Summary6 min read

CyberWire Daily – "Behind the lock lies a flaw."

Date: August 21, 2025
Host: Dave Bittner (N2K Networks)
Guest Interview: Ron Zayas, CEO, Ironwall by Incogni

Episode Overview

This episode dives into the latest, often worrying, cybersecurity headlines: zero-day vulnerabilities in password managers, ongoing threats from state-backed hackers, privacy violations through consumer tech, and the emerging risks of AI-powered browsers. The show also features an in-depth interview with Ron Zayas discussing rampant data sharing and privacy issues within the fast-growing “Buy Now, Pay Later” financial apps. The host’s tone is factual, urgent, and sometimes wry, ensuring both clarity and engagement.

Key News Stories & Analysis

1. DEF CON: Zero-Day Clickjacking Flaws in Password Managers

[02:12]
Czech researcher Marek Toth revealed vulnerabilities in major password managers (1Password, Bitwarden, LastPass, iCloud Passwords, etc.) that exploit clickjacking.
Attackers could overlay malicious elements on legitimate sites to trick users into revealing sensitive data (passwords, 2FA codes, credit cards, personal info).
Response from vendors is mixed: 1Password and LastPass dismissed the issue as “informative,” Bitwarden issued a fix, others remain unpatched.
DEF CON attendees voiced concerns about how “trusted tools could be so easily subverted.”
Experts call for stronger defenses, like confirmation prompts—though at a cost to usability.

2. FBI Warning: Russian State-Backed Hackers Exploit Cisco Flaw

[03:14]
The FBI warns that Russian group Berserk Bear (FSB-linked) is targeting global critical infrastructure through a long-standing Cisco vulnerability (Smart Install protocol).
Hackers have collected configuration files and even established persistent access/backdoors on thousands of devices, spanning telecom, education, and manufacturing sectors.
Cisco has urged immediate patching amid ongoing, multi-year exploitation.

3. Apple Emergency Patches for Zero-Day in Image IO Framework

[04:34]
Apple fixed a dangerous out-of-bounds write error affecting iOS, iPadOS, and macOS.
Attackers could crash devices or execute code via malicious images.
Urgent call for users to update due to active, targeted exploitation.

4. Home Depot Sued for Undisclosed Facial Recognition

[05:12]
A class action lawsuit alleges that Home Depot used facial recognition at Chicago self-checkouts without informing or obtaining consent, likely breaching Illinois’ Biometric Information Privacy Act.
Customers could seek considerable damages per incident; the case follows other recent facial recognition scandals.

5. VPN Extension Caught Secretly Spying on Users

[06:07]
Free “VPN1” Chrome extension (100,000+ users) found recording screenshots of everything users visit—including sensitive sessions—masquerading as “AI threat detection.”
Despite "verified" Chrome Store status, Google failed to detect the malicious intent.
The extension also gathered device data and location, with the developer going silent after the exposure.

6. Browser Fingerprinting Surpasses Cookies for Tracking

[07:23]
Fingerprinting now outpaces cookies by tracking users using unique device/browser traits (screen size, fonts, etc.), making it almost impossible to erase this digital “signature.”
It’s stealthy and persistent, posing new challenges for privacy regulation.
Some browsers (Brave, Safari) have mitigations, but Chrome lags behind; users are urged to use tools like uBlock Origin or Tor and “Cover Your Tracks” to assess privacy.

7. Agentic AI Browsers: Insecurity and Scams

[08:32]
Browsers like Microsoft Edge with Copilot and OpenAI’s agent mode carry new risks:
- AI can be tricked into shopping at fake stores or handling phishing emails.
- Prompt injection attacks can make AI download malware or leak sensitive data.
“This scamlexity era means scammers only need to fool the AI, not the human.” [08:55]
AI browsers risk “becoming blind, overtrusting intermediaries.” Security controls must be built-in, not optional.

8. Scattered Spider Hacker Sentenced to 10 Years

[09:37]
Noah Michael Urban (aka King Bob, Sosa), key member of Scattered Spider, received a 10-year sentence and $13M restitution for SIM swapping, wire fraud, and breaches involving companies like Twilio, LastPass, and DoorDash.
Despite his age, the court applied the maximum penalty due to the vast damage.

Featured Interview: Ron Zayas (CEO, Ironwall by Incogni) on Privacy Risks in Buy Now, Pay Later Apps

Interview segment starts at [15:01]

Overview of Buy Now, Pay Later (BNPL) Apps

BNPL sits “between” credit and cash—allowing short-term installment payments, usually with minimal credit checks.
Appeals to users due to its simplicity—“Instead of spending $250 to buy a pair of shoes, it’s…$50 a week…” [15:01]

Who Uses BNPL?

Not just for those without credit, but “more people who have maxed out their credit card…definitely tending to go to a younger demographic…people in their 20s…people doing a lot of impulse buys.” [15:50]
Retailers push BNPL because it drives sales and lowers refund rates—buyers often can’t return products bought this way. [16:18]

Research Findings: Data Collection and Sharing

BNPL apps are “very leaky.” Major apps (Klarna, Affirm, Afterpay) “collect not only a lot of information just from the transaction part…but on top of that…where you are all the time…cookies from other websites…and even information from other mobile apps that you may be using…your contacts information.” [17:35]
- They monetize users by packaging and selling this data well beyond what’s needed for the transaction.

Transparency and Privacy Policy Issues

Disclosure is lacking:
- “If you’re willing to read through a very oblique and long privacy statement, to a degree, they’re telling you that. But…even when you go through the privacy statements…and we’re experts…a lot of times you sit there going, ‘huh?’” [18:41]
- “None of them go into all the detail of everything they’re collecting…especially in the US, they’re guidelines…it’s not a contract. They can change it at any time.” [19:02]
- Ex: Afterpay “have 17 different data types of categories of information that they collect and that they share with third parties, including your credit scores.” [19:22]

Are BNPL Apps Predatory?

“That’s a very fair question to wonder about…they’re encouraging you to spend more…and on top of that, they’re pulling in information from you and they’re monetizing it again. So you’re kind of paying twice…even if you don’t think you’re paying for interest…when your information gets leaked, when it gets hacked…you’re going to pay money…you’re going to pay in identity theft, you’re going to pay in other ways…” [20:16]
“I don’t think you’re wrong in feeling that there’s a little bit of victimization that’s going on here.” [21:53]

Quickfire: Other Notable Segments

Commonwealth Bank of Australia: AI Job Cuts Reversed

[23:52]
CBA cut 45 customer service jobs citing its new AI Voicebot, but after spiking call volumes and union pressure, reversed the cuts and rehired staff.
Host’s wry observation: “Evidently the future is automated, just not evenly distributed.”

Memorable Quotes

“Trusted tools could be so easily subverted.” (On password manager zero-days)
“This scamlexity era means scammers only need to fool the AI, not the human.” [08:55]
“You’re kind of paying twice…even if you don’t think you’re paying for interest…the real price is your personal information.” [20:47, paraphrased]
“I don’t think you’re wrong in feeling that there’s a little bit of victimization that’s going on here.” (Ron Zayas, [21:53])

Timestamps for Key Segments

[02:12] DEF CON password manager zero-days
[03:14] FBI/Cisco flaw exploited by Russian hackers
[04:34] Apple emergency zero-day patch
[05:12] Home Depot facial recognition lawsuit
[06:07] VPN extension caught spying
[07:23] Browser fingerprinting vs. cookies
[08:32] AI browsers and new security threats
[09:37] Scattered Spider hacker sentencing
[15:01] Interview with Ron Zayas on BNPL privacy risks
[23:52] Commonwealth Bank of Australia AI mishap

Conclusion and Takeaways

This episode underscores a critical, recurring theme: technological progress—whether in tools, services, or automation—introduces new opportunities for exploitation and privacy erosion. From zero-day threats embedded in our most trusted security tools, to pervasive digital tracking, to financial apps selling our data, the need for user vigilance and transparent practices is more important than ever. The risks are seldom obvious, and as Zayas and Bittner highlight, the costs may be hidden until it’s too late.

For detailed links and continued updates, listeners are encouraged to visit The CyberWire’s daily briefing online.

Loading summary

Transcript17 lines

[00:02]
Dave Bittner
You're listening to the Cyberwire network. Powered by N2K, the DMV has established itself as a top tier player in the global cyber industry. DMV Rising is the premier event for cyber leaders and innovators to engage in meaningful discussions and celebrate the innovation happening in and around the Washington, D.C. area. Join us on Thursday, September 18th to connect with the leading minds shaping our field and experience firsthand why the Washington, D.C. region is the beating heart of cyber innovation. Visit DMVrising.com to secure your spot. And now a word from our sponsor. The Johns Hopkins University Information Security Institute is seeking qualified applicants for its innovative Master of Science in Security Informatics degree program. Study alongside world class interdisciplinary experts and gain unparalleled educational research and professional experience in information security and assurance. Interested U.S. citizens should consider the Department of Defense's Cyber Service Academy program, which covers tuition, textbooks and a laptop, as well as providing a $34,000 additional annual stipend. Apply for the Fall 2026 semester and for this scholarship by February 28th. Learn more at CS JHU.eduMSSI Zero Day Clickjacking Flaw affect major password Managers the FBI warns that Russian state backed hackers are exploiting a long known Cisco flaw. Apple releases emergency patches for a zero day flaw. Home Depot faces a proposed class action lawsuit accusing it of secretly using facial recognition. A VPN browser extension has been exposed for secretly spying on users. Browser fingerprinting overtakes cookies as the dominant method of online tracking. Agentic AI browsers prove easily scammed. A scattered spider member earns 10 years in federal prison. Ron Zayas, CEO of Ironwall, joins us to discuss the massive data sharing and privacy risks in the leading Buy Now Pay Later Apps and an Australian bank's AI cutbacks are put on permanent hold. It's Thursday, August 21, 2025. I'm Dave Buettner and this is your Cyberwire Intel Brief. Thanks for joining us here today. It's great to have you with us. At Defcon, Czech researcher Marek Toth revealed zero day clickjacking flaws affecting major password managers, including 1Password, Bitwarden, LastPass, iCloud Passwords and others. These vulnerabilities allow attackers to trick users into leaking sensitive data like passwords, two FA codes, credit card details and personal information by overlaying malicious elements on legitimate sites. Despite disclosure, several vendors remain unpatched with 1Password and LastPass, dismissing the issue as informative and Log me once not responding at all. While Bitwarden has since released a fix, other managers are still vulnerable. Attendees at DEFCON expressed concern given how easily trusted tools could be subverted. Security experts urge password manager vendors to implement stronger defenses such as confirmation prompts, though this adds usability tradeoffs. The FBI has issued a warning that Russian state backed hackers tied to the FSB tracked as Berserk Bear are exploiting, creating a long known Cisco flaw to target critical infrastructure worldwide. The vulnerability found in Cisco iOS Smart Install, allows attackers to crash devices or execute arbitrary code remotely. The FBI reports that hackers collected configuration files from thousands of devices linked to US Critical sectors, modified settings for backdoor access and conducted reconnaissance into industrial control systems. Cisco first flagged active exploitation in 2021 and has again urged admins to patch immediately. Cisco Talos confirmed the campaign, noting that compromised telecom, education and manufacturing networks span multiple continents. Attackers are also deploying persistence tools and implants, making urgent patching essential. Apple has released emergency patches for a zero day flaw in the Image IO framework exploited in a sophisticated attack against targeted individuals. The vulnerability, caused by an out of bounds write, could enable memory corruption, crashes or remote code execution when processing malicious image files. Apple fixed the issue with improved bounds checking across iOS, iPados and macOS affecting a wide range of their products. Though likely used in limited attacks, Apple urges all users to update immediately to stay protected. Home Depot is facing a proposed class action lawsuit accusing it of secretly using facial recognition at self checkout kiosks. Plaintiff Benjamin Jankowski claims cameras scanned and recorded his face during a visit to a Chicago store where a green box appeared around his face on screen. He alleges the company introduced computer vision in 2024 to reduce theft, but failed to disclose data collection or obtain consent, violating Illinois's Biometric Information Privacy Act. That law requires notice, explanation and written consent before collecting biometric data. Jankowski seeks to represent customers at 76 Illinois stores, asking for damages of $1,000 per negligent violation and $5,000 per willful violation. The case follows a federal ban on Rite Aid's use of facial recognition after similar misuse. Researchers at Coy Security report a VPN extension promoted as free VPN1 with over 100,000 installs and even featured on Google, which has been exposed for secretly spying on users. Instead of protecting privacy, recent versions silently capture screenshots of every website visited, including banking sessions, work documents and personal photos, then upload them to external servers. The extension masks this surveillance under an AI threat detection feature, but hidden scripts trigger constant background captures. Updates in mid-2025, expanded permissions injected content scripts across all sites and later added encryption to evade detection, researchers confirmed. It also gathers device data and location details. Despite its verified Chrome Web Store status, Google's safeguards failed to catch the malicious behavior. The developer denied wrongdoing but stopped responding to inquiries, leaving users at serious privacy risk. In 2025, browser fingerprinting has overtaken cookies as the dominant method of online tracking. Unlike cookies, fingerprints rely on inherent traits screen size, fonts and GPU quirks that form a unique identifier nearly impossible to erase, according to a report from the Public Interest Technology Group. Advertisers, fraud detection firms, and even governments use these techniques to track users across the Web. Fingerprinting is stealthy, persistent, and harder to regulate than cookies. While some browsers like Brave and Safari add randomization or block lists to disrupt tracking, Chrome lags behind users can protect themselves by enabling anti fingerprinting settings, blocking trackers with tools like UBlock, Origin, and masking IP addresses with VPNs, iCloud, Private Relay, or Tor. Testing tools like cover your tracks help measure vulnerability. Ultimately, privacy requires active defense, since fingerprinting is now the Web's invisible surveillance layer. AI powered browsers are no longer theoretical. Microsoft Edge now embeds copilot, OpenAI is testing agent mode, and Perplexity's Comet fully automates browsing tasks. These agentic AI tools don't just assist, they act on our behalf searching, shopping and clicking. But convenience brings new risks. Researchers at Guardiolabs found Comet could be tricked into buying from fake stores or handling phishing emails, bypassing the human's natural skepticism. Even worse, prompt injection attacks can secretly steer AI into downloading malware or or sharing sensitive data. This scamlexity era means scammers only need to fool the AI, not the human, and exploits can scale massively without built in guardrails like phishing detection, URL checks and anomaly monitoring. AI browsers risk becoming blind over trusting intermediaries. Security must be integral, not optional, as AI browsing goes mainstream. A 20 year old Florida man, Noah Michael Urban, was sentenced to 10 years in federal prison and ordered to pay $13 million in restitution for his role in the cybercrime group Scattered Spider. Urban, known online as King Bob and Sosa, pleaded guilty to conspiracy and wire fraud charges tied to SIM swapping and SMS phishing campaigns that compromised more than 130 companies, including Twilio, LastPass and DoorDash. Prosecutors say Urban and co conspirators stole cryptocurrency company data and customer information. Urban was also active in the notorious Star Fraud sim swapping group linked to attacks on MGM resorts and Caesar's Entertainment. Despite his age, the judge imposed the maximum sentence after noting security breaches connected to Urban's associates. Even during his prosecution. Urban called the ruling unjust. Coming up after the break, my conversation with Ron Zayas. We're discussing the massive data sharing and privacy risks in the leading Buy Now, Pay later apps and an Australian bank's AI cutbacks are put on permanent hold. We've all been there. You realize your business needs to hire someone yesterday. How can you find amazing candidates fast? Well, it's easy. Just use Indeed when it comes to hiring Indeed is all you need. Stop struggling to get your job post noticed Indeed. Sponsored Jobs helps you stand out and hire Fast. Your post jumps to the top of search results so the right candidates see it first. And it works. Sponsored Jobs on indeed get 45% more applications than non sponsored ones. One of the things I love about Indeed is how fast it makes hiring. And yes, we do actually use Indeed for hiring here at N2K CyberWire. Many of my colleagues here came to us through Indeed plus with Sponsored Jobs. There are no subscriptions, no long term contracts. You only pay for results. How fast is Indeed? Oh, in the minute or so that I've been Talking to you, 23 hires were made on Indeed according to Indeed Data Worldwide. There's no need to wait any longer. Speed up your hiring right now with Indeed and listeners to this show will get a $75 sponsored job credit. To get your jobs more visibility@indeed.com cyberwire just go to indeed.com cyberwire right now and support our show by saying you heard about Indeed on this podcast. Indeed.com cyberwire terms and conditions apply. Hiring Indeed is all you need.
[13:54]
Ron Zayas
Foreign.
[14:01]
Dave Bittner
Identities now outnumber humans by more than 80 to 1, and without securing them, trust, uptime, outages and compliance are at risk. Cyber Arc is leading the way with the only unified platform purpose built to secure every machine identity, certificates, secrets and workloads across all environments, all clouds and all AI agents. Designed for scale, automation and quantum readiness, Cyber Arc helps modern enterprises secure their machine future. Visit cyberark.com machines to see how Ron Zias is CEO of Ironwall by Incogni. I recently caught up with him on the Caveat podcast to discuss the massive data sharing and privacy risks in leading Buy Now Pay later apps.
[15:01]
Ron Zayas
So when you go to Buy now, you have a couple of different options where you could buy, for example on credit, you could buy on cash. But there's something in the middle there which is Buy Now Pay later, which they give you the option to pay over time. They don't ask a lot about your credit. They break up payments into something in a very short period of time. There may or may not be interest involved, but it allows you to look at something, and Instead of spending $250 to buy a pair of shoes, it's, you know, $50 a week or $50 a month for a short period of time. And it seems a lot more palatable to be able to do that.
[15:43]
Dave Bittner
So who are these folks targeting here? Is this folks who may not have a credit card?
[15:50]
Ron Zayas
It's not so much people who. Who may not have a credit card. It may be more people who have maxed out their credit card. It is definitely tending to go to a younger demographic. It's also looking for, and that would be somebody in their 20s. It's looking for people who are doing a lot of impulse buys. So they're usually not buying emergencies, and they're really directed from. The retailers are pushing this out because it does two things. Number one, it tends to encourage people to spend more. And two, when you buy now, pay later, and you're buying over time, you can't return the product. So it makes the refund rates a lot higher or, you know, a lot lower so that retailers are more confident about the sales that they do.
[16:39]
Dave Bittner
Ah, that's an aspect I had not considered. That's fascinating. So you and your team looked into some of these apps, and what are some of the things that you all found?
[16:49]
Ron Zayas
So, first of all, as you can imagine, with a lot of apps nowadays, they collect a lot of information. They tend to know. They tend to know a lot of what's out there. They tend to not just make their money and what their business is, but they make their money and productizing the people who use the product. So what we looked at was, okay, how much information are they collecting? What are they using it for? And then what are your rights under the product? And which ones of these are the most. What we call leaky, which are the ones that are collecting a lot of information that really doesn't have anything to do with the transaction.
[17:32]
Dave Bittner
And what sort of things did you find?
[17:35]
Ron Zayas
It's not surprising. They're very leaky. You know, you have top ones like Kwama and Affirm and Afterpay, and they tend to collect. They're very popular. And they tend to collect not only a lot of information just from the transaction part. What's your name? What's your address? What's your phone number? Because it's a mobile app, you know, all stuff that can be monetized very, very well. But on top of that, what they're doing is some of them are collecting where you are all the time. Some of them are collecting, you know, so they're looking at your GPS information, They're looking at cookies from other websites and maybe even information from other mobile apps that you may be using. They're looking at your contacts information. So they're collecting a lot of information that has nothing to do with the transaction. And really what they're doing is they're monetizing you as part of their business model.
[18:31]
Dave Bittner
I feel as though I already know the answer to this question, but I'll ask it anyway. To what degree are they informing their users that this information is being collected and shared?
[18:42]
Ron Zayas
Well, if you're willing to read through a very oblique and long privacy statement, to a degree, they're telling you that. But even when you go through the privacy statements, and we're experts, we do this all the time, a lot of times you sit there going, huh? The privacy statement will tell you that they collect information as part of doing business. It'll say that sometimes they share that information to give you a better experience. And it'll say, and some of the places that are. Some of the types of information we could collect are A, B and C. None of them go into all the detail of everything they're collecting. None of them are very specific in what they do. And the important thing to remember with everybody's privacy statement, especially in the U.S. they're guidelines. It's not a contract. They can change it at any time, and they often do. So they're not giving you a lot of insight into what they're doing with it. And, and you should know that, you know, some, like Afterplay, they Collect, they have 17 different data types of categories of information that they collect and that they share with third parties, including your credit scores. Although this is supposed to be a replacement for having to do something in.
[19:55]
Dave Bittner
Credit, you know, it's hard for me to decide, I guess for myself, the degree to which these buy now, pay later apps are just providing a legal, legitimate service and the degree to which they're kind of predatory here. And I mean, is that a fair thing to wonder about?
[20:17]
Ron Zayas
That's a very fair question to wonder about. You know, and again, when you look at things like this, the first thing you look at is the convenience. Is it convenient for me to be able to buy something and pay it off over time? I mean, obviously that's the Underpinning of a lot of the capitalist system, the ability to buy on credit leverages what we can buy and what kind of wealth we can have. It also has a lot of downside that we can get in over our heads. Then you go from traditional credit, like a credit card or a bank loan, to being something like this. And it could be, you know, a payday loan, it could be these type of buy now, pay later where they're really encouraging and they're really getting you to act upon those impulse buys again. The majority of purchases that are being done here, they're not being done for a refrigerator that breaks down. They're not being done for a part that you need for your car. They're impulse buys, they're shopping buys. So they're encouraging you to spend more. And on top of that, they're pulling in information from you and they're monetizing it again. So you're kind of paying twice you, even if you don't think you're paying for interest. And some of them do have very hefty fees if you don't pay. But that's, that's outside of the scope of what our research was really though, even if you're, if you're paying on time and you're getting the benefit of it, they're also taking your information and you're paying for it again because when your information gets leaked, when it gets hacked, when it gets shared, oftentimes you're going to pay money. You're going to pay money to companies like ours that go out and take all that information and remove it. You're going to pay in identity theft, you're going to pay in other ways because of information that other companies have taken from you. Without really being upfront and saying, we're going to steal your information. You know, we're going to use it for these things and we're going to sell it to these people. So I don't think you feel, I don't think you're wrong in feeling that there's a little bit of victimization that's going on here.
[22:18]
Dave Bittner
That's Ron Zayas from Ironwall by Incogni. You can hear our complete conversation over on the Caveat podcast, wherever you get your favorite podcasts. And now a word from our sponsor, ThreatLocker, the powerful Zero trust enterprise solution that stops ransomware in its tracks. Allowlisting is a deny by default software that makes application control simple and fast. Ring Fencing is an application containment strategy, ensuring apps can only access the files, registry keys, network resources and other applications they truly need to function. Shut out cybercriminals with world class endpoint protection from Threat Locker.
[23:17]
CeeDee Lamb
Hey guys, it's Ceedee Lamb, wide receiver for the Dallas Cowboys. I'm partnering with Abercrombie this season to tell you all about their viral denim. All you need to know is denim should fit like this. My jeans need to check a lot of boxes fit first, trend second. They need to go with whatever I'm feeling and Abercrombie Denim has it down whether I'm throwing on a tee or putting a whole fit together. Shop Abercrombie Denim in the app, online and in store.
[23:53]
Dave Bittner
And finally, the Commonwealth bank of Australia has performed a neat corporate backflip, reinstating 45 jobs it had proudly declared obsolete thanks to its shiny new AI Voicebot. At the time, CBA insisted the bot would lighten workloads and trim calls. In reality, call volumes spiked, managers were yanked onto phones, and overtime became the hottest item on the menu. The finance sector union promptly hauled the bank before the Fair Work Commission, declaring victory after CBA admitted it had made a, shall we say, miscalculation? Affected staff can now keep their jobs, redeploy or leave altogether, although the union dryly noted the damage was done. Critics say CBA tried to rebrand job cuts as innovation even as the bank reported a record $10.25 billion profit. Meanwhile, CEO Matt Komen mused on AI's long term potential while also acknowledging the bank had recently hired thousands of mostly in India. Evidently the future is automated, just not evenly distributed. And that's the Cyber Wire. For link to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to hear from you. We're conducting our annual audience survey to learn more about our listeners. We're collecting your insights through the end of August. There's a link in the show Notes. Please take a minute and check it out. N2K senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music by Elliot Peltzman. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. You say you'll never join the Navy, that you never track storms brewing in the Atlantic, and skydiving could never be part of your commute. You'd never climb Mount Fuji on a port visit or fly so fast you break the sound barrier. Joining the Navy sounds crazy saying never actually is. Start your journey at navy.com, america's Navy, forged by the sea.