Summary5 min read

Risky Bulletin: White House to Keep CyberCom and NSA Dual Role

Podcast: Risky Bulletin by risky.biz
Date: September 10, 2025
Host: Claire Aird (prepared by Catalin Cimpanu)

Episode Overview

This episode offers a fast-paced round-up of the week’s major cybersecurity news. Topics include the U.S. government's decision to retain joint leadership for Cyber Command and the NSA, high-profile arrests and indictments, supply chain attacks, ransomware incidents, global internet censorship efforts, and significant tech security updates.

Key Discussion Points & Insights

1. White House to Keep CyberCom and NSA ‘Dual Hat’ Leadership

[00:07] The White House has quietly decided not to split the command structure of U.S. Cyber Command and the National Security Agency.
Officials found that separating the two would be “too lengthy and complex.” LTG William Hartman is expected to be nominated to lead both agencies.

2. CISA Delays Critical Infrastructure Reporting Rules

[00:33] The Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) will not go into effect next month as planned.
Final details now expected around May 2026; the rule mandates reporting of ransomware and other cyber incidents by critical infrastructure operators.

3. US Terminates Disinformation Countermeasures with Europe

[00:51] The U.S. has ended several international agreements aimed at countering disinformation from countries like Russia, China, and Iran.
The termination follows the shutdown of the State Department’s Global Engagement Center.

4. FCC Crackdown on Chinese Testing Labs

[01:09] The FCC revoked the authorization of seven China-based electronics testing labs over national security worries relating to device certification and the US Cyber Trust Mark.

5. ICE Invests in Surveillance & Spyware

[01:28] U.S. Immigration and Customs Enforcement (ICE) will spend up to $10M for Clearview AI facial recognition software to identify suspects assaulting agents.
Also renewing contracts with spyware vendors Paragon, Cellebrite, Magnet, and Penlink.

6. Major Ransomware Arrests & Sanctions

[02:12] The DOJ indicted Volodymyr Viktorovich (aka Deadforce & Far Network), an administrator for major ransomware operations including LockerGoga, MegaCortex, and Nephilim.
Accused of hacking 250+ U.S. organizations, hundreds globally. FBI offers $10M reward for information.
[02:43] U.S. Treasury sanctions crypto-scam operators in Myanmar and Cambodia, linking crime to regional breakaway military forces.

7. Significant Supply Chain & Cryptocurrency Attacks

[03:09] Attackers compromised 27 npm libraries to intercept crypto transactions, using phishing aimed at developer 2FA resets.
The packages had over 2 billion weekly downloads, but were taken down within an hour thanks to quick detection.
[05:24] Hackers exploited Swissborg’s API partner, stealing $41M in Solana tokens (2% of total funds). Swissborg promises reimbursements.

8. Cybercrime Against Public Figures and Businesses

[04:09] Hackers leaked 2,000+ emails from former UK PM Boris Johnson, spanning 2019–2022, possibly as a foreign influence operation.
[04:53] Jeremy Clarkson’s pub lost £27,000 due to hackers breaching its accounting system.
[05:03] SafePay ransomware hit Ireland’s K Club days before the Irish Open; tournament went on as planned.

9. Large-Scale Data Breaches

[05:14] A hacking group claims to have compromised Vietnam’s national Credit Information Centre, stealing 160 million sensitive records.

10. Global Internet Censorship Updates

[03:48] Nepal ended its ban on 26 social networks after violent protests. The ban was seen as an anti-corruption crackdown; 22 people died, and the PM resigned.

11. Platform Security Responses

[05:50] Plex streaming service reset all user passwords after a database breach. Hackers accessed emails, usernames, and password hashes.
[06:09] Apple announced “Memory Integrity Enforcement” with iPhone 17—a new hardware/software feature designed to improve memory safety.
- “Apple’s security team said it worked on the design for half a decade.”
[06:44] Adobe patched a critical Magento/Commerce vulnerability called “session reaper,” allowing code execution and store takeover. Immediate patching urged.

12. Legal Action Against Major Tech Companies

[06:21] Former Meta security chief Attala Baig sues the company for wrongful termination, claiming leadership ignored WhatsApp vulnerabilities and privacy issues.
- “More than 1,500 WhatsApp engineers had unrestricted access to user data... The app’s security team was too small, with just 10 engineers.”
- Baig claims he was fired in retaliation for whistleblowing.

13. China’s Export of Censorship Technology

[06:35] Gueege Networks, linked to China’s Academy of Sciences, is exporting national censorship firewalls to Kazakhstan, Ethiopia, Pakistan, and Myanmar—as revealed by 100,000+ internal leaked documents.

14. New Consumer-Friendly Security Features

[07:02] Signal now allows users to create secure, end-to-end encrypted conversation backups, retained for up to 45 days, with options for extension. Recovery keys are generated device-side.

Notable Quotes & Memorable Moments

“The White House will keep the CyberCom and NSA dual hat leadership arrangement... Splitting the dual hat arrangement would prove too lengthy and complex.” — Claire Aird [00:07]
“The US Department of Justice has charged the administrator of the LockerGoga, MegaCortex, and Nephilim ransomware groups... He used the online handles Deadforce and Far Network.” — Claire Aird [02:12]
“A threat actor has compromised 27 npm libraries... The compromised packages had more than 2 billion weekly downloads.” — Claire Aird [03:09]
“Apple has shipped a new security feature named Memory Integrity Enforcement... Apple’s security team said it worked on the design for half a decade.” — Claire Aird [06:09]
“Attala Baig claims the company ignored repeated warnings about WhatsApp vulnerabilities and privacy violations... More than 1,500 WhatsApp engineers had unrestricted access to user data.” — Claire Aird [06:21]

Major Timestamps Guide

| Timestamp | Segment Description | |-----------|--------------------------------------------------------------| | 00:07 | White House CyberCom/NSA leadership update | | 00:33 | CISA delays incident reporting rules for critical infrastructure | | 01:28 | ICE contracts with Clearview AI & spyware vendors | | 02:12 | U.S. ransomware indictments (Deadforce/Far Network) | | 03:09 | npm supply chain compromise (2B weekly downloads impacted) | | 04:09 | Boris Johnson email leak | | 05:14 | Vietnam national credit data breach (160M records claimed) | | 05:50 | Plex password reset after data breach | | 06:09 | Apple’s Memory Integrity Enforcement (MIE) | | 06:44 | Adobe Magento/Commerce ‘session reaper’ vulnerability | | 07:02 | Signal introduces secure backups |

Conclusion

This Risky Bulletin edition covered a broad spectrum of global cyber events, from high-level U.S. policy decisions to technical security vulnerabilities and criminal incidents. Noteworthy is the growing intertwining of cybersecurity with geopolitics, law enforcement, and consumer tech innovation. The episode stands out for its brisk yet comprehensive rundown, delivering key facts, government actions, and critical vulnerabilities of the week.

Loading summary

Transcript1 lines

[00:05]
A
The White House will keep the cybercom and NSA dual hat leadership arrangement. The US charges a major ransomware figure, Apple ships a memory safety protection feature, and yet another supply chain attack hits the NPM world. This is the risky bulletin prepared by Catalyn Kim Panu and read by me, Claire aird. Today is the 10th of September and this podcast episode is brought to you by Trail of Bits. The Trump administration will not separate the leadership of U.S. cyber Command and the National Security Agency. According to the record, officials quietly accepted that splitting the dual hut arrangement would prove too lengthy and complex. The White House is expected to nominate Army Lt. Gen. William Hartman to lead both agencies. In other news, CISA is expected to delay the Cyber Incident Reporting for Critical Infrastructure Act C Cirsia will require critical infrastructure operators to report ransomware and cybersecurity incidents to the agency. It was due to go into effect next month when CISA was expected to publish the final details. Those details are now expected around May next year. The US has terminated agreements with European countries to counter disinformation from adversaries like Russia, China and Iran. The agreements were signed last year by the Biden administration. They were managed by the Global Engagement Centre, a division of the State Department that shut down earlier this year. The FCC has revoked authorisation for seven China based electronics testing labs. The labs reviewed and approved electronics for sale in the us. They also certified devices with the US Cyber Trust Mark, a label intended to signify a product is secure. The FCC began investigating the US Cyber Trust mark scheme in March over national security concerns. U.S. immigration and Customs Enforcement will pay up to $10 million for Clearview AI's facial recognition software. The agency says it will use the software to identify individuals who assault its agents. ICE also recently reactivated a contract with Israeli spyware and surveillance maker Paragon Solutions. It also uses hacking tools from Cellebrite, Magnet and Penlink. Hackers have leaked more than 2,000 emails they claim to have stolen from former UK Prime Minister Boris Johnson. The emails are dated between 2019 and 2022, when Johnson was in office. They allegedly contain information on the COVID 19 response and the war in Ukraine. The email leak has not been ruled out as a possible foreign influence operation. Nepal has lifted its ban on 26 social media networks after days of violent anti government protests. Critics accused the government of seeking to stifle an anti corruption campaign with last week's ban. The country's prime minister resigned on Tuesday after the protests turned violent in the capital. Protesters set fire to the Parliament, the Supreme Court, police stations and the houses of major politicians. At least 22 people have lost their lives. The US Department of Justice has charged the administrator of the Locagoga Megacortex and Nephilim ransomware groups. Officials say Volodymyr Viktorovich time as check hacked and extorted more than 250 US organisations and hundreds more globally. He used the online handles Deadforce and Far Network, according to Group IB. He was also involved in four other ransomware groups. The FBI is offering a $10 million reward for information that may lead to his arrest. It's also offering rewards for information on his accomplices. The US Treasury Department has imposed sanctions on scam compound operators in Cambodia and Myanmar. Sanctions were levied on three individuals and their six companies operating a crypto scam compound in the border town of Shuikoko, Myanmar. The three are also the leaders of the Karen National Army, a breakaway military force that now runs the state of Karen in Myanmar. Sanctions were also levied on four Chinese nationals for running scam compounds in the Cambodian cities of Bavet and Sihanoukville. The compounds are run out of casino and hotel complexes managed by the group. A threat actor has compromised 27 npm libraries and added malicious code designed to hijack cryptocurrency transactions. The attacker allegedly compromised developers using a phishing email that mimicked a 2fa reset request. The compromised packages had more than 2 billion weekly downloads. The updates containing the malicious code were taken down in less than an hour due to a swift community response. Hackers have stolen £27,000 from the pub owned by former Top Gear presenter Jeremy Clarkson. Clarkson said the hackers broke into the pub's accounting system. It's unknown who was behind the intrusion. A ransomware group has leaked data from a golf club days before it was due to host the Irish Open. The victim was a five star golfing resort in Kildare island named K Club. The SafePay ransomware group took credit for the attack. The tournament took place as scheduled on the weekend. K Club did not confirm if it paid the ransom. A hacking group claims to have stolen the personal data of almost all Vietnamese citizens. The data was allegedly taken from the country's Credit Information Centre, a national agency that keeps track of citizens credit status. It's believed that 160 million records containing highly sensitive personal information were stolen. The Vietnamese government has yet to confirm the incident. Hackers have stolen $41 million worth of Solana crypto tokens from the Swissborg platform. The attackers exploited a vulnerability in a partner's API integration. Swissborg said it would reimburse all customers. The stolen assets represent 2% of its funds. Media streaming platform Plex is resetting all user passwords after a security breach. A hacker accessed a database and allegedly stole emails, usernames, hashed passwords and other authentication data. The company says it has Patch, the method that the attacker used to get in. Meta's former head of security is suing the company for wrongful termination. Attala Beg claims the company ignored repeated warnings about WhatsApp vulnerabilities and privacy violations. He claimed that more than 1,500 WhatsApp engineers had unrestricted access to user data. He also said the app's security team was too small with just 10 engineers. Baig says WhatsApp leadership retaliated when he started reporting on the security issues. He was eventually fired in April with the company citing poor performance. A Chinese company linked to China's Academy of Sciences is exporting their technology to build national censorship firewalls. Gueege Networks has sold equipment to the government of Kazakhstan, Ethiopia, Pakistan and Myanmar. The exports were revealed when more than 100,000 leaked internal documents were shared with researchers. Apple has shipped a new security feature named Memory Integrity Enforcement. It combines hardware and software based defences to add memory safety protections to Apple products. Apple's security team said it worked on the design for half a decade. MIE has shipped with iPhone 17, which was announced on Tuesday. Adobe has patched a critical vulnerability in the Magento and Adobe Commerce platforms. The session reaper vulnerability allows unauthenticated remote attackers to run malicious code and take over online stores, according to Sansec. Automated abuse is expected to and merchants should patch immediately. And finally, messaging app Signal will allow users to create secure backups of their conversations. The new feature will retain the backups for up to 45 days. Users will have the option to pay for a longer storage period. Backups will be encrypted end to end with a 64 character recovery key generated on the user's device. And that is all for this podcast edition. Today's show was brought to you by our sponsor Trailer Bits. Find them@trailerbits.com thanks for your company.