CyberWire Daily — "The Spy Who Sold Out"
Date: October 24, 2025
Host: Dave Bittner, N2K Networks
Guest: Chris Inglis, Former U.S. National Cyber Director
Episode Overview
This episode delivers a comprehensive roundup of the latest cybersecurity news, focusing on issues ranging from cyber-espionage, key vulnerabilities, and attacks orchestrated or affecting major nation-states—particularly Russia and China. The highlight of the episode is an extended interview with Chris Inglis, the first U.S. National Cyber Director, about cybercrime, the upcoming documentary Midnight in the War Room, and the broader societal complacency toward cybersecurity threats.
Key Stories and Discussion Points
1. Espionage: Former Defense Contractor Charged
- Case Summary: Peter Williams, ex-director of L3Harris Technologies’ Trenchant division, is charged with stealing and attempting to sell seven trade secrets to a buyer in Russia between April 2022 and August 2025.
- Details:
- Williams, an Australian national, faces forfeiture of $1.3 million, luxury goods, and crypto accounts.
- L3Harris and Trenchant (not implicated) are known for zero-day vulnerability research.
- Williams is scheduled for arraignment on October 29 in Washington federal court.
- (02:40)
2. Russian Cybercrime and Geopolitics
- Russia’s Shifting Stance:
- Recent law enforcement actions, including Operation Endgame (2024), show Russia is pivoting from tolerance to selective enforcement of cybercrime.
- Evidence of collaboration between Russian intelligence and cybercriminals blurs lines between crime and state activity.
- Underground Impact:
- Forums plagued by mistrust, infiltration, and decentralization.
- Western responses include payment bans and preemptive cyberstrikes.
- Quote:
"Russia now actively manages cybercriminals, using them as geopolitical tools while balancing external pressure, internal control and strategic utility." (03:30)
3. Critical Infrastructure: DDoS Attack on Russia
- Attack Summary:
- Russia’s agricultural watchdog, Rosselkozhnodor, was hit by a massive DDoS, disrupting food shipments for hours.
- Key systems, including Mercury (veterinary documentation platform), were paralyzed.
- Authorities deny data compromise, claim system restoration.
- (05:20)
4. Vulnerabilities in Major Networking Equipment
-
TP-Link Routers:
- Forescout Research’s Videra Labs discover two critical flaws:
- Command injection (via improper WireGuard key sanitization)
- Exploitable debug functionality (hidden CLI for root SSH login)
- Exploits allow root access; patches expected by Q1 2026.
- Advice: Immediate patching, perimeter controls, hardened admin access recommended.
- (06:25)
- Forescout Research’s Videra Labs discover two critical flaws:
-
Microsoft Windows Servers:
- Emergency update issued for critical WSUS RCE flaw—can be exploited remotely without user interaction and can spread between Windows Update servers.
- Action: Apply cumulative OOB update, reboot, or block certain ports if immediate patching is impossible.
- (07:30)
-
CISA ICS Advisories:
- 8 new alerts relate to Schneider Electric, Hitachi Energy, Siemens, and Delta Electronics products.
- Advisories urge immediate review and patching of affected control systems.
- (08:20)
5. Emerging Threats: Shadow Escape LLM Attack
- Discovery:
- Operant AI identifies "Shadow Escape"—a "zero-click" attack exploiting the Model Context Protocol (MCP) in LLMs like ChatGPT and Gemini.
- Attackers can exfiltrate sensitive data (SSNs, medical files) via innocuous documents, bypassing traditional defenses.
- Urgency:
- Organizations urged to audit AI integrations immediately to prevent silent data leaks.
- Quote:
"Trillions of records may already be at risk." (09:30)
6. Seasonal Threats: Halloween Scams
- Bitdefender Reports:
- Surge in Halloween-themed scams, mostly (63%) phishing campaigns targeting US users.
- Main vectors: fake retail sales, giveaways, crypto offers through phishing and malicious ads.
- Advice:
- Verify links, avoid downloads from ads, be skeptical of free offers.
- (10:35)
Featured Interview: Chris Inglis on Cybercrime and Complacency
(13:19 – 26:10)
1. Documentary “Midnight in the War Room”
- Motivation:
- Inglis joined to shed light on societal and institutional complacency in cyberspace.
- Quote:
"The greatest threat is complacency—either a lack of understanding or a willful ignorance of what's going on." — Chris Inglis (15:20)
2. Assessing Society’s Cybersecurity Stance
- State of Affairs:
- “We're on our back foot”—society’s dependence on digital infrastructure has not been matched with investments in resilience, technology, or skills.
- Quote:
"We haven't made those investments in terms of the inherent resilience of the technology and the skills of the people… Not just IT and cyberspecialists, but everybody who uses that space." — Inglis (15:55)
3. Obstacles to Progress
- Key Points:
- Tech innovation outpaces security integration.
- Cyber weaknesses are “insidious” and subtle.
- Over-reliance on IT/cyber professionals to solve systemic user-driven risks.
- Quote:
"For 50 years of the Internet, we've always promised ourselves… we'll then put an overlay on it that makes it safe, resilient and robust. But we never come back because we keep going forward." — Inglis (16:50)
4. Educating and Empowering Users
- Effective Communication:
- Frame cybersecurity around what users already value—family, commerce, personal interests.
- Use relatable analogies:
"Race cars have bigger brakes so they can go faster. It's about the performance of the car." (18:54)
- Focus: Make security personal, not abstract.
5. Critical Infrastructure Vulnerability
- Concern:
- “Very” vulnerable, as shown by case of Volt Typhoon, a Chinese state actor implanting malware in US critical systems.
- Analogies:
- U.S. has made robust investments in transportation safety—similar rigor is needed for cyber.
- Quote:
"We don't have that same confidence in cyberspace. We've done none of that foundational work." — Inglis (22:30)
6. Federal Budget Cuts
- Analysis:
- Budget cuts are "an own goal." Existing resources are stretched at a time of increased reliance.
- Quote:
"It has the collateral effect... of taking some of these resources out at the very moment that we should be investing in them and upsizing them." — Inglis (23:10)
7. Documentary’s Intended Impact
- Message:
- Individuals should recognize their direct stake and active role, not see cybersecurity as someone else's problem.
- Inspiration:
"One of the great tragedies in life is doing nothing when you can only do a little. Each of us can do a little…that in sum adds up to… collective defense." — Inglis, citing Edmund Burke (25:30)
Closing Highlights
WhatsApp’s Missing Million-Dollar Exploit (27:36)
- At PWN to Own Ireland 2025, a researcher called "Eugene" withdrew a highly anticipated WhatsApp zero-click exploit reportedly worth $1 million. While Meta will see the exploit privately, speculation abounds about its true readiness.
- Quote:
"In cybersecurity, as in show business, the biggest headline is the one that never hits the stage." — Dave Bittner (29:00)
Notable Quotes & Timestamps
| Time | Speaker | Quote / Insight | |--------|--------------|-------------------------------------------------------------------------| | 15:20 | Chris Inglis | "The greatest threat is complacency—either a lack of understanding or willful ignorance." | | 16:50 | Chris Inglis | "For 50 years of the Internet, we've always promised ourselves...we'll then put an overlay on it that makes it safe, resilient, and robust. But we never come back because we keep going forward." | | 18:54 | Chris Inglis | "Race cars have bigger brakes so they can go faster. It's about the performance of the car." | | 22:30 | Chris Inglis | "We don't have that same confidence in cyberspace. We've done none of that foundational work." | | 23:10 | Chris Inglis | "It has the collateral effect...of taking some of these resources out at the very moment that we should be investing in them and upsizing them." | | 25:30 | Chris Inglis | "One of the great tragedies in life is doing nothing when you can only do a little. Each of us can do a little..." |
Important Timestamps
- 02:40 — Former defense contractor charged with espionage
- 05:20 — DDoS attack on Russian food supply
- 06:25 — TP-Link router vulnerabilities
- 09:30 — "Shadow Escape" LLM attack discovered
- 13:19 — Chris Inglis interview begins
- 18:54 — "Race car brakes" analogy on security
- 22:30 — Analogy with transportation infrastructure
- 27:36 — WhatsApp's missing million-dollar exploit
Conclusion
This episode emphasizes the evolving landscape of cyber threats, the urgent need for foundational investments in both technology and user skills, and the societal complacency that remains a critical vulnerability. Chris Inglis’s insights underscore that cybersecurity is everyone’s challenge; collective vigilance, education, and action are essential, not optional.
For further learning, find links and recommendations in the daily briefing at cyberwire.com, and consider checking out the upcoming documentary Midnight in the War Room for a deeper dive.