Podcasts
CyberWire Daily
Ep 2393
The CyberWire Daily Podcast 9.16.25
Ep 2393 | 9.16.25

AI chips flow east.

Show Notes
Transcript

A controversial Trump administration deal gives the U.A.E. access to cutting-edge U.S. AI chips. FlowiseAI warns of a critical account takeover vulnerability. A new social engineering campaign impersonates Meta account suspension notices. A macOS Spotlight 0-day flaw bypasses Apple’s Transparency, Consent, and Control (TCC) protections. Are cost saving from outsourced IT services worth the risk? Poland boosts its cybersecurity budget after a surge in Russian-backed attacks. NTT Group joins the Comm-ISAC. Jaguar Land Rover’s global shutdown continues. A data breach affects millions of customers of top luxury brands. On today's Threat Vector segment, David Moulton⁠ speaks with⁠ Palo Alto Networks’ Spencer Thellmann about the dual challenges of securing employee use of generative AI tools and defending internally built AI models and agents. AI chatbots hustle seniors for science. 

Today is Tuesday September 16th 2025. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

A controversial Trump administration deal would give the U.A.E. access to cutting-edge U.S. AI chips. 

According to reporting by The New York Times, the Trump administration is advancing a deal that would give the U.A.E. access to hundreds of thousands of cutting-edge U.S. AI chips, despite warnings from national security officials. Many chips are slated for G42, a tech firm controlled by Sheikh Tahnoon bin Zayed, who has longstanding ties to Chinese companies. Experts fear the chips, or the models built on them, could ultimately flow to Beijing, undermining U.S. export controls and AI safeguards.

The Times also uncovered a parallel $2 billion investment into World Liberty Financial, a crypto company tied to the Trump and Witkoff families. Critics say the overlap blurs government duties with private enrichment, raising conflict-of-interest and insider-risk concerns.

From a cybersecurity perspective, the risks are clear: potential loss of AI supremacy, third-party data exposure in Emirati infrastructure, and compliance vulnerabilities tied to crypto and Binance’s AML history. Safeguards exist, but enforcement remains shaky.

FlowiseAI warns of a critical account takeover vulnerability. 

FlowiseAI has issued an urgent warning about a serious flaw that lets attackers easily take over user accounts. The problem affects both its cloud service and self-hosted setups, exposing personal details and allowing outsiders to reset passwords without permission. Security experts say the issue is extremely severe, urging all users to update right away. Those who cannot upgrade immediately should block public access to the password-reset feature until a fix is applied. Failure to act leaves accounts fully exposed.

A new social engineering campaign impersonates Meta account suspension notices.  

A new social engineering campaign called FileFix is impersonating Meta account suspension notices to spread the StealC infostealer, according to Acronis. FileFix is an evolution of the ClickFix attack method, which tricks users into pasting malicious commands into system dialog boxes. This variant abuses the Windows File Explorer address bar. Victims are directed to a phishing page that claims their Meta account will be disabled, then urged to paste what appears to be a file path. Instead, a hidden PowerShell command installs malware.

The campaign uses steganography to hide additional payloads inside images hosted on Bitbucket, eventually unleashing StealC. The malware steals browser credentials, cookies, cloud keys, crypto wallets, messaging app logins, and can capture screenshots. Researchers warn that FileFix tactics are rapidly evolving, making user education critical to defense. Acronis observed multiple variants in just two weeks, signaling ongoing refinement by attackers.

 A macOS Spotlight 0-day flaw  bypasses Apple’s Transparency, Consent, and Control (TCC) protections. 

A new blog from Objective-See reveals a 0-day flaw in macOS Spotlight plugins that bypasses Apple’s Transparency, Consent, and Control (TCC) protections. Spotlight plugins index user files, including sensitive system databases, but researchers showed they can be exploited to leak private data fueling Apple Intelligence AI features. Despite sandboxing, the bug, rooted in a decade-old flaw, lets malicious plugins transmit protected file content to outside processes. Since Spotlight plugins can be installed without notarization, attackers or malware could abuse them for persistence, data theft, or AI model exfiltration. Apple has patched related issues before, but this 0-day shows macOS sandboxing gaps remain exploitable.

Are cost saving from outsourced IT services worth the risk?

Researcher Kevin Beaumont examines several major UK companies, including the Co-op Group, Marks & Spencer, and Jaguar Land Rover, who have outsourced critical IT and cybersecurity functions to Tata Consultancy Services (TCS), and concludes this has led to redundancies and growing risk exposure. These functions include security operations, governance, and identity management, core defenses against breaches. While outsourcing cuts costs, attackers like LAPSUS$ have exploited weaknesses in shared helpdesks and standard operating procedures. Critics argue that TCS’s denials focus narrowly on whether its own systems were breached, sidestepping the real question of how its customers were compromised. The broader issue is structural: cost-cutting and over-reliance on Managed Service Providers concentrate risk across many organizations. With ransomware incidents escalating, experts say UK firms remain hyper-focused on data protection laws but lack cyber resilience planning. The risk isn’t just stolen data, it’s service disruption severe enough to threaten economic stability.

Poland boosts its cybersecurity budget after a surge in Russian-backed attacks. 

Poland is boosting its cybersecurity budget to a record €1bn after a surge in Russian-backed attacks on critical infrastructure, according to the Financial Times. Officials say Poland faces 20–50 sabotage attempts daily, mostly thwarted, but some breaches have disrupted hospitals and exposed medical data. A recent attack infiltrated a major city’s water system but was stopped before supplies were cut. The government is allocating €80mn to secure water systems and expand protections across 2,400 local administrations. Warsaw says it is the most frequent Russian cyber target in the EU, with GPS jamming from Russia’s Kaliningrad increasingly disrupting flights. The move comes amid rising hybrid threats, including drone incursions and NATO’s first direct interceptions of Russian assets since the 2022 invasion of Ukraine. Cross-party consensus has emerged in Poland to urgently strengthen cyber resilience.

NTT Group joins the Comm-ISAC. 

Japanese telecom giant NTT Group has become the first global technology services company invited to join the U.S. Communications Information Sharing and Analysis Center (Comm-ISAC), marking a milestone in international collaboration on critical infrastructure security. The move underscores NTT’s commitment to cyber resilience, situational awareness, and collective defense of global communications networks. By partnering with Comm-ISAC members and sector sponsors, NTT will help strengthen defenses against cyber threats while advancing innovation and sustainability. The company stressed that trust, partnerships, and information sharing are essential to securing the digital backbone of modern society.

 

Jaguar Land Rover’s global shutdown continues. 

Jaguar Land Rover (JLR) has extended its global shutdown until September 24 as it investigates a major cyberattack that forced thousands of employees and supply-chain workers into temporary layoffs. The disruption, costing an estimated £72 million ($98 million) per day, highlights risks not only to JLR but to the wider UK economy, where the company represents 4% of exports. Investigators confirmed attackers accessed internal data, raising potential fines under privacy law. Experts warn the incident underscores policy gaps: regulation prioritizes personal data protection while service continuity and economic security remain under-addressed.

A data breach affects millions of customers of top luxury brands. 

French luxury giant Kering has confirmed a data breach affecting millions of Balenciaga, Gucci, and Alexander McQueen customers. The hacker group ShinyHunters, also linked to breaches at Google and Adidas, claimed responsibility, saying it stole 7.4 million email addresses along with names, phone numbers, home addresses, and spending amounts ,  in some cases exceeding $80,000. While Kering stressed no payment data was taken, experts warn high spenders may be targeted in follow-on scams. Authorities have been notified; Kering denies negotiating with the attackers.

AI chatbots hustle seniors for science. 

Reuters teamed with a Harvard researcher to see what happens when top chatbots are asked to cook up a phishing scam aimed at seniors. The journalists used the bots to write emails, suggest timing, and shape the pitch. Then they tested nine of those AI-crafted messages on 108 volunteers. About 11% clicked.

Some bots slammed the brakes at first. Others complied after a little coaxing ,  “it’s for research” or “it’s for a novel” did the trick. Grok wrote a convincing charity plea; Gemini even suggested the best time of day to send it. Google retrained Gemini after being told.

The result is blunt: AI can turbocharge scams. The FBI has warned about this. Companies say they’re tightening safeguards. Meanwhile, seniors remain vulnerable.

The takeaways? Be suspicious of urgent asks, verify senders, don’t click unexplained links, and keep loved ones alert. The genie isn’t going back in the bottle.

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

 

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re proud that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K helps cybersecurity professionals and organizations grow, learn, and stay ahead. We’re the nexus for discovering the people, tech, and ideas shaping the industry.  Learn how at n2k.com.

 

N2K’s senior producer is Alice Carruth. Our producer is Liz Stokes. We’re mixed by Elliott Peltzman and Tré Hester, with original music by Elliott Peltzman. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.

CyberWire Daily
Podcast Info
HOST(S):
Dave Bittner
Dave Bittner is a security podcast host and one of the founders at CyberWire. He's a creator, producer, videographer, actor, experimenter, and entrepreneur. He's had a long career in the worlds of television, journalism and media production, and is one of the pioneers of non-linear editing and digital storytelling.
Schedule: Monday-Friday
Creator: CyberWire, Inc.