Podcasts
CyberWire Daily
Ep 2426
The CyberWire Daily Podcast 11.3.25
Ep 2426 | 11.3.25

FCC resets cyber oversight.

Show Notes
Transcript

The FCC plans to roll back cybersecurity mandates that followed Salt Typhoon. The alleged cybercriminal MrICQ has been extradited to the U.S. Ransomware negotiators are accused of conducting ransomware attacks. Ernst & Young accidentally exposed a 4-terabyte SQL Server backup. A hacker claims responsibility for last week’s University of Pennsylvania breach. The UK chronicles cyberattacks on Britain’s drinking water suppliers. Monday business brief. Our guest is Caleb Tolin, host of Rubrik's Data Security Decoded podcast. Hackers massage the truth.

Today is Monday November 3rd 2025. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

The FCC plans to roll back cybersecurity mandates that followed Salt Typhoon. 

The Federal Communications Commission plans to rescind several cybersecurity mandates introduced after the Salt Typhoon hacking campaign, in which Chinese state-backed actors breached major U.S. telecoms to steal communications involving Donald Trump, JD Vance, and other officials. The rules, issued in January, required carriers to implement formal risk management plans and certify compliance annually. FCC Secretary Marlene Dortch called the measures “legally erroneous” and overly broad, arguing they imposed inflexible, redundant requirements regardless of company size or risk profile. Instead, the FCC said it will emphasize voluntary, collaborative cybersecurity efforts through public-private partnerships. Telecom companies told the agency they have already strengthened defenses, citing faster patching, tighter access controls, and expanded threat sharing with U.S. agencies. Critics, including Sen. Mark Warner, warned that weak oversight contributed to what he called the “worst telecom hack in our nation’s history.” The FCC will vote on the rollback November 20.

The alleged cybercriminal MrICQ has been extradited to the U.S. 

Ukrainian national Yuriy Igorevich Rybtsov, known online as “MrICQ,” has been extradited to the U.S. after his arrest in Italy for his role in the Jabber Zeus cybercrime group, Krebs on Security reports. Indicted in 2012, Rybtsov allegedly helped develop and operate a modified version of the Zeus banking trojan that stole tens of millions from U.S. businesses through “man-in-the-browser” attacks. The malware intercepted online banking data, enabling the group to redirect payroll funds through networks of “money mules.” Investigators say Rybtsov helped manage victim notifications and launder stolen funds. His former associate, Vyacheslav “Tank” Penchukov, was sentenced in 2023 to 18 years in prison. The Jabber Zeus operation is also linked to Maksim “Aqua” Yakubets, leader of Evil Corp, a Russia-based gang responsible for over $100 million in global financial theft.

Ransomware negotiators are accused of conducting ransomware attacks. 

Two U.S. cybersecurity professionals have been indicted for allegedly conducting ransomware attacks while employed to negotiate with cybercriminals. Prosecutors say Kevin Tyler Martin, a former ransomware negotiator at DigitalMint, and Ryan Clifford Goldberg, an incident response manager at Sygnia, conspired with another DigitalMint employee to extort millions from multiple organizations between May 2023 and April 2025. The group reportedly infected a Florida medical firm, demanding $10 million and ultimately stealing $1.2 million in cryptocurrency, which they laundered through mixers and digital wallets. They also targeted companies in Maryland, California, and Virginia. Both men have been charged with conspiracy, extortion, and damaging protected computers. DigitalMint fired the suspects and cooperated with the FBI, stressing that no client systems were compromised. Goldberg is in custody; Martin was released on bond.

Ernst & Young accidentally exposed a 4-terabyte SQL Server backup. 

Ernst & Young (EY) accidentally exposed a 4-terabyte SQL Server backup on Microsoft Azure, discovered in October 2025 by Dutch firm Neo Security during attack surface scans. The leak, traced to a misconfigured cloud storage instance from an EY Italy acquisition, left the massive file publicly accessible. EY said no client or confidential data was compromised and attributed the issue to an isolated system outside its global network. The exposure’s contents and duration remain unclear, though the file was confirmed unencrypted.

A hacker claims responsibility for last week’s University of Pennsylvania breach. 

A hacker has claimed responsibility for the University of Pennsylvania breach that led to offensive “We got hacked” emails sent to alumni and students last week. The attacker says the intrusion exposed data on 1.2 million donors, students, and alumni, including personal and demographic details, donation history, and estimated net worth. Using a compromised employee’s PennKey SSO credentials, the hacker allegedly accessed Penn’s Salesforce, SAP, Qlik, SharePoint, and VPN systems before being locked out. They then used Salesforce Marketing Cloud to send mass emails to about 700,000 recipients. The hacker denies political motives, saying their goal was Penn’s donor database, which they may release later. Penn confirmed it is investigating, while experts urge donors to watch for phishing and fraudulent solicitations.

The UK chronicles cyberattacks on Britain’s drinking water suppliers. 

Hackers have launched five cyberattacks on Britain’s drinking water suppliers since early 2024—the highest number in any two-year span—according to data from the Drinking Water Inspectorate (DWI). While none disrupted water safety, the incidents targeted the organizations behind critical infrastructure, underscoring growing cyber risks. The attacks were voluntarily reported despite not meeting the threshold under the NIS Regulations, which only mandate disclosure if essential services are disrupted. Officials plan to lower that bar through the upcoming Cyber Security and Resilience Bill. Experts praised the voluntary transparency, citing the importance of sharing intelligence about ransomware and industrial control system threats. Britain’s National Cyber Security Centre urges utilities to strengthen segmentation between IT and operational systems to reduce future attack impact.

Monday business brief. 

Turning to our Monday business brief, the cybersecurity sector saw a wave of acquisitions and funding rounds last week. JumpCloud acquired identity threat detection firm Breez to expand its ITDR capabilities, while Presidio agreed to buy Irish MSP Ergo, strengthening its UK and Ireland presence. MTX Group acquired VerifyID.ai, boosting its AI-based identity verification offerings. DoiT purchased Israel’s CloudWize to integrate compliance and security with cloud management, and Advent Partners took a majority stake in Australian MSP efex. Meanwhile, Insight Enterprises plans to acquire Sydney-based Sekuro to grow its APAC cybersecurity footprint.

On the funding front, Chainguard raised $280 million to accelerate software supply chain security adoption, and Sublime Security secured $150 million for AI-driven email defense. Other raises include ConductorOne ($79M), SimSpace ($39M), nexos.ai (€30M), CyberRidge ($26M), Darwin AI ($15M), Acoru (€10M), and Polygraf AI ($9.5M).

Be sure to check out our complete weekly business brief, part of Cyberwire Pro, on our web site. 

Hackers massage the truth. 

South Korean police have busted a phishing gang with a particularly creative business model — blackmailing people over massage videos that never existed. According to the Gyeonggi Nambu Provincial Police Agency, a hacker in his 30s and three twenty-something accomplices stole client data from massage parlor owners’ phones, then used it to threaten 62 victims with imaginary footage of their “visits.” Their script: pay up or your “massage session” goes viral. Police traced the group to a Busan office packed with burner phones, laptops, and what must’ve been a very awkward to-do list. The hacker, already in custody for another cybercrime, was joined by ten helpful accomplices who managed everything from hiding fugitives to laundering the loot. 

Authorities say the gang’s operation has been permanently shut down, no patch or update required. 

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

 

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re proud that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K helps cybersecurity professionals and organizations grow, learn, and stay ahead. We’re the nexus for discovering the people, tech, and ideas shaping the industry.  Learn how at n2k.com.

 

N2K’s senior producer is Alice Carruth. Our producer is Liz Stokes. We’re mixed by Elliott Peltzman and Tré Hester, with original music by Elliott Peltzman. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.

CyberWire Daily
Podcast Info
HOST(S):
Dave Bittner
Dave Bittner is a security podcast host and one of the founders at CyberWire. He's a creator, producer, videographer, actor, experimenter, and entrepreneur. He's had a long career in the worlds of television, journalism and media production, and is one of the pioneers of non-linear editing and digital storytelling.
Schedule: Monday-Friday
Creator: CyberWire, Inc.