Ground control to Kremlin. - CyberWire Daily

Summary8 min read

CyberWire Daily: Ground Control to Kremlin – July 28, 2025

Hosted by N2K Networks, "CyberWire Daily" delivers the latest in cybersecurity news and analysis, featuring insights from industry leaders, academia, and research organizations worldwide. In the July 28, 2025 episode titled "Ground Control to Kremlin," host Dave Bittner delves into significant cyber incidents, legislative developments, and crucial discussions shaping the cybersecurity landscape.

1. Major Cyber Incidents and Data Breaches

a. Aeroflot’s Devastating Cyberattack

Russia's flagship airline, Aeroflot, faced a severe cyberattack on Monday, leading to the cancellation of over 50 flights and widespread delays, particularly affecting key domestic routes. While Aeroflot attributed the disruptions to a technical failure, pro-Ukrainian hacker groups Silent Crow and Belarusian cyber partisans claimed responsibility. They alleged that they had:

Destroyed the airline's IT infrastructure
Stolen flight data
Maintained network access for over a year

This breach resulted in Aeroflot's stock plunging by nearly 4%. Passengers at Moscow's Sheremetyevo Airport experienced significant inconveniences, including food shortages and requests to vacate terminals to manage crowding. The Kremlin acknowledged the breach, and prosecutors have initiated an investigation. This incident marks one of the most openly recognized cyberattacks within Russia, adding to the series of cyber and drone strikes associated with the ongoing conflict involving Ukraine.

b. Allianz Life’s Data Compromise

US-based insurance giant Allianz Life confirmed a cyberattack that compromised personal data of approximately 1.4 million customers. The breach occurred in mid-July when hackers exploited a third-party cloud-based CRM system through social engineering tactics. Key points include:

Affected Data: Personal information of the majority of US stakeholders, financial professionals, and some employees.
Response: Allianz Life notified the FBI and assured that no additional systems were breached.
Attribution: The company did not disclose the perpetrators or indicate whether a ransom demand was made.
Broader Context: This attack is part of a larger trend targeting the insurance sector, with Google researchers linking similar incidents to the Scattered Spider hacker group, known for exploiting help desk vulnerabilities.

c. Women’s Dating Safety App ‘T’ Faces Data Breach

The popular women's dating safety application, 'T', recently announced a data breach that exposed personal information and selfies of thousands of users. Details of the breach include:

Cause: An unsecured Firebase database allowed users from platforms like 4chan to access and post photos, including sensitive items like driver’s licenses and ID selfies.
Extent of Exposure: Over 72,000 images were exposed, with 13,000 user-submitted for verification purposes.
Additional Compromises: Some direct messages were also affected.
Company’s Stance: 'T' has contained the issue, with no evidence of current user data being compromised. Security experts have been engaged to investigate further.
Implications: This incident underscores ongoing concerns regarding data privacy and the security of platforms catering to vulnerable user groups.

d. NASCAR Data Breach Announcement

NASCAR has informed individuals that their personal data, including names and Social Security numbers, were stolen in a cyberattack discovered on April 3rd. Key aspects include:

Attack Timeline: Hackers accessed NASCAR's network from March 31 through April 3.
Response Measures: NASCAR launched an investigation, reported the breach to law enforcement, and is offering up to two years of free credit monitoring for affected individuals.
Ransom Demand: The Medusa ransomware group claimed responsibility, stating they stole 1 terabyte of data and demanded $4 million. However, NASCAR has not confirmed this claim.

e. Emergence of the Chaos Ransomware Group

Cisco Talos has identified the newly surfaced Chaos Ransomware group as a potential rebranding of the notorious Black Suit gang, itself a successor to Royal Ransomware. Indicators of similarity include:

Encryption Techniques: Both groups use comparable methods to encrypt data.
Ransom Notes: Structure and content bear striking resemblances.
System Tools: Utilization of built-in system tools for attacks parallels.

In parallel developments, law enforcement agencies from the US, UK, Germany, and other nations seized Black Suit's Tor-based leak site as part of Operation Checkmate. Since early 2023, Black Suit had targeted over 200 victims and extorted more than $500 million, focusing on sectors like healthcare, education, IT, and government by encrypting systems and leveraging stolen data.

f. Vulnerabilities in WordPress Sites

Over 200,000 WordPress websites remain susceptible to account takeover attacks due to an unpatched vulnerability in the Post plugin (versions up to 3.2.0). The flaw arises from weak access controls in the plugin’s REST API, enabling low-level users to:

Access Email Logs: Potentially reset and hijack administrator accounts.

Although a fix was released on June 11, adoption has been slow, with less than half of the affected sites updating to the latest version, leaving many at risk.

2. Legislative Developments Impacting Cybersecurity

a. Stop AI Price Gouging and Wage Fixing Act

Democrats Greg Cassar and Rashida Tlaib introduced the Stop AI Price Gouging and Wage Fixing Act, aiming to prohibit corporations from utilizing AI surveillance to adjust prices or wages based on personal data. Key elements include:

Context: The bill responds to practices like Delta Airlines' AI-driven dynamic pricing, which currently affects 3% of fares with plans for expansion.
Criticism: Such AI practices often exploit consumer data, adjusting prices or wages without transparency.
Regulatory Framework: The Federal Trade Commission (FTC) has observed instances of surveillance pricing, using data points like device type, location, and shopping history.
Empowerment: The legislation seeks to empower the FTC, states, and private citizens to combat these tactics.
Political Landscape: Facing slim chances of passage due to Republican control of Congress, despite rising public concerns over AI-driven price manipulation.

b. Multi-State Initiative to Regulate Data Brokers

Following the tragic June shooting of a Minnesota lawmaker and her husband, sparked by the perpetrator obtaining data from broker sites, Vermont State Representative Monique Priestley is spearheading a multi-state initiative to regulate data brokers. Highlights include:

Virtual Collaboration: Priestley convened a meeting with lawmakers from over 25 states, with 15 expressing immediate interest in legislation.
Proposed Measures:
- Data Broker Registries: Creating official registries for data brokers.
- Mass Data Deletion: Enabling large-scale deletion of personal data, inspired by California’s Delete Act.
- Protections for Public Officials: Modeled after New Jersey’s Daniels Law, offering safeguards for public figures.
Industry Resistance: Despite lobbying efforts and skepticism regarding the feasibility of regulation, Priestley emphasizes the growing momentum and necessity for coordinated state-level actions to enhance data transparency and protect individuals from unregulated data brokerage.

3. The Impending Expiration of the Cybersecurity Information Sharing Act (CISA 2015)

In an insightful discussion, co-host Ben Yellen from the University of Maryland's Center for Cyber Health and Hazard Strategies addresses the looming expiration of CISA 2015, a pivotal cybersecurity law.

Key Points from the Discussion:

Importance of CISA 2015: Described as the most successful cyber legislation in the U.S., CISA 2015 facilitates voluntary information sharing between the government and the private sector, enabling real-time collaboration against evolving cyber threats.

“The law remains one of the most effective methods for enabling real-time collaboration between the government and the private sector in the face of evolving cyber threats,” says Ben Yellen (13:57).
Bipartisan Support and Challenges: While the legislation enjoys bipartisan support, procedural hurdles threaten its reauthorization. The recent resignation of the House Homeland Security Committee chair and the appointment of a new chair who may not prioritize the bill add uncertainty to its future.
Senate Dynamics: In the Senate, bipartisan backing persists with advocacy from both committee chairs and ranking members. However, Senator Rand Paul’s opposition poses a significant obstacle due to his consistent stance against what he perceives as federal overreach in data governance.

“Senator Rand Paul opposed the CISA 2015 act when it was first enacted... he doesn't believe that this is a proper function of the federal government,” explains Yellen ([19:09]).
Potential Consequences of Non-Extension:
- Loss of Information-Sharing Platform: The lapse of CISA 2015 would dismantle a crucial tool for cybersecurity defense, hindering the ability to share threat intelligence effectively.
“To let it lapse would just be unfortunate... it's a loss of a really important tool that we have to protect ourselves against cyber threats,” emphasizes John Miller (17:05), Senior Vice President at the Information Technology Industry Council.
- Impact on Cybersecurity Efforts: Private sector leaders like James Hayes from Tenable acknowledge that without CISA 2015, real-time collaboration capabilities would be severely diminished, exacerbating the nation’s vulnerability to cyber threats.
Procedural Avenues for Reauthorization: Despite Senator Paul’s opposition, there are procedural methods, such as discharging the bill from committee with sufficient Senate support, to move forward with reauthorization. However, such moves require unanimous consent, making them challenging to achieve.

Conclusion of the Discussion:

The potential expiration of CISA 2015 represents a critical juncture for U.S. cybersecurity infrastructure. The bill's renewal is not just a legislative formality but a strategic necessity to sustain effective cyber defense mechanisms. As Yellen underscores, the continued effectiveness of national cybersecurity efforts heavily relies on the reauthorization of laws like CISA 2015.

4. Correction and Accountability in Cybersecurity Reporting

In a commendable display of integrity, Expel, a cybersecurity research firm, issued a heartfelt correction regarding a recent blog post about a phishing incident. Initially, Expel had asserted that an attacker bypassed a FIDO passkey-protected login via cross-device authentication. However, upon engaging with the security community and thoroughly reanalyzing the incident, they clarified that:

Actual Incident: While credentials were indeed phished, the attacker did not bypass multi-factor authentication (MFA) or access any protected resources.

“After reanalyzing the evidence, Expel confirmed that while credentials were phished, the attacker never bypassed MFA or accessed protected resources,” the company stated in their correction.
Commitment to Transparency: Expel praised the security community's role in identifying the error and reiterated their dedication to enhancing review processes to prevent future inaccuracies.

“We commend Expel for owning the mistake, openly explaining the error and updating their review processes,” highlighted Dave Bittner.
Impact: This incident underscores the importance of accountability and transparency within the cybersecurity sector, reinforcing trust among stakeholders and the broader community.

Conclusion

The "Ground Control to Kremlin" episode of CyberWire Daily encapsulates a critical period in cybersecurity, marked by significant breaches impacting major organizations across sectors, evolving ransomware threats, and pivotal legislative battles shaping the future of data privacy and information sharing. The discussions, particularly surrounding the potential lapse of CISA 2015, highlight the delicate balance between federal oversight and private sector collaboration in safeguarding digital infrastructures. Additionally, the emphasis on accountability through Expel's correction serves as a reminder of the continuous need for integrity within the cybersecurity community.

For those seeking to stay informed on these developments, CyberWire Daily provides a comprehensive and insightful analysis, ensuring that listeners are well-equipped to navigate the ever-changing cyber landscape.

For more detailed insights and updates, visit CyberWire Daily's daily briefing or subscribe to their Grumpy Old Geeks podcast.

Loading summary

Transcript15 lines

[00:02]
Dave Bittner
You're listening to the Cyberwire network, powered by N2K. Bad actors don't break in, they log in. Attackers use stolen credentials in nearly nine out of 10 data breaches. Once inside, they're after one thing your data. Varonis AI powered data security platform secures your data at scale across las SaaS and hybrid cloud environments. Join thousands of organizations who trust Varonis to keep their data safe. Get a free data risk assessment@varonis.com Russia's flagship airline suffers a major cyber attack US and insurance giant Allianz Life confirms the compromise of personal data belonging to most of its 1.4 million customers. A women's dating safety app spills the tea. NASCAR confirms a data breach. Researchers believe the newly emerged Chaos Ransomware group may be a rebrand of black suit. Over 200,000 WordPress sites remain vulnerable to account takeover attacks. Lawmakers introduced legislation to stop AI price gouging and wage fixing. States band together to regulate data brokers. My caveat Co host Ben Yellen explains the impending expiration of the Cybersecurity and Information Sharing act and expel Missed the mark, but nails the apology. It's Monday, July 28th, 2025. I'm Dave Buettner and this is your Cyberwire Intel Brief. Foreign thanks for joining us. It is great to have you with us here today. Russia's flagship airline Aeroflot, suffered a major cyber attack Monday, causing over 50 flight cancellations and widespread delays, especially on key domestic routes. The airline blamed a technical failure, but pro Ukrainian hackers Silent Crow and the Belarusian cyber partisans claimed responsibility. They say they destroyed Aeroflot's IT infrastructure, stole flight data and maintained network access for over a year. Disruptions also hit subsidiaries and Aeroflot's stock dropped nearly 4%. At Moscow's Sheremetyevo Airport, stranded passengers were given food and asked to leave terminals to reduce crowding. The Kremlin confirmed the breach and prosecutors have opened a case. This is among the most publicly acknowledged cyberattacks in Russia, adding to recent cyber and drone strikes linked to Ukraine's war effort. US Insurance giant Alliance Life has confirmed a mid July cyberattack that compromised personal data belonging to Most of its 1.4 million customers, financial professionals and some employees. Hackers accessed a third party cloud based CRM system using social engineering, the company said in a filing with Maine's attorney General. While Allianz Life didn't share how many individuals were affected, it acknowledged the breach impacted the majority of its US Stakeholders. The company notified the FBI and said there's no evidence other systems were compromised. It declined to name the attackers or confirm if a ransom demand was received. This breach is part of a broader wave of cyber attacks hitting the insurance sector. Google researchers recently linked several incidents to Scattered Spider, the hacker group known for exploiting help desk vulnerabilities. The women's dating safety app T, which recently topped the App Store, confirmed a data breach that exposed personal data and selfies of thousands of users. The breach stemmed from an unsecured Firebase database allowing 4chan users to access and post photos, including driver's licenses and ID selfies. T says the exposed data, dating back two years, included 72,000 images, 13,000 of which were user submitted for verification. The company acknowledged some direct messages were also compromised. The data was originally retained to comply with anti cyberbullying laws. T claims the issue is now contained with no evidence current user data is affected. Security experts have been brought in to investigate. The breach highlights ongoing concerns over data privacy and platform security in apps targeting vulnerable user groups. NASCAR is notifying individuals that their personal data, including names and Social Security numbers, was stolen in a cyber attack discovered on April 3rd of this year. Hackers had access to ITS network from March 31 through April 3. NASCAR launched an investigation, informed law enforcement and is offering up to two years of free credit monitoring while the number of affected individuals remains undisclosed. The Medusa ransomware group claims it stole 1 terabyte of data and demanded $4 million. NASCAR hasn't confirmed this claim. Cisco Talos believes the newly emerged Chaos Ransomware group may be a rebrand of Black Suit, itself, a successor to Royal Ransomware. Talos cites similar encryption techniques, ransom note structure and use of built in system tools in both Chaos and Black Suit attacks. Just as Talos released its analysis, law enforcement seized Black Suit's Tor based leak site as part of Operation Checkmate, a global effort involving the US, UK, Germany and others. Blacksuit had listed around 200 victims by July of this year and had extorted over $500 million since 2023. The gang targeted sectors like healthcare, education, IT and government, encrypting Windows and Linux systems and leveraging stolen data for extortion. Royal Ransomware, which Black Suit succeeded, had hit more than 350 organizations by late 2023. Over 200,000 WordPress websites remain vulnerable due to an unpatched version of the Post plugin exposing them to account takeover attacks. The flaw affects versions up to 3.2.0 and stems from weak access controls in the plugin's REST API, allowing low level users to access email logs. Hackers could exploit this to reset and hijack administrator accounts. A fix was issued in the latest version on June 11, but less than half of users have updated, leaving many sites at risk. Representatives Greg Cassar and Rashida Tlaib, both Democrats, have introduced the Stop AI Price Gouging and Wage Fixing act, aimed to ban corporations from using AI surveillance to set prices or wages based on personal data. The bill follows Delta Air lines rollout of AI driven dynamic pricing affecting 3% of fares with plans to scale up. Critics argue such practices exploit private consumer data to charge more or lower pay, often without transparency. The Federal Trade Commission has reported that surveillance pricing is already happening with companies using data like device type, location and shopping history to adjust prices. The bill would empower the ftc, states and private citizens to act against these tactics. However, with Republican control of Congress, the legislation faces slim odds of passing despite growing public concern over AI driven price manipulation. Vermont State Representative Monique Priestley is leading a multi state initiative to regulate data brokers. Following the fatal June shooting of a Minnesota lawmaker and her husband. The suspected gunman reportedly had a list of data broker sites. Priestley, a longtime advocate for data privacy, convened a virtual meeting with lawmakers from over 25 states where 15 expressed immediate interest in legislation. The group discussed three main creating data broker registries, enabling mass deletion of personal data like California's Delete act and offering protections for public officials modeled after New Jersey's Daniels law. Lawmakers shared personal safety concerns and were alarmed by how easily personal information can be bought online. Despite industry lobbying and skepticism about whether it's too late, Priestley says the momentum is real. Her working group will continue sharing resources and drafting coordinated state level legislation to improve data transparency and protect individuals from unchecked data brokerage practices. Coming up after the break, Ben Yellen explains the impending expiration of the Cybersecurity and Information Sharing act and expel missed the mark but nails the apology Stick around. Compliance regulations, third party risk and customer security demands are all growing and changing fast. Is your manual GRC program actually slowing you down? If you're thinking there has to be something more efficient than spreadsheets, screenshots and all those manual processes, you're right. GRC can be so much easier and it can strengthen your security posture while actually driving revenue for your business. You know, one of the things I really like about Vanta is how it takes the heavy lifting out of your GRC program. Their trust management platform automates those key compliance, internal and third party risk, and even customer trust so you're not buried under spreadsheets and endless manual tasks. Vanta really streamlines the way you gather and manage information across your entire business. And this isn't just theoretical. A recent IDC analysis found that compliance teams using Vanta are 129% more productive. That's a pretty impressive number. So what does it mean for you? It means you get back more time and energy to focus on what actually matters, like strengthening your security posture and scaling your business. Vanta GRC Just imagine how much easier trust can be. Visit vanta.com cyber to sign up today for a free demo that's V A N T a dot com CYBER hey everybody, Dave here. I've talked about Delete Me before and I'm still using it because it still works. It's been a few months now and I'm just as impressed today as I was when I signed up. Delete Me keeps finding and removing my personal information from data broker sites and they keep me updated with detailed reports so I know exactly what's been taken down. I'm genuinely relieved. Knowing my privacy isn't something I have to worry about every day. The Delete Me team handles everything. It's the set it and forget it peace of mind. And it's not just for individuals. DeleteMe also offers solutions for businesses, helping companies protect their employees personal information and reduce exposure to social engineering and phishing threats. And right now our listeners get a special deal. 20% off your DeleteMe plan. Just go to JoinDeleteMe.com N2K and use promo code N2K at checkout. That's JoinDeleteMe.com N2k code N2K. And it is always my pleasure to welcome back to the show Ben Yellen. He is from the University of Maryland center for Cyber Health and Hazard Strategies. Ben, welcome back.
[13:42]
Ben Yellen
Good to be with you again, Dave.
[13:44]
Dave Bittner
Interesting story that you and I talked about over on Caveat. This is about a key cybersecurity bill, or law, I should say, that is quite popular and is in peril of expiring. What's going on here?
[13:58]
Ben Yellen
Ben so this is the Cybersecurity Information Sharing Act. It was enacted in 2015 and has been described as the most successful piece of cyber legislation in the country. The reason it's been described as so successful is that it allows a platform to facilitate voluntary information sharing and that's been extremely useful in both the public and private sectors. Having that communications vehicle where you can share threats, threat vectors, whether what's happened to your system might happen to one of your competitors or somebody else in the industry. It's been invaluable. And this program has its bipartisan boosters. So the Trump administration supports an extension of the Cybersecurity Information Sharing act, which is known as CISA 2015. It gets a little confusing because CISA is also the name of the agency, but the act itself is generally known as CISA 2015. There is bipartisan support in the House and the Senate, but for somewhat arcane congressional reasons, there is certainly a risk that this law does not get extended by the time the expiration date comes, which is September 30th.
[15:09]
Dave Bittner
Okay.
[15:09]
Ben Yellen
So in the House, the person who was the chair of the committee of jurisdiction, the House Homeland Security Committee, did not have this bill as one of his priorities, had held markups on other pieces of legislation, but had not brought a reauthorization of CISA 2015 in front of his committee. This committee chair just resigned Congress to take a job in the private sector. So they have a new committee chair who was just selected, but that chair, there's a question whether that chair is going to have enough time between now and September 30th, given that the House is scheduled to take a five week congressional recess, whether they're going to have enough time to hold a committee hearing to mark up the bill and then have it considered on the floor of both chambers of Congress. Then in the Senate, you have bipartisan support. In one of the committees of jurisdiction, which is the Senate Armed Services Committee, the chair and ranking member respectively, of that committee wrote a letter advocating that the bill be reauthorized. The ranking Democrat on the Senate Homeland Security bill has introduced a bill for providing for clean authorization of this law. But the holdup could relate to the chair of the House Homeland Security, which is Senator Rand Paul. Rand Paul opposed the CISA 2015 act when it was first enacted in 2015 out of concerns for data security, data privacy, and that this was just an overreach of federal authority. That as a libertarian like himself, he doesn't believe that this is a proper function of the federal government or the executive branch. And, and he has not held hearings on reauthorizing this law. His office hasn't responded to requests for comment on whether that's something that he supports. So it's very unclear because of those reasons, whether we're going to get reauthorization.
[17:06]
Dave Bittner
By September 30th and what happens if we don't.
[17:09]
Ben Yellen
So just hearing from people in the private sector, I think the consequences could be pretty significant. In the article that we're getting this from, which was written by Politico and their weekly cybersecurity news roundup, they quote a couple of private sector folks. James Hayes, who is senior vice president of Global government Affairs at Tenable, says that the law remains one of the most effective methods for enabling real time collaboration between the government and the private sector in the face of evolving cyber threats, and that letting it lapse would be a step backwards. Similarly, John Miller, senior vice president of the Information Technology Industry Council, said that this is arguably the most successful cyber law we've passed in this country. And to let it lapse for no reason would just be unfortunate, to say the least. You'd lose that platform for information sharing, and that's a tool that's just been so successful in rooting out threats both domestically and internationally. And so if you lose that platform, it's just a loss of a really important tool that we have to protect ourselves against cyber threats.
[18:14]
Dave Bittner
So what happens if Senator Paul stands strong on principle and says, I'm not going to waver on this. Can he just hold it indefinitely?
[18:25]
Ben Yellen
He has a lot of procedural tools that he could use to hold it. If there is sufficient support in the rest of the Senate, there are ways where you could discharge the bill from that committee even without the committee chair's support, and hold a vote on the House floor or on the Senate floor. And we've seen that happen in the past. But certainly as a committee chair and just as an individual senator, you have a lot of power to gum up the works. And if this is something that Senator Paul wants to go to the mat for, he's been the type of guy where, you know, we just need the government funded by midnight. Please hold a vote on this continuing resolution. But we need the consent of all 100 senators to hold that vote. Rand Paul's the guy that says, nope, you can vote on Monday.
[19:09]
Dave Bittner
Right? Right.
[19:11]
Ben Yellen
So he's certainly someone who's been known to gum up the works for, I think, reasons that he sees as legitimate. He just has a very consistent ideology against an expansive federal government. And I think his view of this bill comes from those convictions.
[19:29]
Dave Bittner
All right, well, Ben Yellen is from the University of Maryland center for Cyber Health and Hazard Strategies. But also, more importantly than any of that, he is my co host on Caveat podcast. Ben, thanks so much for joining us.
[19:42]
Ben Yellen
Thank you, Dave.
[19:56]
Dave Bittner
Did you know Active Directory is targeted in 9 out of 10 cyber attacks? Once attackers get in, they can take control of your entire network. That's why Semperis created Purple Knight, the free security assessment tool that scans your active directory for hundreds of vulnerabilities and shows you how to fix them. Join thousands of IT pros using Purple Knight to stay ahead of threats. Download it now at sempris.com purple-knight that's sempris.com purple-Knight Bad actors don't break in, they log in. Attackers use stolen credentials in nearly nine out of 10 data breaches. Once inside, they're after one thing your data. Varonis AI powered data security platform secures your data at scale across las SaaS and hybrid cloud environments. Join thousands of organizations who trust Varonis to keep their data safe. Get a free data risk assessment@varonis.com and finally, researchers at Expel recently issued a heartfelt correction to a blog post about a phishing incident showing integrity and commitment to transparency. Initially, the company believed an attacker had bypassed a Fido passkey protected login using cross device authentication. However, after engaging with the security community and reanalyzing the evidence, Expel confirmed that while credentials were phished, the attacker never bypassed MFA or accessed protected resources. We commend Expel for owning the mistake, openly explaining the error and updating their review processes. Their appreciation for feedback, especially from the Fido alliance and other security pros, shows humility and a genuine dedication to learning. By committing to clearer evidence and deeper scrutiny in future posts, Expel reinforces trust in their work. Mistakes happen, but the way Expel handled this one speaks volumes. Kudos for setting an example of accountability in cybersecurity and for valuing the defender community every step of the way. And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com don't forget to check out the Grumpy Old Geeks podcast, where I contribute to a regular segment on Jason and Brian's show. Every week you can find Grumpy Old Geeks where all the fine podcasts are listed. We'd love to hear from you. We're conducting our annual audience survey to learn more about our listeners. We're collecting your insights through the end of August. There's a link in the show Notes. Please take a minute and check it out. N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music by Elliot Peltzman. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. Krogle is AI built for the enterprise soc, fully private schema, free and capable of running in sensitive air gapped environments. Krogle autonomously investigates thousands of alerts weekly, correlating insights across your tools without data leaving your perimeter. Designed for high availability across geographies, it delivers context aware, auditable decisions aligned to your workflows. Krogle empowers analysts to act faster and focus on critical threats, replacing repetitive triage with intelligent automation to help your SOC operate at scale with precision and control. Learn more@krogle.com that's C-R-O GL.com.