Podcasts
CyberWire Daily
Ep 2325
The CyberWire Daily Podcast 6.9.25
Ep 2325 | 6.9.25

White House reboots cybersecurity priorities.

Show Notes
Transcript

A new White House executive Order overhauls U.S. cybersecurity policy. The EU updates its “cybersecurity blueprint”. The Pentagon’s inspector general investigates Defense Secretary Hegseth’s Signal messages. Chinese hackers target U.S. smartphones. A new Mirai botnet variant drops malware on vulnerable DVRs. 17 popular Gluestack packages on NPM have been compromised. Attackers exploit vulnerabilities in Fortigate security appliances to deploy Qilin ransomware. A Nigerian man gets five years in prison for a hacking and fraud scheme. Our guest is Tim Starks from CyberScoop, discussing Sean Cairncross’ journey toward confirmation as the next National Cyber Director. Fire Stick flicks spark a full-on legal blitz. 

Today is Monday June 9th 2025. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

A new White House executive Order overhauls U.S. cybersecurity policy. 

President Trump has issued a new Executive Order that overhauls U.S. cybersecurity policy, replacing earlier directives from Presidents Obama and Biden. Announced on June 6, the order narrows cyber sanctions to target only foreign malicious actors, reversing broader authorities that critics feared could be misused domestically. The order also scraps several Biden-era initiatives, including requirements for software vendors to meet federal security standards, AI research for cyber defense, and post-quantum encryption readiness.

Trump’s directive eliminates the IoT security labeling program, eases supply chain restrictions, revises AI security rules, and removes mandates for phishing-resistant authentication in federal agencies. Instead, the new policy prioritizes secure software development, stronger network protections, and AI use focused on vulnerability detection.

The White House framed the shift as a move toward more focused, professional cybersecurity practices while removing what it called “distracting issues” introduced by the Biden administration shortly before Trump took office.

The EU updates its “cybersecurity blueprint”. 

The European Union has updated its “cybersecurity blueprint” to better coordinate responses to large-scale cyberattacks, strengthening ties with national militaries and NATO. Approved by ministers meeting in Luxembourg, the plan clarifies which institutions will act during cyber crises across technical, operational, and political levels. Poland, which reports around 700 daily cyber incidents, highlighted the need for collective preparedness.

The new strategy includes establishing NATO contact points and launching joint cyber exercises starting in June 2026, involving private sector players and countries like Ukraine and Moldova. The blueprint stresses the growing threat from geopolitical tensions and hybrid attacks that could disrupt the EU’s security, economy, and society.

It also urges the EU to enhance secure communications, calling on the European Commission to propose crisis communication solutions by the end of 2026 and for governments to develop contingency plans for disrupted networks.

The Pentagon’s inspector general  investigates Defense Secretary Hegseth’s Signal messages. 

The Pentagon’s inspector general is investigating whether Defense Secretary Pete Hegseth’s aides were told to delete Signal messages possibly containing sensitive information about U.S. airstrikes in Yemen. The inquiry focuses on March 15 communications and whether they compromised military operations. One Signal chat reportedly included Hegseth’s family; another included top officials—and inadvertently, a journalist. Hegseth denies sharing classified data, saying messages were informal and unclassified.

The probe also examines access to Hegseth’s phone and who posted strike details. Critics argue the posts risked pilot safety and would have led to disciplinary action if done by lower-ranking personnel. Hegseth is also under scrutiny for installing an unsecured internet line in his office.

Amid the fallout, Hegseth has limited press engagements and faces congressional testimony next week. The investigation, requested by Senate Armed Services leaders, could release unclassified findings to the public.

Chinese hackers target U.S. smartphones. 

A recent cyberattack targeting smartphones of U.S. officials and professionals in politics, tech, and journalism has raised alarms among cybersecurity experts. Investigators at iVerify linked the unusual crashes to a zero-click hack, likely by Chinese hackers, that allowed access to phones without user interaction. Victims had ties to fields of interest to China’s government.

Experts say smartphones, often less protected than other systems, are becoming key targets for espionage. Devices belonging to Donald Trump’s campaign and top aides were also reportedly targeted. Lawmakers fear Chinese state-owned firms could exploit their tech presence in global networks.

The U.S. is responding with new initiatives like a “cyber trust mark” for secure connected devices. Still, officials warn that even the most secure device is vulnerable if users ignore basic precautions. Cyber lapses, like misconfigured apps or unsecured connections, remain a serious national security risk.

A new Mirai botnet variant drops malware on vulnerable DVRs. 

A new Mirai botnet variant is exploiting a command injection flaw (CVE-2024-3721) in TBK DVR-4104 and DVR-4216 devices to hijack them for cyberattacks. Discovered by researcher “netsecfish” in April 2024, the vulnerability allows shell command execution via a crafted POST request. Kaspersky has confirmed active exploitation using this method, with the botnet dropping ARM32 malware to connect infected DVRs to a command-and-control server.

These compromised devices are then used for DDoS attacks and malicious traffic routing. Around 50,000 DVRs remain exposed, primarily in China, India, and several other countries. The devices have been rebranded under multiple names, complicating patch management. It’s unclear if TBK Vision has issued a fix.

17 popular Gluestack packages on NPM have been compromised. 

A major supply chain attack has compromised 17 popular Gluestack @react-native-aria packages on NPM, affecting over 1 million weekly downloads. NPM (short for Node Package Manager) is the default package manager for Node.js, a popular JavaScript runtime. The attack began on June 6, inserting obfuscated remote access trojan (RAT) code. The malware connects to a command-and-control server and can execute shell commands, upload files, and hijack Python paths to silently run malicious binaries.

Cybersecurity firm Aikido discovered the attack and linked it to the same group behind recent NPM compromises. Affected packages span across UI components used in React Native apps. Despite attempts to contact Gluestack, there was initially no response.

GlueStack has now revoked the access token used in the attack and deprecated the compromised packages, redirecting users to safe versions. 

Attackers exploit vulnerabilities in Fortigate security appliances to deploy Qilin ransomware. 

A new wave of cyberattacks is exploiting vulnerabilities in Fortigate security appliances to deploy Qilin ransomware across critical infrastructure. This campaign marks a shift in ransomware tactics, targeting network security devices rather than traditional phishing methods. Threat actors are exploiting vulnerabilities like CVE-2024-21762 and CVE-2024-55591 to gain initial access and maintain persistence inside enterprise networks.

Qilin, also known as Agenda ransomware, is a sophisticated ransomware-as-a-service operation featuring strong encryption and evasion capabilities. The malware uses advanced obfuscation and anti-analysis techniques to avoid detection.

Security researchers warn that these attacks bypass perimeter defenses, giving attackers privileged access to internal systems. This evolution highlights the growing threat to network infrastructure, increasing the risk of operational disruption, regulatory penalties, and reputational damage. Analysts stress the urgent need for organizations to patch vulnerabilities and strengthen defenses against infrastructure-based ransomware attacks.

A Nigerian man gets five years in prison for a hacking and fraud scheme. 

A U.S. court has sentenced Nigerian national Kingsley Uchelue Utulu to over five years in prison for his role in a hacking and fraud scheme targeting U.S. tax preparation companies. Since at least 2019, Utulu and co-conspirators stole personal data from tax firms in Texas and New York to file fraudulent tax returns, seeking $8.4 million and successfully obtaining $2.5 million. They also used stolen identities to fraudulently claim $819,000 through the Small Business Administration’s disaster loan program.

Utulu was extradited from the UK and must pay over $3.6 million in restitution and forfeit $290,000. The case is linked to others, including Matthew Akande and Kehinde Oyetunji, who face similar charges for participating in the same cybercrime ring. U.S. authorities continue to pursue justice against international cybercriminals exploiting financial and government systems.

Fire Stick flicks spark full-on legal blitz. 

And finally, our Jolly Roger desk tells us millions of Brits are reportedly risking prison time for using hacked Amazon Fire Sticks to stream their favorite shows on the cheap. According to The Mirror, this national pastime of streaming Netflix, HBO, and Disney+ for the price of a takeaway coffee may now come with a side of malware—or a court date.

These jailbroken devices, which disable Amazon’s restrictions to allow third-party apps, can expose users to shady software and hackers eager to swipe your personal info. Worse still, the money saved might be lining the pockets of a £21 billion black-market empire.

Sellers promote pirated bundles on Facebook and close deals via WhatsApp, that favored tool of modern pirates and high school group chats alike. Authorities aren’t amused. Kieron Sharp of the Federation Against Copyright Theft warns users are breaking the law—and yes, some sellers have already done time. 

Because nothing ruins movie night like malware and a court date. 

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

 

 

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re privileged that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K makes it easy for companies to optimize your biggest investment, your people. We make you smarter about your teams, while making your teams smarter. Learn how at n2k.com.

We'd love to hear from you. We're conducting our annual audience survey to learn more about our listeners. We're collecting your insights until August 31, 2025. There's a link in the show notes.

 

N2K’s senior producer is Alice Carruth. Our CyberWire producer is Liz Stokes. We’re mixed by Tré Hester, with original music and sound design by Elliott Peltzman. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.

CyberWire Daily
Podcast Info
HOST(S):
Dave Bittner
Dave Bittner is a security podcast host and one of the founders at CyberWire. He's a creator, producer, videographer, actor, experimenter, and entrepreneur. He's had a long career in the worlds of television, journalism and media production, and is one of the pioneers of non-linear editing and digital storytelling.
Schedule: Monday-Friday
Creator: CyberWire, Inc.