A

You're listening to the Cyberwire network powered by N2K.

B

Ever wished you could rebuild your network from scratch to make it more secure, scalable and simple? Meet Meter, the company reimagining enterprise networking from the ground up. Meter builds full stack zero trust networks including hardware, firmware and software, all designed to work seamlessly together. The result? Fast, reliable and secure connectivity without the constant patching, vendor juggling or hidden costs. From wired and wireless to routing, switching, firewalls, DNS security and vpn, every layer is integrated and continuously protected in one unified platform. And since it's delivered as one predictable monthly service, you skip the heavy capital costs and endless upgrade cycles. Meter even buys back your old infrastructure to make switching effort, transform complexity into simplicity and give your team time to focus on what really matters, helping your business and customers thrive. Learn more and book your demo@meter.com cyberwire that's M E T E R.com cyberwire Ending the government shutdown revives an expired cybersecurity law the DoD finalizes a new model for building US military cyber forces. A North Korean APT exploits Google accounts for full device control. The EU dials back AI protections in response to pressure from big tech companies and the US Government. Researchers discover a critical vulnerability in the Monstra FTP web based file management tool. The Landfall espionage campaign targets Samsung Galaxy devices in the Middle East. Five Eyes partners fret eroding cooperation on counterintelligence and counterterrorism. Israeli spyware maker NSO Group names the former U.S. ambassador to Israel as its new executive chairman. We got our Monday biz roundup. Tim Starks from cyberscoop discusses uncertainty in the federal Cyber Corps program and the friendly face of digital villain. It's Monday, November 10th, 2025. I'm Dave Buettner and this is your Cyberwire Intel Briefing. Thanks for joining us here today. It's great to have you with us. Congress is moving to end the federal government shutdown with legislation that also revives an expired cybersecurity law. The bill includes a short term extension of the Cybersecurity Information sharing Act of 2015, which lapsed at the end of September. The law gives companies legal protection when sharing cyber threat data with the government and other firms, a safeguard industry leaders consider essential. The Senate voted 60 to 40 to advance the measure Sunday night, but it still needs approval from the House and President Trump's signature. The temporary extension, running through January, gives lawmakers time to negotiate a longer term fix. Competing proposals from House and Senate leaders differ sharply while the Trump administration continues to advocate a 10 year renewal without changes. The Department of Defense has finalized a new model for building US Military cyber forces, aiming to fix long standing challenges in recruiting and retaining skilled personnel. The plan, derived from the earlier Cyber Command 2.0 overhaul, outlines a years long implementation effort meant to strengthen U.S. cyber Command's capabilities. Key initiatives include a Virtual Advanced Cyber Training and Education center expected to reach initial readiness by late fiscal 2028 and full operation by 2031 and a cyber Innovation Warfare center to accelerate new cyber capabilities between 2026 and beyond 2030. Some milestones stretch into 2033, however. The slow rollout may fuel renewed calls from experts and lawmakers for a dedicated cyber military branch. Critics argue existing services have failed to supply sufficient qualified personnel. While Pentagon officials say the new model justifies delaying a separate cyber force. DoD calls the plan a transformative step toward greater lethality and agility. North Korean state sponsored hackers hijacked Google accounts to remotely control and wipe Android devices in South Korea, according to cybersecurity firm Genions. The campaign, attributed to North Korea's Kony Advanced Persistent Threat Group, marks the first confirmed case of Pyongyang linked actors exploiting Google accounts for full device control. Attackers gained access through spear phishing emails impersonating South Korea's National Tax Service, then abused Google's Find Hub feature, normally used to locate lost devices to track, reset and disable victims smartphones. They then compromised Kiko Talk messenger accounts to spread malware via trusted contacts, amplifying the reach of the attack. Victims included a counselor for North Korean defector students. Genians called the operation a highly sophisticated social engineering campaign combining device neutralization with account based malware propagation. The European Commission is preparing to pause parts of its Artificial Intelligence act, responding to pressure from big tech companies and the US Government, according to a draft proposal seen by the Financial Times. Brussels plans to include the move in a simplification package set for November 19th. Aiming to ease compliance and maintain global competitiveness. The proposal would grant a one year grace period for companies using high risk AI systems and delay enforcement of AI transparency rules until August 2027. The plan follows U.S. warnings that strict EU digital rules could strain transatlantic relations. While the AI act took effect in August 2024, most provisions, especially for high risk AI, begin in 2026. Officials insist the EU remains committed to the act's goals, but implementation could shift to avoid economic disruption. Cybersecurity firm Watchtower discovered a critical vulnerability in the Monsta FTP Web based file management tool that could let attackers completely take over affected web servers. The flaw allows remote code execution without requiring authentication, meaning hackers can exploit it before logging in. Attackers could trick the application into downloading and saving malicious files anywhere on the server, giving them full control. Monsta FTP, widely used by businesses and individuals to manage website files via browser, was found to have this flaw in its latest versions, echoing older unresolved vulnerabilities. Watchtower reported the issue on August 13th of this year, and developers quickly released a patched version on August 26. Users are urged to update immediately to prevent exploitation. Researchers at Palo Alto Networks Unit 42 uncovered a nine month espionage campaign using commercial grade spyware dubbed Landfall, targeting Samsung Galaxy devices likely in the Middle East. The Android spyware exploited a zero day flaw in Galaxy Phones image processing libraries via malformed DNG image files sent through WhatsApp. The zero click malware enabled microphone, camera and call recording, as well as data and location exfiltration with no user interaction required. The vulnerability, privately reported to Samsung in September 2024, was only patched in April of this year. Unit 42 linked Landfall's tactics and infrastructure to commercial spyware vendors and noted similarities to the Stealth Falcon group tied to the uae, though no direct connection was proven. Targets likely include users in Iraq, Iran, Turkey and Morocco. At a secret meeting near London this past May, FBI Director Kash Patel reportedly promised MI5 chief Ken McCallum to preserve an FBI position in London that supported Britain's high tech surveillance work. Patel later allowed the post to lapse amid White House budget cuts, leaving MI5 frustrated and raising doubts among US allies about his reliability. The episode detailed by the New York Times has deepened Five Eyes partners concerns that Patel's partisan approach and dismissal of career agents are eroding cooperation on counterintelligence and counterterrorism. Allies reportedly view the bureau as adrift and increasingly politicized. Patel's controversial overseas conduct, including gifting illegal replica guns in New Zealand and firing a senior agent in Australia, has reinforced those worries. The FBI declined to comment on Patel's talks with MI5, but former intelligence officials warned that trust once lost among Five Eyes members is difficult to rebuild. Israeli spyware maker NSO Group has named former US Ambassador to Israel David Friedman as its new executive chairman, part of an effort to rebuild ties with Washington and escape the U.S. commerce Department blacklist imposed in 2021 for enabling transnational repression. The move follows a takeover by US Investors led by Hollywood producer Robert Simons, ending the involvement of NSO's founders. Friedman, a close Trump ally, said he aims to show that NSO's tools can help keep Americans safer by supporting law enforcement. Nso, best known for its Pegasus spyware, insists it sells only to vetted governments to fight terrorism, though critics accuse it of aiding surveillance abuses. Friedman said he will seek new U.S. partnerships while ensuring tighter client oversight. NSO continues operating under Israeli Defense Ministry regulation and faces ongoing legal and reputational challenges worldwide. Looking at our Monday BIZ roundup, global cybersecurity and tech investment activity surged this past week, led by Armis $435 million pre IPO round, valuing the San Francisco attack surface management firm at $6.1 billion. The funding, led by Goldman Sachs Alternatives, will support Armis growth toward a planned IPO and $1 billion in annual recurring revenue. Other notable raises include Denmark's formalize at 30 million euros to expand its GRC platform across Europe, Israel's Daylight at $33 million to accelerate its AI powered security operations, and Canada's Flare, coming in at $30 million to drive innovation in threat exposure management. Smaller rounds supported reflectives at $22 million, wide field security with 11.3 million, and stealth startups Milanta and Spectrum Labs each bringing in $10 million in M&A. Google's $32 billion acquisition of Wiz cleared a key US antitrust review, while Francisco Partners agreed to take jamf Private for $2.2 billion. Additional deals included Ping Identity's acquisition of Keyless Zscaler buying SPLX and Bugcrowd acquiring Mayhem Security to expand AI and API defense capabilities. Be sure to check out our complete business briefing on our website. It's part of Cyberwire Pro. Coming up after the break, Tim Starks from cyberscoop discusses uncertainty in the Federal Cyber Corps program and the friendly face of digital villainy. Stay with us. We've all been there. You realize your business needs to hire someone yesterday. How can you find amazing candidates fast? Well, it's easy. Just use Indeed when it comes to hiring, Indeed is all you need. Stop struggling to get your job post noticed Indeed. Sponsored Jobs helps you stand out and hire fast. Your post jumps to the top of search results so the right candidates see it first and it works. Sponsored jobs on indeed get 45% more applications than non sponsored ones. One of the things I love about Indeed is how fast it makes hiring. And yes, we do actually use Indeed for hiring here at N2K CyberWire. Many of my colleagues here came to us through Indeed plus with Sponsored Jobs. There are no subscriptions, no long term contracts. You only pay for results. How fast is Indeed? Oh, in the minute or so that I've been talking to you, 23 hires were made on Indeed, according to Indeed Data Worldwide. There's no need to wait any longer. Speed up your hiring right now with Indeed and listeners to this show will get a $75 sponsored job credit. To get your jobs more visibility at indeed.com cyberwire just go to indeed.com cyberwire right now and support our show by saying you heard about Indeed on this podcast. Indeed.com cyberwire terms and conditions apply. Hiring Indeed is all you need. Foreign what's your 2am Security worry? Is it, do I have the right controls in place? Maybe are my vendors secure? Or the one that really keeps you up at night? How do I get out from under these old tools and manual processes? That's where Vanta comes in. Vanta automates the manual work so you can stop sweating over spreadsheets, chasing audit evidence, and filling out endless questionnaires. Their trust management platform continuously monitors your systems, centralizes your data, and simplifies your security at scale. And it fits right into your workflows. Using AI to streamline evidence collection, flag risks, and keep your program audit ready all the time. With Vanta, you get everything you need to move faster, scale confidently, and finally, get back to sleep. Get started@vanta.com cyber that's v a n t a dot com cyber it is always my pleasure to welcome Tim Starks back to the show. He is a senior reporter at cyberscoop. Tim, welcome back.

A

My pleasure.

B

So I want to touch on a couple of stories that you have written for the folks over at cyberscoop. Starting with this story that we had the cbo, the Congressional Budget Office, acknowledging a cyber incident. What's going on here, Tim?

A

Yeah, so they acknowledged the cyber incident to us. The Washington Post had reported on it first. The response from CBO is we've got this under control. This is a. This is something we discovered. We've taken action to fix it. We're going to be taking even more action. Seems there's a little bit more to it than that. There was in the Post story that there was a note that they believe this was a suspected foreign actor. There was some discussion online from security researchers that this might have been China that did this. There's still more spilling out about this while we're talking, and I think it'll be a little bit more before we know more. But the other thing that they said was that they had caught it early. The officials that spoke on background that they thought it was under control. Okay, so we will see Time will tell.

B

That's right. Time will tell. It always does. Yeah. So as you and I are recording this, we don't really have very much in the way of details of the degree to which data was exfiltrated or anything. Yeah.

A

I mean, the sense is that whoever the hackers were, they did get access to potentially the communications between the Congressional Budget Office and lawmakers. The Congressional Budget Office, for those who aren't obsessed with Washington, insidery business, is basically, they're the body. That's. Whenever Congress produces a bill, they go, we think this will add X millions or billions or trillions to the deficit. So that's their major role. But they do other things as well. So you can imagine there'd be a lot of correspondence back and forth between the researchers at the cbo, an organization that was created be nonpartisan, and lawmakers offices themselves. So that's potentially worrisome as far as the impact. We have seen this kind of thing before a little bit where there have been ways for hackers to sort of indirectly back into the offices of lawmakers. And they're. They're what they're saying to other people. We've seen it with the DC HealthLink hack. We've seen it with the Library of Congress hack. So that's. That's the potential fallout is that people who are spies overseas get. Get some insight into the thinking of policymakers that we wouldn't normally want them to have.

B

Yeah. I want to touch on a couple of other articles that you've written here related to the same topic, and that's the Cyber Corps, these scholarships for service, that was a federal job program specifically for cybersecurity folks. There's been some uncertainty here as to the future of the program and perhaps what folks who are involved in it might be on the hook for.

A

That's exactly right. Essentially, when you sign up for Cyber Corps scholarship for service, and thousands of people have participated in this program since it was created toward the beginning of this century, you say, thank you, government, for the scholarship money. You're giving us the stipends for us to continue studying. And at the end of it, the government expects you to serve for 18 months or, sorry, within 18 months, you must serve after graduation. You also need to do an internship. Well, anybody who's been paying attention to what's been going on with federal government lately is that it's hard to get jobs there. In fact, it's hard to keep jobs there. And it's. And it seems as though that they're continuing to shrink the number of jobs available, including in the cyberspace and maybe even especially. And I talked to a number of some students who are active participants in this program and they're very worried that what is going to happen is that they're not going to be able to find jobs to fulfill their part of the contract. And it turns out that when you do that, when you don't do that, the government says, you owe us all that money that we gave you. So this will be converted into loans. And this is hundreds of thousands of dollars for some of these students. So it's a very big potential problem right now. A lot of them are having trouble finding jobs. Some of them have had offers for jobs that were rescinded or internships. So they're in a real big bind potentially.

B

Well, you did a follow up article here that was talking about how perhaps OPM is going to give them a little more time.

A

Yeah. So that's what OPM is, the agency that, that co administers this program. Essentially it's managed by the National Science Foundation. For what it's worth, the people who are in this program have been complaining that OPM and sf, all the organizations that are involved in this program have not been giving them much information about what's going on here. They've complained that there was supposed to be a big job fair in January. They got moved to October. Well, October ended and there was no job fair. This is where a lot of students actually make a lot of progress. So that's yet another layer of things that have been difficult about this. So OPM says when the shutdown ends, our plan is to coordinate with NSF and see if we can't do a mass deferment. That's something that the students I talked to said, well, okay, that's a little bit of progress. On the other hand, we're kind of worried that the deferment isn't going to get the job done. Are there suddenly going to be new jobs available at the end of that deferment? It doesn't seem like that's the way the federal government is going. It doesn't seem like they're going to be going back to hiring a bunch more people after getting rid of so many. So they're concerned that that's not going to do the trick. It does seem as though there's at least something happening that the OPM is aware that it's a problem. I don't know if my story and another colleague at another publication wrote a story about this as well. I don't know if that inspired them to say, okay, we need to take a look at this, because it just so happens that this was the first time that the students had heard anything from anybody in a long time about what's going on with this program. The other thing, of course, is that they're worried that after the shutdown ends, seems like it kind of runs the risk of being. It seems like it might be politicizing their future, because obviously what's going on with the shutdown has been very political, and the Republican administration has been looking to blame the other side for this, and this maybe could be another lever they could potentially do that with. So that's some of the concerns that the students have about this thing is happening. They're glad to have heard from OPM at all, but they're worried that this isn't going to necessarily get the job done, and they'd like to see something concrete right now. This is just talking about a thing they might. They might do, and that's not happening yet.

B

Right. And it seems like they're. They're approaching this in good faith, that they want to fulfill their obligation, but the government just might not have the opportunity for them to do that.

A

Yeah. And that goes to the future of the program. I mean, I've. I've done some additional reporting, and I'll probably do some more on this as we go. But one of the things I've been hearing that I didn't quite capture in the articles that I publish already is the degree to which, even though the story led off, the first story I wrote led off with people worrying about the future of the program. There's more to be worried about here about how do you get people to sign up for a program when the people who were in the program before suddenly might not be able to get the jobs? And what's fascinating about this is that this program was meant to be a way to fill the gigantic cybersecurity worker gap in the federal government. If you don't have people wanting to participate in this program in the future because they've seen what's happened to the people who were just in the program, where does that leave this program? Where does it leave the future of it? The budget proposal for this program was a 65% reduction. So where does that leave the future of the program? I think it's a huge question and a worrisome one.

B

I wonder, what could possible outcomes be here? I mean, obviously, the government could have some sort of forgiveness program that would be maybe ideal for the people involved. But, but has there any been any talk of maybe having these people fulfill their obligation at the state level, you know, find or, or work in a critical infrastructure for a private company? You know, is anyone trying to be creative here?

A

Yeah. So there is a certain section of the, of the participants of the program who are allowed to work in state and local government. They're finding that those jobs are rather sparse as well. Some of the other things that people talked about. So one of the things, of course, is that for some reason there is a rollback of these, largely DOGE inspired, but have continued even past the outset of doge. If some of these cuts are rolled back, then, okay, the situation improves. Some of the other things that people have talked about besides just outright getting rid of the program, is a mass forgiveness of the loans. Another would be to look at some other kinds of programs that are similar to this, where you're just guaranteed a job, right? That if you are in the program, they have a job for you somewhere. It's just going to be a thing that exists. There are some other ideas that are being thrown around about that. The thing that is also a little concerning about that, you mentioned the idea of the private sector. There are people who are looking at, okay, should I do the private sector job? Because, well, at least I can pay off my loans if I get paid well. But that also seems to be kind of against the spirit of the program. And some of these people, while some of them may have looked at this as a means to an end to get a cybersecurity education, a good number of them actually wanted to work in the government. And this has soured them to a certain degree on that. There's other alternatives that are a little less viable for most people entering the military to get the government to pay the loans. The idea of getting a research exception, I talked to one student who had done that, where you just kind of are able to research on college campuses. So there might be some ways to deal with this outside of them getting a job in the government. That seems unlikely right now, but right now it's more just in the idea stage. You know, I don't know the degree to which the government had been thinking about this prior to our, to the stories that were written about this. I'm not saying that we changed anything. I don't know. But we just don't know whether that this is something they've been thinking about for very long. It might have been that we. We spurred them to think about it, or it might have been that they've been thinking about it for a while. They just haven't been communicating. I'm not sure which one it was. It seems like wherever we are, it's still in the idea stage.

B

Yeah. All right. Well, stay tuned and Tim Starks is senior reporter at cyberscoop. Tim, thanks so much for taking the time.

A

Thank you, Dave.

B

Foreign they know cybersecurity can be tough and you can't protect everything. But with Thales, you can secure what matters most. With Thales's industry leading platforms, you can protect critical applications, data and identities anywhere and at scale with the highest roi. That's why the most trusted brands and largest banks, retailers and healthcare companies in the world rely on Thales to protect what matters most applications, data and identity. That's Thales. T H A L E S learn more@talasgroup.com cyber and now a word from our sponsor, ThreatLocker, the powerful Zero Trust Enterprise Solution that stops ransomware in its tracks. Allow Listing is a deny by default software that makes application control simple and fast. Ring Fencing is an application containment strategy, ensuring apps can only access the files, registry keys, network resources and other applications they truly need to function. Shut out cybercriminals with world class endpoint point protection from Threat Locker. And finally, when a BBC reporter met with Tank, known to the FBI as Yakoslav Penshikov, in a prison meeting room, he didn't storm in like a fallen cyber overlord. Instead, he poked his head around a pillar, flashed a movie star grin and winked. It was a fitting entrance for a man who once hacked banks by Day and DJed nightclubs as DJ Slavarich by night. Penchakov's charm, not just his code, helped him lead the Jabber, zeus and Iced ID gangs, stealing millions and earning a decade on the FBI's most wanted list. Now serving time in a low security Colorado prison, he studies English, plays sports and jokes. Not smart enough. I'm in prison. His remorse is selective. He regrets trusting fellow hackers more than the havoc he caused in cybercrime. He reflects your friends become informants. Even behind bars, Tank seems oddly content, just another outlaw who mistook charisma for cleverness. And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com a quick programming note we're taking a brief pause Tomorrow, Tuesday, November 11th, to honor and celebrate our veterans. While we're away, we'd like to highlight a great conversation from our T Minus podcast where Maria sits down with Lieutenant Rob Sarver and Alex Genzior, authors of Warrior to the Field Manual for the Hero's Journey. It's an insightful look at helping veterans navigate life after service. Now we can all do our part to support them. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you as safe step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music by Elliot Peltzman. Our executive producer is Jennifer Ivan. Peter Kilby is our publisher, and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow.