A

You're listening to the Cyberwire Network powered by N2K. Are you ready for AI in cybersecurity? Demand for these skills is growing exponentially for cybersecurity professionals. It's why CompTIA, the largest vendor neutral certification authority, is developing SEC AI Plus. It's their first ever AI certification focused on artificial intelligence and cybersecurity and is designed to help mid career cybersecurity professionals demonstrate their competencies with AI tools. And that's why N2K's SEC AI practice exam is coming out this year to help you prepare for the certification release in 2026. To find out more about this new credential and how N2K can help you prepare today, check out our blog@certify.cybervista.net blog and thanks.

B

At Thales they know cybersecurity can be tough and you can't protect everything. But with Thales, you can secure what matters most. With Thales industry leading platforms, you can protect critical applications, data and identities anywhere and at scale with the highest roi. That's why the most trusted brands and largest banks, retailers and healthcare companies in the world rely on Thales to protect what matters most applications, data and identity. That's Thales T H A L E S learn more@thalesgroup.com cyber a former defense contractor is charged with attempting to sell trade secrets to Russia. Researchers uncover critical vulnerabilities in TP link routers Microsoft patches a critical Windows Server update service flaw CISA issues eight new ICS advisories Shadow Escape targets LLM's database connections Halloween Theme Scams Spike Our guest is Chris Inglis, first National Cyber Director, speaking on cybercrime in the upcoming documentary on Cyber Midnight in the war room and WhatsApp's missing million dollar exploit. It's Friday, October 24th, 2025. I'm Dave Buettner and this is your Cyber Intel Briefing. Thanks for joining us here today and happy Friday. It is great as always to have you with us. We begin today with several stories related to Russia. Peter Williams, a former director at the trenchant division of defense contractor L3Harris Technologies, has been charged with stealing and attempting to sell trade secrets to a buyer in Russia, according to the U.S. justice Department. Prosecutors allege Williams, a 39 year old Australian, took seven trade secrets from two unidentified companies between April 2022 and August 2025. He resigned from L3Harris in August and is scheduled for arraignment and plea proceedings on October 29th in Washington. Federal court authorities are seeking $1.3 million in forfeiture, along with luxury goods and cryptocurrency accounts allegedly tied to the theft. L3Harris and Trenchant are not accused of wrongdoing. Trenchant, known for zero day vulnerability research, supports national security and defense cyber operations elsewhere. Russia's cybercriminal ecosystem is undergoing a major upheaval as law enforcement pressure, political control and international crackdowns reshape long standing dynamics. Operation Endgame in 2024 disrupted ransomware and money laundering networks, prompting Russia to make rare domestic arrests, signaling a shift from tolerance to selective enforcement. Leaked communications reveal coordination between cybercriminals and Russian intelligence, blurring the line between crime and statecraft. Within underground forums, mistrust is rising amid scams, infiltration fears and decentralized operations. At the same time, Western nations are escalating counter ransomware measures from payment bans to preemptive cyberstrikes. Recorded futures Insect Group concludes that Russia now actively manages cybercriminals, using them as geopolitical tools while balancing external pressure, internal control and strategic utility and wrapping up Russia A major cyber attack on Russia's agricultural watchdog Rossel Koznodor this week disrupted food shipments nationwide, the agency said. A large scale DDoS attack hit its Vet, IS and Saturn tracking systems, paralyzing product certification and logistics. For several hours. The Mercury platform required for electronic veterinary documents was unavailable, halting deliveries of dairy and baby food products. Authorities deny data compromise and say systems have resumed normal operation, though it's unclear if full restoration occurred. Forescout Research's Videra Labs discovered two critical vulnerabilities in TP link Omada and and Festa VPN routers that enable root access and remote code execution. The first Vulnerability is a WireGuard Private key sanitization flaw, permitting authenticated OS command injection. The second flaw exposes hidden CLI debug functionality that allows root SSH logins. Researchers rooted one of the devices by chaining the Web UI injection to create a missing debug file, then escalated via the debug backdoor. By analyzing bytecode variations and protocol implementations, they found additional potentially remote vulnerabilities across TP link families. Fixes are under coordinated disclosure and expected by the first quarter of next year. Forescout urges immediate patching, perimeter controls, hardened admin access and monitoring, and warns that recurring firmware patterns and support features routinely enable routing across network devices. Microsoft issued out of band updates to fix a critical Windows Server Update Service remote code execution flaw and warned customers to apply patches immediately. The vulnerability affects only Windows servers with the WSUS server Role enabled can be exploited remotely without user interaction and allows attackers to run code with system privileges, making it potentially wormable between WSUS servers. Administrators should install the cumulative OOB update and reboot or temporarily disable WSUS or block inbound ports 8530 and 8531. If patches cannot be applied right away, CISA has issued eight new Industrial Control Systems advisories. These cover vulnerabilities affecting control system products from major vendors including Schneider Electric, Hitachi Energy, Siemens and Delta Electronics. The notices emphasize that operators should review affected devices, apply patches, and follow the vendor recommended mitigations. CISA urges organizations to prioritize these updates. Given the critical role of ICS in infrastructure security, researchers at Operant AI have uncovered a new zero click attack dubbed Shadow Escape that exploits the Model Context Protocol, or MCP, used to connect large language models like ChatGPT and Gemini to company databases. The flaw allows attackers to hide malicious instructions in ordinary documents, triggering AI assistance to exfiltrate sensitive records such as Social Security numbers, financial data and medical files without user interaction or detection. Because the data theft occurs through legitimate MCP access inside corporate networks, traditional defenses can't see or stop it. Operant AI warns that trillions of records may already be at risk and urges organizations to audit AI integrations immediately to prevent silent data leaks from trusted internal systems. We are a week away from Halloween, and bitdefender Labs reports a worldwide spike in Halloween themed scams combining fake retail sales, giveaways, crypto offers and dating lures to trick users. 63% of these campaigns were phishing schemes impersonating major brands like Walmart, Amazon and Home Depot. Most originated from US Servers and targeted American consumers. On social media, scammers purchased meta ads to spread malware disguised as crypto rewards or brand deals. Bitdefender urges caution, advising users to verify links, avoid ad downloads, and treat seasonal free gifts with skepticism. Coming up after the break, my conversation with former National Cyber Director Chris Inglis. We're talking cybercrime and the upcoming documentary Midnight in the war room and WhatsApp's missing million dollar exploit. Stay with us. What's your 2am security worry? Is it do I have the right controls in place? Maybe? Are my vendors secure? Or the one that really keeps you up at night? How do I get out from under these old tools and manual processes? That's where Vanta comes in. Vanta automates the manual work so you can stop sweating over spreadsheets, chasing audit evidence and filling out endless questionnaires. Their trust management platform continuously monitors your systems, centralizes your data, and simplifies your security at scale and it fits right into your workflows. Using AI to streamline evidence collection, flag risks, and keep your program audit ready all the time. With Vanta, you get everything you need to move faster, scale confidently, and finally, get back to sleep. Get started@vanta.com cyber that's V A N T A dot com cyber and now a word from our sponsor. The Johns Hopkins University Information Security Institute is seeking qualified applicants for its innovative Master of Science in Security Informatics degree program. Study alongside world class interdisciplinary experts and gain unparalleled educational research and professional experience in information security and assurance. Interested U.S. citizens should consider the Department of Defense's Cyber Service Academy program, which covers tuition, textbooks and a laptop, as well as providing a $34,000 additional annual stipend. Apply for the fall 2026 semester and for this scholarship by February 28th. Learn more at CS JHU. Edu MSSI the folks at Cempras have produced a new documentary titled Midnight in the War Room. Chris Inglis, the first national Cyber Director, plays a key role in the documentary. Here's a preview.

C

It was clear that at that moment in time, the Chinese government was a fan of big data, that they were after all of it. And we suddenly realized that no one was safe.

A

The Chinese were burrowing deep into some of our most sensitive critical infrastructure. Water unavailable, trains derailed, comms severed, power going down.

C

Every single day. There's a war going on in cyberspace.

B

Cyber attacks aren't just taking offline.

C

Computers you can take out power grids.

B

Poisoning water, food supply chains. This war has been going on a long time. Countries like North Korea that are so.

C

Poor they have to feed their people with grass can build a nuclear weapons program based on stolen bitcoin infrastructure. Russia In China, their goal is to stay just below the threshold of kinetic war. In a dictatorship you target the dictator. In a democracy you target the people. Cuz you don't know anymore who is calling you. You don't know who's emailing you because all of these things can be spoofed or faked.

B

When you think you're the safest, that's.

C

Usually when something is going to go wrong. People are going to die and they'll do it without ever firing a shot. You're in the war room at midnight. Something's gone wrong.

B

But we're not going to stop fighting. Chris Inglis was the first national cyber director here in the U.S. i recently caught up with him to discuss cybercrime and the upcoming documentary on Midnight in the War Room, presented by Sempras. So today we're talking about the new documentary, Midnight in the War Room. I'd love to start off with some high level stuff. What originally attracted you to this documentary and made you want to participate?

C

Well, when the documentaries producers came to me and said that they wanted to tell the story about what was going on in digital infrastructure, what we all call cyberspace, and to address the complacency that the society and others has about what's going on, I thought it was a wonderful opportunity to actually shed some light into that space. Because I think that while there are many threats that are coursing through cyberspace, from criminals to rogue nation states, the greatest threat is complacency. Either a lack of understanding or a willful ignorance of what's going on.

B

Can we dig into that? I mean, in this current moment, where do you suppose we find ourselves as a society?

C

I think we're on our back foot. We are massively dependent on digital infrastructure for all the right reasons. It delivers efficiency, effectiveness, and so many things that we couldn't otherwise accomplish in a physical day. But at the same time, that dependence is something that criminals and rogue nation states are taking advantage of, holding us at risk. Because of that dependence, we can have our cake and eat it too, if we make the necessary investments in digital infrastructure, cyberspace. But we haven't not made those investments in terms of the inherent resilience of the technology and the skills of the people. Not just IT and cyberspecialists, but everybody who uses that space and in the doctrine or the allocation of roles, responsibilities, understanding who's responsible for what.

B

What do you suppose is holding us back now from the proper investment in those areas?

C

Several things hold us back, not least of which is the technology is moving so fast, it's hard enough to figure out what the next innovation is, to then deploy that at scale so that it has some efficiency in the marketplace without worrying about the third leg under the stool, which is inherent resilience and robustness. For 50 years of the Internet, we've always promised ourselves that once we innovate the next iteration of the technology and deploy it, we'll then put an overlay on it that makes it safe, resilient and robust. But we never come back because we keep going forward. The second thing that makes it hard to get our arms around this is that the weaknesses are in cities. I don't mean by that that they're always malevolent, but they come on so slowly or they're so subtle that we just don't recognize them for what they are. It's not the kind of physical reality of an automobile crash or a bomb sitting at your street corner. However fantastic that may seem, if you saw it, you would immediately react to it. The sorts of things that are hazards in cyberspace are hard to see until you experience them. And even then they emerged so slowly. Perhaps the third and most pernicious issue is that there's a broad expectation that people who have IT or cyber in their job title are going to take care of this for us, that they will remove the risk before we encounter it. Many of the risks are established by the people who use the technology. Clicking on links and emails is still a very unpopular form of ransomware attacks. And that's not something that an IT or cyber specialist can step in and manage by restricting you from doing that at the moment you touch the keyboard. And so the skills and the complacency on the part of the ordinary garden variety users, of which I'm one, is oftentimes the biggest weakness in this space.

B

Well, how do we balance the necessity to educate and empower people with the technical backdrop that they need to protect them as well?

C

I think first we need to meet the people who need to make the changes where they are. We should no longer kind of bang on about, we need to get serious about cyber or cybersecurity. We should talk more plainly about what they already care about. I care about following my grandchildren on social media. I care about banking online. I care about in my business accessing markets that I can't get to in a physical day. All of that then motivates me to understand and to make the necessary investments in the assets that make make that possible. Digital infrastructure, cyberspace, the Internet, that's a very critical asset to all of that. So we need to flip the script. There's a great question that's often asked at this moment and it's a little bit wolf fog and also the line of flow of our discussion, but it's why do race cars have bigger brakes? They have bigger brakes so they can go faster. It's about the performance of the car. We shouldn't focus on the brakes, we should focus on the performance of the car. That's what motivates us to then keep the car in good condition, put the right brakes on it, maybe to put seat belts in it, their safety bags in it. But let's focus for a change on what it is people already care about and Then help them understand what they can do to actually ensure that digital infrastructure meets their expectations. We talk about password management, we've talked about understanding what happens when we click on a link in an email. But we need to make that more personal, more real to them by never talking about cybersecurity for its own sake, but rather for the conduct of the things they want to do in cyberspace, for the reasons they already care.

B

In your estimation, how vulnerable is our critical national infrastructure?

C

In a word, very. I would just take something called Volt Typhoon. It's a term that's been applied to a Chinese government initiative that has inserted malware into our critical infrastructure. And that malware has one purpose, in the case of Volt Typhoon, that particular actor within the Chinese government, and that is to hold that critical infrastructure at risk. There's a great dependence of critical infrastructure. The water flows, the electrical flows, telecommunications. There's a great dependence of that on digital infrastructure. If the software, the hardware and the data stores work well, then critical infrastructure meets our expectations. If they don't, then critical infrastructure doesn't meet our expectations. We're recording this just a couple of days after Amazon Web Services had a global problem where massively customers are used that would not access that. Now, I don't think that that's going to be found to be attributable to a particular actor, a malicious actor, but it shows the kind of dependence we have on critical infrastructure, that when it works, it's an out of sight, out of mind. We never complain about it. When it doesn't work, we suddenly wonder what is the nature of our dependence on that and what made that fit. We need to think about that beforehand. So I think that our critical infrastructure, being so dependent upon digital infrastructure, the Internet plus, is something that we need to think through and get it into the right place. Now, I would offer that we've done this before. If you think about the automobile transportation system, which is not without its risks, we've done a lot of investment to make sure that the cars, the devices that we use, have safety features built in. We've done a lot of work to make sure that the road systems have safety features built in, in terms of the width of the road, the signage on the road, even the kind of the surface of that road. We've done a lot of work to govern those spaces by making sure that we find and pull off scooters or drunk drivers or people who text while they drive. And we've levied some degree of responsibility on the drivers themselves so that they Understand what their role is, to get safely from place A to place B. And it's possible to do that such that you don't obsess about what the risks are. As you drive your car down the highway, you think about what your role is alongside all the other roles that have been accounted for, so that you can have every expectation that if you do the right thing, that you've got a very, very, very high probability of getting no safer. We don't have that same confidence in cyberspace. We've done none of that foundational work.

B

We're seeing significant cuts to cybersecurity related agencies in the federal government these days. What's your reaction to that?

C

I think it's an own goal. It's an unfortunate issue at the moment. I would give the administration credit for this, which is it is recognized that cyber cybersecurity, again, if I were to flip that script, it's recognized that our dependence on digital infrastructure means that we have to have serious people in the roles that are applying government efforts to help make that a better thing. So when you look at the US National Cyber Directorate, the nominated director of the Cybersecurity Infrastructure Security Agency, the serving director of the FBI component, all of those are serious people who, when I listen to them, understand the nature of this and fully intend to apply the resources they do have to helping the private sector get this right. So give the administration credit in that regard. But the downsizing, which is not focused on downsizing cyber or cybersecurity, it's focused on a broad range of other issues, has the collateral effect, the unfortunate collateral effect of taking some of these resources out at the very moment that we should be investing in them and upsizing them. So it's a mixed bag, I would say, in the main, with the resources that are there, I have every confidence that they will make a difference that matters. But we need more.

B

Getting back to the documentary Midnight in the War Room, what do you hope viewers take away from it?

C

A sense that this matters to them. Not because we're getting them to care about a problem that belongs to somebody else, but we're getting them to care about an issue, a strategic resource that they already value. They just didn't know that it was chucked inside things that they care about. So if there's one issue that I worry about more than any other at this moment in time with respect to our lives, US and nations of like mind, is that our reliance on critical functions which are in turn reliant on digital infrastructure, that reliance is not, well, understood and it's not well defended. And so my hope in this picture, this full length motion picture, which is a documentary, is that we shed some light on this, such that people begin to realize what hangs in the balance and what they might do to make a difference to it. Kind of on the far side of that. One of my favorite quotes is from a guy named Edmund Burke who lived two centuries ago. He was a British or an Irish statesman in the British Parliament. One of the great tragedies in life is doing nothing when you can only do a little. Each of us can do a little. Some of us might do more than a little, but each of us can do a little. And that can, in sum, add up to where each of us makes a contribution to the defense of all of us. Because we're not all addressing similar challenges or similar issues in our use of digital infrastructure. We're all addressing the exact same challenge, often challenged by the exact same adversary, whether that's a criminal or a rogue nation. And so my hope is that this picture can help people understand what the nature of that is and mobilize them to make that small contribution, however small, that will make a positive difference in the collective defense of something valuable to all of us.

B

Our thanks to Chris Inglis for joining us. The documentary is titled Midnight in the War Room. It's presented by Sempras. We'll have a link in the show. Notes.

A

When did making plans get this complicated? It's time to streamline with WhatsApp, the secure messaging app that brings the whole group together. Use polls to settle dinner plans, send event invites and pin messages so no one forgets mom's 60th and never miss a meme or milestone. All protected with end to end encryption. It's time for WhatsApp message privately with everyone.

B

Learn more@WhatsApp.com this episode is brought to you by Indeed. When your computer breaks, you don't wait for it to magically start working again. You fixed the problem, so why wait to hire the people your company desperately needs? Use Indeed sponsored jobs to hire top talent fast and even better. You only pay for results. There's no need to wait. Speed up your hiring with a $75 sponsored job credit@ Indeed.com podcast terms and conditions.

C

Appreciate.

B

And finally PWN to own. Ireland 2025 had everything. Record payouts, routers laid bare and printers brought to their digital knees. But what really got the crowd talking was what didn't happen. A researcher known only as Eugene poised to unveil a million dollar zero click. WhatsApp exploit pulled out at the last minute. Officially, it was due to travel complications. Unofficially, folks wonder if the exploit just wasn't ready for its close up. Trend Micro's Zero Day initiative said Meta will still get a private peak, while everyone else is left with only 73 other zero days, a million dollars in payouts, and a lingering sense of what might have been Sometimes, in cybersecurity, as in show business, the biggest headline is the one that never hits the stage. And that's the Cyberwire. For links to all of today's stories, check out our daily briefing at the cyber cyberwire.com be sure to check out this weekend's Research Saturday and my conversation with Noah Moshe, Clarity's Vulnerability Research Team lead. We're discussing their work turning camera surveillance on its axis. That's Research Saturday. Check it out. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music by Elliot Peltzman. Our executive producer is Jennifer Ivan. Peter Kilpe is our publisher and I die Dave Bittner. Thanks for listening. We'll see you back here next week. And Doug, here we have the Limu Emu in its natural habitat, helping people customize their car insurance and save hundreds with Liberty Mutual. Fascinating. It's accompanied by his natural ally, Doug. Limu is that guy with the binoculars watching us.

C

Cut the camera.

B

They see us. Only pay for what you need@liberty mutual.com Liberty Liberty Liberty Liberty Savings Fairy underwritten by Liberty Mutual Insurance company and affiliates excludes Massachusetts Cyber Innovation Day is the premier event for cyber startups, researchers and top VC firms, firms building trust into tomorrow's digital world. Kick off the day with unfiltered insights and panels on securing tomorrow's technology. In the afternoon, the 8th annual DataTribe Challenge takes center stage as elite startups pitch for exposure, acceleration and funding. The Innovation Expo runs all day, connecting founders, investors and researchers around breakthroughs in cybersecurity. It all happens November 4th in Washington, D.C. discover the startups building the future of cyber. Learn more at CID datatribe.com.