CVE program gets last-minute lifeline. - CyberWire Daily

Summary7 min read

CyberWire Daily Episode Summary: "CVE Program Gets Last-Minute Lifeline"

Release Date: April 16, 2025

In this comprehensive episode of CyberWire Daily, host Dave Bittner navigates through a multitude of pressing cybersecurity issues, including critical funding extensions, whistleblower allegations, legislative actions, significant cyberattacks, emerging malware threats, and updates on software vulnerabilities. Additionally, the episode features an insightful segment on the EC Council Certified Ethical Hacker (CEH) exam, providing valuable guidance for aspiring cybersecurity professionals.

1. CVE Program Receives Urgent Funding Extension

The episode begins with an in-depth discussion about the Common Vulnerabilities and Exposures (CVE) program, a pivotal resource managed by the Mitre Corporation and funded by the US Government. The CVE program catalogues known cybersecurity vulnerabilities, assigning each a unique ID to standardize communication among security professionals globally.

Key Points:

Funding Extension: The Cybersecurity and Infrastructure Security Agency (CISA) has extended funding for the CVE program by 11 months, narrowly averting a critical lapse ([Transcript Time: Not Specified]).
Implications of Funding Gap: Mitre Corporation had announced plans to lay off 442 employees in McLean, Virginia, due to the cancellation of Department of Energy contracts, highlighting the program's financial fragility.
Formation of CVE Foundation: In response to potential instability, CVE board members have established the CVE Foundation, a nonprofit aimed at ensuring the program's long-term viability and independence from governmental funding.
Strategic Importance: The CVE program is essential for threat intelligence, patch management, and security automation, serving as the backbone for tools like the National Vulnerability Database.

Quote:

"Think of it as a Dewey Decimal system of cybersecurity flaws in a critical development for global cybersecurity."
— Dave Bittner ([Transcript Time: Unspecified])

2. Whistleblower Alleges Security Breach at NLRB

A significant revelation comes from federal cybersecurity specialist Daniel Baroulis, who has filed a whistleblower complaint alleging a security breach at the National Labor Relations Board (NLRB). Baroulis accuses the Department of Government Efficiency (DOGE) of facilitating unauthorized data access.

Key Points:

Allegations: Baroulis claims that DOGE disabled security protocols, including multi-factor authentication and internal alerts, enabling a data breach that resulted in over 10 gigabytes of sensitive information being exfiltrated.
Evidence: He provided screenshots showing unusual data spikes and cited foreign login attempts, including from a Russian IP using DOGE-created credentials.
Government Response: The White House has countered, stating that DOGE has been transparent in its operations.
Public Statement: Baroulis appeared on CNN to elaborate on his findings.

Notable Quote with Timestamp:

“[06:11] Daniel Baroulis: So I spent a lot of time in the private sector and you start to see these indicators of compromise sometimes and they, they kind of raise red flags. And so when you start seeing those, you put together the puzzle and more likely than not, that's how you flush out a breach. And I saw those same indicators in my agency and started raising the flag.”

3. Texas Establishes Its Own Cyber Command

Amid federal shifts in cybersecurity responsibilities, Texas is taking proactive measures by establishing its own state-level Cyber Command.

Key Points:

Legislation Passed: The Texas House has approved legislation to create the Texas Cyber Command, backed by $135 million over two years.
Operational Focus: The command will focus on cyber threat response, forensics, and training, operating through the University of Texas system at UT San Antonio.
Governor Abbott’s Statement: Governor Greg Abbott has labeled the creation of the Cyber Command as an "emergency priority" in response to increasing cyberattacks targeting Texas infrastructure.

4. Dark Storm Team Disrupts Breach Forum with DDoS Attack

The Breach Forum, a well-known hacker marketplace, has faced another disruption following a Distributed Denial of Service (DDoS) attack by the pro-Palestinian hacktivist group Dark Storm Team.

Key Points:

Attack Attribution: Dark Storm Team claimed responsibility for the takedown, citing Operation Soyclips—a long-term plan to infiltrate and disrupt hacker forums.
Impact: The attack resulted in the temporary shutdown of the Breach Forum, stoking rumors about the possible arrest of Intel Broker, a figure associated with major past cyberattacks.
Group Motives: Dark Storm promotes itself as a cybercrime-as-a-service group with both political and commercial objectives, targeting NATO nations and high-profile platforms like Elon Musk's X Twitter.

5. American Oversight Sues Federal Government Over Signal Gate

American Oversight, a watchdog group, has initiated a lawsuit against the federal government, alleging the misuse of Signal—an encrypted messaging platform—to evade transparency laws during military operations in Yemen.

Key Points:

Allegations: The lawsuit claims that agencies like the CIA failed to preserve communications, violating the Federal Records Act by using disappearing messages.
High-Level Involvement: Figures implicated include Secretary of Defense Pete Hegseth and Vice President J.D. Vance.
Government’s Stance: The Justice Department argues there is no enforceable public right to challenge the deletion of such records.
Future Plans: American Oversight intends to broaden the lawsuit to address systemic issues related to the use of Signal by national security officials, threatening democratic accountability and legal compliance.

6. SEC Reveals 2016 Cyberattack Exploiting EDGAR System

SEC Chairman John Clayton disclosed a significant cybersecurity incident from 2016, where attackers exploited vulnerabilities in the SEC's EDGAR system.

Key Points:

Nature of the Breach: Attackers infiltrated the EDGAR system, which houses financial records of public companies, potentially enabling illicit stock trading through fake filings designed to manipulate markets.
Additional Lapses: The breach highlighted other security shortcomings, such as unsecured emails and missing laptops.
Response: Clayton affirmed that no personal data was compromised and pledged to enhance the SEC's cybersecurity measures to prevent future incidents.

7. Resolver Rat: A New Remote Access Trojan Threat

The cybersecurity community is now facing a new threat: Resolver Rat, a remote access trojan (RAT) targeting the healthcare and pharmaceutical sectors.

Key Points:

Discovery: Identified by Morphisec, Resolver Rat spreads through phishing emails disguised as legal or copyright violation notices, with content tailored to regional languages.
Technical Sophistication: The malware operates entirely in memory using .NET obfuscation techniques to avoid detection, secures persistence via registry and system folders, and exfiltrates large files in small chunks to blend with legitimate traffic.
Global Reach: Instances of Resolver Rat have been detected in multiple languages, indicating its widespread targeting capability.

8. Microsoft Addresses Windows 11 Update-Induced Blue Screen Crashes

Users of Windows 11 are experiencing secure kernel errors leading to blue screen crashes following recent updates.

Key Points:

Issue Source: Updates released in March and April have been identified as the cause of these crashes on devices running version 24H2.
Mitigation Measures: Microsoft is employing Known Issue Rollback to automatically revert problematic updates on home and unmanaged business PCs within 24 hours. For enterprise systems, IT administrators must manually deploy a group policy fix.
Additional Updates: Concurrently, Microsoft has issued emergency updates to address other critical Windows issues, including domain controller outages.

9. CERT BYTE: Preparing for the EC Council Certified Ethical Hacker Exam

In the CERT BYTE segment, host Chris Hare teams up with Troy McMillan to dissect a practice question for the EC Council Certified Ethical Hacker (CEH) exam, offering valuable insights for candidates.

Discussion Highlights:

Practice Question: “What kind of computer-based social engineering technique attempts to redirect web traffic to malicious versions of websites through DNS poisoning?”
Options:
A) Farming
B) Spear Phishing
C) Whaling
D) Spimming
Analysis: Troy successfully identifies "Farming" as the correct answer through a process of elimination, distinguishing it from other social engineering techniques like Spear Phishing and Whaling.

Notable Exchange:

“[15:54] Chris Hare: That is correct. So your technique worked there. Farming is the act of redirecting web traffic to malicious versions of websites...”
— Dave Bittner

Additional Insights:

Emphasis on mastering tools like Nmap for the CEH exam.
Discussion on the career benefits of obtaining the CEH certification, including job advancements and entrepreneurial opportunities.

10. 4chan Suffers Major Breach by Soyjak Party Group

The online forum 4chan was recently taken offline following a significant breach attributed to the Soyjak Party, a hacktivist group.

Key Points:

Operation Soyclips: The group claimed to have infiltrated and compromised 4chan's systems for over a year, exploiting outdated PHP setups from 2016.
Data Leaked: Breached data includes admin panels, staff emails, and backend access details, with fragments of the site's code appearing on platforms like Kiwi Farms.
Aftermath: 4chan's administrators are engaged in damage control, but the incident highlights vulnerabilities associated with maintaining outdated software infrastructure.

Conclusion

Today's episode of CyberWire Daily offers a thorough exploration of critical cybersecurity developments, from the lifeline funding extension for the CVE program to alarming whistleblower allegations and state-level cybersecurity initiatives. The discussion on emerging threats like Resolver Rat and significant breaches underscores the ever-evolving landscape of cyber threats. Additionally, practical advice for aspiring ethical hackers through the CEH exam segment provides actionable insights for career advancement in the field. As cyber threats continue to mount, such detailed briefings are invaluable for professionals striving to stay ahead in the dynamic world of cybersecurity.

For more detailed information and to access related links, listeners are encouraged to visit the CyberWire Daily website and refer to the show notes provided with the episode.

Loading summary

Transcript27 lines

[00:02]
Dave Bittner
You're listening to the CyberWire network, powered by N2K. Cyber threats are evolving every second, and staying ahead is more than just a challenge, it's a necessity. That's why we're thrilled to partner with ThreatLocker, the cybersecurity solution trusted by businesses worldwide. ThreatLocker is a full suite of solutions designed to give you total control stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely. Visit threatlocker.com today to see how a default deny approach can keep your company safe and compliant. The CVE program gets a last minute reprieve A federal whistleblower alleges a security breach at the nlrb. Texas votes to spin up their very own Cyber Command Breach Forum suffers another takedown. A watchdog group sues the federal government over signal gate allegations. The SEC chair reveals a 2016 hack resolver rat target the healthcare and pharmaceutical sectors worldwide. Microsoft warns of blue screen crashes following recent Updates on our Certbyte segment, Chris Hare is joined by Troy McMillan to break down a question targeting the EC Council Certified Ethical Hacker exam and 4chan gets soyjacked foreign April 16, 2025 I'm Dave Bittner and this is your CyberWire Intel Briefing. Thanks for joining us here today on what is a busy news day. We're glad to have you with us. The CVE program, short for Common Vulnerabilities and Exposures, is a publicly available list of known cybersecurity vulnerabilities. Each vulnerability gets a unique ID that helps security professionals, software vendors, and researchers talk about the same issue using the same name, kind of like a universal language for bugs. Managed by Mitre Corporation and funded by the US Government, the program plays a critical role in threat intelligence, patch management, and security automation. It's the backbone for many tools and databases, including the National Vulnerability Database, and it helps defenders prioritize which issues to fix first. Think of it as a Dewey Decimal system of cybersecurity flaws in a critical development for global cybersecurity. The US Cybersecurity and Infrastructure Security Agency has extended funding for the Common Vulnerabilities and Exposures Program program, reportedly for 11 months, preventing an imminent lapse in this essential service. The funding extension comes just hours before the program's contract was set to expire. MITRE had warned that a break in service could lead to significant disruptions, including the deterioration of national vulnerability databases, challenges for tool vendors, and impediments to incident response operations. Amid these developments, a group of CVE board members announced the formation of the CVE Foundation a nonprofit organization aimed at ensuring the long term stability and independence of the CVE program. The foundation seeks to mitigate the risks associated with reliance on a single government sponsor by establishing a dedicated entity focused on maintaining the integrity and availability of CVE data for defenders worldwide. Concurrently, Mitre Corporation is facing significant organizational changes, announcing plans to lay off 442 employees at its McLean, Virginia location by June 3rd. These layoffs are attributed to the cancellation of contracts by the Department of Energy, reflecting broader challenges to the federal contracting landscape. The swift action by CISA to extend funding underscores the critical importance of the CVE program in maintaining national and global cybersecurity infrastructure. The establishment of the CVE foundation represents a proactive step toward ensuring the program's resilience and independence in the face of funding uncertainties. A federal cybersecurity specialist, Daniel Baroulis, has filed a whistleblower complaint alleging that the Department of Government Efficiency under President Trump caused a security breach at the National Labor Relations Board and may have illegally extracted sensitive data data In a sworn statement sent to Congress and a federal whistleblower office, Baroulis claimed DOGE staff disabled security protocols like multi factor authentication and internal alerts. Shortly after arriving at NLRB in March, he reported detecting a data transfer of over 10 gigabytes, including personal and confidential business information. He also cited login attempts from foreign locations, including a Russian IP using DOGE created credentials. Baroulis, who holds a Top Secret clearance, provided screenshots as evidence. The White House stated DOGE was transparent in its activities. Daniel Baroulis appeared on CNN yesterday where he had this to say.
[06:11]
Daniel Baroulis
So I spent a lot of time in the private sector and you start to see these indicators of compromise sometimes and they, they kind of raise red flags. And so when you start seeing those, you put together the puzzle and more likely than not, that's how you flush out a breach. And I saw those same indicators in my agency and started raising the flag.
[06:30]
Dave Bittner
So in your complaint that you shared with Congress, you include this screenshot we're going to show. It shows a large spike in data leaving the National Labor Relations Board. You say that's extremely unusual because data almost never directly leaves the databases. How do you know what was being removed? And is it possible you saw something that has a plausible explanation behind it?
[06:51]
Daniel Baroulis
I definitely would prefer that. Actually. I've tried to prove the negatives multiple times. It correlates directly with data that was exiting the database. At the same time, there's a lot of corroborating evidence that points to it. That was the first thing I tried to do is just rule out every other solution before I went this route again.
[07:10]
Dave Bittner
That clip is courtesy of cnn. We'll have a link in the show. Notes the Trump administration has voiced its intentions to shift responsibilities from the federal government to the states. The Texas House has passed legislation to create a new state cybersecurity agency, the Texas Cyber Command, aimed at defending against growing cyber threats. Backed by $135 million over two years, the command would operate through the University of Texas system based at UT San Antonio. It will focus on cyber threat response, forensics and training while centralizing efforts previously handled by the Department of Information Resources. Governor Abbott has called the bill an emergency priority amid rising cyberattacks on Texas infrastructure breach forums. The well known hacker marketplace was reportedly taken down again, this time by pro Palestinian hacktivist group Dark Storm Team, which claimed responsibility for a DDoS attack. The takedown comes amid unverified rumors of the arrest of Intel Broker, a prominent figure linked to past major cyber attacks. Though some speculate an FBI seizure, no official signs support that claim. Darkstorm, known for targeting NATO nations and Musk's X Twitter platform, promotes itself as a cybercrime as a service group with both political and commercial motives. Attorneys for watchdog group American Oversight allege the US Government deliberately used encrypted disappearing signal messages to evade transparency laws during military operations in Yemen, wired reports. They claim newly filed court documents reveal inconsistent and inadequate efforts by agencies like the CIA to preserve these communications, violating the Federal Records Act. The controversy, dubbed Signal Gate, involves high level Trump era officials including Secretary of Defense Pete Hegseth and Vice President J.D. vance. Although some messages were partially recovered, most were likely deleted before preservation efforts began. The Justice Department argues there's no enforceable public right to challenge the deletion of records. American Oversight plans to expand its lawsuit, citing the broader systemic use of signal by national security officials as a threat to democratic accountability and record keeping laws. SEC Chairman John Clayton released a lengthy cybersecurity statement yesterday revealing that the agency was hacked in 2016. Buried deep in the statement was the disclosure that attackers exploited a vulnerability in the SEC's EDGAR system, which stores financial records of public companies. The breach may have enabled illicit stock trading and involved fake filings meant to sway markets. Clayton said no personal data was compromised, but noted other lapses like unsecured emails and missing laptops. He pledged to boost cybersecurity efforts. A new remote access trojan called Resolver Rat is targeting organizations worldwide, especially in the healthcare and pharmaceutical sectors discovered by morphisec. Resolver Rat is spreading through phishing emails posing as legal or copyright violations, with language tailored to the target's region. The malware runs entirely in memory, using. NET tricks to avoid detection. It secures persistence via the registry and system folders and exfiltrates large files in small chunks to blend in with normal traffic. Resolver Rat has been seen in multiple languages, signaling global reach. Microsoft has warned that recent Windows 11 updates may trigger a secure kernel error Blue screen crash on devices running version 24H2. The issue stems from March and April updates. Microsoft is addressing the bug using Known Issue Rollback, which automatically reverts problematic updates on home and unmanaged business PCs within 24 hours. For enterprise systems, IT admins must manually deploy a group policy fix. Microsoft also issued emergency updates this week for other Windows issues, including domain controller outages. Coming up after the break on our CERT Byte segmentation, Chris Hare is joined by Troy McMillan to break down a question targeting the EC Council Certified Ethical Hacker exam and 4chan gets soyjacked. Stick around. Bad actors don't break in, they log in. Attackers use stolen credentials in nearly nine out of 10 data breaches. Once inside, they're after one thing your data. Varonis AI powered data security platform secures your data at scale across LAS SaaS and hybrid cloud environments. Join thousands of organizations who trust Varonis to keep their data safe. Get a free data risk assessment@varonis.com.
[12:57]
Chris Hare
Foreign.
[13:04]
Dave Bittner
What'S the common denominator in security incidents, escalations and lateral movement? When a privileged account is compromised, attackers can seize control of critical assets with bad directory hygiene and years of technical debt. Identity attack paths are easy targets for threat actors to exploit, but hard for defenders to detect. This poses risk in active directory, entra ID and hybrid configurations. Identity leaders are reducing such risks with attack path management. You can learn how attack path management is connecting identity and security teams while reducing risk with Bloodhound Enterprise powered by SpectreOps. Head to Spectrops IO today to learn more. Spectre Ops See your attack paths the way adversaries do on today's CERT Byte segment. Host Chris Hare is joined by Troy McMillan to break down a question targeting the EC Council Certified ethical hacker examination. Today's question comes from N2K's EC Council Certified Ethical Hacker Practice Test.
[14:25]
Troy McMillan
Hi everyone, it's Chris. I'm a content developer and project management specialist here at N2K Networks. Today's question targets the EC Council Certified Ethical Hacker CEH version 5 exam, which is ID 3 1, 2, 5, 0. Which was updated on September 23rd of 2024. This exam is targeted to cybersecurity professionals, government and military professionals, and educators. I've enlisted Troy as our new guest host today. He's a specialist in all things Cisco, ISACA and EC Council. Welcome, Troy. How are you today?
[14:58]
Chris Hare
I'm doing great, Chris. Thank you for having me.
[15:01]
Troy McMillan
Absolutely. And before we get into it, be sure to stick around after our question for our special study bit for this test, as well as for the latest News on upcoming N2K practice tests. Okay, we're going to be turning the tables and Troy, you're going to be asking me today's question. Hit me.
[15:18]
Chris Hare
Okay, Chris, here's your question. It's multiple choice, but only one answer is correct. What kind of computer based social engineering technique attempts to redirect web traffic to malicious versions of websites through DNS poisoning? Your choices are A, farming, D, spear phishing, C, whaling, or D, spinning.
[15:46]
Troy McMillan
All right, so before I answer, Troy, I understand this is under the network and perimeter hacking objective and the sniffing sub objective, correct?
[15:54]
Chris Hare
That is correct.
[15:56]
Troy McMillan
Okay. And as I have sparse familiarity with these terms and I'm going to assume DNS poisoning is something really bad, I'm going to go through them one by one. So let's start with the terms I'm familiar with first. So I know spear phishing means targeting a specific person within an organization, so what you're describing does not sound like the correct scenario. So I'm going to first rule that answer choice out. The other term I'm familiar with is whaling, as this is akin to spear phishing, but instead it targets higher ups in an organization, as far as I'm aware. And again, this does not reflect the question you're posing, so I'm going to strike that one out next. As for farming and spinning, I'm not familiar with these terms, so I'm going to leverage a tool used in many industries, including cybersecurity, called morphological analysis, which basically means I'm going to break down the terms to see if I can root out their meaning and guess the correct answer. So first, farming. This could be a combination of fishing and farming. I mentioned spear phishing earlier, so I know phishing is a broader level social engineering attack. And the farming part I would think is data farming. So that could be the answer. So let's put a pin in that one. Spimming is a term I've not heard of either. And if we break it down, it could be a combination of spamming and maybe messaging or text messaging. So given that, I'm going to say that this is not the likely choice either. So I'm ruling out spimming and by process of elimination I declare the correct answer to be a farming. Am I right?
[17:35]
Chris Hare
Yes, Chris, you're correct. So your technique worked there. Farming is the act of redirecting web traffic to malicious versions of websites, and it can be done by modifying the host file on an individual computer, or attacking the DNS server and poisoning its cache through some DNS poisoning techniques. After that, when a user enters a valid domain name, the DNS server will lead them to a different website than what they're expecting, which will be a fraudulent version of that website. Then when the user logs into the website, the attacker gains his credentials and now can perform any can perform any operation that requires those credentials Spear phishing is a form of phishing that directs targets to specific targets in an organization. So rather than a standard mass email phishing campaign, spear phishing directly targets an organization and usually specific individuals in that organization. So they might get emails, phone calls, et cetera, from someone claiming to be a trusted entity that they're familiar with. And due to the sense of familiarity, they might fall victim to these attacks. Whaling, as you mentioned, is a form of spear phishing that targets important or powerful people in the organization. What we might call the big fish, the whales, the CEO, the cfo, some high ranking official you got close with sussing out the word origin of spinning, as it's a combination of spamming and instant messaging and is a kind of phishing that relies on text messages or instant message applications as their main vector for attack. These might also fall into other categories, such as spear phishing or whaling campaigns that are directed at individuals. So the attack may claim to be from your bank, the insurance company you do business with, or it could be the Microsoft support desk claiming you have a virus on your computer. This will likely result in a request for you to call them. Now you've fallen into their trap.
[19:58]
Troy McMillan
Now this was a really good foundational question, and it makes me wonder what question types are included in the CEH that candidates should prepare for.
[20:08]
Chris Hare
Well, on the CEH exam, the good news is that all of the items are multiple choices.
[20:13]
Troy McMillan
Oh, that is good news. And that's good to know. So Troy apparently, according to the EC Council, the certification is a career game changer for whoever takes it, as they state that 92% of employers prefer CEH graduates for ethical hacking jobs, and one in every two professionals received promotions after earning their CEH certification What impact have you seen from people having this certificate?
[20:39]
Chris Hare
Well, getting this CERT can be somewhat of a game changer because it typically leads to either a new job or promotion. But I've seen a lot of folks get this certification and go into business for themselves as a certified ethical hacker and hire themselves out to companies to perform ethical hacking, which is sometimes also called a pen test as well. So there it does lead to better and new jobs. It also leads to the potential for entrepreneurship.
[21:15]
Troy McMillan
Wow, that's really great insight. All right, so now it's time to discuss the study bit for this test. What do you have for us Troy?
[21:22]
Chris Hare
Well, one of the tools that certified ethical hackers use to learn information about a network before they attack it is a command based tool called nmap, stands for Network Mapper. You need to know all of those NMAP commands and the switches. You will see a number of items on which NMAP command would do X, so make sure that you're familiar with those.
[21:49]
Troy McMillan
Awesome tip. Thanks so much for being here with me today Troy.
[21:52]
Chris Hare
Thank you for having me, Chris.
[21:54]
Troy McMillan
Of course. And as we wrap up today's episode, are there any upcoming practice tests you'd like to promote here?
[22:00]
Chris Hare
Yes, we just released the CompTIA Tech plus exam, the AWS Certified AI Practitioner examination, and the Azure AI Engineer Associate Practice Test. And we will also have more coming up for Comptia, Microsoft and Oracle in the next month.
[22:21]
Troy McMillan
Awesome. Thanks so much Troy, and thank you for joining me for this week's certbyte. If you're actively studying for this certification and have any questions about study tips or even future certification questions you'd like to see, please feel free to email me at certbite2k.com that's C E R T V Y T E2K.com if you'd like to learn more about N2K's practice tests, visit our website at n2k.com certify for sources and citations for this question, please check out our show notes. Happy Certifying.
[23:03]
Dave Bittner
And of course we'll have a link to N2K's EC Council Certified Ethical Hacker Practice test in our show. Notes. Do you know the status of your compliance controls right now? Like right now? We know that real time visibility is critical for security, but when it comes to our GRC programs, we rely on point in time checks. But get this, more than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta. Here's the Vanta brings automation to evidence collection across 30 frameworks like Society 2 and ISO 27001. They also centralize key workflows like policies, access reviews and reporting, and helps you get security questionnaires done five times faster with AI. Now that's a new way to GRC get $1,000 off Vanta when you go to vanta.com cyber that's vanta.com cyber for $1,000 off. And finally, 4chan, the online forum which security researcher Kevin Beaumont smartly described as the Internet's litterbox, was knocked offline after what appears to be a major breach. The culprits are allegedly users from Soyjak Party, proudly taking credit for Operation Soyclips, a long brewing plan allegedly executed by a hacker who claims to have lurked inside 4channel's systems for over a year using the handle chud. Because, of course, the group leaked screenshots of admin panels, staff emails, and hinted at full access to the site's back end, including IP tracking and board controls. Their weapon of Choice was apparently 4chan's outdated PHP setup from 2016, which might as well have been a digital welcome mat to contain the fallout. 4chan's admins pulled the plug, but not before pieces of the site's code showed up on Kiwi farms. As of now, the site's flickering online presence suggests damage control is still in progress. 4chan's been a digital cockroach for 20 years, but apparently even cockroaches can get stomped if their firewall is made of chewing gum and nostalgia. And that's the Cyberwire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k. N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music and sound design by Elliot Peltzman. Our executive producer is Jennifer Ivan. Peter Kilpe is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. Looking for a career where innovation meets impact? Vanguard's technology team is shaping the future of financial services by solving complex challenges with cutting edge solutions. Whether you're passionate about AI, cybersecurity or cloud computing, Vanguard offers a dynamic and collaborative environment where your ideas drive change. With career growth opportunities and a focus on work life balance, you'll have the flexibility to thrive both professionally and personally. Explore open cybersecurity and technology roles today@vanguardjobs.com.