A

You're listening to the Cyberwire Network powered by N2K. Most environments trust far more than they should, and attackers know it. ThreatLocker solves that by enforcing default deny at the point of execution. With ThreatLocker allow listing, you stop unknown executables cold. With ring Fencing, you control how trusted applications behave, and with threatlocker DAC defense against configurations, you get real assurance that your environment is free of misconfigurations and clear visibility into whether you meet compliance standards. ThreatLocker is the simplest way to enforce zero trust principles without the operational pain. It's powerful protection that gives CISOs real visibility, real control, and real peace of mind. ThreatLocker makes zero trust attainable even for small security teams. See why thousands of organizations choose ThreatLocker to minimize alert fatigue, stop ransomware at the source, and regain control over their environments. Schedule your demo@threatlocker.com N2K today. Stolen Target source code looks real. CISA pulls the plug on gogs SAP rushes patches for critical flaws. A suspected Russian spy emerges in Sweden, while cloudflare threatens to walk away from Italy. Researchers flag a WI Fi chipset bug, a long running magecart skimming campaign, and a surge in browser in the browser phishing against Facebook users, Mandiant releases a new Salesforce defense tool and NIST asks how to secure agentic AI before it secures itself. Our guests are Christine Blake and Madison Farbaugh from the Inside the Media Minds podcast plus a Dutch court says seven years is still the going rate for a USB powered cocaine plot. It's Tuesday, january 13, 2025. I'm dave bittner and this is your cyberwire intel brief. Thanks for joining us here today. It's great to have you with us. Multiple current and former employees at Target have confirmed to Bleeping Computer that source code and documentation recently shared by a threat actor appear to be authentic and tied to real internal systems. Employees recognized internal platform names, proprietary project identifiers, and elements of Target's technology stack, including its customized tooling. Shortly after Bleeping Computer contacted the company about the alleged leak, Target implemented an accelerated security change, restricting access to its internal Git server to corporate networks or vpn only. The source of the leak remains unclear. A researcher at Hudson Rock reported a compromised Target employee WorkStation infected with InfoSteeler malware in 2025, though no direct link to the leaked code has been confirmed. The Threat Actor claims the full data set is roughly 860 gigabytes, raising concerns about potential exposure. CISA has ordered federal agencies to immediately stop using or to lock down gogs after a high severity vulnerability was added to its known exploited vulnerabilities catalog. Gogs is an open source self hosted git service used to manage source code repositories. The flaw is a path traversal bug that allows authenticated users to overwrite arbitrary files, effectively enabling remote code execution. According to cisa, the vulnerability is actively exploited and poses significant risk across federal systems. The issue was identified by researchers at Wiz who found hundreds of exposed gogs servers already compromised. GOGS has not yet released a fix forcing users to rely on mitigations like disabling registrations or restricting access behind VPNs. CISA warns that unprotected Internet exposed instances remain at high risk. SAP has released 17 security notes as part of its January 2026 Security Patch Day, including fixes for four critical vulnerabilities. The most severe is a SQL injection flaw in S4HANA that could allow full system compromise. Another critical issue enables remote code execution in wily Intrascope via malicious Java Web Start files. SAP also patched two additional critical code injection bugs that could lead to operating system command execution. Researchers at Onapsis discovered and reported several of the flaws. Beyond the critical issues, SAP addressed multiple high, medium and low severity vulnerabilities across hana, netweaver, Fiori and other products. SAP customers are urged to apply patches promptly as exposed SAP systems are high value targets for attackers. Swedish authorities have detained a 33 year old former IT consultant to the armed forces on suspicion of spying for Russian intelligence. Prosecutors say the alleged activity occurred during 2025, though it may date back to 2022. The suspect previously worked with Sweden's military through an IT services firm and is listed as head of a small cybersecurity company. Officials have released few details, citing national security concerns. The case comes amid heightened scrutiny of suspected Russian espionage across Europe as Sweden continues its support for Ukraine. Cloudflare is threatening to scale back or exit operations in Italy after the Country's communications regulator, AGCOM, fined the company roughly 14 million euros for failing to comply with Italy's anti piracy system. The fine equals about 1% of Cloudflare's global revenue and exceeds what it earns in Italy. Piracy shield allows rights holders to request rapid IP and DNS blocking of suspected pirate services, a process Cloudflare argues lacks judicial oversight and risks widespread collateral censorship. Cloudflare's CEO Matthew Prince called the system incompatible with democratic values and said the company will appeal. He warned Cloudflare could withdraw free services, remove Italian servers and halt support for the upcoming Winter Olympics if the dispute is not resolved. Researchers say a flaw in Broadcom wireless chipsets can let attackers Repeatedly disable the 5 GHz Wi Fi band on affected routers, regardless of security settings. Black Duck found that a single malformed wireless frame could knock all 5 GHz clients offline during testing on an Asus router. The issue stems from a chipset level vulnerability, not configuration errors, and does not require authentication. Broadcom has issued a patch, but researchers warn protocol level flaws can bypass even strong encryption and and enable follow on attacks like rogue evil twin networks. Mandiant has released Aura Inspector, an open source tool designed to help Salesforce administrators identify misconfigurations that could expose sensitive data. The tool focuses on access control issues in Salesforce Aura, the user interface framework behind Experience Cloud sites. While Aura itself is not inherently insecure, configuration mistakes can allow unauthenticated users to access records or abuse APIs to extract data. Aura Inspector automates common abuse scenarios and provides remediation guidance while operating in read only mode. Mandiant says the tool is intended to help defenders secure legacy Aura deployments that remain widely used despite newer frameworks. Security researchers at Silent Push are warning about a large scale magecart style digital skimming campaign that has operated largely undetected since 2022. The campaign uses malicious JavaScript to target checkout pages tied to major payment networks including Visa competitors such as American Express, MasterCard, Discover, JCB, Diners Club and Unionpay, putting most credit card users at risk. The skimmers run client side in victims browsers, making them difficult for site owners to detect. Silent Push traced the activity to infrastructure linked to a bulletproof hosting provider and found long running infections across multiple sites. The attacks replace legitimate payment forms with convincing fakes silently stealing card and personal data. Researchers urge stronger content security policies, access controls and regular monitoring to reduce exposure. Researchers at Trellix say attackers are increasingly using the browser in the browser phishing technique to steal Facebook account credentials. The method uses fake login popups built with iframes that closely mimic legitimate authentication windows, making scams harder to spot. Recent campaigns impersonate law firms or meta security alerts and often rely on shortened links and trusted cloud hosting platforms. Trellix warns the approach marks an escalation in phishing sophistication and urges users to navigate directly to official sites, avoid embedded links and enable multi factor authentication to reduce account takeover risk. The National Institute of Standards and Technology is seeking public input on how to secure agentic artificial intelligence systems as their use expands across government and critical infrastructure. In a new request for information, NIST asks industry and researchers to assess security risks tied to AI agents, defined as systems that combine generative models with software that enables planning and autonomous action. NIST warns these systems introduce unique threats, including hijacking, data poisoning, prompt injection and hidden back doors. Security leaders say those risks are already emerging as agencies deploy AI faster than protective controls mature. Qualus noted that weak governance could allow attackers to manipulate alerts or disable defenses. NIST aims to use the feedback to develop guidelines, evaluation methods and best practices before agentic AI becomes deeply embedded in high impact government operations. Coming up after the break, my conversation with Christine Blake and Madison Faribaugh from the Inside the Media Mind Space podcast. Plus a Dutch court says seven years is still the going rate for a USB powered cocaine plot. Stay with us.

B

New Year, new Me. Cute, but how about New Year, New Money? With Experian you can actually take control of your finances. Check your FICO score, find ways to save and get matched with credit card offers giving you time to power through those New Year's goals. You know you're going to crush start the year off right. Download the Experian app based on FICO scoring model offers an approval not guaranteed. Eligibility requirements and terms apply subject to credit check, which may impact your credit scores. Offers not available in all states. See experian.com for details.

C

Experian.

A

Christine Blake and Madison Faribaugh are from W2 Communications and hosts of the Inside the Media Minds Podcast. Their show is joining the N2K CyberWire network. Here's our conversation. Well ladies, it is my pleasure to welcome you back here on the Cyberwire and we have an exciting announcement to share, which is that Inside the Media Minds Podcast is joining the N2K CyberWire network.

D

Welcome to yes, thank you so much Dave. We're super excited to be talking to you today and also to be joining the network.

A

Well, before we dig in, can we do a little bit of the background and kind of origin story of the podcast itself? What prompted you both to create it?

D

Yeah, great question. So we started the podcast in 2018 and really the purpose was to flip the script on the journalism industry. So we work in cybersecurity and technology communications. So we thought it'd be a great idea to talk to the reporters and the people who cover the industry, really figure out what they're interested in. What are some of the current events happening in the industry, what they care about, how they should be pitched, how vendors can cut through the Noise, really everything that goes on behind the scenes in the journalism industry.

A

So Madison, who are some of the folks that you've had the pleasure of speaking with?

C

Oh goodness. It's so hard to just pick a few out of the many. But I would say some of the more recent ones that come to mind initially are. We had Marina Korolov on our show later in the year, last year, talking all about AI, its impact on journalism. Some others for one of my favorites was our election security episode where we had kind of a roundtable from cyberscoop, Politico Information Week. So that had Xiao Pierre Ruth than I believe it was John Sacco Lauriadis. So definitely wonderful folks. All of them had great insights to share.

A

Well, as I mentioned, you all are joining our network here soon. How do you plan on kicking off this new home for the show?

D

Yeah, so our first episode is coming out on January 13th and we're gonna have CIO Dive's Roberto Torres on the show and he's gonna be talking about what he is covering at CIO Dive, how he approaches it and. And a lot of that conversation is also focused on AI. As you can imagine, one of the things we wanted to ask him about is pretty much every tech and cyber vendor and really any company is talking about AI. So how can companies cut through that noise not just for prospects and buyers and end users, but also in terms of the media. So it's a really good conversation. We think everyone will enjoy it.

A

Yeah, it's a hot topic to say the least. And we joke around here sometimes if people have gone from the enamored phase with AI to the eye rolling phase of AI. So as you say, it's so hard to cut through the noise and yet it's an important topic.

D

Exactly. We've had over a hundred episodes now and Dave, we were looking back and you know, you were a guest in 2019. We wanted to bring that up.

A

I was indeed, yes.

D

And we were looking at how back then it was, I mean, pre Covid, pre AI, kind of like pre everything. So it was a whole different time. So we've really enjoyed watching the episodes in the industry evolve since then.

A

Madison, you were going to say something?

C

Oh, yes. I was just going to comment on some of the parts of Roberto Torres episode that were just really cool to hear about some of his focuses for this year along with AI implementation and governance. Another big topic for him will be focusing on the whole idea of tech talent and how organizations are overcoming different skills shortages this year. So I think that'll be a key theme to pay attention to as well.

A

You know, one of the things I really enjoy about your show is that it is not just for media professionals. It's not just for PR folks. Although all of those people can gain from listening to. Really strikes me how everyone in cybersecurity can do better to learn about communications. I mean, it benefits everyone.

D

Yeah, so much goes into it too. There is a lot that we learn about the editorial process behind the scenes, what it takes to cover certain topics in the 24 hour news cycle. Right. From breaking news to big, longer feature stories. So it's really interesting.

C

Yeah, I would say the other thing too is that I've really enjoyed. I mean, I know it's cliche to say, but really enjoying getting to know the humans behind the publications and all of these stories that they write. Because, you know, we do get advice from these journalists and reporters about how to best interact with them. So I think it also helps raise awareness for them and how is best to work with them because, you know, they get thousands of pitches a day. So I think, you know, that mutually beneficial relationship not just between, you know, PR professionals and their clients, but as well as with us and the media and how we all interact with you all.

A

Yeah, no, it's true. I too get dozens, if not hundreds of pitches a day. And there's such a big difference between the ones that grab my eye and my attention and the ones that just get skipped over and that's important. And those trusted relationships, you know, they're pr. I always say a good PR person is worth their weight in gold. I just wish there were more of them.

D

I love that.

A

But it's true. I mean, the trusted relationships are really so important. There are folks in the PR business that they know what we need. And so if they come to me or my team, I know they're not going to waste our time with something that doesn't fit our program. And so, you know, being able to doing that homework is so important to everyone all around.

D

Exactly. And we hope this podcast can help everyone do that homework and understand these reporters better too.

A

All right, well, it is the Inside the Media Minds podcast. It is joining the N2K CyberWire network. Christine Blake and Madison Faribaugh, thank you so much for joining us and good luck with the show.

D

Thank you so much, Dave. It's been a pleasure chatting with you.

C

Thank you, Dave.

A

Be sure to check out Inside the Media Minds wherever you get your favorite podcasts. And finally, a Dutch appeals court has decided that hacking a C port with malware laced USB sticks, all in the name of cocaine. Logistics still counts as very much illegal, even if you complain about police reading your chats. The Amsterdam Court of Appeal upheld a seven year sentence for a man who turned port IT systems into a convenience tool for smugglers, rejecting arguments that encrypted Sky ECC messages should have stayed private. According to the court, the defendant played a hands on role, persuading a terminal employee to plug in an infected USB stick, which opened months of remote access. His chats read like a running commentary on the break in, grumbling about intrusion detection and promising to wipe logs once he got his admin rights. Judges were unimpressed by claims this was somehow authorized or unfairly prosecuted. The hack they found helped coordinate a 210 kilogram cocaine shipment disguised as wine. One massive drug charge was dropped, but the sentence confiscations and cleanup costs largely stayed put. And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2n2k's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music by Elliot Peltzman. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. Foreign. If you only attend one cybersecurity conference this year, make it RSAC 2026. It's happening March 23rd through the 26th in San Francisco, bringing together the global security community for four days of expert insights, hands on learning and real innovation. I'll say this plainly, I never miss this conference. The ideas and conversations stay with me all year. Join thousands of practitioners and leaders tackling today's toughest challenges and shaping what comes next. Register today@rsaconference.com cyberwire26. I'll see you in San Francisco.