The bug that let anyone in. - CyberWire Daily

Summary6 min read

CyberWire Daily: The Bug That Let Anyone In
Release Date: July 3, 2025
Host: Dave Buettner | N2K Networks

Introduction

In the July 3, 2025 episode of CyberWire Daily, hosted by Dave Buettner, listeners are presented with a comprehensive overview of the latest cybersecurity threats, vulnerabilities, and industry responses. The episode, titled "The Bug That Let Anyone In," delves into significant security breaches, legislative changes, and expert analyses that shape the current cybersecurity landscape.

Key Security Vulnerabilities and Threats

Pseudo Vulnerabilities in Linux Systems
- Timestamp [00:22:45]
- Summary: Security researchers uncovered two critical elevation of privileges (EoP) vulnerabilities in the Linux utility 'Pseudo,' a staple in servers and workstations globally.
  - First Vulnerability: Allows local users to gain root access by exploiting the chroot function, affecting systems like Ubuntu and Fedora. Introduced in June 2023, users are urged to upgrade immediately.
  - Second Vulnerability: A 12-year-old EoP bug affecting multiple stable and legacy versions, enabling privilege escalation via host directives. Despite its low severity, it underscores the need for rigorous environment audits and system patching.
- Quote: "These vulnerabilities highlight operational gaps," emphasized a representative from Strata Scale, urging businesses to strengthen detection mechanisms and patch promptly.
Cisco's Removal of Critical Backdoor
- Timestamp [00:23:10]
- Summary: Cisco has eradicated a critical backdoor in its Unified Communications Manager, which previously allowed unauthenticated remote access with root privileges. Originating from leftover static credentials during development, this flaw permitted attackers to execute commands as Root.
- Response: Cisco has issued indicators of compromise (IoCs) to aid in breach detection and advised administrators to apply the necessary patches, noting no active attacks have been reported thus far.
- Context: This incident follows a series of backdoor removals from various Cisco products, highlighting the persistent risks associated with hard-coded credentials in enterprise infrastructures.
Shutdown of Hunters International Ransomware Group
- Timestamp [00:24:00]
- Summary: The Hunters International Ransomware Group has ceased operations, offering free decryptors to assist victims in recovering data without ransom payments. Their closure is likely a response to intensified law enforcement actions and declining profitability.
- Impact: This group, suspected to be a rebranded version of Hive, targeted nearly 300 organizations globally, including significant entities like the US Marshals Service and Tata Technologies.
- Future Threats: Analysts caution that the cessation of Hunters International does not mark the end of their threat actors, who may affiliate with other ransomware or data extortion groups.
Data Breach at Centers for Medicare and Medicaid Services (CMS)
- Timestamp [00:25:30]
- Summary: CMS is notifying over 103,000 individuals about a data breach where fraudsters created fake Medicare.gov accounts using valid beneficiary information, including personal identifiers.
- Actions Taken: CMS has deactivated the affected accounts, replaced Medicare cards for victims, and blocked new account creations from foreign IP addresses.
- Concerns: While no data misuse has been reported, the incident aligns with broader trends of increasing cybercriminal targeting of government healthcare programs.
North Korean Cyber Campaign 'Nimdor' Targeting macOS
- Timestamp [00:26:45]
- Summary: Sentinel Labs uncovered 'Nimdor,' a sophisticated North Korean cyber campaign targeting Web3 and cryptocurrency firms. Utilizing novel macOS malware, the campaign employs multi-stage attacks involving social engineering and disguised Zoom SDK scripts.
- Features: The malware leverages the NIM programming language and encrypted web socket communications, enhancing its evasion capabilities and ensuring long-term access even post-shutdown.
Massive Phishing Campaign Using Fake Retail Websites
- Timestamp [00:28:00]
- Summary: Researchers identified a large-scale phishing operation deploying thousands of counterfeit retail websites mimicking brands like Apple and PayPal to harvest credit card data.
- Origins: Initially detected in Mexico, the campaign targets both English and Spanish-speaking users globally, with technical indicators suggesting Chinese cybercriminal involvement.
- Persistence: Despite takedown efforts, many phishing sites remain active, underscoring the enduring threat of retail-themed phishing scams.

Expert Interview: Tim Starks on Supreme Court Decisions Affecting Cybersecurity

Guests: Tim Starks, joined by Ben Yellen from the University of Maryland Center for Cyber Health and Hazard Strategies.
Timestamp [00:13:45] - [00:22:33]

Universal Injunctions Supreme Court Ruling
- Summary: The Supreme Court invalidated the practice of universal injunctions, where district court rulings apply nationwide beyond the involved parties. This decision impacts how challenges to executive actions, such as policies on birthright citizenship, are addressed.
- Implications for Cybersecurity: Plaintiffs can no longer obtain nationwide injunctions for unconstitutional policies, necessitating localized legal actions that may complicate nationwide regulatory changes, including those related to data privacy and cybersecurity measures.
- Quote: "You're no longer gonna have this out where you just have to find one plaintiff in one district and you can get the entire policy struck down across the country," explained Tim Starks.
Texas Supreme Court Upholds Age Verification for Pornographic Websites
- Summary: In Free Speech Coalition Incorporated v. Paxton, the Supreme Court upheld Texas's statute requiring age verification for accessing pornographic websites, ruling it constitutional under intermediate scrutiny rather than strict scrutiny.
- Details: The law aims to prevent children from accessing such content, allowing measures like uploading government-issued IDs. The majority opinion deemed these requirements as substantially related to the government's interest, despite dissenting opinions advocating for stricter scrutiny.
- Future Outlook: This ruling sets a precedent that may lead to similar age verification laws in other states, affecting how adult access to online content is managed.
- Quote: "Texas made a reasonable judgment that the best way to achieve the objective of keeping kids away from pornographic material is to have age verification procedures," Starks noted.

Additional News Highlights

Microsoft Advises Ignoring Windows Firewall Error Warnings
- Timestamp [00:27:00]
- Summary: Microsoft has instructed users to disregard Windows firewall error messages labeled Event 2042, which emerged following the June 2025 preview update on some Windows 11 systems. These errors are non-impactful and merely appear in event logs without affecting system functionality.
Google Ordered to Pay $314 Million for Unauthorized Data Collection
- Timestamp [00:28:30]
- Summary: A California jury has mandated Google to pay $314 million in a class-action lawsuit alleging unauthorized collection of Android user data over cellular networks without consent. The lawsuit contends that Google's passive data transfers continue even when apps are closed and devices are idle.
- Google's Stance: The company intends to appeal, arguing that data transfers are minimal, essential for security, and consented to via user settings and terms of use.

Ransomware Negotiations and Ethical Dilemmas

Timestamp [00:31:00]
Summary: The episode concludes with an exploration of ethical issues within ransomware negotiation firms. Digital Mint, a company specializing in negotiating with ransomware attackers, is under investigation for an employee allegedly orchestrating side deals with hackers to profit from ransom payments.
Implications: This incident highlights the potential conflicts of interest in ransomware negotiations, where negotiators might be incentivized to maximize ransom demands rather than minimize them, thereby perpetuating the cycle of cyber extortion.
Expert Insight: Analysts caution that even firms dedicated to mitigating ransomware threats must maintain stringent ethical standards to preserve trust and effectiveness in combating cybercriminal activities.

Conclusion

The "The Bug That Let Anyone In" episode of CyberWire Daily offers a detailed examination of recent cybersecurity vulnerabilities, incidents, and legal developments. From critical Linux bugs and Cisco's backdoor removal to significant Supreme Court rulings impacting cybersecurity policies, the episode provides valuable insights for industry professionals and stakeholders. Expert interviews further elucidate the implications of legal decisions on cybersecurity practices, emphasizing the evolving intersection between law and technology.

Featured Advertisements and Sponsors

While the episode primarily focuses on cybersecurity news and analysis, several advertisements and sponsor messages are interspersed, promoting services such as Hyperproof for compliance automation, Sempras's Purple Knight for Active Directory security assessments, Spy Cloud's identity threat protection, Venmo debit services, and personal information removal services like Deleteme.

Closing Remarks

Dave Buettner wraps up the episode by reminding listeners of upcoming programming changes due to Independence Day and encourages participation in the annual audience survey. The episode underscores the importance of staying informed and proactive in the dynamic field of cybersecurity.

Produced By:

Senior Producer: Alice Carruth
Producer: Liz Stokes
Mixing Engineers: Elliot Peltzman and Trey Hester
Executive Producer: Jennifer Ibin
Publisher: Peter Kilpe

Stay Connected:
For more detailed stories and daily briefings, visit The CyberWire.

Loading summary

Transcript24 lines

[00:02]
Dave Buettner
You're listening to the CyberWire network, powered by N2K.
[00:13]
Ben Yellen
Risk and compliance shouldn't slow your business down. Hyperproof helps you automate controls, integrate real time risk workflows, and build a centralized system of trust so your teams can focus on growth, not spreadsheets. From faster audits to stronger stakeholder confidence, Hyperproof gives you the business advantage of Smarter compliance. Visit www.hyperproof.IO to see how leading teams are transforming their GRC programs. Patch your Linux systems no SER pseudo Patch your Linux systems Cisco has removed a critical backdoor account that gave remote attackers rude privileges. The Hunters International Ransomware Group rebrands and closes up shop. The Centers for Medicare and Medicaid services notifies over 100,000 people that their personal data was compromised. Nimdor is a sophisticated North Korean cyber campaign targeting macOS. Researchers uncover a massive phishing campaign using thousands of fake retail websites. The FBI's top cyber official says Salt Thai food is largely contained. Microsoft tells customers to ignore Windows firewall error warnings. A California jury orders Google to pay $314 million for collecting Android user data without consent. Ben Yellen shares insights from this year's Supreme Court session and ransomware negotiations with a side of side hust. It's Thursday, July 3rd, 2025. I'm Dave Buettner, and this is your CyberWire Intel Briefing. Thanks for joining us here today. It's great as always to have you with us. Security researchers have found two serious elevation of privileges vulnerabilities in pseudo the critical Linux utility installed on nearly all servers and workstations. The first flaw affects multiple versions. It lets local users gain full root access by abusing the chroot function, even without specific sudo rules. The bug was introduced in June 2023 and impacts multiple systems like Ubuntu and Fedora. Users are urged to upgrade immediately. The second flaw is an elevation of privilege bug that remained hidden for 12 years. It affects multiple stable versions and legacy versions, allowing privilege escalation in configurations using host or host alias directives common in enterprises. Though low in severity, it still poses a risk, Strata Scale warns these vulnerabilities highlight operational gaps or, urging businesses to audit environments, strengthen detection and patch systems to avoid hidden threats, undermining trust and compliance. Cisco has removed a critical backdoor account from its Unified Communications Manager that allowed unauthenticated remote attackers to log in with root privileges. The flaw results from static root credentials left over from development and testing. There are no workarounds. Admins must upgrade or apply patches. Successful exploitation lets attackers execute commands as Root. While Cisco has seen no active attacks yet, it released indicators of compromise to help detect breaches. This was the latest in a series of backdoor removals from Cisco products, including previous issues in iOS, XE DNA Center WAS and smart licensing Utility, highlighting ongoing risks from hard coded credentials in enterprise infrastructure. The Hunters International Ransomware Group has shut down its operations and is offering free decryptors to help victims recover data without paying ransoms. In a dark Web statement, the gang cited recent developments for its closure, likely referencing increased law enforcement scrutiny and declining profits. Hunters International emerged in late 2023 and was suspected to be a rebrand of Hive due to code similarities. It targeted nearly 300 organizations worldwide, including the US Marshals Service, Hoya, Tata Technologies, AutoCanada, Austral USA, Integris Health and Fred Hutch Cancer Center. While it previously combined encryption with extortion, the group recently launched WorldLeaks, an extortion only operation. Victims can request decryption tools and recovery guidance via the gang's website. Threat analysts warn this shutdown does not end its threat actors activities, as affiliates may migrate to other ransomware or data extortion groups. The Centers for Medicare and Medicaid Services cms is notifying 103,000 people that their personal data was compromised and after Fraudsters created fake Medicare.gov accounts using valid beneficiary information Between 2023 and 2025, the scheme came to light in May when beneficiaries reported account creation letters they didn't initiate. Attackers used stolen data, including Medicare beneficiary identifiers, dates of birth and zip codes from unknown external sources to create accounts and potentially access additional information like provider details, diagnoses and premium data. CMS deactivated affected accounts, replaced Medicare cards for victims, and blocked new account creation from foreign IP addresses. While no misuse has been reported yet, CMS continues to investigate. The incident follows broader warnings about rising healthcare scams exploiting people's fear of losing access to care as cybercriminals increasingly target government healthcare programs for profit. Sentinel Labs has uncovered a sophisticated North Korean Cyber campaign targeting Web3 and cryptocurrency firms using new macOS malware called Nimdor, revealed on July 2. The report details multi stage attacks leveraging social engineering, fake Zoom updates and the rare NIM programming language to evade detection. Hackers pose as trusted contacts on Telegram, sending malicious Zoom SDK scripts heavily disguised to install additional tools. Once inside, they deploy a C injector to steal keychain passwords, browser data and Telegram chats, and install Nimdor for long term access. The malware uses encrypted web socket communications and techniques to stay active even after a shutdown. Sentinel Labs warns that North Korea's adoption of cross platform languages like NIM plus clever AppleScript use makes detection harder. The report urges companies to strengthen defenses against these evolving persistent threats. Targeting the crypto and Web three sector researchers uncovered a massive phishing campaign using thousands of fake retail websites impersonating brands like Apple, PayPal, Nordstrom and Hermes to steal credit card data. First flagged in Mexico, security firm Silent Push found it targets English and Spanish users globally. Some sites convincingly mimic retail stores with scraped listings and Google pay widgets, while others are poorly built. Technical indicators suggest Chinese cybercriminals are behind it. Many sites remain active despite takedowns highlighting the persistent threat of retail themed phishing scams. In an interview with Tim Starks from Cyberscoop, Brett Leatherman, the FBI's new top cyber official, said Chinese hackers behind the telecommunications breach known as Salt Typhoon are currently largely contained and dormant within network networks but still pose a threat. Although Salt Typhoon is known for espionage, Leatherman warned their access could pivot to destructive actions similar to Volt Typhoon, which is pre positioned in US Critical infrastructure. Nine US Telecom companies were impacted, with more victims identified abroad due to information sharing. Leatherman emphasized continued focus on victim support, resilience and deterrence. Though offensive operations require further attribution, evicting Salt Typhoon remains challenging due to their entrenched foothold. He also flagged North Korean IT scams as a growing insider risk that could evolve into intellectual property theft or brokering access for broader cyber operations. Microsoft has told customers to ignore Windows firewall error warnings labeled Event 2042, appearing after the June 2025 preview update on some Windows 11 systems. These config read failed errors result from a new unfinished feature and do not affect firewall functionality or system processes. Microsoft said no action is required and they're working on a fix. The errors appear in event viewer logs but can be safely disregarded, according to the company's Windows release Health Dashboard. This week, a California jury has ordered Google to pay $314 million for collecting Android user data over cellular networks without consent. In a class action lawsuit dating back to 2019, plaintiffs argued Google's passive data transfers used users paid cellular data for its own benefit, including targeted ads, and continued even after apps were closed. The lawsuit said these transfers occurred silently, even while devices sat idle overnight and couldn't be fully disabled. Google argued the data transfers are minimal and essential for security and device performance, stating users consented through Settings and Terms of Use. A spokesperson said Google will appeal, calling the ruling a setback for users. Coming up after the break, Ben Yellen shares insights from this year's Supreme Court session and ransomware negotiations with a side of side hustle. Stick around. Did you know Active Directory is targeted in 9 out of 10 cyber attacks? Once attackers get in, they can take control of your entire network. That's why Sempras created Purple Knight, the free security assessment tool that scans your active directory for hundreds of vulnerabilities and shows you how to fix them. Join thousands of IT pros using Purple Knight to stay ahead of threats. Download it now at sempris.com purple-knight that's sempris.com purple knight foreign and now a word from our sponsor. Spy Cloud identity is the new battleground and attackers are exploiting stolen identities to infiltrate your organization. Traditional defenses can't keep up. Spy Cloud's holistic identity threat protection helps security teams uncover and automatically remediate hidden exposures across your users from breaches, malware and phishing to neutralize identity based threats like account takeover, fraud and ransomware. Don't let invisible threats compromise your business. Get your free corporate darknet exposure report@spycloud.com cyberwire and see what attackers already know. That's spycloud.com cyberwire and joining me once again is Ben Yellen. He is from the University of Maryland center for Cyber Health and Hazard Strategies. Ben, it's always great to have you back.
[13:45]
Tim Starks
Good to be with you, Dave.
[13:46]
Ben Yellen
We just finished up our Supreme Court term here for the year and there's some cases here that caught your eye that are worth sharing with our audience here. What do you got?
[13:57]
Tim Starks
There are really two cases that caught my eye. One applies very generally and that means it does apply to a lot of the topics you cover on the daily podcast and over on Caveat. And one I think is more specific to the world of cyber world of data privacy. So I'll talk about the general one first. This is a case that has to do with what are called universal injunctions. So it's the ability of individual federal district court judges to issue holdings that don't only apply to the parties in that case, whether that party is an individual plaintiff or something like a state, but applies across the country. So this has been a phenomenon going back 20, 25 years. We've had a lot of these so called universal injunctions. This case was about one or a few of them actually relating to a Trump administration executive order on birthright citizenship. So that executive order narrowed the definition of birthright citizenship in the United States. Some individual plaintiffs as well as states brought litigation saying that this new policy violates the 14th Amendment, which says that anybody born in the United States and subject to the jurisdiction of the United States is a citizen of the United States.
[15:07]
Ben Yellen
Okay?
[15:08]
Tim Starks
And those parties obtained universal injunctions. So court said, not only am I ruling out or forbidding enforcement of this policy against the plaintiffs in this case, but I am prohibiting the enforcement of this policy across the entire country. And in a 6, 3 decision, the Supreme Court said, that is no longer acceptable. It is not within the traditions of our judicial system. It's not well grounded in the Constitution or in the Judiciary act of 1789, which governs a lot of how our judicial branch works. So what that means in practice is even if you as a plaintiff think that a executive action, whether it's a bill that's signed or whether it's an executive order, if you think that's blatantly unconstitutional, you're gonna have to go court by court across the country with a class of plaintiffs that meet standing requirements to get specific injunctions that apply to a bunch of plaintiffs. You're no longer gonna have this out where you just have to find one plaintiff in one district and you can get the entire policy struck down across the country. So now, the one way you would get that type of universal applicability would be to do a class action lawsuit, and you'd have to establish a really large class. And that's a very difficult, cumbersome process. So it's going to be much harder to obtain universal nationwide relief, judicial relief from some of these policies. And I think that could have wide reaching implications in all spheres of the law.
[16:47]
Ben Yellen
So, for example, for our cyber concerns, you could see if someone brought a case where they thought there was some unconstitutional privacy concern, for example, it would not be allowed to be paused nationwide.
[17:04]
Tim Starks
Exactly. So let's say you had a bunch of plaintiffs in the state of Maryland, where we are, they could sue in a federal district court in Maryland. Whatever decision that court came up with, if they issued an injunction against enforcement of that policy, that injunction could only apply to that class of plaintiffs in the state of Maryland. It can only apply to the litigants in this case. Now, incidentally, if it applies to the plaintiffs in Maryland, then it will probably end up applying to almost everybody in Maryland. Like, if it's some type of privacy policy, it will apply to everybody within that jurisdiction, but it wouldn't apply to people across the country that are subject to the jurisdiction of other federal district courts. So that's just a tool that's now out of the toolbox. You can't obtain these nationwide injunctions. And we've seen a lot of them not only during the Trump administration, but also the Biden administration on the other side. A lot of people in the conservative legal community were going to a single district court judge in Texas during the Biden administration to try to obtain these universal injunctions against policies they didn't agree with. And they were successful. And that's no longer a tool that's going to be available to them next time we have a Democratic president.
[18:22]
Ben Yellen
Interesting. All right, well, the next one is a little more directly related.
[18:27]
Tim Starks
Yeah. So this one comes from the state of Texas. This is a case called Free Speech Coalition Incorporated v. Paxton, who is the Attorney General of Texas. So Texas passed a statute requiring age verification for accessing pornographic websites. The rationale of course, being that they don't want children to access this type of pornographic material, which is self explanatory. Seems very reasonable.
[18:54]
Ben Yellen
Yeah.
[18:54]
Tim Starks
Free Speech Coalition is a group of free speech advocates. They were joined by representatives of many of these pornographic websites in suing the state of Texas, saying that this is a violation of adults First Amendment rights. So the thinking is, even though this policy is designed to prevent children from accessing these websites, it will have an impact on adults who have First Amendment associational rights to view this type of pornographic material. By having required age verification, it might burden adults ability to view this material.
[19:29]
Ben Yellen
Right.
[19:30]
Tim Starks
So the Supreme Court in this case, another 6:3 decision along ideological lines, upheld the constitutionality of this Texas law. A big question was what level of scrutiny would apply to the statute. Generally, when you have a restriction on speech based on its content, courts will apply what's called strict scrutiny, which is the highest level of scrutiny, which in normal parlance just means you better have a darn good reason to do what you're doing.
[19:59]
Ben Yellen
Right.
[20:01]
Tim Starks
And the dissent was adamant in saying that strict scrutiny should apply here. And even though Texas does have a compelling interest in preventing children from accessing pornographic material, they are not using the least restrictive means of achieving that objective. There are other ways that you could stop children from accessing these websites without having what they consider to be burdensome procedures for age verification, which might include things like submitting personally identifiable information that then go on the Internet that are sold on the dark web potentially.
[20:35]
Ben Yellen
Right, right. You have leaks and things.
[20:37]
Tim Starks
Exactly. The majority opinion said that strict scrutiny should not apply that in cases where there is no facial prohibition on adults accessing these websites, it's only an incidental burden. And really the policy is intended to keep children from accessing this website, then only intermediate scrutiny, which is kind of the middle level of scrutiny, should apply. And as long as the government has an important interest here, which Texas does, and the means of achieving that interest is substantially related to that interest, then the law is constitutionally permissible. And what the Supreme Court is saying here is Texas made a reasonable judgment that the best way to achieve the objective of keeping kids away from pornographic material is to have age verification procedures. That that is constitutionally acceptable. They don't have to find the least restrictive means of achieving that objective as long as they're using means that are pretty closely related to achieving those legislative ends. So as a result, I think we're gonna see a lot more laws across the country with age verification requirements for pornographic websites. Now, the Supreme Court has said that requiring people to submit proof of age beyond just, hey, click this box if you're 18. But let's you upload a government issued ID or there are some other procedures that send people to party third. Third party sites where they have to upload their id. Yeah, that. That type of requirement is now deemed constitutional according to our Supreme Court. So I think that's going to impact regulations on access to these websites in a whole bunch of different states.
[22:23]
Ben Yellen
Yeah. Interesting. All right, well, Ben Yellen is from the University of Maryland center for Cyber Health and Hazard Strategies. Ben, thank you for joining us and explaining it.
[22:34]
Tim Starks
Always good to be with you, Dave.
[22:49]
Ben Yellen
Did you know Active Directory is targeted in 9 out of 10 cyber attacks? Once attackers get in, they can take control of your entire network. That's why Sempras created Purple Night, the free security assessment tool that scans your active directory for hundreds of vulnerabilities and shows you how to fix them. Join thousands of IT pros using Purple Knight to stay ahead of threats. Download it now at sempras.com purple-knight that's sempress.com purple-night.
[23:26]
Dave Buettner
With a venmo debit card, you can Venmo more than just your friends. You can use your balance in so many ways. You can Venmo everything. Need gas? You can Venmo this. How about snacks? You can Venmo that. Your favorite band's merch. You can Venmo this or their next show. You can Venmo that. Visit Venmo Me Debit to learn more. The Venmo MasterCard is issued by the Bancorp bank, and a pursuant to license, my MasterCard International Incorporated card may be used everywhere MasterCard is accepted. Venmo purchase restrictions apply.
[24:00]
Ben Yellen
And finally, our Ransom Shenanigans desk tells us that Digital Mint, a company that negotiates with ransomware hackers on behalf of victims, is now investigating one of its own. The former employee allegedly struck side deals with hackers to pocket some extra crypto because apparently salary negotiations weren't enough excitement. Digital Mint swiftly fired the employee, who remains unnamed and is cooperating with the Justice Department's probe. CEO Jonathan Solomon assured clients they acted swiftly, while President Mark Grenz touted transparency as Digital Mint's cultural backbone. Meanwhile, cybersecurity experts dryly note that ransomware negotiators aren't exactly incentivized to lower demands if their profits scale with payment size. As ever, analysts caution that paying ransoms only emboldens attackers. In short, even ransomware negotiators may need their own negotiators, preferably ones without side hustles. And that's the Cyber Wire or links to all of today's stories. Check out our daily briefing@thecyberwire.com a programming note that we will not be publishing tomorrow, July 4th. In observation of Independence Day here in the US we plan to share some programming from across the N2K CyberWire network for you to enjoy. Have a safe holiday. We'd love to hear from you. We're conducting our annual audience survey to learn more about our listeners. We're collecting your insights through August 31st. There's a link in the show Notes. Please do check it out. N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Elliot Peltzman and Trey Hester, with original music by Elliot Peltzman. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher, and I'm Dave Buettner. Thanks for listening. We'll see you back here next week. Hey, everybody, Dave here. I've talked about Deleteme before, and I'm still using it because it still works. It's been a few months now, and I'm just as impressed today as I was when I signed up. Deleteme keeps finding and removing my personal information from data broker sites, and they keep me updated with detailed reports so I know exactly what's been taken down. I'm genuinely relieved. Knowing my privacy isn't something I have to worry about every day. The Deleteme team handles everything. It's the set it and forget it. Peace of mind. And it's not just for individuals. Deleteme also offers solutions for businesses, helping companies protect their employees personal information and reduce exposure to social engineering and phishing threats. And right now, our listeners get a special deal. 20% off your DeleteMe plan. Just go to JoinDeleteMe.com N2K and use promo code N2K at checkout. That's JoinDeleteMe.com N2k code N2K.