire intel briefing. Thanks for joining us here today. Happy Friday. Brigadier General Reed Novotny has begun serving as the new Chief Artificial intelligence officer at U.S. cyber Command, announcing the move in a LinkedIn post he noted was written with AI assistance. He said the United States is in a pivotal moment as artificial intelligence reshapes global competition, military operations and how adversaries seek advantage. Novotny emphasized the need for responsible innovation, rapid integration of advanced capabilities and strong partnerships across the Pentagon, industry and academia. He added that adopting AI at scale will require cultural change as much as technological progress. Prior to this role, Novotny served as the National Guard Bureau's Director of Intelligence and Cyber Effects Operations and as a senior military policy advisor at the Office of the National Cyber Director. The UK Government has introduced its long delayed Cybersecurity and Resilience Bill, a sweeping measure aimed at strengthening national defenses. As Cyberattacks cost the economy an estimated 14.7 billion pounds each year. The bill broadens the range of organizations required to meet cybersecurity standards, including suppliers to critical sectors such as healthcare and water, as well as managed service providers. It grants new powers to the technology secretary to mandate security actions during national security threats. Experts say rising geopolitical tensions and recent high profile breaches, including the Synovus Lab attack and incidents affecting Jaguar Land Rover, highlight the urgency. The bill aligns with plans to ban ransom payments but will not be enforced until 2027, raising concerns about regulatory capacity and readiness. Searchlight Cyber disclosed a critical Oracle identity manager flawed a pre authentication remote code execution vulnerability chained from an authentication bypass. Oracle patched it in October 2025 and confirmed it is easily exploitable. Searchlight warned it could enable full system compromise, including access to servers handling sensitive data sans researchers later found signs of possible zero day exploitation between August 30 and September 9, likely by a single actor also scanning for other vulnerabilities, including liferay and log4j. Salesforce has warned customers of a data breach traced to Gainsight, a partner whose applications integrate with Salesforce environments. The company detected unusual activity in Gainsight published apps managed directly by customers and said the issue may have enabled unauthorized access to certain Salesforce data. Salesforce stress the breach was not caused by flaws in its own software and has revoked all access and refresh tokens tied to the affected apps, which were also removed from the app exchange. Security experts believe more than 200 customers may be impacted and suspect the Shiny Hunters group, which has previously targeted Salesforce partners. The incident highlights growing supply chain risks echoed by IBM's 2025 breach report, noting high costs, rising prevalence and long detection times for third party compromises. Data from Italy's state owned railway operator Ferrovi Deglio Stato Italiani, which I'm sure I just butchered, was leaked following a breach at its IT provider Almalviva. A threat actor claimed to have stolen 2.3 terabytes of recent and highly sensitive material, including internal FS documents, strategic plans, defense related contracts, employee and passenger data, financial records and information tied to multiple subsidiaries. Almaviva confirmed the cyber attack on its corporate systems and said some data was taken though critical services remained operational. The company activated its incident response procedures and notified Italian authorities, including the Public Prosecutor's Office and the National Cybersecurity Agency. Evidence that the documents extend into the third quarter of 2025 suggest the breach stems from a new intrusion rather than reuse of data stolen during Almaviva's 2022 compromise, SonicWall released patches for several high severity flaws affecting Gen7 and Gen8 firewalls and its email security appliances. A stack based buffer overflow in the Sonic OS SSL VPN service could let remote unauthenticated attackers crash devices. Two additional email security issues allow arbitrary code execution when root file system images are not verified, fixes are available and customers are urged to restrict SSL VPN access until updated. SonicWall says there's no evidence of exploitation four individuals in the US have been charged with conspiring to illegally export restricted Nvidia AI chips to China. Prosecutors say the group used shell companies, falsified paperwork and routed shipments through Malaysia and Thailand to evade export controls imposed in 2022. A Tampa firm, Janford Realtor LLC, allegedly served as the front for the operation. Two shipments succeeded, sending 400 Nvidia A100 GPUs into China, while law enforcement blocked two others involving H100 powered supercomputers and 50 H200 GPUs. The defendants allegedly never sought required licenses and received nearly $3.9 million from China to fund the scheme. Officials described the case as part of a broader effort to disrupt illicit pipelines for advanced USAI hardware. The defendants face up to 20 years in prison. The SEC has dropped its 2023 lawsuit accusing SolarWinds and its CISO of misleading investors about weak cybersecurity practices. The agency offered no explanation beyond saying the move was discretionary. SolarWinds called the dismissal a vindication, noting industry concerns about the case's chilling effect on security leaders. The decision follows a 2024 ruling that rejected most SEC claims as speculative. The suit had focused on disclosures before and after the Russian linked 2020 breach that compromised major companies and US government agencies. NSO Group is asking a federal court to pause the permanent injunction blocking it from targeting WhatsApp while it appeals, arguing the order would cause irreparable and potentially existential harm. In a new filing, the company says the injunction would force it to destroy code that cannot be recovered, halt lawful sales of its Pegasus spyware to government customers, and leave competitors unrestricted. NSO also argues the order conflicts with the Computer Fraud and Abuse act, which exempts authorized U.S. law enforcement and intelligence activity. The company claims a stay is in the public interest because Pegasus supports counterterrorism and criminal investigations, noting the injunction would bar any future US government use. The motion follows NSO's leadership shakeup and confirmation of new US investors. Coming up after the break, Maria Ramazes speaks with General Daniel Karbler described discussing his consulting work for A House of Dynamite and Roses are red, violets are blue. This poem just jailbroke your AI too. Stick around. At Talas. They know cybersecurity can be tough and you can't protect everything, but with Thales, you can secure what matters most. With Thales industry leading platforms, you can protect critical applications, data and identities anywhere and at scale with the highest roi. That's why the most trusted brands and largest banks, retailers and healthcare companies in the world rely on Thales to protect what matters most applications, data and identity. That's Thales. T H A L E S learn more@thalesgroup.com cyber. Ever wished you could rebuild your network from scratch to make it more secure, scalable and simple? Meet Meter, the company reimagining enterprise networking from the ground up. Meter builds full stack zero trust networks including hardware, firmware and software, all designed to work seamlessly together. The result? Fast, reliable and secure connectivity without the constant patching, vendor juggling or hidden costs. From wired and wireless to routing, switching, firewalls, DNS security and vpn, every layer is integrated and continuously protected in one unified platform. And since it's delivered as one predictable monthly service, you skip the heavy capital costs and endless upgrade cycles. Meter even buys back your old infrastructure to make switching effortless, transform complexity into simplicity and give your team time to focus on what really matters, helping your business and customers thrive. Learn more and book your demo@meter.com cyberwire that's M E T E R.com cyberwire. My N2K colleague Maria Vermazes from the T Minus Space Daily podcast recently sat down with retired General Daniel Karbler to discuss his consulting work for the new Netflix film A House of Dynamite.

C

I served almost 37 years in the Army. Started way back in 1987. I graduated West Point. My career field was air and missile defense, which I've done my entire 37 years. I culminated as the commander for U.S. army Space and Missile Defense Command, headquartered in Huntsville, Alabama at Redstone Arsenal. But we also had elements of our command Global as we provided missile early warning as well as, you know, missile defense with our soldiers in Fort Greely. And prior to that I spent three years as the STRATCOM Chief of Staff. So I became pretty well versed in strategic deterrence nuclear operations. And at that time STRATCOM had the missile defense responsibility too. So it was kind of a melding of all your classic elements or your elements of classic deterrence imposed unacceptable cost, deny benefit, and then being able to credibly message it. I also, just by way of some background too, I was the Army's testing evaluation command commander. So I was a two star. So all army testing that took place for weapon systems, you name it, I was responsible for that testing, which proved to be pretty very helpful in just different other jobs that I had.

A

Thank you so much for joining me. We're going to be specifically talking about a more recent project, the Netflix film A House of Dynamite, which has been just on the lips of everyone I work with lately. You had a major, major part in that film. Can you please give me sort of the pitch about what you were involved in with that film?

C

Sure. So, you know, first off, I retired from the army about a year and a half ago. Being a technical advisor to Kathryn Bigelow in a movie was not on my retirement to do much.

A

I didn't get to imagine it didn't.

C

Even make the top hundred on the one to end list. But what happened was Doug Lute, who was a general, retired Doug Lute, who was Ambassador Lute, he had been doing some advising to Catherine for some of the White House situation room scenes. And she asked him, she said, do you know anybody who knows anything about StratCom or Fort Greely or missile defense or nuclear pressure? He said, I got a guy who just retired and he actually did all those jobs. And so he put me in touch with the producer, Greg Shapiro, gave me a call, said, hey, would you like to advising this movie? I said, sounds intriguing. He goes, we'll set up a zoom call with Catherine and myself, a couple other folks as part of the production. And so we set up the zoom call and everybody was kind of popping in. And then I had an idea and so I left my camera off as everybody's popping in and they're chatting. And then there was a little break in the conversation. And I click on my microphone, but I still left the camera off. Click on my microphone, said, this is the DDO from the Pentagon convening a national security conference. Classification of this conference is top secret. TK SI Poland usstratcom US Northern Command US Indo Pacific Command SECDEF cables Military assistant to the Secretary. SECDEF cables. Please bring the secretary in the conference. Mr. Secretary, this is the DDO. Because of time constraints in this missile attack, recommend we transition immediately from a national security conference to a strategic deterrence conference. And we bring the President in the conference. Piac Please bring the President in the conference. And I stopped there and then I clicked on my camera and And I said, ladies and gentlemen, that's how the worst day of America's history will begin. I hope your script does it some justice. And that was my cold opening. And Kathryn and I kind of kid with my wife on this. Kathryn Bigelow, she's won an Academy Award for Best Director. So she has to have an eye for good acting talent. Said, oh, my gosh, that was amazing. Dan, I want to have you in my movie. So nailed the audition. And here I am, 12 months, 15 months later, Hollywood.

A

I mean, that is a hell of a pitch. And for those who haven't, the camera off is a really great device in the film. So I'm sure she got that idea from you. Well, Dan, it is a genuine thrill to be speaking with you. And I was telling you right before we started recording, I just watched the film. So my opening question for you, and I mean this with, like, fullest respect, is how did you sleep at night doing that job?

C

Well, a lot of times we didn't sleep at night. Many, many times it'd be 10 o' clock at night, and I'm throwing my uniform on, going back into STRATCOM headquarters to the battle deck, because, you know, our adversaries, they don't sleep. Particularly in 2017. KJU, he was. I mean, he was testing, it seemed like just about every weekend, every other weekend. I mean, the number of Saturdays that were ruined because we were responding to another missile test. Lost count of them, but I did. But you know what? Knowing the professionals that we had, whether on the missile defense side up at Fort Greely or the great airmen, sailors and soldiers that were manning our bombers and the ICBM fields and our subs, they train very, very hard. And we train as an enterprise quite a bit. So even though the topic and the subject is. I mean, it can be mortifying, we have to stay ready. And we were. And we practiced it quite a bit.

A

I don't want to talk too much about what I thought of the film because I want people to go see it if they haven't already. I wanted to ask you about, oh, my gosh, so many things, but one of the threads that goes throughout the film that is a clear driver of the drama is the lack of attribution of this inbound. That, to me, was a really fascinating point about we didn't know where this ICBM is coming from. We just. Our missile defense warning systems sort of just didn't catch where it was starting from. Were we potentially internally compromised? Can you walk me through the realistic? How realistic that kind of scenario is and like what would that really look like? I don't quite understand.

C

Sure. So first off, not a far fetched scenario when before I came into STRATCOM and just before General Hyten, before John Hyten took command of StratCom. Ash Carter who is the Secretary of Defense did a no notice exercise. Now I don't want to say no notice like officer, we just saw nuclear missiles being shot at us and we didn't know what was going on but he basically said on a morning said we are going to do a nuclear operations conference right now. And he started it and he started with an unattributed missile launch from the Pacific because he wanted to see how everybody would react. Now this brought in the entire cabinet and as well as the military, that NMCC all the way to STRATCOM and all of our components. And so as you might expect the military swung to action and went through our processes procedures. The civilian side was a little rusty. I'll charitably say they're a little rusty. Cabinet members weren't in place, did not have the right communications set up to be able to dial into the conference. Some of the principals, you know didn't have a good understanding with their strike advisor and you know what the strike advisor was to do for them, you know with the as, as the scene, the movie, the nuclear decision handbook and so was a good exercise to have because people needed to practice. Ash Carter made it complicated by having a missile that was non attributed. Now now why he did it that way I could speculate that he didn't want to. Vilify is not the right word but he didn't want to make an enemy known. You know, oh look at the Secretary of Defense just made China the aggressor on his own exercise he must really be against China. Right. So it kind of left a vague, kind of, sort of like how the movie did too. No real villain in the movie identifiable because that was. You can broaden the discussion then it's too easy to just say well it was Russia or it was China or it was North Korea and then the discussion gets very narrow and Catherine didn't want to do that. She wanted to keep the discussion very broad. Now when you look at the actual attribution and why did it happen that there wasn't attribution? So Gabe Bassel's character, Jake Barrington, Deputy National Security Advisor who is the most unlucky, harried staff guy in the, in.

A

The government I'm sure you cannot relate. Yeah, yeah, yeah.

C

The scenes where he's on his phone and going through security, we've all been.

A

Kind of, oh my God, yeah, right.

C

We can relate to him. But, you know, he alludes to, you know, maybe it was cyber penetration. And that certainly is, you know, we always are concerned about our different, you know, the threat surface areas that are out there that our adversaries could potentially get into. And so, so that being into the script kind of then helps. The believability factor of the plot is, oh, maybe this is what happened. All my space compadres and friends and of course they're like, sivers would have seen it. Come on. Well, we know that it would have, but it wouldn't have seen it potentially if there was a cyber attack that somehow penetrated into the system. Which again, as Jake Barrington alludes to then too, this is a. Or maybe it was General Brady, Tracy Letts character said, part of a larger, more coordinated attack against the U.S. and so you have to give a lot of credit to Noah Oppenheim, the scriptwriter who did such fantastic research to make sure that it's pretty, the plot is pretty. It's pretty ironclad, really. I mean, people are going to pick around the edges, which, you know, that's good because you're getting the discussion going. But in terms of the feasibility of it, I thought it was good. That's why I signed up for it too. When they gave me the script, I didn't immediately agree to work with them. I wanted to look at the script first. When I look at the script and I saw it and I go, okay, yeah, this is all feasible and I can definitely work with this whole scenario.

B

There is much more to this conversation between Maria vermazes and retired Lt. Gen. Daniel Karbler. Be sure to check out the full interview in the T minus Deep Space episode airing tomorrow in all of your favorite podcast apps, you can find a link in our show Notes.

C

Foreign.

B

What's your 2am Security worry? Is it, do I have the right controls in place? Maybe Are my vendors secure? Or the one that really keeps you up at night? How do I get out from under these old tools and manual processes? That's where Vanta comes in. Vanta automates the manual work so you you can stop sweating over spreadsheets, chasing audit evidence and filling out endless questionnaires. Their trust management platform continuously monitors your systems, centralizes your data, and simplifies your security at scale. And it fits right into your workflows. Using AI to streamline evidence collection, flag risks, and keep your program audit ready all the time. With Vanta you get everything you need to move faster, scale confidently, and finally get back to sleep. Get started@vanta.com cyber that's V A N T A dot com cyber.

D

Meet the computer you can talk to with Copilot on Windows Working, creating and collaborating is as easy as talking. Got writer's block? Share your screen with Copilot Vision to help spark inspiration and use Copilot voice to have a conversation and brainstorm ideas. Or maybe you need some tech help with Copilot Vision. Copilot sees what you see. Let Copilot talk you through step by step guidance so you can master new apps, games and skills faster. Try now@windows.com copilot.

B

And finally, it seems the swiftest way to fool an AI is not through cunning hacks or coders craft, but shaping every scheme in lines of verse. A study shows that when malicious aims are wrapped in meter, rhythm, rhyme and form, their models drop their guard and let them pass 1200 prompts. They tested prose and poem across a host of systems far and wide and found success rose sharply when in rhyme, from modest rates to Heights near 90 plus. The flaw appears in filters stretched too thin, which falter when the input sounds like art. Though smaller models held their footing best, their larger kin proved weak to lyric charm. So let this stand as fair and wry advice, a well placed meter may be more than sweet or pretty. Lines can turn a prompt quite, quite sharp. And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com be sure to check out this weekend's Research Saturday and my conversation with Alex Berninger from Red Canary and Mike Wiley from Zscaler. We're discussing four phishing lures in campaigns dropping RMM tools. That's Research Saturday. Do check it out. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. You if you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music by Elliot Peltzman. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here next week.