A

You're listening to the Cyberwire Network powered by N2K.

B

We've all been there. You realize your business needs to hire someone yesterday. How can you find amazing candidates fast? Well, it's easy. Just use Indeed when it comes to hiring, Indeed is all you need. Stop struggling to get your job post noticed Indeed Sponsored Jobs helps you stand out and hire fast. Your post jumps to the top of search results so the right candidates see it first and it works. Sponsored Jobs on indeed get 45% more applications than non sponsored ones. One of the things I love about Indeed is how fast it makes hiring. And yes, we do actually use Indeed for hiring here at N2K CyberWire. Many of my colleagues here came to us through Indeed plus with Sponsored Jobs. There are no subscriptions, no long term contracts. You only pay for results. How fast is Indeed? Oh, in the minute or so that I've been Talking to you, 23 hires were made on Indeed according to Indeed Data Worldwide. There's no need to wait any longer. Speed up your hiring right now with Indeed and listeners to this show will get a $75 sponsored job credit. To get your jobs more visibility at indeed.com cyberwire just go to indee indeed.com cyberwire right now and support our show by saying you heard about Indeed on this podcast. Indeed.com cyberwire terms and conditions apply. Hiring Indeed is all you need.

A

Prosper data breach reportedly affected more than 17 million accounts Microsoft revokes certificates used in Rise IDA ransomware operation Threat actors exploit Cisco Flaw to deploy Linux rootkits Europol disrupts cybercrime as a service operation Beavertail and Otter Cookie merge and display new functionality Singapore Cracks down on social Media on our Industry Voices segment today, we are joined by Danny Jenkins who is talking about defending against AI and who let the bots out. Today is Friday, October 17, 2025. I'm Maria Varmazes, host of T Minus Space Daily, taking the mic for Dave Buettner and this is your Cyber Wire Intel Briefing. Thank you for joining me on this Friday. Let's get into it. A data breach disclosed last month by financial services company Prosper affected more than 17 million accounts. According to Bleeping Computer. Prosper disclosed that the attackers stole Social Security numbers belonging to Prosper customers and loan applicants, but didn't share how many users were impacted. Have I been poned? Disclosed the alleged scope of the breach yesterday, saying that the breach affected 17.6 million unique email addresses as well as names, dates of birth, government issued IDs, employment status, credit status, income levels, physical addresses, IP addresses and browser user agent details. Prosper spokesperson told Bleeping Computer that the company quote is not able to validate HaveIBenPWN's report, adding the investigation to determine what data was affected and to whom it belongs remains ongoing. Microsoft disrupted a Rysider ransomware operation by revoking more than 200 certificates that were being used to sign malicious teams installers, according to Security Week. The company attributes the activity to the financially motivated threat actor called Vanilla Tempest. Microsoft stated running the fake Microsoft Teams setup delivered a loader, which in turn delivered a fraudulently signed Oyster backdoor. Vanilla Tempest has incorporated Oyster into their attacks as early as June 2025 and but they started fraudulently signing these backdoors in early September 2025 to fraudulently sign the fake installers and post compromise tools. Vanilla Tempest was observed using Trusted Signing as well as SSL.com, digiCert and GlobalSign code signing services. Trend Micro has published a report on the exploitation of a Cisco SNMP vulnerability to deploy rootkits on older Linux systems. The researchers have dubbed the operation Zero Disco after the universal password used by the malware, the report notes. Trendmico Telemetry has, as of writing, detected that Cisco 9400 series and 9300 series are affected by this operation. The operation also affected Cisco 3750G devices with no Guest Shell available, but this type of device has already been phased out and treadmicro added this Currently, there is no universal automated tool that can reliably determine whether a Cisco switch has been successfully compromised by the Zero Disco operation. So if you suspect a switch is affected, we recommend contacting Cisco TAC immediately and asking the vendor to assist with a low level investigation of firmware, ROM and boot regions. Security researchers have disclosed critical vulnerabilities in Connectwise, a widely used remote monitoring and management platform. Attackers could exploit these flaws to gain unauthorized access, execute arbitrary commands, or escalate privileges across managed networks. Some of the issues stem from inadequate input validation and weak authentication checks in key modules, including Web interfaces and API endpoints. Because remote monitoring and management tools inherently have deep privileged access, exploiting them can grant attackers broad control over client environments, so users are strongly urged to apply vendor patches immediately, audit all privileges and sessions, and monitor logs for suspicious behavior. The situation does underscore how remote monitoring and management and managed service provider software do remain prime targets, as when compromised, they act as force multipliers for attackers. A Europol coordinated operation resulted in the arrest of five Latvians accused of operating a service that sold phone numbers to scammers. According to the record, police seized 1,200 SIMbox devices and 40,000 active SIM cards, Europol stated the online service created by the criminal network offered phone numbers registered to people from over 80 countries for use in criminal activities. It allowed perpetrators to set up fake accounts for social media and communication platforms, which were subsequently used in cybercrimes while obscuring the perpetrator's true identity and location. North Korea linked operators are using stealthy modular malware and social engineering to steal credentials and cryptocurrency. Cisco, Talos and Google's Threat Intelligence Group observed campaigns linked to famous Cholima that involved the use of Beavertail and Otter Cookie, which are separate but complementary malware strains frequently used by the North Korea Aligned Threat Group. Researchers said that their analysis determined the extent to which Beavertail and Otter Cookie have merged and displayed new functionality in recent campaigns. Those recent campaigns trick job seekers into installing loaders that deploy info stealers, backdoors and ransomware, often rotating tool sets and infrastructure to evade detection. Attackers favor low noise tactics like rust based binaries, transacted hollowing and impersonation of legitimate services to blend malicious traffic and reduce forensic footage footprints. Compromised endpoints are leveraged for targeted crypto theft, data exfiltration and follow on ransomware, while operators rapidly switch payloads and C2 servers to frustrate defenders. Singapore's parliament passed a sweeping new law granting authorities broad powers to block harmful online content, target platforms with fines up to 1 million Singaporean dollars or the equivalent of US$740,000 and require removal of content at quote, short notice. The legislation empowers the Infocom Media Development Authority to issue takedown orders without court approval and mandate platforms to use proactive monitoring tools. Platforms that fail to comply may be blocked in Singapore, and foreign services face stricter obligations if they reach large audiences in the country. While dubbed the move to protect society from disinformation and cyber harm, critics warn that it risks censorship and overreach, especially given its vague definition of what harmful speech means. Civil liberties groups say that the law could chill online discourse and give the state sweeping control over public narratives. After the break, we have our industry voices segment, with Danny Jenkins, CEO and co founder of Threat Locker, talking about defending against AI and who let the bots out?

B

What's your 2am security worry? Is it do I have the right controls in place? Maybe Are my vendors secure or the one that really keeps you up at night? How do I get out from under these old tools and manual processes. That's where Vanta comes in. Vanta automates the manual work so you can stop sweating over spreadsheets, chasing audit evidence and filling out endless questionnaires. Their trust management platform continuously monitors your systems, centralizes your data and simplifies your security at scale. And it fits right into your workflows. Using AI to streamline evidence collection, flag risks, and keep your program audit ready all the time. With Vanta, you get everything you need to move faster, scale confidently and finally get back to sleep. Get started@vanta.com cyber that's V-A-N-T A.com cyber and now a word from our sponsor, ThreatLocker. The powerful Zero Trust Enterprise solution that stops ransomware in its tracks. Allowlisting is a deny by default software that makes application control simple and fast. Ring Fencing is an application containment strategy, ensuring apps can only access the files, registry keys, network resources and other applications they truly need to function. Shut out cybercriminals with world class endpoint protection from Threat Locker.

A

On our Industry Voices segment, Dave Bittner recently sat down with Danny Jenkins, CEO and co founder of ThreatLocker, to talk about defending against AI. Here's their conversation.

B

All right, so today we are talking about zero trust in this era of intelligent malware and dealing with AI. Before we dig into the AI part of this story, I would love to hear from you how you define zero trust.

C

So essentially the idea of zero trust is to allow what is needed and block everything else or deny everything else, essentially least privilege. So in the case of applications, it means if an application is required to do your job or function, you it should be allowed to run. If it's not, it should be blocked whether it's malware or whether it's a game or a remote access tool. In the case of what applications should do, we'd say if an application needs to talk to the Internet or needs to see your files, it should be able to see your files. If it doesn't, it shouldn't.

B

How has the state of the art of zero trust changed over the past few years?

C

So I think the biggest change is really the usability of it. And that's where we've really focused is how do we make this so it's ours and days at worst to deploy, not months and years to deploy. And traditionally zero trust was very, very complicated if you weren't a brand new business because nobody knew what they needed and what they didn't. And I think what's changed is the technology is the ability to learn from the history of applications, know what applications need to do so you can apply those policies without effort.

B

Well, let's talk about AI. I mean, in this era we find ourselves in certainly rapid change here. How has AI affected people's ability to rely? Zero trust.

C

So I, I think it, it's made it more important because now we're in a situation where we're trying to determine things are good or bad that have never been seen before. If we go back four years ago, you had to be a software engineer to write a piece of malware or you had to buy it. And antivirus companies, EDRs would add that malware into that database as soon as they saw it. And it was a few days behind, a few weeks behind, few months behind sometimes, but they would eventually get it added into their database. Today, anyone with a computer, there's now 5, 6, 7 billion people in the world that can create malware. That malware has never been seen before. It's very hard to determine if its intent is good or bad. Is it a piece of backup software that's copying your files to the Internet or is it a piece of malware? And what that's meant is zero trust is so much more important because this unknown is going to be blocked by default.

B

And what are you all seeing in terms of what the bad guys are doing? Embracing AI.

C

So I think the two areas we see the most of is AI created malware, malware that's brand new, never seen before. And even something as simple as ChatGPT, if you ask it to write you a piece of backup software to find where you store your files and upload them to the Internet, it will do that and it will give you the code and spit it right out. So we're seeing a lot of malware created like that that hasn't been seen, but also a lot more scamming. It's a lot easier for an attacker to send you a convincing email saying, hey, I need to update your machine. Can you click on this? Whereas previously these emails were badly written, they were poor English, it took a long time. Again they were being reused and getting picked up by anti spam. Now every time you go into AI or you can go into any kind of AI LLM and say, write me an email as if I'm in the HR department telling people they should update their machines for security reasons. And it will write a really well crafted email, they can hit, regenerate and it'll create functionally the same email, but very uniquely different email, so it's harder to be detected by Spam, even voice AI we're seeing sometimes not as much, where attackers definitely, when they're more targeted, are simulating someone's voice to call and saying, can you run this on your machine?

B

Can we talk about some of the challenges that folks are facing when it comes to AI and cybersecurity more generally? What are some of the things that you all are seeing here that people are challenged with?

C

So I think there's two challenges. One is the risk of attack because of the increase in AI. So that malware, that spam email, that scamming email. But the other challenge is companies and users using AI without necessarily the knowledge of the company and copying company data into LLMs that maybe don't keep that confidential, will build that into their training model, IP source code. And that's a big concern as well. And companies really don't know how to control what tools the users are using and what to do about that. So that's probably the second biggest challenge.

B

Well, are there any particular areas where zero trust has challenges when it comes up against the AI specter, if you will.

C

So I think only to the point of where it's implemented. And we also have to classify AI. If we think about AI in 2010, 2011, it was all the big word, big data AI, machine learning. And AI in those times was we're going to build out and use data from the past to make decisions about the future. Image recognition, even when, think back to Tesla self driving cars, or at least partially self driving cars in 2016, 2017. Then suddenly we got the second wave of AI, which is really LLMs, the ChatGPT, OpenAI, the Grox, those type of things. And what we've seen is a lot of people have reclassified what was previously considered as machine learning or intelligence based on previous Data sets as AI. But then we also have the LLMs. And that's what's really new is this LLM, the ability to create content based on that. I think the only risk where it comes to a zero trust environment is the person that's implementing it could be convinced to implement something because they've got a voice call from somebody. But it's less likely because they're the people that are trained on cybersecurity. These are the processes we follow. This is what we're going to do in a non zero trust world where we're trying to, to detect AI is incredibly bad at detecting malicious intent and it can also be manipulated. Data can be injected in. So if you for example, created a piece of malware Put it on the Internet, wrote a blog post about it. This software does this. It's good software. And then you asked AI to research that because it doesn't exist anywhere else, it's going to go to the one source on the Internet, which is the attacker source. So AI is really bad at detecting, but from a zero trust point of view, because we're blocking by default, it really doesn't matter too much.

B

Well, I know you and Your colleagues at ThreatLocker talk about zero trust being not just technology, but a mindset. Why is that distinction important?

C

So technology is a tool. So if you think about, if you say I'm going to implement zero trust and you think I'm going to buy a tool. So if you buy Threat Locker and you implement our allowless thing and our network controls to block network ports and you implement our storage to block storage, you implement detect policies that automatically limit how much you can upload, that is a set of tools to help you do something. But the starting point, and this is not just about technology, the starting point in anything is not to buy the tool, but what do I want to achieve, how do I achieve it? And it could also be granting a permission to a file. A lot of companies back in, well, even today will set up a File Server or SharePoint, allow the whole company to access that SharePoint, even if they don't need to access it. And they say, well, it's okay, it's only the marketing department, or I don't think our marketing people are going to steal our source code. And well, in most cases that's true. You do have inside a threat. So when you think about zero trust, you're saying it's not just about stopping untrusted software. It's also about making sure your marketing team don't have access to your source code. Or this part, developers don't have access to this source code. And when you think about that mindset, it really helps you everywhere. And I'll give you one example. I Remember back in 2015, I think it was, I was dealing with a ransomware attack. The entire business was encrypted. Someone had got in, ran malware, encrypted all of the file shares that got on as a domain administrator, all of the file shares, all of the laptops, everything except one share. And that was the payroll share. And the reason the payroll share wasn't encrypted was because someone at some point said, I don't want the IT guy seeing the payroll, so I'm going to remove domain admin Permissions from payroll, and the payroll wasn't encrypted. Now, if they had taken a zero trust approach to even file those at that point, they wouldn't have been able to encrypt the marketing and the accounts and the other things that were allowed open to the whole company. So it's not just about stopping untrusted software. That's probably one of the most important zero trust approaches you can take. But it's also about stopping files being copied and uploaded where they shouldn't be and other things like that.

B

Yeah, that's a fascinating story. I mean, in an attempt to protect some information that they felt shouldn't have been accessible to a certain employee, they ended up making themselves less secure.

C

Well, in that case, they're making them the payroll more secure. But they only protected the payroll. Everything else was allowed. So the domain admin could access everything except the payroll. And they took away the payroll. And that was the only thing that wasn't encrypted because they didn't trust the IT guy with the payroll.

B

I see. Where do you suppose we're headed with this? As you look towards the future and zero trust in the development of AI, what's in your crystal ball?

C

So I think the future. Well, I know the future of security has to adopt a least privileged approach and call it zero trust, call it least privilege, but it has to. If we think about. Look at the breaches, I mean, look at mgm. Do we think mgm, one of the most advanced companies in the world when it comes to security, they have cameras and monitors all over their business. Do you think their cybersecurity didn't have a SOC and an EDR and some of the best detection tools in the world, and yet we saw them completely shut down from someone running a piece of malware or giving someone access. So I think as a world, we have to accept that the future of security is about blocking first, setting controls, making sure people don't have access to more than they need to. And there's no choice of that. And I think we've proven that as a company, because today we've got nearly 70,000 companies that have implemented zero trust. 69,900 of them had never taken or even considered that approach before. And the future is nearly every business will have to adopt this and that's going to change the paradigm of cybercrime because it's going to be much harder for the criminals and they're going to have to start doing something else.

B

Do you find that the people come to the table, potential customers for you feeling as though this is going to be a much heavier lift than it actually is, the conversion to using Zero trust.

C

Absolutely. Nearly 99% of our customers think this is going to be a complete disaster. And we as a company have to educate, show them the reason we do extended trials. For that reason, we'll say, why don't you do a long trial, we'll deploy it, we'll actually secure it. We'll do simulations to show you what will happen, but it's always starting with fear and then always being pleasantly surprised that with the right tool set, the implementation doesn't have to be.

B

Well, before I let you go, just a tip of the hat, how much me and my crew enjoyed being at Zero Trust World last year in Florida and being able to do our hacking humans show live. It's quite an event you and your colleagues threw down there.

C

Okay, I appreciate that. Thank you. Yeah, hopefully we see you again next year.

B

We're looking forward to it.

A

And that was Dave Bittner sitting down with Danny Jenkins, CEO and co founder of ThreatLocker. Talk about defending against AI. And if you enjoyed their conversation and want to hear the full interview, head over to our Industry Voices page where there's a link in the show notes.

B

At Talas, they know cybersecurity can be tough and you can't protect everything. But with Thales, you can secure what matters most. With Thales industry leading platforms, you can protect critical applications, data and identities anywhere and at scale with the highest roi. That's why the most trusted brands and largest banks, retailers and healthcare companies in the world rely on Thales to protect what matters most, applications, data and identity. That's Thales. T H A L E S learn more@thalesgroup.com Cyber.

A

When did making plans get this complicated? It's time to streamline with WhatsApp, the secure messaging app that brings the whole group together. Use polls to settle dinner plans, send event invites and pinned messages so no one forgets mom 60th and never miss a meme or milestone. All protected with end to end encryption. It's time for WhatsApp message privately with everyone. Learn more@WhatsApp.com and finally today, Niantic, the company that gave us Ingress and Pokemon Go, is once again blending the digital world with the real one. Their new AR pet game called Peridot now comes with a new twist. Your alien dog can talk through a partnership with Hume AI and Snap's latest spectacles, Niantic's Dots. And those would be colorful dog sized companions you can only see with augmented reality can now act as your personal tour guide. Now I want you to picture walking along the San Francisco waterfront to when your virtual pet pipes up to share a fun historical fact about the pier. It's part navigation, part trivia night and part fever dream. Developers of this say that it is a glimpse of the future, one where AI companions can help guide us through the world around us. And for now, it's a chance to see what happens when man's best friend meets machine learning. Just remember, if your alien dog starts giving you directions, don't forget who's really holding the leash. And that's the Cyberwire for links to all of today's stories, check out our daily briefing@thecyberwire.com and be sure to tune in to an all new Research Saturday Tomorrow where Dave Bittner is joined by eclipsium researchers Jesse Michael and Miki Shatov to share their work on badcam Now Weaponizing Lytics Webcams. That's Research Saturday. Check it out. It's the end of this stint for me sitting in for Dave. He will be back on the mic on Monday. And please check out our sister podcast T Minus Space Daily, where yours truly is the host on your favorite podcast app. We'd love to know what you think of our podcast. Your feedback ensures we deliver the insights that you keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's senior producer is Alice Carood. Our producer is Liz Stokes. We are mixed by Elliot Peltzman and Trey Hester with original music by Elliot Peltzman. Our executive producer is Jennifer Ibin. Pierre Kilby is our publisher and I'm Maria Varmazes in for host Dave Buettner. Thank you for listening. Have a wonderful weekend.

C

Here we have the Limu Emu in.

B

Its natural habitat helping people customize their car insurance and save hundreds with Liberty Mutual. Fascinating.

C

It's accompanied by his natural ally Doug Limu is that guy with the binoculars watching us cut the camera.

B

They see us. Only pay for what you need@liberty mutual.com Liberty Liberty Liberty Liberty Savings Very underwritten by Liberty Mutual Insurance Company and affiliates Excludes Massachusetts Cyber Innovation Day is the premier event for cyber startups, researchers and top VC firms building trust into tomorrow's digital world. Kick off the day with unfiltered insights and panels on securing tomorrow's technology. In the afternoon, the 8th Annual Data Tribe Challenge takes center stage as elite startups pitch for exposure, acceleration, and funding. The Innovation Expo runs all day, connecting founders, investors and researchers around breakthroughs in cybersecurity. It all happens November 4th in Washington, D.C. discover the startups building the future of cyber. Learn more at CID datatribe. Com.