CyberWire Daily – September 8, 2025

Episode Title: "Big tech, bigger fines."

Host: Dave Bittner (N2K Networks)
Featured Guest: Todd Moore (Global Vice President, Data Security, Thales)

Episode Overview

In this episode, CyberWire covers a busy day in cybersecurity news, headlined by the European Commission's record $3.5 billion antitrust fine against Google for adtech abuses. Additional coverage includes massive DDoS attacks blocked by Cloudflare, a multi-stage supply-chain attack on NX, internet disruptions due to subsea cable outages, and a comical report on Burger King’s laughable security lapses. The Industry Voices segment features Todd Moore from Thales, who provides deep insight into the realities and rising risks of insider threats—including the impact of agentic AI, the shift from structured to unstructured data, and best practices for mitigation and detection.

Key Discussion Points & Insights

1. Big Tech Antitrust: EU Fines Google $3.5 Billion

• [02:45] Host Dave Bittner details the European Commission's fine, citing Google's "self-preferencing and anti-competitive practices" in the digital ad technology space.
  • Google plans to appeal, calling the ruling "wrong" and claiming strong competition remains.
  • Noted: This is Google’s fourth major EU fine, following previous penalties (2017, 2018, 2019) for Android and search-related abuses.
• [03:30] France’s CNIL also fined Google $378 million for displaying unsolicited ads in Gmail and violating cookie rules.
  • Key takeaway: Regulatory pressure is mounting on tech giants for both privacy and competition matters.

2. Record-Breaking DDoS Attacks Stopped by Cloudflare

• [03:56] Cloudflare defended against an 11.5 terabit per second (Tbps) attack, peaking at 51 billion packets/sec—surpassing their previous record.
  • Attack comprised mostly IoT devices and assets hosted on Google Cloud; it lasted only 35 seconds but was highly intense.
  • Cloudflare reportedly “easily handled the surge, dropping malicious traffic at the edge.”

3. Supply Chain Breaches and GitHub Exploitation

• Salesforce Salesloft/Drift Attack
  • [04:40] New evidence: Breach began months earlier via compromised GitHub credentials.
  • Attack by UNC6395 led to hundreds of organizations’ data being siphoned, including AWS keys and Snowflake tokens.
  • Breach extended to Google Workspace users; 700+ companies were affected.
  • Quote [05:03]: “Salesforce disabled the integration, while Drift was taken offline and restored September 7th.”
• NX Supply Chain Attack ("Singularity")
  • [05:40] Hackers used stolen NPM tokens to publish malicious NX versions, which harvested secrets from ~6,700 private repositories.
  • Over 20,000 files, 2,300+ secrets, and 1,700 accounts were compromised.
  • Attackers even misused AI tools such as Claude and Gemini for reconnaissance and theft.

4. Emergence of TAG-150—A Sophisticated Cybercriminal Group

• [04:20] Analyst firm Insikt Group highlights TAG-150’s rapid evolution and technical sophistication.
  • Group is deploying custom tools (Castle Loader, CastleBot, and new CastleRAT)—enabling data collection, delivery, and execution.
  • Leverages public file-sharing services and anti-detection tools like CleanScan.

5. Subsea Cable Outages Disrupt Connectivity

• [06:45] Major internet disruptions hit India, Pakistan, and the UAE, traced to cable breaks near Jeddah, Saudi Arabia.
  • Azure (Microsoft) users warned of higher latency; some services rerouted traffic, but no full outages.
  • Other global regions remain unaffected.

6. Business Breakdown: Major Investments & Acquisitions

• [07:20] $65 million raised in three investments, six acquisitions:
  • Cato Networks raised $50 million (totaling Series G at $409 million) & made their first-ever acquisition (AIM Security, AI security firm).
  • Okta acquired Axiom Security for $100 million (expanding privileged access mgmt.).
  • Image Source acquired Zorse Cyber (adds advanced threat detection platform “Bouncer”).
• Eight VCs/PEs are backing India’s tech startup boom.

Industry Voices Segment: The Real Threat is Inside

Featuring: Todd Moore, Thales
[13:22 – 26:58]

Defining Insider Threats

• [13:36] Todd Moore:
  • “An insider threat is something that comes within an organization. It's a privileged user or a machine...may accidentally do something inappropriate...or may try to extract that data or take it outside the organization.”
  • Importantly, not all insider threats are malicious—a significant portion result from mistakes or negligence.

The Expanding Risk with Unstructured Data

• Structured databases used to be the focus, but now, unstructured data (files, chat, emails) is exploding.
  • [17:54]: “There's this huge explosion of unstructured data...a billion files, videos, chat, emails, and there's a lot of sensitive data out there as well too. But we don't really have the same rigor in most organizations at watching and monitoring that data.”
• AI’s Role:
  • [16:10] “A huge buzz in the industry is this thing called agentic AI...an agent that has all those credentials and all those accesses that you have. So it's really a mirror of you as a person—or again as a machine. And this agent is going to go off and do tasks on your behalf…and they can make mistakes as well, too.”

Common Causes & Mitigations

• Human error is pervasive—people move data to public clouds, email, or shared drives in haste or ignorance, risking exposure.
• Quote [15:40] Host: "Sometimes when I think of insider threats, I go back to that old horror movie chestnut about how the call is coming from inside the house."
• Organizational culture is key: Fear of stigma or job loss for mistakes can breed silence. Training, monitoring, and supportive response are needed.
  • [21:47] “People making mistakes happen every day...how we handle those mistakes and respond to them I think is important. And the tools, the cyber tools are available today to help with that.”

Best Practices (“Discover, Protect, Control, Monitor”)

• [25:09] Todd Moore’s Formula:
  1. Discover: Find all your data, who accesses what, and where it lives
  2. Protect: Apply encryption, tokenization, masking, or deletions where needed
  3. Control: Manage and audit access across systems and personnel
  4. Monitor: Continuously track data movements and usage for anomalies

Impact of AI and Search on Data Hoarding

• Improved tools mean users keep everything (“pack rat mentality”), increasing data exposure.
  • [19:27] “I hardly ever delete an email anymore. And so, but if I need something, my first thing to do is to go just searching for it…”
  • [19:54] “80% of all data that's out there is unstructured...AI is creating 90% of all new unstructured data.”

Practical Steps for Organizations

• Don't ignore the sprawl of sensitive data—start with a system-wide discovery.
• Use data security platforms for prevention, rapid detection, and effective response.

Memorable Quotes

• “This marks the fourth major EU antitrust fine against Google...” – Dave Bittner [02:45]
• “Cloudflare says its architecture easily handled the surge, dropping malicious traffic at the edge.” – Dave Bittner [03:56]
• “People making mistakes happen every day...how we handle those mistakes and respond to them I think is important.” – Todd Moore [21:47]
• “I hardly ever delete an email anymore...It’s sort of a combination of convenience, but also a bit of a pack rat mentality.” – Dave Bittner [19:27]
• “80% of all data that's out there is unstructured data...AI is creating 90% of all new unstructured data.” – Todd Moore [19:54]
• “Discover, protect, control, monitor.” – Todd Moore’s starter guide for data security [25:09]

Notable Humor & Industry Anecdotes

Burger King’s Security Fails—A “Whopper” of a Story

• [28:18] Two friendly hackers, “Bob the Hacker and Bob the Shoplifter,” expose “flimsy” security at Burger King, Tim Hortons, and Popeyes parent company RBI.
  • Found: Hardcoded HTML passwords, “admin” as password on drive thru tablets, editable employee accounts, and ability to eavesdrop.
  • The hackers claim responsible disclosure, but RBI didn’t acknowledge.
  • Closing dig: “Wendy’s is better.” — The Bobs

Timestamps for Key Segments

• 02:45 – EU fines Google $3.5 billion, and other tech fines
• 03:56 – Cloudflare blocks massive DDoS attack
• 04:40 – Salesforce Salesloft & Drift supply chain breach investigation
• 05:40 – NX supply chain attack details
• 06:45 – Red Sea subsea cable disruptions
• 07:20 – Weekly business breakdown: investments & acquisitions
• 13:22–26:58 – Industry Voices: Todd Moore on insider risk & data security
• 28:18 – Burger King security flaws exposed by white hats

Conclusion

This episode distills a week’s worth of global cybersecurity developments—from colossal tech fines and cutting-edge threats, to the human and technological evolution of insider risk. Todd Moore’s interview provides actionable steps for tackling insider threats in the age of AI-generated, unstructured data, while the hosts never lose sight of the importance of humor—and humility—in the security world.