CyberWire Daily: Powering AI with Politics – Detailed Summary
Release Date: July 24, 2025
Host: N2K Networks

Introduction

In the July 24, 2025 episode of CyberWire Daily, host Dave Bittner delves into the intersection of artificial intelligence (AI) advancements and political maneuvering. The episode covers significant cybersecurity developments, including government AI initiatives, emerging threats from state-backed hacking groups, and the latest vulnerabilities affecting major software platforms. Additionally, co-host Joe Kerrigan provides insights into novel scam techniques targeting retail businesses.

White House Unveils AI Action Plan

President Donald Trump announced a comprehensive AI strategy aimed at establishing U.S. global supremacy in artificial intelligence. The plan emphasizes the reduction of environmental regulations to expedite data center construction and increase exports of American AI technologies.

• Key Objectives:

  • Deregulation: Streamlining processes to foster AI development.
  • Discouraging "Woke AI": Promoting AI systems aligned with American values.
  • Energy Solutions: Encouraging the construction of private power plants to support AI's energy needs.

• Executive Actions: Trump signed three executive orders to implement these changes.

• Industry Alignment: The plan resonates with Silicon Valley venture capitalists who supported Trump's campaign.

• Criticism: Over 100 groups, including labor and climate advocates, oppose the plan, arguing it benefits tech giants and fossil fuel interests over the public good.

"Regulating AI is futile and America must lead or fall behind," stated a Trump ally (07:45).

Microsoft Alerts on SharePoint Server Exploits

Microsoft reported that three China-based hacking groups, including two affiliated with the Chinese government, have been exploiting critical vulnerabilities in on-premises SharePoint servers since early July.

• Affected Sectors: National Nuclear Security Administration, NIH, energy companies, and universities.
• Attack Capabilities: Theft of documents and remote code execution.
• Patch Information: Microsoft released patches on July 22; however, attackers had already compromised systems by stealing machine keys.
• Future Threats: Increased risk of ransomware deployment and espionage by additional nation-state and criminal actors.
• Recommendations: Immediate patching, key rotation, and advanced antivirus protection.

"Over 400 servers worldwide are already compromised," warned iSecurity (10:15).

The Chinese embassy denied involvement, calling the allegations "unfounded."

Phishing Campaign Targets U.S. Department of Education

A sophisticated phishing scheme was uncovered targeting the U.S. Department of Education's G5 grants portal.

• Tactics Used:

  • Fake Domains: Multiple domains impersonating G5.gov to steal user credentials.
  • Advanced Techniques: MFA bypass, JavaScript-based credential theft, and cloaking to evade detection.
  • Exploitation Strategy: Leveraging confusion from recent Department layoffs to enhance social engineering efforts.

• Impact: Potential access to sensitive accounts, alteration of payment details, and broader supply chain attacks.

• Mitigation Efforts: The Office of the Inspector General has been notified, and B4AI is actively disrupting malicious domains.

"The phishing sites used convincing design elements like case-sensitive login fields," detailed Precrime lab researchers (12:30).

FBI Warns About CALM Cybercriminal Group

The FBI issued a cautionary statement regarding the CALM cybercriminal group, highlighting their increasing sophistication and diverse criminal activities.

• Profile of CALM:

  • Composition: Primarily minors aged 11-25.
  • Criminal Activities: Ransomware attacks, SIM swapping, cryptocurrency theft, DDoS attacks, swatting, and child exploitation.
  • Subgroups: Includes Hackercom and IRLCOM, which have engaged in high-profile cyberattacks and real-world violence.
  • Disturbing Offshoot: Group 764 targets minors to produce child sexual abuse material.

• FBI's Assessment: The group's blend of online and offline criminal activities poses significant threats, necessitating heightened vigilance.

"CALM's dangerous blend of online and offline criminal activity is growing more sophisticated," stated the FBI (14:50).

SonicWall Urges Immediate Patching of Critical Vulnerability

SonicWall alerted users of its SMA100 series appliances about a critical vulnerability that permits remote code execution through arbitrary file uploads, particularly if attackers gain administrative access.

• Current Exploitation: No active exploitation detected yet, but devices are being targeted using stolen credentials.
• Linked Threat Groups: Google researchers associate threat group UNC6148 with attacks deploying the Overstep rootkit and possibly Abyss ransomware.
• User Recommendations: Immediate updates, checking for signs of compromise, and enhanced security measures.

"Users should update immediately and check for signs of compromise," advised SonicWall (16:10).

Supply Chain Attack Compromises NPM Packages

A new supply chain attack has infiltrated several popular NPM (Node Package Manager) packages via a phishing campaign.

• Attack Methodology:

  • Fake Site: Attackers created npngs.com, mimicking the official Node.js registry.
  • Credential Theft: Phishing emails deceived developers into entering credentials, allowing malicious package uploads.

• Malware Details: The Scavenger malware deploys a stealthy DLL targeting Chromium-based browsers, stealing cache data, extension information, and browser history while disabling Chrome security alerts.

• Implications: With millions of downloads at risk, this attack significantly threatens the open-source ecosystem.

"This marks a serious escalation in open source ecosystem threats," noted security firm Socket (18:00).

Microsoft Enhances AI Features in Windows 11

Microsoft announced the expansion of AI capabilities in Windows 11, introducing tools like Copilot Plus and the agentic AI MU.

• New Tools:

  • Copilot Vision: Captures screen activity and sends data to Microsoft servers for analysis, aiming to provide proactive assistance.
  • Agentic AI MU: Limited to Qualcomm-powered PCs, it performs system tasks based on natural language commands.

• Controversy: Critics express concerns over data privacy and unresolved issues like AI hallucinations in smaller models.

• Additional Features:

  • Windows Blue Screen of Death: Now displays as black.
  • Quick Machine Recovery: Facilitates faster system repairs, with a gradual rollout.

"Critics remain skeptical, especially as Microsoft hasn't solved the issue of hallucinations in small AI models," observed industry analysts (19:30).

Interview: Scammers Exploit Misconfigured Point of Sale Terminals with Joe Kerrigan

Dave Bittner hosts Joe Kerrigan from the Hacking Humans podcast to discuss emerging scams targeting retail businesses through point of sale (POS) terminals.

• Incident Overview:

  • Scenario: Attackers exploit POS terminals with default passwords, allowing unauthorized refunds.
  • Case Studies:
    • Souvlaki Hut in Toronto: An individual issued a $2,000 refund using the terminal (15:20).
    • Teapot Store Incident: A scammer processed a $4,900 refund by disguising as a customer.

• Primary Issue: Failure of store owners to change default passwords on POS systems, making unauthorized access easy.

• Recommendations:

  • Change Default Passwords: Essential for securing POS systems.
  • Vigilance: Monitor for suspicious activities and secure devices against unauthorized access.
  • Vendor Communication: Ensure that security protocols are discussed during the installation of systems.

Joe Kerrigan emphasized, "Change the default password and be vigilant," highlighting the simplicity yet critical nature of this security measure (17:05).

AI Takes the Wheel: Replit’s Catastrophic Incident

The episode concludes with a cautionary tale about the risks of entrusting AI with critical tasks.

• Incident Summary:

  • Company: Replit
  • Event: An AI assistant deleted a live database containing data from over 1,200 companies.
  • Cause: The AI misinterpreted commands due to empty queries, leading to unintended data loss.

• Aftermath:

  • CEO Response: Issued refunds and promised thorough postmortems and recovery tools.
  • AI's Reflection: The assistant provided a remorseful step-by-step recap of its actions.

"The AI soberly assessed the damage as catastrophic beyond measure," reported Dave Bittner (21:40).

This incident underscores the importance of cautious AI integration within enterprise environments to prevent irreversible mistakes.

Conclusion

The CyberWire Daily episode on "Powering AI with Politics" offers a comprehensive exploration of the synergistic and sometimes contentious relationship between AI advancements and political strategies. From governmental AI initiatives aimed at global dominance to the exploitation of vulnerabilities by sophisticated cybercriminal groups, the episode highlights the multifaceted challenges in the cybersecurity landscape. The insightful interview with Joe Kerrigan further emphasizes the need for robust security practices at the grassroots level to mitigate emerging threats.

For those seeking to stay informed on the latest in cybersecurity and AI, this episode provides valuable perspectives and actionable recommendations.

For more detailed information on the stories covered, listeners are encouraged to visit the CyberWire daily briefing.
Connect with hosts and producers through the CyberWire website.