A

You're listening to the Cyberwire Network powered by N2K. At Talas, they know cybersecurity can be tough and you can't protect everything. But with Thales, you can secure what matters most. With Thales industry leading platforms, you can protect critical applications, data and identities anywhere and at scale with the highest roi. That's why the most trusted brands and largest banks, retailers and healthcare companies in the world rely on Talas to protect what matters most applications, data and identity. That's Talas. T H A L E S learn more@talasgroup.com cyber the CBO was hacked by a suspected foreign actor Experts worry Trump's budget cuts weaken US Cyber defenses Regulation shapes expectations Click Fix evolves on macOS Notorious cybercrime groups form a new federated alliance Congressional leaders look to counter China's influence in 6G networks. An edtech firm pays $5.1 million to settle data breach claims. Nevada did not pay the ransom. Our guest is CEO and co founder Ben Nunez from Evercoast, winner of the 8th annual DataTribe Challenge. And the FBI tries to uncover the archivist. It's Friday, Friday, November 7th, 2025. I'm Dave Buettner and this is your Cyberwire Intel Briefing. Thanks for joining us here today. Happy Friday. It's great to have you with us. The Congressional Budget Office, Congress's nonpartisan fiscal analyst, was hacked by a suspected foreign actor, potentially exposing sensitive communications and financial data used in crafting legislation. Officials discovered the breach recently and worry adversaries may have accessed internal emails, chats and correspondence with lawmakers, according to a spokesperson. The CBO quickly contained the incident, added new monitoring, and continues its work while the investigation proceeds. Some congressional offices have reportedly paused email contact with the agency over security concerns. The CBO provides independent economic projections and cost estimates for every bill, serving as a vital counterweight to the White House's budget agencies. Its analyses frequently influence legislative debates and fiscal policy across both chambers of Congress. Experts warn that budget cuts and restructuring under President Trump's administration have weakened U.S. cybersecurity defenses, leaving the nation and economy more vulnerable to attack. A new assessment from the Cyberspace Solarium Commission found declining progress toward key national cyber goals, citing reduced funding and staff at agencies such as CISA and the State Department. The lapse of an information sharing law and the disbanding of key coordination councils have further hampered public private collaboration. Experts say this death by a thousand paper cuts erodes visibility into nation state threats like China's Volt typhoon campaign, even as artificial intelligence accelerates attack capabilities. Analysts warn that cutting federal resources while shifting responsibility to states and industry heightens national cyber risk. According to cnbc, a quiet but profound shift is reshaping Cybersecurity regulation is making accountability a daily expectation rather than a compliance exercise. Frameworks like the EU's Digital Operational Resilience Act, US Secure by Design principles, and new SEC disclosure rules are driving cultural change across organizations. Regulators now demand proof of readiness, transparency in incident response, and evidence that systems were built securely from the start. This evolution pushes security engineering and legal teams to collaborate continuously instead of treating compliance as an annual checkbox. Experts say the focus has moved from bureaucracy to behavior, embedding accountability into design, operations and communication. In this new landscape, transparency and preparedness are emerging as competitive advantages rather than regulatory burdens. Click fix attacks have rapidly evolved on macOS, with threat actors refining fake cloudflare verification popups that mimic legitimate pages and even include instructional videos and countdown timers. The tactic long used against Windows users tricks victims into manually executing malicious commands that install malware, often bypassing security tools. Recent macOS variants, such as one deploying the Shemos infostealer, show greater sophistication and fewer execution steps. Experts warn that user awareness remains the strongest defense as attackers continue adapting. Speaking of ClickFix, cybersecurity researchers uncovered a large scale phishing campaign exploiting booking.com partner accounts to steal customer data. According to Sequoia IO, attackers compromised hotel systems using the ClickFix social engineering tactic, tricking victims into executing PowerShell commands that installed the Pure RAT remote access trojan. The malware enabled credential theft system control and data exfiltration. Stolen credentials were traded or used in payment scams. Fraudulent messages mimicked legitimate booking details, directing victims to fake payment pages. The campaign remains active and highly profitable. A new federated alliance of three notorious cybercrime groups, Scattered Spider, Shiny Hunters and Lapsus, has formed to launch extortion as a service operations, according to researchers at Trustwave. Operating under the handle Scattered LapsesHunters, the coalition combines elite skills in social engineering, lateral movement and data exfiltration, posing a major threat to enterprises. Experts describe this merger as the evolution of cybercrime into coordinated business style operations targeting weak identity controls and legacy multi factor authentication. SLH reportedly plans to release its own ransomware, Shiny Spider, and collaborate with other criminal clusters. Researchers warn this marks a new phase of organized cyber extortion, emphasizing collaboration and efficiency and credential based compromise. Congressional leaders are demanding more transparency from federal agencies on strategies to counter China's growing influence in technology and cybersecurity especially in developing 6G networks. Representative Raha Krishnamoorthy urged Secretary of State Marco Rubio to strengthen international coalitions promoting secure non Chinese telecommunications infrastructure and to prevent a repeat of US missteps during 5G's rollout. Lawmakers warn that China is already shaping global 6G standards through partnerships and summits. Meanwhile, congressional Republicans are pressing the Commerce Department to curb Chinese technology in U.S. supply chains, citing risks to infrastructure, AI systems and industrial control networks. Both parties agree that technological dominance and security in next generation communications represent critical national interests requiring coordinated investment, diplomacy and stronger standards. Leadership Educational technology firm Illuminate education will pay $5.1 million and overhaul its security practices to settle claims tied to a 2021 data breach that exposed sensitive student information. The breach, affecting students in 49 states and 3 million in California, stemmed from poor access controls, weak monitoring and unsecured databases. California, Connecticut and New York attorneys general said Elluminate failed to revoke ex employee credentials and misled users about compliance. The company has agreed to strengthen monitoring and data protection measures. Officials in Nevada confirmed the state did not pay ransom after an August ransomware attack that disrupted critical government systems. Working with the FBI, Mandiant and others, the state restored operations in 28 days, recovering about 90% of affected data. The attack began when a state employee unknowingly downloaded a malware laced tool from a spoofed website, part of a search engine optimization poisoning campaign. The attacker gained persistence, moved laterally and deployed ransomware after deleting backups. No data exfiltration was detected and only one file contained personal information. The state spent roughly $1.6 million on recovery costs and overtime. Governor Joe Lombardo praised teams for restoring payroll and essential services without paying criminals, pledging further network segmentation and stronger cybersecurity defenses. Coming up after the break, my interview with the winner of the 8th annual Data Tribe Challenge. CEO and co founder Ben Nunez from Evercoast and the FBI tries to uncover the archivists. Stay with us.

B

What happens when cybercrime becomes as easy as shopping online? Spy Cloud's Trevor Hilligoss joined Dave Buettner on the Cyberwire Daily to explain how a wave of cybercrime enablement services are lowering the barrier to entry and making sophisticated attacks available to anyone. I think it's a pretty good general term that describes kind of an umbrella of tools and services that I would kind of tag as criminal or criminal adjacent instead of having sort of the smaller pool of high sophistication actors that are able to kind of carry out these really vast and costly cyber attacks. You know, we see that being given to much lower sophistication. Lower tech folks that are, you know, a much lower barrier to entry. To get into this field, the person that's buying access to this, they basically need a phone and a bitcoin wallet. Make sure you hear this full conversation and learn how the underground economy is reshaping Cyber risk. Visit explore.thecyberwire.com spycloud that's explore.thecyberwire.Com spycloud.

A

What'S your 2am Security worry? Is it do I have the right controls in place? Maybe are my vendors secure? Or the one that really keeps you up at night? How do I get out from under these old tools and manual processes? That's where Vanta comes in. Vanta automates the manual work so you can stop sweating over spreadsheets, chasing audit evidence and filling out endless questionnaires. Their trust management platform continuously monitors your systems, centralizes your data, and simplifies your security at scale. And it fits right into your workflows. Using AI to streamline evidence collection, flag risks, and keep your program audit ready all the time. With Vanta, you get everything you need to move faster, scale confidently, and finally get back to sleep. Get started at vanta.com cyber that's V-A-N-T a.com cyber this past week saw the 8th annual Data Tribe Challenge at Cyber Innovation day in Washington D.C. i sat down with the DataTribe challenge winner, CEO and co founder Ben Nunez from Evercoast. So you just walked off the stage having won the datatribe Challenge. What's in your mind right now? What are you feeling?

C

Well, I'm excited to be a part of an alumni group. Like I mentioned out there, you know, there's a bunch of, you know, successful companies that have won this in the past. And, you know, we're just, we're just excited to be part of this, this community. You know, I think DataTribe is an incredible organization to be able to sort of help us get to that next level and create these unfair advantages and, you know, going and executing and building a real sustainable commercial company.

A

Well, tell us about the product. What's your value proposition here?

C

So we help train robots to do their jobs. Right now there's a frantic effort underway to go collect real world data in order to be able to train robots to perform tasks. And it's not just about sort of imitation learning and sort of teaching a robot to do something that a human can do. It's really about an ongoing monitoring and maintenance of robots to be able to understand their performance and is it staying in line with, you know, expectations of what they're supposed to be doing. So our product really helps button all that up with a seamless platform.

A

Tell me about your team, the folks that you've assembled. I saw in your presentation. It's quite an impressive group.

C

It is an impressive group. We've got 14 people. You know, a lot of them are, you know, PhDs, masters, senior engineers who, you know, have been at the forefront of spatial data for many years. A lot of this technology actually came out of Hollywood. So we've got guys from Pixar and Weta Digital and really teams that sort of perfected this kind of technology and getting a human right, you know, if you can get a human to look exactly right, you know, chances are that technology is going to be applicable to a lot of other verticals and industries. And robotics has always been in our mission statement from day one, and now we're kind of bringing that to fruition.

A

You know, when I was watching the presentation and I was sizing up all the competitors today, I thought two things about your group. One was I thought you were the most interesting. It was different from what anyone else did did, but I wondered if it was too far off the beaten path that the judges might be afraid that they didn't really understand it. Is that something that you have to deal with, of explaining exactly what you all are?

C

It depends on the audience, I think. At the data. I mean, I kind of thought the same thing coming in here at Datatribe. I mean, data is in the name, but it's also very much a cybersecurity company. I think our last statement at the very end really brought it home and that this is a data integrity problem. You know, we have physical AI companies that are training AI on, you know, not, not using real world data, or at least not using real world data properly. So we solved that and so we knew there was a strong data angle and ultimately this is, you know, this is a. The next Cyber battlefield is not virtual, it is embodied. And, you know, we're just here to make sure that it's rooted in ground truth and not guesswork.

A

What happens next? You're a winner here. What do you launch off tomorrow?

C

We continue to get back to work and build the business and build the company. And, you know, we are raising a round right now, so it's really about sort of closing that round as quickly as possible so that we can continue to, to grow and move fast. This world is. This industry is moving incredibly fast. So in order to keep pace, I think this capital will help us get there.

A

What's your advice for folks out there who might be considering taking part in the Data Tribe Challenge if you get selected?

C

I mean, it is an incredible opportunity. I think anytime an entrepreneur has an opportunity to get up in front of a few hundred people and pitch their company, I don't care what it is, get up and do it. Particularly if it's in front of a crowd like DataTribe assembles here. It is an audience full of incredibly smart people and successful entrepreneurs and investors and press. I think any opportunity that an entrepreneur has to get up and pitch their wares, no matter what, do it. And Data Tribe Challenge is an incredible opportunity to do that.

A

Good luck to you.

C

Thank you very much.

A

That's Ben Nunez from EverCoast, the 8th annual Data Tribe Challenge winner. And finally, the FBI has apparently set its sights on one of the Internet's more eccentric institutions, Arxiv today, the site beloved by journalists, researchers, and anyone allergic to paywalls, according to a subpoena posted by the site itself, a characteristically defiant move. The bureau wants to unmask whoever runs the operation, demanding everything from IP addresses to payment details. The request was sent to tucals, the Canadian registrar, with the usual don't tell anyone clause. That archive today, of course, promptly told everyone about. Launched in the early 2010s, the site became infamous during the Gamergate era for archiving web pages so users could quote without sending traffic to the originals. Since then, it's become the Internet's attic. Part preservation project, part paywall circumvention machine, and wholly mysterious. No one quite knows who runs it. Rumor has it a solitary Russian with a soft spot for dead links. The FBI, it seems, would very much like to know more. And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com be sure to check out this weekend's Research Saturday and my conversation with Tal Peleg and Coby Abrams from Varonis. We're discussing their work on Rusty Perl remote code execution in postgres instances. That's Research Saturday. Check it out. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. Were mixed by Trey Hester with original music by Elliot Peltzman. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher. And I'm Dave Bittner. Thanks for listening. We'll see you back here next week.