Chasing Silicon shadows.

Dave Bittner

You're listening to the Cyberwire network, powered by N2K.

Sarah Pawczyk

And now a word from our sponsor, ThreatLocker, the powerful Zero Trust Enterprise Solution that stops ransomware in its tracks. Allow Listing is a deny by default software that makes application control simple and fast. Ring Fencing is an application containment strategy ensuring apps can only act access the files, registry keys, network resources and other applications they truly need to function. Shut out cybercriminals with world class endpoint protection from Threat Locker Two Chinese nationals are arrested for allegedly exporting sensitive Nvidia AI chips A critical security flaw has been discovered in Microsoft Microsoft's new NL Web Protocol. Vulnerabilities in Dell laptop firmware could let attackers bypass Windows logins and install malware. Trend Micro warns of an actively exploited remote code execution flaw. Google confirms a data breach involving one of its Salesforce databases. A lack of MFA leaves a Canadian city on the hook for ransomware recovery costs. Nvidia's CSO denies the need for backdoors or kill switches on the company's GPUs. CISA flags multiple critical vulnerabilities in Tigo Energy's Cloud Connect advanced platform. DHS grants, funding cuts off the Ms. ISAC our guest is Sarah Pawezek from UC Berkeley's center for Long Term Cybersecurity discussing her proposed nationwide roadmap to scale cyber defense for community organizations. And live From Black Hat USA 2025, we've got a special Woman on the street segment with Halcyon Cynthia Kaiser and Stacy Cameron and helicopter parenting officially hits the footwear AIs. It's Wednesday, August 6th, 2025. I'm Dave Bittner and this is your Cyberwire Intel Briefing. Thanks for joining us here today. It's great to have you with us. Two Chinese nationals were arrested in the US for allegedly exporting sensitive Nvidia AI chips, including H1 hundreds and RTX 4090s to China without a license. Operating through their California company ALX Solutions Inc. They're accused of routing tens of millions of dollars worth of GPUs through countries like Singapore and Malays to evade US export laws. The chips are critical for AI applications like self driving cars and medical diagnostics. Federal authorities uncovered incriminating evidence during a raid, including communications and payment records, with one transaction totaling $1 million. Both men faced charges under the Export Control Reform act carrying up to 20 years in prison. A critical security flaw has been discovered in Microsoft's new NL Web protocol, billed as HTML for the Agentic Web. Just weeks after its debut at the BUILD conference, the vulnerability. A basic path traversal bug allowed attackers to access sensitive files like system configs and API keys for AI services such as OpenAI and Gemini. Researchers Wanan Guan and Li Wang reported the issue to Microsoft in May, and a patch was issued in July. Though no CVE has been assigned yet, Guan warns the flaw could let attackers steal the brains of AI agents, potentially causing major damage. While Microsoft says its own products weren't affected, NL web users must manually update to fix the issue. Five serious vulnerabilities in Dell's Control Vault 3 firmware used in over 100 Latitude and Precision Laptop models could let attackers bypass Windows logins and install malware that survives reinstalls known as revault. The flaws impact Dell's hardware based security module, which stores sensitive data like passwords and biometrics. Discovered by Cisco Talos, the bugs include out of bounds errors, stack overflows, and unsafe deserialization affecting both Firmware and Windows APIs. If exploited, attackers with physical access can gain control over the Unified Security Hub, escalate privileges, or trick fingerprint readers into accepting unauthorized users. Dell has released patches, but Talos advises extra precautions like disabling unused authentication devices, enabling BIOS intrusion detection, and using enhanced sign in security in Windows to defend against potential firmware level threats. Trend Micro has issued an urgent warning about an actively exploited remote code execution flaw in its Apex1 endpoint security platform. The vulnerability affects the On Premise Management console and allows pre authenticated attackers to execute code remotely. No patch is available yet, but Trend Micro has released a mitigation tool that blocks known exploits, though it disables remote agent installation. A full fix is expected mid August. Administrators are urged to secure systems immediately, especially if consoles are exposed online. Google has confirmed a data breach involving one of its Salesforce databases, with threat group Shiny Hunters stealing contact information from small and medium business clients. The compromised data includes basic, mostly public business info like names and contact details. Google hasn't disclosed how many were affected and hasn't confirmed any ransom demands. The attackers used voice phishing tactics to gain access. This breach follows similar incidents targeting Salesforce systems used by Cisco, Qantas and Pandora. Google warned that Shiny Hunters may soon publish the stolen data on a leak site to pressure victims. The group is linked to the. Com, a cybercriminal collective known for hacking and extortion. Google has not said whether it will notify impacted businesses directly or provide additional security support. The city of Hamilton, Ontario, in Canada must cover the full $18.3 million cost of recovering from a February ransomware after its insurance claim was denied. The insurer rejected the claim because Multi Factor Authentication was not fully in place when the attack occurred. A third party review upheld the denial. Most costs went to external experts, with over a million dollars each spent on infrastructure, staffing and other needs. Attackers disabled 80% of the city's network and demanded $18.5 million in ransom, which the city refused to pay. City officials say no personal or health data was compromised. While most systems have been restored, several, like finance and fire department records, were lost. Mayor Andrea Horwath acknowledged the failure and emphasized a renewed commitment to stronger CyberSecurity moving forward. Nvidia's chief security officer, David Reber Jr. Strongly denied the existence or need for backdoors or kill switches in the company's GPU use, responding to rising pressure from both U.S. lawmakers and Chinese authorities. His blog post follows U.S. proposals like the Chip Security act, which could mandate tracking tech or remote shutdown features in AI chips. Meanwhile, China is investigating Nvidia's H2O chips for alleged vulnerabilities. Reber warned such measures would pose serious security risks, calling backdoors dangerous vulnerabilities and kill switches an open invitation for disaster. While Nvidia hopes to regain limited access to the Chinese market, the idea of US Controlled hardware access could undermine trust abroad. China is accelerating domestic chip development, threatening Nvidia's lead in the AI hardware space as companies like Huawei catch up. CISA has flagged multiple critical vulnerabilities in Tigo Energy's Cloud Connected Advanced platform, widely used in residential and critical solar energy infrastructure. The flaws include hard coded credentials, a command injection vulnerability enabling remote code execution, and weak session ID generation. Tigo is working on patches, but no release date has been set. CISA urges users to isolate devices behind firewalls and avoid exposing them directly to the Internet. The Department of Homeland Security has released the final funding round for the $1 billion state and local cybersecurity grant program. This round, totaling $91.7 million each U.S. state will get at least $1 million, while U.S. territories will receive a minimum of $250,000. A new rule prohibits using grant funds for services from the multi state ISAC and the Elections infrastructure isac, both previously funded by dhs. The Ms. Isac, which has helped local governments with cybersecurity for over two decades, is now shifting to a paid subscription model due to reduced federal funding. North Dakota CISO Chris Gergen expressed disappointment, noting Ms. ISAC's services align closely with the grant's goals. The grant also prohibits spending on ransoms, insurance or construction. DHS emphasizes cyber resilience while cutting redundant costs. CISA says it remains committed to supporting governments with free services despite pulling direct funding from long standing partners like Ms. Isac. Coming up after the break, my conversation with Sarah Powazek from UC Berkeley's center for Long Term Cybersecurity discussing her proposed nationwide roadmap to scale cyber defense for community organizations. And from Black Hat, it's a special Woman on the street segment with halcyons Cynthia Kaiser and Stacy Cameron. Plus helicopter parenting officially hits the footwear aisle. Stay with us.

Cynthia Kaiser

Foreign.

David Moulton

Tactics and emerging tech to meet these threats is developing all the time On Threat Vector, we keep you a step ahead. We dig deep into the threats that matter and the strategies that work. How do they help that customer know.

Sarah Pawczyk

That what they just created is safe.

Stacy Cameron

The future is now and our expectations are wrong?

David Moulton

Join me David Moulton, Senior Director of thought leadership for Unit 42 at Palo Alto Networks Networks and our guests who live this work every day.

Unknown Speaker

We're not just talking about some encryption.

Stacy Cameron

And paying multi million dollar ransom. We're talking about fundamentally being unable to.

Cynthia Kaiser

Operate automated eradication and containment, so being able to very rapidly ID what's going on in an environment and contain that immediately. They're hiding in plain sight.

David Moulton

So if you're looking to sharpen your strategy and stay ahead of what's next, tune in and listen to Threat Vector your front line for security insights.

Sarah Pawczyk

CISOs and CIOs know machine identities now outnumber humans by more than 80 to 1 and without securing them trust, uptime outages and compliance are at risk. Cyberark is leading the way with the only unified platform purpose built to secure every machine identity, certificates, secrets and workloads across all environments, all clouds and all AI agents. Designed for scale, automation and quantum readiness, Cyberark helps modern enterprises secure their machine future. Visit cyberark.com machines to see how compliance regulations, third party risk and customer security demands are all growing and changing fast. Is your manual GRC program actually slowing you down? If you're thinking there has to be something more efficient than spreadsheets, screenshots and all those manual processes, you're right. GRC can be so much easier and it can strengthen your security posture while actually driving revenue for your business. You know, one of the things I really like about Vanta is how it takes the heavy lifting out of your GRC program. Their trust management platform automates those key compliance, internal and third party risk, and even customer trust so you're not buried under spreadsheets and endless manual tasks. VANTA really streamlines the way you gather and manage information across your entire business. And this isn't just theoretical. A recent IDC analysis found that compliance teams using Vanta are 129% more productive. It's a pretty impressive number. So what does it mean for you? It means you get back more time and energy to focus on what actually matters, like strengthening your security posture and scaling your business. Vanta GRC Just imagine how much easier trust can be. Visit vanta.com cyber to sign up today for a free demo that's V a n T a dot com CYBER My guest today is Sarah Powisek from UC Berkeley's center for Long Term Cybersecurity. We're discussing her proposed nationwide roadmap to scale cyber defense for community organizations.

Cynthia Kaiser

Cisa, the Cybersecurity and Infrastructure security Agency, started an initiative a couple years ago called the High Risk Community Protection Initiative. And this was really their effort to focus on nonprofits and other high risk community organizations that really weren't getting the full force of federal attention because obviously the federal government concentrates on national security threats and usually journalists, nonprofits, food banks don't really qualify. That effort wound down after a year. It was a bit of a sprint for them. And moving out of that work, we worked with them to say, what is the next step of the High Risk Communities Protection Initiative? What is the next step of trying to protect more systemically these types of small organizations that don't really get a lot of federal assistance, that are never going to meet that threshold of a national security threat, but are still very vital to their communities. And that is how we started this group called the Cyber Resilience Corps. It's co chaired by the UC Berkeley center for Long Term Cybersecurity, CLTC and the CyberPeace Institute. And between our two organizations, we convened several dozen experts on community cyber defense, whether or not they're running a cyber volunteering program, whether or not they run maybe an affordable or free to use managed service provider to talk about some of these issues that community organizations are facing and what we need to do as a cybersecurity field in a community to better protect them. So that's really the impetus for this report.

Sarah Pawczyk

You know, one of the things that caught my eye reading through the report is this notion of a cyber poverty line that some ways we can describe things as the people being the haves and the have nots. Can you flesh that out a little bit for us, what the reality there is?

Cynthia Kaiser

Yeah, I Think that everybody in cyber has a different word for these types of organizations. But I think we're all very familiar with what this looks like. So cyber poverty line, target rich, resource poor I think is CISA's term. Basically any organization that can't afford the basics for cybersecurity, which is a lot of them. So whether or not that's a small organization or a large organization that just has a very small budget, these are the types of institutions that uphold our public life. So think about the Boys and Girls Club, the local food banks, your church or synagogue or mosque, think about your local dentist's office. But also things like small water utilities, small hospitals, things that you'd anticipate having more resources. But actually when it comes to cybersecurity tend to be very under invested in the field. So we need to think about all these together. I think as a field we typically think about these in terms of sector, what can we do for the water sector, what can we do for the hospital sector. But there's actually a lot in common between these types of small organizations across sectors than there is maybe between a very, very small rural hospital and a very, very large metropolitan area hospital. So that's what we like to refer to as the cyber poverty line.

Sarah Pawczyk

When the report talks about this notion of a roadmap and this co responsibility model, can you describe that for us?

Cynthia Kaiser

Absolutely. So when we were thinking about how to propose a path forwards for all these very different organizations in that we thought would be meaningful, we had to split it into a few different sections. So the first section was what can we do right now that we think will make a difference? And there was some disagreement in the group on this. I mean, there's a million and one things that you can do to help organizations. A lot of it has been tried already in the industry. Can we give them free tools? Can we give them free software? What if we send someone out to go and help for a little bit and they come back, what is actually really going to be effective? And the way that we were able to drill down into that was by developing a co responsibility model. We had to agree amongst ourselves what we thought was the organization's responsibility for themselves and what we thought was more the community's responsibility to help protect them. And we decided as a group that there should always be some amount of responsibility that lies within the individual institution. Right. We can't take away all of the cybersecurity responsibility from a nonprofit and say none of it is your responsibility because it would remove their buy in Right. We need some level of investment at the institutional level for the CEO to say, I'm worried about cyber risk. I'm going to make sure that I allot an IT budget. I'm going to hire someone who will help make these decisions for me. So that's what we left within the responsibility of our organization is that institutional understanding of risk and investment in that risk. But everything else, we take the position that the industry should be doing a better job of providing those services. And that's mostly the talent. Right. A nonprofit's budget of IT is sometimes approaching zero. We don't anticipate that changing. So we need to be more creative about the ways that we expect nonprofits to use cybersecurity technology and tools. We can't expect that they're always going to have a ciso, let alone an IT full time staffer. And so we structured the report around how can we find creative ways to provide that sort of hands on technical assistance, assuming that those institutions aren't going to have that in house.

Sarah Pawczyk

Well, share with me some of the suggestions here. What are some of the practical things that the community can do to better protect everybody?

Cynthia Kaiser

Yeah, the core of our solution for the short term is really relying on cyber volunteering programs. Folks might have heard of things like cyber clinics where students are learning to give risk assessments to local institutions as a part of their schooling. And there are also programs like the state civilian Cyber Corps, where volunteers at the state level form sort of an auxiliary corps and they're called in to help with incident response and training for local cities and hospitals and other types of organizations. So they're these really low cost programs that rely on community resources that are very decentralized, that we like to say they form a cyber safety net. And what we want to do is strengthen that safety net. So try and scale up the number of volunteers that are active in different communities around the country. Scale the skilling that each of them have so that we can reach a consistency of services across whether or not you're working with a clinic or a state civilian cyber corps or a nonprofit cyber volunteering program. You're getting what you need out of it. And we want to connect these sort of short term band aid solutions, which is everybody needs help now, we need to get it to them as quickly as possible to more long term solutions, such as a affordable managed service provider or managed cybersecurity service provider. So those were really the recommendations around how do we scale these types of models? How do we make sure that they're consistent and providing good service. And then how do we connect them to this cybersecurity ecosystem and give them a sort of on ramp into more systemic cyber resilience?

Sarah Pawczyk

What would your call of action to be for the people in our audience who may be looking for opportunities to give back? Do you have guidance for where's a good place to start?

Cynthia Kaiser

Yeah, that's a great question. I know that folks might be tired of reading reports in this day and age. And that's why along with it, we also released a platform called cybervolunteers Us. I'm going to say that again so that I make sure I get the URL right. We released a platform at cybervolunteers Us where anybody can go to learn about cyber volunteering programs across the United States to figure out what program might be right for them. If they're interested in volunteering, or if you know of a local organization that's in need of help, they can go to that website to find a program that they would qualify for to receive free assistance. But again, our biggest hurdle here is trying to increase the number of volunteers and increase the number of volunteering programs. So especially the folks who listen to this podcast that might be leaders that have communities of their own that are interested in volunteering, come and talk to us and start up a new program where you can recruit your friends and your colleagues to start providing some of these pro bono services to organizations in need.

Sarah Pawczyk

That's Sarah Pawczyk from UC Berkeley's center for Long Term Cybersecurity. This week is of course, Black Hat USA 2025. We've got a special Woman on the street segment with Halcyon's Cynthia Kaiser and their CISO Stacy Cameron.

Stacy Cameron

So I have a multifaceted value proposition that I that I do here. One is I really like to do a lot of networking, reach out to other leaders in the field. And you know, we kind of share horror stories and success stories. And so that is, to me, that's a very value added to really grow and build that network. But additionally to that is coming in, hearing some of the briefings, meeting, sitting on the panels, listening to awesome people. Leaders in the field really go over and sort of expand everything that I know and things that I don't know and that educational aspect of it as well. Also use it as a chance at being the Chief Information Security Officer. I use it as a chance to meet with all my vendors and some of my potential vendors. As a ciso, anyone in that field understands that you're always getting accosted I would say, by a lot of vendors. But they're really trying to sort of help, help the role. But some certain things that I need to do as I'm continuing to improve our security posture and mature our security posture at Halcyon is uses as an attitude. This one and other conferences just let's set up, let's talk, let's, let's go over some things and let's just knock it all with one, with one bank. So I use it for two purposes. I use it get out there. Sometimes we're talking to customers, sometimes I'm talking to partners, sometimes I'm at debrief and able to learn and educate myself and educate others. I've met someone that almost like in a mentor role since I've been here, been able to really provide that guidance for up and coming folks in the profession. So those types of things just sort of happened by happenstance and that was kind of a byproduct of being here. But yeah, there's just so many ways that I can use this as an, as an, as an opportunity to really grow in the security space.

Sarah Pawczyk

And I guess as ciso, you kind of have a target on your back because you do have purchase authority.

Stacy Cameron

Yes, but can't purchase everything. Don't need to purchase everything, but we do need to purchase something. So let's put it on that aspect. But yeah, so it's, it's one of those things where it's actually beneficial sometimes because it opens a lot of doors. Right. So if I'm trying to do something, but on the other side, it opens a lot of doors. You get a lot of phone calls, and some I take and some I don't.

Sarah Pawczyk

Yeah. Well, Cynthia, as you're heading into this year's Black Hat, what's your sense in terms of the tone, how people are meeting the needs and the challenges of the industry this year? What's the temperature that you're sensing there?

Unknown Speaker

You know, I've met so many people who. It's their first black cat, which I found kind of surprising. I mean, actually I'm the first black cat attendee too. But being able to, I think, have people come and there's such a sense of like wanting to learn not only from the presentations themselves, but a real interest in learning from each other. Stacy said it well, like, it's the people, right? Like, you come and you get to meet people. And I sense that there's a lot of excitement across industry for what we're going to be able to accomplish with some of the New technology or, you know, new ish at this point, technology that we're able to do. And I think from my vantage point of doing our soft launch of the Ransomware Research center last week, I'm just excited to meet with all these companies that are willing to share, really to partner and like want to actually put stuff together so that we can have a difference against cyber adversaries.

Sarah Pawczyk

Well, Cynthia, what is the specific type of networking and connections that you're looking to make there with the launch of this Ransomware Center?

Unknown Speaker

You know, I'm trying to gather information about how people may want to partner and why and I think that we've had a wide spectrum of interest in that. I've spoken with startups, especially, you know, small companies, medium sized companies, and we've talked through how we can take our good information that we have and we can all put it out. But you know, it's of okay value and maybe sometimes good value, but it's niche. But if we all put it together, we can do something much more comprehensive. And I think there's a lot of interest, especially across the startup community and being able to pursue that. Also been talking to various companies who say, I'm not going to want my name on the website, but I'd love to share data because I want to put it all together. We want to get information together and gift wrap it and give it back to the government so they can do something about all these problems. And I think that's been really fun. And third is the policy element, people who want to talk about what are the solutions that we can drive as a collective across industry and talk about with policymakers, especially with Sean Carecross being confirmed over the weekend.

Sarah Pawczyk

You know, Stacy, as the ciso, a lot of folks who are just starting off in the industry here certainly would find you to be an inspiration, someone to look up to, perhaps turn to for mentorship. As you're walking around a show floor like this, it strikes me that people might be hesitant to strike up a conversation with someone at your level. But, but my sense is that you want to talk to those people.

Stacy Cameron

Absolutely. And a lot of times there's introductions and already happening this week. Right. So we're already out here. We came for some of the pre events and people who I've just met are now introduced me to more people and people that are coming, trying to break into this space and a lot of people don't really understand like within cyber security there's so many ways and so many skills that are transferable. So whether You're a lawyer or a project manager. So many ways that they apply to cyber. And the question is, well, how do I break in? How do I get in there? And I Actually, it's. I'm glad you asked this question because I was just telling a young lady earlier that Cynthia got to meet, so I wanted to make sure I introduced her so she can start expanding. The young lady can start expanding her network. And it was. She's asking like, how do I do this? I'm like, just walk up and talk to people. Because just like you said, people may not want to talk to you. I'm like, they have a badge on. They're here. A lot of people are here to. And they're going to enjoy the networking aspect of it. They're here for exposure and to be exposed. So those types of things is, yes, I encourage you. I have a smile on my face, so I try to be welcoming. So a lot of people come in, they'll just say hi, and we'll just start talking. They're like, oh, you're a ciso. And now. And then we just go from there. And it kind of helps them and promotes that to give them more confidence and where they're talking and just sharing information, just asking them about their journey and being interested. And yes, I know we're going from meeting to meeting, but we do have to take that time to talk to the people. So, yes.

Unknown Speaker

And Stacey, if I can add to that, I think sometimes it's hard to be a woman in cybersecurity, but one of the best parts is that I always find that I'm a little more recognizable and so people will come up and talk to. I find that people come up and talk to me all the time. Or I met somebody yesterday who was like, hey, I remember you from this conference in 2023. And it's so fun to be able to make those connections across the years, across the conferences, to know that you were able to have that conversation and share what you learned. And we were just at an event this morning where we were doing just that, where we were trying to share, like, what did we get right, what did we get wrong, and what's the advice we'd give to our prior selves.

Stacy Cameron

And in showing up? So when they show up and they see us in certain places, like we're at panels and you're talking in events and those types of things, someone after that event this morning walked up into the elevator. I saw you earlier. So that was an entryway. You know, this is this Is this is how I can talk to these type of people. So, yes, I do get that. I will say, even from a mentor standpoint, I do have some mentees. I take mentoring very seriously, and I believe that there's a lot of time that goes into. So some people, if I don't have. I may not have the bandwidth to, you know, take on a bunch of mentees, but I will take time to have a coffee, to have a virtual coffee, to have a chat, because I think as I believe in the industry and I believe in emerging talent, and I want to make sure that people understand that they can be successful in this industry as well.

Sarah Pawczyk

Well, before I let you go, I want to ask each of you, how do you measure success when you head home from a conference like this? What do you hope to take home with you? What do you hope to accomplish? Let me start with you, Cynthia.

Unknown Speaker

I love taking home business cards and lots of LinkedIn connections, because what I'll do when I go home is I try to send a message to each of those people. Like, I know that we felt like we've identified some reason why we're connecting, why we're following up. And so success, to me is being able to continue the conversation after the conference is done.

Stacy Cameron

I was going to say something similar. I know when I have, like, it's kind of like you have your meeting and you have your action items. Right? So if I don't leave here with anything new on my plate or even something that I'm already working on, a solution for that or maybe progression during that, then I don't think I've accomplished what I've come here to do. And as a ciso, I'm still working. Right. So I'm here, able to enjoy the conference, but I'm starting my day early, checking in with my team, making sure things are still going as planned, and then jumping in midday as well. But I really want to make sure those relationships are solid. I know Cynthia mentioned the business cards. I like pictures of business cards and definitely the LinkedIn connections. And I was thinking similarly, like, when you have those LinkedIn connections and you never reach out, it's like, is it really a connection if we haven't really spoken to each other? We're kind of just connected in theory. So.

Unknown Speaker

Yeah. And I think, you know, in the end, you just want to learn one good thing.

Cynthia Kaiser

Yeah, right.

Unknown Speaker

If we can learn one good thing, attend one good talk, have that, you know, one really great new meeting, I mean, that makes it all worth it because you collect those and it just makes you better.

Stacy Cameron

Oh, and then I loved all the wonderful, amazing women that we were meeting out here, these, these bosses out here in the streets, in the world of IT and cyber where it once was a, this was a man's world, right. And once it once was that. And I love that the men out there are welcoming our allies and advocates and just seeing so many women not afraid to excel and do what they need to do to succeed. So that's a, it's beautiful and amazing watching all of that actually being in the industry for going over 20 years.

Sarah Pawczyk

Our thanks to Cynthia Kaiser and Stacy Cameron from Halcyon for joining us us from Black Hat in Las Vegas.

Dave Bittner

On WhatsApp, no one can see or hear your personal messages. Whether it's a voice call message or sending a password to WhatsApp, it's all just this. So whether you're sharing the streaming password in the family chat or trading those late night voice messages that could basically become a podcast, your personal messages stay between you, your friends and your family. No one else, not even us. WhatsApp message privately with everyone.

Sarah Pawczyk

And finally, helicopter parenting has officially hit the footwear aisle. Skechers new find. My Sketchers line quietly sneaks in a sealed compartment under the insole, perfectly sized for an Apple. Airtag not included. Of course, on the surface, it's a clever way to locate lost sneakers. In practice, it's parental tracking disguised as stylish kicks for toddlers to 8 year olds. The Internet, naturally, is divided. Some hail it as a lifesaver, especially for kids with special needs. Others see Big Brother lacing up early. The shoes look ordinary, but they whisper. I know where you are and so do your shoes. At 52 bucks a pair plus the airtag, they're priced for peace of mind or pint sized surveillance, depending on your view. From be home by dark to GPS enabled souls Childhood just got a firmware update and that's the Cyberwire. For links to all of today's stories, check out our daily briefing at the Cyberwire document. We'd love to hear from you. We're conducting our annual audience survey to learn more about our listeners. We're collecting your insights through the end of August. There's a link in the show Notes. Please do check it out. N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music by Elliot Peltzman. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow.