Podcasts
CyberWire Daily
Ep 2337
The CyberWire Daily Podcast 6.26.25
Ep 2337 | 6.26.25

No panic—just patch.

Show Notes
Transcript

Patches, patches and more patches. A patient death has been linked to the 2023 ransomware attack on an NHS IT provider. U.S. authorities indict the man known online as “IntelBroker”. A suspected cyberattack disrupts Columbia University. A major license plate reader company restricts cross-state data access after reports revealed misuse of its network by police agencies. Our guest is Andy Boyd, former Director of CIA's Center for Cyber Intelligence (CCI) and currently an operating partner at AE Industrial Partners. Discounted parking as a gateway cybercrime.

Today is Thursday June 26th 2025. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

Patches, patches and more patches.

We begin today with quite the collection of critical vulnerability notifications. 

Cisco has issued an emergency advisory for two critical vulnerabilities (CVSS 10) in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC). The first, CVE-2025-20281, affects versions 3.3 and later and allows remote attackers to execute arbitrary code as root via crafted API requests. The second, CVE-2025-20282, impacts version 3.4 and lets attackers upload malicious files to privileged directories, also leading to root-level code execution. Cisco has released patches, ISE 3.3 Patch 6 and ISE 3.4 Patch 2, to fix the flaws. The company says there are no known attacks yet but stresses immediate patching, as no workarounds exist. Organizations using affected systems should update now to prevent possible full system compromise.

Citrix has patched a critical memory overflow flaw (CVE-2025-6543, CVSS 9.2) in NetScaler ADC and Gateway products, which has been actively exploited. The vulnerability can be triggered remotely and may lead to code execution, despite Citrix labeling it a denial-of-service risk. Two additional critical flaws (CVE-2025-5777 and CVE-2025-5349) affect sensitive memory handling and access controls. Patches are available for supported versions, and users are urged to upgrade and terminate all active sessions, especially recalling past issues with CitrixBleed.

CISA has added CVE-2019-6693 to its Known Exploited Vulnerabilities catalog, warning that Fortinet FortiOS systems are being actively targeted. This critical flaw involves hard-coded encryption keys in backup files, allowing attackers to decrypt sensitive configuration data. Federal organizations must apply fixes or stop using affected systems by July 16, 2025. The vulnerability reflects a broader issue with hard-coded credentials, which can’t be changed without altering source code, posing serious risks to network security infrastructure if left unaddressed.

CISA has confirmed active exploitation of CVE-2024-54085, a critical authentication bypass flaw in AMI’s MegaRAC BMC firmware used in servers from vendors like HPE and Asus. The bug lets unauthenticated attackers remotely hijack and potentially brick unpatched servers. Discovered by Eclypsium, it can lead to malware deployment, firmware tampering, and physical damage. With over 1,000 exposed servers found online, CISA has added it to its Known Exploited Vulnerabilities list, mandating federal agencies patch by July 16, 2025.

A patient death has been linked to the 2023 ransomware attack on an NHS IT provider. 

A patient death has been linked to the 2023 ransomware attack on NHS IT provider Synnovis, which disrupted pathology services in southeast London. The attack, attributed to Russian group Qilin, delayed 1,100 cancer treatments, canceled 2,000 outpatient appointments, and postponed over 1,000 operations. King’s College Hospital confirmed the death, citing delayed blood test results as a contributing factor. The cyberattack impacted multiple NHS trusts and primary care across six boroughs, marking a tragic escalation in the real-world impact of cybercrime.

U.S. authorities indict the man known online as “IntelBroker”. 

Kai West, a 25-year-old British man known online as “IntelBroker,” has been indicted by U.S. authorities for leading a global hacking scheme that caused over $25 million in damages. Prosecutors allege West and his group breached dozens of companies, stealing and selling sensitive data, including customer lists and marketing information. Operating on the notorious BreachForums site, West reportedly sold or offered stolen data over 150 times. He was arrested in France in February and remains in custody pending U.S. extradition. Authorities linked him to the crimes through cryptocurrency transactions, including a Bitcoin payment from an undercover officer. IntelBroker is also connected to past breaches of companies like AMD, Cisco, and Hewlett Packard Enterprise. If convicted, West faces up to 20 years in prison on the most serious charge.

French authorities have arrested several individuals, including those known online as ShinyHunters, Hollow, Noct, and Depressed, suspected of reviving BreachForums, a major marketplace for stolen data. The suspects, all in their twenties, are linked to high-profile data breaches targeting companies like SFR and France Travail. BreachForums was first shut down in 2023 after its founder, Conor Fitzpatrick, was arrested. Authorities allege the group helped relaunch the site in 2024 using new infrastructure.

A suspected cyberattack disrupts Columbia University’s computer systems. 

A suspected cyberattack has disrupted Columbia University’s computer systems for a second day, affecting services on its Morningside campus, including email, Zoom, and course platforms. While many systems were restored by Wednesday, key services like the course and library catalogs remained offline. An image of President Trump appeared on some campus screens, though officials say it may not be tied to the attack. No data breaches or ransomware have been detected, and law enforcement has been notified. The university medical center was unaffected. Though no group has claimed responsibility, the incident comes amid rising cyber threats to universities, which face increasing attacks due to valuable data and complex networks. 

A major license plate reader company restricts cross-state data access after reports revealed misuse of its network by police agencies. 

Flock, a major license plate reader company, has restricted cross-state data access in Illinois, California, and Virginia after reports revealed misuse of its network by police agencies. Investigations by 404 Media showed police used Flock’s national lookup feature to aid ICE operations and track individuals for reasons tied to immigration and abortion, violating state laws. In response, Flock disabled national lookups in those states, revoked access for 47 agencies in Illinois, and introduced real-time search blocking for illegal terms. Virginia’s new law, effective July 1, limits license plate data use to specific crimes. Flock also plans an AI tool to flag suspicious searches and is reeducating agencies on legal data use. The changes follow mounting public concern, audits, and local media reports of unauthorized data sharing. Several cities, including Austin and San Marcos, have ended or scaled back contracts with Flock over these concerns. Flock says it is reinforcing compliance through audits, new training, and stricter oversight.

Today, our guest joins us from this week’s Caveat podcast episode. Andy Boyd is a former Director of CIA's Center for Cyber Intelligence (CCI) and currently an operating partner at AE Industrial Partners, a private equity firm focused on the national security and aerospace industries. He joined Ben Yelin and me to discuss offensive cyber and the United States government. We’ll be right back.

Welcome back. You can find a link to listen to the full conversation in our show notes and be sure to catch new episodes of Caveat every Thursday on your favorite podcast app. 

 

Discounted parking as a gateway cybercrime. 

What began as a quest for cheaper parking at Western Sydney University turned into a full-blown cybercrime saga, complete with grade tampering, dark web threats, and a cryptocurrency ransom. A 27-year-old former student, who allegedly didn’t take “no discount” lightly, has been charged with 20 cyber offences after a four-year hacking spree that police say escalated from financial mischief to digital extortion. Her digital trail included altering academic records, compromising systems, and eventually demanding $40,000 in crypto to keep sensitive student and staff data off the dark web. The motive? Unresolved grievances, police say, though parking rates may have been the proverbial gateway crime. Authorities seized over 100GB of data during raids, while the university scrambled to shore up its cybersecurity. Experts say universities can be more vulnerable due to complex staff-student roles, and, apparently, parking policies that drive some straight into cyber villainy. She’ll appear in court Friday. No word on whether the courthouse validates parking.

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

 

 

And that’s the CyberWire Daily, brought to you by N2K CyberWire.

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re proud that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K helps cybersecurity professionals and organizations grow, learn, and stay ahead. We’re the nexus for discovering the people, tech, and ideas shaping the industry.  Learn how at n2k.com.

We'd love to hear from you. We're conducting our annual audience survey to learn more about our listeners. We're collecting your insights until August 31, 2025. There's a link in the show notes.

 

N2K’s senior producer is Alice Carruth. Our producer is Liz Stokes. We’re mixed by Elliott Peltzman and Tré Hester, with original music by Elliott Peltzman. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.

CyberWire Daily
Podcast Info
HOST(S):
Dave Bittner
Dave Bittner is a security podcast host and one of the founders at CyberWire. He's a creator, producer, videographer, actor, experimenter, and entrepreneur. He's had a long career in the worlds of television, journalism and media production, and is one of the pioneers of non-linear editing and digital storytelling.
Schedule: Monday-Friday
Creator: CyberWire, Inc.