CyberWire Daily – “Pay Cuts and a Personnel Freefall.”

Date: December 4, 2025
Host: Gabe Bittner (N2K Networks)
Special Guest: Dave Baggett, Co-founder & CEO of Inky (recently acquired by Kaseya)

Episode Overview

This episode covers significant cybersecurity news and analysis, focusing on government personnel challenges, zero-day exploits, AI integration in operational technology, major data breaches, and evolving legal requirements in AI usage. A featured interview with Dave Baggett provides a deep dive into the persistent and evolving challenges of email security in the age of generative AI.

Key News Highlights & Insights

1. CISA Faces Pay Cuts and a Talent Exodus

[02:54 – 04:09]

The Trump administration is ending an incentive program that increased pay for nearly half of CISA (Cybersecurity and Infrastructure Security Agency) employees.
The program, created in 2015 to keep government cyber talent competitive with the private sector, has faced allegations of mismanagement.
Warning Signs:
- CISA has lost over one-third of its staff since last fall.
- Some salaries could drop by as much as 25% in 2026.
- Leadership positions remain unfilled, while there's uncertainty about who qualifies for the new cybersecurity talent management system.
Implication: Staff fear a weakened governmental cybersecurity defense due to stalled retention.

“Staff say the cuts could reduce some salaries by up to 25% starting in 2026...raising fears of further weakening the government’s cyber defenses.” ([03:55])

2. Full Chain iOS Zero-Day Exploit Advertised

[04:09 – 05:10]

A threat actor claims to have a full chain zero-day for iOS 26, enabling remote code execution and full device control.
The exploit, discovered on a restricted cybercrime forum, could allow for invisible device compromises and significant data theft (messages, locations, photos).
Advice: Organizations should treat the threat as critical and be ready to deploy patches as soon as Apple issues them.

3. AI in Operational Technology: International Guidance

[05:10 – 06:24]

The U.S. and eight other national cyber agencies released joint guidance for safely integrating AI into operational technology (OT).
Risks Identified:
- Model drift, data quality issues, opaqueness in AI decision-making, and over-reliance on automation threaten OT safety and reliability.
Recommendations:
- Build strong governance frameworks.
- Maintain human oversight and extensive fail-safes.

4. Microsoft Lowers AI Sales Targets

[06:24 – 07:32]

Microsoft has cut growth expectations for its agentic AI products, facing weak enterprise adoption.
Some sales units saw less than 20% of representatives meet targets.
Enterprise Hesitation: High cost, reliability issues, and preference for competitors (e.g., ChatGPT) cited.
Raises questions about the immediate real-world demand for agentic AI tools.

5. Major Fintech Ransomware Breach

[07:32 – 08:14]

Marquee Software Solutions, serving over 700 financial institutions, suffered a ransomware breach via a SonicWall firewall flaw.
Approximately 250,000 people’s data may be exposed—names, contact info, SSNs, tax IDs, and financial details.

6. Arizona Sues Temu for Data Practices

[08:14 – 09:12]

Arizona's Attorney General is suing Temu and PDD Holdings for alleged mass data harvesting and deceptive practices, including hidden malware-like code and potential data transfers to the Chinese government.
Other states have filed similar lawsuits.

7. Capita and the Black Basta Ransomware Fallout

[09:12 – 10:26]

Capita Plc, after a massive 2023 ransomware incident, received a record £14M ICO fine for negligence.
Key failures included slow alert handling and unaddressed vulnerabilities, with over 6 million impacted.
Lesson: “Secure Active Directory, conduct meaningful pen tests, and communicate transparently.” ([10:04])

8. UK Sanctions Russia’s GRU

[10:26 – 11:13]

Following an official inquiry, the UK sanctioned Russia’s GRU for the 2018 Salisbury operation and other cyberattacks, exposing eleven linked individuals.

Deep Dive – The Challenges and Future of Email Security

Interview with Dave Baggett
[13:36 – 24:58]

Lay of the Land: Why We Still Have Email Problems

Email remains ubiquitous—8 to 9 billion mailboxes globally (2025).
Security and usability were afterthoughts: “All this security stuff was grafted on...in the Internet circa 1971. There was no security because we were all friends, right?” (Dave Baggett, [14:54])
Email is federated—anyone can run a server, making central vetting impossible.

Why Email Is Still the Top Attack Vector

The lack of central authority enables bad actors to spoof email sources.
Brands are easily impersonated because HTML-based emails can be visually perfect fakes.
Detection relies heavily on the recipient’s systems and manual whitelists.

(Not So) Simple Fixes and Modern Messaging

Evolution has occurred: attachments, HTML, layered security add-ons.
Newer messaging apps (Signal, iMessage) have stronger default authentication but haven’t replaced mass email.

Generative AI and LLMs: The New Game Changer

LLMs are supercharging attackers with quickly-generated, well-crafted phishing templates.
Empirical Demo:
“You...can go onto your favorite LLM chatbot...and it will just give you a perfectly grammatical phishing template...now imagine you’re the attacker, that cost you $0.” ([19:49])
Attackers’ asymmetry: practically free attacks force defenders to invest heavily in detection.
Defenders use AI increasingly to analyze mail, but cannot afford full-scale LLM analysis on every message, requiring creative, resource-sparing approaches.

Are We Making Progress?

Continuous cat-and-mouse game: “They’re constantly creating new tactics to get through...But also, we’re getting better at generalizing tactics and using smarter AI.” ([21:53])
Optimistic view: “We’re heading towards a world where very, very little of this malicious mail is actually going to get through, provided that you’re using a system that...incorporates...modern AI capabilities.” ([22:43])

Final Advice for Practitioners

Don’t assume all email security tools are equal—“There are stark differences...try a system on your own email and you’ll see the good ones really block stuff.” ([23:39])
Enable multi-factor authentication as a security baseline.
Avoid common password pitfalls and prioritize authentication hygiene.

Notable Quotes & Moments

On why email endures (and remains risky):

“It’s this completely ubiquitous thing that we all hate. And it actually was the genesis of my third startup...” – Dave Baggett ([14:23])
On generative AI tipping the scales:

“It does enable the attackers...the signal that we used to rely on for decades—broken grammar...now the AI can just write perfect language...” – Dave Baggett ([20:38])
On hope for better security:

“We’re not quite there yet, but I think it’s close to being a solved problem, honestly.” – Dave Baggett ([22:45])

Other Noteworthy News

US Courts Mandate AI Transparency in Filings

[25:51 – 26:49]

New rule: As of January 2026, any court filing in the Southern District of California that used AI must include a note disclosing the system and affirming human fact-checking.
Applies to all legal participants—intended to prevent unchecked AI hallucinations in crucial legal documents.

Timestamps for Major Segments

[02:54] — CISA Pay Cuts & Personnel Issues
[04:09] — iOS Zero-Day Exploit
[05:10] — International AI/OT Guidance
[06:24] — Microsoft Agentic AI Sales
[07:32] — Marquee Data Breach
[08:14] — Temu Lawsuit in AZ
[09:12] — Capita Black Basta Penalties
[10:26] — UK Sanctions Russia’s GRU
[13:36] — Email Security Interview: Dave Baggett
[25:51] — US Court: AI Use Disclosure Rule

Tone & Takeaway

The episode mixes urgency (threats, breaches, talent gaps) with pragmatic optimism (growing AI-powered defenses and improving best practices).
The Dave Baggett interview tempers technical detail with humor and relatable weariness, while still closing with hope for solving the email phishing problem with advanced tools.

Best for listeners seeking an informed snapshot of cyber policy crises, evolving threats, and responses—plus an authoritative, grounded perspective on why email security never seems to get easier, even as the tools evolve.

CyberWire Daily – “Pay Cuts and a Personnel Freefall.”

Date: December 4, 2025
Host: Gabe Bittner (N2K Networks)
Special Guest: Dave Baggett, Co-founder & CEO of Inky (recently acquired by Kaseya)

Episode Overview

Key News Highlights & Insights

1. CISA Faces Pay Cuts and a Talent Exodus

[02:54 – 04:09]

The Trump administration is ending an incentive program that increased pay for nearly half of CISA (Cybersecurity and Infrastructure Security Agency) employees.
The program, created in 2015 to keep government cyber talent competitive with the private sector, has faced allegations of mismanagement.
Warning Signs:
- CISA has lost over one-third of its staff since last fall.
- Some salaries could drop by as much as 25% in 2026.
- Leadership positions remain unfilled, while there's uncertainty about who qualifies for the new cybersecurity talent management system.
Implication: Staff fear a weakened governmental cybersecurity defense due to stalled retention.

“Staff say the cuts could reduce some salaries by up to 25% starting in 2026...raising fears of further weakening the government’s cyber defenses.” ([03:55])

2. Full Chain iOS Zero-Day Exploit Advertised

[04:09 – 05:10]

A threat actor claims to have a full chain zero-day for iOS 26, enabling remote code execution and full device control.
The exploit, discovered on a restricted cybercrime forum, could allow for invisible device compromises and significant data theft (messages, locations, photos).
Advice: Organizations should treat the threat as critical and be ready to deploy patches as soon as Apple issues them.

3. AI in Operational Technology: International Guidance

[05:10 – 06:24]

The U.S. and eight other national cyber agencies released joint guidance for safely integrating AI into operational technology (OT).
Risks Identified:
- Model drift, data quality issues, opaqueness in AI decision-making, and over-reliance on automation threaten OT safety and reliability.
Recommendations:
- Build strong governance frameworks.
- Maintain human oversight and extensive fail-safes.

4. Microsoft Lowers AI Sales Targets

[06:24 – 07:32]

Microsoft has cut growth expectations for its agentic AI products, facing weak enterprise adoption.
Some sales units saw less than 20% of representatives meet targets.
Enterprise Hesitation: High cost, reliability issues, and preference for competitors (e.g., ChatGPT) cited.
Raises questions about the immediate real-world demand for agentic AI tools.

5. Major Fintech Ransomware Breach

[07:32 – 08:14]

Marquee Software Solutions, serving over 700 financial institutions, suffered a ransomware breach via a SonicWall firewall flaw.
Approximately 250,000 people’s data may be exposed—names, contact info, SSNs, tax IDs, and financial details.

6. Arizona Sues Temu for Data Practices

[08:14 – 09:12]

Arizona's Attorney General is suing Temu and PDD Holdings for alleged mass data harvesting and deceptive practices, including hidden malware-like code and potential data transfers to the Chinese government.
Other states have filed similar lawsuits.

7. Capita and the Black Basta Ransomware Fallout

[09:12 – 10:26]

Capita Plc, after a massive 2023 ransomware incident, received a record £14M ICO fine for negligence.
Key failures included slow alert handling and unaddressed vulnerabilities, with over 6 million impacted.
Lesson: “Secure Active Directory, conduct meaningful pen tests, and communicate transparently.” ([10:04])

8. UK Sanctions Russia’s GRU

[10:26 – 11:13]

Following an official inquiry, the UK sanctioned Russia’s GRU for the 2018 Salisbury operation and other cyberattacks, exposing eleven linked individuals.

Deep Dive – The Challenges and Future of Email Security

Interview with Dave Baggett
[13:36 – 24:58]

Lay of the Land: Why We Still Have Email Problems

Email remains ubiquitous—8 to 9 billion mailboxes globally (2025).
Security and usability were afterthoughts: “All this security stuff was grafted on...in the Internet circa 1971. There was no security because we were all friends, right?” (Dave Baggett, [14:54])
Email is federated—anyone can run a server, making central vetting impossible.

Why Email Is Still the Top Attack Vector

The lack of central authority enables bad actors to spoof email sources.
Brands are easily impersonated because HTML-based emails can be visually perfect fakes.
Detection relies heavily on the recipient’s systems and manual whitelists.

(Not So) Simple Fixes and Modern Messaging

Evolution has occurred: attachments, HTML, layered security add-ons.
Newer messaging apps (Signal, iMessage) have stronger default authentication but haven’t replaced mass email.

Generative AI and LLMs: The New Game Changer

LLMs are supercharging attackers with quickly-generated, well-crafted phishing templates.
Empirical Demo:
“You...can go onto your favorite LLM chatbot...and it will just give you a perfectly grammatical phishing template...now imagine you’re the attacker, that cost you $0.” ([19:49])
Attackers’ asymmetry: practically free attacks force defenders to invest heavily in detection.
Defenders use AI increasingly to analyze mail, but cannot afford full-scale LLM analysis on every message, requiring creative, resource-sparing approaches.

Are We Making Progress?

Continuous cat-and-mouse game: “They’re constantly creating new tactics to get through...But also, we’re getting better at generalizing tactics and using smarter AI.” ([21:53])
Optimistic view: “We’re heading towards a world where very, very little of this malicious mail is actually going to get through, provided that you’re using a system that...incorporates...modern AI capabilities.” ([22:43])

Final Advice for Practitioners

Don’t assume all email security tools are equal—“There are stark differences...try a system on your own email and you’ll see the good ones really block stuff.” ([23:39])
Enable multi-factor authentication as a security baseline.
Avoid common password pitfalls and prioritize authentication hygiene.

Notable Quotes & Moments

On why email endures (and remains risky):

“It’s this completely ubiquitous thing that we all hate. And it actually was the genesis of my third startup...” – Dave Baggett ([14:23])
On generative AI tipping the scales:

“It does enable the attackers...the signal that we used to rely on for decades—broken grammar...now the AI can just write perfect language...” – Dave Baggett ([20:38])
On hope for better security:

“We’re not quite there yet, but I think it’s close to being a solved problem, honestly.” – Dave Baggett ([22:45])

Other Noteworthy News

US Courts Mandate AI Transparency in Filings

[25:51 – 26:49]

New rule: As of January 2026, any court filing in the Southern District of California that used AI must include a note disclosing the system and affirming human fact-checking.
Applies to all legal participants—intended to prevent unchecked AI hallucinations in crucial legal documents.

Timestamps for Major Segments

[02:54] — CISA Pay Cuts & Personnel Issues
[04:09] — iOS Zero-Day Exploit
[05:10] — International AI/OT Guidance
[06:24] — Microsoft Agentic AI Sales
[07:32] — Marquee Data Breach
[08:14] — Temu Lawsuit in AZ
[09:12] — Capita Black Basta Penalties
[10:26] — UK Sanctions Russia’s GRU
[13:36] — Email Security Interview: Dave Baggett
[25:51] — US Court: AI Use Disclosure Rule

Tone & Takeaway

The episode mixes urgency (threats, breaches, talent gaps) with pragmatic optimism (growing AI-powered defenses and improving best practices).
The Dave Baggett interview tempers technical detail with humor and relatable weariness, while still closing with hope for solving the email phishing problem with advanced tools.

Pay cuts and a personnel freefall.

Powered by Wave AI

Summary

CyberWire Daily – “Pay Cuts and a Personnel Freefall.”

Episode Overview

Key News Highlights & Insights

1. CISA Faces Pay Cuts and a Talent Exodus

2. Full Chain iOS Zero-Day Exploit Advertised

3. AI in Operational Technology: International Guidance

4. Microsoft Lowers AI Sales Targets

5. Major Fintech Ransomware Breach

6. Arizona Sues Temu for Data Practices

7. Capita and the Black Basta Ransomware Fallout

8. UK Sanctions Russia’s GRU

Deep Dive – The Challenges and Future of Email Security

Lay of the Land: Why We Still Have Email Problems

Why Email Is Still the Top Attack Vector

(Not So) Simple Fixes and Modern Messaging

Generative AI and LLMs: The New Game Changer

Are We Making Progress?

Final Advice for Practitioners

Notable Quotes & Moments

Other Noteworthy News

US Courts Mandate AI Transparency in Filings

Timestamps for Major Segments

Tone & Takeaway

Summary

CyberWire Daily – “Pay Cuts and a Personnel Freefall.”

Episode Overview

Key News Highlights & Insights

1. CISA Faces Pay Cuts and a Talent Exodus

2. Full Chain iOS Zero-Day Exploit Advertised

3. AI in Operational Technology: International Guidance

4. Microsoft Lowers AI Sales Targets

5. Major Fintech Ransomware Breach

6. Arizona Sues Temu for Data Practices

7. Capita and the Black Basta Ransomware Fallout

8. UK Sanctions Russia’s GRU

Deep Dive – The Challenges and Future of Email Security

Lay of the Land: Why We Still Have Email Problems

Why Email Is Still the Top Attack Vector

(Not So) Simple Fixes and Modern Messaging

Generative AI and LLMs: The New Game Changer

Are We Making Progress?

Final Advice for Practitioners

Notable Quotes & Moments

Other Noteworthy News

US Courts Mandate AI Transparency in Filings

Timestamps for Major Segments

Tone & Takeaway