Podcasts
CyberWire Daily
Ep 2295
The CyberWire Daily Podcast 4.25.25
Ep 2295 | 4.25.25

Pentagon hits fast-forward on software certs.

Show Notes
Transcript

The Defense Department is launching a new fast-track software approval process. A popular employee monitoring tool exposes over 21 million real-time screenshots. The U.S. opens a criminal antitrust investigation into router maker TP-Link. A pair of health data breaches affect over six million people. South Korea’s SK Telecom confirms a cyberattack. A critical zero-day puts thousands of SAP applications at potential risk. Researchers raise concerns over AI agents performing unauthorized actions. “Policy Puppetry” can break the safety guardrails of all major generative AI models. New research tallies the high costs of data breaches. A preview of the RSAC Innovation Sandbox with Cecilia Marinier, Vice President at RSAC, and David Chen, Head of Global Technology Investment Banking at Morgan Stanley. Stocking hard drives full of human knowledge, just in case.

Today is Friday April 25th 2025. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

The Defense Department is launching a new fast-track software approval process. 

The Pentagon is giving its software approval process a serious makeover. Acting CIO Katie Arrington announced a new system called SWIFT that will use AI to speed up the months—or even years—it currently takes to certify software for Defense Department networks. Speaking at an industry event, Arrington didn’t hold back. She called the old Risk Management Framework and ATO process “stupid” and “archaic,” and said it’s time for a change.

Under SWIFT, software vendors will upload cybersecurity info and Software Bills of Materials—think ingredient lists for software—into the government’s eMASS system. AI tools will review the data automatically, aiming to issue a “provisional ATO” much faster than a human could. Third-party certification will also be required to make sure everything checks out.

Arrington said the official memo launching SWIFT is being signed now, with industry feedback coming next. Her message was clear: “I want the RMF eliminated.”

A popular employee monitoring tool exposes over 21 million real-time screenshots. 

A major privacy mess has hit WorkComposer, a popular employee monitoring tool. Cybernews researchers discovered that the company had exposed over 21 million real-time screenshots on the open internet through an unsecured Amazon S3 bucket. These screenshots captured everything employees were doing—emails, passwords, sensitive communications, even proprietary company data.

WorkComposer, which tracks remote workers by logging hours and snapping a screenshot every 20 seconds, boasts over 200,000 users. While there’s no evidence yet that hackers accessed the images, the risk for identity theft, scams, and wire fraud is huge.

This leak highlights a bigger issue: too many companies still don’t grasp the shared responsibility model for cloud security. Experts are again urging businesses to properly lock down their databases—or risk joining the growing list of high-profile breaches.

The U.S. opens a criminal antitrust investigation into router maker TP-Link. 

The U.S. is conducting a criminal antitrust investigation into TP-Link, a California-based router maker with Chinese ties. Prosecutors are looking at whether TP-Link used predatory pricing to dominate the U.S. market—and whether its growing presence poses national security risks. The probe began under Biden and continues under President Trump. Meanwhile, the Commerce Department is separately investigating TP-Link’s China connections. TP-Link denies wrongdoing but says it will cooperate if contacted. No charges have been filed yet, and the investigations could take years.

A pair of health data breaches affect over six million people. 

Two major healthcare data breaches are making headlines. Yale New Haven Health is notifying 5.5 million people after a March cyberattack on a third-party vendor, Perry Johnson & Associates. Stolen data includes names, medical records, and Social Security numbers. Meanwhile, Frederick Health in Maryland reported a breach impacting nearly one million patients. Hackers accessed sensitive data like addresses, birth dates, and insurance information after infiltrating Frederick Health’s network between December 2023 and January 2024.

Both breaches highlight the ongoing risk posed by third-party vendors and healthcare systems’ reliance on interconnected networks. Officials are urging affected individuals to stay alert for identity theft and fraud.

South Korea’s SK Telecom confirms a cyberattack. 

South Korea’s SK Telecom, serving 34 million subscribers, confirmed a cyberattack on April 19th that exposed sensitive SIM card data. The breach, timed late on a Saturday night, bypassed staffing gaps. While no names or financial details leaked, stolen SIM info could enable SIM swap attacks. SK Telecom detected and contained the malware quickly but admitted millions may be at risk. After some criticism over slow customer notifications, the company apologized and pledged to boost its security moving forward.

A critical zero-day puts thousands of SAP applications at potential risk. 

A critical zero-day vulnerability, CVE-2025-31324, is putting over 10,000 SAP applications at risk. The flaw, scored a perfect 10 out of 10 on the CVSS scale, allows unauthenticated attackers to upload malicious binaries through the Visual Composer Metadata Uploader in SAP NetWeaver. ReliaQuest discovered the bug after investigating breaches where even fully patched systems were compromised. Attackers used malicious JSP webshells to gain full control of endpoints, deploy payloads, and move laterally across networks. Tools like Brute Ratel and Heaven’s Gate techniques were spotted during post-exploitation.

Experts warn that the vulnerability could lead to espionage, sabotage, and fraud across cloud and on-prem environments. SAP has issued a patch, but concerns remain given how easily the flaw could be exploited. Organizations are urged to act quickly to secure exposed systems.

Researchers raise concerns over AI agents performing unauthorized actions. 

AI agents are poised to make online tasks easier, but new research shows the underlying infrastructure could also create serious security risks. Researchers at ExtensionTotal found a suspicious Chrome extension communicating with a local Model Context Protocol (MCP) server—without user permission or detection. MCP, developed by Anthropic, enables AI agents to interact with tools and resources in real time.

However, because MCP servers use open HTTP connections by default, a malicious extension could access sensitive data or perform unauthorized actions. Researchers built a proof-of-concept showing how a Chrome extension could bypass browser sandboxing and manipulate local systems. This discovery exposes a major new attack surface, especially in environments where MCP servers link to services like Slack, WhatsApp, or local file systems. Security teams are being warned to take this emerging threat seriously.

“Policy Puppetry” can break the safety guardrails of all major generative AI models. 

A new attack called “Policy Puppetry” can break the safety guardrails of all major generative AI models, according to AI security firm HiddenLayer. The technique tricks large language models into interpreting malicious prompts as policy files, bypassing their built-in safeguards against producing harmful content.

HiddenLayer successfully tested the attack on top models from OpenAI, Anthropic, Google, Meta, and others. By formatting prompts to look like XML, INI, or JSON files, attackers can override system instructions and generate restricted outputs.

This discovery highlights a major vulnerability: AI models can’t reliably police themselves. With universal jailbreaking now easier, researchers warn that more external security layers are needed to defend against misuse. Policy Puppetry shows that today’s LLM training and alignment methods still have critical gaps.

New research tallies the high costs of data breaches. 

New research from Panaseer shows U.S. companies paid out $155 million in data breach class action settlements over just six months. Analyzing lawsuits filed between August 2024 and February 2025, researchers found 43 new filings and 73 settlements, averaging about $3 million each. Healthcare, finance, and retail sectors were hit hardest. Most lawsuits cited inadequate security, while encryption failures and delayed notifications also played roles. Panaseer stresses that strong, demonstrable cybersecurity practices are now critical for legal defense.

 

Stocking hard drives full of human knowledge, just in case. 

In cybersecurity, we always stress the importance of reliable backups — keeping your critical data safe, offline, and ready for anything from ransomware attacks to hardware failures. But what if your backup plan wasn’t just for your business… but for civilization itself?

That’s the thinking behind the booming sales of “prepper disks” — hard drives stuffed with survival manuals, offline copies of Wikipedia, old movies, and more. Under Trump’s presidency, a growing number of Americans aren’t just backing up their files — they’re backing up the world. Apparently, some Americans aren’t just stocking canned beans; they’re hoarding data, just in case society pulls a 404 error.

Vendors say demand for offline knowledge spiked after rising fears about internet censorship, civil unrest, and, you know, general apocalypse vibes. These disks promise a digital Noah’s Ark: everything you’d need to reboot civilization, or at least win a heated trivia night in the wasteland.

So while some folks buy gold or ammo, others are investing in terabytes of PDFs, 1980s sci-fi, and sourdough bread recipes — because when civilization collapses, you still gotta eat and binge-watch.

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

 

 

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re privileged that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K makes it easy for companies to optimize your biggest investment, your people. We make you smarter about your teams, while making your teams smarter. Learn how at n2k.com.

 

N2K’s senior producer is Alice Carruth. Our CyberWire producer is Liz Stokes. We’re mixed by Tré Hester, with original music and sound design by Elliott Peltzman. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.

CyberWire Daily
Podcast Info
HOST(S):
Dave Bittner
Dave Bittner is a security podcast host and one of the founders at CyberWire. He's a creator, producer, videographer, actor, experimenter, and entrepreneur. He's had a long career in the worlds of television, journalism and media production, and is one of the pioneers of non-linear editing and digital storytelling.
Schedule: Monday-Friday
Creator: CyberWire, Inc.