A

You're listening to the Cyberwire Network, powered by N2K. Risk and compliance shouldn't slow your business down. Hyperproof helps you automate controls, integrate real time risk workflows, and build a centralized system of trust so your teams can focus on growth, not spreadsheets. From faster audits to stronger stakeholder confidence, Hyperproof gives you the business advantage of Smarter compliance. Visit www.hyperproof.IO to see how leading teams are transforming their GRC programs. A Texas telecom confirms a nation attack A global outage disrupts Azure and Microsoft 365 services malicious npm packages steal sensitive data from Windows, Linux and macOS systems. Hacktivists have breached multiple critical infrastructure systems across Canada. Major chip makers spill the tea TP link home routers fall under federal scrutiny Cloud Atlas targets Russia's agricultural sector Israel's cloud computing deal with Google and Amazon allegedly includes a secret winking mechanism the FCC tamps down on overseas robocalls. Our guest is Mike Anderson from Netscope discussing why CIOs should think like HR leaders when considering agentic AI and Danes draw the line at digital doppelgangers It's Thursday, October 30th, 2025. I'm Dave Buettner and this is your Cyberwire Intel Brief. Thanks for joining us here. It's great to have you with us. Hackers linked to an unnamed nation state infiltrated the network of Ribbon communications and remained undetected for nearly a year, the Texas based telecom company confirmed. Ribbon disclosed in an SEC filing that attackers gained access in December 2024 and were discovered only last month. The breach affected three small customers, and while investigators found no evidence that sensitive or government data was compromised, several older customer files were accessed. Ribbon said it has hardened its network and continues working with outside experts. The incident underscores growing risks to telecom providers that support government and critical infrastructure clients, with researchers warning that such firms have become high value espionage targets. The company has not identified the nation state involved. Yesterday, Microsoft suffered a widespread global outage, disrupting Azure and Microsoft 365 services after an Azure front door configuration change triggered a DNS failure. The disruption prevented customers, including healthcare organizations and critical infrastructure operators, from accessing portals like Azure. Intune and Exchange. Authentication failures locked many employees out of company networks, with reports of downtime from sectors including transportation and government. Microsoft initially blamed a DNS issue, later confirming an inadvertent configuration change as the root cause. Engineers blocked further updates, rolled back systems to a stable state, and rerouted traffic to healthy infrastructure. Early this morning, Microsoft confirmed mitigation and recovery. The outage follows a recent AWS DNS failure, emphasizing ongoing fragility in cloud service dependencies. 10 malicious npm packages impersonating popular software libraries were found stealing credentials and sensitive data from Windows, Linux and macOS systems. Researchers at Socket said the fake packages uploaded July 4 use typo squatting and multiple obfuscation layers to evade detection, amassing nearly 10,000 downloads upon installation. A hidden post install script launched an obfuscated loader that displayed a fake Captcha before downloading a 24 megabyte information stealer built with PI installer. The malware targeted browser data system keyrings, SSH keys and authentication tokens, exfiltrating them to an attacker controlled server. Despite being reported, the malicious packages remain live on NPM Developers who installed them are urged to remove infections and rotate credentials immediately. The Canadian Centre for Cybersecurity has warned that hacktivists have breached multiple critical infrastructure systems across Canada Canada, manipulating industrial controls and creating potentially dangerous conditions. Recent incidents affected a water treatment plant, an oil and gas company and a grain facility, disrupting operations and triggering false alarms. Authorities say these opportunistic attacks sought publicity and public distrust rather than causing physical damage. The warning highlights the risk of exposed industrial control systems like PLCs and SCADA devices. Organizations are urged to restrict Internet access to ICS components, enforce VPN and multi factor authentication, and follow national cybersecurity readiness goals. Though no severe damage occurred, officials warn the incidents expose serious vulnerabilities in Canada's critical infrastructure. A new hardware based exploit known as T fail has broken key protections in trusted execution environments from Intel, AMD and Nvidia technologies that safeguard confidential data in cloud, AI and blockchain systems. Researchers showed that by inserting a small device between a memory chip and motherboard, and with kernel level access, attackers can defeat trusted execution environments within minutes. The flaws stem from deterministic encryption, which allows repeated ciphertext patterns exploitable for replay attack. Despite chipmakers claims of secure enclaves all exclude physical attacks from their threat models, leaving widespread misconceptions about their guarantees. The findings reveal that even low cost physical attacks can compromise T's across industries, exposing sensitive workloads once thought secure. Experts warn organizations to reassess reliance on T's for private computation, especially in untrusted or remote environments. More than half a dozen US Federal agencies have supported a Commerce Department proposal to ban sales of TP Link home routers, citing national security concerns over the company's ties to China. The interagency review, backed by Homeland Security, Defense and Justice concluded that TP Link systems US Products could still be influenced by Chinese government directives through its former parent, TP Link Technologies. TP Link disputes the claim, saying it's a fully American company with independent operations. If enacted, the ban would affect over one third of US Home routers, marking one of the largest consumer tech prohibitions in history. The proposal remains under commerce review. Amid US China trade tensions, with critics warning TP Link devices could expose sensitive U.S. data or or be manipulated through software updates. State backed hacker group Cloud Atlas has launched a new cyber espionage campaign targeting Russia's agricultural sector ahead of a major industry forum in Moscow. Researchers at F6 say attackers used phishing emails disguised as official event materials to exploit an old Microsoft Office flaw. The campaign mirrors previous Cloud Atlas attacks on Russian agro and defense entities, showing continued use of outdated vulnerabilities and social engineering. Active since 2014, Cloud Atlas remains a persistent espionage threat across eastern Europe. In 2021, Israel secured a $1.2 billion cloud computing deal project Nimbus with Google and Amazon that included a secret winking mechanism to discreetly alert Israel if its data was handed to foreign law enforcement, the Guardian reports. According to leaked government documents, the system used coded payments tied to country dialing codes, enabling Israel to detect data disclosures despite gag orders. The contract also prohibits Google and Amazon from restricting Israel's access to cloud services, even over human rights concerns. Israeli officials designed the arrangement to protect data sovereignty and ensure uninterrupted access amid global scrutiny of its use of cloud technology in military operations. Legal experts say the mechanism could breach secrecy laws in the US or other jurisdictions. Both companies deny evading legal obligations or breaching international law. The deal highlights Israel's extensive control over its government and military data and raises questions about tech firms accountability in global surveillance. The FCC has approved a new rule expanding caller ID requirements to curb the surge in robocalls, especially those originating overseas. The measure broadens the definition of caller identity information, mandates providers to verify caller names, and requires alerts when calls come from abroad or misuse US Area codes. Providers must also display verified caller names and additional data such as logos or call purposes. Officials say the rule enhances transparency and may help deter fraudulent international calls. Coming up after the break, Mike Anderson from NETSCOPE discusses why CIOs should think like HR leaders and Danes draw the line at digital doppelgangers. Stick around. And now a word from our sponsor. ThreatLocker, the powerful zero trust enterprise solution that stops ransomware in its tracks. Allow listing is a deny by default software that makes application control simple and fast. Ring fencing is an application containment strategy, ensuring apps can only access the files, registry keys, network resources and other applications they truly need to function. Shut out cybercriminals with world class endpoint protection from Threat locker what's your 2am security worry? Is it do I have the right controls in place? Maybe are my vendors secure? Or the one that really keeps you up at night? How do I get out from under these old tools and manual processes? That's where Vanta comes in. Vanta automates the manual work so you can stop sweating over spreadsheets, chasing audit evidence and filling out endless questionnaires. Their trust management platform continuously monitors your systems, centralizes your data and simplifies your security at scale. And it fits right into your workflows. Using AI to streamline evidence collection, flag risks and keep your program audit ready all the time. With Vanta, you get everything you need to move faster, scale confidently and finally get back to sleep. Get started@vanta.com cyber that's V A N T A dot com cyber Mike Anderson is Chief Digital and Information Officer at Netscope. I recently got together with him to discuss why CEOs should think more like HR leaders when considering agentic AI.

B

If you think about our traditional generative AI that we've got today, you know it's all prompt based. We have users that are prompting something to occur and it's usually a question or a very long question with lots of guidance on how to answer things. And what we're starting to see now with agentic is more agency where there's a, in a lot of ways it's a AI front ending a workflow. So I have a typical process, business process that I would have followed. I have a agent that's front ends that workflow that has a natural language interface to it. And it's like asking a coworker to go do something for me, but within the guardrails of a specific task. And so when I, when I think about agentic AI and where we, where we are today, that's really, you know, how I think about agentic we. I think we're probably a couple years away from kind of the, what I would say is true agency, where the agent just wakes up and says let me go do some work today. Where it has the agency to work like your, your typical employee, without direction. I think we're not quite there yet. I think in the next couple of years, maybe sooner with the pace of change that's happening, we'll get there. But I think what's probably further out is that super AI ability where it has the ability to think independently like a human would, where it has that kind of super agency. I think we're probably a few years out from that occurring. That's kind of the Skynet that we all kind of get worried about when we think about AI.

A

Yeah, well you made the point that security professionals might approach this from the point of view of HR leaders, maybe bar borrow some elements from them.

B

Yeah, I mean it's. If I think about an employee and we think about agents, you know, if we think about a lot of the work that is being automated with AI today, it's a lot of the very task oriented work. If we think in the cyber world it could be a SOC analyst, there's a lot of focus there today from industry to go build automation and agents around the SOC analyst to go automate all the work looking for the do some of the hunting in the incident research. So a lot of that's being automated. If we think about it, it's the service desk, help desk type roles. How do I use agents to supplement that? If you think in the consulting world it's the research, research analyst going to do all the research work. If you think in the law firm, it's the paralegals that are pulling things together. That's where you see things like Harvey, where a lot of law firms using today to build their own AI around that they stand behind. So when we think about this from an HR standpoint, we wouldn't just hire that entry employee and say okay, good luck. You know, we would have guardrails. We would probably, we're going to restrict what access they have. So if they have access to an HR system, if they're someone that's writing job descriptions, we wouldn't give them full carte blanche access to our workday environment to go in and see everyone's salaries in the company. We would probably have some restricted access. And so as we start thinking about agents, we have to think about this just the way we would an employee. We wouldn't give an employee super admin rights to our systems and nor should we do that with AI either.

A

That's a really interesting insight. It also makes me wonder about anyone who has hired an assistant. You go through that transitional period where maybe at first it takes more work to get them up to speed than the time that they're saving you. Is that a peril here with getting an agentic AI up to speed as well?

B

Yeah, absolutely. I think it's a Great example too, if you think about assistant, where they start to learn your travel preferences, which airlines you like to fly, what kind of hotels you like to stay in, where do you like to book dinners? Those are all preferences they learn over time. How do you manage your time and do time management? They learn what your personal, they'll help you a lot, but they also learn your personal preferences. I think that's a great example. And I, when I think about it in the context of agentic, I think you end up having the agent that is your travel planner. You have your agent that you're planning your dinners and booking your dinners. You have the agent that is helping you manage your calendar. So I think what we have today is to get to that assistant is going to be the coordination of multiple agents to drive the outcome or the role of my assistant that helps me every day.

A

And I suppose each of those assistants would have their own set of restrictions and guardrails dependent on the potential peril that each of them presents.

B

Absolutely. I mean, if you're thinking about travel, you have travel policies you have to operate within. So those are some guardrails you would have. So you wouldn't. So they may go search and find the different options and know, based on your preferences, you know, you prefer, you know, one airline ult program over another. So all things being equal, pick that one over this one, which are all a lot of the things that, you know, you would do today. If I log into our travel booking tool, it's going to present me options. It doesn't book the one automatically, but it presents them to me and it may present the ones that I favor as a preference first. But ultimately, the AI might do all the work for you and may come back to you with the options, just like your assistant does and says, hey, here's three options for your flight based on your preferences. Which one do you want to book? I think that'll be our first step. And then at some point you go, you do a pretty good job recommending options to me. So I'm going to make you autonomous. And I think that's, you know, we'll see that happen over time. Is that more autonomous. But there's still going to be the human in the loop. But I think if you know what, you know, the person that supports me today, she brings options to me. Sometimes she just books it and then sometimes she brings options, and that's because she knows me. I think that's the, I think we're going to be on that same journey with agentic as well, you know, I'm.

A

Reminded there was an old, old chestnut at this point. You know, from the earlier days of computing. You'd see people would have a sign on their office wall that said to err is human, but to really screw up requires a computer. And I think part of what that joke speaks to is velocity and that a computer can do so much more, so much faster than a computer. How much is that velocity aspect a concern here?

B

I think with any technology that's a concern. I think a lot of people automatically have a problem. They jump to what technology is out there that can solve my problem for me. And the problem isn't really that isn't the technology, it's that there's a lack of a process or understanding what the process should be and documentation of that process. And so if you go layer technology, even AI on top of a bad process, you just get to the same bad outcome faster. So I think you need to have an outcome oriented thinking around the problem and then basically make sure you really understand what is the current process we have today. And then how can AI reinvent or rethink that process to get to the same outcome you really want, which ideally is a good outcome versus a bad outcome. And again, a lot of times people race to apply technology to something. When there's a broken business process and it's not really delivering the outcome I want, they think it's going to change the outcome and all it does is get you to the bad outcome faster.

A

What's your opinion on how quickly people should be adopting these sorts of things? Is there. How much do you think the risk of being left behind is a real thing compared to your competitors, for example?

B

I think we have to be, we have to be doing. A lot of people say we're testing AI, we have tons of use cases. You know, if I go sit around any, any roundtable with peers, that's what they say. I think there are areas today where we know there are use cases we know deliver value that we can, that we can go after. So I think those are the ones that you should be investing in today, right? The ones I talk about like it, how do you automate it? How do you help on the support side? How do you help on some of the content marketing aspects? You know, those are some of the. How do you help on research for sales reps? Those are very easy ones that I think have been proven out to have a lot of value associated to them. But then it's, you start to get into some more advanced use cases. Now, and I think that if you aren't placing some bets now, there's a great book, a guy named John Rossman wrote a book called the Amazon Way. He just released another book called Big Bet Leadership. And one of the concepts there is basically if you don't make a bunch of what would be big bets, but in small ways along your journey, then you're going to be making bet the company bets later. And so when I think about AI, if you're not placing at least some small bets or, you know, a series of, you know, what could be big bets in the future, I think you are going to be at a disadvantage. And so if I think about the, the world today, we think about how Uber disrupted the taxi industry in that world or the executive limousine area and how that hole got transformed with Uber, you know, there's going to be these, some of these new tech companies that don't have the legacy baggage are going to move very quickly. And if you aren't placing those bets, you may be the taxi business in the future that's being disrupted by Uber. And so I think that's the, I think that's the risky run of just standing on the sideline and not doing some testing and placing some bets.

A

That's Mike Anderson from netscope. And finally, Denmark has decided it's time to stop letting AI borrow people's faces, voices and dignity without permission. In what it claims is a European first, the Danish government plans to rewrite copyright law so that everyone legally owns their own face and presumably their own bad hair days too. Culture Minister Jacob Engel Schmidt declared the law will send a clear message humans are not open source material. The proposal, backed by nearly all MPs, would give citizens the right to demand removal of deepfakes and digital impersonations. Parody and satire remain safe. Engel Schmidt warned that if platforms fail to comply, fines will follow. And he's even eyeing Europe's chair for inspiration sharing. Denmark, it seems, is politely but firmly telling AI hands off the humans. And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with with original music by Elliot Peltzman. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. Cyber Innovation Day is the premier event for cyber startups, researchers and top VC firms building trust into tomorrow's digital world. Kick off the day with unfiltered insights and panels on securing tomorrow's technology. In the afternoon, the 8th annual Data Tribe Challenge takes center stage as elite startups pitch for exposure, acceleration, and funding. The Innovation Expo runs all day, connecting founders, investors and researchers around breakthroughs in cybersecurity. It all happens November 4th in Washington, D.C. discover the startups building the future of cyber. Learn more@cid.datatribe.com.