Podcasts
CyberWire Daily
Ep 2365
The CyberWire Daily Podcast 8.6.25
Ep 2365 | 8.6.25

Chasing Silicon shadows.

Show Notes
Transcript

Two Chinese nationals are arrested for allegedly exporting sensitive Nvidia AI chips. A critical security flaw has been discovered in Microsoft’s new NLWeb protocol. Vulnerabilities in Dell laptop firmware could let attackers bypass Windows logins and install malware. Trend Micro warns of an actively exploited remote code execution flaw in its endpoint security platform. Google confirms a data breach involving one of its Salesforce databases. A lack of MFA leaves a Canadian city on the hook for ransomware recovery costs. Nvidia’s CSO denies the need for backdoors or kill switches in the company’s GPUs. CISA flags multiple critical vulnerabilities in Tigo Energy’s Cloud Connect Advanced (CCA) platform. DHS grants funding cuts off the MS-ISAC. Helicopter parenting officially hits the footwear aisle.

Today is Wednesday August 6th 2025. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

Two Chinese nationals are arrested for allegedly exporting sensitive Nvidia AI chips.

Two Chinese nationals, Chuan Geng and Shiwei Yang, were arrested in the U.S. for allegedly exporting sensitive Nvidia AI chips, including H100s and RTX 4090s, to China without a license. Operating through their California company, ALX Solutions Inc., they are accused of routing tens of millions of dollars’ worth of GPUs through countries like Singapore and Malaysia to evade U.S. export laws. The chips are critical for AI applications like self-driving cars and medical diagnostics. Federal authorities uncovered incriminating evidence during a raid, including communications and payment records, with one transaction totaling $1 million. Both men face charges under the Export Control Reform Act, carrying up to 20 years in prison. 

A critical security flaw has been discovered in Microsoft’s new NLWeb protocol. 

A critical security flaw has been discovered in Microsoft’s new NLWeb protocol—billed as “HTML for the Agentic Web”—just weeks after its debut at Build. The vulnerability, a basic path traversal bug, allowed attackers to access sensitive files like system configs and API keys for AI services such as OpenAI and Gemini. Researchers Aonan Guan and Lei Wang reported the issue to Microsoft in May, and a patch was issued in July, though no CVE has been assigned yet. Guan warns the flaw could let attackers steal the “brains” of AI agents, potentially causing major damage. While Microsoft says its own products weren’t affected, NLWeb users must manually update to fix the issue. 

Vulnerabilities in Dell laptop firmware could let attackers bypass Windows logins and install malware. 

Five serious vulnerabilities in Dell’s ControlVault3 firmware—used in over 100 Latitude and Precision laptop models—could let attackers bypass Windows logins and install malware that survives reinstalls. Known as “ReVault,” the flaws impact Dell’s hardware-based security module, which stores sensitive data like passwords and biometrics. Discovered by Cisco Talos, the bugs include out-of-bounds errors, stack overflows, and unsafe deserialization, affecting both firmware and Windows APIs. If exploited, attackers with physical access can gain control over the Unified Security Hub, escalate privileges, or trick fingerprint readers into accepting unauthorized users. Dell has released patches, but Talos advises extra precautions like disabling unused authentication devices, enabling BIOS intrusion detection, and using Enhanced Sign-In Security in Windows to defend against potential firmware-level threats.

Trend Micro warns of an actively exploited remote code execution flaw in its endpoint security platform. 

Trend Micro has issued an urgent warning about an actively exploited remote code execution flaw in its Apex One endpoint security platform. The vulnerability (CVE-2025-54948/54987) affects the on-premise Management Console and allows pre-authenticated attackers to execute code remotely. No patch is available yet, but Trend Micro has released a mitigation tool that blocks known exploits—though it disables remote agent installation. A full fix is expected mid-August. Administrators are urged to secure systems immediately, especially if consoles are exposed online.

Google confirms a data breach involving one of its Salesforce databases. 

Google has confirmed a data breach involving one of its Salesforce databases, with threat group ShinyHunters (UNC6040) stealing contact information from small and medium business clients. The compromised data includes basic, mostly public business info like names and contact details. Google hasn’t disclosed how many were affected and hasn’t confirmed any ransom demands. The attackers used voice phishing tactics to gain access. This breach follows similar incidents targeting Salesforce systems used by Cisco, Qantas, and Pandora. Google warned that ShinyHunters may soon publish the stolen data on a leak site to pressure victims. The group is linked to The Com, a cybercriminal collective known for hacking and extortion. Google has not said whether it will notify impacted businesses directly or provide additional security support.

A lack of MFA leaves a Canadian city on the hook for ransomware recovery costs. 

The City of Hamilton, Ontario in Canada must cover the full $18.3 million cost of recovering from a February ransomware attack after its insurance claim was denied. The insurer rejected the claim because multi-factor authentication was not fully in place when the attack occurred. A third-party review upheld the denial. Most costs went to external experts, with over $1 million each spent on infrastructure, staffing, and other needs. Attackers disabled 80% of the city’s network and demanded $18.5 million in ransom, which the city refused to pay. City officials say no personal or health data was compromised. While most systems have been restored, several—like finance and fire department records—were lost. Mayor Andrea Horwath acknowledged the failure and emphasized a renewed commitment to stronger cybersecurity moving forward.

Nvidia’s CSO denies the need for backdoors or kill switches in the company’s GPUs. 

Nvidia’s Chief Security Officer, David Reber Jr., strongly denied the existence or need for backdoors or kill switches in the company’s GPUs, responding to rising pressure from both U.S. lawmakers and Chinese authorities. His blog post follows U.S. proposals like the Chip Security Act, which could mandate tracking tech or remote shutdown features in AI chips. Meanwhile, China is investigating Nvidia’s H20 chips for alleged vulnerabilities. Reber warned such measures would pose serious security risks, calling backdoors “dangerous vulnerabilities” and kill switches “an open invitation for disaster.” While Nvidia hopes to regain limited access to the Chinese market, the idea of U.S.-controlled hardware access could undermine trust abroad. China is accelerating domestic chip development, threatening Nvidia’s lead in the AI hardware space as companies like Huawei catch up.

CISA flags multiple critical vulnerabilities in Tigo Energy’s Cloud Connect Advanced (CCA) platform. 

CISA has flagged multiple critical vulnerabilities in Tigo Energy’s Cloud Connect Advanced (CCA) platform, widely used in residential and critical solar energy infrastructure. The flaws include hard-coded credentials (CVE-2025-7768, CVSS 9.3), a command injection vulnerability enabling remote code execution (CVE-2025-7769, CVSS 8.7), and weak session ID generation (CVE-2025-7770, CVSS 8.7). Tigo is working on patches, but no release date has been set. CISA urges users to isolate devices behind firewalls and avoid exposing them directly to the internet.

DHS grants funding cuts off the MS-ISAC. 

The Department of Homeland Security has released the final funding round for the $1 billion State and Local Cybersecurity Grant Program, totaling $91.7 million. Each U.S. state will get at least $1 million, while U.S. territories will receive a minimum of $250,000. A new rule prohibits using grant funds for services from the Multi-State ISAC and the Elections Infrastructure ISAC, both previously funded by DHS. MS-ISAC, which has helped local governments with cybersecurity for over two decades, is now shifting to a paid subscription model due to reduced federal funding. North Dakota CISO Chris Gergen expressed disappointment, noting MS-ISAC’s services align closely with the grant’s goals. The grant also prohibits spending on ransoms, insurance, or construction. DHS emphasizes cyber resilience while cutting redundant costs. CISA says it remains committed to supporting governments with free services, despite pulling direct funding from long-standing partners like MS-ISAC.

 

Helicopter parenting officially hits the footwear aisle.

Helicopter parenting has officially hit the footwear aisle. Skechers’ new “Find My Skechers” line quietly sneaks in a screw-sealed compartment under the insole—perfectly sized for an Apple AirTag (not included, of course). On the surface, it’s a clever way to locate lost sneakers. In practice? It’s parental tracking disguised as stylish kicks for toddlers to eight-year-olds.

The internet, naturally, is divided. Some hail it as a lifesaver, especially for kids with special needs. Others see Big Brother lacing up early. The shoes look ordinary, but they whisper, “I know where you are… and so do your shoes.”

At $52 a pair (plus AirTag), they’re priced for peace of mind—or pint-sized surveillance, depending on your view. From “be home by dark” to GPS-enabled soles, childhood just got a firmware update.

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re proud that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K helps cybersecurity professionals and organizations grow, learn, and stay ahead. We’re the nexus for discovering the people, tech, and ideas shaping the industry.  Learn how at n2k.com.

We'd love to hear from you. We're conducting our annual audience survey to learn more about our listeners. We're collecting your insights until August 31, 2025. There's a link in the show notes.

 

N2K’s senior producer is Alice Carruth. Our producer is Liz Stokes. We’re mixed by Elliott Peltzman and Tré Hester, with original music by Elliott Peltzman. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.

CyberWire Daily
Podcast Info
HOST(S):
Dave Bittner
Dave Bittner is a security podcast host and one of the founders at CyberWire. He's a creator, producer, videographer, actor, experimenter, and entrepreneur. He's had a long career in the worlds of television, journalism and media production, and is one of the pioneers of non-linear editing and digital storytelling.
Schedule: Monday-Friday
Creator: CyberWire, Inc.