CyberWire Daily — “Hackers peek behind the nuclear curtain”

Date: October 22, 2025
Host: Dave Bittner (N2K Networks)
Main Theme:
A fast-moving episode covering high-impact cyber incidents (including a breach at a US nuclear weapons facility and the record-setting Jaguar Land Rover hack), the evolving threat landscape powered by AI, global supply chain risks, high-profile ransomware and spyware events, and a close-up on whistleblower challenges inside the Social Security Administration.

1. Major US Nuclear Weapons Site Breached

Timestamps: 01:10–03:20

A foreign threat actor compromised the Kansas City National Security Campus (KCNSC; Honeywell-managed), which manufactures most non-nuclear components for US nuclear arms.
Exploited an unpatched Microsoft SharePoint vulnerability, likely breaching systems in August.
Attribution Disputed:
- Microsoft links the campaign to Chinese groups "Linen Typhoon" and "Violet Typhoon."
- Another source asserts possible Russian involvement.
Key insight: Breach shows how IT vulnerabilities can expose operational technology (OT)—even air-gapped environments.
Experts emphasize gaps in zero trust practices for industrial systems;, even unclassified technical data may help adversaries via manufacturing or supply chain insights.
Quote:

"Despite limited impact, the breach highlights gaps in zero trust protections for industrial systems. Even unclassified technical data could hold strategic value…"
— Dave Bittner (03:08)

2. Jaguar Land Rover Suffers UK’s Costliest Cyberattack

Timestamps: 03:20–04:30

Projected cost: £1.9 billion, the most financially damaging UK cyber incident ever.
Five-week global production shutdown; over 5,000 suppliers affected.
Categorized as "Category 3" disaster (est. losses £1.6B–2.1B; full recovery by Jan 2026).
Most costs tied to operational downtime and recovery at JLR, with cascading effects on supply chain and local economies.
JLR has not disclosed attack type or ransom status.

3. Microsoft’s 2025 Digital Defense Report: The AI Revolution in Cybersecurity

Timestamps: 04:30–05:40

AI is "reshaping cybersecurity at an unprecedented pace"—benefiting both attackers and defenders.
Adversaries use generative AI for automated social engineering, vulnerability discovery, and evasion.
New tactics: Prompt injection, data poisoning, targeting AI itself.
State actors ramp up espionage and influence campaigns, especially in research and communications.
Defensive Imperatives:
- Embed zero trust, cloud security, and identity protection into strategy.
- International collaboration and political deterrence needed.
- Prepare for quantum-era threats, climate, cloud governance, and workforce upskilling.
Quote:

"The report stresses that no organization can face these challenges alone. International collaboration and political deterrence are vital…"
— Dave Bittner (05:23)

4. Chinese Actors Exploit SharePoint “ToolShell” Vulnerability

Timestamps: 05:40–07:00

Symantec reveals Chinese-linked hackers attacked entities across four continents via ToolShell (a bypass for two SharePoint bugs revealed at Pwn2Own Berlin).
Microsoft attributes this to group "Budworm" (Linen Typhoon, Sheath Miner, Violet Typhoon, Storm 2603).
Backdoors used: Zing Door, Shadow Pad, Crusty Loader; credential dumping and domain compromise techniques.
Targets: Governments, telecoms, finance, and academics in MEA, South America, and US.
Takeaway: More Chinese actors are exploiting ToolShell than previously believed.

5. “SocGholish” Fake Update Malware Campaign Scales Up Ransomware

Timestamps: 07:00–08:20

Trustwave warns SocGholish (a.k.a. FakeUpdates, run by TA569) is a global malware-as-a-service operation.
Tactics: Compromises legitimate (often WordPress) sites; injects malicious scripts/disguises malware as browser/Flash updates.
Sells access to other cybercriminal groups (e.g., Evil Corp); recently used in healthcare ransomware attacks.
Links to Russia’s GRU cited; payloads include Lockbit ransomware, AsyncRAT, data stealers.
Quote:

"SOC Golish...turning fake software updates into large scale infection campaigns...a major global cyber threat."
— Dave Bittner (08:02)

6. LA Metro Bus Kiosk Hack: Hacktivism Meets Public Infrastructure

Timestamps: 08:20–09:00

Digital signage boards at LA Metro bus stops defaced to display a hoax suicide bomb warning; attributed to Turkish “hackers.”
Attack traced to a compromise at Papercast, the third-party content management provider.
Incident highlights downstream risk from vendors.

7. Spyware Maker’s Developer Warned: Even Malware Authors Now Targets

Timestamps: 09:00–10:00

Former Trenchant employee (“Jay Gibson”)—a developer of iOS zero-days—warned by Apple of a mercenary spyware attack on his phone.
Gibson had been fired after a tools leak, denies involvement.
Apple’s alert suggests state surveillance; other exploit developers reportedly received similar alerts—a shift in zero-day spyware targeting its own creators.
Takeaway: The spyware weaponization cycle is catching its own authors.

8. Pwn2Own Ireland: Big Bounties for IoT and Router Hacks

Timestamps: 10:00–11:20

$522,500 paid out for 34 new vulnerabilities in printers, routers, NAS, and smart home devices (Trend Micro Zero Day Initiative).
Largest single prize: $100K for a SOHO “smash up” flaw chain in QNAP devices.
Additional $50K prizes for Synology, Sonos exploits; vulnerabilities also found in Home Assistant, Philips Hue, HP/Canon printers.
Preview: $1M WhatsApp exploit set for later this week.
Quote:

“The contest continues with a 1 million dollar WhatsApp exploit demonstration expected on Thursday.”
— Dave Bittner (11:15)

9. [Feature Interview] Whistleblower at Social Security Administration: Data Risks & Systemic Retaliation

Timestamps: 14:56–21:28
Guest: Ben Yellen, University of Maryland Center for Cyber Health and Hazard Strategies
Discussion:

Background: Charles Borges, former Chief Data Officer at SSA, blew whistle on transfer of the sensitive “Numident” master file (hundreds of millions of SSNs, names, DOBs) from mainframe to an insecure cloud provider, bypassing protocol.
Borges warned bosses, filed complaint; says he faced retaliation, isolation, and was forced to leave public service.
SSA denies any breach; internal sources back Borges' security concerns.
Underreporting: Broader issue of data security lapses as aggressive government reforms accelerate.
Quotes:

“…the DOGE team didn’t really know what it was doing…he felt that people’s sensitive information could have been publicly exposed…”
— Ben Yellen (15:40)
“Just because there hasn’t been an identifiable breach doesn’t mean that there will not be one.”
— Ben Yellen (16:44)
“There are ways where you can retaliate without officially retaliating… You can just make somebody’s life a living hell...”
— Ben Yellen (18:20)
Key insight: Federal whistleblower protections often lack teeth; agencies can retaliate subtly.

10. Quirky Endnote: Smart Beds Crash as AWS Outage Wrecks Sleep

Timestamps: 22:44–end

At 3 a.m., AWS US-East-1 suffered a major outage, impacting apps, banks—and smart beds (Eight Sleep's $2,000 “Pod” mattresses).
Users woke to overheated, frozen, or tilted beds due to failed Internet connectivity.
Bed company vows to add “outage mode”; for now, “keep a fan and a sense of humor next to the bed.”
Quote (user):

“Back end outage means I’m sleeping in a sauna.”

Notable Quotes & Memorable Moments

On nuclear facility breach:
“Even unclassified technical data could hold strategic value...” (03:08)
AI threat warning:
“No organization can face these challenges alone...” (05:23)
Whistleblower on internal retaliation:
“They could be first on the furlough list once the government shutdown starts.” (18:00)
On smart beds & cloud outages:
“By sunrise, AWS had restored normal operations, and Eight Sleep’s CEO vowed to create an outage mode. Until then, users might want to keep a fan and a sense of humor next to the bed.” (22:55)

Key Timed Segments

[01:10] Major incident at US nuclear weapons site.
[03:20] Jaguar Land Rover’s historic ransomware losses.
[04:30] Microsoft report on AI and cyber defense.
[05:40] Chinese exploitation of SharePoint flaws.
[07:00] SocGholish’s expanding fake update campaign.
[09:00] Spyware developer becomes a target.
[10:00] Pwn2Own Ireland’s vulnerability disclosures.
[14:56–21:28] Interview: Ben Yellen on SSA data risk & whistleblower retaliation.
[22:44] AWS outage impacts smart beds.

Overall Tone

Fast, matter-of-fact delivery with flashes of dry humor (as in the smart bed/AWS story).
Balanced, with technical specificity for professionals and clear insights for general listeners.

For more: Full episode and links at thecyberwire.com

Transcript

A (0:02)

You're listening to the Cyberwire Network powered by N2K. Are you ready for AI in cybersecurity? Demand for these skills is growing exponentially for cybersecurity professionals. It's why CompTIA, the largest vendor neutral certification authority, is developing SEC AI Plus. It's their first ever AI certification focused on artificial intelligence and cybersecurity and is designed to help mid career cybersecurity professionals demonstrate their competencies with AI tools. And that's why N2K's SEC AI practice exam is coming out this year to help you prepare for the certification release in 2026. To find out more about this new credential and how N2K can help you prepare today, check out our blog@certify.cybervista.net blog and thanks.

B (1:10)

At Thales they know cybersecurity can be tough and you can't protect everything. But with Thales you can secure what matters most. With Thales industry leading platforms, you can protect critical applications, data and identities anywhere and at scale with the highest roi. That's why the most trusted brands and largest banks, retailers and healthcare companies in the world rely on Thales to protect what matters most applications, data and identity. That's Thales T H A L E S learn more@thalesgroup.com Cyber A Foreign Threat actor breached a key US nuclear weapons manufacturing site. The cyber attack on Jaguar Land Rover is the most financially damaging cyber incident in UK history. A new report from Microsoft warns that AI is reshaping cybersecurity at an unprecedented pace. The tool shell vulnerability fuels Chinese cyber operations across four continents. Fake browser updates are spreading ransom hub lockbit and data stealing malware Hackers deface La Metro bus stop displays A spyware developer is warned by Apple of a mercenary spyware attack. Pwn to own payouts Proceed. Ben Yellen from the University of Maryland center for Cyber Health and Hazard Strategies discusses a federal whistleblower from the Social Security Administration and When the cloud goes down, the beds heat up. It's Wednesday, October 22, 2025. I'm Dave Bittner and this is your Cyberwire Intel Briefing. Thanks for joining us here today. It's great to have you with us. A foreign threat actor breached the Kansas City National Security Campus, a key US nuclear weapons manufacturing site, by exploiting unpatched Microsoft SharePoint vulnerabilities. According to a source involved in the August response, the attackers accessed systems at the Honeywell Managed Facility, which produces most non nuclear components for U.S. nuclear weapons. Attribution remains disputed. Microsoft links the broader campaign to Chinese groups Linen Typhoon and Violet Typhoon, while another source claims Russian involvement. The incident underscores how IT weaknesses can expose operational technology even in air gapped environments. AT experts warn that despite limited impact, the breach highlights gaps in zero trust protections for industrial systems. Even unclassified technical data could hold strategic value by revealing manufacturing tolerances or supply chain dependencies. The Department of Energy confirmed limited disruption and said affected systems are being restored. The cyber attack on Jaguar Land Rover is projected to cost 1.9 billion pounds, making it the most financially damaging cyber incident in UK history, according to the Cyber Monitoring Center. The BBC says the late August hack forced a five week production shutdown across JLR's global operations and disrupted more than 5,000 suppliers. The cyber Monitoring center classified the breach as a Category 3 event, citing estimated losses between 1.6 billion pounds and 2.1 billion pounds, with full recovery expected by January of next year. More than half the losses are attributed to JLR's own recovery and operational downtime, while supply chain and local economy impacts make up the rest. JLR has not disclosed the attack type or whether a ransom was paid. Microsoft's Digital Defense Report for 2025 warns that AI is reshaping cybersecurity at an unprecedented pace, empowering both defenders and attackers. The company says adversaries now use generative AI to automate social engineering vulnerability, discovery and evasion, while targeting AI systems themselves through prompt injection and data poisoning, nation state actors are intensifying espionage and influence operations, particularly against research and communication sectors often linked to geopolitical conflicts. Microsoft urges defenders to embed cybersecurity into business strategy, emphasizing zero trust, cloud security and identity protection. The report stresses that no organization can face these challenges alone. International collaboration and political deterrence are vital to counter malicious state activity. Microsoft also calls for preparation for quantum era threats, climate, cloud governance and workforce upskilling to build collective cyber resilience, a program. Note our N2K CyberWire Network Partner Microsoft Threat Intelligence, discusses the report in detail on today's episode of the Microsoft Threat Intelligence podcast. We'll have a link in the show notes Chinese linked hackers exploited the tool shell vulnerability in Microsoft SharePoint to attack organizations across four continents, according to Symantec. The flaw, a bypass for two earlier SharePoint bugs revealed at Pwn to own Berlin, allows unauthenticated remote code execution on on premises servers. Microsoft previously attributed the exploitation to Chinese group Budworm, also known as Linen, Typhoon, Sheath, Miner, Violet typhoon and and storm 2603 the Warlock ransomware Symantec's report identifies additional Chinese actors targeting government, telecom, financial and academic institutions in the Middle East, Africa, South America and the us. Attackers deployed multiple backdoors, including Zing Door, Shadow Pad and Crusty Loader, using legitimate executables for DLL sideloading. The operations also leveraged credential dumping tools Petit Potom for domain compromise and Utilities for data exfiltration and persistence. Symantec concludes toolshell was exploited by more Chinese actors than previously known. A new report from Trustwave Spider Labs warns that Soc Golish, also known as Fake Updates, is a global malware as a service operation, turning fake software updates into large scale infection campaigns. Run by threat group TA569, SOC Golish compromises legitimate websites, often WordPress sites, and injects malicious scripts, or uses domain shadowing to distribute malware disguised as browser or Flash updates. The group sells access to other criminals, including Evil Corps and and has recently delivered Ransom Hub, ransomware and healthcare related attacks. Researchers also found ties to Russia's GRU unit 29155, noting that Tsok Golesh has spread the Raspberry Robin worm using traffic filtering tools like Kitaro. TDS TA569 selectively targets victims and delivers payloads including Lockbit, ransomware, Asyncrat and data stealers, making Soc Goelish a major global cyber threat. Louisiana Metro confirmed that several digital signage boards were hijacked this week after displaying a false suicide bomb warning apparently posted by Turkish hackers. The incident affected bus stops where the alarming message appeared alongside a hacker group's social media tag. Officials traced the intrusion to Papercast, a third party content management vendor whose systems were compromised. The unauthorized messages have since been removed as Metro and Papercast investigate the breach. A developer formerly employed by government spyware maker Trenchant says Apple warned him that his iPhone was targeted by mercenary spyware, marking one of the first known cases of a spyware developer becoming a victim. The developer, using the pseudonym Jay Gibson, had worked on iOS zero day exploits before being suspended and later fired amid an internal investigation into a leak of Trenchant's hacking tools. Gibson denies involvement and believes he was scapegoated. Apple's alert, issued in March, suggests a state linked surveillance campaign. Although no infection was confirmed, sources told TechCrunch that other exploit developers have received similar Apple notifications, signaling that the spread of zero day spyware is now ensnaring its own creators. Trenchen's parent company, L3Harris, declined comment. On day one of Pone to Own Ireland 2025, researchers earned $522,500 by exploiting 34 previously unknown vulnerabilities across printers, routers, NAS devices and smart home products, according to Trend Micro's Zero Day Initiative. The top prize, $100,000, went to a SoHo smash up exploit chaining flaws in QNAP router and NAS devices. Other major payouts included $50,000 each for hacks on Synology and Sonos devices. Additional vulnerabilities in Home Assistant, Philips Hue and HP Canon printers were also rewarded. The contest continues with a 1 million dollar WhatsApp exploit demonstration expected on Thursday. Coming after the break, Ben Yellen discusses a federal whistleblower from the Social Security Administration and When the cloud goes down, beds heat up. Stick around. What's your 2am Security worry? Is it do I have the right controls in place? Maybe Are my vendors secure? Or the one that really keeps you up at night? How do I get out from under these old tools and manual processes? That's where Vanta comes in. Vanta automates the manual work so you can stop sweating over spreadsheets, chasing audit evidence and filling out endless questionnaires. Their trust management platform continuously monitors your systems, centralizes your data, and simplifies your security at scale. And it fits right into your workflows, using AI to streamline evidence collection, flag risks, and keep your program audit ready all the time. With Vanta, you get everything you need to move faster, scale confidently, and finally get back to sleep. Get started@vanta.com cyber that's V A N T A dot com cyber and now a word from our sponsor. The Johns Hopkins University Information Security Institute is seeking qualified applicants for its innovative Master of Science in Security Informatics degree program, study alongside world class interdisciplinary experts and gain unparalleled educational research and professional experience in information security and assurance. Interested U.S. citizens should consider the Department of Defense's Cyber Service Academy program, which covers tuition, textbooks and a laptop, as well as providing a $34,000 additional annual stipend. Apply for the fall 2026 semester and for this scholarship by February 28th. Learn more at CS JHU. Edu MSSI and it is always my pleasure to welcome back to the show Ben Yellen. He is my caveat co host and he is from the University of Maryland center for Cyber Health and Hazard Strategies. Ben, welcome back.

CyberWire Daily — “Hackers peek behind the nuclear curtain”

1. Major US Nuclear Weapons Site Breached

Timestamps: 01:10–03:20

A foreign threat actor compromised the Kansas City National Security Campus (KCNSC; Honeywell-managed), which manufactures most non-nuclear components for US nuclear arms.
Exploited an unpatched Microsoft SharePoint vulnerability, likely breaching systems in August.
Attribution Disputed:
- Microsoft links the campaign to Chinese groups "Linen Typhoon" and "Violet Typhoon."
- Another source asserts possible Russian involvement.
Key insight: Breach shows how IT vulnerabilities can expose operational technology (OT)—even air-gapped environments.
Experts emphasize gaps in zero trust practices for industrial systems;, even unclassified technical data may help adversaries via manufacturing or supply chain insights.
Quote:

"Despite limited impact, the breach highlights gaps in zero trust protections for industrial systems. Even unclassified technical data could hold strategic value…"
— Dave Bittner (03:08)

2. Jaguar Land Rover Suffers UK’s Costliest Cyberattack

Timestamps: 03:20–04:30

Projected cost: £1.9 billion, the most financially damaging UK cyber incident ever.
Five-week global production shutdown; over 5,000 suppliers affected.
Categorized as "Category 3" disaster (est. losses £1.6B–2.1B; full recovery by Jan 2026).
Most costs tied to operational downtime and recovery at JLR, with cascading effects on supply chain and local economies.
JLR has not disclosed attack type or ransom status.

3. Microsoft’s 2025 Digital Defense Report: The AI Revolution in Cybersecurity

Timestamps: 04:30–05:40

AI is "reshaping cybersecurity at an unprecedented pace"—benefiting both attackers and defenders.
Adversaries use generative AI for automated social engineering, vulnerability discovery, and evasion.
New tactics: Prompt injection, data poisoning, targeting AI itself.
State actors ramp up espionage and influence campaigns, especially in research and communications.
Defensive Imperatives:
- Embed zero trust, cloud security, and identity protection into strategy.
- International collaboration and political deterrence needed.
- Prepare for quantum-era threats, climate, cloud governance, and workforce upskilling.
Quote:

"The report stresses that no organization can face these challenges alone. International collaboration and political deterrence are vital…"
— Dave Bittner (05:23)

4. Chinese Actors Exploit SharePoint “ToolShell” Vulnerability

Timestamps: 05:40–07:00

Symantec reveals Chinese-linked hackers attacked entities across four continents via ToolShell (a bypass for two SharePoint bugs revealed at Pwn2Own Berlin).
Microsoft attributes this to group "Budworm" (Linen Typhoon, Sheath Miner, Violet Typhoon, Storm 2603).
Backdoors used: Zing Door, Shadow Pad, Crusty Loader; credential dumping and domain compromise techniques.
Targets: Governments, telecoms, finance, and academics in MEA, South America, and US.
Takeaway: More Chinese actors are exploiting ToolShell than previously believed.

5. “SocGholish” Fake Update Malware Campaign Scales Up Ransomware

Timestamps: 07:00–08:20

Trustwave warns SocGholish (a.k.a. FakeUpdates, run by TA569) is a global malware-as-a-service operation.
Tactics: Compromises legitimate (often WordPress) sites; injects malicious scripts/disguises malware as browser/Flash updates.
Sells access to other cybercriminal groups (e.g., Evil Corp); recently used in healthcare ransomware attacks.
Links to Russia’s GRU cited; payloads include Lockbit ransomware, AsyncRAT, data stealers.
Quote:

"SOC Golish...turning fake software updates into large scale infection campaigns...a major global cyber threat."
— Dave Bittner (08:02)

6. LA Metro Bus Kiosk Hack: Hacktivism Meets Public Infrastructure

Timestamps: 08:20–09:00

Digital signage boards at LA Metro bus stops defaced to display a hoax suicide bomb warning; attributed to Turkish “hackers.”
Attack traced to a compromise at Papercast, the third-party content management provider.
Incident highlights downstream risk from vendors.

7. Spyware Maker’s Developer Warned: Even Malware Authors Now Targets

Timestamps: 09:00–10:00

Former Trenchant employee (“Jay Gibson”)—a developer of iOS zero-days—warned by Apple of a mercenary spyware attack on his phone.
Gibson had been fired after a tools leak, denies involvement.
Apple’s alert suggests state surveillance; other exploit developers reportedly received similar alerts—a shift in zero-day spyware targeting its own creators.
Takeaway: The spyware weaponization cycle is catching its own authors.

8. Pwn2Own Ireland: Big Bounties for IoT and Router Hacks

Timestamps: 10:00–11:20

$522,500 paid out for 34 new vulnerabilities in printers, routers, NAS, and smart home devices (Trend Micro Zero Day Initiative).
Largest single prize: $100K for a SOHO “smash up” flaw chain in QNAP devices.
Additional $50K prizes for Synology, Sonos exploits; vulnerabilities also found in Home Assistant, Philips Hue, HP/Canon printers.
Preview: $1M WhatsApp exploit set for later this week.
Quote:

“The contest continues with a 1 million dollar WhatsApp exploit demonstration expected on Thursday.”
— Dave Bittner (11:15)

9. [Feature Interview] Whistleblower at Social Security Administration: Data Risks & Systemic Retaliation

Timestamps: 14:56–21:28
Guest: Ben Yellen, University of Maryland Center for Cyber Health and Hazard Strategies
Discussion:

Background: Charles Borges, former Chief Data Officer at SSA, blew whistle on transfer of the sensitive “Numident” master file (hundreds of millions of SSNs, names, DOBs) from mainframe to an insecure cloud provider, bypassing protocol.
Borges warned bosses, filed complaint; says he faced retaliation, isolation, and was forced to leave public service.
SSA denies any breach; internal sources back Borges' security concerns.
Underreporting: Broader issue of data security lapses as aggressive government reforms accelerate.
Quotes:

“…the DOGE team didn’t really know what it was doing…he felt that people’s sensitive information could have been publicly exposed…”
— Ben Yellen (15:40)
“Just because there hasn’t been an identifiable breach doesn’t mean that there will not be one.”
— Ben Yellen (16:44)
“There are ways where you can retaliate without officially retaliating… You can just make somebody’s life a living hell...”
— Ben Yellen (18:20)
Key insight: Federal whistleblower protections often lack teeth; agencies can retaliate subtly.

10. Quirky Endnote: Smart Beds Crash as AWS Outage Wrecks Sleep

Timestamps: 22:44–end

At 3 a.m., AWS US-East-1 suffered a major outage, impacting apps, banks—and smart beds (Eight Sleep's $2,000 “Pod” mattresses).
Users woke to overheated, frozen, or tilted beds due to failed Internet connectivity.
Bed company vows to add “outage mode”; for now, “keep a fan and a sense of humor next to the bed.”
Quote (user):

“Back end outage means I’m sleeping in a sauna.”

Notable Quotes & Memorable Moments

On nuclear facility breach:
“Even unclassified technical data could hold strategic value...” (03:08)
AI threat warning:
“No organization can face these challenges alone...” (05:23)
Whistleblower on internal retaliation:
“They could be first on the furlough list once the government shutdown starts.” (18:00)
On smart beds & cloud outages:
“By sunrise, AWS had restored normal operations, and Eight Sleep’s CEO vowed to create an outage mode. Until then, users might want to keep a fan and a sense of humor next to the bed.” (22:55)

Key Timed Segments

[01:10] Major incident at US nuclear weapons site.
[03:20] Jaguar Land Rover’s historic ransomware losses.
[04:30] Microsoft report on AI and cyber defense.
[05:40] Chinese exploitation of SharePoint flaws.
[07:00] SocGholish’s expanding fake update campaign.
[09:00] Spyware developer becomes a target.
[10:00] Pwn2Own Ireland’s vulnerability disclosures.
[14:56–21:28] Interview: Ben Yellen on SSA data risk & whistleblower retaliation.
[22:44] AWS outage impacts smart beds.

Overall Tone

Fast, matter-of-fact delivery with flashes of dry humor (as in the smart bed/AWS story).
Balanced, with technical specificity for professionals and clear insights for general listeners.

For more: Full episode and links at thecyberwire.com

wavePod

Hackers peek behind the nuclear curtain.

Summary

CyberWire Daily — “Hackers peek behind the nuclear curtain”

1. Major US Nuclear Weapons Site Breached

2. Jaguar Land Rover Suffers UK’s Costliest Cyberattack

3. Microsoft’s 2025 Digital Defense Report: The AI Revolution in Cybersecurity

4. Chinese Actors Exploit SharePoint “ToolShell” Vulnerability

5. “SocGholish” Fake Update Malware Campaign Scales Up Ransomware

6. LA Metro Bus Kiosk Hack: Hacktivism Meets Public Infrastructure

7. Spyware Maker’s Developer Warned: Even Malware Authors Now Targets

8. Pwn2Own Ireland: Big Bounties for IoT and Router Hacks

9. [Feature Interview] Whistleblower at Social Security Administration: Data Risks & Systemic Retaliation

10. Quirky Endnote: Smart Beds Crash as AWS Outage Wrecks Sleep

Notable Quotes & Memorable Moments

Key Timed Segments

Overall Tone

Transcript

Summary

CyberWire Daily — “Hackers peek behind the nuclear curtain”

1. Major US Nuclear Weapons Site Breached

2. Jaguar Land Rover Suffers UK’s Costliest Cyberattack

3. Microsoft’s 2025 Digital Defense Report: The AI Revolution in Cybersecurity

4. Chinese Actors Exploit SharePoint “ToolShell” Vulnerability

5. “SocGholish” Fake Update Malware Campaign Scales Up Ransomware

6. LA Metro Bus Kiosk Hack: Hacktivism Meets Public Infrastructure

7. Spyware Maker’s Developer Warned: Even Malware Authors Now Targets

8. Pwn2Own Ireland: Big Bounties for IoT and Router Hacks

9. [Feature Interview] Whistleblower at Social Security Administration: Data Risks & Systemic Retaliation

10. Quirky Endnote: Smart Beds Crash as AWS Outage Wrecks Sleep

Notable Quotes & Memorable Moments

Key Timed Segments

Overall Tone