The cloud that spies back.

Researchers detail a years-long Russian state-sponsored cyber espionage campaign. Israel’s cyber chief warns against complacency. Vulnerabilities affect products from Fortinet and Hitachi Energy. Studies show AI models are rapidly improving at offensive cyber tasks. MITRE expands its D3FEND cybersecurity ontology to cover operational technology. Texas sues smart TV manufacturers, alleging illegal surveillance. A fraudulent gift card locks an Apple user out of their digital life. Our guest is Doron Davidson from Cyberproof Israel discussing agentic SOCs and agentic transformation of an MDR. Fat racks crack the stacks.

Today is Wednesday December 17th 2025. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

Researchers detail a years-long Russian state-sponsored cyber espionage campaign. 

Amazon’s threat intelligence team has detailed a years-long Russian state-sponsored cyber espionage campaign targeting Western critical infrastructure from 2021 through 2025. Attributed with high confidence to Russia’s GRU, the activity focused on energy companies, telecom operators, cloud and network infrastructure providers across North America, Europe, and parts of the Middle East. The attackers primarily gained access by exploiting vulnerabilities and misconfigurations in cloud-hosted network edge devices, including routers, VPNs, and management appliances running on AWS. Over time, the campaign shifted from exploiting known software flaws to abusing misconfigurations, allowing quieter and more persistent access. Compromised devices were used to capture network traffic, steal credentials, and move laterally into victim environments. Amazon says it has disrupted activity and notified affected customers, underscoring the ongoing risk to critical infrastructure from cloud and supply chain compromises.

Israel’s cyber chief warns against complacency. 

Israel and the United States face cyber threats far more severe than those publicly reported, according to Maj. Gen. Aviad Dagan, head of the Israel Defense Forces Cyber Defense Directorate. Dagan warned that while data breaches often dominate headlines, dozens of cyberattacks have had the potential to damage real-world critical infrastructure. He said Israel must assume future cyberattacks will be significantly more destructive than those seen so far and cautioned against complacency despite Israel’s strong cyber defenses. Emphasizing national security obligations, Dagan highlighted close cooperation with the United States, including long-running joint cyber warfare exercises with US Cyber Command. He cited Iran’s 2020 cyberattack on Israel’s water system as a near-disaster example, noting ongoing hostile activity from Iran, China, and others, alongside reported Israeli cyber responses targeting Iranian infrastructure.

Vulnerabilities affect products from Fortinet and Hitachi Energy. 

CISA has warned of active exploitation of two critical Fortinet authentication bypass vulnerabilities affecting multiple products. Tracked as CVE-2025-59718 and CVE-2025-59719, both flaws allow unauthenticated attackers to bypass FortiCloud single sign-on using crafted SAML messages, potentially gaining full administrative control. Exploitation began just days after patches were released. CISA and Fortinet urge organizations to act immediately by isolating management interfaces, disabling FortiCloud SSO, and upgrading to the latest secure versions.

Hitachi Energy has disclosed a critical BlastRADIUS vulnerability affecting legacy AFS, AFR, and AFF series products. Tracked as CVE-2024-3596 with a CVSS score of 9.0, the flaw stems from weaknesses in the RADIUS protocol that can allow response forgery attacks. Devices are only vulnerable if RADIUS is enabled and the Message Authenticator option is disabled. There is no patch. Hitachi Energy urges organizations to restore default RADIUS settings, verify Message Authenticator is enabled, and ensure affected systems are isolated from the internet.

Studies show AI models are rapidly improving at offensive cyber tasks. 

Researchers and industry leaders warn that fully autonomous AI-driven cyberattacks are moving from a distant possibility to an eventual certainty. Recent studies show AI models are rapidly improving at offensive cyber tasks, even as today’s systems still require human guidance. Executives from Anthropic and Google are set to testify before Congress on how AI is reshaping the cyber threat landscape, with Anthropic warning that AI could enable cyberattacks at unprecedented scale and sophistication. OpenAI has also cautioned that future frontier models may significantly lower the skill and time needed to launch attacks. Academic research, including a Stanford study where an AI agent outperformed most human bug hunters, underscores the trend. While safeguards remain, experts stress urgency in strengthening AI-powered defenses and limiting adversarial access to advanced AI technology.

MITRE expands its D3FEND cybersecurity ontology to cover operational technology. 

MITRE has expanded its D3FEND cybersecurity ontology to cover operational technology, creating a structured framework for defending cyber-physical systems used in critical infrastructure, industrial environments, and defense operations. Operational technology, which includes controllers, sensors, and actuators, directly manages physical processes and poses unique risks as systems become increasingly connected to networks and the cloud. The D3FEND for OT extension provides a shared knowledge model to help organizations understand adversary behaviors, identify essential observations and controls, and protect systems not designed for internet exposure. Funded by the U.S. Department of Defense and the National Security Agency, the framework adds OT-specific artifacts, countermeasures, and mappings to related resources. MITRE says the open, extensible ontology will support cybersecurity operations, strategic decision making, and collaboration across the global security community.

Texas sues smart TV manufacturers, alleging illegal surveillance. 

Texas Attorney General Ken Paxton has sued five major smart TV manufacturers, Samsung, LG, Sony, Hisense, and TCL, alleging they illegally spy on consumers through automated content recognition, or ACR, technology. The lawsuits claim the TVs secretly capture screen data in near real time, track viewing habits across apps and connected devices, and transmit that data for targeted advertising without meaningful user consent. Texas argues the practice violates the state’s Deceptive Trade Practices Act and seeks significant civil penalties and court orders halting ACR data collection during litigation. Paxton also raised national security concerns about Chinese-based manufacturers Hisense and TCL, citing China’s data laws. The complaints say consent mechanisms are misleading, opt-out processes are intentionally difficult, and consumers are unaware their televisions function as surveillance tools.

A fraudulent gift card locks an Apple user out of their digital life. 

A longtime Apple user has described losing access to their entire Apple digital life after attempting to redeem a $500 Apple Gift Card, highlighting risks tied to gift card fraud and automated account protections. After the first code was rejected and reissued by a major retailer, Apple locked the account. The affected Apple ID, in use for roughly 25 years, held family photos, messages, purchases, and device sync data, effectively disabling multiple devices and a linked developer account. Despite providing receipts, the user says Apple support offered no explanation and refused escalation, suggesting actions that could violate Apple’s own policies. While Apple insiders suggest additional factors may be involved, the case underscores the fragility of digital ecosystems, the impact of false fraud flags, and the importance of backups and cautious gift card purchases.

Fat racks crack the stacks. 

For a hopeful moment, it seemed possible that the AI boom might be solved with a wrench, some fresh paint, and a reassuring pat on the server rack. After all, data centers have been around for decades. Surely they could just be upgraded. Experts, unfortunately, have met this optimism with laughter of the professional, deeply tired variety.

The issue is not software. It is weight. AI racks now tip the scales at up to 5,000 pounds, roughly equivalent to parking a compact car where a filing cabinet once lived. Floors crack, elevators groan, doorways revolt. These racks are crammed with GPUs, memory, liquid cooling systems, and power delivery hardware that legacy data centers were never designed to tolerate.

As AI gulps down compute, Big Tech keeps building bigger facilities, while older centers quietly carry on storing ordinary, non-AI data. The future is shiny and heavy. The past still needs a place to sit.

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com. 

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re proud that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K helps cybersecurity professionals and organizations grow, learn, and stay ahead. We’re the nexus for discovering the people, tech, and ideas shaping the industry.  Learn how at n2k.com. 

N2K’s senior producer is Alice Carruth. Our producer is Liz Stokes. We’re mixed by Elliott Peltzman and Tré Hester, with original music by Elliott Peltzman. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.