Podcasts
CyberWire Daily
Ep 2424
The CyberWire Daily Podcast 10.30.25
Ep 2424 | 10.30.25

Dial M for malware.

Show Notes
Transcript

A Texas telecom confirms a nation-state attack. A global outage disrupts Azure and Microsoft 365 services. Malicious npm packages steal sensitive data from Windows, Linux, and macOS systems.  Hacktivists have breached multiple critical infrastructure systems across Canada. Major chipmakers spill the TEE. TP-Link home routers fall under federal scrutiny. Cloud Atlas targets Russia’s agricultural sector. Israel’s cloud computing deal with Google and Amazon allegedly includes a secret “winking mechanism.”The FCC tamps down on overseas robocalls. Mike Anderson, from Netskope, discusses why CIOs should think like HR leaders when considering Agentic AI. Danes Draw the line at digital doppelgängers. 

Today is Thursday October 30th 2025. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

A Texas telecom confirms a nation-state attack. 

Hackers linked to an unnamed nation-state infiltrated Ribbon Communications’ network and remained undetected for nearly a year, the Texas-based telecom company confirmed. Ribbon disclosed in an SEC filing that attackers gained access in December 2024 and were discovered only last month. The breach affected three small customers, and while investigators found no evidence that sensitive or government data was compromised, several older customer files were accessed. Ribbon said it has hardened its network and continues working with outside experts. The incident underscores growing risks to telecom providers that support government and critical infrastructure clients, with researchers warning that such firms have become high-value espionage targets. The company has not identified the nation-state involved.

A widespread global outage disrupts Azure and Microsoft 365 services.  

Microsoft suffered a widespread global outage disrupting Azure and Microsoft 365 services after an Azure Front Door configuration change triggered a DNS failure. The disruption began around 16:00 UTC on October 29, preventing customers—including healthcare organizations and critical infrastructure operators—from accessing portals like Azure, Intune, and Exchange. Authentication failures locked many employees out of company networks, with reports of downtime from sectors including transportation and government. Microsoft initially blamed a DNS issue, later confirming an inadvertent configuration change as the root cause. Engineers blocked further updates, rolled back systems to a stable state, and rerouted traffic to healthy infrastructure. By early October 30, Microsoft confirmed mitigation and recovery. The outage follows a recent AWS DNS failure, underscoring ongoing fragility in cloud service dependencies.

Malicious npm packages steal sensitive data from Windows, Linux, and macOS systems. 

Ten malicious npm packages impersonating popular software libraries were found stealing credentials and sensitive data from Windows, Linux, and macOS systems. Researchers at Socket said the fake packages, uploaded July 4, used typosquatting and multiple obfuscation layers to evade detection, amassing nearly 10,000 downloads. Upon installation, a hidden “postinstall” script launched an obfuscated loader that displayed a fake CAPTCHA before downloading a 24MB information-stealer built with PyInstaller. The malware targeted browser data, system keyrings, SSH keys, and authentication tokens, exfiltrating them to an attacker-controlled server. Despite being reported, the malicious packages remain live on npm. Developers who installed them are urged to remove infections and rotate credentials immediately.

 Hacktivists have breached multiple critical infrastructure systems across Canada. 

The Canadian Centre for Cyber Security has warned that hacktivists have breached multiple critical infrastructure systems across Canada, manipulating industrial controls and creating potentially dangerous conditions. Recent incidents affected a water treatment plant, an oil and gas company, and a grain facility, disrupting operations and triggering false alarms. Authorities say these opportunistic attacks sought publicity and public distrust rather than causing physical damage. The warning highlights the risk of exposed Industrial Control Systems (ICS) like PLCs and SCADA devices. Organizations are urged to restrict internet access to ICS components, enforce VPN and multi-factor authentication, and follow national Cyber Security Readiness Goals. Though no severe damage occurred, officials warn the incidents expose serious vulnerabilities in Canada’s critical infrastructure.

Major chipmakers spill the TEE. 

A new hardware-based exploit known as TEE.fail has broken key protections in trusted execution environments (TEEs) from Intel, AMD, and Nvidia—technologies that safeguard confidential data in cloud, AI, and blockchain systems. Researchers showed that by inserting a small device between a memory chip and motherboard, and with kernel-level access, attackers can defeat Intel’s SGX/TDX, AMD’s SEV-SNP, and Nvidia’s Confidential Compute within minutes. The flaw stems from deterministic encryption, which allows repeated ciphertext patterns exploitable for replay attacks. Despite chipmakers’ claims of secure enclaves, all exclude physical attacks from their threat models, leaving widespread misconceptions about their guarantees. The findings reveal that even low-cost, physical attacks can compromise TEEs across industries, exposing sensitive workloads once thought secure. Experts warn organizations to reassess reliance on TEEs for private computation, especially in untrusted or remote environments.

TP-Link home routers fall under federal scrutiny. 

More than half a dozen U.S. federal agencies have supported a Commerce Department proposal to ban sales of TP-Link home routers, citing national security concerns over the company’s ties to China. The interagency review—backed by Homeland Security, Defense, and Justice—concluded that TP-Link Systems’ U.S. products could still be influenced by Chinese government directives through its former parent, TP-Link Technologies. TP-Link disputes the claim, saying it is a fully American company with independent operations. If enacted, the ban would affect over one-third of U.S. home routers, marking one of the largest consumer tech prohibitions in history. The proposal remains under Commerce review amid U.S.-China trade tensions, with critics warning TP-Link devices could expose sensitive U.S. data or be manipulated through software updates.

Cloud Atlas targets Russia’s agricultural sector. 

State-backed hacker group Cloud Atlas has launched a new cyber-espionage campaign targeting Russia’s agricultural sector ahead of a major industry forum in Moscow. Researchers at F6 say attackers used phishing emails disguised as official event materials to exploit an old Microsoft Office flaw (CVE-2017-11882). The campaign mirrors previous Cloud Atlas attacks on Russian agro and defense entities, showing continued use of outdated vulnerabilities and social engineering. Active since 2014, Cloud Atlas remains a persistent espionage threat across Eastern Europe.

Israel’s cloud computing deal with Google and Amazon allegedly includes a secret “winking mechanism.”

In 2021, Israel secured a $1.2 billion cloud-computing deal—Project Nimbus—with Google and Amazon that included a secret “winking mechanism” to discreetly alert Israel if its data was handed to foreign law enforcement, The Guardian reports. According to leaked government documents, the system used coded payments tied to country dialing codes, enabling Israel to detect data disclosures despite gag orders. The contract also prohibits Google and Amazon from restricting Israel’s access to cloud services, even over human rights concerns. Israeli officials designed the arrangement to protect data sovereignty and ensure uninterrupted access amid global scrutiny of its use of cloud technology in military operations. Legal experts say the mechanism could breach secrecy laws in the U.S. or other jurisdictions. Both companies deny evading legal obligations or breaching international law. The deal highlights Israel’s extensive control over its government and military data—and raises questions about tech firms’ accountability in global surveillance.

The FCC tamps down on overseas robocalls. 

The FCC has approved a new rule expanding caller ID requirements to curb the surge in robocalls, especially those originating overseas. The measure broadens the definition of caller identity information, mandates providers to verify caller names, and requires alerts when calls come from abroad or misuse U.S. area codes. Providers must also display “verified caller names” and additional data such as logos or call purposes. Officials say the rule enhances transparency and may help deter fraudulent international calls.

 

Danes Draw the line at digital doppelgängers. 

Denmark has decided it’s time to stop letting AI borrow people’s faces, voices, and dignity without permission. In what it claims is a European first, the Danish government plans to rewrite copyright law so that everyone legally owns their own face—and presumably, their own bad hair days too. Culture Minister Jakob Engel-Schmidt declared the law will send a clear message: humans are not open-source material. The proposal, backed by nearly all MPs, would give citizens the right to demand removal of deepfakes and digital impersonations. Parody and satire, mercifully, remain safe. Engel-Schmidt warned that if platforms fail to comply, fines will follow—and he’s even eyeing Europe’s chair for inspiration-sharing. Denmark, it seems, is politely but firmly telling AI: hands off the humans.

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re proud that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K helps cybersecurity professionals and organizations grow, learn, and stay ahead. We’re the nexus for discovering the people, tech, and ideas shaping the industry.  Learn how at n2k.com.

 

N2K’s senior producer is Alice Carruth. Our producer is Liz Stokes. We’re mixed by Elliott Peltzman and Tré Hester, with original music by Elliott Peltzman. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.

CyberWire Daily
Podcast Info
HOST(S):
Dave Bittner
Dave Bittner is a security podcast host and one of the founders at CyberWire. He's a creator, producer, videographer, actor, experimenter, and entrepreneur. He's had a long career in the worlds of television, journalism and media production, and is one of the pioneers of non-linear editing and digital storytelling.
Schedule: Monday-Friday
Creator: CyberWire, Inc.