CyberWire Daily: Pentagon Hits Fast-Forward on Software Certs
Released on April 25, 2025

Introduction

In the April 25, 2025 episode of CyberWire Daily, hosted by N2K Networks, a comprehensive overview of the latest developments in the cybersecurity landscape is presented. This episode, titled "Pentagon hits fast-forward on software certs," delves into significant industry news, including major cyberattacks, regulatory investigations, vulnerabilities in critical systems, and innovations shaping the future of cybersecurity. Additionally, the episode features an insightful discussion on the RSAC Innovation Sandbox, highlighting emerging trends and breakthroughs from industry leaders.

Major News Highlights

1. Pentagon Introduces "Swift" for Software Certification

The U.S. Department of Defense is revolutionizing its software approval process with a new system named Swift. Announced by Acting CIO Katy Arrington, Swift leverages artificial intelligence to expedite the certification of software for Defense Department networks, a task that previously took months or even years.

Katy Arrington (04:35): "The old risk management framework and ATO process are stupid and archaic. It's time for a change."

Under this initiative, software vendors will submit security information and software bills of materials to the government’s eMASS system, where AI tools will automatically review the data and issue provisional Authorities to Operate (ATOs) much faster than manual processes allowed. The move also mandates third-party certifications to ensure comprehensive verification.

2. Work Composer Data Breach Exposes 21 Million Screenshots

A significant privacy incident has impacted Work Composer, a widely used employee monitoring tool. Cybersecurity researchers uncovered that over 21 million real-time screenshots were inadvertently exposed on the open internet via an unsecured Amazon S3 bucket. These screenshots captured sensitive employee activities, including emails, passwords, and proprietary company data.

Dave Bittner (04:58): "This leak highlights a bigger issue. Too many companies still don't grasp the shared responsibility model for cloud security."

With more than 200,000 users, the potential risks include identity theft, scams, and fraud, although there is currently no evidence of unauthorized access to the images. Experts emphasize the importance of securing cloud databases to prevent such high-profile breaches.

3. US Launches Antitrust Investigation into TP-Link

The U.S. government has initiated a criminal antitrust investigation into TP-Link, a California-based router manufacturer with Chinese affiliations. Prosecutors are examining whether TP-Link engaged in predatory pricing to dominate the U.S. market and assessing if its expanding presence poses national security threats. This probe, which began under the Biden administration, continues into the Trump era. Concurrently, the Commerce Department is investigating TP-Link’s connections to China. While TP-Link denies any wrongdoing, the investigations are ongoing and could continue for several years.

4. Healthcare Sector Suffers Major Data Breaches

Two significant data breaches in the healthcare sector have come to light:

• Yale New Haven Health is notifying 5.5 million individuals after a cyberattack in March compromised data from a third-party vendor, Perry Johnson and Associates. Stolen information includes names, medical records, and Social Security numbers.

• Frederick Health in Maryland reported a breach affecting nearly 1 million patients. Hackers accessed sensitive data such as addresses, birth dates, and insurance information by infiltrating the network between December 2023 and January 2024.

These incidents underscore the persistent vulnerabilities associated with third-party vendors and the interconnected nature of healthcare IT systems. Affected individuals are being urged to remain vigilant against identity theft and fraud.

5. South Korea's SK Telecom Confirms Cyberattack

SK Telecom, serving 34 million subscribers, confirmed a cyberattack on April 19 that exposed sensitive SIM card data. The breach occurred late on a Saturday night, exploiting staffing gaps to bypass security measures. While no names or financial details were leaked, the stolen SIM information could facilitate SIM swap attacks. Although SK Telecom detected and contained the malware swiftly, the company faced criticism for delayed customer notifications and has pledged to enhance its security protocols moving forward.

6. Critical Zero-Day Vulnerability in SAP Applications

A zero-day vulnerability has been identified, posing risks to over 10,000 SAP applications. This flaw, which scored a perfect 10 out of 10 on the CVSS scale, allows unauthenticated attackers to upload malicious binaries via the Visual Composer metadata uploader in SAP Netweaver. Discovered by ReliaQuest, the vulnerability has been exploited using malicious JSP web shells, enabling full endpoint control, payload deployment, and lateral movement across networks.

Dave Bittner (05:35): "Experts warn that the vulnerability could lead to espionage, sabotage, and fraud across cloud and on-prem environments."

Although SAP has released a patch, the ease of exploitation necessitates immediate action from organizations to secure exposed systems and mitigate potential threats.

7. Emerging Security Risks in AI Agents

As AI agents become integral to online tasks, new research highlights significant security vulnerabilities:

• Extension Total discovered that a suspicious Chrome extension was communicating with a local model context protocol (MCP) server without user consent. This extension could potentially bypass browser sandboxing and manipulate local systems, accessing sensitive data or performing unauthorized actions.

Dave Bittner (07:00): "This discovery exposes a major new attack surface, especially in environments where MCP servers link to services like Slack, WhatsApp, or local file systems."

Security teams are advised to monitor and secure AI infrastructure to prevent unauthorized access and exploitation.

8. Policy Puppetry Attack Bypasses AI Safeguards

Hidden Layer, an AI security firm, revealed a new attack method dubbed Policy Puppetry, which can circumvent the safety guardrails of major generative AI models. By formatting malicious prompts to resemble policy files (e.g., XML, INI, JSON), attackers can override system instructions, enabling AI models to produce restricted or harmful content.

Dave Bittner (07:45): "Policy Puppetry shows that today's LLM training and alignment methods still have critical gaps."

The firm successfully tested this attack on models from OpenAI, Anthropic, Google, and Meta, highlighting the urgent need for additional security layers to protect against such vulnerabilities.

9. Data Breach Class Action Settlements Reach $155 Million

New research from Panaceer indicates that U.S. companies have disbursed $155 million in data breach class action settlements over the past six months. Analyzing lawsuits filed between August 2024 and February 2025, the study found 43 new filings and 73 settlements, averaging approximately $3 million each. The healthcare, finance, and retail sectors were the hardest hit, with most lawsuits citing inadequate security measures, encryption failures, and delayed breach notifications.

Dave Bittner (09:00): "Panaceer stresses that strong, demonstrable cybersecurity practices are now critical for legal defense."

This trend underscores the financial and reputational risks associated with data breaches and the importance of robust cybersecurity frameworks.

RSAC Innovation Sandbox: Accelerating Cybersecurity Innovation

Overview

A significant portion of the episode is dedicated to the RSAC Innovation Sandbox, a prestigious contest held during the RSA Conference (RSAC) 2025. Hosts Cecilia Marinier, Vice President at RSAC, and David Chen, Head of Global Technology Investment Banking at Morgan Stanley, discuss the event's 20th anniversary and its role in fostering cutting-edge cybersecurity solutions.

Interview Highlights

• Cecilia Marinier (14:05): Expresses enthusiasm for the 20th anniversary of the Innovation Sandbox, emphasizing its importance in celebrating and amplifying cybersecurity innovation.

• David Chen (14:17): Highlights the global significance of RSAC and the Innovation Sandbox, noting that past winners have become industry stars and have significantly impacted the cybersecurity landscape.

• Dave Bittner (16:48): Describes the Innovation Sandbox format, where entrepreneurs have three minutes to pitch their ideas to a panel of expert judges, aiming to identify forward-thinking companies addressing contemporary cybersecurity challenges.

Key Themes in Innovations

David Chen identifies three main themes emerging from the top 10 finalists in the Innovation Sandbox contest:

1. Securing the Use of AI:
   With the rapid adoption of AI technologies, ensuring their secure implementation is paramount. Challenges include visualizing AI applications, controlling access, and implementing appropriate data safeguards.

2. Embedded Systems and Hardware Security:
   As industries integrate more embedded systems and hardware, vulnerabilities in these areas present significant security risks. This is especially critical in environments adopting next-generation machinery and robotics.

3. Automating Security Operations Centers (SoC):
   Addressing the labor shortage in cybersecurity, innovations focus on automating processes within SoCs to enhance efficiency, reduce response times, and enable proactive threat hunting.

David Chen (17:22): "Cybersecurity was number one, even actually above AI, believe it or not. And so I think that combined with the escalating cyber threatscape just makes this an incredibly vibrant sector."

These themes reflect the evolving priorities in the cybersecurity industry, emphasizing the need for robust AI security, hardware protection, and operational efficiency.

Event Details

The Innovation Sandbox contest is set to commence at the Moscone Center on Monday, April 28, starting at 9:30 AM, with winners to be announced later that day. The event promises to showcase the most innovative and impactful cybersecurity solutions, providing a platform for startups and established companies to demonstrate their advancements.

Dave Bittner (21:45): "It's so impressive how many companies are out there really working on these challenging problems."

Conclusion

The April 25, 2025, episode of CyberWire Daily provides a deep dive into critical cybersecurity issues ranging from governmental policy changes and major data breaches to innovative solutions propelling the industry forward. The discussion on the RSAC Innovation Sandbox underscores the dynamic nature of cybersecurity, highlighting the continuous effort to stay ahead of emerging threats through innovation and collaboration. For cybersecurity professionals and enthusiasts alike, this episode offers valuable insights into the current state and future directions of the field.

Notable Quotes:

• Katy Arrington (04:35): "The old risk management framework and ATO process are stupid and archaic. It's time for a change."
• Dave Bittner (04:58): "This leak highlights a bigger issue. Too many companies still don't grasp the shared responsibility model for cloud security."
• Dave Bittner (05:35): "Experts warn that the vulnerability could lead to espionage, sabotage, and fraud across cloud and on-prem environments."
• Dave Bittner (07:00): "This discovery exposes a major new attack surface, especially in environments where MCP servers link to services like Slack, WhatsApp, or local file systems."
• Dave Bittner (07:45): "Policy Puppetry shows that today's LLM training and alignment methods still have critical gaps."
• Dave Bittner (09:00): "Panaceer stresses that strong, demonstrable cybersecurity practices are now critical for legal defense."
• David Chen (17:22): "Cybersecurity was number one, even actually above AI, believe it or not. And so I think that combined with the escalating cyber threatscape just makes this an incredibly vibrant sector."
• Dave Bittner (21:45): "It's so impressive how many companies are out there really working on these challenging problems."

For more detailed insights and ongoing updates in the cybersecurity realm, tune into future episodes of CyberWire Daily.