Podcasts
CyberWire Daily
Ep 2423
The CyberWire Daily Podcast 10.29.25
Ep 2423 | 10.29.25

Logging off in Myawaddy.

Show Notes
Transcript

Explosions rock a shuttered Myanmar cybercrime hub. The Aisuru botnet shifts from DDoS to residential proxies. Dentsu confirms data theft at Merkle. Boston bans biometrics. Proton restores journalists’ email accounts after backlash. Memento labs admits Dante spyware is theirs. Australia accuses Microsoft of improperly forcing users into AI upgrades. CISA warns of active exploitation targeting manufacturing management software. A covert cyberattack during Trump’s first term disabled Venezuela’s intelligence network. Our guest is Ben Seri, Co-Founder and CTO of Zafran, discussing the trend of AI native attacks. New glasses deliver fashionable paranoia.

Today is Wednesday October 29th 2025. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

Explosions rock a shuttered Myanmar cybercrime hub. 

Thailand’s military says the flow of people fleeing Myanmar after a major cybercrime hub was shut down has nearly stopped, following a week in which more than 1,500 crossed the border. Myanmar’s army raided the KK Park complex near Myawaddy in mid-October, part of an ongoing campaign against online scams and illegal gambling networks. Explosions reportedly leveled parts of the site, damaging homes on the Thai side. Most who fled are believed to have been foreign workers forced into scam operations, with Thai authorities sheltering and screening people from 28 countries to determine if they were trafficking victims. KK Park had been a key node in Myanmar’s expanding cyberscam industry, where criminal groups lure workers with fake job offers before coercing them into online fraud. Despite the raid, independent reports suggest similar operations remain active in Myawaddy, underscoring Myanmar’s ongoing struggle to dismantle cross-border cybercrime networks.

The Aisuru botnet shifts from DDoS to residential proxies. 

The Aisuru botnet, once known for record-breaking distributed denial-of-service (DDoS) attacks, has shifted toward a more profitable model: renting infected Internet of Things (IoT) devices as residential proxies. Krebs on Security estimates Aisuru controls around 700,000 compromised routers and cameras. These devices now help anonymize cybercriminal traffic and power large-scale data scraping for artificial intelligence (AI) training. Experts say the flood of cheap proxy access is driving explosive growth across proxy services, some tied to Chinese conglomerates like IPidea’s “HK Network.” Many of these networks rely on SDKs secretly installed on user devices, selling their bandwidth to proxy resellers. While legitimate firms such as Oxylabs and Bright Data deny exaggerated growth claims, analysts warn that botnet-driven proxy ecosystems blur lines between lawful data collection and cybercrime infrastructure.

Dentsu confirms data theft at Merkle. 

Japanese advertising giant Dentsu has confirmed a cybersecurity incident affecting its U.S. subsidiary Merkle, exposing employee and client data. The company detected abnormal network activity, shut down certain systems, and notified authorities in affected countries. Internal reports suggest the breach involved staff financial and personal data, including payroll and bank details. Dentsu later confirmed that attackers stole files containing information on clients, suppliers, and current and former employees. While its Japan-based systems were unaffected, the company anticipates some financial impact. Merkle, which employs 16,000 people and serves major global brands, continues to investigate with third-party forensic experts. No ransomware group has claimed responsibility, and the full scope of the breach remains under review.

Boston bans biometrics. 

The Boston City Council has unanimously voted to ban the use of facial recognition technology by all city departments, including the police, making Boston the largest East Coast city to do so. The ordinance prohibits officials from acquiring or using facial recognition systems, or contracting third parties to do so, though police may still follow up on leads generated by other agencies. Citing racial bias and accuracy issues, the law aims to protect residents’ privacy and prevent discrimination against communities of color. Supported by the ACLU of Massachusetts and local advocacy groups, the measure aligns Boston with cities like San Francisco and Oakland that have enacted similar bans. The ordinance was sponsored by Councilors Michelle Wu and Ricardo Arroyo.

Proton restores journalists’ email accounts after backlash. 

Proton, the company behind Proton Mail, suspended the accounts of two journalists investigating South Korean government hacks, prompting backlash over its commitment to privacy and press freedom. The reporters, publishing under pseudonyms in Phrack magazine, had responsibly disclosed their findings, linked to North Korea’s Kimsuky threat group, to South Korean authorities using Proton Mail accounts. After the print issue appeared, Proton disabled their accounts citing “policy violations” following a complaint from an unspecified cybersecurity agency. Despite appeals, Proton offered little explanation until public criticism forced reinstatement weeks later. Press advocates warned the move undermines trust among journalists who rely on Proton for secure communications. Proton later said it was acting on a CERT alert but admitted its automated anti-abuse process may have mistakenly affected legitimate users.

Memento labs admits Dante spyware is theirs. 

Yesterday we reported cybersecurity firm Kaspersky has identified a new Windows spyware strain called Dante, which it links to Memento Labs, the rebranded successor to the notorious spyware maker Hacking Team. In a key confirmation, Memento CEO Paolo Lezzi told TechCrunch that the spyware detected by Kaspersky does indeed belong to his company, blaming a government client for using an outdated version. This discovery follows earlier reporting on Memento’s continued development of surveillance tools despite Hacking Team’s collapse after major scandals and leaks. Kaspersky says the “ForumTroll” group used Dante in targeted attacks on Russian and Belarusian organizations, including media and government entities. Memento has since urged customers to discontinue use of its Windows spyware as it shifts focus to mobile surveillance tools.

Australia accuses Microsoft of improperly forcing users into AI upgrades. 

Australia’s competition regulator, the Australian Competition and Consumer Commission (ACCC), has filed suit against Microsoft, alleging the company misled Office 365 customers by forcing an upgrade to its Copilot AI service and charging higher subscription fees without proper consent. The ACCC claims Microsoft falsely represented that users had to accept the AI integration and pay more to retain access, violating multiple provisions of Australian Consumer Law. The regulator seeks penalties, refunds, and injunctions. Microsoft, which told customers they risked losing access if they didn’t upgrade, says it’s reviewing the claim and will cooperate with regulators. The ACCC, known for strong consumer enforcement, says affected users can revert to their original plans and should contact Microsoft for refunds if charged improperly.

CISA warns of active exploitation targeting manufacturing management software. 

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned that attackers are actively exploiting two critical flaws in Dassault Systèmes’ DELMIA Apriso manufacturing management software. The bugs, CVE-2025-6205 (CVSS 9.1), which allows remote privilege escalation, and CVE-2025-6204 (CVSS 8.0), enabling arbitrary code execution with existing elevated access, affect versions from Release 2020 through 2025. Dassault patched both vulnerabilities in August 2025, and CISA urges organizations to apply updates immediately and isolate affected systems from untrusted networks to prevent compromise.

A covert cyberattack during Trump’s first term disabled Venezuela’s intelligence network. 

In the final year of Donald Trump’s first term, the CIA launched a covert cyberattack that disabled Venezuela’s intelligence network, CNN reports. The operation, described by sources as “perfectly successful,” was intended to appease Trump’s push for aggressive action against Nicolás Maduro without escalating into open conflict. Officials characterized the move as part of broader covert maneuvers to pressure Caracas, though Maduro remained in power. The revelation emerges as Trump’s current administration ramps up military activity near Venezuela, including the deployment of 10,000 U.S. troops and an aircraft carrier, raising fears of a potential regime-change effort. Former officials say Trump’s renewed “maximum pressure” campaign reflects lessons from his first term, when military and intelligence leaders resisted riskier operations. Analysts warn that today’s military buildup, framed as a counternarcotics mission, may mask preparation for direct strikes.

New glasses deliver fashionable paranoia. 

Zenni, the online glasses retailer best known for cheap frames and bold colors, now sells eyewear that claims to block facial recognition ,  because apparently that’s where we are as a society. The company’s new “ID Guard” coating gives lenses a subtle pink shimmer that reflects infrared light, blinding the cameras used in some surveillance systems. Tests by 404 Media confirmed the glasses can foil Apple’s FaceID and turn wearers’ eyes into mysterious voids under infrared cameras. Unfortunately, they’re less effective against the more mundane threat of someone photographing your face in daylight and uploading it to a search engine. Still, there’s something comforting about the idea: when the world is one big panopticon, at least Zenni will sell you reasonably priced rebellion in a flattering shade of rose.

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re proud that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K helps cybersecurity professionals and organizations grow, learn, and stay ahead. We’re the nexus for discovering the people, tech, and ideas shaping the industry.  Learn how at n2k.com.

N2K’s senior producer is Alice Carruth. Our producer is Liz Stokes. We’re mixed by Elliott Peltzman and Tré Hester, with original music by Elliott Peltzman. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.

CyberWire Daily
Podcast Info
HOST(S):
Dave Bittner
Dave Bittner is a security podcast host and one of the founders at CyberWire. He's a creator, producer, videographer, actor, experimenter, and entrepreneur. He's had a long career in the worlds of television, journalism and media production, and is one of the pioneers of non-linear editing and digital storytelling.
Schedule: Monday-Friday
Creator: CyberWire, Inc.