CyberWire Daily — “Chalk One Up for Defenders.”
Date: September 9, 2025
Host: Dave Bittner (N2K Networks)
Guest: Kevin McGee, Global Director of Cybersecurity Startups, Microsoft Security
Episode Overview
This episode delivers a fast-paced rundown of recent cybersecurity events, defenses against major supply chain attacks, and regulatory updates. The highlight is an in-depth discussion with Kevin McGee, who explores the evolving landscape of cybersecurity education as back-to-school season arrives, offering actionable advice for students and employers alike. The show closes with a wry look at the inaugural “AI Darwin Awards.”
Key News & Analysis Segments
1. Open Source Community Thwarts NPM Supply Chain Attack
- Segment: [01:00–03:10]
- A coordinated open source community effort quickly neutralized a sophisticated supply chain attack targeting the NPM ecosystem.
- Details:
- Attacker compromised the account of developer Josh Junon (“Kicks”) and poisoned popular packages (Chalk, strip-ansi).
- The malware acted as a crypto clipper, aiming to intercept and reroute cryptocurrency transactions.
- Community response was remarkably rapid: “Developers flagged the threat within 15 minutes, with some packages taken down in under an hour.” ([02:40])
- Estimated losses ranged only from $20–$66.
- The incident underscores both the seriousness of supply chain threats but, more importantly, “the strength of open source collaboration in preventing widespread damage.” ([03:05], Dave)
2. Treasury Sanctions Southeast Asian Cyber Scam Centers
- Segment: [03:12–04:15]
- The U.S. Treasury sanctioned numerous individuals and entities behind scam centers in Myanmar and Cambodia, which had defrauded Americans of over $10 billion.
- The sanctions target crime rings involved in human trafficking and scams, including forced labor compounds and casino-linked centers.
- “Officials said these sanctions aimed to disrupt industrial scale fraud while combating human trafficking and modern slavery in the region.” ([04:06], Dave)
3. iCloud Phishing via Calendar Invites
- Segment: [04:16–04:47]
- Scammers circulate fake calendar invites with embedded purchase notification scams, leveraging Apple’s own servers for legitimacy.
- “Victims are urged to call fraudulent numbers where attackers attempt to trick them into downloading malicious software.” ([04:40])
- Advisory: Treat calendar invites with the same skepticism as suspicious emails.
4. Evolving Malware Targeting Docker APIs
- Segment: [04:48–05:35]
- Akamai discovered a new, more advanced malware variant exploiting Docker APIs.
- This malware now blocks API access, persists on hosts, and aggressively removes competing miners.
- Signs point to “early botnet development” and future expansion.
- Call to Action: “Docker users [should] secure APIs and monitor activity closely.” ([05:30])
5. Phishing Surge via Axios User Agent & Microsoft Direct Send
- Segment: [05:36–06:37]
- ReliaQuest observed a 241% spike in Axios-driven phishing campaigns since June, now comprising roughly a quarter of malicious user agent traffic.
- Axios-enabled phishing enjoyed a 58% success rate, soaring to 70% with Direct Send—far outpacing other methods.
- The attacks transitioned from targeting executives to regular users.
- Axios’ legitimacy as a tool helps attackers evade filters.
- Advice: Disable Direct Send, enhance user training, and reinforce email security.
6. Plex Data Breach
- Segment: [06:38–07:10]
- Streaming platform Plex disclosed a data breach, exposing user emails, usernames, hashed passwords, and authentication tokens.
- Urged all users to reset passwords and sign out.
- “The number of affected users remains undisclosed.” ([07:08])
7. Surge in Scans Targeting Cisco ASA Devices
- Segment: [07:11–07:50]
- A sharp spike in scanning activity targeting Cisco’s ASA security appliances may foreshadow new vulnerability disclosures.
- Most scans originated from a Brazilian botnet using Chrome-like user agents.
- Admins are advised to apply patches, enforce MFA, and restrict access.
8. CISA Delays Incident Reporting Rule Implementation
- Segment: [07:51–08:44]
- The CISA’s timeline for mandatory incident reporting by critical infrastructure operators is pushed to May 2026.
- The extension aims to “streamline requirements, reduce industry burden and harmonize with other federal regulations.”
- Some lawmakers support the extension for greater stakeholder input, others express frustration at slow progress.
- Inspired by past attacks (e.g., Colonial Pipeline), the law is expected to have sweeping industry impact upon enactment.
9. GAO Criticizes Federal Cyber Workforce Data
- Segment: [08:45–09:44]
- The GAO calls out incomplete and unreliable data on the federal cyber workforce.
- Over 63,000 cybersecurity staff tracked, but contractor data, data quality checks, and role definitions are inconsistent or missing.
- “GAO recommended closing data gaps, standardizing roles, improving reporting quality, and assessing workforce effectiveness.” ([09:40])
Feature Interview: Kevin McGee on Cybersecurity Education & the “Skills Gap”
Segment: [14:39–23:39]
Host: Dave Bittner
Guest: Kevin McGee, Global Director, Cybersecurity Startups at Microsoft Security
1. Is There Really a “Skills Gap?”
- Kevin pushes back on the traditional “skills gap” narrative:
- “It's not a skills gap—it's a skills mismatch gap. We want someone with five years experience, we want someone with leadership experience... I meet students every day... desperately trying to get into the industry but can't find a job.” ([16:23])
- The cybersecurity field lacks the clear career pathways seen in other trades and professions.
2. Industry Maturation & Educational Innovation
- Universities are beginning to blend theory with practical, real-world experience:
- Example: University of Guelph’s threat intel program combines classroom knowledge with capstone projects and input from prominent cyber professionals ([17:31]).
- “They got to interact with people actually doing the jobs ... and we could give feedback then to the university for what could be changed to make the program better.” ([17:49])
- Advisory boards—where industry helps shape curriculum—are instrumental for both students and employers.
3. Addressing the “Leadership Gap”
- Kevin identifies a pressing need for leadership and management skills, not just technical certifications:
- “If you're super technical and you just go for another certification... it's not preparing you for a leadership role.” ([15:10])
- New leadership programs are emerging, often in tandem with business schools.
4. Broadening the Talent Pool & Lessons from Other Industries
- The cyber sector benefits from bringing in experienced managers from outside and nurturing technical talent with leadership training.
- “The fundamentals of leadership and management are universal... it's a chance to bring other folks from other industries into the fold.” ([19:30])
- Memorable example: “We started every board meeting [at the hospital] with the chief nursing officer doing a near miss analysis... now that's something I've brought to my career in cyber.” ([19:50])
5. Advice for Students Returning to School
- Specialization and interdisciplinary skills are increasingly valuable:
- “Explore different aspects of what is available in terms of career... Think beyond the careers available in cybersecurity are just penetration testing and configuring firewalls.” ([21:11])
- Standout careers include forensics, cyber law, compliance, privacy, consent management, and the impending challenges AI will bring.
- “Interdisciplinary skills are fantastic... finding a niche that really resonates with you as well. So you stand out. Not a generalist now, specialist.” ([21:44])
6. Advice for Employers
- Get directly involved with educational institutions:
- “The more you're engaged and involved in these programs, the first look of the best talent is yours.” ([22:44])
- Talent cultivation requires proactive engagement, not just waiting for perfect candidates to appear.
Notable Quotes
- On the “skills gap”:
- “I'm on record... of saying no, I don't think there's a skills gap. ... It's hard to differentiate yourself. It's hard to demonstrate real world experience. It's hard to match up those two sides. ... We're just not a mature industry.” — Kevin McGee ([16:23])
- On broadening the talent pool:
- “The fundamentals of leadership and management are universal. ... It's a chance to bring other folks from other industries maybe into the fold and expand our talent pool.” — Kevin McGee ([19:30])
- Advice for students:
- “Interdisciplinary skills are fantastic... finding a niche that really resonates with you as well. So you stand out. Not a generalist now, specialist. I think that's where we're headed.” — Kevin McGee ([21:44])
- Advice for employers:
- “You can't just really wait around for someone to pop up… Really we need to start looking at developing talent and taking responsibility for that.” — Kevin McGee ([22:44])
Memorable Moments
- Fastest Community Response:
Developers flagged the NPM supply chain attack in 15 minutes ([02:40]), demonstrating open source vigilance. - AI Darwin Awards:
The debut AI Darwin Awards humorously spotlight misapplied AI, including Taco Bell’s language-challenged drive-thru, a chatbot using “123456” as a password, and production data wiped by an overeager algorithm ([24:59]).- “The awards remind us AI is merely a tool, although one with global reach, zero patience and alarming enthusiasm.” ([25:40], Dave)
- Career Pathways:
Cybersecurity is described as evolving from generalist “computer guy” roles to highly specialized professions ([21:11]).
Timestamps for Key Segments
| Segment | Timestamp | |------------------------------------------------|--------------| | NPM Supply Chain Attack Stopped | 01:00–03:10 | | Treasury Sanctions Scam Centers | 03:12–04:15 | | iCloud Calendar Phishing | 04:16–04:47 | | Docker API Malware Evolution | 04:48–05:35 | | Axios/Direct Send Phishing Surge | 05:36–06:37 | | Plex Data Breach | 06:38–07:10 | | Cisco ASA Scanning Activity | 07:11–07:50 | | CISA Incident Reporting Delay | 07:51–08:44 | | GAO Critique on Cyber Workforce Data | 08:45–09:44 | | Interview: Kevin McGee – Cyber Ed & Talent Gap | 14:39–23:39 | | AI Darwin Awards | 24:59–25:40 |
Conclusion
This episode maps out cyber threats and shifting defenses while providing a valuable deep dive into how cybersecurity education is adapting to industry needs. It challenges the idea of a plain “skills gap,” urges both students and employers to pursue specialization and involvement, and ends with a cheeky warning—a tool as powerful as AI can produce both triumph and comedy.
