Tea time is over. - CyberWire Daily | Wave AI Podcast Notes

Summary7 min read

CyberWire Daily: "Tea Time is Over" – July 29, 2025

Hosted by Dave Bittner of N2K Networks

Introduction

In today's episode of CyberWire Daily, host Dave Bittner delves into a series of significant cybersecurity incidents, explores vulnerabilities affecting major software platforms, and discusses the evolving tactics of cyber threat actors. The episode also features an in-depth conversation with Jason Schultz, Technical Leader for Cisco Talos Security Intelligence and Research Group, focusing on the security of PDF files and the unintended privacy challenges posed by data brokers.

Key Cybersecurity Incidents and Vulnerabilities

1. Major Breach in Dating App "T"

A second significant data breach has impacted the women's dating safety app "T," exposing over 1.1 million private messages. This breach includes highly sensitive user discussions about personal topics such as cheating and abortions, along with shared contact information like phone numbers and social media handles, making real identities vulnerable.

Method of Breach: Attackers accessed a live database using users' own API keys, enabling them to view recent messages and even send push notifications to all users.
Impact: The app, boasting 1.6 million users, faces scrutiny as the leaked data includes messages as recent as the previous week. The initial breach involved Firebase, which had already leaked selfies and IDs, now being exploited further.
Response: "T" is actively investigating the breach with the assistance of cybersecurity experts and has engaged law enforcement authorities to address the situation.

2. CISA Identifies Critical Vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog:

Cisco ISE (Identity Services Engine): Two critical flaws allowing remote, unauthenticated attackers to gain root access via crafted API requests. These affect multiple ISE versions with no available workarounds other than patching.
PaperCut NG&MF: A third vulnerability affects this print management software, with organizations advised to apply patches by August 18.

CISA has confirmed attempted exploits targeting these vulnerabilities, emphasizing the urgency for affected organizations to implement the necessary patches promptly.

3. Critical Flaw in Google's Gemini AI Assistant

Researchers at Tracebit have uncovered a critical vulnerability in Google's Gemini CLI, an AI-powered coding assistant. This flaw could allow silent remote code execution by leveraging improper input validation and prompt injection techniques.

Attack Vector: Malicious actors exploited the AI's ability to process buried instructions within PDFs, such as annotations containing URLs, leading to data exfiltration, including sensitive credentials.
Google's Response: Initially downplaying the issue, Google later acknowledged the severity and patched the flaw on July 25. This incident underscores the growing risks associated with agentic AI tools that possess broad system access and unpredictable behaviors.

4. Missouri Health System Settles Over Privacy Claims

BJC Health System in Missouri has agreed to a $9.25 million settlement over allegations of using web tracking tools that unlawfully shared patients' private data without consent. These tools reportedly transmitted sensitive information from platforms like Mychart to third-party firms, including Facebook and Google, affecting users between June 2017 and August 2022.

Settlement Details: Eligible patients can claim $35 by October 8, with final approvals set for October 16. BJC Health System maintains that it did not engage in wrongdoing despite the settlement.

5. Sploit Light Bypasses Apple's TCC Framework

A newly patched macOS vulnerability, dubbed Sploit Light, enables attackers to bypass Apple's Transparency, Consent, and Control (TCC) framework, facilitating the theft of sensitive data.

Exploitation Method: Leveraging Spotlight plugins, attackers can access data such as intelligence cache, geolocation, search history, facial recognition metadata, and information from iCloud-linked devices without detection.
Apple's Mitigation: The flaw was addressed in the macOS Sequoia 15.4 update. However, the impact remains severe due to Sploit Light's capability to silently extract large volumes of user data.

6. Malware in Endgame Gear's Mouse Configuration Tool

Endgame Gear has confirmed that malware was embedded in a recent version of their mouse configuration tool, available on their official website between June 26 and July 9. Users who downloaded the tool during this window were infected, while clean versions remain accessible via other sources like GitHub and Discord.

7. Oyster Backdoor Spread Through Fake IT Tools

A sophisticated malvertising and SEO poisoning campaign has been spreading the Oyster backdoor (also known as Broomstick or Cleanup Loader) through trojanized versions of IT tools such as Putty and WinSCP. The campaign employs fake websites impersonating legitimate software portals to deceive IT professionals.

Persistence Mechanism: Once the fake installers are executed, Oyster gains persistence by scheduling tasks to run malicious DLLs, enabling remote access and further malware deployment.
Recent Activity: In July, a malicious Putty installer signed with a revoked certificate was discovered on a counterfeit site, with one recent infection being halted before causing damage.

8. FBI Seizes Bitcoin from Chaos Ransomware Gang

The FBI has successfully seized over $2.4 million in Bitcoin from the Chaos ransomware gang, which initially concealed 20.2 Bitcoin valued at approximately $1.7 million. The U.S. government is pursuing formal forfeiture, alleging the funds are linked to cybercrimes such as extortion and money laundering.

Gang's Profile: Chaos ransomware group is believed to include former members of other cybercriminal organizations and has targeted various sectors. This seizure is part of a broader strategy under a March 2025 executive order to establish a strategic U.S. Bitcoin reserve from forfeited digital assets.

Interview with Jason Schultz: Security of PDF Files and Privacy Paradox of Data Brokers

Guest: Jason Schultz, Technical Leader, Cisco Talos Security Intelligence and Research Group

Security of PDF Files

Jason Schultz discusses the prevalent exploitation of PDF files in cyberattacks, emphasizing their ubiquity and the inherent flexibility of the PDF format that allows malicious actors to embed harmful content discreetly.

Malicious PDF Techniques:
- Inline Display: PDFs can be displayed directly within emails, eliminating the need for victims to click on attachments.
- Hidden Content: Malicious URLs and links can be embedded as annotations, logos, or within QR codes, making them difficult to detect through standard security scans.
Notable Quote:
“There’s a lot of different places for malicious actors to be able to hide some of this link information... PDFs provide a lot of flexibility for where content is included.”
(13:56)
Attack Delivery Methods:
- QR Codes and Phone Numbers: Attackers use QR codes or telephone numbers instead of clickable links. When scanned or called, they lead victims to phishing sites or connect them directly with attackers for social engineering.
Telephone Oriented Attack Delivery (TOAD):
- Description: Malicious emails contain phone numbers that, when called, engage victims in conversations designed to extract sensitive information or install further compromises.
- Challenges: Phone numbers are less likely to be blocked or flagged by standard email security measures, allowing attackers to exploit delays in blocking these numbers.
Notable Quote:
“They’re just exploiting that sort of gap in the current protection that exists for most anti-spam services.”
(21:25)

Recommendations for Organizations

Technical Defenses:
- Implement brand impersonation detection tools to identify suspicious attachments and verify the authenticity of senders.
- Monitor for anomalies in email attachments, such as mismatched logos or unexpected content within PDFs.
User Education:
- Train employees to recognize and report suspicious emails, especially those prompting immediate actions like phone calls or QR scans.
- Encourage verification of unsolicited communications through official channels rather than using provided contact information.

Notable Quote:
“Pairing the technical means of stopping this with the educational aspect is really the best way to sort of neutralize these malicious type emails.”
(21:25)

Security of PDF Handling

Jason elaborates on how security packages typically scan the contents of PDFs for malicious content, but the flexibility of the PDF format allows attackers to conceal harmful elements in various sections of the file. This necessitates advanced detection mechanisms and user vigilance to mitigate risks effectively.

Notable Quote:
“Malicious actors can hide link information or even logos and things... inside of the PDF file format itself.”
(14:06)

Unintended Privacy Paradox of Data Brokers

The episode also touches upon a study from UC Irvine highlighting the challenges users face when attempting to control their personal information held by data brokers.

Key Findings:
- Approximately 40% of California's registered data brokers ignored legally mandated requests for data disclosures.
- Many data brokers implemented convoluted processes involving multiple forms, phone calls, and extensive verification steps, deterring users from successfully opting out.
Implications:
- This creates an unintended privacy paradox where efforts to enhance privacy inadvertently require individuals to divulge more personal information.
- Critics argue that such practices amount to privacy theater, where the appearance of privacy protection exists without substantive action.
Notable Quote:
“Opt outs seem designed to discourage people from even trying to as one expert put it, it's privacy theater, just without an intermission.”
(22:52)

Conclusion

Today's episode of CyberWire Daily underscores the dynamic and multifaceted nature of cybersecurity threats, from large-scale data breaches and critical software vulnerabilities to sophisticated social engineering tactics targeting everyday users. The insights shared by Jason Schultz highlight the importance of both technological defenses and user education in combating these evolving threats. Additionally, the discussion on the privacy paradox emphasizes the ongoing challenges in protecting personal data in an increasingly interconnected digital landscape.

Additional Resources:

For detailed analysis and further information on today's topics, visit TheCyberWire.com.

Production Credits:

Senior Producer: Alice Carruth
Producer: Liz Stokes
Mixing: Trey Hester
Original Music: Elliot Peltzman
Executive Producer: Jennifer Iban
Publisher: Peter Kilpe

Thank you for listening to CyberWire Daily. Join us again tomorrow for more insights into the world of cybersecurity.

Loading summary

Transcript17 lines

[00:02]
Dave Bittner
You're listening to the Cyberwire network, powered by N2K. Bad actors don't break in, they log in. Attackers use stolen credentials in nearly nine out of 10 data breaches. Once inside, they're after one thing your data. Varonis AI powered data security platform secures your data at scale across las SaaS and hybrid cloud environments. Join thousands of organizations who trust Varonis to keep their data safe. Get a free data risk assessment@varonis.com Things get worse in the T dating app breach CISA adds three vulnerabilities to its known exploited vulnerabilities catalog Researchers uncover a critical flaw in Google's AI coding assistant. A Missouri health system agrees to a $9.25 million settlement over claims it used web tracking tools. Sploit Light could let attackers bypass Apple's TCC framework to steal sensitive data. Malware squeaks its way into a mouse configuration tool. Threat actors hide the Oyster backdoor in popular IT tools. The FBI nabs over $2.4 million in Bitcoin from the CH ransomware gang. Our guest is Jason Schultz, technical leader for Cisco Talos Security Intelligence and Research Group, to talk about their work on the security of PDF files and the unintended privacy paradox of data brokers. It's Tuesday, July 29th 9th, 2025. I'm Dave Bittner and this is your Cyberwire Intel Briefing. Thanks for joining us here today. It's great to have you with us. A second major Data breach at women's dating safety app T exposed over 1.1 million private messages. Many recent and highly sensitive users discussed cheating abortions and shared personal information like phone numbers and social handles, making real identities easy to uncover. Despite T's claim the earlier breach was from a legacy system, this new leak affected messages as recent as last week. Hackers could even send push notifications to all users. The vulnerability stemmed from users being able to access a live database using their own API keys. The first breach, involving Firebase, had already leaked selfies and IDs, now being misused on a site mocking user appearances. T says it's investigating with cybersecurity help and has contacted law enforcement. The App reportedly has 1.6 million users. CISA added three vulnerabilities to its known exploited vulnerabilities catalog yesterday. Two critical flaws in Cisco, ISE and ISE pick allow remote, unauthenticated attackers to gain root access via crafted API requests rated CVSS 10. They affect multiple ISE versions with no workarounds except patching. Cisco has confirmed attempted exploits. A third flaw impacts PaperCut NG&MF print management software. CISA set an Aug. 18 deadline for organizations to apply patches. Researchers at Tracebit uncovered a critical flaw in Google's Gemini CLI, an AI coding assistant that could have allowed silent remote code execution. The bug, disclosed and patched before going public, stemmed from improper input, validation, prompt injection and misleading ux. Researchers tricked Gemini into exfiltrating data, including credentials, via malicious readme file. The AI processed buried instructions as commands, bypassing developer scrutiny. Gemini also supports web shells, which can be exploited if commands are whitelisted. Google initially downplayed the issue, but later upgraded it to highest severity and patched it on July 25. This incident highlights growing risks in agentic AI tools, which act with broad system access and unpredictable behavior. Privacy experts warn these systems could dangerously blur boundaries between user facing applications and operating systems. BJC Health System in Missouri has agreed to pay up to $9.25 million to settle a lawsuit over claims it used web tracking tools that shared patients private data without consent. The tools allegedly sent sensitive information from Mychart and other BJC websites to firms like Facebook and Google. The settlement covers patients who use the portal between June 2017 and August 2022. BJC denies wrongdoing. Eligible patients can claim $35 by October 8, with final approval set for October 16. A recently patched macOS flaw, dubbed Sploitlite, could let attackers bypass Apple's Transparency, Consent and Control framework to steal sensitive data. TCC restricts app access to private data by but Microsoft researchers found Spotlight plugins could be exploited to bypass these protections. Using this method, attackers could access Apple intelligence cache data, geolocation information, search history, facial recognition metadata, and even data from other iCloud linked devices. Though Apple patched the bug in MacBooks Sequoia 15.4, the researchers warned its impact is more severe than past TCC bypasses. This is due to sploitlight's ability to quietly extract large amounts of sensitive user data using Spotlight's privilege access, putting both local and remote iCloud linked device data at risk. Endgame Gear has confirmed malware was embedded in a recent version of their mouse configuration tool, hosted on their official site from June 26th through July 9th of this year. Users who downloaded the tool during that window from the product page were infected. Other sources, like the main downloads page, GitHub and Discord provided clean versions. The company, known for high performance gaming mice, didn't detail the breach method. Reddit users initially flagged the issue, noting suspicious differences in the Installer since early June 2025 threat actors have been spreading the Oyster backdoor, also known broomstick or cleanup loader, via trojanized versions of IT tools like Putty and WinSCP in a sophisticated malvertising and SEO poisoning campaign. They created fake sites mimicking legitimate software portals targeting IT pros searching for admin tools. Once victims run the fake installers, Oyster gains persistence through scheduling tasks to execute malicious DLLs. This enables remote access, reconnaissance and further malware deployment. The campaign, active since at least 2023, has also used fake Chrome and Teams installers and may involve keepass. In July, a malicious putty installer signed with a revoked certificate was found on a fake site, while one recent infection was blocked before damage. This underscores the danger of downloading unverified software. The FBI has seized over $2.4 million in Bitcoin from the Chaos ransomware gang, initially confiscating 20.2 Bitcoin in April of this year, then valued at $1.7 million. The US government is now seeking formal forfeiture, alleging the funds are tied to cybercrime, including extortion and money laundering. Chaos is believed to include former Black Suit and royal members and has targeted a variety of sectors. This seizure aligns with a broader Strategy under a March 2025 executive order to build a US strategic Bitcoin reserve from forfeited digital assets. Coming up after the break, my conversation with Jason Schultz, technolog technical leader for Cisco Talos Security. We're talking about their work on the security of PDF files and the unintended privacy paradox of data brokers. Compliance regulations, third party risk and customer security demands are all growing and changing fast. Is your manual GRC program actually slowing you down? If you're thinking there has to be something more efficient than spreadsheets, screenshots and all those manual processes, you're right. GRC can be so much easier, and it can strengthen your security posture while actually driving revenue for your business. You know, one of the things I really like about Vanta is how it takes the heavy lifting out of your GRC program. Their trust management platform automates those key compliance, internal and third party risk, and even customer trust so you're not buried under spreadsheets and endless manual tasks. Vanta really streamlines the way you gather and manage information across your entire business. And this isn't just theoretical. A recent IDC analysis found that compliance teams using Vanta are 129% more productive. That's a pretty impressive number. So what does it mean for you? It means you get back more time and energy to focus on what actually matters, like strengthening your security posture and scaling your business. Vanta GRC Just imagine how much easier trust can be. Visit vanta.com cyber to sign up today for a free demo. That's V A N-T A.com cyber.
[11:36]
Jason Schultz
Foreign.
[11:42]
Dave Bittner
Hey everybody, Dave here. I've talked about Delete Me before and I'm still using it because it still works. It's been a few months now, and I'm just as impressed today as I was when I signed up. DeleteMe keeps finding and removing my personal information from data broker sites, and they keep me updated with detailed reports so I know exactly what's been taken down. I'm genuinely relieved knowing my privacy isn't something I have to worry about every day. The Deleteme team handles everything. It's the set it and forget it peace of mind. And it's not just for individuals. DeleteMe also offers solutions for businesses, helping companies protect their employees personal information and reduce exposure to social engineering and phishing threats. And right now, our listeners get a special deal 20% off your delete me plan. Just go to JoinDeleteMe.com N2K and use promo code N2K at checkout. That's JoinDeleteMe.com N2k code N2K Jason Schultz is technical leader for Cisco Talos Security Intelligence and Resources Research Group. I recently caught up with him to discuss their work on the security of PDF files.
[13:11]
Jason Schultz
Well, I think there's a couple of reasons why PDFs are being exploited in the way that they are. One is, as you noted, it's a pretty ubiquitous file format, so you're going to find PDF readers on almost any computing device that people use today. Another reason why I believe that these things are being exploited is because even though the PDF is attached to the email, there are tricks that the email senders can use to display the PDF sort of in line in the email itself, so they don't necessarily need the victim to click on the attachment in order to view the PDF content.
[13:56]
Dave Bittner
That's interesting. Does the contents of a PDF typically get scanned by a security package most people have in their emails?
[14:06]
Jason Schultz
Absolutely. And if you look back historically, there's been a lot of incidents with malicious PDF files, but the PDF file format itself sort of provides a lot of flexibility for where content is included. I believe in the blog we noted a couple of URLs that were included as annotations in the PDF document. So there's a lot of different places for malicious actors to be able to hide some of this link information or even logos and things of that nature inside of the PDF file format itself. Which is one of the reasons why I think they're moving towards using a lot of QR codes. And the telephone oriented attack delivery or callback phishing is because, you know, when the email is scanned and when the PDF attachment is scanned, the PDF is actually not malicious. But of course if you end up calling that phone number or scanning that QR code, it's going to take you somewhere else where, you know, you're either going to, you know, speak with the attacker over the telephone or you're going to, you know, scan the QR code with your phone. And that's going to take you using a different device, using your cell phone or something like this to an attacker controlled website where they may be able to try to break into your phone or capture credentials that way. And of course cellular networks are not monitored and using all the same tools that an organization might have for their regular corporate network.
[15:50]
Dave Bittner
Well, let's walk through this step by step. Let's say I'm sitting here at my desk at work and I'm minding my own business. This malicious email comes in, I'm browsing through my email and I open this one. What am I going to see?
[16:08]
Jason Schultz
Most of the ones that I see pretty regularly are impersonating services like Microsoft or PayPal. The Microsoft ones tend to be more traditional phishing where they're after the user's account username and password. But then some of the others, your, your PayPal and LifeLock and things like this tend to be more financially motivated where they're, they're trying to actually, you know, they send you something along the lines of an invoice and you know, here's the phone number to call if, if you, if you think this might have been an error. And of course once they get you on the phone, then they use a lot of social engineering techniques to try to convince you that they are the legitimate organization, which of course they are not. So you get one of these in your inbox and typically there's a sense of urgency or it's a topic that you would be interested in. I think we gave the example in the blog of payroll type notifications, but of course invoices and things like this. And you know, a lot of people, they get an invoice that says, hey, we just charged your card for, you know, $600 and call this number. If that's an error, you know, a lot of people are going to see that and be like, hey, wait a second, I never authorized, you know, a charge for this. What they should be doing is of course looking at their credit card statement or actually going to the site without clicking on a link or scanning a QR code or calling a number just to see if that is actually the case. Which of course, if they were to do that, they would note right away that there was actually no charge made to their card.
[18:01]
Dave Bittner
The other technique that you highlight in the research here is telephone oriented attack delivery. You all call it a toad. What goes into that?
[18:12]
Jason Schultz
So, you know, typically when you're dealing with malicious email, a lot of times the indicators of compromise that might be included inside of that email would be things like the IP addresses, URLs that are contained in the message, things of this nature. Telephone numbers are not necessarily a common indicator of compromise that are, that are shared among security vendors and security services. I know inside of Telus we have a dedicated rule team that works on anti scam rules and actually maintain a list of phone numbers that we've seen in malicious emails so that we can block other emails that might include the same telephone number. But then of course you also have the variations on that. I'd seen telephone oriented attack delivery emails where they might substitute a capital letter o for the 0 or an I for a 1 in the phone number, trying to play tricks to make it look like it's not actually a phone number. And any sort of rules that are just generically looking for phone numbers might fail to catch something that's displayed in that particular way. So the telephone oriented attack delivery emails have become just a lot more common because while a malicious link might only have a lifetime of say an hour or on the order of hours, a telephone number might not get blocked for several days. And so they're kind of exploiting that sort of gap in the current protection that exists for most anti spam services. Like I said, they're just not really set up to deal in telephone numbers as an additional indicator of compromise. And threat actors have realized this and moved towards that. The other reason I think for the telephone oriented attack delivery is because if you're looking at it from a purely email perspective. And is this a malicious email? Is this a malicious attachment? Well, the only malicious thing that's in there is going to be the phone number that the victim calls. There's actually no sort of malicious links that'll take you to a site that downloads malware. It's sort of out of band, if you will.
[20:49]
Dave Bittner
Yeah, it reminds Me of that old, I guess, prohibition of, you know, never let someone take you to a second location. In this case, it's, you know, the phone call is the second location, right?
[21:01]
Jason Schultz
It is, it is. Or the QR code. Right. If you get an email through your organization's email and it's got a QR code in there, you scan it with your phone. Now you're using your cellular device, which is on a completely different network, perhaps not even monitored by your organization.
[21:18]
Dave Bittner
Right. So what are your recommendations then? How should organizations best protect themselves here?
[21:25]
Jason Schultz
So there's really two main ways to defend against these sorts of things. One is going to be, of course, on the technical side. You know, we've got our brand impersonation detection engine that we have developed that's looking for things like, you know, logos or copyright claims in attachments and then looking to see where those messages originate. You know, someone's claiming to be PayPal by some sort of form of PDF attachment or other, but then it's not being sent from the PayPal organization, that's quite suspicious. So there are technical means to be able to identify some of these, but ultimately users tend to be the weakest link in any sort of security system. So education of users, letting people know, these are the brands that are the top brands that are being being used in brand impersonation. And so if you get one of these and it's from one of these brands, maybe you should take a little bit deeper look at it. You know, maybe it should raise your, your suspicion level just a little bit. So I think pairing the, the technical means of stopping this with the educational aspect is really kind of the best way to sort of neutralize these malicious type emails.
[22:52]
Dave Bittner
That's Jason Schultz from Cisco Talos. We'll have a link to their research in the show. Notes. Did you know active directory is targeted in 9 out of 10 cyber attacks? Once attackers get in, they can take control of your entire network. That's why Semperis created Purple Knight, the free security assessment tool that scans your active directory for hundreds of vulnerabilities and shows you how to fix them. Join thousands of IT pros using Purple Knight to stay ahead of threats. Download it now at sempris.com purple-knight that's sempris.com purple knight. Bad actors don't break in. They log in. Attackers use stolen credentials in nearly nine out of 10 data breaches. Once inside, they're after one thing. Your data. Varonis AI powered data security platform secures your data at scale across las SaaS and hybrid cloud environments Join thousands of organizations who trust Varonis to keep their data safe. Get a free data risk assessment@veronis.com and finally, it turns out, when you ask data brokers what they know about you, the response is often silence. A new study from UC Irvine reveals that about 40% of California's registered data brokersthose folks profiting off your digital breadcrumbsignored legally mandated requests for data disclosures. Many others responded with a confusing choose your own adventure of forms, phone calls, and hoop jumping. In a wry twist, these privacy hawkers suddenly care about identity verification, but only when you're trying to opt out. Researchers call it an unintended privacy paradox. To protect your privacy, you have to hand over even more personal information. Critics say the law is clear, but enforcement is limp and friction filled. Opt outs seem designed to discourage people from even trying to as one expert put it, it's privacy theater, just without an intermission. And that's the CyberWire. For links to all of today's stories, check out our daily briefing at TheCyberWire.com we'd love to hear from you. We're conducting our annual audience survey to learn more about our listeners. We're collecting your insights through the end of August. There's a link in the show Notes. Please do check it out. N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music by Elliot Peltzman. Our executive producer is Jennifer Iban. Peter Kilpe is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow.
[26:48]
Jason Schultz
Foreign.
[26:56]
Dave Bittner
Is AI built for the Enterprise soc, fully private schema, free and capable of running in sensitive air gapped environments. Krogle autonomously investigates thousands of alerts weekly, correlating insights across your tools without data leaving your perimeter. Designed for high availability across geographies, it delivers context aware, auditable decisions aligned to your workflows. Krogle empowers analysts to act faster and focus on critical threats, replacing repetitive triage with intelligent automation to help your SOC operate at scale with precision and control. Learn more@krogle.com that's C-R-O GL.com.