A

You're listening to the Cyberwire Network, powered by N2K.

B

AI adoption is exploding and security teams are under pressure to keep up. That's why the industry is coming together at the Data SEC AI Conference, the premier event for cybersecurity, data and AI leaders. Hosted by data security leader ciara. Built for the industry, by the industry, this two day conference conference is where real world insights and bold solutions take center stage. Datasec AI25 is happening November 12th and 13th in Dallas. There's no cost to attend, just bring your perspective and join the conversation. Register now@datasecai2025.com CyberWire British authorities arrest a man in connection with the Collins Aerospace ransomware attack. CISA says attackers breached a U.S. federal civilian executive branch agency last year. Researchers uncover two high severity vulnerabilities in Super Micro server motherboards. A Las Vegas casino operator confirms a cyber attack. Analysts track multiple large scale automated email phishing campaigns. Librezva issues an emergency patch for its email security gateway. Our guest next is Jason Clark, Chief Strategy Officer at Ciera. Tackling the security threat of agentic AI and robocars get misdirected by mirrors it's Wednesday, September 24, 2025. I'm Dave Buettner and this is your CYBERW Intel Briefing. Thanks for joining us. It is great to have you with us. British authorities arrested a man in connection with a ransomware attack on Collins Aerospace, a subsidiary of RTX that disrupted airport check in systems and caused widespread travel delays across Europe. The national crime agency said the suspect was detained under the Computer Misuse act and released on conditional bail, adding the investigation remains in its early stages. No group has yet claimed responsibility and monitoring sites have not detected related leaks on the dark web. Meanwhile, the UK government says a new artificial intelligence tool has helped recover nearly 500 million pounds in fraud over the past year, the largest amount ever reclaimed by anti fraud teams. About 186 million pounds of that total was linked to COVID 19 schemes, including fraudulent bounce back loans. The fraud risk assessment accelerator developed by the Cabinet Office cross references departmental data and scans policies for weaknesses before they can be exploited. Officials plan to license the tool internationally with interest from the us, Canada, Australia and New Zealand. Ministers say the recovered funds will support frontline services, but critics warn of risks around bias and civil liberties. Campaign groups have previously accused government fraud detection AI of unfairly targeting vulnerable groups groups CISA disclosed that attackers breached a US Federal civilian executive branch agency last year by exploiting an unpatched geoserver flaw. The remote code execution bug patched in June 2024 was later added to CISA's known exploited vulnerabilities catalog after proof of concept exploits emerged. Online Shadow Server observed active attacks beginning July 9th with threat actors compromising two agenc servers. Within weeks. They deployed web shells like China Chopper, used brute force to steal passwords, and escalated privileges through compromised service accounts. The intruders went undetected for three weeks until an endpoint detection tool flagged suspicious activity. CISA urged agencies to prioritize patching closely, monitor alerts and strengthen incident response. Researchers have uncovered two high severity vulnerabilities in Super Micro Server motherboards that let attackers install malicious firmware which runs before the operating system, making infections extremely persistent and hard to remove, security firm Binarly says One flaw stems from an incomplete January patch for an earlier issue, and a second critical bug was also found. The weaknesses target Baseboard management controllers, or BMCs, which can reflash UEFI firmware stored in a soldered SPI chip. Exploits let attackers replace signed firmware images without tripping verification, and they could be deployed after gaining BMC admin access or via compromised update servers. This matters because implanted firmware survives OS reinstalls and hard drive replacement. That persistence can enable long term espionage, data destruction or control of servers, including those in AI data centers. Defenders should prioritize verified BMC firmware updates, audit update servers and assume firmware integrity may be at risk. Boyd Gaming Corporation confirmed hackers accessed its internal systems, stealing employee data and information tied to some individuals. The Las Vegas based operator stressed that hotel and casino operations were not disrupted. In a filing with the U.S. securities and Exchange Commission, Boyd said it had notified affected parties, regulators and law enforcement. The company engaged external cybersecurity experts, activated insurance coverage and stated it does not expect a material financial impact. Boyd operates 11 casinos in Las Vegas and additional sites nationwide. Analysts at Barracuda tracked multiple large scale automated email phishing campaigns abusing OAuth flows, cloud platforms and popular online tools. Kits such as Tycoon and Evil proxy exploit Microsoft OAuth to steal tokens, bypass Multi Factor authentication and register malicious apps that request broad scopes. Attackers also host phishing pages on serverless platforms, website builders and productivity tools, notably Logokit and weaponize trusted services like Google Translate to mask malicious domains. Other Campaigns target Twilio's SendGrid accounts to send authenticated phishing and abuse Google Classroom and Meet to funnel victims to WhatsApp scams. Barracuda urges organizations to restrict trusted redirect URLs limit OAuth scopes, validate short lived tokens, enforce explicit account selection, monitor logs for anomalies, and train users and developers to spot these evolving phishing as a service threats elsewhere For Scouts, Videre Labs reports a surge in phishing that pairs Telegram bots with front end hosting platforms, enabling rapid, low cost reputation shielded campaigns. Researchers analyzed 9,100 domains between April 2020 and August of this year. Generic TLDS dominated with.com, app and.dev Prominent hosting was clustered on servers from Cloudflarenet Fastly and Amazon. Attackers automate site, spin up, embed bot tokens and reuse them across domains, enabling easy clustering campaigns, spoof banks, webmail and enterprise tools and often target meta admins and cryptocurrency users. FHP abuse rose steadily since 2021 with recent shifts toward surge. It's significant because trusted provider domains help phishing bypass filters at scale. Defenders should control Telegram bot API traffic, monitor FHP access, apply DNS policies, enforce mfa, detect risky sign ins, and accelerate takedowns using exposed tokens. A large phishing campaign abused GitHub's notification system to target developers with cryptocurrency draining malware disguised as y Combinator Winter 2026 invitations. Attackers created hundreds of fake issues in repositories tagging usernames, so GitHub's automated emails delivered the lure directly to inboxes. Victims were urged to apply for $15 million in YC funding via a fake site using a misspelled domain. The site ran obfuscated JavaScript that tricked users into verifying wallets, which instead authorized malicious withdrawals. Reports to GitHub, IC3 and Google safe browsing prompted takedowns, though it remains unclear if assets were stolen. Experts advise any developers who connected wallets to migrate funds immediately. The real YC application portal is hosted by Y Combinator and closes November 10th. Librezva issued an emergency patch for its email security gateway after detecting active exploitation of a command injection flawless. The medium severity bug triggered by malicious compressed attachments allowed arbitrary command execution from non privileged accounts. At least one attack attributed to a suspected state actor has been confirmed. The vulnerability affects ESG versions 4.5 and later, with fixes deployed automatically across cloud and on premise systems. Librezva released the update within 17 hours, adding improved sanitation, compromise, scanning and self assessment. Investment checks Coming up after the break, my conversation with Jason Clark from Sierra we're tackling the security threat of agentic AI and robocars get misdirected by mirrors. Stay with us Foreign.

C

Perspectives is back with an all new season. This season is all about change. Whether it be emerging technologies like AI, shifting governmental roles or evolving threats, we are sitting down with security experts and getting their insights to help you make sense of these changes.

A

We are part of a larger ecosystem and if you look at the largest cyber incidents, they have massive downstream effects.

C

I'm Ethan Cook and editor of ciso Perspectives at N2K CyberWire. This week host Kim Jones with his first guest Ben Yellen to discuss the current state of regulation. Absolute security by definition is an oxymoron. I can secure you absolutely if you shutter your doors, wipe your computers, wrap them in Lucite and drop them in Marine ass trash. But then again, you ain't gonna make no money. CISO perspectives is an N2K Pro exclusive show, but for this season we're sharing the first two episodes free on the Cyberwire daily. To hear the full season, visit TheCyberWire and click on subscribe now to become an N2K Pro Member.

B

@ Thales, they know cybersecurity can be tough and you can't protect everything. But with Thales, you can secure what matters most. With Thales industry leading platforms, you can protect critical applications, data and identities anywhere and at scale with the highest roi. That's why the most trusted brands and largest banks, retailers and healthcare companies in the world rely on Thales to protect what matters most applications, data and identity. That's Thales T H A L E S learn more@talasgroup.com cyber compliance regulations, third party risk and customer security demands are all growing and changing fast. Is your manual GRC program actually slowing you down? If you're thinking there has to be something more efficient than spreadsheets, screenshots and all those manual processes, you're right. GRC can be so much easier and it can strengthen your security posture while actually driving revenue for your business. You know, one of the things I really like about Vanta is how it takes the heavy lifting out of your GRC program. Their trust management platform automates those key compliance, internal and third party risk, and even customer trust so you're not buried under spreadsheets and endless manual tasks. Vanta really streamlines the way you gather and manage information across your entire business. And this isn't just theoretical. A recent IDC analysis found that compliance teams using Vanta are 129% more productive. That's a pretty impressive number. So what does it mean for you? It means you get back more time and energy to focus on what actually matters, like strengthening Your security posture and scaling your business. Vanta GRC Just imagine how much easier trust can be. Visit vanta.com cyber to sign up today for a free demo. That's V A N T a dot com CYBER. Jason Clark is Chief Strategy officer at ciara. And in today's sponsored Industry Voices segment, we tackle the security threat of agentic AI.

A

When you look at it, you had the Internet which kind of connected the world, and then humans still searched, clicked and decided what to build on that and what to do. And then you had mobile, which then all of a sudden made it portable computing, which also just built off top of the Internet, which has already been done before. And then cloud was another way of it then just really just unlocked scale. But still the humans had to orchestrate, operate it, decide to move to the cloud. You know, I remember even when cloud started happening, people are saying, oh yeah, well there's no way we'll ever go to the cloud, even mobile. As I was a CISO at a Fortune 100, everybody said, yeah, there's no way that we are, we're adopting, you know, those mobile devices we're keeping, you know, or Apple, right? We're keeping the BlackBerry because it's super secure and you know, we all love it. And what's, what's big difference here is one. Everybody's saying, wow, like we have no choice, we have to adopt this. If our business at our enterprise or organization is going to be able to be competitive in the world, we have no choice but to adopt AI. This is having every single boardroom. That didn't happen with the Internet in the beginning, the cloud in the beginning, and mobile in the beginning. So I kind of say that, you know, AI is a tsunami where the others were waves.

B

Hmm. Now that's a really interesting analogy. I'm curious, when we look at this from a security point of view, why is it that these traditional security architectures break down when faced with agentic AI?

A

What happens is it pushes the boundaries of traditional controls. Today we rely on segmented systems, static rules, visibility limited by kind of a role or platform. So the software does what it's told, the humans initiate actions and the systems follow predictable patterns. And that's really how security has always been built. It's been rule based, if then else just regular expression. And then all of a sudden what happens is you're empowering the system to act as a human, to learn and watch what you do, to improve what you do. And as soon as you do that, you have kind of unbounded behavior where the agents, you know, don't follow code, they interpret intent. And that creates a big, you know, unpredictability and risk for us. It breaks scale because if I have thousand agents that are acting as Jason on my behalf, trying to help me scale and do, you know, a lot more things than what I can do today, they're having to make decisions on their own about the things that I would want done, how would I have done that? And so that breaks the scale because I can't have a human in the loop checking and assessing every single thing. And this is the explosion of the access. Then you've got, let's say call it a thousand agents per human. That's a lot of identities that have a lot of access and they're creating a lot of data. And data is the main reason we exist in information security. All of a sudden you've got this. We think this data is growing fast now. Just think, just imagine what will happen when you've got a thousand agents act on your half. So then you have an attribution collapse where all those thousand agents that were acting on my behalf, are they me or are they not me? And who's responsible and what was their intent, what was their motive? And can they be convinced to do something bad with the access that they've been given.

B

Can you give us some examples here of where things with agentic AI could be potentially spin out of control?

A

Yeah, absolutely. The, you know, I, Juan, I talk to a lot of CISOs where they are being told by their boards, by their CEOs. Look, we need a plan where how we're some percent of HR, some percent of legal, some percent of customer success and support and IT help desk just the work is done by agents acting as humans. There's got to be some level of work. And go figure that out. And you even see CEOs where they're challenging now. Okay, you're asking for these hundred heads. I want to know why 20 of those can't be done by AI. Give me, give me the analysis or your existing people, why can't they be done by AI? So an example in the real world is hr. Think about the interactions in a large enterprise where you're, you're asking HR for hey, can you help me with leave policies or with onboarding or can you explain the different benefit packages compared against each other. For my specific situation, here's my family. You know, you can slack or email HR asking something about compensation and payroll that pretty much some human then has to go and log into workday and go figure out versus you can just engage with an, with a bot that can do that. Same with legal. Most, you know, kind of if I want a legal contract reviewed, most of it is basic stuff or even asking, hey, does this, does this contract need to comply under gdpr? And it will say, well, can you answer these three other questions? Or if I wanted to, you know, draft a custom NDA real quick, I don't need to go and have an expensive person go in and doing that. So those are examples of what's happening today in the real world that, you know, other than what everybody else is witnessing just around when they engage now with, you know, agents in a customer success environment.

B

What should security teams be looking out for here? I mean, it's funny, I was interviewing somebody just a few days ago and you know, we often talk about shadow IT and they use the term shadow AI and that was the first time I'd heard that it makes perfectly good sense. But does that term resonate with you?

A

Yeah, I mean I think that's going to be the majority of AI. It's not going to be, it's. This is where IT or technology starts to happen in the business and not in the business at the C level. Just, you know, your every business is going to find out that they've got hundreds of people building models and using agents. It's just, it's just too, you know, the business exists to acquire and retain profitable customers. And I think the days of it being able to control and maintain except in highly regulated environments where you're going to be able to, you know, slow everything down, that's not going to work whenever, you know, the business is trying to go fast. And so really what the security teams and chief data officers need to do is focus on just having full awareness of the shadow AI and understanding the use cases and really just giving awareness to it and then protecting where it's just highly at risk and then trying to help guide them on a path that is better for the business from an efficiency standpoint where people aren't trying to do the same thing over and over again, but also security. Right. That is the responsibility. But AI is a consumer of data at epic proportions and a creator of data at epic proportions. And so it's the largest security risk I think security teams has ever seen in their life. And if they're not ready for it, it's going to break security.

B

What do you suppose the path forward is? I mean, if we agree that legacy security tools aren't going to be sufficient here how do we design these controls that are going to keep up with these autonomous agents?

A

So I, the way I think we've always thought about things is where I kind of say we had these basic little muscles connected to almost like an insect brain, where it's if then else, right? We just had these sensors all over the place. What we need to do is just have a holistic view of all of our data, all of the access, all of our users, and therefore all of the models, all of the agents. And if I can understand everything that's accessing, the stuff I care about, and then everything that's being created that I might care about, then all of a sudden I've got complete visibility. So it all starts with just having full visibility to the models, to my data and to my users and to the agents. And then it's are they doing the right things? Then it becomes behavior. So you know, then it's analytics on top of that. It's basically data and access, you know, versus we've got threat platforms, vulnerability platforms, cloud platforms, network security platforms. But you don't have a data and access kind of operating system to be able to give you this visibility. So it all starts with visibility and then you start making the security protection compliance decisions behind that.

B

How do you suppose organizations are going to find balance here, are going to find that equilibrium? You know, on one side we've got this promise of agentic AI, all the productivity and efficiency that it can provide, but on the other hand we've got the risks that it introduces to the enterprise. How do you turn that dial?

A

I mean that it's, you know, it's just like anything when the first cars were there, right, they didn't have seatbelts, they didn't have airbags, and they went fast and things bad did happen. But you know, they, they built them to accomplish something, to get somebody somewhere, then they accomplished them to go fast. And so it's the job to quickly again, not stop, say nobody can own cars, nobody can go fast. You just start building controls in place and guardrails and safety mechanisms and some laws about speed limits. And then you build seat belts and brakes and, and airbags. And so that's really what we need to do, is just know that this is going to happen. But quickly, much quicker than we ever have is build the safeguards in place and then just hyper focus on the risky scenarios like what should somebody not be doing right and what models or what agent behaviors are super risky. Giving giving a model access to all of your snowflake environment or an entire database versus segmenting it to some table specific to its purpose. There's these rules and safeguards just like everything else. I would say that security strategy is not changed. It's the tactics that change. Every time there's new technology, the tactics change. But fundamental principles of know yourself, know your data, what's the attack surface, Minimize that attack surface and then complicate access and then monitor and respond has been the same for the last 30 years.

B

Looking towards the future here, I mean the next year, the next year and a half or so, what do you think is going to separate the organizations that can adapt successfully to this from those that are going to struggle with agentic AI?

A

They'll treat AI agents like it's a user with a lot more power. So not as a tool with limits. They will have, they will start to see that data and access have to converge. You can't treat them separately. They're two sides of the same coin. And they will have a solution that is AI and agent awareness basically data and access solution which converges data security converges iam so that they kind of have this one central view of visibility and then be able to action containment and protection. And then third, they'll build AI security teams and governance programs in the same way that we have with every other topic and every other wave that's faced us for the last many decades. Right. It just becomes a norm. You know, people don't really talk about being a mobile company or a cloud native company anymore. It's just automatic. Everybody will be AI native at some point in the future.

B

That's Jason Clark, chief strategy officer at Ciera. Investigating is hard enough. Your tools shouldn't make it harder. Maltego brings all your intelligence into one platform and gives you curated data along with a full suite of tools to handle any digital investigation. Plus with on demand courses and live training, your team won't just install the platform, they'll actually use it and connect the dots so fast cybercriminals won't realize they're already in cuffs. Maltego is trusted by global law enforcement, financial institutions and security teams worldwide. See it in action now. @maltego.com.

D

I'm Christian McCaffrey, pro running back and Abercrombie is an official fashion partner of the NFL. I'm not kidding when I say NFL by Abercrombie broke the Internet last year and I think this is season's lineup is even cooler. And so does my wife who keeps stealing all my hoodies. Stay fit for the season and Abercrombie's newest arrivals shop NFL by Abercrombie in the app, online and in store.

B

And finally, turns out, autonomous vehicles may be less self driving and more easily distracted. Magpie Researchers in France and Germany discovered that mirrors can fool lidar, the laser based navigation tech used in most robocars, into either ignoring real obstacles or swerving to avoid ones that don't exist in campus parking lot trials. A traffic cone vanished entirely behind strategically placed mirrors, a so called object removal attack. With a different setup, the car slammed on the brakes for a phantom obstacle conjured by an object addition attack. Two mirrors were enough to fool the system most of the time, and six produced even more convincing illusions. While Tesla famously avoids lidar, nearly everyone else relies on it, raising uncomfortable questions about whether $100 in hardware store mirrors could send your robo taxi into an existential crisis. Researchers suggest thermal imaging as a partial defense, though admit it's far from a silver bullet. And that's the CyberWire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music by Elliot Peltzman. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. Foreign Cyber Innovation Day is the premier event for cyber startups, researchers and top VC firms building trust into tomorrow's digital world. Kick off the day with unfiltered insights and panels on securing tomorrow's technology. In the afternoon, the 8th annual DataTribe Challenge takes center stage as elite startups pitch for exposure, acceleration and funding. The Innovation Expo runs all day, connecting founders, investors and researchers around breakthroughs in cybersecurity. It all happens November 4th in Washington, D.C. discover the startups building the future of cyber. Learn more@ciddatatribe.com.