CyberWire Daily

Please enjoy this encore of Career Notes. Host of the CyberWire Podcast, Dave Bittner, wanted to work with the Muppets, so naturally he landed in cybersecurity. Dave and his Cookie Monster puppet spent much of his childhood putting on shows for his parents friends. During one of those performances, he was discovered and got his start at the local PBS station. A radio, television and film major in college, Dave owned his own company and as the most tech-savvy member of the group, handled that side of things. Dave notes his cybersecurity challenges back then consisted of maybe a corrupt floppy disk. It wasn't until he joined the CyberWIre that cybersecurity became Dave's focus. A former boss showed him how to lead a team and treat everyone with kindness regardless of their role. We thank Dave for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices [https://megaphone.fm/adchoices]

This week, Dave speaks with Max Gannon [https://www.linkedin.com/in/max-gannon-34b775111/] of Cofense Intelligence [https://cofense.com/] to dive into his team's research on "The Rise of Precision-Validated Credential Theft: A New Challenge for Defenders." Threat actors continuously develop new tactics, techniques, and procedures (TTPs) to bypass existing defenses. When defenders identify these methods and implement countermeasures, attackers adapt or create more sophisticated approaches. This research explores how cybercriminals are leveling up their credential phishing tactics using Precision-Validated Phishing, a technique that leverages real-time email validation to ensure only high-value targets receive the phishing attempt. The research can be found here: * The Rise of Precision-Validated Credential Theft: A New Challenge for Defenders [https://cofense.com/blog/the-rise-of-precision-validated-credential-theft-a-new-challenge-for-defenders]⁠⁠⁠⁠ [https://www.cyberark.com/resources/threat-research-blog/agents-under-attack-threat-modeling-agentic-ai]⁠ [https://www.reversinglabs.com/blog/atomic-and-exodus-crypto-wallets-targeted-in-malicious-npm-campaign] Learn more about your ad choices. Visit megaphone.fm/adchoices [https://megaphone.fm/adchoices]

NATO hosts the world’s largest cyber defense exercise. The DOJ charges a dozen people in a racketeering conspiracy involving the theft of over $230 million in cryptocurrency. Japan has enacted a new Active Cyberdefense Law. Lawmakers push to reauthorize the Cybersecurity Information Sharing Act. Two critical Ivanti Endpoint Manager Mobile vulnerabilities are under active exploitation. Hackers use a new fileless technique to deploy Remcos RAT. The NSA’s Director of Cybersecurity hangs up their hat. Our guest is Christopher Cleary, VP of ManTech's Global Cyber Practice, discussing the cyber battlespace of the future. Coinbase flips the script on an extortion attempt.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing [https://thecyberwire.com/newsletters/daily-briefing], and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn [https://www.linkedin.com/company/10454826/admin/feed/posts/]. CyberWire Guest Joining us on our Industry Voices segment, Christopher Cleary [https://www.linkedin.com/in/christopher-cleary-pmp-cissp-6242b635/], VP of ManTech [https://www.mantech.com/]'s Global Cyber Practice, talks about the battlespace of the future. If you would like to hear the full-length interview between Christopher and Dave, listen here [https://explore.thecyberwire.com/chris-cleary]. Learn more about ManTech’s cybersecurity work here [https://www.mantech.com/expertise/cyberspace-superiority/].  Selected Reading NATO's Locked Shields Reflects Cyber Defense Growth [https://www.securityweek.com/from-60-to-4000-natos-locked-shields-reflects-cyber-defense-growth/] (SecurityWeek) US charges 12 more suspects linked to $230 million crypto theft [https://www.bleepingcomputer.com/news/security/us-charges-12-more-suspects-linked-to-230-million-crypto-theft/] (Bleeping Computer) Japan enacts new Active Cyberdefense Law allowing for offensive cyber operations [https://therecord.media/japan-enacts-new-law-allowing-offensive-cyber-operations] (The Record) Lawmakers push for reauthorization of cyber information sharing bill as deadline looms [https://therecord.media/lawmakers-push-for-reauthorization-information-sharing-bill] (The Record) Ban sales of gear from China’s TP-Link, Republican lawmakers tell Trump administration [https://therecord.media/republican-lawmakers-call-for-tp-link-ban] (The Record) Scammers are deepfaking voices of senior US government officials, warns FBI [https://www.theregister.com/2025/05/16/fbi_deepfake_us_government_warning/] (The Register) Multiple Ivanti Endpoint Mobile Manager Vulnerabilities Allows Remote Code Execution [https://cybersecuritynews.com/ivanti-endpoint-mobile-manager-vulnerabilities/] (Cyber Security News) Updated Remcos RAT deployed in fileless intrusion [https://www.scworld.com/brief/updated-remcos-rat-deployed-in-fileless-intrusion](SC Media) NSA cyber director Luber to retire at month’s end [https://therecord.media/nsa-cyber-director-dave-luber-to-retire] (The Record) Coinbase offers $20 million bounty after extortion attempt with stolen data [https://therecord.media/coinbase-extortion-attempt-company-offers-20million-reward] (The Record) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey [https://www.surveymonkey.com/r/cwdp-listener] as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit [https://docsend.com/view/5ncb2vvpz2ntg95q]. Contact us at cyberwire@n2k.com [cyberwire@n2k.com] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices [https://megaphone.fm/adchoices]

Google issues an emergency patch for a high-severity Chrome browser flaw. Researchers bypass BitLocker encryption in minutes. A massive Chinese-language black market has shut down. The CFPB cancels plans to curb the sale of personal information by data brokers. A cyberespionage campaign called Operation RoundPress targets vulnerable webmail servers. Google warns that Scattered Spider is now targeting U.S. retail companies. The largest steelmaker in the U.S. shut down operations following a cybersecurity incident. Our guest is Devin Ertel, Chief Information Security Officer at Menlo Security, discussing redefining enterprise security. The long and the short of layoffs. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing [https://thecyberwire.com/newsletters/daily-briefing], and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn [https://www.linkedin.com/company/10454826/admin/feed/posts/]. CyberWire Guest On our Industry Voices segment and direct from RSAC 2025, our guest is Devin Ertel [https://www.linkedin.com/in/devinertel/], Chief Information Security Officer at Menlo Security [https://www.menlosecurity.com/], discussing redefining enterprise security. Listen to Devin's interview here [https://explore.thecyberwire.com/devin-ertel]. Selected Reading Google fixes high severity Chrome flaw with public exploit [https://www.bleepingcomputer.com/news/security/google-fixes-high-severity-chrome-flaw-with-public-exploit/] (Bleeping Computer) BitLocker Encryption Bypassed in Minutes Using Bitpixie Vulnerability: PoC Released [https://cybersecuritynews.com/bitlocker-encryption-bypassed/] (Cyber Security News) The Internet’s Biggest-Ever Black Market Just Shut Down Amid a Telegram Purge [https://www.wired.com/story/the-internets-biggest-ever-black-market-shuts-down-after-a-telegram-purge/] (WIRED)  German operation shuts down crypto mixer eXch, seizes millions in assets [https://therecord.media/exch-cryptocurrency-mixer-germany-takedown] (The Record) CFPB Quietly Kills Rule to Shield Americans From Data Brokers [https://www.wired.com/story/cfpb-quietly-kills-rule-to-shield-americans-from-data-brokers/](WIRED) EU ruling: tracking-based advertising by Google, Microsoft, Amazon, X, across Europe has no legal basis [https://www.iccl.ie/digital-data/eu-ruling-tracking-based-advertising-by-google-microsoft-amazon-x-across-europe-has-no-legal-basis/] (Irish Council for Civil Liberties) Operation RoundPress targeting high-value webmail servers [https://www.welivesecurity.com/en/eset-research/operation-roundpress/] (We Live Security) Google says hackers that hit UK retailers now targeting American stores [https://www.reuters.com/business/google-says-hackers-that-targeted-uk-retail-sector-are-now-targeting-us-2025-05-14/](Reuters) Cybersecurity incident forces largest US steelmaker to take some operations offline [https://therecord.media/cyber-incident-forces-nucor-steel-to-take-systems-offline] (The Record) Infosec Layoffs Aren't the Bargain Boards May Think [https://www.darkreading.com/cyber-risk/infosec-layoffs-arent-bargain-boards-may-think] (Dark Reading)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey [https://www.surveymonkey.com/r/cwdp-listener] as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit [https://docsend.com/view/5ncb2vvpz2ntg95q]. Contact us at cyberwire@n2k.com [cyberwire@n2k.com] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices [https://megaphone.fm/adchoices]

A busy Patch Tuesday. Investigators discover undocumented communications devices inside Chinese-made power inverters. A newly discovered Branch Privilege Injection flaw affects Intel CPUs. A UK retailer may claim up to £100mn from its cyber insurers after a major cyberattack.  A Kosovo national has been extradited to the U.S. for allegedly running an illegal online marketplace. CISA will continue alerts on its website following industry backlash. On our Industry Voices segment, Neil Hare-Brown, CEO at STORM Guidance, discusses Cyber Incident Response (CIR) retainer service provision. Shoring up the future of the CVE program. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing [https://thecyberwire.com/newsletters/daily-briefing], and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn [https://www.linkedin.com/company/10454826/admin/feed/posts/]. CyberWire Guest On today’s Industry Voices segment, we are joined by Neil Hare-Brown [https://www.linkedin.com/in/neilhb/], CEO at STORM Guidance [https://www.stormguidance.com/], discussing Cyber Incident Response (CIR) retainer service provision. You can learn more here [https://www.cyber.care/cyberwire].  Selected Reading Microsoft Patch Tuesday security updates for May 2025 fixed 5 actively exploited zero-days [https://securityaffairs.com/177839/hacking/microsoft-patch-tuesday-security-updates-for-may-2025-fixed-5-actively-exploited-zero-days.html] (Security Affairs) SAP patches second zero-day flaw exploited in recent attacks [https://www.bleepingcomputer.com/news/security/sap-patches-second-zero-day-flaw-exploited-in-recent-attacks/] (Bleeping Computer)  Ivanti fixes EPMM zero-days chained in code execution attacks [https://www.bleepingcomputer.com/news/security/ivanti-fixes-epmm-zero-days-chained-in-code-execution-attacks/] (Bleeping Computer)  Fortinet fixes critical zero-day exploited in FortiVoice attacks [https://www.bleepingcomputer.com/news/security/fortinet-fixes-critical-zero-day-exploited-in-fortivoice-attacks/] (Bleeping Computer)  Vulnerabilities Patched by Juniper, VMware and Zoom [https://www.securityweek.com/vulnerabilities-patched-by-juniper-vmware-and-zoom/] (SecurityWeek) ICS Patch Tuesday: Vulnerabilities Addressed by Siemens, Schneider, Phoenix Contact [https://www.securityweek.com/ics-patch-tuesday-vulnerabilities-addressed-by-siemens-schneider-phoenix-contact/] (SecurityWeek) Adobe Patches Big Batch of Critical-Severity Software Flaws [https://www.securityweek.com/adobe-patches-big-batch-of-critical-severity-software-flaws/] (SecurityWeek) Ghost in the machine? Rogue communication devices found in Chinese inverters [https://www.reuters.com/sustainability/climate-energy/ghost-machine-rogue-communication-devices-found-chinese-inverters-2025-05-14/] (Reuters) New Intel CPU flaws leak sensitive data from privileged memory [https://www.bleepingcomputer.com/news/security/new-intel-cpu-flaws-leak-sensitive-data-from-privileged-memory/] (Bleeping Computer)  M&S cyber insurance payout to be worth up to £100mn [https://www.ft.com/content/723b6195-1ce7-4b5f-94f5-729e9152c578] (Financial Times) US extradites Kosovo national charged in operating illegal online marketplace [https://therecord.media/us-extradites-kosovo-national-online-marketplace] (The Record) CISA Planned to Kill .Gov Alerts. Then It Reversed Course. [https://www.databreachtoday.com/cisa-planned-to-kill-gov-alerts-then-reversed-course-a-28391] (Data BreachToday) CVE Foundation eyes year-end launch following 11th-hour rescue of MITRE program [https://cyberscoop.com/cve-program-funding-crisis-cve-foundation-mitre/] (CyberScoop) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey [https://www.surveymonkey.com/r/cwdp-listener] as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit [https://docsend.com/view/5ncb2vvpz2ntg95q]. Contact us at cyberwire@n2k.com [cyberwire@n2k.com] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices [https://megaphone.fm/adchoices]