Podcasts
CyberWire Daily
Ep 2367
The CyberWire Daily Podcast 8.8.25
Ep 2367 | 8.8.25

Reflections in a broken vault.

Show Notes
Transcript

Researchers uncover multiple vulnerabilities in a popular open-source secrets manager. Software bugs threaten satellite safety. Columbia University confirms a cyberattack. Researchers uncover malicious NPM packages posing as WhatsApp development tools.A new EDR killer tool is being used by multiple ransomware gangs. Home Improvement stores integrate AI license plate readers into their parking lots. The U.S. federal judiciary announces new cybersecurity measures after cyberattacks compromised its case management system. CISA officials reaffirm their commitment to the CVE Program. Our guest is David Wiseman, Vice President of Secure Communications at BlackBerry, discussing the challenges of secure communications. AI watermarking breaks under spectral pressure.

Today is Friday August 8th 2025. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

Researchers uncover multiple vulnerabilities in a popular open-source secrets manager. 

Researchers at Cyata uncovered nine vulnerabilities in HashiCorp Vault, a popular open-source secrets manager. These flaws, eight of which are now patched, allowed attackers to bypass authentication, escalate privileges, and even execute remote code. The bugs stem from logic errors in Vault’s core components, including authentication, MFA, and plugin handling. Some exploits, like case variations in usernames, bypass lockouts or MFA. Others abuse policy normalization to gain root access or trick Vault’s trust model using forged certificates. The most severe, CVE-2025-6000, enables RCE by uploading malicious plugins via the audit log system, a flaw hiding in plain sight for nearly a decade. Affecting both open-source and enterprise editions, the report highlights the importance of patching, tight configuration, and strong identity enforcement to prevent full infrastructure compromise.

Software bugs threaten satellite safety. 

Anti-satellite missiles may be flashy, but hacking is the new space warfare. While four nations have tested kinetic anti-satellite weapons, it turns out knocking a satellite offline could be as simple as exploiting bad code.

At this year’s Black Hat conference in Las Vegas, researchers from VisionSpace Technologies demonstrated just how easy it is to hijack a satellite, or its ground station, using known software vulnerabilities.

To break down what they found, and what it means for satellite security and the growing space economy, here’s our own Maria Varmazis. 

Columbia University confirms a cyberattack. 

Columbia University has confirmed a cyberattack that exposed personal data of nearly 869,000 individuals. The breach, discovered in late June, affected Social Security numbers, contact details, academic records, financial aid, and health insurance information. The hackers accessed systems in mid-May and stole data to allegedly support a political agenda opposing affirmative action. While patient data at Columbia’s medical center was untouched, the attack disrupted IT systems campus-wide. The university is offering two years of free credit monitoring to those impacted.

Researchers uncover malicious NPM packages posing as WhatsApp development tools.

Researchers at Socket have uncovered two malicious NPM packages, naya-flore and nvlore-hsc, posing as WhatsApp development tools that contain destructive data-wiping code. These packages, still live on NPM, have been downloaded over 1,100 times and mimic legitimate WhatsApp bot libraries. The hidden function requestPairingCode fetches a JSON kill-switch list from GitHub, sparing specific Indonesian phone numbers. If not on the list, the package executes rm -rf *, recursively deleting local files. Though currently inactive, the code includes a commented-out data exfiltration feature. Additional packages by the same publisher could turn malicious with future updates. Meanwhile, Socket also identified 11 malicious Go packages using obfuscated code to run remote payloads in memory. Most are still active, primarily targeting CI servers and Windows machines. Developers are urged to double-check dependencies for hidden threats.

A new EDR killer tool is being used by multiple ransomware gangs. 

A new EDR killer tool, seen as the successor to EDRKillShifter, is being used by eight ransomware gangs, including RansomHub, Medusa, and Qilin. The tool disables antivirus and security tools on compromised systems, helping attackers move laterally and deploy ransomware undetected. It uses obfuscated code and loads a malicious driver via a BYOVD (Bring Your Own Vulnerable Driver) method. Sophos researchers believe the tool was developed collaboratively, with each gang using a unique build, reflecting a growing trend of shared tooling in ransomware operations.

Home Improvement stores integrate AI license plate readers into their parking lots. 

Public records reveal that Lowe’s and Home Depot have quietly integrated AI-powered Flock license plate readers into their parking lots, and shared access to this surveillance data with law enforcement. According to an investigation by 404media, the Johnson County, Texas Sheriff’s Office has access to 173 Lowe’s locations nationwide and multiple Home Depot sites within Texas, as well as gunshot detection tools at some stores. Flock says private businesses choose whom to share data with, but the records suggest extensive law enforcement partnerships. While Home Depot confirmed law enforcement collaborations, neither company addressed specifics. Critics like the EFF warn of risks to customer privacy, especially when surveillance tech can be used without warrants or accountability. The report highlights a growing trend: private businesses feeding real-time surveillance data into public law enforcement networks, often without customers’ knowledge.

The U.S. federal judiciary announces new cybersecurity measures after cyberattacks compromised its case management system. 

The U.S. federal judiciary has announced new cybersecurity measures after recent, sophisticated cyberattacks compromised its case management system. The breach, first reported by Politico, may have exposed confidential court documents and identities of informants in multiple federal courts. The Administrative Office of the U.S. Courts (AOUSC) is now working with courts to secure sensitive data and restrict access to sealed filings. While most documents are public by design, some contain protected or classified information, making them prime targets for nation-state hackers and cybercriminals. The judiciary had previously pledged to isolate sensitive documents after a 2020 breach. Officials warn that the threat landscape is growing, with adversaries seeking to exploit legal systems for espionage, disruption, or extortion. The judiciary aims to restore trust through tighter digital safeguards.

CISA officials reaffirm their commitment to the CVE Program. 

At Black Hat, CISA officials reaffirmed their commitment to the CVE Program after an April contract dispute raised fears about its future. The CVE system, vital for tracking cybersecurity vulnerabilities, faced a brief funding scare that CISA now says was a contract issue, not a budget problem. Despite calls to shift CVE oversight to a nonprofit with global governance, CISA plans to continue managing and improving the program. Officials emphasized its foundational role in cybersecurity and pledged enhancements like richer vulnerability data and expanded collaboration with international partners. CISA also discussed broader efforts, including AI threat response, cyber hygiene tools, and reducing exposed industrial systems online. So far, the agency has contacted 3,000 entities to secure internet-exposed systems, achieving an 80% success rate in reducing risks.

Yesterday, CISA issued ten advisories warning of critical vulnerabilities in various industrial control systems, affecting sectors like energy, manufacturing, and transportation. The flaws include unauthenticated access, buffer overflows, path traversal, and improper certificate validation across platforms from Delta Electronics, Rockwell Automation, Mitsubishi Electric, and others. Some vulnerabilities score as high as 9.8 on CVSS. These advisories emphasize the urgency for ICS operators to patch systems and reinforce security. 

 

AI watermarking breaks under spectral pressure. 

AI-generated images have become so indistinguishable from the real thing that identifying them now rivals reading tea leaves, only with less success. A Microsoft study pegged human accuracy at 62%, suggesting we may soon outsource image detection to darts and blindfolds. In response, watermarking emerged as the industry’s digital signature, a spectral seal, cleverly tucked where human eyes can’t wander. Enter UnMarker, unveiled at the IEEE Symposium, which doesn’t so much seek the watermark as quietly dismantle the scaffolding that holds it up. Developed by a Canadian Ph.D. student with more curiosity than reverence, it erases watermark signals across frequency space, elegantly, precisely, and with unnerving consistency. The irony? The very subtlety that makes spectral watermarking undetectable to us also makes it remarkably predictable to machines. Watermarking promised authenticity; UnMarker replies with a raised eyebrow.

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

 

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re proud that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K helps cybersecurity professionals and organizations grow, learn, and stay ahead. We’re the nexus for discovering the people, tech, and ideas shaping the industry.  Learn how at n2k.com.

We'd love to hear from you. We're conducting our annual audience survey to learn more about our listeners. We're collecting your insights until August 31, 2025. There's a link in the show notes.

 

N2K’s senior producer is Alice Carruth. Our producer is Liz Stokes. We’re mixed by Elliott Peltzman and Tré Hester, with original music by Elliott Peltzman. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.

CyberWire Daily
Podcast Info
HOST(S):
Dave Bittner
Dave Bittner is a security podcast host and one of the founders at CyberWire. He's a creator, producer, videographer, actor, experimenter, and entrepreneur. He's had a long career in the worlds of television, journalism and media production, and is one of the pioneers of non-linear editing and digital storytelling.
Schedule: Monday-Friday
Creator: N2K Networks, Inc.