Risky Bulletin: White House to Keep CyberCom and NSA Dual Role

Podcast: Risky Bulletin by risky.biz
Date: September 10, 2025
Host: Claire Aird (prepared by Catalin Cimpanu)

Episode Overview

This episode offers a fast-paced round-up of the week’s major cybersecurity news. Topics include the U.S. government's decision to retain joint leadership for Cyber Command and the NSA, high-profile arrests and indictments, supply chain attacks, ransomware incidents, global internet censorship efforts, and significant tech security updates.

Key Discussion Points & Insights

1. White House to Keep CyberCom and NSA ‘Dual Hat’ Leadership

• [00:07] The White House has quietly decided not to split the command structure of U.S. Cyber Command and the National Security Agency.
• Officials found that separating the two would be “too lengthy and complex.” LTG William Hartman is expected to be nominated to lead both agencies.

2. CISA Delays Critical Infrastructure Reporting Rules

• [00:33] The Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) will not go into effect next month as planned.
• Final details now expected around May 2026; the rule mandates reporting of ransomware and other cyber incidents by critical infrastructure operators.

3. US Terminates Disinformation Countermeasures with Europe

• [00:51] The U.S. has ended several international agreements aimed at countering disinformation from countries like Russia, China, and Iran.
• The termination follows the shutdown of the State Department’s Global Engagement Center.

4. FCC Crackdown on Chinese Testing Labs

• [01:09] The FCC revoked the authorization of seven China-based electronics testing labs over national security worries relating to device certification and the US Cyber Trust Mark.

5. ICE Invests in Surveillance & Spyware

• [01:28] U.S. Immigration and Customs Enforcement (ICE) will spend up to $10M for Clearview AI facial recognition software to identify suspects assaulting agents.
• Also renewing contracts with spyware vendors Paragon, Cellebrite, Magnet, and Penlink.

6. Major Ransomware Arrests & Sanctions

• [02:12] The DOJ indicted Volodymyr Viktorovich (aka Deadforce & Far Network), an administrator for major ransomware operations including LockerGoga, MegaCortex, and Nephilim.
• Accused of hacking 250+ U.S. organizations, hundreds globally. FBI offers $10M reward for information.
• [02:43] U.S. Treasury sanctions crypto-scam operators in Myanmar and Cambodia, linking crime to regional breakaway military forces.

7. Significant Supply Chain & Cryptocurrency Attacks

• [03:09] Attackers compromised 27 npm libraries to intercept crypto transactions, using phishing aimed at developer 2FA resets.
• The packages had over 2 billion weekly downloads, but were taken down within an hour thanks to quick detection.
• [05:24] Hackers exploited Swissborg’s API partner, stealing $41M in Solana tokens (2% of total funds). Swissborg promises reimbursements.

8. Cybercrime Against Public Figures and Businesses

• [04:09] Hackers leaked 2,000+ emails from former UK PM Boris Johnson, spanning 2019–2022, possibly as a foreign influence operation.
• [04:53] Jeremy Clarkson’s pub lost £27,000 due to hackers breaching its accounting system.
• [05:03] SafePay ransomware hit Ireland’s K Club days before the Irish Open; tournament went on as planned.

9. Large-Scale Data Breaches

• [05:14] A hacking group claims to have compromised Vietnam’s national Credit Information Centre, stealing 160 million sensitive records.

10. Global Internet Censorship Updates

• [03:48] Nepal ended its ban on 26 social networks after violent protests. The ban was seen as an anti-corruption crackdown; 22 people died, and the PM resigned.

11. Platform Security Responses

• [05:50] Plex streaming service reset all user passwords after a database breach. Hackers accessed emails, usernames, and password hashes.
• [06:09] Apple announced “Memory Integrity Enforcement” with iPhone 17—a new hardware/software feature designed to improve memory safety.
  • “Apple’s security team said it worked on the design for half a decade.”
• [06:44] Adobe patched a critical Magento/Commerce vulnerability called “session reaper,” allowing code execution and store takeover. Immediate patching urged.

12. Legal Action Against Major Tech Companies

• [06:21] Former Meta security chief Attala Baig sues the company for wrongful termination, claiming leadership ignored WhatsApp vulnerabilities and privacy issues.
  • “More than 1,500 WhatsApp engineers had unrestricted access to user data... The app’s security team was too small, with just 10 engineers.”
  • Baig claims he was fired in retaliation for whistleblowing.

13. China’s Export of Censorship Technology

• [06:35] Gueege Networks, linked to China’s Academy of Sciences, is exporting national censorship firewalls to Kazakhstan, Ethiopia, Pakistan, and Myanmar—as revealed by 100,000+ internal leaked documents.

14. New Consumer-Friendly Security Features

• [07:02] Signal now allows users to create secure, end-to-end encrypted conversation backups, retained for up to 45 days, with options for extension. Recovery keys are generated device-side.

Notable Quotes & Memorable Moments

• “The White House will keep the CyberCom and NSA dual hat leadership arrangement... Splitting the dual hat arrangement would prove too lengthy and complex.” — Claire Aird [00:07]
• “The US Department of Justice has charged the administrator of the LockerGoga, MegaCortex, and Nephilim ransomware groups... He used the online handles Deadforce and Far Network.” — Claire Aird [02:12]
• “A threat actor has compromised 27 npm libraries... The compromised packages had more than 2 billion weekly downloads.” — Claire Aird [03:09]
• “Apple has shipped a new security feature named Memory Integrity Enforcement... Apple’s security team said it worked on the design for half a decade.” — Claire Aird [06:09]
• “Attala Baig claims the company ignored repeated warnings about WhatsApp vulnerabilities and privacy violations... More than 1,500 WhatsApp engineers had unrestricted access to user data.” — Claire Aird [06:21]

Major Timestamps Guide

| Timestamp | Segment Description | |-----------|--------------------------------------------------------------| | 00:07 | White House CyberCom/NSA leadership update | | 00:33 | CISA delays incident reporting rules for critical infrastructure | | 01:28 | ICE contracts with Clearview AI & spyware vendors | | 02:12 | U.S. ransomware indictments (Deadforce/Far Network) | | 03:09 | npm supply chain compromise (2B weekly downloads impacted) | | 04:09 | Boris Johnson email leak | | 05:14 | Vietnam national credit data breach (160M records claimed) | | 05:50 | Plex password reset after data breach | | 06:09 | Apple’s Memory Integrity Enforcement (MIE) | | 06:44 | Adobe Magento/Commerce ‘session reaper’ vulnerability | | 07:02 | Signal introduces secure backups |

Conclusion

This Risky Bulletin edition covered a broad spectrum of global cyber events, from high-level U.S. policy decisions to technical security vulnerabilities and criminal incidents. Noteworthy is the growing intertwining of cybersecurity with geopolitics, law enforcement, and consumer tech innovation. The episode stands out for its brisk yet comprehensive rundown, delivering key facts, government actions, and critical vulnerabilities of the week.