State of emergency in St Paul. - CyberWire Daily

Summary7 min read

CyberWire Daily: "State of Emergency in St Paul" – July 30, 2025

Hosted by N2K Networks, CyberWire Daily delivers essential cybersecurity news and analysis, featuring insights from industry leaders, academia, and global research organizations. In this episode, host Dave Bittner covers a range of pressing cyber incidents and engages with guest Keith Milarsky, Chief Global Ambassador at Q Intel, to discuss cybersecurity trends and experiences.

1. State of Emergency Declared in St. Paul, Minnesota

A significant cyberattack initiated on Friday has crippled the city of St. Paul’s digital infrastructure, compelling Mayor Melvin Carter to declare a state of emergency.

Impact: Key city services, including online payment systems and internet access at public libraries and City Hall, have been rendered inoperative. Emergency services, including 911 operations, remain unaffected.
Response: Governor Tim Walsh has deployed the National Guard’s Cyber Unit to assist, with the FBI spearheading the investigation.
Current Status: Authorities acknowledge the attack's deliberate and sophisticated nature but report no ransom demands. City employees are advised to update their passwords amid fears of potential data breaches.
Official Remarks: Dave Bittner notes, "Officials stress that cyberattacks are becoming more frequent and costly, especially for under-resourced local governments." [04:35]

2. Major Cyberattack Disrupts Orange Telecom in France

On July 25, Orange, one of the world’s leading telecom providers, experienced a cyber intrusion that led to temporary service outages for both business and consumer segments in France.

Response: Orange Cyber Defense swiftly isolated the compromised system to mitigate further impact and initiated an investigation while notifying relevant authorities.
Customer Data: To date, there is no evidence suggesting that customer data was compromised.
Attribution: The incident bears similarities to previous breaches attributed to China’s SALT Typhoon Cyber Espionage Group, though no specific group has been officially blamed.
Recovery: Services impacted by the attack are expected to be fully restored within the day.

3. Linode Suffers Large-Scale Power Outage Affecting Cloud Services

A power failure at Linode’s Newark data center on Sunday triggered extensive service disruptions that extended into early Tuesday.

Affected Services: Nearly all Linode offerings, including web hosting, storage solutions, and Kubernetes deployments, were impacted.
Cause: The outage stemmed from a cooling system failure following the initial power loss. Additional data centers in Dallas, Fremont, Sydney, Tokyo, Toronto, and Washington faced outages due to interconnected dependencies.
Recovery Efforts: Services are being meticulously restored to prevent hardware damage, with stability returning by Monday.
Industry Implications: As Dave Bittner emphasizes, "This incident underscores how vital dependable infrastructure providers are for maintaining global digital and open-source operations." [09:50]

4. Critical Authentication Bypass in AI-Driven App Development Platform

Researchers from Wiz identified a severe authentication bypass vulnerability in Base44, an AI-centric app development platform with over 20,000 users.

Vulnerability Details: Misconfigured API endpoints allowed attackers to bypass Single Sign-On (SSO) by exploiting non-secret app ID values, granting unauthorized access to sensitive enterprise applications handling internal communications and PII.
Response: Wiz reported the flaw to Base44 on July 9, and a patch was deployed within 24 hours. Base44 has stated there is no evidence of data exploitation.

5. AI Training Datasets Contain Extensive Personally Identifiable Information (PII)

A study by Datacomp Common Pool reveals that AI training datasets may inadvertently include millions of images containing PII, such as passports and credit cards.

Findings: An audit of just 0.1% of the dataset uncovered thousands of sensitive documents, suggesting the full dataset could house hundreds of millions of such images.
Concerns: Despite existing privacy measures, many images still contain identifiable information, raising significant privacy and ethical issues regarding AI training practices.
Expert Commentary: "This reveals the flawed assumption that all online data is fair game for training," says Dave Bittner, highlighting the urgent need for stricter privacy standards and consent protocols in AI development. [14:20]

6. Cyberattack Fallout Hits Dating Safety App 'T'

The women-only dating safety app 'T' has shut down its messaging feature following a cyber breach that compromised direct messages and leaked 72,000 images.

Details: Exposed messages include sensitive discussions on topics like abortion and infidelity, heightening user concerns over privacy and security.
Company Response: 'T' is offering free identity protection services and urging users to remain vigilant as investigations continue.

7. Exploitation of SAP NetWeaver Vulnerability by Hackers

Hackers are actively exploiting a critical vulnerability in SAP NetWeaver to deploy the sophisticated AutoColor Linux malware, targeting U.S.-based organizations.

Malware Characteristics: AutoColor is recognized for its stealth, persistence, and evasion capabilities, including executing commands, modifying files, and establishing remote access.
Incident Analysis: First identified in February, the April attack utilized a remote code execution flaw to install the malware. Although SAP patched the vulnerability in April, exploitation has surged, involving ransomware groups and suspected state actors from China.
Security Advisory: Administrators are strongly urged to implement SAP’s security patches without delay.

8. CISA and FBI Update Advisory on Scattered Spider Threat Group

CISA and the FBI have released an updated advisory regarding the Scattered Spider group, also known as Octopus or Storm 0875, highlighting their advanced tactics in targeting large organizations.

Tactics Employed: The group utilizes impersonation, vishing, and malware such as RAT and Dragon Force ransomware to infiltrate systems, exfiltrate data, and extort victims.
Operational Methods: Scattered Spider begins with social engineering, leveraging tools like TeamViewer and RMM software, exploits cloud environments, and employs "living off the land" techniques to evade detection.
Defense Recommendations: The advisory urges the adoption of phishing-resistant MFA, allow-listing, network segmentation, and continuous monitoring to counteract the group’s evolving strategies.
Quote: Keith Milarsky remarks, "Scattered Spider now prioritizes spear phishing enriched by social media data, making their attacks more personalized and harder to detect." [19:05]

9. Data Breach at Everglades Correctional Institute Exposes Visitor Information

A significant data breach at the Everglades Correctional Institute in Miami-Dade County has exposed personal contact details of numerous prison visitors to all 1,600 inmates.

Breach Details: A staff member inadvertently emailed names, phone numbers, and email addresses, raising fears of potential harassment or extortion among affected individuals.
Policy Flaw: The incident has been attributed to an outdated visitation process requiring visitors to resubmit personal information for each visit.
Advocacy Response: Florida Cares is calling for immediate reforms to safeguard the privacy and safety of families and visitors.

Interview with Keith Milarsky, Chief Global Ambassador at Q Intel

In this episode, Dave Bittner welcomes Keith Milarsky, a retired FBI Special Agent with over two decades of experience in cyber cases, now serving as the Chief Global Ambassador at Q Intel and co-host of the podcast "Only Malware in the Building."

Career Journey and Transition

Keith Milarsky shares his transition from a 20-year tenure as an FBI Special Agent to the private sector. Highlighting his undercover work documented in books like Kingpin and Dark Market, Keith explains how his experience in government now informs his role in defending commercial networks against cyber threats.

Quote: "When you switch over to the commercial side, you're really about protecting that business and ensuring the business continuity to prevent bad guys from stealing intellectual property." [16:29]

Advice for Aspiring Cybersecurity Professionals

Keith emphasizes the fulfillment derived from public service in cybersecurity, encouraging newcomers to the field to consider roles that contribute to national and public safety despite potentially lower financial incentives compared to the private sector.

Quote: "There is no better reward than going out and getting a bad guy or protecting somebody." [18:48]

Podcasting and Sharing Knowledge

Discussing his role as a co-host, Keith expresses enthusiasm for sharing his insights and experiences to help others navigate the complexities of cybersecurity.

Quote: "I'm at that point in my career where I want to give back to people and share what I've learned." [20:26]

Upcoming Developments: U.S. Telecommunications Security Report

The episode concludes with a brief mention of the anticipated release of CISA’s long-buried U.S. telecommunications security report from 2022. This report, which has been a point of contention between CISA and Senator Ron Wyden, is expected to unveil critical vulnerabilities and foreign espionage activities impacting U.S. telecom networks.

Senate Action: The Senate has unanimously passed a bill mandating CISA to release the report within 30 days, amidst ongoing debates over national security implications.
Potential Impact: The report is rumored to expose significant security lapses and foreign infiltration by groups like China’s Salt Typhoon.

Conclusion

This episode of CyberWire Daily provides a comprehensive overview of recent cybersecurity incidents, highlighting the increasing sophistication and frequency of cyber threats. The interview with Keith Milarsky offers valuable perspectives from a seasoned expert bridging public and private sector cybersecurity efforts.

For further details on today’s stories and to participate in the CyberWire’s annual audience survey, visit thecyberwire.com.

This summary excludes advertisements and non-content segments to focus solely on the critical cybersecurity news and insightful discussions presented in the episode.

Loading summary

Transcript27 lines

[00:02]
Dave Bittner
You're listening to the Cyberwire Network powered by N2K. Bad actors don't break in, they log in. Attackers use stolen credentials in nearly 9 out of 10 data breaches. Once inside, they're after one thing your data. Varonis AI powered data security platform secures your data at scale across las SaaS and hybrid cloud environments. Join thousands of organizations who trust Varonis to keep their data safe. Get a free data risk assessment@varonis.com Officials in St. Paul, Minnesota declare a state of emergency following a cyber attack. Hackers disrupt a major French telecom A power outage causes widespread service disruptions for cloud provider Linode. Researchers reveal a critical authentication bypass flaw in an AI driven app development platform. A new study shows AI training is chock full of pii. Fallout continues for the T dating safety app. Hackers are actively exploiting a critical SAP netweaver vulnerability to deploy malware. CISA and the FBI update their Scattered Spider advisory. A Florida PR exposes personal information of visitors to all of its inmates. Our guest today is Keith Milarsky, Chief Global Ambassador at Q Intel, retired FBI Special agent and co host of Only Malware in the Building and CISA and Senator Wyden come to terms mostly over The Long Buried US Telecommunications in Security Report Foreign July 30, 2025 I'm Dave Bittner and this is your Cyberwire Intel Briefing. Thanks for joining us here today. It's great to have you with us. A cyber attack that began Friday has forced the city of St. Paul, Minnesota to shut down many of its digital systems, prompting Mayor Melvin Carter to declare a state of emergency. Key city services, including online payments and Internet access at libraries and City hall, are offline, though 911 and emergency systems remain operational. Governor Tim Walsh activated the National Guard Cyber Unit to assist with while the FBI leads the investigation. Officials say the attack was deliberate and sophisticated, though no ransom demand has been reported. City employees are urged to change passwords amid concerns about data exposure. The origin and extent of the breach remain unclear, but officials stress that cyberattacks are becoming more frequent and costly, especially for under resourced local governments. Orange One of the world's largest telecom companies, detected a cyberattack on July 25 that disrupted some services in France. Orange Cyber Defense quickly isolated the affected system to limit impact, though this caused temporary outages for business and consumer services. The company has notified authorities and launched an investigation. So far, there's no evidence customer data was stolen. While no group has been blamed, the incident resembles past telecom breaches linked to China's SALT Typhoon Cyber Espionage Group services are expected to recover sometime today. A major power outage at Newark's 165 Halsey St. Data center on Sunday caused widespread service disruptions for cloud provider Linode continuing into Monday and partially Tuesday. The outage impacted nearly all Linode services, including web hosting, storage and Kubernetes deployments. The root cause was a cooling system failure following the power loss. Other Linode data centers in Dallas, Fremont, Sydney, Tokyo, Toronto and Washington also experienced outages due to interdependencies. Services required slow, careful reactivation to avoid hardware damage. Though no full postmortem has been released. Stability returned yesterday. Linode, a longtime supporter of open source projects and now owned by Akamai, is considered a pillar in the open source ecosystem. This incident underscores how vital dependable infrastructure providers are for maintaining global digital and open source operations. Researchers at Wiz revealed a critical authentication bypass flaw in base 44 and an AI driven app development platform with over 20,000 users. The bug stemmed from misconfigured API endpoints allowing attackers to bypass authentication, including SSO by exploiting non secret app ID values. This exposed private enterprise apps handling sensitive data like internal chatbots and PII. Wiz disclosed the issue to base 44 on July 9 and a fix was deployed within 24 hours. Base 44 claims there's no evidence of past exploitation or data compromise. A new study reveals that millions of images containing personally identifiable information like passports, credit cards and resumes are likely included in the massive AI training dataset. Datacomp Common Pool researchers audited just 0.1% of the dataset and found thousands of sensitive documents, suggesting that hundreds of millions of such images may exist across the full data set. Despite some privacy safeguards, many faces and PII were missed. Commonpool, built from web scraped data dating from 2014 through 2022, has been downloaded over 2 million times and underpins many AI models. Critics argue this reveals the flawed assumption that all online data is fair game for training. AI experts call for stronger privacy standards, clearer consent practices and policy reform to prevent further misuse of online data in AI development. Messaging has been shut down on the women only dating safety app T as the fallout from its recent cyber attack deepens. The company now confirms that direct messages were accessed in the July breach, adding to the 72,000 leaked images previously disclosed. Some exposed messages reportedly involve sensitive topics like abortion and infidelity. T, which helps users screen potential dates, is now offering free identity protection. Users are urged to stay alert as the investigation continues. Hackers are actively exploiting a critical SAP netweaver vulnerability to deploy the advanced autocolor Linux malware with a recent attack targeting a US Based chemical company. First detailed in February, Autocolor is known for its stealth, persistence and evasion techniques. The April attack began with remote code execution that installed a Linux ELF file Using the netweaver flaw. Autocolor can execute commands, modify files, establish remote access and evade detection using rootkit features. Darktrace, which investigated the attack, found that the malware now stalls in sandboxed environments if it can't reach its command and control server, making it harder to analyze. SAP patched the vulnerability in April, but exploitation surged afterward, including by ransomware groups and suspected Chinese state actors. Admins are urged to apply SAP's security fixes immediately. An updated joint cybersecurity advisory from CISA and the FBI warns that the Scattered Spider threat group, also known as Octopus or Storm 0875, continues targeting large organizations with increasingly advanced tactics. This July 2025 update outlines how the group leverages impersonation, vishing and malware like rati, RAT and Dragon Force ransomware to infiltrate systems, exfiltrate sensitive data extort victims. Their operations often start with social engineering and escalate using tools like TeamViewer and RMM software. Once inside, they exploit cloud environments, execute data theft and encrypt systems. Scattered Spider now prioritizes spear phishing enriched by social media data, and uses living off the land tactics to avoid detection. The advisory urges organizations to adopt phishing resistant MFA application, allow listing, network segmentation and continuous monitoring to defend against the group's evolving techniques, which increasingly threaten critical infrastructure and commercial sectors. A major data breach at Everglades Correctional Institute in Miami Dade county exposed the personal contact information of dozens and possibly hundreds of prison visitors to all 1600 inmates. A facility staff member accidentally emailed names, phone numbers and email addresses of recent visitors, alarming recipients who fear potential harassment or extortion. Many affected individuals are angry that the Florida Department of Corrections has yet to acknowledge or notify them. Advocates blame the incident on the flawed visitation process, which requires visitors to resubmit personal details each time. Critics say this policy, originally implemented during the COVID 19 pandemic, is outdated and risky. Some victims, like those with past stalkers or safety concerns, now fear serious consequences. Advocacy group Florida Cares is urging immediate reform to protect families, privacy and safety. Coming up after the break, my conversation with Keith Milarsky, chief global ambassador at Q Intel, retired FBI special agent and co host of Only Malware in the Building and CISA and Senator Wyden Come to terms over the long buried U.S. telecommunications in Security Report. Stay with us. Foreign compliance regulations. Third party risk and customer security demands are all growing and changing fast. Is your manual GRC program actually slowing you down? If you're thinking there has to be something more efficient than spreadsheets, screenshots and all those manual processes, you're right. GRC can be so much easier and it can strengthen your security posture while actually driving revenue for your business. You know, one of the things I really like about Vanta is how it takes the heavy lifting out of your GRC program. Their trust management platform automates those key compliance, internal and third party risk, and even customer trust so you're not buried under spreadsheets and endless manual tasks. Vanta really streamlines the way you gather and manage information across your entire business. And this isn't just theoretical. A recent IDC analysis found that compliance teams using Vanta are 129% more productive. That's a pretty impressive number. So what does it mean for you? It means you get back more time and energy to focus on what actually matters, like strengthening your security posture and scaling your business. Vanta GRC Just imagine how much easier trust can be. Visit vanta.comvrcyber to sign up today for a free demo that's V-A-N-T-A.com cyber Hey everybody, Dave here. I've talked about Deleteme before and I'm still using it because it still works. It's been a few months now and I'm just as impressed today as I was when I signed up. Deleteme keeps finding and removing my personal information from data broker sites and they keep me updated with detailed reports so I know exactly what's been taken down. I'm genuinely relieved. Knowing my privacy isn't something I have to worry about every day. The Deleteme team handles everything. It's the set it and forget it peace of mind. And it's not just for individuals. DeleteMe also offers solutions for businesses, helping companies protect their employees personal information and reduce exposure to social engineering and phishing threats. And right now our listeners get a special deal. 20% off your delete me plan. Just go to JoinDeleteMe.com N2K and use promo code N2K at checkout. That's JoinDeleteMe.com N2k code N2K. And it is my pleasure to welcome back to the show Keith Milarsky. He is the Chief Global Ambassador at Q Intel. But more importantly than that, he is one of the co hosts on Only Malware in the Building, the podcast that Keith and I host, along with our third co host, Selena Larson. I want to say Selena Gomez, but that's not right. Selena Larson from Proofpoint. Keith, it's great to have you back.
[15:03]
Keith Milarsky
Dave, it's always a pleasure. Great to be here.
[15:07]
Dave Bittner
So, for folks who may not be familiar with your background in cyber, can we take a quick trip through your professional career? Where did you get your start and what led you to where you are today?
[15:18]
Keith Milarsky
Yeah, so I was an FBI special agent for 20 years with the majority of those working cyber cases. So during my time at the FBI, I worked undercover for a period of time where my antics, I guess, have been documented in the book Kingpin and also Dark Market by Kevin Poulsen and Misha Glennie. And then I retired from the FBI in 2018, and I went to work at Ernst and Young as part of their cyber consulting business. In the last two years there, I led their cyber threat management cybersecurity practice there. I retired from there, and I thought I was done for a while. I worked with some great colleagues at the FBI and at the government at Q Intel. So they brought me back, and now I'm their chief global ambassador at Q Intel to continue working with companies and government agencies that go after the bad guys, which is what we all really like to do.
[16:23]
Dave Bittner
So really taking that experience that you got with all those years at the agency and applying that to the private sector these days?
[16:29]
Keith Milarsky
Absolutely. Yeah. I kind of have a unique background where I did it both in the government and also on the commercial side. So you kind of see not only going after bad guys, which we love to do at the FBI, but also really kind of defending your network. And how do we keep these bad guys out from stealing our secrets or infecting our computers and affecting commercial. Commercial businesses as well.
[16:56]
Dave Bittner
What is that transition like for folks who are considering a shift from public service to the private sector? How much of a culture shock was that for you?
[17:05]
Keith Milarsky
I think it's a pretty big culture shock in the government. Your mission is just different. Your mission is really to go after the bad guys, track the bad guys, and keep the American people safe. And, you know, in the case of the FBI, where we like to put cuffs on people and bring them to justice and then. But when you switch over to the commercial side, you know, you're really about protecting that business and, you know, ensuring the business continuity to ensure that the bad guys aren't stealing the intellectual property so you can, you know, shift that focus a Little bit. I'd like to tell my team. When I was at ey, I was like, you know, in the government, we were protecting the American people, but at ey, we were protecting the world's biggest companies. So, you know, so. So you kind of just kind of change that focus a little bit. It's different and it takes a little bit getting used to, especially if you came from the government, to really kind of go into that commercial sector because the speed is so much different. You know, I used to like to say sometimes at the FBI it was like watching the rotation of the earth. You never saw it move, but every day, you know, it got light and every day it got dark. So the government just moves at a different PA commercial. As a lot of people know, it's breakneck speed daily.
[18:33]
Dave Bittner
For folks who are just at the beginning of their career in cybersecurity and may be considering some time in the public sector, what's your advice to them? I mean, it seems to me like that time you spent has served you well.
[18:49]
Keith Milarsky
I could not have had a better job, I can tell you. Being an FBI agent was kind of that dream when you're a 15 year old kid and, you know, you see things in movies and I could honestly say that I did things that were that, you know, that you couldn't even imagine in movies. And, you know, a lot of my colleagues did the same thing. So there is no better reward than going out and getting a bad guy or protecting somebody, you know, getting justification for, you know, victims that are out there. It was definitely the most rewarding experience that I could have ever imagined in my life. So I highly recommend anybody that's thinking about doing that to pursue and go into that field. The government always needs good people too, because naturally the government doesn't pay what the commercial sector does, you know, so. But they need strong, dedicated public servants to kind of keep going after the mission.
[19:46]
Dave Bittner
Yeah, well, I mean, it's certainly probably second on your list of most gratifying and satisfying things that you've done in your career is being co host on only malware in the building?
[19:56]
Keith Milarsky
Actually, that's one A Dave, you know that.
[20:01]
Dave Bittner
So at this point in your career, what was the thing that made you say, you know what? This is something that I want to do. I want to try out joining this crazy island of misfit toys and do some podcasting.
[20:14]
Keith Milarsky
Yeah. So. Well, you know, as you know, we have a mutual friend who was a high school friend of mine that actually a high school dance partner of mine.
[20:23]
Dave Bittner
And our Producer Jennifer Iban. Yeah. Who I could not live without.
[20:27]
Keith Milarsky
Yes. So Jen and I, we were talking, and, you know, we. We've had some beers together, and she said that I always have really good stories. And so. So she just kind of talked to me, and I'm like, yeah, let's do it. It's. It's a way to give back and kind of. I'm at that point in my career where I want to give back to people and download what I've learned. And if I could help somebody avoid pitfalls or mistakes that I've made or seen, I want to be there to kind of help that. So I'm just kind of hoping to provide some humorous insights and maybe some good stories to the group. I know you and Selena have done such a great job these first year plus episodes, so I'm just gonna try to contribute wherever I can.
[21:14]
Dave Bittner
Well, if you've never had the opportunity to hear some of Keith Millarsky's storytelling, it is a real treat. I first heard you, gosh, it's probably over a decade ago, when you were giving a presentation about some of your exploits in the FBI, and you're. It's like a real life, I don't know, Jason Bourne or James Bond or. I don't know. I don't know what it is, but it's far more exciting and adventurous than mere civilian mortals like myself can imagine us getting ourselves into.
[21:47]
Keith Milarsky
Well, it's funny that you mentioned it. Cause, like, if you would talk to my wife, she thinks I'm just, like, dolling mashed potatoes, so.
[21:54]
Dave Bittner
Yeah. Yeah. Well, we are obligated by our producers to tease an upcoming episode of Only Malware in the Building. This is pretty special. What do you think we can share about this without giving too much away?
[22:12]
Keith Milarsky
Okay, so we talking about the next episode that's gonna drop in a couple weeks or the one.
[22:16]
Dave Bittner
Yeah, no, the one we're recording later this week. Yes. You know what I'm talking about.
[22:22]
Keith Milarsky
Yes. So this is going to be of epic proportions, Dave, as you know. So this is, you know, we. I'm going to use my FBI interrogation skills to interrogate both you and Selina while you eat very hot things and you can't concentrate on your answers at all. So this is going to be my version of waterboarding. It's going to be hot boarding or something like that, so it should be a lot of fun.
[22:55]
Dave Bittner
I can't help but wonder, if you had actually done this sort of thing when you were in the FBI, could it have been some sort of international incident. Like, is it against the Geneva Convention or something to, you know, chemical weapons against someone's palate?
[23:09]
Keith Milarsky
I can neither confirm nor deny that, Dave.
[23:13]
Dave Bittner
All right, fair enough. Well, do tune in if you have not had the pleasure of listening to Only Malware in the building. It is a podcast right here on the N2K CyberWire network. It is a load of fun. And Keith Milarsky along with Selena Larson are my co hosts. Keith is chief global ambassador at Q Intel. Keith Milarsky, thanks so much for taking the time.
[23:34]
Keith Milarsky
Thanks, Dave. Glad to be part of the team.
[23:49]
Dave Bittner
Did you know Active Directory is targeted in 9 out of 10 cyber attacks? Once attackers get in, they can take control of your entire network. That's why Sempras created Purple Night, the free security assessment tool that scans your active directory for hundreds of vulnerabilities and shows you how to fix them. Join thousands of IT pros using Purple Knight to stay ahead of threats. Download it now at sempris.com purple-knight that's sempras.com Purple Knight Bad actors don't break in. They log in. Attackers use stolen credentials in nearly nine out of 10 data breaches. Once inside, they're after one thing, your data. Varonis AI powered data security platform secures your data at scale across las SaaS and hybrid cloud environments. Join thousands of organizations who trust Varonis to keep their data safe. Get a free data risk assessment@varonis.com and finally, after years of bureaucratic dodgeball, CISA now says it plans to release its long buried U.S. telecommunications insecurity report from 2022, pending, of course, proper clearance. The report, rumored to contain national security facepalms involving US Telecoms, has been the obsession of Senator Ron Wyden, who's turned withholding agency nominations into an art form. His latest would be CISA boss Sean Planky, whose confirmation remains in limbo until the report goes public. The Senate unanimously passed a bill demanding CISA release the document within 30 days. Meanwhile, the report details how foreign spies, most notably China's Salt Typhoon Group, waltzed into telecom networks, intercepted messages, tracked Americans, and maybe sent your texts to Beijing. Wyden calls it a cover up. CISA calls it a pending review. Tomato, tomahto, and that's the cyber wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to hear from you. We're conducting our annual audience survey to learn more about our listeners. We're collecting your insights through the end of August. There's a link in the show notes, please take a moment and check it out. NQK's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music by Elliot Peltzman. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. Krogle is AI built for the enterprise soc, fully private schema free and capable of running in sensitive air gapped environments. Krogle autonomously investigates thousands of alerts weekly, correlating insights across your tools without data leaving your perimeter. Designed for high availability across geographies, it delivers context aware, auditable decisions aligned to your workflows. Krogel empowers analysts to act faster and focus on critical threats, replacing repetitive triage with intelligent automation to help your SOC operate at scale with precision and control. Learn more@krogle.com that's C R O G L com.