CyberWire Daily — "When the breachers get breached."

Date: October 10, 2025
Host: Dave Bittner (A)
Guest: Jason Manar, CISO of Kaseya (B)

Episode Overview

This episode delivers a rapid-fire pulse of critical cybersecurity news: from law enforcement's takedown of major data breach forums, to the latest wave of vulnerabilities, and industry trends toward AI and microsegmentation. The episode’s centerpiece is a wide-ranging conversation with Jason Manar (CISO, Kaseya), who shares his nuanced perspective on the lag between policy and technology, the challenge of public-private partnerships, and what true cyber cooperation could look like at the national level. The episode ends with a moment of hacker schadenfreude: pro-Russian hacktivists gleefully celebrating a water facility breach, only to discover they’d been duped by a honeypot.

Key News and Analysis

International Law Enforcement Shuts Down Breach Forums

[00:35 - 02:10]

The FBI and French police seized Breach Forums domains, a prominent leak site for corporate data run by "Shiny Hunters."
Notable Insight: Shiny Hunters confirmed the compromise via a PGP-signed Telegram post, stating forum backup and escrow data from 2023 onward is now lost and warning that new forums will almost certainly become law enforcement honeypots.
Despite the seizure, Shiny Hunters' dark web leak site remains online and claims to hold over a billion stolen Salesforce records.
Quote: “The takedown exposes historic forum data and signals closer global cooperation. Still, organizations face looming risk...” (A, 01:50)

Linked Attacks on Major Network Device Vendors

[02:11 - 04:10]

Research by GreyNoise ties exploitation campaigns against Cisco, Palo Alto, and Fortinet devices to shared IP subnets—indicating likely threat actor overlap.
A 500% spike in scanning of Palo Alto GlobalProtect portals, and brute force attacks against Fortinet VPNs mirror known patterns that often precede disclosure of new vulnerabilities.
“80% of such spikes precede new firewall or VPN vulnerabilities by about six weeks...” (A, 03:40)
Call to action: Organizations should harden defenses and proactively block brute-forcing IPs.

Juniper Networks: Massive Patch Dump

[04:11 - 04:55]

Juniper released patches for over 200 vulnerabilities—nine of them critical, including admin command execution flaws and backdoor risks.
No exploitation is reported, but enterprises (especially in Europe) urged to update immediately.

Major Bug Bounty Changes from Apple & Google

[04:56 - 06:13]

Apple doubles top bug bounty payout to $2 million (or $5 million for severe cases), expanding into new exploit categories and rights group protections.
- Quote: “The expansion underscores the company’s push to incentivize high impact vulnerability research.” (A, 05:18)
Google launches an AI Vulnerability Reward Program (VRP) with up to $30,000 rewards for bugs impacting AI-driven products.

AI in AppSec: Hype Meets Reality

[06:14 - 07:27]

Fastly survey: 90% of security leaders are deploying AI for application security, but one-third act on AI findings without human review.
- Only 22% rate AI’s accuracy as “excellent”; frequent inaccuracies and false positives remain a concern.
“Success will depend on reducing false positives and integrating AI effectively to avoid AI shelfware.” (Marshall Irwin, paraphrased by A, 07:20)

Microsegmentation as a Ransomware Defense

[07:28 - 08:20]

Akamai report: Organizations adopting microsegmentation cut ransomware containment times by 33% and often receive better cyber insurance premiums.
Only 35% of organizations have network-wide microsegmentation; common barriers include complexity and resistance.

New Botnet: Rondodocs

[08:21 - 09:16]

Trend Micro finds the “Rondodocs” botnet exploiting over 50 vulnerabilities across 30+ vendor devices—ranging from routers to DVRs and web servers.
Active since mid-2025, Rondodocs now spreads via “loader-as-a-service” models, mimicking gaming platforms and VPNs to evade detection.

Unpatched Ivanti Endpoint Manager Flaws

[09:17 - 10:29]

Trend Micro discloses 13 unpatched Ivanti flaws (one local privilege escalation, twelve RCEs), all lacking CVEs.
- No evidence of active exploitation, but high severity; patching delayed until March next year.

Feature Interview: Jason Manar (CISO, Kaseya) on National Cybersecurity Partnerships

Policy and Legislative Lag

[13:35 - 16:15]

Manar points out that Congress has not kept up with cybersecurity’s evolving complexities—citing the lack of mandatory reporting requirements and conventions that other countries or sectors possess.
Quote: “I am still amazed that we don’t have certain mandatory reporting requirements or some type of standard that the government has...” (B, 13:55)
Bemoans how cyber legislative priorities change every few years, often shifting away from promising nascent efforts like CISA’s initial mission.

Political Fragmentation in Cybersecurity

[15:15 - 16:15]

Host reflects on cybersecurity’s former bipartisan status, now slipping into political friction.
“Everyone agreed this was important for our national security ... the past couple of years that's kind of drifted away, ... we lost a little of our innocence? Is that fair to say?” (A, 15:45)
Manar agrees, echoing how government “silos” view cyber threats differently, with those on the frontlines having a deeper, more urgent perspective.

Legislative Inertia Versus Technological Velocity

[18:11 - 19:41]

Discussion turns to Congress’s inability to move as quickly as cyber threats evolve.
- Quote: “We need to give a lot more bandwidth to thinking about how we’re protecting ... through public and private partnerships.” (B, 19:06)
Manar stresses the necessity of true public-private collaborations that go beyond compliance, emphasizing “moving the needle” for both national and business interests.

Building Meaningful Collaboration

[19:42 - 21:55]

What could effective cooperation look like? Manar says it must start with open, ongoing dialogue.
- Praises efforts by CISA and FBI to convene cross-sector groups, referencing past RMM security standards development as a model.
- Quote: “The way that I think you get everyone involved is if you get all stakeholders in a room...” (B, 20:13)
Highlights need for technical experts at the table to avoid well-intentioned but problematic regulation.
- “Some of the best intended legislation ... can lead to adverse consequences. And that's where we don't want to be.” (B, 22:31)

Is There Political Will?

[22:48 - 24:39]

Manar is cautiously optimistic, citing relationships with major companies that still yield results a decade later.
Admits some promising initiatives at CISA and DHS have faded, but continues to advocate for MSPs and SMBs.
- Memorable admission: “I’ll be going to D.C. ... seeing if those things potentially even exist, and I’m just unaware.” (B, 23:46)

Closing Story: When Hackers Hit a Honeypot

[25:20 - 26:35]

Pro-Russian group “twonet” boasts of compromising a Dutch water facility, having actually hacked a honeypot erected by Forscout.
Researchers watched as the group “defaced a login page, disabled alarms, and generally made mischief ... all in a sandbox.”
Quote: “Forscout says the incident illustrates how novice hacktivists are increasingly poking at industrial systems they barely understand. Mistaking honeypots for heroics...” (A, 26:12)
Takeaway: Moments like this highlight both progress in cyber defense deception and the growing risk of industrial attack attempts, even if by amateur groups.

Notable Quotes & Moments

On the forum takedown:
- “Shiny Hunters acknowledged the loss in a PGP signed telegram post ... warning that such platforms have become law enforcement honeypots.” (A, 01:30)
On political change:
- “Unlike some of our adversaries ... we change every 4 or 8 years. Initiatives shift ... the mission of CISA has changed.” (B, 13:55)
On lawmaking:
- “Many times [prosecutors] are using financial fraud laws ... RICO laws ... that aren’t necessarily specific, because all that we have is one law that was passed back in ... the 80s on the books, at least federally for cybersecurity.” (B, 17:29)
On public/private engagement:
- “You have not only people from the top sectors within business, but ... legislative team ... cyber warfare folks ... agencies ... trying to come up with that 40 trillion dollar answer, if you will.” (B, 21:41)
On real-world consequences:
- “Some of the best intended legislation ... can lead to adverse consequences. And that's where we don't want to be.” (B, 22:36)
On honeypot lessons:
- “So it turns out the hack of the year was really just a splash in a very well monitored puddle.” (A, 26:28)

Timestamps for Major Segments

Law Enforcement and Breach Forums: 00:35–02:10
Network Device Exploitation Campaigns: 02:11–04:10
Juniper Network Vulnerabilities: 04:11–04:55
Apple & Google Bug Bounties: 04:56–06:13
AI in AppSec (Fastly): 06:14–07:27
Microsegmentation (Akamai): 07:28–08:20
Rondodocs Botnet: 08:21–09:16
Ivanti Unpatched Flaws: 09:17–10:29
Interview with Jason Manar: 13:35–24:39
Honeypot Hijinks – Twonet: 25:20–26:35

Conclusion

A dense, expertly paced episode highlighting the rapid flux and perennial lag in cybersecurity: from the international crackdown on leak forums and surging DDoS botnets, to the hard truths facing public-private sector alliances. Jason Manar’s nuanced, candid observations bridge technical realities and legislative inertia, providing a template for listeners eager to understand how national security and business interests can ultimately align—if dialogue and technical input take priority. The show closes with a tongue-in-cheek honeypot tale, reminding listeners of both cyber defense ingenuity and the enduring reality of blundering adversaries.

CyberWire Daily — "When the breachers get breached."

Date: October 10, 2025
Host: Dave Bittner (A)
Guest: Jason Manar, CISO of Kaseya (B)

Episode Overview

Key News and Analysis

International Law Enforcement Shuts Down Breach Forums

[00:35 - 02:10]

The FBI and French police seized Breach Forums domains, a prominent leak site for corporate data run by "Shiny Hunters."
Notable Insight: Shiny Hunters confirmed the compromise via a PGP-signed Telegram post, stating forum backup and escrow data from 2023 onward is now lost and warning that new forums will almost certainly become law enforcement honeypots.
Despite the seizure, Shiny Hunters' dark web leak site remains online and claims to hold over a billion stolen Salesforce records.
Quote: “The takedown exposes historic forum data and signals closer global cooperation. Still, organizations face looming risk...” (A, 01:50)

Linked Attacks on Major Network Device Vendors

[02:11 - 04:10]

Research by GreyNoise ties exploitation campaigns against Cisco, Palo Alto, and Fortinet devices to shared IP subnets—indicating likely threat actor overlap.
A 500% spike in scanning of Palo Alto GlobalProtect portals, and brute force attacks against Fortinet VPNs mirror known patterns that often precede disclosure of new vulnerabilities.
“80% of such spikes precede new firewall or VPN vulnerabilities by about six weeks...” (A, 03:40)
Call to action: Organizations should harden defenses and proactively block brute-forcing IPs.

Juniper Networks: Massive Patch Dump

[04:11 - 04:55]

Juniper released patches for over 200 vulnerabilities—nine of them critical, including admin command execution flaws and backdoor risks.
No exploitation is reported, but enterprises (especially in Europe) urged to update immediately.

Major Bug Bounty Changes from Apple & Google

[04:56 - 06:13]

Apple doubles top bug bounty payout to $2 million (or $5 million for severe cases), expanding into new exploit categories and rights group protections.
- Quote: “The expansion underscores the company’s push to incentivize high impact vulnerability research.” (A, 05:18)
Google launches an AI Vulnerability Reward Program (VRP) with up to $30,000 rewards for bugs impacting AI-driven products.

AI in AppSec: Hype Meets Reality

[06:14 - 07:27]

Fastly survey: 90% of security leaders are deploying AI for application security, but one-third act on AI findings without human review.
- Only 22% rate AI’s accuracy as “excellent”; frequent inaccuracies and false positives remain a concern.
“Success will depend on reducing false positives and integrating AI effectively to avoid AI shelfware.” (Marshall Irwin, paraphrased by A, 07:20)

Microsegmentation as a Ransomware Defense

[07:28 - 08:20]

Akamai report: Organizations adopting microsegmentation cut ransomware containment times by 33% and often receive better cyber insurance premiums.
Only 35% of organizations have network-wide microsegmentation; common barriers include complexity and resistance.

New Botnet: Rondodocs

[08:21 - 09:16]

Trend Micro finds the “Rondodocs” botnet exploiting over 50 vulnerabilities across 30+ vendor devices—ranging from routers to DVRs and web servers.
Active since mid-2025, Rondodocs now spreads via “loader-as-a-service” models, mimicking gaming platforms and VPNs to evade detection.

Unpatched Ivanti Endpoint Manager Flaws

[09:17 - 10:29]

Trend Micro discloses 13 unpatched Ivanti flaws (one local privilege escalation, twelve RCEs), all lacking CVEs.
- No evidence of active exploitation, but high severity; patching delayed until March next year.

Feature Interview: Jason Manar (CISO, Kaseya) on National Cybersecurity Partnerships

Policy and Legislative Lag

[13:35 - 16:15]

Manar points out that Congress has not kept up with cybersecurity’s evolving complexities—citing the lack of mandatory reporting requirements and conventions that other countries or sectors possess.
Quote: “I am still amazed that we don’t have certain mandatory reporting requirements or some type of standard that the government has...” (B, 13:55)
Bemoans how cyber legislative priorities change every few years, often shifting away from promising nascent efforts like CISA’s initial mission.

Political Fragmentation in Cybersecurity

[15:15 - 16:15]

Host reflects on cybersecurity’s former bipartisan status, now slipping into political friction.
“Everyone agreed this was important for our national security ... the past couple of years that's kind of drifted away, ... we lost a little of our innocence? Is that fair to say?” (A, 15:45)
Manar agrees, echoing how government “silos” view cyber threats differently, with those on the frontlines having a deeper, more urgent perspective.

Legislative Inertia Versus Technological Velocity

[18:11 - 19:41]

Discussion turns to Congress’s inability to move as quickly as cyber threats evolve.
- Quote: “We need to give a lot more bandwidth to thinking about how we’re protecting ... through public and private partnerships.” (B, 19:06)
Manar stresses the necessity of true public-private collaborations that go beyond compliance, emphasizing “moving the needle” for both national and business interests.

Building Meaningful Collaboration

[19:42 - 21:55]

What could effective cooperation look like? Manar says it must start with open, ongoing dialogue.
- Praises efforts by CISA and FBI to convene cross-sector groups, referencing past RMM security standards development as a model.
- Quote: “The way that I think you get everyone involved is if you get all stakeholders in a room...” (B, 20:13)
Highlights need for technical experts at the table to avoid well-intentioned but problematic regulation.
- “Some of the best intended legislation ... can lead to adverse consequences. And that's where we don't want to be.” (B, 22:31)

Is There Political Will?

[22:48 - 24:39]

Manar is cautiously optimistic, citing relationships with major companies that still yield results a decade later.
Admits some promising initiatives at CISA and DHS have faded, but continues to advocate for MSPs and SMBs.
- Memorable admission: “I’ll be going to D.C. ... seeing if those things potentially even exist, and I’m just unaware.” (B, 23:46)

Closing Story: When Hackers Hit a Honeypot

[25:20 - 26:35]

Pro-Russian group “twonet” boasts of compromising a Dutch water facility, having actually hacked a honeypot erected by Forscout.
Researchers watched as the group “defaced a login page, disabled alarms, and generally made mischief ... all in a sandbox.”
Quote: “Forscout says the incident illustrates how novice hacktivists are increasingly poking at industrial systems they barely understand. Mistaking honeypots for heroics...” (A, 26:12)
Takeaway: Moments like this highlight both progress in cyber defense deception and the growing risk of industrial attack attempts, even if by amateur groups.

Notable Quotes & Moments

On the forum takedown:
- “Shiny Hunters acknowledged the loss in a PGP signed telegram post ... warning that such platforms have become law enforcement honeypots.” (A, 01:30)
On political change:
- “Unlike some of our adversaries ... we change every 4 or 8 years. Initiatives shift ... the mission of CISA has changed.” (B, 13:55)
On lawmaking:
- “Many times [prosecutors] are using financial fraud laws ... RICO laws ... that aren’t necessarily specific, because all that we have is one law that was passed back in ... the 80s on the books, at least federally for cybersecurity.” (B, 17:29)
On public/private engagement:
- “You have not only people from the top sectors within business, but ... legislative team ... cyber warfare folks ... agencies ... trying to come up with that 40 trillion dollar answer, if you will.” (B, 21:41)
On real-world consequences:
- “Some of the best intended legislation ... can lead to adverse consequences. And that's where we don't want to be.” (B, 22:36)
On honeypot lessons:
- “So it turns out the hack of the year was really just a splash in a very well monitored puddle.” (A, 26:28)

Timestamps for Major Segments

Law Enforcement and Breach Forums: 00:35–02:10
Network Device Exploitation Campaigns: 02:11–04:10
Juniper Network Vulnerabilities: 04:11–04:55
Apple & Google Bug Bounties: 04:56–06:13
AI in AppSec (Fastly): 06:14–07:27
Microsegmentation (Akamai): 07:28–08:20
Rondodocs Botnet: 08:21–09:16
Ivanti Unpatched Flaws: 09:17–10:29
Interview with Jason Manar: 13:35–24:39
Honeypot Hijinks – Twonet: 25:20–26:35

When the breachers get breached.

Powered by Wave AI

Summary

CyberWire Daily — "When the breachers get breached."

Episode Overview

Key News and Analysis

International Law Enforcement Shuts Down Breach Forums

Linked Attacks on Major Network Device Vendors

Juniper Networks: Massive Patch Dump

Major Bug Bounty Changes from Apple & Google

AI in AppSec: Hype Meets Reality

Microsegmentation as a Ransomware Defense

New Botnet: Rondodocs

Unpatched Ivanti Endpoint Manager Flaws

Feature Interview: Jason Manar (CISO, Kaseya) on National Cybersecurity Partnerships

Policy and Legislative Lag

Political Fragmentation in Cybersecurity

Legislative Inertia Versus Technological Velocity

Building Meaningful Collaboration

Is There Political Will?

Closing Story: When Hackers Hit a Honeypot

Notable Quotes & Moments

Timestamps for Major Segments

Conclusion

Summary

CyberWire Daily — "When the breachers get breached."

Episode Overview

Key News and Analysis

International Law Enforcement Shuts Down Breach Forums

Linked Attacks on Major Network Device Vendors

Juniper Networks: Massive Patch Dump

Major Bug Bounty Changes from Apple & Google

AI in AppSec: Hype Meets Reality

Microsegmentation as a Ransomware Defense

New Botnet: Rondodocs

Unpatched Ivanti Endpoint Manager Flaws

Feature Interview: Jason Manar (CISO, Kaseya) on National Cybersecurity Partnerships

Policy and Legislative Lag

Political Fragmentation in Cybersecurity

Legislative Inertia Versus Technological Velocity

Building Meaningful Collaboration

Is There Political Will?

Closing Story: When Hackers Hit a Honeypot

Notable Quotes & Moments

Timestamps for Major Segments

Conclusion