Legislating in the shadow of hackers.

The CBO was hacked by a suspected foreign actor. Experts worry Trump’s budget cuts weaken U.S. cyber defenses. Regulation shapes expectations. ClickFix evolves on macOS. Notorious cybercrime groups form a new “federated alliance.” Congressional leaders look to counter China’s influence in 6G networks. An EdTech firm pays $5.1 million to settle data breach claims. Nevada did not pay the ransom. Our guest is CEO and Co-Founder Ben Nunez from Evercoast, winner of the 8th Annual DataTribe Challenge. The FBI tries to uncover the archivist.

Today is Friday November 7th 2025. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

The CBO was hacked by a suspected foreign actor. 

The Congressional Budget Office (CBO), Congress’s nonpartisan fiscal analyst, was hacked by a suspected foreign actor, potentially exposing sensitive communications and financial data used in crafting legislation. Officials discovered the breach recently and worry adversaries may have accessed internal emails, chats, and correspondence with lawmakers. According to a spokesperson, the CBO quickly contained the incident, added new monitoring, and continues its work while the investigation proceeds. Some congressional offices have reportedly paused email contact with the agency over security concerns. The CBO provides independent economic projections and cost estimates for every bill, serving as a vital counterweight to the White House’s budget agencies. Its analyses frequently influence legislative debates and fiscal policy across both chambers of Congress.

Experts worry Trump’s budget cuts weaken U.S. cyber defenses. 

Experts warn that budget cuts and restructuring under President Trump’s administration have weakened U.S. cybersecurity defenses, leaving the nation and economy more vulnerable to attack. A new assessment from the Cyberspace Solarium Commission found declining progress toward key national cyber goals, citing reduced funding and staff at agencies such as the Cybersecurity and Infrastructure Security Agency (CISA) and the State Department. The lapse of an information-sharing law and the disbanding of key coordination councils have further hampered public-private collaboration. Experts say this “death by a thousand papercuts” erodes visibility into nation-state threats like China’s Volt Typhoon campaign, even as artificial intelligence accelerates attack capabilities. Analysts warn that cutting federal resources while shifting responsibility to states and industry heightens national cyber risk.

Regulation shapes cybersecurity expectations. 

According to CNBC, a quiet but profound shift is reshaping cybersecurity: regulation is making accountability a daily expectation rather than a compliance exercise. Frameworks like the EU’s Digital Operational Resilience Act (DORA), U.S. Secure-by-Design principles, and new SEC disclosure rules are driving cultural change across organizations. Regulators now demand proof of readiness, transparency in incident response, and evidence that systems were built securely from the start. This evolution pushes security, engineering, and legal teams to collaborate continuously instead of treating compliance as an annual checkbox. Experts say the focus has moved from bureaucracy to behavior—embedding accountability into design, operations, and communication. In this new landscape, transparency and preparedness are emerging as competitive advantages rather than regulatory burdens.

ClickFix evolves on macOS. 

ClickFix attacks have rapidly evolved on macOS, with threat actors refining fake Cloudflare verification pop-ups that mimic legitimate pages and even include instructional videos and countdown timers. The tactic, long used against Windows users, tricks victims into manually executing malicious commands that install malware—often bypassing security tools. Recent macOS variants, such as one deploying the SHAMOS info stealer, show greater sophistication and fewer execution steps. Experts warn that user awareness remains the strongest defense as attackers continue adapting.

Speaking of ClickFix, cybersecurity researchers uncovered a large-scale phishing campaign exploiting Booking.com partner accounts to steal customer data. According to Sekoia.io, attackers compromised hotel systems using the ClickFix social engineering tactic, tricking victims into executing PowerShell commands that installed the PureRAT remote access Trojan. The malware enabled credential theft, system control, and data exfiltration. Stolen Booking.com, Airbnb, and Expedia credentials were traded or used in payment scams. Fraudulent messages mimicked legitimate booking details, directing victims to fake payment pages. The campaign remains active and highly profitable.

Notorious cybercrime groups form a new “federated alliance.”

A new “federated alliance” of three notorious cybercrime groups—Scattered Spider, ShinyHunters, and LAPSUS$—has formed to launch extortion-as-a-service (EaaS) operations, according to Trustwave researchers. Operating under the handle “scatteredlapsu$ hunters” (SLH), the coalition combines elite skills in social engineering, lateral movement, and data exfiltration, posing a major threat to enterprises. Experts describe this merger as the evolution of cybercrime into coordinated business-style operations targeting weak identity controls and legacy multi-factor authentication (MFA). SLH reportedly plans to release its own ransomware, Sh1nySp1d3r, and collaborate with other criminal clusters. Researchers warn this marks a new phase of organized cyber extortion emphasizing collaboration, efficiency, and credential-based compromise.

Congressional leaders look to counter China’s influence in 6G networks. 

Congressional leaders are demanding more transparency from federal agencies on strategies to counter China’s growing influence in technology and cybersecurity, especially in developing 6G networks. Representative Raja Krishnamoorthi urged Secretary of State Marco Rubio to strengthen international coalitions promoting secure, non-Chinese telecommunications infrastructure and to prevent a repeat of U.S. missteps during 5G’s rollout. Lawmakers warn that China is already shaping global 6G standards through partnerships and summits. Meanwhile, congressional Republicans are pressing the Commerce Department to curb Chinese technology in U.S. supply chains, citing risks to infrastructure, AI systems, and industrial control networks. Both parties agree that technological dominance and security in next-generation communications represent critical national interests requiring coordinated investment, diplomacy, and stronger standards leadership.

An EdTech firm pays $5.1 million to settle data breach claims. 

Educational technology firm Illuminate Education will pay $5.1 million and overhaul its security practices to settle claims tied to a 2021 data breach that exposed sensitive student information. The breach, affecting students in 49 states and three million in California, stemmed from poor access controls, weak monitoring, and unsecured databases. California, Connecticut, and New York attorneys general said Illuminate failed to revoke ex-employee credentials and misled users about compliance. The company has agreed to strengthen monitoring and data protection measures.

Nevada did not pay the ransom. 

Nevada officials confirmed the state did not pay ransom after an August ransomware attack that disrupted critical government systems. Working with the FBI, Mandiant, and others, the state restored operations in 28 days, recovering about 90% of affected data. The attack began when a state employee unknowingly downloaded a malware-laced tool from a spoofed website, part of a search engine optimization poisoning campaign. The attacker gained persistence, moved laterally, and deployed ransomware after deleting backups. No data exfiltration was detected, and only one file contained personal information. The state spent roughly $1.6 million on recovery costs and overtime. Governor Joe Lombardo praised teams for restoring payroll and essential services without paying criminals, pledging further network segmentation and stronger cybersecurity defenses.

The FBI tries to uncover the archivist. 

The FBI has apparently set its sights on one of the internet’s more eccentric institutions: archive.today, the site beloved by journalists, researchers, and anyone allergic to paywalls. According to a subpoena posted by the site itself—a characteristically defiant move—the Bureau wants to unmask whoever runs the operation, demanding everything from IP addresses to payment details. The request was sent to Tucows, the Canadian registrar, with the usual “don’t tell anyone” clause that Archive.today, of course, promptly told everyone about.

Launched in the early 2010s, the site became infamous during the GamerGate era for archiving web pages so users could quote—and dunk—without sending traffic to the originals. Since then, it’s become the internet’s attic: part preservation project, part paywall circumvention machine, and wholly mysterious. No one quite knows who runs it—rumor has it, a solitary Russian with a soft spot for dead links. The FBI, it seems, would very much like to know more.

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

 

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re proud that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K helps cybersecurity professionals and organizations grow, learn, and stay ahead. We’re the nexus for discovering the people, tech, and ideas shaping the industry.  Learn how at n2k.com.

 

N2K’s senior producer is Alice Carruth. Our producer is Liz Stokes. We’re mixed by Elliott Peltzman and Tré Hester, with original music by Elliott Peltzman. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.