Podcasts
CyberWire Daily
Ep 2340
The CyberWire Daily Podcast 7.1.25
Ep 2340 | 7.1.25

North Korea’s covert coders caught.

Show Notes
Transcript

The Feds shut down a covert North Korean IT operation. Google releases an emergency update to fix a new Chrome zero-day. A major U.S. trade show and event marketing firm suffers a data breach. NetScaler patches a pair of critical vulnerabilities. A sophisticated cyber attack targets The Hague. An Iran-linked hacking group threatens to release emails allegedly stolen from aides to President Trump. A ransomware attack exposes sensitive data linked to multiple Swiss federal government offices. The U.S. Treasury Department faces scrutiny after a string of cyberattacks. The FBI’s phone security tips draw fire from Senator Wyden. Tim Starks from CyberScoop describes how ubiquitous surveillance turned deadly. AI proves its pentesting prowess.

Today is Tuesday July 1st 2025. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

The Feds shut down a covert North Korean IT operation. 

The U.S. Department of Justice announced enforcement actions targeting North Korea’s covert IT operations that fund its nuclear program. Authorities arrested Zhenxing “Danny” Wang, a U.S. citizen, for running a scheme from New Jersey that placed North Korean IT workers in U.S. tech jobs, generating over $5 million. Eight others, six Chinese nationals and two Taiwanese citizens, were also indicted for wire fraud, money laundering, identity theft, hacking, and sanctions violations. From 2021-2024, they impersonated over 80 Americans to gain remote jobs at 100+ companies, causing $3 million in damages. They ran U.S. laptop farms and shell companies to hide workers’ identities and stole sensitive data, including AI tech from a California defense firm. The FBI seized 137 laptops and raided 21 sites in 14 states linked to the scheme.

Google releases an emergency update to fix a new Chrome zero-day. 

Google released an emergency update to fix a new Chrome zero-day vulnerability, CVE-2025-6554, marking the fourth such flaw patched this year. The bug, a high-severity type confusion issue in Chrome’s V8 JavaScript engine, was already exploited in the wild. Discovered by Clément Lecigne from Google’s Threat Analysis Group, the flaw could let attackers execute arbitrary code on unpatched devices. Google pushed configuration changes on June 26 to mitigate risks and released updates for Windows, Mac, and Linux the next day. While updates may take days to reach all users, they were immediately available when checked by BleepingComputer. Google hasn’t shared technical details yet to protect users until most are updated. Previous Chrome zero-days were patched in March, May, and June.

A major U.S. trade show and event marketing firm suffers a data breach. 

Nth Degree Investment Group, a major U.S. trade show and event marketing firm, reported a data breach compromising personal data of up to 39,000 people. The breach occurred between December 12-20, 2024, but wasn’t discovered until March 2025. Exposed data includes Social Security numbers, driver’s licenses, financial details, health insurance data, and medical records. Victims are mainly in Texas. The company, serving clients like Microsoft and Mercedes-Benz, began notifying affected individuals in April and is offering 12 months of free credit monitoring. For our audience it’s worth noting that Nth Degree is a provider for the RSAC trade show. 

NetScaler patches a pair of critical vulnerabilities. 

NetScaler’s Cloud Software Group released updates to fix two vulnerabilities affecting NetScaler ADC and NetScaler Gateway when configured as a Gateway or AAA virtual server. CVE-2025-6543 is a memory overflow flaw that could cause denial of service and unintended control flow. CVE-2025-5777 results from insufficient input validation, leading to memory overreads. The company confirmed active exploitation of CVE-2025-6543 and urges immediate updates, as no mitigations are available. CVE-2025-5777 currently shows no exploitation evidence. 

A sophisticated cyber attack targets The Hague. 

The International Criminal Court was hit by a “sophisticated” cyberattack last week, the tribunal announced Monday. The incident has been contained, and an impact analysis is underway, though the ICC did not disclose the motive or whether data was compromised. This attack comes as The Hague hosted a NATO summit with heightened security. The ICC, which investigates sensitive global cases, was also targeted in 2023 and has previously been a focus of espionage efforts. Business operations continue as mitigation steps are implemented.

An Iran-linked hacking group threatens to release emails allegedly stolen from aides to President Trump. 

Iran-linked hackers calling themselves Robert have threatened to release more emails allegedly stolen from President Trump’s aides, including Susie Wiles, Roger Stone, attorney Lindsey Halligan, and Stormy Daniels. The group claims to hold around 100GB of data and is considering selling it but hasn’t shared details or contents. They previously leaked emails before the 2024 election, revealing campaign and legal communications, though the leaks didn’t alter Trump’s victory. U.S. officials called the hack a “calculated smear campaign” and vowed prosecution. The group resurfaced after recent U.S. airstrikes on Iran’s nuclear facilities, with analysts suggesting Iran seeks asymmetric retaliation without triggering direct military escalation. Tehran has denied cyberespionage. U.S. cyber officials warn critical infrastructure operators remain potential Iranian targets amid ongoing regional tensions.

A ransomware attack exposes sensitive data linked to multiple Swiss federal government offices. 

Swiss health promotion foundation Radix has suffered a ransomware attack exposing sensitive data linked to multiple Swiss federal government offices. The Zurich-based non-profit, which runs health education programs and online counseling services like SafeZone and StopSmoking, was attacked on June 16 by the Sarcoma ransomware group. When ransom demands failed, Sarcoma leaked 1.3TB of data on June 29, including document scans, financial records, contracts, and internal communications. The Swiss National Cyber Security Centre confirmed investigations are underway, though attackers did not access Federal Administration systems directly. Radix is restoring data from backups and says there is no current evidence that partner organizations’ data was directly compromised. However, potentially affected individuals are advised to remain vigilant for phishing or credential theft attempts in the coming months.

The U.S. Treasury Department faces scrutiny after a string of cyberattacks. 

The U.S. Treasury Department is under scrutiny after three major cyberattacks in five years exposed critical security gaps, Bloomberg reports. Recent breaches include Chinese hackers infiltrating Secretary Janet Yellen’s computer and Russian hackers spying on staff emails during the 2020 SolarWinds attack. In April, hackers accessed the Office of the Comptroller of the Currency’s emails for a year using a VPN without triggering alerts. Investigations show Treasury repeatedly failed to implement basic safeguards like multifactor authentication and adequate log monitoring. Meanwhile, its cybersecurity leadership has been gutted by departures linked to Elon Musk’s Department of Government Efficiency, leaving vital positions vacant. Financial institutions are alarmed, fearing their confidential data could be exposed due to Treasury’s weak defenses. Despite a $1 billion annual cybersecurity budget, experts warn Treasury’s fragmented oversight and depleted staff make it a prime target for foreign hackers, undermining trust in its ability to protect the financial sector.

The FBI’s phone security tips draw fire from Senator Wyden. 

U.S. Sen. Ron Wyden criticized the FBI’s recent guidance to Capitol Hill staff on mobile device security as overly simplistic in a letter to Director Kash Patel. Though the FBI discussed basics like avoiding suspicious links, using private Wi‑Fi, disabling Bluetooth, updating software, and regular reboots, Wyden said it failed to address “zero‑click” spyware threats used by foreign adversaries. He urged recommending advanced protections available on modern phones, such as Apple’s Lockdown Mode and Android’s Advanced Protection Mode, as well as privacy steps like ad blockers, disabling ad tracking, and opting out of data brokers. Security experts echoed his call, recommending these features for high‑value targets to counter sophisticated mobile attacks.

Coming up, I am joined today by Tim Starks, Senior Reporter from CyberScoop. We discuss his story "Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report." We’ll be right back

Welcome back. You can find a link in the show notes to Tim’s story. 

AI proves its pentesting prowess. 

AI has officially joined the hacker leaderboard – and it’s not just any leaderboard. On HackerOne, the top-ranked red teamer isn’t a hoodie-wearing human but Xbow, an AI chatbot that’s been busy finding over 1,000 vulnerabilities while probably chugging imaginary Mountain Dew. Xbow outperformed 99 real hackers, identifying everything from SQL injections to a new Palo Alto VPN flaw affecting thousands. Its creators proudly say it “operates like a human pentester” – except it doesn’t sleep, complain about Jira tickets, or ask for raises. Experts warn this is great news for attackers but a migraine for defenders already struggling to patch known flaws, let alone AI-discovered ones at machine speed. As security leaders lament being outpaced, Xbow’s triumph proves defenders aren’t just fighting humans behind keyboards anymore. They’re battling bots that scan, exploit, and adapt in real time. 

On the bright side, AI can’t steal your lunch from the office fridge… for now.

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

 

And that’s the CyberWire Daily, brought to you by N2K CyberWire.

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re proud that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K helps cybersecurity professionals and organizations grow, learn, and stay ahead. We’re the nexus for discovering the people, tech, and ideas shaping the industry.  Learn how at n2k.com.

We'd love to hear from you. We're conducting our annual audience survey to learn more about our listeners. We're collecting your insights until August 31, 2025. There's a link in the show notes.

 

N2K’s senior producer is Alice Carruth. Our producer is Liz Stokes. We’re mixed by Elliott Peltzman and Tré Hester, with original music by Elliott Peltzman. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.

CyberWire Daily
Podcast Info
HOST(S):
Dave Bittner
Dave Bittner is a security podcast host and one of the founders at CyberWire. He's a creator, producer, videographer, actor, experimenter, and entrepreneur. He's had a long career in the worlds of television, journalism and media production, and is one of the pioneers of non-linear editing and digital storytelling.
Schedule: Monday-Friday
Creator: CyberWire, Inc.