Read all about it—or maybe not.

A cyberattack disrupts newspaper publishing. A major AI summit takes place in Paris this week. A federal judge restricts DOGE from accessing Treasury Department systems. Cybersecurity cooperation between Canada and the U.S. remains strong. The Kraken ransomware group leaks credentials allegedly linked to Cisco. Europol urges banks to start preparing for quantum-safe cryptography. Microsoft expands its Copilot bug bounty program. The PlayStation Network (PSN) experienced a major outage over the weekend. Indiana man sentenced to 20 years for $37m cryptocurrency fraud. Our guest is Mike Woodard, VP of Product Management for App Security at Digital.ai, sharing strategies to minimize risk when implementing AI. Hunting for length and complexity in WiFi passwords.

Today is Monday February 10th 2025. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

A cyberattack disrupts newspaper publishing. 

A cyberattack last week disrupted operations at Lee Enterprises, a major news media company owning over 70 daily newspapers and 350 other publications across 25 states. The attack caused printing delays, website issues, and forced some newspapers to publish smaller editions. Papers like The Daily Progress and The La Crosse Tribune couldn’t print for days, while The Press of Atlantic City had been unable to print since February 1. Some subscribers also faced access issues online.

Lee Enterprises confirmed the “cybersecurity event” and notified law enforcement but did not disclose the cause or perpetrator. The Omaha World-Herald continued publishing but with modified editions, and The Buffalo News faced delays and altered content layouts. Despite these setbacks, editors assured readers that normal service would resume as soon as possible. The company is still investigating the incident, emphasizing the complexity of such cyberattacks, which may take weeks to resolve.

A major AI summit takes place in Paris this week. 

A major AI summit in Paris will bring together world leaders, tech executives, and researchers to discuss the future of artificial intelligence. Hosted by French President Emmanuel Macron and Indian Prime Minister Narendra Modi, the event aims to balance AI’s potential benefits with its risks.

The summit follows previous AI governance meetings but seeks broader commitments on ethics, safety, and sustainability.

A major focus is China’s DeepSeek chatbot, which challenges U.S. dominance in AI. Meanwhile, Trump’s AI policies, emphasizing deregulation and U.S. supremacy, may hinder global consensus. France hopes to position Europe as a key AI player, supporting open-source initiatives like startup Mistral. However, tensions between the EU and U.S. tech giants could complicate agreements.

A federal judge restricts DOGE from accessing Treasury Department systems. 

A federal judge has ordered Elon Musk’s Department of Government Efficiency (DOGE) to cease accessing Treasury Department systems over cybersecurity concerns. Judge Paul A. Engelmayer ruled that Musk’s team risked exposing sensitive financial data and making Treasury systems more vulnerable to hacking. The ruling follows concerns from 19 state attorneys general, who argued that Musk’s access violated federal laws and the Constitution.

The controversy stems from the Trump administration granting Musk’s team, composed of young coders, access to Treasury’s payment systems with minimal vetting. Experts warn this could create an entry point for foreign adversaries like China and Russia. A hearing on February 14 will determine next steps.

Musk called the judge “corrupt” on X,  claiming DOGE has pushed reforms, including better payment tracking. His X profile now humorously labels him “White House tech support.”

Cybersecurity cooperation between Canada and the U.S. remains strong. 

Canada’s tech publication The Logic examines cybersecurity cooperation between Canada and the U.S. Despite political tensions, the relationship remains strong. Rajiv Gupta, head of the Canadian Centre for Cyber Security, emphasized that protecting critical infrastructure is a non-partisan issue. His agency collaborates daily with its U.S. counterpart, CISA, to defend shared assets like pipelines, telecom networks, and financial systems.

However, concerns persist about U.S. policy shifts, particularly Trump’s rhetoric about annexing Canada and controversial appointments like Tulsi Gabbard leading U.S. intelligence. The Five Eyes intelligence alliance may be weakening.

Meanwhile, Canada faces cybersecurity challenges, including gaps in private-sector defense oversight and delays in implementing a unified cyber incident reporting system. Despite setbacks, Gupta believes more organizations now recognize cybersecurity risks. His agency remains focused on advising businesses, though like CISA, it lacks regulatory authority. With cyber threats rising, continued U.S.-Canada security collaboration remains crucial.

The Kraken ransomware group leaks credentials allegedly linked to Cisco. 

A data breach has reportedly exposed sensitive credentials from Cisco’s internal network, with the new Kraken ransomware group leaking hashed passwords from its Windows Active Directory environment. The leaked dataset includes domain user accounts, administrator credentials, and NTLM password hashes, which could allow attackers to escalate privileges and move laterally within Cisco’s network.

Researchers believe the data was extracted using tools like Mimikatz or hashdump, commonly used by cybercriminals and nation-state actors. 

Cisco has yet to confirm the breach, but security experts recommend immediate countermeasures, including forced password resets, disabling NTLM authentication, enforcing multi-factor authentication (MFA), and monitoring access logs for suspicious activity. 

Europol urges banks to start preparing for quantum-safe cryptography. 

Europol has urged Europe’s financial sector to start preparing for quantum-safe cryptography as the threat of store now, decrypt later (SNDL) attacks grows. These attacks involve stealing encrypted data today, with plans to decrypt it once quantum computers become powerful enough to break current encryption methods.

Although cryptographically relevant quantum computers (CRQCs) are still a decade away, rapid advancements could accelerate their arrival. Europol’s Quantum Safe Financial Forum (QSFF) outlined five key recommendations, including prioritizing quantum-safe cryptography, improving stakeholder coordination, and increasing cross-border collaboration.

The U.S. has already introduced post-quantum cryptography standards, and the UK banking sector has warned of the risks. With 64% of banks facing cyberattacks last year, financial institutions must adopt new encryption standards alongside existing ones to ensure a smooth transition and safeguard sensitive financial data from future quantum threats.

Microsoft expands its Copilot bug bounty program. 

Microsoft has expanded its Copilot bug bounty program to cover more consumer products and offer higher rewards. Researchers can now earn up to $30,000 for critical vulnerabilities, while medium-severity flaws can fetch up to $5,000, an increase from previous payouts.

Eligible vulnerabilities include model manipulation, code injection, authentication flaws, and improper access control.

Microsoft has also integrated the bounty program with its Online Services Bug Bar for a more consistent evaluation process. The company encourages researchers to participate in securing the Copilot ecosystem.

The PlayStation Network (PSN) experienced a major outage over the weekend. 

My teenaged son alerted me to the fact that The PlayStation Network (PSN) experienced a major outage over the weekend, disrupting login access, online gaming, the PlayStation Store, and more across all PlayStation platforms. Popular titles like Call of Duty and Fortnite were unplayable, and users struggled with account management, purchases, and streaming services.

Sony has now restored all services, but the reason behind the prolonged outage remains unknown. 

Indiana man sentenced to 20 years for $37m cryptocurrency fraud. 

Evan Frederick Light, 22, of Lebanon, Indiana, was sentenced to 20 years in federal prison for Conspiracy to Commit Wire Fraud and Money Laundering, following his guilty plea in September 2024. He was also ordered to pay at least $37 million in restitution for stealing cryptocurrency from nearly 600 victims.

In February 2022, Light infiltrated a Sioux Falls investment firm, using stolen credentials to access client accounts and exfiltrate personally identifiable information (PII). He then transferred stolen funds through mixing services and gambling sites to obscure his identity.

U.S. Attorney Alison Ramsdell and FBI Special Agent Alvin Winston Sr. emphasized the devastating impact of cybercrime and praised investigators for recovering a substantial portion of the stolen cryptocurrency. Light remains in U.S. Marshals custody.

 

Today’s guest is Mike Woodard, VP of Product Management for App Security at Digital.ai, sharing strategies to minimize risk when implementing AI to enhance security. And, the longest and strongest wifi passwords. We’ll be right back.

Welcome back.

Hunting for length and complexity in WiFi passwords. 

And finally, researcher Jason Jacobs assigned himself a weekend project to look for the longest and most complex WiFi passwords out there. As you do. 

Combing through a data set of over 31 million actual WiFi passwords people have actually used, Jacobs came up with a scoring system to rank length and complexity. He set his script loose on the dataset, sat back and waited.

In terms of length, number one was supercalifragilisticexpialidocious. 

Respect.

But then there were the others:

• A random string of numbers and letters that looked like an encryption key.

• A weird mix of words that Jacobs assumed was someone’s attempt at speaking alien.

• And finally, something that looked suspiciously like a NASA project name.

Turning to complexity, The number one most complex WiFi password wasn’t just a password.

It was… an actual hacking attempt.

Yup. Someone, somewhere, set their WiFi password as a full-blown JavaScript hacking script.

This means that if a badly built system ever tried to store it without protection, it could actually trigger a security exploit.

This is not just a password… this is cyberpunk-level trolling.

Runners-up included the scientific name for a chemical compound and a mix of words that sounded like a German hacker's email address. 

So what did Jacobs’ weekend project teach him?

People use some wildly creative passwords, and some terrifying ones — Someone actually thought using an XSS attack payload as their WiFi password was a great idea.

Stay safe out there, friends. 

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

 

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re privileged that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K makes it easy for companies to optimize your biggest investment, your people. We make you smarter about your teams, while making your teams smarter. Learn how at n2k.com.

 

N2K’s senior producer is Alice Carruth. Our CyberWire producer is Liz Stokes. We’re mixed by Tré Hester, with original music and sound design by Elliott Peltzman. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.