Podcasts
CyberWire Daily
Ep 2298
The CyberWire Daily Podcast 4.30.25
Ep 2298 | 4.30.25

Less CISA, more private sector power?

Show Notes
Transcript

DHS Secretary Kristi Noem justifies budget cuts in her RSAC keynote. The EFF pens an open letter to Trump backing Chris Krebs. Scattered Spider is credited with the Marks & Spencer cyberattack. Researchers discover a critical flaw in Apple’s AirPlay protocol. The latest CISA advisories. On our Industry Voices segment, we are joined by Neil Gad, Chief Product and Technology Officer at RealVNC, who is discussing a security-first approach in remote access software development. What do you call an AI chatbot that finished at the bottom of its class in med school? 

Today is Wednesday April 30th 2025. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

DHS Secretary Kristi Noem justifies budget cuts in her RSAC keynote. 

The RSAC 2025 Conference is in full swing, and Tuesday’s agenda was packed. With 13 keynotes and 82 track sessions, there was no shortage of insights, innovation, and inspiration. From the high-stakes RSAC Launch Pad pitches to the powerhouse Cryptographers’ Panel, the spotlight was on AI, quantum threats, and the evolving cybersecurity landscape. DHS Secretary Kristi Noem laid out America’s cyber defense priorities, while Ron Howard and Bryce Dallas Howard brought a Hollywood lens to tech storytelling. And speaking of stories—panels on narrative-driven cybersecurity strategies reminded us that the way we talk about cyber risk matters just as much as how we defend against it. AI safety and trust took center stage too, with leaders from Google, Microsoft, and beyond debating how to secure our AI future. 

In a keynote presentation, DHS Secretary Kristi Noem called on Congress to reauthorize the Cybersecurity Information Sharing Act, a 2015 law set to expire in September. The bill promotes data sharing between companies and the government to combat cyber threats, offering liability protection in return. Noem linked reauthorization to broader Trump administration plans to reduce CISA’s size and funding, shifting cybersecurity responsibility more toward the private sector. She defended cuts to disinformation programs and funding for key state-level cyber groups, arguing they streamline efforts and return money to taxpayers. While addressing criticism, Noem assured attendees that CISA will remain central to U.S. cyber defense. She emphasized faster state-federal communication and announced plans to revive the Critical Infrastructure Partnership Advisory Council. Citing recent Chinese cyber threats, Noem said DHS must act more quickly and decisively—stressing cybersecurity as a core national security mission.

Kevin Magee is Global Director of Cybersecurity Startups at Microsoft, but this week at RSAC he is doing double duty for us as Intern Kevin, our person on the show floor, grabbing insights from friends and passers by. In today’s dispatch Intern Kevin gives us insights from Ryan Lasmaili Co-Founder and CEO of Vaultree and Stan Golubchik CEO and cofounder of Contraforce.

We will have more intern Kevin later in the week.

The EFF pens an open letter to Trump backing Chris Krebs. 

The Electronic Frontier Foundation and dozens of cybersecurity leaders are urging President Trump to end his investigation into former CISA chief Chris Krebs, calling it political retaliation. An open letter accuses Trump of targeting Krebs and his most recent employer, SentinelOne, for rejecting election fraud claims in 2020. The signers argue this undermines trust in cybersecurity professionals and threatens their ability to report truthfully. They demand the investigation be dropped and Krebs’ security clearance restored, warning such actions endanger the entire cybersecurity community.

Scattered Spider is credited with the Marks & Spencer cyberattack. 

Following up on our earlier report, more details have emerged about the cyberattack on Marks & Spencer, now linked to the Scattered Spider group. Investigators believe the hackers infiltrated M&S systems back in February, gaining access to sensitive internal systems and culminating in the April 24 deployment of the DragonForce ransomware on M&S’s virtual machines.

The fallout has been severe. Contactless payments and online services remain partially offline, Click and Collect is still down, and customers continue to face delays and product shortages across UK stores. Online orders are paused entirely, and gift card transactions remain disrupted. Financial losses are mounting, with an estimated £650 million hit to the company’s valuation and daily revenue losses of £3.5 million. M&S has yet to announce a full recovery timeline.

Researchers discover a critical flaw in Apple’s AirPlay protocol. 

A critical flaw dubbed “AirBorne” in Apple’s AirPlay protocol exposes over 2.35 billion Apple devices—and millions more third-party products—to remote code execution (RCE) attacks without user interaction. Discovered by Oligo Security, the vulnerabilities affect Macs, iPhones, CarPlay vehicles, and smart devices on the same Wi-Fi network. The flaws exploit how AirPlay processes property list data, enabling zero-click attacks, memory corruption, and lateral movement across networks. Notably, third-party speakers and over 800 CarPlay-enabled car models are also at risk. Apple has patched the vulnerabilities in recent updates, but many third-party devices may remain unprotected due to slow firmware rollouts. Oligo urges users to update devices, disable AirPlay if unused, and restrict network access. While no active exploits have been reported, the threat underscores serious risks in widely integrated protocols and the ongoing challenge of securing long-lived IoT ecosystems.\

The latest CISA advisories. 

CISA has released three new advisories focused on industrial control systems. First up, vulnerabilities in Rockwell Automation’s ThinManager could allow attackers to exploit memory handling and default permission issues. Delta Electronics’ ISPSoft is also under scrutiny, facing stack-based buffer overflows and out-of-bounds write flaws—serious risks for automation environments. Meanwhile, Lantronix’s XPort devices received an update to a previous advisory, although full details remain limited.

CISA didn’t stop there. They also added a new entry to the Known Exploited Vulnerabilities Catalog: CVE-2025-31324. This is an actively exploited flaw in SAP NetWeaver that allows unrestricted file uploads—opening the door to potential remote takeovers.

The message from CISA is clear: patch now, especially in ICS environments. 

What do you call an AI that finished at the bottom of its class in med school? 

In the latest episode of “What Could Possibly Go Wrong?”, our hippocratic oath desk tells us that Instagram’s new AI Studio is letting folks spin up custom chatbot personas—and some are posing as licensed therapists. And what’s worse, these bots are tossing around fake credentials like candy, handing out mental health advice with all the confidence of a TED Talk and none of the training.

One even flexed a bogus license number. Spoiler: it’s not real, and neither is the claimed degree.

Meta says these bots are “clearly labeled.” But let’s be honest—between memes and cat videos, who’s reading disclaimers?

Experts are warning this could lead to serious harm. Because while a chatbot might say “I understand,” it doesn’t actually understand. It’s just really good at faking empathy.

So, friendly reminder: when life gets messy, don’t turn to a bot with a pretend diploma. Call someone with a pulse—and a real license on the wall.

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

 

 

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re privileged that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K makes it easy for companies to optimize your biggest investment, your people. We make you smarter about your teams, while making your teams smarter. Learn how at n2k.com.

 

N2K’s senior producer is Alice Carruth. Our CyberWire producer is Liz Stokes. We’re mixed by Tré Hester, with original music and sound design by Elliott Peltzman. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.

CyberWire Daily
Podcast Info
HOST(S):
Dave Bittner
Dave Bittner is a security podcast host and one of the founders at CyberWire. He's a creator, producer, videographer, actor, experimenter, and entrepreneur. He's had a long career in the worlds of television, journalism and media production, and is one of the pioneers of non-linear editing and digital storytelling.
Schedule: Monday-Friday
Creator: CyberWire, Inc.