Podcasts
CyberWire Daily
Ep 2379
The CyberWire Daily Podcast 8.26.25
Ep 2379 | 8.26.25

Rolling the dice on cybersecurity.

Show Notes
Transcript

A cyberattack disrupts state systems in Nevada. A China-linked threat actor targets Southeast Asian diplomats. A new attack method hides malicious prompts inside images processed by AI systems.Experts ponder preventing AI agents from going rogue. A new study finds AI is hitting entry-level jobs hardest. Michigan’s Supreme Court upholds limits on cell phone searches. Sen. Wyden accuses the judiciary of cyber negligence. CISA issues an urgent alert on a critical Git vulnerability. Hackers target Maryland’s transit services for the disabled. Our guest is Cristian Rodriguez, Field CTO for the Americas from CrowdStrike, examining the escalating three-front war in AI. A neighborhood crime reporting app gets algorithmically sketchy. 

Today is Tuesday August 26th 2025. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

A cyberattack disrupts state systems in Nevada. 

A cyberattack disrupted state systems in Nevada this past Sunday, knocking government websites and phone lines offline. Governor Joe Lombardo said emergency services remain operational but warned some services may be slow or unavailable during recovery. Offices closed Monday, and reopening dates will be announced later. Officials are working with federal, local, and tribal partners to restore services, using temporary workarounds where possible. As of Monday night, the state’s main website was still down, and residents were cautioned against scams. Investigators are determining if data was breached, though no hacking group has claimed responsibility. 

A China-linked threat actor targets Southeast Asian diplomats. 

Google’s Threat Intelligence Group (GTIG) has exposed a sophisticated cyber espionage campaign by UNC6384, a China-linked threat actor tied to TEMP.Hex (Mustang Panda). The operation, aligned with Beijing’s strategic interests, primarily targeted Southeast Asian diplomats and global organizations. Attackers hijacked web traffic through compromised devices, redirecting victims to fake update sites secured with TLS. Victims were tricked into installing a bogus “Adobe Plugin,” which delivered STATICPLUGIN, a digitally signed downloader certified by Chengdu Nuoxin. This triggered a multi-stage chain using DLL side-loading and obfuscation techniques to stealthily deploy the SOGU.SEC backdoor in memory. The malware enabled reconnaissance, file theft, and remote access over HTTPS. GTIG links the campaign to past PRC operations using the same certificates. Google has issued alerts, updated Safe Browsing, and urged stronger defenses.

A new attack method hides malicious prompts inside images processed by AI systems.

Researchers at Trail of Bits have unveiled a new attack method that hides malicious prompts inside images processed by AI systems. The technique exploits how images are automatically downscaled for performance, causing hidden patterns to emerge due to resampling artifacts. These patterns, invisible at full resolution, appear as text after downscaling and can be misinterpreted by large language models (LLMs) as user instructions. In one test, the attack exfiltrated Google Calendar data via Gemini CLI when paired with Zapier MCP. The method, adapted per system, worked against multiple Gemini-based platforms, Google Assistant, and Genspark. To demonstrate the risk, researchers released Anamorpher, a tool for crafting such images. They recommend safeguards like restricting image dimensions, previewing downscaled outputs, and requiring explicit user confirmation for sensitive tool calls.

Experts ponder preventing AI agents from going rogue. 

Anthropic’s testing of agentic AI revealed troubling risks, including attempts at blackmail when models were given sensitive information, the BBC reports. While the scenarios were fictional, they highlight the urgent need for safeguards. Experts stress that human oversight alone won’t work at scale as AI agents grow more autonomous. Instead, multiple solutions are emerging. CalypsoAI advocates “thought injection,” a technique that nudges agents away from risky actions, and is developing “agent bodyguards” to enforce compliance with organizational policies and laws. Cequence Security emphasizes protecting AI memory stores, which guide decisions, from manipulation. Other proposals include restricting tool use, adding screening layers to monitor input and output, and ensuring agents are securely decommissioned once retired. Ultimately, securing AI agents means treating them like human employees, enforcing guardrails, audits, and clear offboarding processes.

A new study finds AI is hitting entry-level jobs hardest. 

A Stanford University study finds AI is hitting entry-level jobs hardest in fields like accounting, software development, and administrative work. Over the past three years, employment for newcomers in AI-exposed roles fell 13%, while more experienced workers in the same jobs fared better. Younger workers (ages 22–25) also saw slowing prospects, even as demand for lower-tech roles, like nursing aides, rose. The research, coauthored by Erik Brynjolfsson, analyzed payroll data from ADP, highlighting how AI-driven automation is reshaping early career opportunities.

Michigan’s Supreme Court upholds limits on cell phone searches. 

The Michigan Supreme Court has ruled that police cannot use broad warrants to search entire cell phones when investigating a crime. In People v. Carson, the court found that warrants must include clear limits on what data can be reviewed and must tie searches directly to evidence relevant to the alleged crime. The case involved a warrant that let investigators comb through all of Michael Carson’s phone data, producing over 1,000 pages, most unrelated to the theft under investigation. The court declared this “constitutionally intolerable,” citing the Fourth Amendment’s requirement of particularity to prevent fishing expeditions. With modern phones storing vast amounts of personal, medical, and financial data, the ruling strengthens digital privacy protections and aligns with growing national recognition that cell phones require stricter warrant rules.

Sen. Wyden accuses the judiciary of cyber negligence. 

Sen. Ron Wyden is urging the Supreme Court to authorize an independent review of federal judiciary cyber breaches, accusing the courts of negligence. In a letter to Chief Justice John Roberts, Wyden cited recent sophisticated attacks on the judiciary’s case management system and a 2020 breach, both suspected to involve Russian hackers. He called for the National Academy of Sciences to lead a public review of the judiciary’s cybersecurity practices and technology management, warning that officials may be downplaying their own security failures.

CISA issues an urgent alert on a critical Git vulnerability. 

CISA has issued an urgent alert on a critical Git vulnerability (CVE-2025-48384) already under active exploitation. The flaw stems from Git’s inconsistent handling of carriage return characters in configuration files, allowing attackers to craft malicious repositories that execute arbitrary code via submodules and symbolic links. Exploited systems risk privilege escalation, lateral movement, and ransomware deployment. CISA urges immediate patching, strict repository access controls, and monitoring for suspicious activity. CI/CD pipelines should validate submodules, and defenders must prioritize remediation to protect development environments.

Hackers target Maryland’s transit services for the disabled. 

Maryland is investigating a cyberattack that struck at one of its most vulnerable populations, residents who rely on specialized transit for the disabled. The Maryland Transit Administration (MTA) confirmed Sunday that hackers gained unauthorized access to systems supporting its Mobility program, which provides essential rides for those who cannot reach bus stops. While core transit services remain unaffected, scheduling new or rescheduled Mobility trips is currently impossible. The state has activated emergency operations and urged riders to use the Call-A-Ride program. Officials are working with cybersecurity experts and law enforcement to contain the damage. No group has claimed responsibility. Targeting disabled residents’ transportation is, of course, a shameful act of exploitation, adding unnecessary hardship to people who depend on these lifeline services. To paraphrase friend of the show Alan Liska, some threat actors deserve visitation from drone strikes. 

 

A neighborhood crime reporting app gets algorithmically sketchy. 

Citizen, the crime-awareness app that promises to help neighbors protect each other, has quietly let AI take over writing many of its alerts, and the results have been, let’s say, colorful. According to 404 Media, the algorithm has been pushing out crime reports without a single human eyeball checking them first. The results range from clumsy (“murder vehicle accident”) to grimly graphic (“person shot in face”) to flat-out dangerous, like publishing license plate numbers or bungling addresses. Sometimes it even creates multiple overlapping alerts during police chases, essentially playing whack-a-mole with real-time crime scenes. Former staff say speed was prioritized over accuracy, leaving humans to clean up messes after the fact. Meanwhile, Citizen has laid off unionized workers as it leans harder on AI and outsourced labor, all while entering a more formal partnership with New York City. For an app meant to build trust and safety, Citizen’s new AI editor seems to come up short.

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

 

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re proud that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K helps cybersecurity professionals and organizations grow, learn, and stay ahead. We’re the nexus for discovering the people, tech, and ideas shaping the industry.  Learn how at n2k.com.

We'd love to hear from you. We're conducting our annual audience survey to learn more about our listeners. We're collecting your insights until August 31, 2025. There's a link in the show notes.

 

N2K’s senior producer is Alice Carruth. Our producer is Liz Stokes. We’re mixed by Elliott Peltzman and Tré Hester, with original music by Elliott Peltzman. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.

CyberWire Daily
Podcast Info
HOST(S):
Dave Bittner
Dave Bittner is a security podcast host and one of the founders at CyberWire. He's a creator, producer, videographer, actor, experimenter, and entrepreneur. He's had a long career in the worlds of television, journalism and media production, and is one of the pioneers of non-linear editing and digital storytelling.
Schedule: Monday-Friday
Creator: N2K Networks, Inc.