The UN’s big push for global cybercrime rules.

The UN launches the world’s first global treaty to combat cybercrime. A House Democrats’ job portal left security clearance data exposed online. A new data leak exposes 183 million email addresses and passwords. Threat actors target Discord users with an open-source red-team toolkit. A new campaign targets unpatched WordPress plugins. The City of Gloversville, New York, suffers a ransomware attack. Jen Easterly hopes AI could eliminate the buggy software that fuels cybercrime. A Connecticut health system agrees to an $18 million settlement following a ransomware attack. Monday business brief. Tim Starks from CyberScoop is discussing concerns over budget cuts and visibility. Meta’s privacy safeguard goes dark.

Today is Monday October 27th 2025. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

The UN launches the world’s first global treaty to combat cybercrime. 

The United Nations has launched the world’s first global treaty to combat cybercrime, with 72 nations signing the new Convention against Cybercrime at a ceremony on Saturday. The agreement, five years in the making, aims to improve prevention, cooperation, and capacity-building to fight online crime, particularly in developing countries. However, critics warn the treaty could undermine human rights. Groups including the Electronic Frontier Foundation, Human Rights Watch, and Privacy International argue it grants overly broad surveillance powers without sufficient safeguards. Even Cisco has voiced concern that the Convention risks eroding the rule of law. Despite these objections, UN Secretary-General António Guterres called the signing “an important milestone” toward safer digital spaces, highlighting the treaty’s mechanisms for cross-border sharing of digital evidence. Still, the agreement won’t take effect until countries ratify it, and the UN has yet to publish a full list of signatories.

House Democrats’ job portal left security clearance data exposed online. 

An unsecured database connected to DomeWatch, a website managed by U.S. House Democrats, exposed the personal details of more than 450 individuals holding top secret security clearances, according to research shared with WIRED. The database contained data on about 7,000 job applicants, including names, contact details, military service, clearance levels, and political affiliations. It was discovered in late September by an independent security researcher and secured within hours after being reported. While résumés were not included, experts warn the dataset could be a “gold mine” for foreign intelligence or cybercriminals seeking to target government personnel. House officials say an outside vendor was responsible, and a full investigation is underway. The incident highlights ongoing risks from poorly secured online databases and their potential use in espionage or social engineering.

A new data leak exposes 183 million email addresses and passwords. 

A new data leak has exposed 183 million email addresses and passwords, just months after another massive breach. Security researcher Troy Hunt, founder of Have I Been Pwned (HIBP), says the data—about 3.5 terabytes and 23 billion rows—came from threat intelligence firm Synthient and included stolen Gmail logins and website credentials. Hunt found 8% of entries were new, adding 16 million previously unseen addresses. HIBP verified some records with affected users. Experts urge password changes and avoiding reuse across accounts.

Threat actors target Discord users with an open-source red-team toolkit. 

Threat actors are abusing the open-source RedTiger red-team toolkit to deploy an infostealer targeting Discord users, primarily in France, according to Netskope. Originally built for penetration testing, RedTiger includes network scanning, password cracking, and malware-building features. Attackers compiled it into standalone executables disguised as gaming or Discord apps. Once installed, the malware steals Discord credentials, payment details, browser passwords, crypto wallets, and game data, while capturing screenshots and webcam images. Stolen data is uploaded to GoFile and sent to attackers via Discord webhooks. The malware uses anti-sandbox features and floods systems with fake processes to hinder analysis. Security experts urge users to avoid unofficial downloads, revoke Discord tokens, and enable multi-factor authentication (MFA) if compromise is suspected.

A new campaign targets unpatched WordPress plugins. 

A new campaign is exploiting three critical vulnerabilities in the GutenKit and Hunk Companion WordPress plugins, according to Defiant. Since October 8, over 9 million exploit attempts have been blocked. The flaws—CVE-2024-9234, CVE-2024-9707, and CVE-2024-11972—allow unauthenticated attackers to upload malicious files, install rogue plugins, and achieve remote code execution. Attackers are distributing a fake plugin via GitHub containing backdoors and persistence scripts. Despite patches released over a year ago, the campaign highlights ongoing risks for outdated WordPress sites.

The City of Gloversville, New York, suffers a ransomware attack. 

The City of Gloversville, New York, suffered a ransomware attack in March that exposed personal and payroll information of current and former employees. Officials say the attackers, believed to be from Eastern Europe, demanded $300,000 for the stolen data. After hiring consultants, the city negotiated a $150,000 payment for its return. The incident was reported to the FBI, State Police, and DHS. Federal investigators are now working to identify the attackers and recover the ransom funds.

Jen Easterly hopes artificial intelligence could eliminate the buggy software that fuels cybercrime. 

Former CISA director Jen Easterly says artificial intelligence could eventually make cybersecurity obsolete by eliminating the buggy software that fuels cybercrime. Speaking at AuditBoard’s user conference in San Diego, Easterly argued that the real issue isn’t cyberattacks themselves, but poor software quality driven by vendors prioritizing speed and cost over safety. She said AI is already improving attackers’ tools—creating stealthier malware and targeted phishing—but can also help defenders rapidly identify and fix vulnerabilities. Easterly believes a secure-by-design approach, supported by the White House’s AI Action Plan, could “tip the balance” toward defenders and make breaches rare exceptions rather than expected events. She criticized the glamorization of hackers and stressed that most attacks still exploit long-known flaws like SQL injection and memory-unsafe code. Her core message: the industry must demand accountability from software vendors to fix systemic weaknesses at their source.

A Connecticut health system agrees to an $18 million settlement following a ransomware attack. 

Yale New Haven Health System (YNHHS) will pay $18 million to settle a class action lawsuit over a March 2025 ransomware attack that compromised data from nearly 5.6 million individuals, the largest reported U.S. healthcare breach so far this year. The attack exposed patient information such as names, birth dates, and Social Security numbers but did not affect medical records or payment data. The settlement, preliminarily approved by a federal court, offers victims up to $5,000 for documented losses or an alternative $100 payment, plus two years of medical data monitoring. Class counsel will receive one-third of the fund in legal fees. YNHHS also agreed to strengthen its cybersecurity controls. The breach was discovered March 8 and reported to regulators a month later. A final settlement hearing is scheduled for March 3, 2026.

Monday business brief. 

In our Monday business brief, the cybersecurity and data resilience sector saw major merger and investment activity last week. Veeam announced a $1.7 billion acquisition of Securiti AI, integrating data security posture management into its resilience platform. Dataminr will acquire ThreatConnect for $290 million, combining internal and external threat data for real-time intelligence. Other notable deals include AuditBoard acquiring FairNow to expand AI governance, Imprivata buying Verosint for healthcare identity threat detection, and Panther acquiring Datable to enhance its AI SOC platform. Meanwhile, Riveron, EarlyHealth Group, and Main Capital Partners also completed strategic acquisitions.

On the investment front, CoreStack raised $50 million to fuel cloud governance growth, Keycard emerged from stealth with $38 million, and Basis Theory, Defakto, and OneLayer raised over $25 million each. Startups including Conceal, Gravwell, LuxQuanta, and CybaVerse also secured new funding, signaling continued momentum in AI-driven cybersecurity innovation.

Be sure to check out our complete business brief on our website, part of CyberWire Pro. 

Meta’s privacy safeguard goes dark. 

Meta’s Ray-Ban smart glasses were supposed to make recording your surroundings less creepy—a goal achieved, at least in theory, by adding a little LED that lights up whenever you’re filming. Unfortunately, some enterprising “hobbyists” have decided that privacy lights are for amateurs. As 404 Media reports, one modder has been selling $60 “stealth editions” of the glasses—no LED, no warning, just effortless covert recording. The craftsmanship is impressive, if you overlook the whole ethics thing. Meta, for its part, sternly reminded everyone that disabling the light violates its terms of service—a terrifying deterrent, surely. Still, for those who’d rather not risk an eBay purchase, Amazon now sells sticker packs for covering the light entirely. So if Zuckerberg’s “ideal social experience” involves quietly filming your friends, the future has never looked brighter—or dimmer.

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re proud that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K helps cybersecurity professionals and organizations grow, learn, and stay ahead. We’re the nexus for discovering the people, tech, and ideas shaping the industry.  Learn how at n2k.com.

 

N2K’s senior producer is Alice Carruth. Our producer is Liz Stokes. We’re mixed by Elliott Peltzman and Tré Hester, with original music by Elliott Peltzman. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.