Chrome’s high-risk bug gets squashed. - CyberWire Daily

Summary6 min read

CyberWire Daily: "Chrome’s High-Risk Bug Gets Squashed"

Release Date: July 16, 2025
Host: N2K Networks

Introduction

In the latest episode of CyberWire Daily, host Dave Bittner delivers a comprehensive overview of critical cybersecurity developments shaping the industry. The episode, titled "Chrome’s High-Risk Bug Gets Squashed," delves into significant vulnerabilities, defensive strategies, and legislative responses affecting both corporate and national security landscapes.

Key Cybersecurity Updates

Google Chrome Patches Critical Vulnerabilities
- Overview: Google has released an urgent update addressing six vulnerabilities in Chrome, including a high-severity sandbox escape flaw.
- Details: The critical bug, rated 8.8 in severity, allows attackers to bypass Chrome's sandbox through a specially crafted HTML page targeting Angle, a graphics layer handling untrusted GPU commands.
- Impact: This flaw threatens multiple Chrome versions, potentially enabling malware to propagate beyond the browser environment.
- Recommendation: Users are strongly advised to update Chrome immediately to mitigate risks.
- Additional Information: Five other non-exploited vulnerabilities were also patched, marking the fifth actively exploited Chrome vulnerability resolved in 2025.
Microsoft Addresses Azure Virtual Machines Bug
- Overview: Microsoft has issued an emergency update for a bug affecting Azure virtual machines' startup processes.
- Details: The flaw impacts Windows Server 2025 and Windows 1124H2 systems using VBS with trusted launch disabled, particularly on older VM SKUs. It originates from a secure kernel initialization issue introduced in the July Patch Tuesday update.
- Recommendation: Users should install the new patch and enable Trusted Launch to prevent similar future issues.
- Impact: The bug previously blocked some Azure VMs from starting, potentially disrupting services reliant on these virtual infrastructures.
Critical Wing FTP Server Vulnerability Exploited
- Overview: A severe vulnerability in Wing FTP Server, rated 10 out of 10, is actively being exploited, leading to a CISA alert.
- Details: The flaw allows complete server compromise across Windows, Linux, and macOS versions. Exploits include unauthorized file downloads, reconnaissance, and remote monitoring installations.
- Affected Entities: Major organizations such as the US Air Force and Sony are impacted, with Shadowserver identifying 2,000 exposed instances and Census reporting over 8,000 organizations urged to upgrade.
- Response: CISA has mandated federal agencies to apply patches by August 4th, emphasizing the critical nature of this threat.
Cloudflare DNS Resolver Service Outage
- Overview: Cloudflare experienced a global outage of its 1.1.1.1 DNS resolver service for over an hour due to a misconfiguration.
- Details: The outage resulted from a configuration error during preparations for a new data localization service, inadvertently removing the resolver's IP routes from Cloudflare's network.
- Impact: DNS traffic halted, cutting off Internet access for many users temporarily. A brief BGP hijack occurred but was not the primary cause.
- Resolution: Cloudflare swiftly reverted the changes, restoring full service, and committed to deprecating legacy systems and adopting staged deployments to prevent future incidents.
PHP Documentation Tool Larespee Vulnerability
- Overview: A critical vulnerability in Larespee, a PHP documentation tool, allows attackers to execute arbitrary code on affected servers via server-side template injection (SSTI).
- Details: With a perfect CVSS score of 10.0, the flaw exploits insecure user input handling in templates. Minimal skills are required for exploitation, enabling file reading, command execution, and environment variable access.
- Recommendation: Immediate upgrades and system audits for signs of compromise are essential to safeguard against potential attacks.
Disruption of Chinese Cyber Campaigns
- Overview: NSA and FBI officials announced the disruption of Chinese cyber campaigns targeting US critical infrastructure.
- Details: Focusing on campaigns like Volt Typhoon, these efforts aimed to lay the groundwork for future sabotage, particularly within naval infrastructure.
- Quote: Christina Walter of the NSA stated at the International Conference on Cybersecurity, “China's attempts to quietly infiltrate networks were unsuccessful thanks to coordination between the NSA, FBI, and the private sector” [07:45].
- Methodology: The FBI engaged in cyber battles, temporarily hijacking botnet infrastructure and facing retaliatory DDoS attacks from Chinese actors.
- Implications: These actions highlight the blend of government and private sector collaboration in countering sophisticated cyber threats.
UK Data Breach Compromises Afghan Nationals
- Overview: A leaked UK defense database exposed personal details of nearly 19,000 Afghans who supported British forces, risking their safety post-Taliban takeover.
- Details: The breach, caused by a UK defense official, was kept secret until a super injunction was lifted, prompting Defense Secretary John Healy to acknowledge the "grave failure" [15:20].
- Impact: Approximately 600 Afghan soldiers and their families remain in Afghanistan vulnerable to Taliban scrutiny, sparking debates over accountability and transparency in cyber practices during wartime evacuations.
Malware Concealed in DNS Records
- Overview: Researchers discovered malware, specifically the Joke Screenmate strain, embedded within DNS text records on subdomains of whitetreecollective.com.
- Details: The malware is encoded in hexadecimal and split into chunks, effectively bypassing standard security defenses through normal-looking DNS queries.
- Trend: With the rise of encrypted DNS protocols like DoH and DoT, such methods are increasingly challenging to detect, echoing past tactics like PowerShell script concealment.
Former US Army Soldier Pleads Guilty to Hacking and Extortion
- Overview: Cameron John Wagenius, a former US Army soldier, pleaded guilty to wire fraud, extortion, and identity theft for hacking US telecom companies.
- Details: While on active duty, Wagenius used stolen credentials to access and steal call and text metadata from hundreds of thousands of users, including high-profile targets. He demanded up to $500,000 in cryptocurrency and offered stolen data to foreign intelligence agencies.
- Quote: Prosecutors highlighted, “Wagenius is considered a significant flight risk and national security threat” [22:10].
- Consequences: Wagenius faces up to 27 years in prison, with sentencing scheduled for October 6th.

In-Depth Interview: Ben Yellen on Senate's Cybersecurity Strategy

Guest: Ben Yellen, Co-Host of the Caveat Podcast and Expert from the University of Maryland Center for Cyber Health and Hazard Strategies
Interview Timestamp: [14:32] – [20:40]

Discussion Highlights:

Senate Armed Services Committee's Cybersecurity Provisions:
- Overview: The committee is advocating for a comprehensive cybersecurity strategy within the 2026 National Defense Authorization Act, aiming to deter cyberattacks on critical infrastructure through military options.
- Quote: Ben Yellen explains, “Lawmakers have pointed to recent cyber attacks, Volt, Typhoon, Salt Typhoon, as evidence that China has been aggressive against our critical infrastructure” [14:48].
Defense Strategies Proposed:
- Defensive Measures: Implementation of zero trust architecture, active defense mechanisms, enhanced information sharing, and robust public-private sector collaboration.
- Offensive Measures: Exploration of potential offensive cyber operations, with specifics intentionally undisclosed to maintain strategic advantage.
Challenges in Implementation:
- Talent Shortage: The government faces a significant loss of cyber expertise due to attrition and inefficiencies. The act seeks to incentivize hiring and retention of cyber professionals.
- Bipartisan Support: The initiative enjoys strong bipartisan backing, with both Democrats and Republicans recognizing the imperative to strengthen cyber defenses despite other contentious issues often influencing legislation [17:14].
Accountability and Oversight:
- Reporting Requirements: The inclusion of provisions for annual confidential reports from the Department of Defense on cyber operations ensures congressional oversight and accountability.
- Funding Conditions: Congress may condition Pentagon funding on the development and implementation of the new cybersecurity strategies, leveraging financial authority to enforce policy adherence [18:13].
Timeline and Legislative Process:
- Passing the Bill: Expected by the end of the calendar year, the Defense Authorization Act typically navigates the legislative process swiftly unless obstructed by unrelated policy amendments [19:30].
Conclusion:
- Ben Yellen emphasized the critical need for the Pentagon to adopt a "full, comprehensive response" to cyber threats, moving beyond mere defensive postures to include proactive and potentially offensive measures [16:13].

Conclusion

The episode underscores the escalating complexity and frequency of cyber threats targeting both national infrastructures and individual organizations. From critical software vulnerabilities to sophisticated state-sponsored campaigns, the landscape demands robust, multi-faceted defensive and offensive strategies. Legislative efforts, as discussed by Ben Yellen, are pivotal in shaping the future of cybersecurity resilience, emphasizing the necessity for collaboration, accountability, and innovation in safeguarding digital frontiers.

Stay Informed:
For more detailed insights and daily updates, visit thecyberwire.com and participate in their annual audience survey to help shape future content.

Loading summary

Transcript31 lines

[00:02]
Dave Bittner
You're listening to the Cyberwire Network. Powered by N2, Krogle is AI built for the enterprise SOC, fully private schema, free and capable of running in sensitive air gapped environments. Krogle autonomously investigates thousands of alerts weekly, correlating insights across your tools without data leaving your perimeter. Designed for high availability across geographies, it delivers context aware, auditable decisions aligned to your workflows. Krogle empowers analysts to act faster and focus on critical threats, replacing repetitive triage with intelligent automation to help your SOC operate at scale with precision and control. Learn more@krogle.com that's C R O gl.com Google and Microsoft issue critical updates CISA warns of active exploitation of a critical flaw in wing FTP server cloudflare restores their DNS resolver service following a brief outage. A critical vulnerability in a PHP documentation tool allows attackers to execute code on affected servers. NSA and FBI officials say they've disrupted Chinese cyber campaigns targeting US Critical infrastructure. A UK data breach puts Afghan soldiers and their families at risk. Researchers find malware hiding in DNS records. A former US army soldier pleads guilty to charges of hacking and extortion. Ben Yellen joins us with insights on the Senate Armed Services Committee's response to rising threats to critical infrastructure and the large print giveth and the small print taketh away. Foreign July 16, 2025 I'm Dave Bittner and this is your Cyberwire Intel Briefing. Thanks for joining us here today. It's great to have you with us. Google has issued a critical chrome update fixing six vulnerabilities, including one actively exploited flaw rated high severity 8.8. This bug allows attackers to escape Chrome's sandbox via a specially crafted HTML page. It targets Angle, a graphics layer that processes untrusted GPU commands from websites discovered by Google's Threat Analysis Group. The flaw affects multiple Chrome versions, while technical details remain restricted. The risk is serious, as sandbox escapes can allow malware to spread beyond the browser. Users are urged to update Chrome immediately. The patch also addresses five additional flaws, though none were exploited. This marks the fifth exploited Chrome vulnerability fixed in 2025. Meanwhile, Microsoft has issued an emergency update to fix a bug that blocked some Azure virtual machines from starting. The issue affected Windows Server 2025 and Windows 1124H2 systems using VBS with trusted launch disabled, particularly on older VM SKUs. It stemmed from a secure kernel initialization problem introduced in the July patch Tuesday update. Microsoft advises impacted users to install the new patch and recommends enabling Trusted launch to prevent similar issues. Updated VM images now include the fix A critical flaw in Wing FTP server is being actively exploited, prompting a CISA alert. The vulnerability, rated 10 out of 10 in severity, allows total server compromise and affects Windows, Linux and macOS versions. CISA added it to the known exploited vulnerabilities catalog, ordering federal agencies to patch by August 4th. Wing FTP is used by major organizations like the US Air Force and Sony. Exploits were observed as early as July 1, with attackers attempting file downloads, reconnaissance and remote monitoring installs. Huntress and Arctic Wolf researchers confirmed the threat and shared detection guidance. Despite attackers clumsy execution, the bug is actively targeted. Shadow server found 2,000 exposed instances. Census reported over 8,000 organizations are urged to upgrade immediately to mitigate risk. Yesterday, Cloudflare's 1.1.1.1 DNS resolver service went offline globally for over an hour due to a misconfiguration introduced in June during internal preparations for a new data localization service. A configuration error mistakenly included 1.1.1.1 in a test topology and when activated, this change caused the withdrawal of the resolver's IP routes from Cloudflare's network. DNS traffic dropped immediately, effectively cutting off many users Internet access. Cloudflare reverted the change and fully restored service. While a brief BGP hijack occurred during the outage, it wasn't the cause. Cloudflare pledged to accelerate deprecation of legacy systems and adopt staged deployments to prevent future outages. DNS over HTTPs remained mostly unaffected throughout the incident. A critical vulnerability in Larespee, a PHP documentation tool, allows attackers to execute code on affected servers via server side template injection. With a CVSS score of 10.0. The flaw stems from insecure handling of user input in templates. Exploitation requires minimal skill, using standard SSTI payloads to read files, execute commands, or access environment variables. Users should upgrade immediately and audit systems for signs of compromise. US Cybersecurity officials from the NSA and FBI say they've disrupted Chinese cyber campaigns, particularly Volt Typhoon, which targeted US critical infrastructure. Speaking at the International Conference on Cybersecurity at Fordham University in New York City yesterday, NSA's Christina Walter confirmed China's attempts to quietly infiltrate networks were unsuccessful thanks to coordination between the nsa, FBI and private sector. Volt Typhoon aimed to set the stage for future sabotage, especially around naval infrastructure. In places like Guam, public disclosures forced Chinese hackers to adapt burning older tactics. FBI Cyber Director Brett Leatherman also detailed a real time cyber battle with China's Flax Typhoon, where the FBI temporarily hijacked botnet infrastructure before Chinese actors retaliated with a DDoS attack, only to shut down their own systems upon learning the FBI was involved. Both officials emphasized the Chinese cyber ecosystem blends government and private entities. U.S. efforts to expose these operations aim to disrupt their tactics and force resource draining resets, building friction into their campaigns. Sometimes a cyber breach isn't just about stolen data it can put lives at risk. A leaked database from 2022 exposed personal details of nearly 19,000 Afghans who supported British forces and applied to relocate to the uk. And after the Taliban takeover. The breach, caused by a UK defense official, remained secret until this week, when a super injunction was lifted. Defense Secretary John Healy admitted he couldn't confirm whether the leak led to any deaths, but called it a grave failure. About 600 Afghan soldiers and their families remain in Afghanistan, potentially exposed. The UK's response includes a 850 million pound resettlement scheme. And yet critics question the secrecy and delays. Officials stressed that while the Taliban likely already had much of the data, the breach heightened fear and panic among those affected. The incident reignites debate over accountability, transparency and the deadly consequences of cyber negligence during wartime evacuations. Hackers are hiding malware inside DNS records, an area often overlooked by security tools. Domain tools researchers found a strain of nuisance malware called Joke Screenmate embedded in the text records of subdomains on whitetreecollective.com the malware was encoded in hexadecimal, split into chunks, and hidden in DNS records. Attackers can reassemble the chunks using normal looking DNS queries, bypassing standard defenses. With growing use of encrypted DNS protocols like DoH and DoT, detecting such activity becomes even harder. This stealthy tactic isn't new. PowerShell scripts have been hidden in DNS for years, but it's evolving. Researchers also found DNS records used to host prompt injection attacks targeting AI chatbots. These included bizarre or dangerous commands designed to manipulate the AI. As Ian Campbell of Domain Tools puts it, DNS remains a strange and enchanting place where attackers can quietly operate beyond the reach of conventional CyberSecurity tools. Former US army soldier Cameron John Wagenius has pleaded guilty to wire fraud, extortion and identity theft after hacking US telecom companies and attempting to ransom or sell stolen customer data while on active duty. He and accomplices breached systems using stolen credentials, stealing call and text metadata from hundreds of thousands of users, including high profile targets. Prosecutors say Wigenius demanded up to $500,000 in cryptocurrency and even offered stolen data to a foreign intelligence agency. Documents revealed he tried to defect, violated military orders and continued hacking even after federal searches. He posted stolen data on cybercrime forums like Breach Forums and Telegram with some of the compromise files containing government officials phone records. Authorities seized over 17,000 identity documents from his devices. Wigenius faces up to 27 years in prison and will be sentenced on October 6th. He's considered a significant flight risk and national security threat. Coming up after the break, Ben Yellen joins us with insights on the Senate Armed Services Committee's response to rising threats to critical infrastructure and the large print giveth and the small print taketh away. Stick around. Foreign hey everybody. Dave here. I've talked about Delete Me before and I'm still using it because it still works. It's been a few months now and I'm just as impressed today as I was when I signed up. Delete Me keeps finding and removing my personal information from data broker sites and they keep me updated with detailed reports so I know exactly what's been taken down. I'm genuinely relieved. Knowing my privacy isn't something I have to worry about every day. The Deleteme team handles everything. It's the set it and forget it piece of mind. And it's not just for individuals. Deleteme also offers solutions for businesses, helping companies protect their employees, personal information and and reduce exposure to social engineering and phishing threats. And right now our listeners get a special deal, 20% off your delete me plan. Just go to JoinDeleteMe.com N2K and use promo code N2K at checkout. That's JoinDeleteMe.com N2k code N2K Foreign did you know Active Directory is targeted in 9 out of 10 cyber attacks? Once attackers get in, they can take control of your entire network. That's why Semperis created Purple Night, the free security assessment tool that scans your active directory for hundreds of vulnerabilities and shows you how to fix them. Join thousands of IT pros using Purple Knight to stay ahead of threats. Download it now@sempris.com purple night that's sempris.com purple night. And it is always my pleasure to welcome back to the show My caveat co host Ben Yellen. He is from the University of Maryland center for Cyber Health and Hazard Strategies. Ben, welcome back.
[14:33]
Ben Yellen
Good to be with you again, Dave.
[14:35]
Dave Bittner
So interesting story came by. This is from the folks over at Defense One and they're talking about the Senate Armed Services Committee looking to place some cybersecurity requirements on the Pentagon. Can you unpack this for us, Ben?
[14:49]
Ben Yellen
Sure. So right now, Congress is considering the 2026 National Defense Authorization Act. Pretty much every year, Congress enacts a defense authorization bill, which sets policy for the Department of Defense for intelligence agencies, and pretty much anybody associated with protecting the country from foreign threats. So the Senate Armed Services Committee has put a provision in there requiring a new strategy from the Pentagon to deter cyber attacks on critical infrastructure in this country using the full range of military options. Lawmakers have pointed to recent cyber attacks, Volt, Typhoon, Salt Typhoon, as evidence that China has been aggressive against our critical infrastructure and that any previous efforts at deterrence clearly aren't working if they're still propagating these attacks. So we need a full, comprehensive response. Not just a defensive strategy to protect our infrastructure, but also potentially offensive measures. So for defensive measures, we talk about things like zero trust architecture, active defense, further information sharing, private public sector collaboration, and then the importance of potential offensive cyber operations, which it's kind of unclear exactly what form that would take. Probably by design. Right. We don't want to reveal to our enemies what our strategies are.
[16:14]
Dave Bittner
Right.
[16:14]
Ben Yellen
But this is something that the Senate Armed Services Committee wants the Pentagon to consider. One hiccup in all of this is we've lost a lot of talent just through natural attrition and the Department of Government efficiency. The government has lost a lot of its cyber expertise at the same time that threats against our critical infrastructure through cyber attacks are at a high point, not just from China, but from other adversaries like Iran, North Korea, other international criminal organizations. So one thing that this National Defense Authorization act would do is try to encourage, through various incentives, the hiring of additional cyber experts to work in our national government on offensive and defensive operations and to figure out a way for us to retain that type of talent once we are able to hire these people.
[17:12]
Dave Bittner
And this is a bipartisan effort, right?
[17:14]
Ben Yellen
Yeah. It's weird. Like, somehow partisan politics kind of flies over the National Defense Authorization Bill. It is usually one of the only truly bipartisan bills, both actually in support and opposition. Your typical pattern is like a 300 to 135 vote in favor of this, with the no vote split between dovish Democrats and America First International skeptic Republicans.
[17:44]
Dave Bittner
I see.
[17:45]
Ben Yellen
But, yeah, this is generally a process that is bipartisan. And I think, at least on the Armed Services Committee, this initiative is completely bipartisan.
[17:52]
Dave Bittner
Right.
[17:52]
Ben Yellen
I think both sides of the aisle fully understand the need to harden our approach against cyber threats and institutionalize that approach within the Department of Defense.
[18:02]
Dave Bittner
And this is the way for Congress to tell the Pentagon, these are the things we think are important and we're gonna demonstrate our desires in the way that we fund it.
[18:14]
Ben Yellen
Exactly, exactly. And the one stick that Congress has is the power of the purse. At least theoretically, they can say, one of the conditions of these billions of dollars to the Pentagon is that you have to develop this new strategy, and that's a weapon that Congress can use. Even if the Pentagon was reticent now, I don't think the Pentagon is reticent. I think.
[18:37]
Dave Bittner
Right. It seems to me when I was reading through this, I would, at the risk of being flippant, I imagine the top brass of the Pentagon saying, well, duh, Right. We're on board. You know, we're all in agreement that China is a threat and we should, you know, go at it. Thank you for your. Thank you for your concern.
[18:58]
Ben Yellen
Sometimes it's an accountability measure because then you can put in provisions like, we need an annual report from the Department of Defense on what they've done in the last fiscal year on cyber operations.
[19:10]
Dave Bittner
I see.
[19:10]
Ben Yellen
That can be a confidential report that's just submitted to the relevant congressional committees, but it's a way that Congress can hold the administration accountable for its promises.
[19:20]
Dave Bittner
I see.
[19:21]
Ben Yellen
And so I would expect that they put something like that, some type of reporting requirement in the Defense Authorization Bill as it's being considered.
[19:28]
Dave Bittner
And what's the timeline for this to go through?
[19:30]
Ben Yellen
Usually by the end of the calendar year is when next year's Defense Authorization Bill gets passed. So it's one of the year end tasks that Congress has to undertake, usually at the last minute before they adjourn until the next session, which starts in January of 2026.
[19:47]
Dave Bittner
To what degree is this one a political football? We talked about both bipartisan support and opposition, but does this one tend to sail through?
[19:57]
Ben Yellen
It does, unless there are some poison pills in. So somebody's gonna propose an amendment related to, like, transgender service members or think of your controversial subject of the day. And you know, whether that amendment is agreed to or not is gonna affect whether a hundred different members of Congress vote for the final package. So.
[20:19]
Dave Bittner
Right.
[20:20]
Ben Yellen
That's generally where it runs into trouble. Are these policy riders. But the Defense Authorization act almost always passes even despite that.
[20:30]
Dave Bittner
Yeah. All right, well, Ben Yellen is my co host over on the Caveat podcast, and he is from the University of Maryland center for Cyber Health and Hazard Strategies. Ben, thanks so much for joining us.
[20:40]
Ben Yellen
Thanks for having me.
[20:53]
Dave Bittner
You hear from us here at the Cyberwire daily every single day now. We'd love to hear from you. Your voice can help shape the future of N2K networks. Tell us what matters most to you by completing our annual audience survey. Your insights help us grow to better meet your needs. There's a link to the survey in our show notes. We're collecting your comments through August 31st. Thanks. We've all been there. You realize your business needs to hire someone yesterday. How can you find amazing candidates fast? Well, it's easy. Just use Indeed when it comes to hiring Indeed is all you need. Stop struggling to get your job post noticed. Indeed's Sponsored Jobs helps you stand out and hire fast. Your post jumps to the top of search results so the right candidates see it first. And it works. Sponsored Jobs on indeed get 45% more applications than non sponsored ones. One of the things I love about Indeed is how fast it makes hiring. And yes, we do actually use Indeed for hiring here at N2K CyberWire. Many of my colleagues here came to us through Indeed. Plus we with Sponsored Jobs. There are no subscriptions, no long term contracts. You only pay for results. How fast is Indeed? Oh, in the minute or so that I've been Talking to you, 23 hires were made on Indeed according to Indeed Data Worldwide. There's no need to wait any longer. Speed up your hiring right now with Indeed and listeners to this show will get a $75 sponsored job credit. To get your jobs more visibility@indeed.com cyberwire just go to indeed.com cyberwire right now and support our show by saying you heard about Indeed on this podcast. Indeed.com cyberwire terms and conditions apply. Hiring Indeed is all you need. Krogel is AI built for the enterprise soc, fully private schema, free and capable of running in sensitive air gapped environments. Krogle autonomously investigates thousands of alerts weekly, correlating insights across your tools without data leaving your perimeter. Designed for high availability across geographies, it delivers context aware, auditable decisions aligned to your workflows. Krogle empowers analysts to act faster and focus on critical threats, replacing repetitive triage with intelligent automation to help your SOC operate at scale with precision and control. Learn more@krogle.com that's C-R-O GL.com and finally, as 20th century philosopher and musician Tom Waits so eloquently stated, the large print giveth and the small print taketh away. File transfer utility Wetransfer recently updated its terms of service and promptly sent privacy advocates into mild hysteria. Content creators understandably jumpy about their hard work being fed into some ravenous AI took to X Twitter to say they were jumping ship. The fuss centered around wording that suggested Wetransfer might use uploaded files to train machine learning models. Cue the panic. In a brisk about face, Wetransfer clarified that no, they're not selling your audition tape to Skynet. They've since scrubbed the language and now promise their only goal is to improve the service. The change takes effect August 8th. This isn't the first AI fueled freakout either. Dropbox faced similar outrage in 2023. As one privacy lawyer quipped, in the age of AI gold rushes, your data is the new pickaxe and vague terms are the minefield. And that's the Cyberwire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to hear from you. We are conducting our annual audience survey to learn more about our listeners. We're collecting your insights through the end of this summer. There is a link in the show Notes. Please take a minute and check it out. N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music by Elliot Pelt Smith. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. Foreign.
[26:30]
Kim Jones
Hi Kim Jones Here on CISO Perspectives, we get candid with the thinkers, doers and trailblazers shaping cybersecurity leadership. No scripts, no sales pitches, just real stories and hard earned lessons from folks who've been there. If you're looking to grow as a leader or just want to hear how others are navigating this ever evolving field, listen to CISO Perspectives. Get your seat at the table.
[27:09]
Dave Bittner
Buying more tools won't make you more secure. Continually training your people will. In this episode, Cloud Range co founder and CEO Debbie Gordon shares how real world simulations are transforming readiness in 2025. Because your last line of defense isn't software, it's your team. Tune in now. Your stack depends on it.