Former cybersecurity officials lose clearances.

Trump targets former cybersecurity officials. Senator blocks CISA nominee over telecom security concerns. The acting head of NSA and Cyber Command makes his public debut. Escalation of Cyber Tensions in U.S.-China Trade Relations. Researchers evaluate the effectiveness of Large Language Models (LLMs) in automating Cyber Threat Intelligence. Hackers at Black Hat Asia pown a Nissan Leaf. A smart hub vulnerability exposes WiFi credentials. A new report reveals routers’ riskiness. Operation Endgames nabs SmokeLoader botnet users. Our guest is Anushika Babu, Chief Growth Officer at AppSecEngineer, joins us to discuss the creative ways people are using AI. The folks behind the Flipper Zero get busy.

Today is Thursday April 10th 2025. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

Trump Targets Former Cybersecurity Officials

On April 9, 2025, President Donald Trump signed executive orders revoking the security clearances of Chris Krebs, former director of the Cybersecurity and Infrastructure Security Agency (CISA), and Miles Taylor, former Department of Homeland Security (DHS) official. Both individuals had previously criticized Trump’s administration. The President also directed the Department of Justice to investigate their actions during their tenure. Krebs had publicly refuted Trump’s claims of election fraud in 2020, asserting the election’s integrity, which led to his dismissal at that time. Taylor, known for his anonymous 2018 op-ed and subsequent book criticizing the Trump administration, had also faced the President’s ire. These moves are part of Trump’s broader efforts to address dissent within his administration. It is hard to frame these moves as anything other than retaliatory, and noteworthy that not only did the president strip Chris Krebs of his clearance, but also everyone with a clearance at SentinelOne, the cyber security firm where Krebs is now employed. 

Senator Blocks CISA Nominee Over Telecom Security Concerns

In the legislative arena, Senator Ron Wyden has placed a hold on the confirmation of Sean Plankey, Trump’s nominee to lead CISA. Wyden’s objection stems from what he describes as a “multi-year cover-up” of significant vulnerabilities within the U.S. telecommunications sector. He insists that CISA release an unclassified report from 2022 detailing these cybersecurity shortcomings before proceeding with Plankey’s nomination. This action underscores the demand for greater transparency and accountability in addressing national cybersecurity challenges.  

The acting head of NSA and Cyber Command makes his public debut. 

At a Senate hearing, lawmakers questioned Lt. Gen. William Hartman, acting head of U.S. Cyber Command and the NSA, following the surprise firing of his predecessor, Gen. Timothy Haugh. Senators from both parties voiced concern over the abrupt dismissal, calling it disrespectful and destabilizing. Though the hearing was brief and lightly attended, discussions touched on Cyber Command’s modernization, leadership structure, and growing cyber threats from China. Hartman defended the dual-hat role, stressing its value for agility and unified national security efforts.

Escalation of Cyber Tensions in U.S.-China Trade Relations

On the international front, the ongoing trade war between the U.S. and China has increasingly extended into cyberspace. China has initiated an antitrust investigation into Google and imposed new tariffs and export controls in retaliation against U.S. economic measures. These actions highlight the deepening complexities of cyber diplomacy and the intertwining of economic policies with cybersecurity strategies.  

Collectively, these events depict a turbulent period for U.S. cybersecurity policy, characterized by internal political disputes, leadership uncertainties, and intensifying international cyber conflicts. The outcomes of these developments will likely have profound implications for the nation’s cybersecurity posture and its approach to global cyber diplomacy.

Researchers evaluate the effectiveness of Large Language Models (LLMs) in automating Cyber Threat Intelligence. 

A recent study by Mezzi, Massacci, and Tuma evaluates the effectiveness of Large Language Models (LLMs) in automating Cyber Threat Intelligence (CTI) tasks. Using a dataset of 350 real-world CTI reports, the researchers assessed LLMs’ performance under zero-shot, few-shot, and fine-tuned conditions. The findings reveal that LLMs struggle with processing full-length CTI reports, exhibiting inconsistencies and overconfidence in their outputs. Even with few-shot learning and fine-tuning, improvements were limited. The study highlights concerns about deploying LLMs in CTI scenarios, emphasizing the need for human oversight due to the critical importance of reliability and confidence in cybersecurity contexts. 

Hackers at Black Hat Asia pown a Nissan Leaf. 

Researchers at PCAutomotive revealed a set of vulnerabilities in 2020 Nissan Leaf electric vehicles that allow attackers to remotely hack the car via its infotainment system’s Bluetooth. Demonstrated at Black Hat Asia 2025, the exploit enables spying—like tracking location and recording in-cabin conversations—and physical control of features such as doors, lights, and even the steering wheel while in motion. The flaws, now assigned eight CVEs, were confirmed by Nissan, which pledged ongoing cybersecurity improvements without revealing specific mitigations.

A smart hub vulnerability exposes WiFi credentials. 

A critical vulnerability (CVE-2025-3442) in the TP-Link Tapo H200 V1 Smart Hub exposes users’ Wi-Fi credentials due to plain-text storage in firmware. Attackers with physical access can extract these credentials, potentially compromising the entire home network. Rated medium severity (CVSS 4.4), the flaw affects firmware version 1.4.0 or earlier. Discovered by Mumbai-based researchers, the issue underscores persistent IoT security concerns. The hub connects and controls smart devices, making the vulnerability a serious risk despite the need for direct device access.

A new report reveals routers’ riskiness. 

Forescout’s 2025 Riskiest Connected Devices report reveals routers are now the riskiest devices in enterprise networks, responsible for over half of the most critical vulnerabilities. Device risk overall has jumped 15% from last year. While computers hold the most bugs, routers, firewalls, and ADCs top the list for severity, often exploited as zero-days. The top 20 riskiest device types now include 12 newcomers like PoS systems and healthcare workstations. IoMT devices also carry major threats. Retail leads in risk exposure, followed by finance, government, healthcare, and manufacturing. Over 50% of non-legacy Windows devices across sectors still run Windows 10, nearing end-of-support. There’s also a shift away from encrypted SSH to unencrypted Telnet. Forescout warns modern threats span IT, IoT, OT, and IoMT, demanding broader, cross-domain security strategies.

Operation Endgames nabs SmokeLoader botnet users. 

Law enforcement in Europe and North America arrested five users of the SmokeLoader botnet service during the second phase of Operation Endgame. These individuals used the malware for cybercrimes like ransomware deployment, cryptomining, and surveillance. This marks a shift in enforcement focus—from infrastructure to the end-users of malware. Europol identified suspects via a database seized in the operation’s 2024 first phase. SmokeLoader, active since 2011, remains a potent modular malware, despite earlier takedowns, thanks to cracked versions. It uses sophisticated evasion techniques and encrypted communication to install various payloads. Some arrestees ran small-scale “crime-as-a-service” operations. Cooperation by suspects has yielded new intelligence. Operation Endgame is ongoing, with Europol launching a portal for tips and updates. Security researchers are countering the threat with custom tools like SmokeBuster.

 

Coming up next, we’ve got my conversation with AppSecEngineer’s Chief Growth Officer Anushika Babu. We talk about the creative ways people are using AI.  

 

The folks behind the Flipper Zero get busy. 

And finally, our neurodiversity desk tells us Flipper Devices—the same crew that gave security pros their beloved Flipper Zero (aka the Swiss Army knife of wireless mischief)—is stepping into productivity with a new sidekick: the BUSY Bar. But instead of sniffing RF signals, it’s blocking distractions like a digital bouncer for your brain.

Designed with ADHD in mind (and honestly, anyone who’s ever tried writing a report while Slack explodes), BUSY Bar brings a hacker’s sensibility to focus. It packs a Pomodoro timer, LED display, tactile fidget buttons, and ties into the BUSY mobile app to silence alerts, wrangle smart home devices, and beam a big “Do Not Disturb” to the world.

Flip into “BUSY Mode,” and your environment auto-tunes: notifications vanish, blinds drop, the lights dim like it’s time to crack a CTF challenge. With Apple and Google Home integration, your workspace becomes your ops center.

Coming soon for $249—because operational security starts with personal focus.

 

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re privileged that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K makes it easy for companies to optimize your biggest investment, your people. We make you smarter about your teams, while making your teams smarter. Learn how at n2k.com.

N2K’s senior producer is Alice Carruth. Our CyberWire producer is Liz Stokes. We’re mixed by Tré Hester, with original music and sound design by Elliott Peltzman. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.