CyberWire Daily

Grok’s non-consensual imagery draws scrutiny from the European Commission.  Researchers link several major data breaches to a single threat actor. The UK unveils a new Cyber Action Plan. A stealthy ClickFix campaign targets the hospitality sector. VVS Stealer malware targets Discord users. Covenant Health and AFLAC report data leaks. Google silences a critical Dolby flaw. Ilona Cohen, Chief Legal and Policy Officer at HackerOne discusses “What the SolarWinds Dismissal Really Means for CISOs: Less Personal Risk, More Scrutiny on Disclosures.” UK students enjoy a digital snow day.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Ilona Cohen, Chief Legal and Policy Officer at HackerOne and former senior lawyer to President Obama, as she is discussing “What the SolarWinds Dismissal Really Means for CISOs: Less Personal Risk, More Scrutiny on Disclosures.” Selected Reading EU looking ‘very seriously’ at taking action against X over Grok (The Record) Grok's AI CSAM Shitshow (404 Media) Dozens of Major Data Breaches Linked to Single Threat Actor (SecurityWeek) UK Launches New Cyber Unit to Bolster Defences Against Cyber Threats (Infosecurity Magazine) Sophisticated ClickFix Campaign Targeting Hospitality Sector (SecurityWeek) New VVS Stealer Malware Targets Discord Users via Fake System Errors (Hackread) Covenant Health Notifying 480K Patients of 2025 Data Theft (Infosecurity) Aflac Notifies 22.6 Million People of June Data Theft Attack (Infosecurity) Critical Dolby leak in Android patched by Google (Techzine Global) Students bag extended Christmas break after cyber hit on school IT (The Register) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Venezuela blames physical attacks for blackout as cyber questions swirl. Trump reverses a chip technology sale over national security issues, and removes sanctions linked to Predator spyware. Greek officials say an air traffic shutdown was not a cyberattack. The U.S. Army launches a new officer specialization in AI and machine learning. The Kimwolf botnet infects more than two million devices worldwide. ZoomStealer uses browser extensions to grab sensitive online meeting data. The European Space Agency confirms a cybersecurity incident. Former lawmakers and cyber policy leaders warn that U.S. cyber defenses are slipping. On today’s Afternoon Cyber Tea host Ann Johnson welcomes Troy Hunt, founder of Have I Been Pwned. A researcher swipes left on white supremacy. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On this segment of Afternoon Cyber Tea with host Ann Johnson, Ann is joined by Troy Hunt, founder of Have I Been Pwned, to explore what billions of breached records reveal about attacker behavior, human weakness, and the state of breach disclosure. To listen to Ann and Troy's full conversation, visit the episode page. You can catch new episodes of Afternoon Cyber Tea every other Tuesday on your favorite podcast app.  Selected Reading Trump suggests US used cyberattacks to turn off lights in Venezuela during strikes (POLITICO) US Action in Venezuela Provokes Cyberattack Speculation (GovInfosecurity) COMUNICADO | CORPOELEC denuncia ataque perpetrado contra el Sistema Eléctrico Nacional (MPPEE) President Trump Orders Divestment in $2.9 Million Chips Deal to Protect US Security Interests (SecurityWeek) Treasury removes sanctions for three executives tied to spyware maker Intellexa (The Record) Greece says a radio failure that grounded flights is unlikely to be a cyberattack (WRAL.com) US Army to Establish AI Officer Corps for High-Tech Military Management (ForkLog) The Kimwolf Botnet is Stalking Your Local Network (Krebs on Security) Zoom Stealer browser extensions harvest corporate meeting intelligence (Bleeping Computer) European Space Agency Confirms Server Breach (Infosecurity Magazine) Time to restore America’s cyberspace security system (CyberScoop) Researcher Wipes White Supremacist Dating Sites, Leaks Data on okstupid.lol (Hackread) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of Career Notes. Chief Information Security Officer at Immuta, Michael Scott shares his story from working at a forgotten internet service provider to leading the security fight for major food chain restaurants. Michael explains how the different roles at various companies he has worked with paved his way to where he is now at Immuta. He works with a group of colleagues and he leads in a different style, describing that "It really is just a collection of a lot of, we call humble intellects" working with him. Michael attributes adversity to being a cornerstone of existence in the security community, and explains how that helps him keep up the fight. We thank Michael for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

While our team is out on winter break, please enjoy this episode of Research Saturday. Today we are joined by ⁠⁠Selena Larson⁠⁠, co-host of ⁠⁠Only Malware in the Building⁠⁠ and Staff Threat Researcher and Lead Intelligence Analysis and Strategy at ⁠⁠Proofpoint⁠⁠, sharing their work on "Microsoft OAuth App Impersonation Campaign Leads to MFA Phishing." Proofpoint researchers have identified campaigns where threat actors use fake Microsoft OAuth apps to impersonate services like Adobe, DocuSign, and SharePoint, stealing credentials and bypassing MFA via attacker-in-the-middle phishing kits, mainly Tycoon. These attacks redirect users to fake Microsoft login pages to capture credentials, 2FA tokens, and session cookies, targeting nearly 3,000 Microsoft 365 accounts across 900 environments in 2025. Microsoft’s upcoming security changes and strengthened email, cloud, and web defenses, along with user education, are recommended to reduce these risks. The research can be found here: ⁠⁠⁠⁠Microsoft OAuth App Impersonation Campaign Leads to MFA Phishing Learn more about your ad choices. Visit megaphone.fm/adchoices

While our team is out on winter break, please enjoy this episode of Cyber Things from our partners at Armis. Welcome to Episode 2 of Cyber Things, a special edition podcast produced in partnership by Armis and N2K CyberWire in an homage to Stranger Things. Host ⁠Rebecca Cradick⁠, VP of Global Communications at ⁠Armis⁠, is joined by ⁠Curtis Simpson⁠, CISO at Armis, to dive deep into the rise of the “Hive Mind”: the collective, connected threat ecosystem where attackers share tools, data, and tactics across the dark web, evolving faster than ever through AI-powered reconnaissance and automation. This is essential listening for anyone seeking to better understand how today’s adversaries no longer operate alone, but as a distributed learning network that observes, adapts, and strikes with speed and precision. Tune in now to learn how organizations can think upside down, harness AI, and build defenses that move at the speed of today’s threats - before the shadows reach your network. Learn more about your ad choices. Visit megaphone.fm/adchoices