CyberWire Daily: "Dial M for Malware"

Host: Dave Bittner (N2K Networks)
Date: October 30, 2025

Episode Overview

This episode of CyberWire Daily provides a rundown of major recent cyber incidents affecting global infrastructure, highlights new risks and vulnerabilities in both hardware and software, and explores policy responses to technological change. Special attention is given to industry reaction, nation-state actors, and the intersection of AI with organizational and legal frameworks. The episode features an interview with Mike Anderson, CIO at Netskope, discussing why CIOs should adopt an HR mindset when considering agentic AI. The episode wraps with coverage of Denmark’s pioneering legal stance on digital impersonation and deepfakes.

Key News and Analysis

[00:02] Nation-State Breach at Texas Telecom - Ribbon Communications

Incident Details:
A nation-state actor breached Ribbon Communications' network, remaining undetected for nearly a year (since Dec 2024).
Impact:
Affected three small customers; older customer files were accessed but no sensitive or government data compromise has been found.
Company Response:
Ribbon has “hardened its network and continues working with outside experts.”
Context:
Highlights the growing threat to telecom providers supporting critical infrastructure.
Notable Quote:

“The incident underscores growing risks to telecom providers that support government and critical infrastructure clients, with researchers warning that such firms have become high value espionage targets.”
— [00:02], Dave Bittner

[03:05] Microsoft Global Cloud Outage

Incident:
A “widespread global outage” hit Azure and Microsoft 365 due to a DNS error after a configuration change.
Impact:
Customers in healthcare, transportation, and government sectors were locked out.
Resolution:
Engineers “blocked further updates, rolled back systems to a stable state, and rerouted traffic.” Service was restored early the following morning.
Industry Pattern:
Mirrors a recent AWS DNS failure, exposing cloud service fragility.

[04:20] Malicious npm Packages Stealing Credentials

Discovery:
Ten malicious npm packages, impersonating legitimate libraries, stole data across Windows, Linux, and macOS.
Technique:
Used typo-squatting, obfuscation, and a post-install script delivering an infostealer (24 MB, built with PI installer).
Consequences:
Nearly 10,000 installs; targeted browser data, keyrings, SSH keys, tokens.
Call to Action:
Developers urged to “remove infections and rotate credentials immediately.”

[05:30] Hacktivist Breaches in Canadian Critical Infrastructure

Victims:
Water treatment, oil and gas, and grain facilities.
Attack Nature:
Manipulation of industrial controls, causing disruptions and false alarms.
Motivation:
Publicity creation and distrust, not destructive goals (so far).
Authorities’ Recommendations:
- Restrict ICS internet access
- Enforce VPN/MFA
- Follow national cybersecurity guidelines

[06:52] Hardware-Based Exploit: T-Fail

Exploit Description:
“T-fail” attack defeats trusted execution environments (TEEs) from Intel, AMD, Nvidia via hardware manipulation and deterministic encryption flaws.
Significance:

“Even low-cost physical attacks can compromise TEEs.”
— [07:40], Dave Bittner
Implication:
Organizations must reassess reliance on TEEs in untrusted environments.

[08:30] U.S. Considers TP-Link Router Ban

Proposal:
Commerce Department might ban TP-Link router sales, citing national security concerns over Chinese ties.
Scale:
Would affect over one-third of home routers in the U.S.—potentially the biggest consumer tech ban in history.
Dispute:
TP-Link claims U.S. independence; critics warn about remote manipulation risks.

[09:44] Cloud Atlas Espionage Aims at Russia’s Agriculture

Attack Vector:
Phishing with event-themed emails targeting a vulnerable MS Office flaw.
Context:
Ongoing campaign; mirrors previous Cloud Atlas activity against Russian sectors since 2014.

[10:37] Israeli Secret “Winking” Cloud Safeguard

Details:
Leak reveals Israel’s $1.2B “Project Nimbus” cloud deal with Google/Amazon includes a covert alert mechanism for foreign data requests (“winking” payments tied to country codes).
Controversy:
Raises data sovereignty, legal, and human rights concerns.

[11:54] FCC Cracks Down on Overseas Robocalls

New Rule:
Expands caller ID verification, mandates provider compliance, and enhances alert requirements for international calls.

[13:25] Interview: Mike Anderson (Netskope) — CIOs as HR Thinkers in the Age of Agentic AI

Agentic AI, Guardrails, and Lessons from HR

Evolution of AI Workflows:
Agentic AI moves from prompt-based assistance to automating (and potentially initiating) complex workflows.
Analogy:
Managing AI agents should mirror managing a new employee—start with specific roles and limited access.
Quote:

“We wouldn’t just hire that entry employee and say okay, good luck … we would probably have some restricted access.”
— [15:39], Mike Anderson
Incremental Trust and Autonomy:
- AI assistants, like human ones, need time to learn user preferences.
- Progression: From recommendations and options (human-in-the-loop) to full autonomy as confidence grows.
- “I think we’re going to be on that same journey with agentic as well.” — [18:48], Mike Anderson

AI Velocity and Risk

Computational Velocity as Double-Edged Sword:

“To err is human, but to really screw up requires a computer.”
— [18:57], Dave Bittner
- Misapplied AI can exacerbate flaws rapidly if built on broken processes.
Process Before Technology:

“If you go layer … AI on top of a bad process, you just get to the same bad outcome faster.”
— [19:44], Mike Anderson

Adoption Pace: Bet Smart, Don’t Stand Still

Strategic Caution:
Experiment in proven areas (IT automation, helpdesk, research).
Consequences for Lagging:

“If you aren’t placing some bets now … you may be the taxi business in the future that’s being disrupted by Uber.”
— [21:47], Mike Anderson
Book Reference:
“Big Bet Leadership” by John Rossman: Place incremental bets now to avoid risking the company later.

[22:29] Denmark Acts Against Deepfake Abuse

Legislation:
Denmark to legally grant individuals the right to their own face and voice, prohibiting unauthorized AI uses.
Political Message:

“Humans are not open source material.”
— [22:49], Jacob Engel Schmidt, Danish Culture Minister
Scope:
Right to demand removal of deepfakes, digital impersonations; exceptions for parody/satire; enforcement with fines.

Notable Quotes

On AI agent autonomy and HR parallels:

“We wouldn’t give an employee super admin rights to our systems and nor should we do that with AI either.”
— [15:58], Mike Anderson
On the iterative trust-building with AI ‘assistants’:

“You do a pretty good job recommending options to me, so I’m going to make you autonomous.”
— [17:49], Mike Anderson
On the risks of rapid automation:

“If you go layer technology, even AI on top of a bad process, you just get to the same bad outcome faster.”
— [19:44], Mike Anderson
On innovation risk:

“If you aren’t placing some bets now ... you may be the taxi business in the future that’s being disrupted by Uber.”
— [21:47], Mike Anderson
On digital identity rights:

“Humans are not open source material.”
— [22:49], Jacob Engel Schmidt

Timestamps for Key Segments

00:02 — News rundown introduction
00:02–03:05 — Nation-state breach at Ribbon Communications
03:05–04:20 — Microsoft Azure & MS 365 outage
04:20–05:30 — Malicious npm packages discovered
05:30–06:52 — Canadian critical infrastructure attacks
06:52–08:30 — T-fail hardware exploits
08:30–09:44 — TP-Link federal scrutiny
09:44–10:37 — Cloud Atlas espionage in Russia
10:37–11:54 — Israeli cloud “winking mechanism”
11:54–13:25 — FCC’s robocall crackdown
13:25–22:29 — Interview: Mike Anderson (agentic AI, CIO/HR, practical advice)
22:29–23:30 — Denmark’s deepfake legislation

Memorable Moments

The analogy of hiring an employee to explain the need for controls and “guardrails” in AI deployment.
Denmark’s bold declaration that “humans are not open source material” — a clear cultural and legislative stand against unauthorized digital impersonations.
The recurring theme that effective cybersecurity and AI innovation are not purely technical problems but are deeply entwined with policy, human factors, and structured processes.

This summary captures the rich landscape of topics from the episode—spanning headline cyber incidents, strategic tech leadership insights, and evolving societal responses to AI and digital risks.

CyberWire Daily: "Dial M for Malware"

Host: Dave Bittner (N2K Networks)
Date: October 30, 2025

Episode Overview

Key News and Analysis

[00:02] Nation-State Breach at Texas Telecom - Ribbon Communications

Incident Details:
A nation-state actor breached Ribbon Communications' network, remaining undetected for nearly a year (since Dec 2024).
Impact:
Affected three small customers; older customer files were accessed but no sensitive or government data compromise has been found.
Company Response:
Ribbon has “hardened its network and continues working with outside experts.”
Context:
Highlights the growing threat to telecom providers supporting critical infrastructure.
Notable Quote:

“The incident underscores growing risks to telecom providers that support government and critical infrastructure clients, with researchers warning that such firms have become high value espionage targets.”
— [00:02], Dave Bittner

[03:05] Microsoft Global Cloud Outage

Incident:
A “widespread global outage” hit Azure and Microsoft 365 due to a DNS error after a configuration change.
Impact:
Customers in healthcare, transportation, and government sectors were locked out.
Resolution:
Engineers “blocked further updates, rolled back systems to a stable state, and rerouted traffic.” Service was restored early the following morning.
Industry Pattern:
Mirrors a recent AWS DNS failure, exposing cloud service fragility.

[04:20] Malicious npm Packages Stealing Credentials

Discovery:
Ten malicious npm packages, impersonating legitimate libraries, stole data across Windows, Linux, and macOS.
Technique:
Used typo-squatting, obfuscation, and a post-install script delivering an infostealer (24 MB, built with PI installer).
Consequences:
Nearly 10,000 installs; targeted browser data, keyrings, SSH keys, tokens.
Call to Action:
Developers urged to “remove infections and rotate credentials immediately.”

[05:30] Hacktivist Breaches in Canadian Critical Infrastructure

Victims:
Water treatment, oil and gas, and grain facilities.
Attack Nature:
Manipulation of industrial controls, causing disruptions and false alarms.
Motivation:
Publicity creation and distrust, not destructive goals (so far).
Authorities’ Recommendations:
- Restrict ICS internet access
- Enforce VPN/MFA
- Follow national cybersecurity guidelines

[06:52] Hardware-Based Exploit: T-Fail

Exploit Description:
“T-fail” attack defeats trusted execution environments (TEEs) from Intel, AMD, Nvidia via hardware manipulation and deterministic encryption flaws.
Significance:

“Even low-cost physical attacks can compromise TEEs.”
— [07:40], Dave Bittner
Implication:
Organizations must reassess reliance on TEEs in untrusted environments.

[08:30] U.S. Considers TP-Link Router Ban

Proposal:
Commerce Department might ban TP-Link router sales, citing national security concerns over Chinese ties.
Scale:
Would affect over one-third of home routers in the U.S.—potentially the biggest consumer tech ban in history.
Dispute:
TP-Link claims U.S. independence; critics warn about remote manipulation risks.

[09:44] Cloud Atlas Espionage Aims at Russia’s Agriculture

Attack Vector:
Phishing with event-themed emails targeting a vulnerable MS Office flaw.
Context:
Ongoing campaign; mirrors previous Cloud Atlas activity against Russian sectors since 2014.

[10:37] Israeli Secret “Winking” Cloud Safeguard

Details:
Leak reveals Israel’s $1.2B “Project Nimbus” cloud deal with Google/Amazon includes a covert alert mechanism for foreign data requests (“winking” payments tied to country codes).
Controversy:
Raises data sovereignty, legal, and human rights concerns.

[11:54] FCC Cracks Down on Overseas Robocalls

New Rule:
Expands caller ID verification, mandates provider compliance, and enhances alert requirements for international calls.

[13:25] Interview: Mike Anderson (Netskope) — CIOs as HR Thinkers in the Age of Agentic AI

Agentic AI, Guardrails, and Lessons from HR

Evolution of AI Workflows:
Agentic AI moves from prompt-based assistance to automating (and potentially initiating) complex workflows.
Analogy:
Managing AI agents should mirror managing a new employee—start with specific roles and limited access.
Quote:

“We wouldn’t just hire that entry employee and say okay, good luck … we would probably have some restricted access.”
— [15:39], Mike Anderson
Incremental Trust and Autonomy:
- AI assistants, like human ones, need time to learn user preferences.
- Progression: From recommendations and options (human-in-the-loop) to full autonomy as confidence grows.
- “I think we’re going to be on that same journey with agentic as well.” — [18:48], Mike Anderson

AI Velocity and Risk

Computational Velocity as Double-Edged Sword:

“To err is human, but to really screw up requires a computer.”
— [18:57], Dave Bittner
- Misapplied AI can exacerbate flaws rapidly if built on broken processes.
Process Before Technology:

“If you go layer … AI on top of a bad process, you just get to the same bad outcome faster.”
— [19:44], Mike Anderson

Adoption Pace: Bet Smart, Don’t Stand Still

Strategic Caution:
Experiment in proven areas (IT automation, helpdesk, research).
Consequences for Lagging:

“If you aren’t placing some bets now … you may be the taxi business in the future that’s being disrupted by Uber.”
— [21:47], Mike Anderson
Book Reference:
“Big Bet Leadership” by John Rossman: Place incremental bets now to avoid risking the company later.

[22:29] Denmark Acts Against Deepfake Abuse

Legislation:
Denmark to legally grant individuals the right to their own face and voice, prohibiting unauthorized AI uses.
Political Message:

“Humans are not open source material.”
— [22:49], Jacob Engel Schmidt, Danish Culture Minister
Scope:
Right to demand removal of deepfakes, digital impersonations; exceptions for parody/satire; enforcement with fines.

Notable Quotes

On AI agent autonomy and HR parallels:

“We wouldn’t give an employee super admin rights to our systems and nor should we do that with AI either.”
— [15:58], Mike Anderson
On the iterative trust-building with AI ‘assistants’:

“You do a pretty good job recommending options to me, so I’m going to make you autonomous.”
— [17:49], Mike Anderson
On the risks of rapid automation:

“If you go layer technology, even AI on top of a bad process, you just get to the same bad outcome faster.”
— [19:44], Mike Anderson
On innovation risk:

“If you aren’t placing some bets now ... you may be the taxi business in the future that’s being disrupted by Uber.”
— [21:47], Mike Anderson
On digital identity rights:

“Humans are not open source material.”
— [22:49], Jacob Engel Schmidt

Timestamps for Key Segments

00:02 — News rundown introduction
00:02–03:05 — Nation-state breach at Ribbon Communications
03:05–04:20 — Microsoft Azure & MS 365 outage
04:20–05:30 — Malicious npm packages discovered
05:30–06:52 — Canadian critical infrastructure attacks
06:52–08:30 — T-fail hardware exploits
08:30–09:44 — TP-Link federal scrutiny
09:44–10:37 — Cloud Atlas espionage in Russia
10:37–11:54 — Israeli cloud “winking mechanism”
11:54–13:25 — FCC’s robocall crackdown
13:25–22:29 — Interview: Mike Anderson (agentic AI, CIO/HR, practical advice)
22:29–23:30 — Denmark’s deepfake legislation

Memorable Moments

The analogy of hiring an employee to explain the need for controls and “guardrails” in AI deployment.
Denmark’s bold declaration that “humans are not open source material” — a clear cultural and legislative stand against unauthorized digital impersonations.
The recurring theme that effective cybersecurity and AI innovation are not purely technical problems but are deeply entwined with policy, human factors, and structured processes.

This summary captures the rich landscape of topics from the episode—spanning headline cyber incidents, strategic tech leadership insights, and evolving societal responses to AI and digital risks.

Dial M for malware.

Powered by Wave AI

Summary

CyberWire Daily: "Dial M for Malware"

Episode Overview

Key News and Analysis

[00:02] Nation-State Breach at Texas Telecom - Ribbon Communications

[03:05] Microsoft Global Cloud Outage

[04:20] Malicious npm Packages Stealing Credentials

[05:30] Hacktivist Breaches in Canadian Critical Infrastructure

[06:52] Hardware-Based Exploit: T-Fail

[08:30] U.S. Considers TP-Link Router Ban

[09:44] Cloud Atlas Espionage Aims at Russia’s Agriculture

[10:37] Israeli Secret “Winking” Cloud Safeguard

[11:54] FCC Cracks Down on Overseas Robocalls

[13:25] Interview: Mike Anderson (Netskope) — CIOs as HR Thinkers in the Age of Agentic AI

Agentic AI, Guardrails, and Lessons from HR

AI Velocity and Risk

Adoption Pace: Bet Smart, Don’t Stand Still

[22:29] Denmark Acts Against Deepfake Abuse

Notable Quotes

Timestamps for Key Segments

Memorable Moments

Summary

CyberWire Daily: "Dial M for Malware"

Episode Overview

Key News and Analysis

[00:02] Nation-State Breach at Texas Telecom - Ribbon Communications

[03:05] Microsoft Global Cloud Outage

[04:20] Malicious npm Packages Stealing Credentials

[05:30] Hacktivist Breaches in Canadian Critical Infrastructure

[06:52] Hardware-Based Exploit: T-Fail

[08:30] U.S. Considers TP-Link Router Ban

[09:44] Cloud Atlas Espionage Aims at Russia’s Agriculture

[10:37] Israeli Secret “Winking” Cloud Safeguard

[11:54] FCC Cracks Down on Overseas Robocalls

[13:25] Interview: Mike Anderson (Netskope) — CIOs as HR Thinkers in the Age of Agentic AI

Agentic AI, Guardrails, and Lessons from HR

AI Velocity and Risk

Adoption Pace: Bet Smart, Don’t Stand Still

[22:29] Denmark Acts Against Deepfake Abuse

Notable Quotes

Timestamps for Key Segments

Memorable Moments