CyberWire Daily – “Logging off in Myawaddy.”

Date: October 29, 2025
Host: Dave Bittner

Episode Overview

This episode of CyberWire Daily delivers a round-up of top cybersecurity news with a global focus, including the dramatic shutdown of a crime hub in Myanmar, evolving tactics of major botnets, high-profile data breaches, and key regulatory moves. A special feature interview with Ben Serry (CTO of Zafran) explores the rise of AI-native attacks and the defense opportunities and risks posed by increasingly autonomous cybersecurity tools. The episode wraps with a look at new "anti-facial recognition" eyewear—a tongue-in-cheek nod to contemporary privacy concerns.

Key News Segments & Insights

Explosions Halt Myanmar Cyberscam Hub

[00:34]

Event: Thai military reports a sharp decline in refugees crossing the border after Myanmar forces raid and physically destroy the KK Park cybercrime complex near Myawaddy.
Significance:
- The site was a central hub for international online scams and human trafficking.
- Over 1,500 people, largely coerced “workers,” fled as authorities scrambled to identify victims.
- Despite the dramatic raid, similar criminal operations remain active, highlighting the resilience of these networks.
Quote:

“KK Park had been a key node in Myanmar’s expanding cyberscam industry, where criminal groups lure workers with fake job offers before coercing them into online fraud.”

Isuru Botnet: From DDoS to Proxy Rental

[02:04]

Shift in Tactics: The Isuru botnet—known for record-breaking DDoS attacks—now monetizes by renting 700,000 hijacked IoT devices as residential proxies.
Implications:
- Criminals anonymize traffic and facilitate large-scale AI data scraping.
- The growth of proxy services linked to large Chinese networks blurs lines between legitimate and illegal activities.
Expert Note:

“Analysts warn that botnet-driven proxy ecosystems blur the lines between lawful data collection and cybercrime infrastructure.”

Dentsu Data Breach – Impact on US Subsidiary Merkel

[03:15]

Details: Japanese ad giant Dentsu confirms its US arm, Merkel, suffered a breach exposing financial, employee, and client data.
Mitigation:
- Shut down affected systems.
- Involving third-party forensics, notification of relevant authorities.
Scope/Unresolved: Breach impacts thousands, full impact under investigation.
Quote:

“Attackers stole files containing information on clients, suppliers and current and former employees while its Japan based systems were unaffected.”

Boston Bans Facial Recognition

[04:26]

Legislation: Boston City Council votes unanimously to prohibit facial recognition tech across all city departments.
Motivation:
- Cites risks of racial bias, inaccuracy, and privacy invasion.
- Aligns with similar moves in San Francisco and Oakland.
Quote:

“The law aims to protect residents’ privacy and prevent discrimination against communities of color.”

ProtonMail Backlash – Journalists’ Accounts Disabled

[05:21]

Incident: ProtonMail suspended (then reinstated) accounts of journalists probing North Korean cyber operations after external complaint.
Reaction: Press freedom advocates say the episode “undermines trust” in privacy-oriented services.
Company Statement: Proton cited a cert alert, admitted their automated abuse protocols may have erroneously targeted legitimate users.

Memento Labs Confirms Dante Spyware Link

[06:11]

Key Detail: CEO Paolo Lezzi acknowledges the newly discovered Dante spyware is their product, blaming misuse by a government client.
Context:
- Memento Labs is the rebranded successor of Hacking Team.
- Kaspersky links Dante to targeted operations against Russian and Belarusian entities.
Quote:

“Memento has since urged customers to discontinue use of its Windows spyware as it shifts focus to mobile surveillance tools.”

Australian Regulator Sues Microsoft over Copilot AI

[07:04]

Complaint: ACCC alleges Microsoft misrepresented its AI upgrade as mandatory for Office 365 users and improperly raised fees.
Expected Outcome: Penalties, refunds, and user reinstatement sought.
Advice:

“Affected users can revert to their original plans and should contact Microsoft for refunds if charged improperly.”

CISA Alert – Exploited Dassault Delmia Apriso Flaws

[08:12]

Alert: CISA highlights critical, actively exploited vulnerabilities in widely used manufacturing management software.
Response: Prompt patching and network isolation strongly recommended.

CIA Cyber Operation Disables Venezuelan Spy Network

[08:49]

Operation: In Trump’s first term, a CIA cyber attack “perfectly” disables Venezuela’s intelligence network—part of covert pressure on Maduro’s regime.
Modern Context: Recent escalation in US military presence near Venezuela raises concerns of regime change intentions.
Analysis:

“Analysts warn that today’s military buildup, framed as a counternarcotics mission, may mask preparation for direct strikes.”

Featured Interview: Ben Serry, CTO & Co-Founder, Zafran

[13:41–24:46]

Main Theme:

AI-Native Attacks and Defensive Opportunities (“Agentic” Security AI)

The State of AI in Cybersecurity

Serry:

“I think there is a great interest in this field and how it can actually be a force multiplier for practitioners in their day to day.” [13:52]
- Growth in curiosity and innovation opportunities.
- Debate remains over balancing human oversight versus ceding agency to AI.

The Threat: Adversaries Move First

Serry:

“Attackers have been observed to be using AI to exploit vulnerabilities, to develop malware, to scan the Internet and find prey. And unfortunately they've been very successful at it.” [14:42]
Host:

“It's fair to say to a certain degree it's a necessity because the adversaries are adopting this rather quickly.” [14:32]

AI Agents in Defense – Key Capabilities

Text Analysis:

“At the basis of it, it's a tool that is awesome...at analyzing text and reacting to it...from there it can create plans. And from plans it can also do actions.” [15:17]
Exposure Management:
- Sorting real from false positives among a “huge pile” of vulnerabilities.
- AI agents can help “connect the dots” between threat, environment impact, and concrete remediation actions. [16:11]

Guardrails and Human Oversight

Serry:

“Each solution that takes on an agentic topology needs to implement on its end...guard rules: what data does the tool have access to, what tools it can then interact with, and at which points will the human be in charge in approving actions.” [17:28]
- Emphasizes starting with “human in the loop,” gradually increasing automation as trust in tool performance builds.
“AI needs to be validated at our current stage...the human needs to be also a guardrail in that sense.” [18:16]

Concrete Advances – Remediation by AI

Serry:

“Agentic tech can also be the remediator of vulnerabilities in production environments.” [19:30]
- Describes how LLMs (like Anthropic’s models) can not only assess impact but actually generate scripts and code to patch vulnerabilities.
“They can be one that interacts with your endpoints or your servers and offer concrete plans to how to do the patch. And that is a huge gap on how practitioners are trying to do that today.” [20:38]

Guiding Questions for Organizations

Serry:

“Do you believe in your current state that you are able to actually remediate everything that you're impacted by or...prioritize well?” [21:33]
- With threat actors moving faster, organizations must ask whether new tools can shrink the gap between attacker and defender velocity—and even between security and IT teams.

Emerging Risk: Enterprise AI Application Security

Serry:

“There is also risk in the applications that these enterprises develop...it’s unknown in many regards what will be the greatest risk of developing applications that use AI for customers or enterprises.” [23:43]
- Calls for new approaches to vulnerability and exposure management as AI development becomes ubiquitous.

Notable Moment: “Fashionable Paranoia” – Anti-Facial Recognition Glasses

[24:46]

Product Feature: Zenni, an eyewear brand, introduces “ID Guard” glasses with infrared-reflective lenses that thwart some facial recognition systems.
Field Test Result: Proven effective against Apple’s Face ID; less so versus standard photographs.
Tone: Playful, acknowledging privacy anxiety:

“When the world is one big panopticon, at least Zenni will sell you reasonably priced rebellion in a flattering shade of rock.” [24:46]

Timestamps for Major Segments

Myanmar cybercrime hub raid: [00:34]
Isuru botnet evolution: [02:04]
Dentsu/Merkel breach: [03:15]
Boston biometric ban: [04:26]
ProtonMail/journalists controversy: [05:21]
Memento Labs spyware admission: [06:11]
Microsoft Copilot AI lawsuit: [07:04]
CISA/Dassault vulnerabilities: [08:12]
CIA Venezuela cyberattack revelation: [08:49]
Interview: Ben Serry, Zafran: [13:41–24:46]
- AI in cybersecurity: [13:52]
- Adversarial AI: [14:42]
- LLMs and remediation: [15:17–20:38]
- Org considerations: [21:33]
- AI app risk: [23:43]
Anti-surveillance eyewear: [24:46]

Memorable Quotes

“Attackers have been observed to be using AI to exploit vulnerabilities...and unfortunately they've been very successful at it.”
— Ben Serry [14:42]
“Each solution that takes on an agentic topology needs to implement on its end...guard rules: what data does the tool have access to, what tools it can then interact with, and at which points will the human be in charge in approving actions.”
— Ben Serry [17:28]
“When the world is one big panopticon, at least Zenni will sell you reasonably priced rebellion in a flattering shade of rock.”
— Dave Bittner [24:46]

Summary

This episode blends breaking cyber news from intrusion and crime disruptions in Southeast Asia to regulatory and privacy fights around the globe, all against a backdrop of accelerating attacker innovation through AI. Ben Serry’s interview underscores the urgent need and potential for security teams to harness AI—wisely and cautiously—to keep up with emerging threats, but also foreshadows new risks as organizations build and deploy their own AI-powered applications. The closing story on anti-facial-recognition eyewear is both clever and reflective of society’s evolving relationship with technology and surveillance.

For more details, check out the cyberwire.com daily briefing or listen to the full episode for deeper commentary.

CyberWire Daily – “Logging off in Myawaddy.”

Date: October 29, 2025
Host: Dave Bittner

Episode Overview

Key News Segments & Insights

Explosions Halt Myanmar Cyberscam Hub

[00:34]

Event: Thai military reports a sharp decline in refugees crossing the border after Myanmar forces raid and physically destroy the KK Park cybercrime complex near Myawaddy.
Significance:
- The site was a central hub for international online scams and human trafficking.
- Over 1,500 people, largely coerced “workers,” fled as authorities scrambled to identify victims.
- Despite the dramatic raid, similar criminal operations remain active, highlighting the resilience of these networks.
Quote:

“KK Park had been a key node in Myanmar’s expanding cyberscam industry, where criminal groups lure workers with fake job offers before coercing them into online fraud.”

Isuru Botnet: From DDoS to Proxy Rental

[02:04]

Shift in Tactics: The Isuru botnet—known for record-breaking DDoS attacks—now monetizes by renting 700,000 hijacked IoT devices as residential proxies.
Implications:
- Criminals anonymize traffic and facilitate large-scale AI data scraping.
- The growth of proxy services linked to large Chinese networks blurs lines between legitimate and illegal activities.
Expert Note:

“Analysts warn that botnet-driven proxy ecosystems blur the lines between lawful data collection and cybercrime infrastructure.”

Dentsu Data Breach – Impact on US Subsidiary Merkel

[03:15]

Details: Japanese ad giant Dentsu confirms its US arm, Merkel, suffered a breach exposing financial, employee, and client data.
Mitigation:
- Shut down affected systems.
- Involving third-party forensics, notification of relevant authorities.
Scope/Unresolved: Breach impacts thousands, full impact under investigation.
Quote:

“Attackers stole files containing information on clients, suppliers and current and former employees while its Japan based systems were unaffected.”

Boston Bans Facial Recognition

[04:26]

Legislation: Boston City Council votes unanimously to prohibit facial recognition tech across all city departments.
Motivation:
- Cites risks of racial bias, inaccuracy, and privacy invasion.
- Aligns with similar moves in San Francisco and Oakland.
Quote:

“The law aims to protect residents’ privacy and prevent discrimination against communities of color.”

ProtonMail Backlash – Journalists’ Accounts Disabled

[05:21]

Incident: ProtonMail suspended (then reinstated) accounts of journalists probing North Korean cyber operations after external complaint.
Reaction: Press freedom advocates say the episode “undermines trust” in privacy-oriented services.
Company Statement: Proton cited a cert alert, admitted their automated abuse protocols may have erroneously targeted legitimate users.

Memento Labs Confirms Dante Spyware Link

[06:11]

Key Detail: CEO Paolo Lezzi acknowledges the newly discovered Dante spyware is their product, blaming misuse by a government client.
Context:
- Memento Labs is the rebranded successor of Hacking Team.
- Kaspersky links Dante to targeted operations against Russian and Belarusian entities.
Quote:

“Memento has since urged customers to discontinue use of its Windows spyware as it shifts focus to mobile surveillance tools.”

Australian Regulator Sues Microsoft over Copilot AI

[07:04]

Complaint: ACCC alleges Microsoft misrepresented its AI upgrade as mandatory for Office 365 users and improperly raised fees.
Expected Outcome: Penalties, refunds, and user reinstatement sought.
Advice:

“Affected users can revert to their original plans and should contact Microsoft for refunds if charged improperly.”

CISA Alert – Exploited Dassault Delmia Apriso Flaws

[08:12]

Alert: CISA highlights critical, actively exploited vulnerabilities in widely used manufacturing management software.
Response: Prompt patching and network isolation strongly recommended.

CIA Cyber Operation Disables Venezuelan Spy Network

[08:49]

Operation: In Trump’s first term, a CIA cyber attack “perfectly” disables Venezuela’s intelligence network—part of covert pressure on Maduro’s regime.
Modern Context: Recent escalation in US military presence near Venezuela raises concerns of regime change intentions.
Analysis:

“Analysts warn that today’s military buildup, framed as a counternarcotics mission, may mask preparation for direct strikes.”

Featured Interview: Ben Serry, CTO & Co-Founder, Zafran

[13:41–24:46]

Main Theme:

AI-Native Attacks and Defensive Opportunities (“Agentic” Security AI)

The State of AI in Cybersecurity

Serry:

“I think there is a great interest in this field and how it can actually be a force multiplier for practitioners in their day to day.” [13:52]
- Growth in curiosity and innovation opportunities.
- Debate remains over balancing human oversight versus ceding agency to AI.

The Threat: Adversaries Move First

Serry:

“Attackers have been observed to be using AI to exploit vulnerabilities, to develop malware, to scan the Internet and find prey. And unfortunately they've been very successful at it.” [14:42]
Host:

“It's fair to say to a certain degree it's a necessity because the adversaries are adopting this rather quickly.” [14:32]

AI Agents in Defense – Key Capabilities

Text Analysis:

“At the basis of it, it's a tool that is awesome...at analyzing text and reacting to it...from there it can create plans. And from plans it can also do actions.” [15:17]
Exposure Management:
- Sorting real from false positives among a “huge pile” of vulnerabilities.
- AI agents can help “connect the dots” between threat, environment impact, and concrete remediation actions. [16:11]

Guardrails and Human Oversight

Serry:

“Each solution that takes on an agentic topology needs to implement on its end...guard rules: what data does the tool have access to, what tools it can then interact with, and at which points will the human be in charge in approving actions.” [17:28]
- Emphasizes starting with “human in the loop,” gradually increasing automation as trust in tool performance builds.
“AI needs to be validated at our current stage...the human needs to be also a guardrail in that sense.” [18:16]

Concrete Advances – Remediation by AI

Serry:

“Agentic tech can also be the remediator of vulnerabilities in production environments.” [19:30]
- Describes how LLMs (like Anthropic’s models) can not only assess impact but actually generate scripts and code to patch vulnerabilities.
“They can be one that interacts with your endpoints or your servers and offer concrete plans to how to do the patch. And that is a huge gap on how practitioners are trying to do that today.” [20:38]

Guiding Questions for Organizations

Serry:

“Do you believe in your current state that you are able to actually remediate everything that you're impacted by or...prioritize well?” [21:33]
- With threat actors moving faster, organizations must ask whether new tools can shrink the gap between attacker and defender velocity—and even between security and IT teams.

Emerging Risk: Enterprise AI Application Security

Serry:

“There is also risk in the applications that these enterprises develop...it’s unknown in many regards what will be the greatest risk of developing applications that use AI for customers or enterprises.” [23:43]
- Calls for new approaches to vulnerability and exposure management as AI development becomes ubiquitous.

Notable Moment: “Fashionable Paranoia” – Anti-Facial Recognition Glasses

[24:46]

Product Feature: Zenni, an eyewear brand, introduces “ID Guard” glasses with infrared-reflective lenses that thwart some facial recognition systems.
Field Test Result: Proven effective against Apple’s Face ID; less so versus standard photographs.
Tone: Playful, acknowledging privacy anxiety:

“When the world is one big panopticon, at least Zenni will sell you reasonably priced rebellion in a flattering shade of rock.” [24:46]

Timestamps for Major Segments

Myanmar cybercrime hub raid: [00:34]
Isuru botnet evolution: [02:04]
Dentsu/Merkel breach: [03:15]
Boston biometric ban: [04:26]
ProtonMail/journalists controversy: [05:21]
Memento Labs spyware admission: [06:11]
Microsoft Copilot AI lawsuit: [07:04]
CISA/Dassault vulnerabilities: [08:12]
CIA Venezuela cyberattack revelation: [08:49]
Interview: Ben Serry, Zafran: [13:41–24:46]
- AI in cybersecurity: [13:52]
- Adversarial AI: [14:42]
- LLMs and remediation: [15:17–20:38]
- Org considerations: [21:33]
- AI app risk: [23:43]
Anti-surveillance eyewear: [24:46]

Memorable Quotes

“Attackers have been observed to be using AI to exploit vulnerabilities...and unfortunately they've been very successful at it.”
— Ben Serry [14:42]
“Each solution that takes on an agentic topology needs to implement on its end...guard rules: what data does the tool have access to, what tools it can then interact with, and at which points will the human be in charge in approving actions.”
— Ben Serry [17:28]
“When the world is one big panopticon, at least Zenni will sell you reasonably priced rebellion in a flattering shade of rock.”
— Dave Bittner [24:46]

Summary

For more details, check out the cyberwire.com daily briefing or listen to the full episode for deeper commentary.

Logging off in Myawaddy.

Powered by Wave AI

Summary

CyberWire Daily – “Logging off in Myawaddy.”

Episode Overview

Key News Segments & Insights

Explosions Halt Myanmar Cyberscam Hub

Isuru Botnet: From DDoS to Proxy Rental

Dentsu Data Breach – Impact on US Subsidiary Merkel

Boston Bans Facial Recognition

ProtonMail Backlash – Journalists’ Accounts Disabled

Memento Labs Confirms Dante Spyware Link

Australian Regulator Sues Microsoft over Copilot AI

CISA Alert – Exploited Dassault Delmia Apriso Flaws

CIA Cyber Operation Disables Venezuelan Spy Network

Featured Interview: Ben Serry, CTO & Co-Founder, Zafran

Main Theme:

The State of AI in Cybersecurity

The Threat: Adversaries Move First

AI Agents in Defense – Key Capabilities

Guardrails and Human Oversight

Concrete Advances – Remediation by AI

Guiding Questions for Organizations

Emerging Risk: Enterprise AI Application Security

Notable Moment: “Fashionable Paranoia” – Anti-Facial Recognition Glasses

Timestamps for Major Segments

Memorable Quotes

Summary

Summary

CyberWire Daily – “Logging off in Myawaddy.”

Episode Overview

Key News Segments & Insights

Explosions Halt Myanmar Cyberscam Hub

Isuru Botnet: From DDoS to Proxy Rental

Dentsu Data Breach – Impact on US Subsidiary Merkel

Boston Bans Facial Recognition

ProtonMail Backlash – Journalists’ Accounts Disabled

Memento Labs Confirms Dante Spyware Link

Australian Regulator Sues Microsoft over Copilot AI

CISA Alert – Exploited Dassault Delmia Apriso Flaws

CIA Cyber Operation Disables Venezuelan Spy Network

Featured Interview: Ben Serry, CTO & Co-Founder, Zafran

Main Theme:

The State of AI in Cybersecurity

The Threat: Adversaries Move First

AI Agents in Defense – Key Capabilities

Guardrails and Human Oversight

Concrete Advances – Remediation by AI

Guiding Questions for Organizations

Emerging Risk: Enterprise AI Application Security

Notable Moment: “Fashionable Paranoia” – Anti-Facial Recognition Glasses

Timestamps for Major Segments

Memorable Quotes

Summary