CyberWire Daily – “Cyber Solidarity on the Chopping Block”
Date: October 23, 2025
Host: Dave Bittner, N2K Networks
Featured guests: Lauren Zabrick & Camille Stewart Gloucester (Share the Mic in Cyber)
Episode Overview
This episode delivers a comprehensive rundown of the day’s most pressing cybersecurity news, featuring stories on U.S. federal cyber layoffs, emergency browser vulnerabilities, privacy and AI threats, as well as a deep dive interview with the co-founders of “Share the Mic in Cyber.” The conversation spotlights the evolution of this initiative toward new fellowships focused on cyber threat intelligence, ending with a memorable, real-world lesson in cybersecurity “customer service.”
Main News Highlights
White House Shutters CISA Stakeholder Engagement Division
[03:23–04:53]
- The Trump administration has effectively closed the Cybersecurity and Infrastructure Security Agency’s (CISA) Stakeholder Engagement Division.
- Nearly all 95 staff have been laid off, leaving only the sector management unit intact.
- The move eliminates offices responsible for council management, strategic relations, and international affairs.
- “The move eliminates three vital offices ... disrupting CISA’s partnerships with critical infrastructure operators, academic institutions and foreign governments.” — Co-host [03:58]
- Security experts like former White House advisor Michael Daniel warn this “risks leaving CISA blind to certain threats and trends.”
- The cuts may erode trust, hinder information sharing, and potentially isolate the U.S. from global cyber allies.
Chrome Emergency Update & Privacy Sandbox Killed
[04:53–06:19]
- Google issues a second emergency Chrome update:
- A severe flaw in the V8 JavaScript engine, found by AI-driven project Big Sleep, is patched across all platforms.
- “Users can trigger the update manually via Chrome’s About Google Chrome settings page...” — Dave Bittner [05:15]
- Privacy Sandbox is abandoned:
- Google ends its attempt to replace third-party cookies with privacy-focused ad technologies, citing complexity, poor adoption, and regulatory pressure.
- "The move restores short term ad stability, but highlights the industry’s continued lack of viable privacy-safe alternatives.” — Co-host [05:48]
OpenAI’s Atlas Browser & Prompt Injection Risks
[06:19–06:56]
- Atlas browser is vulnerable to indirect prompt injection:
- Malicious web content can trick AI-powered browsers into unintended actions.
- The problem is “systemic across AI-powered browsers” (including Perplexity, Comet, Felu) according to a Brave Software report.
- “OpenAI acknowledged the risk, calling prompt injection an unsolved security problem...” — Co-host [06:44]
- Experts urge for “stronger downstream security and human oversight.”
SpaceX Cuts Starlink for Scam Compounds
[07:13–08:19]
- Over 2,500 Starlink satellite kits were proactively shut down in Myanmar after reports of their usage in scam and human trafficking operations.
- “SpaceX’s vice president ... said the company proactively shut down over 2,500 kits near suspected scam centers and is cooperating with global law enforcement.” — Co-host [07:25]
- Authorities in Myanmar seized Starlink devices and detained over 2,000 people at a scam complex.
- Despite action, new scam compounds continue to emerge.
Reddit Sues Data Scrapers
[08:19–09:23]
- Reddit files a lawsuit against four companies (SERP API, Oxylabs, AWM Proxy, Perplexity), alleging illegal scraping and resale of Reddit content to AI developers.
- “Reddit says it’s spent millions building anti-scraping defenses and even trapped Perplexity with a hidden test post to prove its case.” — Co-host [08:45]
- The lawsuit highlights tensions between content platforms and AI companies, even as Reddit strikes licensing deals with firms like Google and OpenAI.
Blue Cross Blue Shield of Montana Data Breach
[09:23–10:01]
- A breach exposed personal and medical data of up to 462,000 residents from Nov 2024 through March.
- “State Auditor James Brown called the incident deeply disturbing and launched an immediate probe criticizing the insurer for failing to notify customers or provide credit monitoring.” — Co-host [09:37]
Android Infostealer Using Termux
[10:01–10:57]
- A new Android malware uses Termux to run scripts, harvest contacts, messages, app data, and exfiltrates them via Telegram.
- “The sample scored a 0 out of 64 on VirusTotal and includes Vietnamese comments, the researcher reports.” — Co-host [10:20]
- Underscores rising Android infostealer threats traditionally seen only on Windows.
Iranian Espionage: Muddy Water Campaign
[10:57–12:16]
- Iranian group Muddy Water (aka Static Kitten/Mercury/Seed Worm) targets 100+ entities across Middle East and North Africa.
- Uses Phoenix v4 backdoor via phishing and fake updates, steals browser credentials, and leverages remote management tools.
- “Most victims were embassies, consulates and foreign ministries, signaling continued Iranian cyber espionage operations.” — Co-host [11:44]
Interview: The Evolution of Share the Mic in Cyber
With Lauren Zabrick & Camille Stewart Gloucester
[14:51–26:01]
History & Mission
- Origin (2020):
- Launched as a social media campaign to amplify Black practitioners’ voices, inspired by tragedies in the Black community and parallel campaigns in other industries.
- “It started with a social media campaign where allies were giving their platforms to Black practitioners … an exchange of dialogue and insights on how different communities were experiencing the cyber ecosystem.” — Camille Stewart Gloucester [15:20]
- Growth:
- Grassroots expansion to include scholarships, a talent database, and collaborative campaigns.
- “We had five campaigns ... at the height, I remember, we had over 100 million impressions on Twitter.” — Lauren Zabrick [19:01]
- Successes:
- Influential supporters (Rep. Lauren Underwood, ex-CISA chief Jen Easterly, NSA’s Rob Joyce).
- Resulted in new jobs, connections, and professional opportunities for underrepresented voices.
Notable Quotes & Moments
- “I saw her post on Twitter and then I slid into her DMs and I was like, hey, girl, what if we did this? And literally in the next two weeks, this amazing campaign was born.” — Lauren Zabrick [18:26]
- “Those new takes, those cutting-edge takes on some of the challenges our industry has been facing are going to have long-term impact.” — Camille Stewart Gloucester [22:17]
Evolution to New Fellowships
Fellowship at New America (Closing)
- Supported 21 fellows producing research on:
- Youth cybercrime
- Human impacts of VR/AR and AI
- Civilian cyber corps frameworks
- Gendered effects of cyber disruptions
- “Our founding thesis, which is that diverse voices strengthen cybersecurity and national security ...” — Lauren Zabrick [20:34]
New Direction: Cyber Threat Intelligence
- Transitioning focus to cyber threat intelligence and analytic tradecraft, with a new “Catalyst Fellowship” in partnership with the Cyber Threat Alliance.
- “There has long been somewhat of a disconnect there. And so we partnered with the Cyber Threat Alliance ... to launch the Share the Mic in Cyber Catalyst Fellowship for Cyber Intelligence.” — Camille Stewart Gloucester [23:19]
- Seeking community engagement for professional development, mentorship, and analytic product collaboration.
Call to Action
- Lauren Zabrick encourages the community to share skills, offer financial support, and help fellows with job transitions:
- “If you have skills that you want to share with the community, such as analytic tradecraft in writing and things like that ...” — Lauren Zabrick [25:06]
Memorable Anecdote: Customer Service Fails, Try Human Resources
[27:25–28:10]
A TikTok user “Kernel Dump” detected a company’s data breach. After repeated ignored warnings, he applied for a job, made it to the CISO interview, and delivered the breach notification in person—then declined the job.
“He wasn’t there for the paycheck. He was there to deliver the breach notice in person. Then he declined the job.” — Dave Bittner [27:59]
“Sometimes it takes one determined applicant to remind a company that defense in depth should include answering your emails.” — Co-host [28:10]
Key Quotes (with Timestamps)
- “Experts warn the cuts will erode trust, reduce situational awareness and weaken collaboration mechanisms essential for defending sectors such as healthcare, energy and telecommunications.” — Dave Bittner [03:58]
- “OpenAI acknowledged the risk, calling prompt injection an unsolved security problem despite red teaming, safety guardrails and detection systems.” — Co-host [06:44]
- “There has long been somewhat of a disconnect there ... so we partnered with the Cyber Threat Alliance ... to launch the Share the Mic in Cyber Catalyst Fellowship for Cyber Intelligence.” — Camille Stewart Gloucester [23:19]
- “At the height, I remember, we had over 100 million impressions on Twitter.” — Lauren Zabrick [19:01]
- “He wasn’t there for the paycheck. He was there to deliver the breach notice in person. Then he declined the job.” — Dave Bittner [27:59]
Important Timestamps
| Time | Segment/Topic | |-----------|-------------------------------------------------| | 03:23 | CISA Stakeholder Engagement layoffs | | 04:53 | Chrome emergency update & Privacy Sandbox | | 06:19 | Atlas browser & prompt injection | | 07:13 | Starlink disables scam operation devices | | 08:19 | Reddit sues data scrapers | | 09:23 | Blue Cross Blue Shield breach | | 10:01 | Android Termux infostealer | | 10:57 | Iranian Muddy Water espionage campaign | | 14:51 | Share the Mic in Cyber interview starts | | 20:00 | Closing New America fellowship, new directions | | 23:19 | New “Catalyst Fellowship” for Cyber Intelligence | | 27:25 | TikTok user delivers breach notice “in person” |
Tone & Language
The episode retains an urgent, clear, and conversational tone, blending practical news delivery with engaging storytelling—especially noticeable in the “Share the Mic in Cyber” interview, which is lively, collaborative, and community-driven.
Listeners unfamiliar with this episode will come away with a solid grasp of major U.S. and global cyber developments, the transformation of a leading cyber diversity initiative, and the importance of persistence—and creativity—in cybersecurity advocacy.
