Podcasts
CyberWire Daily
Ep 2277
The CyberWire Daily Podcast 4.1.25
Ep 2277 | 4.1.25

Hackers beware, fines are in the air.

Show Notes
Transcript

The UK unveils the full scope of its upcoming Cyber Security and Resilience Bill. Apple warns of critical zero-day vulnerabilities under active exploitation. The InterLock ransomware group claims responsibility for a cyberattack on National Presto Industries. Microsoft flags a critical vulnerability in Canon printer drivers. Check Point Software confirms a data breach. The FTC warns 23andMe’s bankruptcy trustees to uphold their privacy obligations. A Canadian hacker has been arrested and charged for allegedly breaching systems tied to the Texas Republican Party. A GCHQ intern pleads guilty to stealing top-secret data. On our Threat Vector segment, host David Moulton from Palo Alto Networks speaks with Richu Channakeshava, Senior Product Manager at Palo Alto Networks, about the urgent need for organizations to prepare for a post-quantum world. The confabulous hallucinations of AI.  

Today is Tuesday April 1st 2025. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

The UK unveils the full scope of its upcoming Cyber Security and Resilience (CSR) Bill.

The UK has unveiled the full scope of its upcoming Cyber Security and Resilience (CSR) Bill, aimed at boosting protection for critical national infrastructure. Tech Secretary Peter Kyle outlined three main pillars: expanding which organizations must comply, strengthening regulator powers, and giving the government flexibility to update rules quickly as threats evolve. Failing to meet directives—such as patching known vulnerabilities—could result in fines of £100,000 per day or 10% of annual turnover. Additional changes under review include adding datacenters and publishing a unified strategy for regulators. The bill mandates faster incident reporting—within 24 hours for significant breaches—and aligns more strictly than EU and US counterparts. The urgency comes amid rising threats: cyberattacks on UK utilities surged 586% in 2023. Experts warn the plan, while crucial, demands sustained investment and staff training. The CSR Bill is expected to enter Parliament later this year, reflecting a sharp push to modernize UK cyber defenses.

Apple warns of critical zero-day vulnerabilities under active exploitation. 

Apple has issued an urgent security alert addressing three critical zero-day vulnerabilities—CVE-2025-24200, CVE-2025-24201, and CVE-2025-24085—actively exploited in sophisticated attacks. These flaws affect iPhones, iPads, Macs, Apple Watches, Apple TVs, and Vision Pro devices. One allows attackers with physical access to bypass USB Restricted Mode (CVE-2025-24200), while another lets malicious web content escape Safari’s sandbox (CVE-2025-24201). The third involves a use-after-free bug in CoreMedia that could lead to privilege escalation (CVE-2025-24085). Apple has released security patches for all affected systems and urges users to update immediately. The company also recommends avoiding untrusted apps, enabling Lockdown Mode, and activating automatic updates. The vulnerabilities were discovered by security researchers, including The Citizen Lab, and are being exploited in targeted attacks. 

The InterLock ransomware group claims responsibility for a cyberattack on National Presto Industries. 

The InterLock ransomware group has claimed responsibility for a March 1 cyberattack on National Presto Industries, a company known for home appliances and military-grade ammunition. The attack, confirmed via InterLock’s leak site, reportedly involved data theft of nearly 3 million files. Though the company initially disclosed the incident without naming ransomware, the leak suggests multiple subsidiaries, including National Defense Corporation and AMTEC, were impacted. InterLock says extortion efforts failed after the company downplayed the breach’s significance and claimed to have fully restored operations.

Microsoft flags a critical vulnerability in Canon printer drivers. 

Microsoft’s offensive security team has disclosed a critical vulnerability (CVE-2025-1268) affecting Canon printer drivers, with a severity score of 9.4. The flaw impacts several Canon printer models using older driver versions (3.12 and earlier) and could allow attackers to halt printing or execute arbitrary code via malicious applications. Canon urges users to update drivers from its website. The vulnerability, in EMF recode processing, highlights ongoing risks tied to outdated drivers and the threat of BYOVD-style attacks. BYOVD stands for Bring Your Own Vulnerable Driver. It’s a technique used by attackers where they install a known-vulnerable driver onto a system to exploit its weaknesses, usually to gain higher privileges—like kernel-level access.

Check Point Software confirms a data breach. 

Check Point Software has confirmed a data breach tied to claims by threat actor CoreInjection but insists the incident occurred in December 2024, involved limited access, and posed no risk to customers or systems. The company says compromised credentials gave access to a small portal, exposing basic account and contact information from three organizations. However, cybersecurity expert Alon Gal challenged this, pointing to leaked data showing over 121,000 accounts and admin-level access, far exceeding Check Point’s description. He also noted the absence of any public SEC disclosure from December. The breach surfaces amid ongoing scrutiny of Check Point’s security posture, including past vulnerabilities in its VPN and Security Gateway products. While Check Point downplays the breach as recycled data, experts continue to raise questions about the scope, access level, and transparency surrounding the incident.

The FTC warns 23andMe’s bankruptcy trustees to uphold their privacy obligations. 

The FTC has warned 23andMe’s bankruptcy trustees that any sale of the company’s assets must honor its prior promises to consumers about privacy and data security. Filed under Chapter 11 on March 23, 23andMe holds sensitive genetic and health data from millions of users. FTC Chair Andrew Ferguson emphasized that any buyer must uphold the company’s commitments, including restrictions on sharing personal data without user consent or legal orders. The FTC insists these assurances remain binding under bankruptcy law. This comes amid ongoing scrutiny following a 2023 data breach affecting roughly 6.9 million users, leading to a $30 million settlement. That breach exposed genetic and ancestry data through a credential-stuffing attack. The DOJ also stated it is monitoring the case closely to protect consumer data. 23andMe has not yet commented on the FTC’s position but continues offering users the option to delete their data or revoke research consent.

A Canadian hacker has been arrested and charged for allegedly breaching systems tied to the Texas Republican Party. 

Canadian hacker Aubrey Cottle, known online as “Kirtaner” and linked to the Anonymous collective, has been arrested and charged in the U.S. for allegedly breaching systems tied to the Texas Republican Party. U.S. prosecutors say Cottle hacked Epik, a hosting provider for the Texas GOP and Texas Right to Life, stealing personal data and sharing it publicly. The complaint, unsealed in Texas, includes evidence of Cottle taking credit for the hack on Discord and TikTok. A 2022 raid on his Ontario home uncovered 20 terabytes of stolen data. He faces charges of unlawfully using identifying information and up to five years in prison if convicted. Cottle has previously targeted conservative platforms and appeared in media discussing Anonymous operations. The FBI and Canadian authorities have been investigating him since 2022. The hack was reportedly in protest of Texas’ abortion laws and resulted in widespread data leaks from Epik-hosted sites.

A GCHQ intern pleads guilty to stealing top-secret data. 

Hasaan Arshad, a 25-year-old student on placement at the UK’s GCHQ, pleaded guilty to stealing top-secret data. On August 24, 2022, just days before his year-long placement ended, Arshad took his phone into a secure area, downloaded classified information—including names and a highly valuable tool—and later transferred it to a hard drive at home. Prosecutors say the stolen software cost taxpayers millions. He admitted violating the Computer Misuse Act and claimed curiosity motivated his actions, not financial gain. Investigators also found indecent images of a child on his devices, to which he previously pleaded guilty. Arshad, formerly part of GCHQ’s internship program, faces sentencing on June 13 and remains on bail under restrictions, including a dark web ban. His lawyer described the act as reckless, while the judge warned a custodial sentence is likely.

On our Threat Vector segment, host David Moulton speaks with Richu Channakeshava (Ree-chew Chan-nah-kesh-vah), Senior Product Manager at Palo Alto Networks, about the urgent need for organizations to prepare for a post-quantum world.

The confabulous hallucinations of AI. 

And finally, imagine AI as that friend who, when unsure, confidently fills in the blanks with plausible-sounding fiction. Traditionally, we’ve termed these AI missteps “hallucinations,” implying sensory delusions. However, as highlighted by Integrative Psych, a more fitting label is “confabulations”—fabricated stories constructed to mask gaps in knowledge. This distinction matters because, unlike humans who might see or hear things that aren’t there, AI doesn’t perceive; it predicts. When faced with ambiguous prompts or incomplete data, AI doesn’t experience a psychedelic trip; it simply stitches together its best guess, sometimes resulting in convincing but entirely fictional outputs. Recognizing these errors as confabulations can guide us toward refining AI training methods, ensuring our digital companions are less prone to creative storytelling when they should simply admit, “I don’t know.”

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re privileged that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K makes it easy for companies to optimize your biggest investment, your people. We make you smarter about your teams, while making your teams smarter. Learn how at n2k.com.

N2K’s senior producer is Alice Carruth. Our CyberWire producer is Liz Stokes. We’re mixed by Tré Hester, with original music and sound design by Elliott Peltzman. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.

CyberWire Daily
Podcast Info
HOST(S):
Dave Bittner
Dave Bittner is a security podcast host and one of the founders at CyberWire. He's a creator, producer, videographer, actor, experimenter, and entrepreneur. He's had a long career in the worlds of television, journalism and media production, and is one of the pioneers of non-linear editing and digital storytelling.
Schedule: Monday-Friday
Creator: N2K Networks, Inc.