CyberWire Daily: "State of Emergency in St Paul" – July 30, 2025

Hosted by N2K Networks, CyberWire Daily delivers essential cybersecurity news and analysis, featuring insights from industry leaders, academia, and global research organizations. In this episode, host Dave Bittner covers a range of pressing cyber incidents and engages with guest Keith Milarsky, Chief Global Ambassador at Q Intel, to discuss cybersecurity trends and experiences.

1. State of Emergency Declared in St. Paul, Minnesota

A significant cyberattack initiated on Friday has crippled the city of St. Paul’s digital infrastructure, compelling Mayor Melvin Carter to declare a state of emergency.

• Impact: Key city services, including online payment systems and internet access at public libraries and City Hall, have been rendered inoperative. Emergency services, including 911 operations, remain unaffected.

• Response: Governor Tim Walsh has deployed the National Guard’s Cyber Unit to assist, with the FBI spearheading the investigation.

• Current Status: Authorities acknowledge the attack's deliberate and sophisticated nature but report no ransom demands. City employees are advised to update their passwords amid fears of potential data breaches.

• Official Remarks: Dave Bittner notes, "Officials stress that cyberattacks are becoming more frequent and costly, especially for under-resourced local governments." [04:35]

2. Major Cyberattack Disrupts Orange Telecom in France

On July 25, Orange, one of the world’s leading telecom providers, experienced a cyber intrusion that led to temporary service outages for both business and consumer segments in France.

• Response: Orange Cyber Defense swiftly isolated the compromised system to mitigate further impact and initiated an investigation while notifying relevant authorities.

• Customer Data: To date, there is no evidence suggesting that customer data was compromised.

• Attribution: The incident bears similarities to previous breaches attributed to China’s SALT Typhoon Cyber Espionage Group, though no specific group has been officially blamed.

• Recovery: Services impacted by the attack are expected to be fully restored within the day.

3. Linode Suffers Large-Scale Power Outage Affecting Cloud Services

A power failure at Linode’s Newark data center on Sunday triggered extensive service disruptions that extended into early Tuesday.

• Affected Services: Nearly all Linode offerings, including web hosting, storage solutions, and Kubernetes deployments, were impacted.

• Cause: The outage stemmed from a cooling system failure following the initial power loss. Additional data centers in Dallas, Fremont, Sydney, Tokyo, Toronto, and Washington faced outages due to interconnected dependencies.

• Recovery Efforts: Services are being meticulously restored to prevent hardware damage, with stability returning by Monday.

• Industry Implications: As Dave Bittner emphasizes, "This incident underscores how vital dependable infrastructure providers are for maintaining global digital and open-source operations." [09:50]

4. Critical Authentication Bypass in AI-Driven App Development Platform

Researchers from Wiz identified a severe authentication bypass vulnerability in Base44, an AI-centric app development platform with over 20,000 users.

• Vulnerability Details: Misconfigured API endpoints allowed attackers to bypass Single Sign-On (SSO) by exploiting non-secret app ID values, granting unauthorized access to sensitive enterprise applications handling internal communications and PII.

• Response: Wiz reported the flaw to Base44 on July 9, and a patch was deployed within 24 hours. Base44 has stated there is no evidence of data exploitation.

5. AI Training Datasets Contain Extensive Personally Identifiable Information (PII)

A study by Datacomp Common Pool reveals that AI training datasets may inadvertently include millions of images containing PII, such as passports and credit cards.

• Findings: An audit of just 0.1% of the dataset uncovered thousands of sensitive documents, suggesting the full dataset could house hundreds of millions of such images.

• Concerns: Despite existing privacy measures, many images still contain identifiable information, raising significant privacy and ethical issues regarding AI training practices.

• Expert Commentary: "This reveals the flawed assumption that all online data is fair game for training," says Dave Bittner, highlighting the urgent need for stricter privacy standards and consent protocols in AI development. [14:20]

6. Cyberattack Fallout Hits Dating Safety App 'T'

The women-only dating safety app 'T' has shut down its messaging feature following a cyber breach that compromised direct messages and leaked 72,000 images.

• Details: Exposed messages include sensitive discussions on topics like abortion and infidelity, heightening user concerns over privacy and security.

• Company Response: 'T' is offering free identity protection services and urging users to remain vigilant as investigations continue.

7. Exploitation of SAP NetWeaver Vulnerability by Hackers

Hackers are actively exploiting a critical vulnerability in SAP NetWeaver to deploy the sophisticated AutoColor Linux malware, targeting U.S.-based organizations.

• Malware Characteristics: AutoColor is recognized for its stealth, persistence, and evasion capabilities, including executing commands, modifying files, and establishing remote access.

• Incident Analysis: First identified in February, the April attack utilized a remote code execution flaw to install the malware. Although SAP patched the vulnerability in April, exploitation has surged, involving ransomware groups and suspected state actors from China.

• Security Advisory: Administrators are strongly urged to implement SAP’s security patches without delay.

8. CISA and FBI Update Advisory on Scattered Spider Threat Group

CISA and the FBI have released an updated advisory regarding the Scattered Spider group, also known as Octopus or Storm 0875, highlighting their advanced tactics in targeting large organizations.

• Tactics Employed: The group utilizes impersonation, vishing, and malware such as RAT and Dragon Force ransomware to infiltrate systems, exfiltrate data, and extort victims.

• Operational Methods: Scattered Spider begins with social engineering, leveraging tools like TeamViewer and RMM software, exploits cloud environments, and employs "living off the land" techniques to evade detection.

• Defense Recommendations: The advisory urges the adoption of phishing-resistant MFA, allow-listing, network segmentation, and continuous monitoring to counteract the group’s evolving strategies.

• Quote: Keith Milarsky remarks, "Scattered Spider now prioritizes spear phishing enriched by social media data, making their attacks more personalized and harder to detect." [19:05]

9. Data Breach at Everglades Correctional Institute Exposes Visitor Information

A significant data breach at the Everglades Correctional Institute in Miami-Dade County has exposed personal contact details of numerous prison visitors to all 1,600 inmates.

• Breach Details: A staff member inadvertently emailed names, phone numbers, and email addresses, raising fears of potential harassment or extortion among affected individuals.

• Policy Flaw: The incident has been attributed to an outdated visitation process requiring visitors to resubmit personal information for each visit.

• Advocacy Response: Florida Cares is calling for immediate reforms to safeguard the privacy and safety of families and visitors.

Interview with Keith Milarsky, Chief Global Ambassador at Q Intel

In this episode, Dave Bittner welcomes Keith Milarsky, a retired FBI Special Agent with over two decades of experience in cyber cases, now serving as the Chief Global Ambassador at Q Intel and co-host of the podcast "Only Malware in the Building."

Career Journey and Transition

Keith Milarsky shares his transition from a 20-year tenure as an FBI Special Agent to the private sector. Highlighting his undercover work documented in books like Kingpin and Dark Market, Keith explains how his experience in government now informs his role in defending commercial networks against cyber threats.

• Quote: "When you switch over to the commercial side, you're really about protecting that business and ensuring the business continuity to prevent bad guys from stealing intellectual property." [16:29]

Advice for Aspiring Cybersecurity Professionals

Keith emphasizes the fulfillment derived from public service in cybersecurity, encouraging newcomers to the field to consider roles that contribute to national and public safety despite potentially lower financial incentives compared to the private sector.

• Quote: "There is no better reward than going out and getting a bad guy or protecting somebody." [18:48]

Podcasting and Sharing Knowledge

Discussing his role as a co-host, Keith expresses enthusiasm for sharing his insights and experiences to help others navigate the complexities of cybersecurity.

• Quote: "I'm at that point in my career where I want to give back to people and share what I've learned." [20:26]

Upcoming Developments: U.S. Telecommunications Security Report

The episode concludes with a brief mention of the anticipated release of CISA’s long-buried U.S. telecommunications security report from 2022. This report, which has been a point of contention between CISA and Senator Ron Wyden, is expected to unveil critical vulnerabilities and foreign espionage activities impacting U.S. telecom networks.

• Senate Action: The Senate has unanimously passed a bill mandating CISA to release the report within 30 days, amidst ongoing debates over national security implications.

• Potential Impact: The report is rumored to expose significant security lapses and foreign infiltration by groups like China’s Salt Typhoon.

Conclusion

This episode of CyberWire Daily provides a comprehensive overview of recent cybersecurity incidents, highlighting the increasing sophistication and frequency of cyber threats. The interview with Keith Milarsky offers valuable perspectives from a seasoned expert bridging public and private sector cybersecurity efforts.

For further details on today’s stories and to participate in the CyberWire’s annual audience survey, visit thecyberwire.com.

This summary excludes advertisements and non-content segments to focus solely on the critical cybersecurity news and insightful discussions presented in the episode.