CyberWire Daily

A suspected ransomware attack disrupts hundreds of Swedish municipalities. Google warns Gmail users of emerging cyberattacks tied to the ShinyHunters group. A malicious supply chain attack hits the npm registry. Senators press AFLAC for answers following a data breach. Law enforcement takedowns splinter the ransomware ecosystem. The FBI and Dutch police take down a major online fakeID marketplace. Florida proposes requiring healthcare providers to strengthen data breach preparedness and reporting. Our guest is Kathleen Peters, Chief Innovation Officer at Experian North America, explaining why AI is both accelerating and mitigating fraud. An affiliate army pushes fake casinos worldwide. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing [https://thecyberwire.com/newsletters/daily-briefing], and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn [https://www.linkedin.com/company/10454826/admin/feed/posts/]. CyberWire Guest Today we are joined by Kathleen Peters [https://www.linkedin.com/in/kathleenhpeters/], Chief Innovation Officer at Experian [https://www.linkedin.com/company/experian/] North America, who is sharing the AI paradox: why AI is both accelerating and mitigating fraud. You can learn more in Experian’s U.S. Identity & Fraud Report [https://www.experian.com/blogs/insights/2025-identity-fraud-report/]. Selected Reading Hundreds of Swedish municipalities impacted by suspected ransomware attack on IT supplier [https://therecord.media/sweden-municipalities-ransomware-software] (The Record) Google issues emergency warning for all Gmail users [https://geekspin.co/google-issues-warning-for-gmail-users/] (Geekspin) TransUnion Data Breach Impacts 4.4 Million [https://www.securityweek.com/transunion-data-breach-impacts-4-4-million/] (Security Week) Npm Package Hijacked to Steal Data and Crypto via AI-Powered Malware [https://www.infosecurity-magazine.com/news/npm-package-hijacked-ai-malware/] (Infosecurity Magazine) US Senators Call for Details of Aflac Data Breach [https://www.bankinfosecurity.com/us-senators-call-for-details-aflac-data-breach-a-29319] (Bank Infosecurity) Ransomware gang takedowns causing explosion of new, smaller groups [https://therecord.media/ransomware-gang-takedown-proliferation] (The Record) FBI, Dutch cops seize fake ID marketplace, servers [https://www.theregister.com/2025/08/28/fbi_dutch_cops_seize_veriftools/] (The Register) Florida Considers Rule to Improve Healthcare Data Breach Transparency [https://www.hipaajournal.com/florida-rule-improve-healthcare-data-breach-transparency/] (The HIPPA Journal) Affiliates Flock to ‘Soulless’ Scam Gambling Machine [https://krebsonsecurity.com/2025/08/affiliates-flock-to-soulless-scam-gambling-machine/] (Krebs on Security) Audience Survey Complete our annual audience survey [https://www.surveymonkey.com/r/JDV3B73] before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit [https://docsend.com/view/5ncb2vvpz2ntg95q]. Contact us at cyberwire@n2k.com [cyberwire@n2k.com] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices [https://megaphone.fm/adchoices]

The FBI shares revelations on Salt Typhoon’s reach.  Former NSA and FBI directors sound alarm on infrastructure cybersecurity gaps. Google is launching a new cyber “disruption unit”. A new report highlights cyber risks to the maritime industry. A Pennsylvania healthcare provider suffers a data breach affecting over six hundred thousand individuals. Citrix patches a critical vulnerability under active exploitation. The U.S. sanctions a North Korean-linked fraud network. Ransomware is rapidly evolving with generative AI. Our guest is Brandon Karpf, speaking with T-Minus host Maria Varmazis connecting three seemingly disparate stories. Who needs a tutor when you’ve got root access? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing [https://thecyberwire.com/newsletters/daily-briefing], and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn [https://www.linkedin.com/company/10454826/admin/feed/posts/]. CyberWire Guest Our guest today is Brandon Karpf [https://www.linkedin.com/in/brandon-karpf/], friend of the show, founder of T-Minus Space Daily [https://space.n2k.com/podcasts/t-minus], and cybersecurity expert talking with T-Minus host Maria Varmazis. Brandon decided to do a stump the host play for this month's space and cybersecurity segment. Selected Reading Chinese Spies Hit More Than 80 Countries in ‘Salt Typhoon’ Breach, FBI Reveals [https://www.wsj.com/politics/national-security/chinese-spies-hit-more-than-80-countries-in-salt-typhoon-breach-fbi-reveals-59b2108f](WSJ) NSA and Others Provide Guidance to Counter China State-Sponsored Actors Targeting Critical Infrastructure Organizations [https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/4287371/nsa-and-others-provide-guidance-to-counter-china-state-sponsored-actors-targeti/] (NSA) Critical Infrastructure Leaders and Former National Security Officials Address Escalating Cyber Threats at Exclusive GCIS Security Briefing [https://finance.yahoo.com/news/critical-infrastructure-leaders-former-national-123600204.html?guccounter=1] (Business Wire) Google previews cyber ‘disruption unit’ as U.S. government, industry weigh going heavier on offense [https://cyberscoop.com/google-cybersecurity-disruption-unit-active-defense-hack-back/](CyberScoop) Maritime cybersecurity is the iceberg no one sees coming [https://www.helpnetsecurity.com/2025/08/28/maritime-industry-cybersecurity-threats/](Help Net Security) Healthcare Services Group reports data breach exposing information of over 624 K individuals [https://beyondmachines.net/event_details/healthcare-services-group-reports-data-breach-exposing-information-of-over-624-k-individuals-x-1-t-s-y/gD2P6Ple2L] (Beyond Machines) Over 28,000 Citrix devices vulnerable to new exploited RCE flaw [https://www.bleepingcomputer.com/news/security/over-28-200-citrix-instances-vulnerable-to-actively-exploited-rce-bug/] (Bleeping Computer) US sanctions fraud network used by North Korean 'remote IT workers' to seek jobs and steal money [https://techcrunch.com/2025/08/27/us-sanctions-fraud-network-used-by-north-korea-to-seek-jobs-and-steal-money/](TechCrunch) The Era of AI-Generated Ransomware Has Arrived [https://www.wired.com/story/the-era-of-ai-generated-ransomware-has-arrived/](WIRED) Spanish police arrest student suspected of hacking school system to change grades [https://therecord.media/spanish-police-hacker-arrest-grades] (The Record) Audience Survey Complete our annual audience survey [https://www.surveymonkey.com/r/JDV3B73] before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit [https://docsend.com/view/5ncb2vvpz2ntg95q]. Contact us at cyberwire@n2k.com [cyberwire@n2k.com] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices [https://megaphone.fm/adchoices]

A whistle-blower claims DOGE uploaded a sensitive Social Security database to a vulnerable cloud server. Allies push back against North Korean IT scams. ZipLine is a sophisticated phishing campaign targeting U.S.-based manufacturing. Researchers uncover a residential proxy network operating across at least 20 U.S. states. Flock Safety license plate readers face increased scrutiny. A new report chronicles DDoS through the first half of the year. LLM guard rails fail to defend against run-on sentences. A South American APT targets the Colombian government. Our guest is Harry Thomas, Founder and CTO at Frenos, on the benefits of curated and vetted AI training data. One man’s fight against phantom jobs posts. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing [https://thecyberwire.com/newsletters/daily-briefing], and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn [https://www.linkedin.com/company/10454826/admin/feed/posts/]. CyberWire Guest Our guest today is Harry Thomas [https://www.linkedin.com/in/harry-j-thomas/], Founder and CTO at Frenos [https://frenos.io/], talking about the benefits of curated and vetted AI training data.  Learn more about the Frenos and N2K Networks partnership [https://thecyberwire.com/stories/d0e41e56a3354d179cc90121c92c5e26/frenos-partners-with-n2k-to-power-first-ai-native-ot-security-posture-management-platform-with-industry-validated-intelligence] to utilize industry validated intelligence to build the first AI native OT security posture management platform. Selected Reading DOGE Put Critical Social Security Data at Risk, Whistle-Blower Says [https://www.nytimes.com/2025/08/26/us/politics/doge-social-security-data.html](The New York Times) Governments, tech companies meet in Tokyo to share tips on fighting North Korea IT worker scheme [https://therecord.media/japan-us-south-korea-forum-north-korea-it-worker-scheme] (The Record) ZipLine Campaign: A Sophisticated Phishing Attack Targeting US Companies [https://research.checkpoint.com/2025/zipline-phishing-campaign/] (Check Point Research) Phishing Campaign Targeting Companies via UpCrypter [https://www.fortinet.com/blog/threat-research/phishing-campaign-targeting-companies-via-upcrypter](FortiGuard Labs) Belarus-Linked DSLRoot Proxy Network Deploys Hardware in U.S. Residences, Including Military Homes [https://infrawatch.app/blog/dslroot-us-proxy-investigation] (Infrawatch) CBP Had Access to More than 80,000 Flock AI Cameras Nationwide [https://www.404media.co/cbp-had-access-to-more-than-80-000-flock-ai-cameras-nationwide/] (404 Media) Evanston shuts down license plate cameras, terminates contract with Flock Safety [https://evanstonroundtable.com/2025/08/26/evanston-shuts-down-license-plate-cameras-terminates-contract-with-flock-safety/] (Evanston Round Table) Global DDoS attacks exceed 8M amid geopolitical tensions [https://www.telecomstechnews.com/news/global-ddos-attacks-exceed-8m-amid-geopolitical-tensions/] (Telecoms Tech News) One long sentence is all it takes to make LLMs misbehave [https://www.theregister.com/2025/08/26/breaking_llms_for_fun/](The Register) TAG-144’s Persistent Grip on South American Organizations [https://www.recordedfuture.com/research/tag-144s-persistent-grip-on-south-american-organizations] (Recorded Future) This tech worker was frustrated with ghost job ads. Now he’s working to pass a national law banning them [https://www.cnbc.com/2025/08/25/tech-worker-was-frustrated-with-ghost-jobs-now-hes-trying-to-pass-a-national-ban.html] (CNBC) Audience Survey Complete our annual audience survey [https://www.surveymonkey.com/r/JDV3B73] before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit [https://docsend.com/view/5ncb2vvpz2ntg95q]. Contact us at cyberwire@n2k.com [cyberwire@n2k.com] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices [https://megaphone.fm/adchoices]

A cyberattack disrupts state systems in Nevada. A China-linked threat actor targets Southeast Asian diplomats. A new attack method hides malicious prompts inside images processed by AI systems.Experts ponder preventing AI agents from going rogue. A new study finds AI is hitting entry-level jobs hardest. Michigan’s Supreme Court upholds limits on cell phone searches. Sen. Wyden accuses the judiciary of cyber negligence. CISA issues an urgent alert on a critical Git vulnerability. Hackers target Maryland’s transit services for the disabled. Our guest is Cristian Rodriguez, Field CTO for the Americas from CrowdStrike, examining the escalating three-front war in AI.  A neighborhood crime reporting app gets algorithmically sketchy. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing [https://thecyberwire.com/newsletters/daily-briefing], and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn [https://www.linkedin.com/company/10454826/admin/feed/posts/]. CyberWire Guest Today we are joined by Cristian Rodriguez [https://www.linkedin.com/in/cristianr/], Field CTO, Americas from CrowdStrike [https://www.linkedin.com/company/crowdstrike/], as he is examining the escalating three-front war in AI. Selected Reading  Cybercrime Government Leadership News News Briefs  Recorded Future Nevada state websites, phone lines knocked offline by cyberattack [https://therecord.media/nevada-state-websites-phones-cyberattack-disruption] (The Record) Chinese UNC6384 Hackers Use Valid Code-Signing Certificates to Evade Detection [https://gbhackers.com/chinese-unc6384-hackers-use-valid-code-signing-certificates/] (GB Hackers) New AI attack hides data-theft prompts in downscaled images [https://www.bleepingcomputer.com/news/security/new-ai-attack-hides-data-theft-prompts-in-downscaled-images/] (Bleeping Computer) How to stop AI agents going rogue [https://www.bbc.com/news/articles/cq87e0dwj25o] (BBC) AI Makes It Harder for Entry-Level Coders to Find Jobs, Study Says [https://www.bloomberg.com/news/articles/2025-08-26/ai-makes-it-harder-for-entry-level-coders-to-find-jobs-study-says](Bloomberg) Fourth Amendment Victory: Michigan Supreme Court Reins in Digital Device Fishing Expeditions [https://www.eff.org/deeplinks/2025/08/fourth-amendment-victory-michigan-supreme-court-reins-digital-device-fishing-1](Electronic Frontier Foundation) Wyden calls for probe of federal judiciary data breaches, accusing it of ‘negligence’ [https://therecord.media/wyden-probe-federal-judiciary-data-breaches] (The Record) CISA Alerts on Git Arbitrary File Write Flaw Actively Exploited [https://gbhackers.com/cisa-alerts-on-git-arbitrary-file-write-flaw/] (GB Hackers) Maryland investigating cyberattack impacting transit service for disabled people [https://therecord.media/maryland-cyberattack-transit-disabled-people] (The Record) Citizen Is Using AI to Generate Crime Alerts With No Human Review. It’s Making a Lot of Mistakes [https://www.404media.co/citizen-is-using-ai-to-generate-crime-alerts-with-no-human-review-its-making-a-lot-of-mistakes] (404 Media) Audience Survey Complete our annual audience survey [https://www.surveymonkey.com/r/JDV3B73] before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit [https://docsend.com/view/5ncb2vvpz2ntg95q]. Contact us at cyberwire@n2k.com [cyberwire@n2k.com] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices [https://megaphone.fm/adchoices]

Farmers Insurance discloses a data breach affecting over a million people. Agentic AI tools fall for common scams. A new bill in Congress looks to revive letters of marque for the digital age. Cybercriminals target macOS users with the Shamos infostealer. New Android spyware masquerades as antivirus to target Russian business executives. CISA seeks public comments on SBOM updates. A major third party electronics manufacturer reports a ransomware attack. Salesforce patches multiple vulnerabilities in its Tableau products. Over 370,000 user Grok conversations were accidentally indexed by Google. Ben Yelin examines the UK’s decision to drop digital backdoor requirements. WIRED gets duped by an AI author. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing [https://thecyberwire.com/newsletters/daily-briefing], and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn [https://www.linkedin.com/company/10454826/admin/feed/posts/]. CyberWire Guest Ben Yelin [https://www.linkedin.com/in/benjamin-yelin-5b14114b/] from University of Maryland Center for Cyber Health and Hazard Strategies [https://www.linkedin.com/company/university-of-maryland-center-for-health-and-homeland-security/] joins to discuss the U.K. dropping ‘back door’ demand for Apple user data. Read the article [https://www.washingtonpost.com/technology/2025/08/19/uk-apple-backdoor-data-privacy-gabbard/] Ben discusses. If you enjoyed this conversation and want to hear more from Ben, check out our Caveat podcast here [https://thecyberwire.com/podcasts/caveat]. Selected Reading Farmers Insurance Data Breach Impacts Over 1 Million People [https://www.securityweek.com/farmers-insurance-data-breach-impacts-over-1-million-people/](SecurityWeek) "Scamlexity": When Agentic AI Browsers Get Scammed [https://guard.io/labs/scamlexity-we-put-agentic-ai-browsers-to-the-test-they-clicked-they-paid-they-failed] (Guardio) Bill would give hackers letters of marque against US enemies [https://www.theregister.com/2025/08/21/congressman_proposes_bringing_back_letters/](The Register) Fake macOS help sites push Shamos infostealer via ClickFix technique [https://www.helpnetsecurity.com/2025/08/25/fake-macos-help-sites-push-shamos-infostealer-via-clickfix-technique/] (Help Net Security) New Android malware poses as antivirus from Russian intelligence agency [https://www.bleepingcomputer.com/news/security/new-android-malware-poses-as-antivirus-from-russian-intelligence-agency/] (Bleeping Computer) CISA Requests Public Feedback on Updated SBOM Guidance [https://www.securityweek.com/cisa-requests-public-feedback-on-updated-sbom-guidance/](SecurityWeek) Electronics manufacturer Data I/O reports ransomware attack to SEC [https://therecord.media/electronics-manufacturer-dataio-ransomware] (The Record) Salesforce patches multiple flaws in Tableau Server, at least one critical [https://beyondmachines.net/event_details/salesforce-patches-multiple-flaws-in-tableau-server-at-least-one-critical-k-t-i-0-c/gD2P6Ple2L] (Beyond Machines) 370,000 Grok AI chats leaked after being indexed on Google [https://www.cyberdaily.au/security/12546-370-000-grok-ai-chats-leaked-after-being-indexed-on-google](Cyber Daily) How WIRED Got Rolled by an AI Freelancer [https://www.wired.com/story/how-wired-got-rolled-by-an-ai-freelancer/] (WIRED) Audience Survey Complete our annual audience survey [https://www.surveymonkey.com/r/JDV3B73] before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit [https://docsend.com/view/5ncb2vvpz2ntg95q]. Contact us at cyberwire@n2k.com [cyberwire@n2k.com] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices [https://megaphone.fm/adchoices]