States struggle with cyber shift. - CyberWire Daily

Summary7 min read

CyberWire Daily: "States Struggle with Cyber Shift" – April 23, 2025

Introduction

In the April 23, 2025 episode of CyberWire Daily, hosted by N2K Networks, the focus centers on the shifting landscape of cybersecurity responsibilities in the United States. As the federal government delegates more cybersecurity duties to state and local authorities, numerous challenges have surfaced. This episode delves into the implications of this shift, recent high-profile cyber incidents, and insights from Deputy Assistant Director Cynthia Kaiser of the FBI's Cyber Division regarding the latest IC3 report.

Key News Highlights

1. Federal to State Shift in Cybersecurity Responsibilities

President Trump's recent executive order has reallocated cybersecurity responsibilities from federal agencies to state and local governments. This transition poses significant challenges:

State Preparedness: A 2023 National Cybersecurity Review revealed that only 22 out of 48 participating states met the recommended security standards.
Funding Cuts: Reduction in federal funding has severely impacted resources available to states, including the cybersecurity grant program and essential cybersecurity agencies.
Increased Threats: States are now more vulnerable to cyber threats like ransomware attacks and foreign interference while contending with limited IT expertise and budget constraints.
Recent Attacks: Incidents in Rhode Island, Virginia, and Massachusetts underscore the vulnerabilities within state systems.

Expert Opinion: "Expecting states to manage cybersecurity independently without adequate support is unrealistic and could compromise national security."

2. Ransomware Attack on Baltimore City Public Schools

On February 13th, Baltimore City Public Schools fell victim to a ransomware attack attributed to the Cloak Gang. Key details include:

Data Compromised: Approximately 25,000 individuals were affected, including staff, volunteers, and over 1,100 students. Exposed data encompassed Social Security numbers, student records, and employment documents.
Response: The school district confirmed that no ransom was paid. Investigation efforts are ongoing, and affected parties received notification letters on April 22, accompanied by two years of free credit monitoring and access to a support call center.

3. Russian Cyber Sabotage of Dutch Critical Infrastructure

The Dutch Military Intelligence and Security Service (MIVD) reported that Russian state-backed hackers targeted critical infrastructure in the Netherlands throughout 2023 and 2024. Highlights include:

Nature of Attacks: These attempts aimed at cyber sabotage of Dutch control systems, marking the first known such incidents in the country.
Strategic Importance: The Netherlands hosts Europe's largest port in Rotterdam and key NATO logistics hubs, making it a strategic target.
Dutch Response: Increased investments in military and cybersecurity measures, intelligence sharing with Ukraine, and urgent calls for Europe to counter sophisticated Russian cyber threats.

4. Microsoft Resolves Remote Desktop Protocol (RDP) Issues

Microsoft addressed multiple RDP issues affecting Windows Server 2025 and Windows 11:

Bugs Fixed:
- Freezing of RDP sessions, resolved in February's Windows 11 update and April's Windows Server update.
- Blue screen errors on servers with over 256 logical processors.
- Other issues included login problems with Windows Hello and domain controller failures.
Action Taken: Implemented known issue rollbacks to reverse bugs causing RDP disconnections and other malfunctions.

5. New Cryptojacking Malware Targets Docker Environments

A sophisticated malware campaign is exploiting Docker environments to hijack computing resources for cryptojacking:

Attack Vector: Deployment of a Docker image containing a deeply obfuscated Python script requiring 63 decode loops to activate the final payload.
Tactics: Instead of direct cryptocurrency mining, the malware simulates node activity on a Web3 platform to earn private tokens, avoiding traditional mining alarms.
Recommendations:
- Secure Docker setups with strong authentication.
- Avoid unnecessary exposure of Docker environments to the internet.
- Rigorously vet Docker images before deployment.

6. Phishing Campaign Using Weaponized Word Documents

A new phishing strategy employs malicious Word documents to steal Windows login credentials:

Mechanism:
- Emails contain attachments exploiting a known vulnerability in Microsoft Equation Editor.
- The attachment embeds an obfuscated RTF file and DLL, triggering buffer overflows and deploying a FormBook malware variant via process hollowing.
- The payload, disguised as a PNG file, decrypts into a fileless executable that collects credentials, keystrokes, and screenshots.
Protective Measures:
- Update systems to patch the exploited vulnerability.
- Stay vigilant against phishing attempts with suspicious attachments.

7. ZYZL Networks Patches Critical Vulnerabilities

ZYZL Networks released urgent patches for two high-severity vulnerabilities affecting USG Flex H series firewalls:

Vulnerabilities:
- Privilege Escalation: Allows low-privileged users to gain admin access via PostgreSQL command injections.
- Malicious Config Uploads: Enables admins to upload harmful configurations to gain further system control.
Action Required: Immediate implementation of the latest firmware updates to mitigate these security flaws.

8. CISA Issues Advisories on ICS System Vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) released five advisories highlighting critical vulnerabilities in Industrial Control Systems (ICS) from manufacturers like Siemens, Schneider Electric, and ABB:

Key Vulnerabilities:
- Siemens Telecontrol Server: Multiple high-severity SQL injection flaws.
- Schneider Electric's Weiser Home Controller: Remote credential exposure flaw.
- ABB MV Drives: Codesys vulnerabilities enabling memory-based attacks.
- Schneider's Modicon M580 PLCs: Buffer size flaw causing denial of service.
Recommendations:
- Apply all relevant patches promptly.
- Implement network segmentation and continuous monitoring to protect critical infrastructure.

In-Depth Interview: Deputy Assistant Director Cynthia Kaiser, FBI Cyber Division

Overview of the IC3 Report

Dave Bittner welcomes Deputy Assistant Director Cynthia Kaiser to discuss the latest Internet Crime Complaint Center (IC3) report, marking its 25th year of operation.

Mission of IC3: Established in 2000, IC3 serves as the primary platform for the public to report cyber-enabled crimes and fraud, assisting law enforcement in disseminating information on scams and cyber threats.
Growth of IC3: Since inception, IC3 has received over 9 million complaints, with recent years seeing an average of 2,000 complaints per day.

Ransomware Trends and FBI Initiatives

2024 Statistics:
- Total Complaints: 859,532 with losses exceeding $16.6 billion, a 33% increase from the previous year.
- Ransomware Variants: Identification of 67 new ransomware strains targeting American networks.
- Top Affected Sectors: Critical manufacturing, healthcare, and public health.
FBI Efforts:
- Deployment of decryptors to victims, preventing over $800 million in ransom payments since mid-2022.
- Collaboration with law enforcement partners to dismantle major ransomware groups like Lockbit and ALFV.
- Emphasis on public reporting to aid in the distribution of decryptors and connect disparate incidents for broader investigations.

"There's an increase in effort by the ransomware actors to maximize their income, probably because some of their traditional methods aren't working." – Cynthia Kaiser [16:55]

Impact on Critical Infrastructure

Complaint Data: Over 4,800 complaints from organizations within critical infrastructure sectors, primarily reporting ransomware and data breaches.
Top Targeted Sectors:
- Critical Manufacturing: Impacts industries such as automotive, aviation, and electronics.
- Healthcare and Public Health: Threats to hospitals can have life-threatening consequences, including forced shutdowns and compromised patient care.

"Targeting healthcare facilities can actually become a threat to life matter with consequences that include hospitals being forced to be shut down or negative effects against patients." – Cynthia Kaiser [20:10]

Reporting Mechanisms and Data Usage

Complaint Processing: Each complaint is meticulously reviewed by dedicated individuals who triage, provide additional information, and link related cases before escalating to field offices for further investigation.
Data Distribution: Reports are analyzed to identify patterns and larger threats, enabling the FBI to build comprehensive cases against cybercriminals targeting U.S. citizens.
Public Reporting Benefits: Encourages timely reporting by the public, which is crucial for the FBI's ability to issue decryptors and prevent ransom payments.

"These reports are all read, they're all reviewed, and they're all looked at for a way for us to be able to enrich them and build out a case from them so that we can provide American citizens the justice they deserve." – Cynthia Kaiser [24:34]

Focus on Cryptocurrency and Elder Fraud

New Report Inclusion: For the first time, the IC3 report dedicates an entire section to cryptocurrency fraud and elder fraud.
Elder Fraud: Criminals increasingly target individuals over 60, exploiting their vulnerabilities to defraud them of significant sums.
Cryptocurrency Fraud: Leveraging the anonymity and decentralized nature of cryptocurrencies to execute sophisticated scams.

"Cryptocurrency fraud and elder fraud...criminals are going after the people who are over 60 in a huge amount, really trying to trick our family members out of millions, billions of dollars." – Cynthia Kaiser [22:30]

Conclusion

The April 23, 2025 episode of CyberWire Daily underscores the complexities and growing challenges in the cybersecurity landscape, particularly as responsibilities shift to less-prepared state and local governments. With escalating threats from ransomware, state-backed cyber sabotage, and sophisticated malware campaigns, the need for robust, well-funded cybersecurity measures has never been more critical. Insights from Cynthia Kaiser highlight the proactive efforts of the FBI in combating cybercrime and the importance of public reporting in these endeavors.

Notable Quotes

Cynthia Kaiser [19:57]: "The more reports we have that can pull them all together, the more we can investigate, and then the more we can warn others."
Cynthia Kaiser [24:55]: "These reports are all read, they're all reviewed, and they're all looked at for a way for us to be able to enrich them and build out a case from them so that we can provide American citizens the justice they deserve."

For more detailed insights and the full episode transcript, visit CyberWire Daily.

Loading summary

Transcript23 lines

[00:02]
Dave Bittner
You're listening to the Cyberwire network, powered by N2K and now a word from our sponsor. Spy Cloud Identity is the new battleground and attackers are exploiting stolen identities to infiltrate your organization. Traditional defenses can't keep up. Spy Cloud's holistic identity threat protection helps security teams uncover and automatically remediate hidden exposures across your users from breaches, malware and phishing to neutralize identity based threats like account takeover, fraud and ransomware. Don't let invisible threats compromise your business. Get your free corporate Darknet exposure report@spycloud.com cyberwire and see what attackers already know. That's spycloud.com cyberwire the White House's shift of cybersecurity responsibilities to the states is met with skepticism. Baltimore city public schools suffer a ransomware attack. Russian state backed hackers target Dutch critical infrastructure. Microsoft resolves multiple remote desktop issues. A new malware campaign is targeting Docker environments for cryptojacking. A new phishing campaign uses weaponized Word documents to steal Windows login credentials. Zyzon Networks issues critical patches for two high severity vulnerabilities. CISA issues five advisories highlighting critical vulnerabilities in ICS systems. Our guest is Deputy Assistant Director Cynthia Kaiser from the FBI's Cyber Division, sharing the findings of their latest IC3 report and so long privacy sandbox.
[02:02]
Cynthia Kaiser
Foreign.
[02:09]
Dave Bittner
It's Wednesday, April 23, 2025. I'm Dave Bittner and this is your Cyberwire Intel Briefing. Thank you for joining us here today. It is great to have you with us. President Trump's recent executive order shifts cybersecurity responsibility from the federal government to states and localities. However, many states are unprepared for this transition. A 2023 National Cybersecurity Review revealed that only 22 of 48 participating states met recommended security standards. Compounding the issue, federal funding cuts have reduced resources for state and local officials, including a cybersecurity grant program and a key cybersecurity agency. This has left states grappling with increased cyber threats such as ransomware attacks and foreign interference, while facing shortages of IT experts and limited budgets. Recent cyber attacks in Rhode Island, Virginia and Massachusetts highlight the vulnerabilities in state systems. Experts warn that expecting states to manage cybersecurity independently without adequate support is unrealistic and could compromise national security. Just a quick program note. We discussed this issue on a recent episode of the Caveat podcast. Do check that out wherever you get your favorite podcasts. Baltimore City Public Schools suffered a ransomware attack on February 13th linked to the cloak gang. The breach exposed sensitive personal data of about 25,000 people, including Social Security numbers, student records and employment documents. Those affected include current and former staff, volunteers and over 1100 students. The school system confirmed no ransom was paid. Law enforcement and cybersecurity experts are investigating. Notification letters were sent April 22, with two years of free credit monitoring and a call center provided for support. Russian state backed hackers have targeted Dutch critical infrastructure in cyber sabotage attempts during 2023 and 2024, according to the Dutch Military Intelligence and Security Service. Though the attacks had minimal immediate impact, they mark the first known sabotage of Dutch control systems. The MIVID warns such operations are rising across Europe, aiming to gain digital access to critical systems for potential future disruption. The Netherlands, home to Europe's largest port in Rotterdam and key NATO logistics hubs, remains strategically vital. Russian cyber activity, including prior infiltration attempts of global institutions like the Hague, is escalating. The Dutch government is boosting its military and cybersecurity investments, sharing intelligence with Ukraine and warning that Europe must act swiftly to counter increasingly sophisticated Russian cyber threats. Amid global geopolitical instability, Microsoft has resolved multiple issues affecting remote desktop on Windows Server 2025 and Windows 11. A bug causing RDP sessions to freeze was fixed in February's Update for Windows 11 and in April's update for Windows Server. Microsoft also used known issue rollback to reverse bugs causing RDP disconnections. Additionally, a long standing bug triggering blue screen errors on servers with over 256 logical processors was fixed. Other recent issues include login problems with Windows hello and domain controller failures. A new malware campaign is targeting Docker environments to hijack compute resources for cryptojacking using highly layered obfuscation to evade detection. Researchers from darktrace and Kato Security Labs found the attackers deploying a Docker image, which runs a deeply obfuscated python script requiring 63 decode loops to reach the final payload. Instead of mining cryptocurrency directly, the malware connects to a Web3 platform to simulate node activity and earn private tokens. This low resource tactic avoids triggering alarms tied to traditional mining. Docker's popularity and frequent misconfigurations make it an attractive target. Experts warn organizations to secure Docker setups with strong authentication, avoid unnecessary Internet exposure, and vet images carefully. This campaign signals a shift toward abusing legitimate, decentralized systems for stealthy profit. A new phishing campaign uncovered by Fortinet's FortiGuard Labs uses weaponized Word documents to steal Windows login credentials disguised as sales orders. The emails carry attachments exploiting a known vulnerability in Microsoft Equation Editor. This flaw enables remote code execution, leading to the deployment of a new formbook malware variant. The attack chain involves a Word document embedding an obfuscated RTF file and DLL, triggering buffer overflows and stealthily launching the malware via process hollowing. The payload downloaded as a disguised PNG file decrypts into a fileless executable. Injected into a legitimate Windows process, the malware collects credentials, keystrokes, and screenshots while maintaining persistence through registry edits. Fortinet has flagged this campaign and urges users to update systems and remain alert to phishing threats. Exploiting old vulnerabilities two significant data breaches have recently impacted US organizations, compromising the personal information of over 600,000 individuals on site. Mammography, a Massachusetts based medical services provider, reported unauthorized access to an employee's email account in October of last year. The breach exposed sensitive data including names, Social Security numbers, dates of birth, driver's license and credit card numbers, and medical information affecting approximately 357,000 patients. The company asserts that the intrusion was limited to the email account and is offering 12 months of free credit monitoring to those affected. Kelly Benefits, a Maryland based benefits and payroll solutions provider, disclosed a breach affecting nearly 264,000 individuals. Hackers accessed the company's systems between December 12th and 17th of last year, exfiltrating files containing personal data such as names, dates of birth, Social Security numbers, tax ID numbers, medical and health insurance information, and financial account details. While no ransomware group has claimed responsibility, the possibility of a ransomware attack has not been ruled out. ZYZL Networks has issued critical patches for two high severity vulnerabilities affecting USG Flex H series firewalls. These flaws could allow unauthenticated users to escalate privileges and gain unauthorized access. The first vulnerability enables low privileged users to reach admin level access via PostgreSQL command issues, especially if an admin remains logged in. The second lets admins upload malicious configs to gain further control. Discovered by security researchers, both bugs are fixed in a recent firmware update. Immediate patching is urged. CISA has issued five advisories highlighting critical vulnerabilities in ICS systems from Siemens, Schneider Electric and Abbas, with potential impacts on industrial automation and infrastructure. Siemens telecontrol Server Basic SQL suffers from multiple high severity SQL injection flaws enabling attackers to manipulate databases and bypass controls. Another Siemens advisory cites a lower risk vulnerability causing partial denial of service in redundant server setups. Schneider Electric's Weiser Home controller contains a flawless allowing remote credential exposure. ABB MV drives are affected by codesys vulnerabilities enabling memory based attacks. A previous advisory for Schneider's Modicon M580 PLCs was updated to address a buffer size flaw that could cause denial of service. CISA urges patching network segmentation and continuous monitoring to safeguard critical infrastructure from these escalating threats. Coming up after the break, my conversation with Deputy Assistant Director Cynthia Kaiser from the FBI Cyber Division and so long privacy sandbox. Stay with us. Foreign what's the common denominator in security incidents? Escalations and lateral movement. When a privileged account is compromised, attackers can seize control of critical assets with bad directory hygiene and years of technical debt. Identity attack paths are easy targets for threat actors to exploit, but hard for defenders to detect. This poses risk in active directory, entra ID and hybrid configurations. Identity leaders are reducing such risks with attack path management. You can learn how attack path management is connecting identity and security teams while reducing risk with Bloodhound Enterprise powered by SpectreOps. Head to Spectrops IO today to learn more. SpectreOps see your attack paths the way adversaries do. Do you know the status of your compliance controls right now? Like right now? We know that real time visibility is critical for security, but when it comes to our GRC programs, we rely on point in time checks. Look at this. More than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta. Here's the gist. Vanta brings automation to evidence collection across 30 frameworks like SoC2 and ISO 27001. They also centralize key workflows like policies, access reviews and reporting, and helps you get security questionnaires done five times faster with AI. Now that's a new way to GRC. Get $1,000 off Vanta when you go to vanta.com cyber that's vanta.com cyber for $1,000 off. It is always my pleasure to welcome back to the show Deputy Assistant Director Cynthia Kaiser from the F Cyber Division. Dad Kaiser, welcome back.
[14:23]
Cynthia Kaiser
I'm glad to be here.
[14:25]
Dave Bittner
So you and your colleagues there at the FBI have published the most recent version of your IC3 report. A bit of extra celebration here. This is the 25th year of the annual report, right?
[14:39]
Cynthia Kaiser
It's the 25th year of IC3 overall, which started in 2000.
[14:44]
Dave Bittner
Okay, well, time flies, right? For folks who are not familiar with IC3 and the mission. Can you give us a brief explanation?
[14:55]
Cynthia Kaiser
It was created really to serve the law enforcement community and just public writ large. As we started to see cyber enabled crime pop up, where a lot of the kind of physical crime that we'd seen in the past had transferred into the digital realm. Now really though, it's evolved to become the primary destination for the public to report cyber enabled crimes and fraud, as well as a key source of information where we can put out to the public information on scams and cyber threats.
[15:33]
Dave Bittner
So to be clear here, I mean, this is where the FBI encourages members of the public to report anything that may have happened to them online with scams and fraud and all those sorts of things.
[15:46]
Cynthia Kaiser
Absolutely. Scams, fraud, cybercrime. Actually, since its founding, IC3 has received over 9 million complaints of malicious activity. And obviously it's increased exponentially since we first began. During its infancy, IC3 received roughly 2,000 complaints a month. For the past five years, IC3 has averaged more than 2,000 complaints a day.
[16:14]
Dave Bittner
Wow. Okay, well, let's talk about the recent report here. What are some of the things that caught your eye?
[16:21]
Cynthia Kaiser
I think the sheer number of crimes that we have reported to us and then to know that that's just a snapshot, that this is a function of who can report into us, and we know that these numbers are obviously going to be much larger. But a few key highlights. In 2024, IC3 received a total of 859,532 complaints with losses of more than 16.6 billion. That's a 33% increase in losses from the previous year.
[17:04]
Dave Bittner
Wow. Can we dig into some specific areas here? I mean, what are you seeing in terms of things like ransomware?
[17:12]
Cynthia Kaiser
We saw an increase in the number of incidents that were reported to the FBI of ransomware. Now, that doesn't necessarily mean victims paid. In fact, there's a lot of leading industry trackers that have noted a increased drop in ransomware payments overall, in part thanks to the FBI and our other law enforcement partners efforts to take down major ransomer groups like Lockbit and alfv. But still, like as we were looking at the data, who was attacking American networks really stuck out is 67 new ransomware variants were recognized by IC3 in 2024. The top sectors that were targeted include critical manufacturing and healthcare and public health. We saw some of the same types of ransomware groups be in the top five of the incidents that were reported to the FBI. And some different. The top five variants reported to IC3 were Akira, Lockbit, Ransom, Hub, Fog and Play. So really, you know, we're looking at all of this. We're getting These reports in. There's an increase in reports, we know from industry trackers, especially across the blockchain, there's a decrease in the amount of money that ransomware actors have actually received from these incidents. So it's hard to just make the numbers tell a story. But let me tell you what I actually think is probably going on here. The FBI has been able to provide decryptors to victims across the world that have prevented over 800 million in ransoms paid since the middle of 2022. Part of our ability to provide decryptors out to the public relies on the public reporting in their ransomware incident, because we don't always know who the victim is if we have information that would provide them with decryptors. So you have kind of this increase in effort by the ransom reactors to maximize their income, probably because some of their traditional methods aren't working. And so you see this increase in maybe the overall incidence. I just don't think that that's the whole story, though. You know, it's such a complex ecosystem, and we're really proud of some of those efforts that the FBI has been able to do to make a real difference.
[19:58]
Dave Bittner
Well, let's touch on critical infrastructure here. That is something that the report digs into. Can you share with us some of the statistics that you gathered in that area?
[20:10]
Cynthia Kaiser
Of course. IC3 received more than 4,800 complaints from organizations belonging to critical infrastructure sectors that were affected by cyber threats. The most reported cyber threats among critical infrastructure organizations were ransomware and data breaches out of the. If you're looking, going back into the ransomware. So out of the total, even ransomware complaints that were filed in 2024, almost half were related to critical infrastructure. Now, the top five sectors were critical manufacturing, healthcare, public health, government facilities, financial services, and it with really the vast majority up in the top two, critical manufacturing and healthcare and public health. And that's so important because targeting critical manufacturing can have cascading impact across numerous industries like automotive, aviation, electronics. And targeting healthcare facilities can actually become a threat to life matter with consequences that include hospitals being forced to be shut down or negative effects against patients.
[21:29]
Dave Bittner
Overall, the data that you all are gathering Here at the IC3, the Internet Crime Complaint center, can you give us some insights as to how does that data get distributed to your colleagues at the FBI, the various field offices? How does that work?
[21:48]
Cynthia Kaiser
So we're getting in these just thousands of complaints a day. And what that really translates to is it doesn't automatically go to a field office. We Have a incredibly dedicated group of individuals who go through every single complaint that we receive and triage it, provide additional information, try to connect it to other cases before they send that out to field offices to investigate further. And really, the best benefit we get from the incidents that come into IC3 are when we can tie them all together and say, this is a pattern. This is bigger than just even one victim. And we can really seek to build a case, work to hold these actors accountable for the adverse intentions they have towards US Citizens. It's such a big deal that we get all of these in. And I think especially, and I want to highlight another aspect of the report here, we're incorporating this year for the first time as one full report. Cryptocurrency fraud and elder fraud. And what you see is that criminals are going after the people who are over 60 in a huge amount, really trying to trick our family members out of millions, billions of dollars. And that's such a big deal. And it's something we take so seriously here at the FBI, being able to help the individual victims. But then also, and I can't emphasize this enough, the more reports we have that can pull them all together, the more we can investigate, and then the more we can warn others. And that really bears out from all of the public service announcements that you can see on ic3.gov.
[24:00]
Dave Bittner
I think it's worth mentioning as well that, as you say, the. The huge number of reports that you get every day, it's impractical for the folks who are collecting those to respond personally to every single report. But it's worth noting that they do all get read and they get logged. So while it may not be gratifying if you don't hear back from the FBI right away, do know that the reports are going somewhere. They're not just getting lost in some big black hole. Right?
[24:34]
Cynthia Kaiser
What a great point. And that's exactly right. These reports are all read, they're all reviewed, and they're all looked at for a way for us to be able to enrich them and build out a case from them so that we can provide American citizens the justice they deserve.
[24:55]
Dave Bittner
Well, Deputy Assistant Director Cynthia Kaiser is with the FBI's Cyber Division. Dad Kaiser, thanks so much for taking the time for us.
[25:04]
Cynthia Kaiser
Thank you so much for having me.
[25:22]
Dave Bittner
Secure access is crucial for us public sector missions, ensuring that only authorized users can access certain systems, networks, or data. Are your defenses ready? Cisco's security service, Edge, delivers comprehensive protection for your network and users. Experience the power of zero trust and secure your workforce wherever they are. Elevate your security strategy by visiting cisco.comgo.sse that's cisco.com go sse e and finally RIP Privacy Sandbox we hardly knew ye Google's ambitious plan to banish third party cookies and reinvent online ads while championing privacy has quietly collapsed into a pixelated puff of irony. After six years of tinkering, Privacy Sandbox has been shelved, with Google citing AI hopes, mysterious privacy tech, and regulators breathing down its neck. Originally pitched as a privacy forward alternative to tracking cookies, the Sandbox ran into trouble from ad tech rivals and watchdogs who who weren't convinced Google wouldn't just rule the ad world even harder. As it turns out, fighting global regulators and industry skeptics proved tougher than debugging the sandbox APIs. Now Chrome will keep third party cookies, meaning your digital shadow lives on. While some sandbox remnants like IP protection might survive, the dream of a Google LED privacy renaissance has fizzled. When push came to shove, Chrome didn't clear your cookies, it just rearranged them on a shinier tray. And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2q N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music and sound design by Elliot Peltzman. Our executive producer is Jennifer Ibin. Peter Kilby is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. And now, a message from Black Cloak. Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home? Blackcloak's award winning digital executive protection platform secures their personal devices, home networks, and connected lives. Because when executives are compromised at home, your company is at risk. In fact, over one third of new members discover they've already been breached. Protect your executives and their families 24, 7, 365 with black cloak. Learn more at BlackCloak IO.