CyberWire Daily

Today we are joined by Selena Larson, Threat Researcher from Proofpoint research team and co-host of Only Malware in the Building, talking about their work on "(Don't) TrustConnect: It's a RAT in an RMM hat." Proofpoint uncovered TrustConnect, a malware-as-a-service platform posing as a legitimate remote monitoring and management (RMM) tool, but actually functioning as a remote access trojan (RAT) sold to cybercriminals for $300/month.

The operation used a fake business website, legitimate-looking certificates, and branded installers (like fake Microsoft Teams or Zoom apps) to trick victims, while providing attackers with full remote control, file transfer, and surveillance capabilities. Although parts of its infrastructure were disrupted, the threat actor quickly rebounded with new variants, highlighting both the resilience of the operation and its deep ties to the broader cybercriminal ecosystem abusing RMM tools.

The research and executive brief can be found here:

(Don't) TrustConnect: It's a RAT in an RMM hat

Learn more about your ad choices. Visit megaphone.fm/adchoices

The Treasury Secretary and Fed Chair summon bankers over AI concerns. A hacker claims more than 10 petabytes stolen from China’s National Supercomputing Center. Recalibrating the quantum timeline. Researchers demo prompt injection against Apple Intelligence. Payroll Pirates target Canadians. Gmail gets end-to-end encryption on mobile devices. A Chrome update fixes critical vulnerabilities. A Pennsylvania cop admits creating more than 3,000 AI-generated pornographic deepfakes. Our guest is Henry Comfort, Co-Founder and CEO of Geordie AI, winner of this year’s RSAC Innovation Sandbox.  FCC floats firmer filters for fraudulent phone calls.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today, Dave shares coverage of the RSAC 2026 Innovation Sandbox and his conversation with Henry Comfort, Co-Founder and CEO  from the winner of “Most Innovative Startup” Geordie AI. We tip our hats to this year’s finalists.

Selected Reading

Bessent and Powell’s A.I. Anxiety  (The New York Times)

Court Backs Pentagon Anthropic Ban - But the Fight Continues (GovInfo Security)

A hacker has allegedly breached one of China’s supercomputers and is attempting to sell a trove of stolen data (CNN)

Why is the timeline to quantum-proof everything constantly shrinking? (CyberScoop)

Microsoft: Canadian employees targeted in payroll pirate attacks (Bleeping Computer)

Google rolls out Gmail end-to-end encryption on mobile devices (Bleeping Computer)

Chrome 147 Patches 60 Vulnerabilities, Including Two Critical Flaws Worth $86,000  (SecurityWeek)

Police corporal created AI porn from driver's license pics (Ars Technica)

FCC proposes new rule to further crackdown on illegal robocalls (The Record)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Iran-linked hackers signal cyberattacks will continue despite the cease-fire. Microsoft restores access after suspending open-source developer accounts. John Deere settles its right-to-repair fight. A suspected Adobe Reader zero-day surfaces. Palo Alto Networks and SonicWall patch high-severity flaws. New macOS malware targets crypto wallets. A threat cluster abuses live chat to bypass MFA. CISA orders urgent Ivanti patching. Researchers track a stealthy DDoS-for-hire botnet. Our guest is Edgard Capdevielle, CEO of Nozomi Networks, sharing insights on threats posed by nation-states and AI on OT security. macOS has a 49 day time limit. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On today’s Industry Voices, we are joined by Edgard Capdevielle, CEO of Nozomi Networks, sharing insights on threats posed by nation-states and AI on OT security. If you enjoyed this conversation, check out the full interview here.

Selected Reading

Shaky Ceasefire Unlikely to Stop Cyberattacks From Iran-Linked Hackers for Long (SecurityWeek)

Microsoft suspends dev accounts for high-profile open source projects (Bleeping Computer)

John Deere to Pay $99 Million in Monumental Right-to-Repair Settlement (The Drive)

Adobe Reader Zero-Day Exploited for Months: Researcher (SecurityWeek)

Palo Alto Networks, SonicWall Patch High-Severity Vulnerabilities (SecurityWeek)

New macOS Malware notnullOSX Targets Crypto Wallets Over $10K (Hackread)

Google Warns of New Threat Group Targeting BPOs and Helpdesks (Infosecurity Magazine)

Masjesu Rising: The Commercial IoT Botnet Built for Stealth, DDoS, and IoT Evasion (Trellix)

CISA orders feds to patch exploited Ivanti EPMM flaw by Sunday (Bleeping Computer)

We Found a Ticking Time Bomb in macOS TCP Networking - It Detonates After Exactly 49 Days (Photon Blog)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Federal agencies warn Iranian-linked hackers are probing U.S. critical infrastructure, while the DOJ disrupts a Russian router hijacking campaign. Cyberattacks hit Minnesota government systems and force a Massachusetts hospital to divert ambulances. Anthropic limits access to its new AI bug-hunting model, hackers leak terabytes of LAPD data, and researchers warn of a rise in AI recommendation poisoning. Our guest is Benny Czarny, Founder and CEO of OPSWAT, discussing his book "Cybersecurity Upside Down: Rethink Your Cybersecurity Strategy." Japan trades red tape for training data. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On today’s Industry Voices, we are joined by Benny Czarny, Founder and CEO of OPSWAT, discussing his book "Cybersecurity Upside Down: Rethink Your Cybersecurity Strategy." If you enjoyed this interview, check out the full conversation here.

Selected Reading

Iran-Linked Hackers Are Sabotaging US Energy and Water Infrastructure (WIRED)

Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure (FBI Internet Crime Complaint Center (IC3))

Pro-Iran Group Takes Credit for Cyberattacks on Chime, Pinterest (Bloomberg)

US disrupts Russian military-run DNS hijacking network, Justice Department says (Reuters)

Frostarmada forest blizzard dns hijacking (Lumen Technologies Black Lotus Labs) 

Minnesota governor orders emergency support for cyberattack disrupting county's 'critical systems' (StateScoop)

Massachusetts hospital turning ambulances away after cyberattack (The Record)

What Anthropic Glasswing reveals about the future of vulnerability discovery (CSO Online)

Sensitive LAPD records leaked in hack of L.A. city attorney's office (LA Times) 

Manipulating AI memory for profit: The rise of AI Recommendation Poisoning (Microsoft Security Blog)

Japan relaxes privacy laws to make AI development easy (The Register)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA faces a $700 million budget cut. Russian and Iranian cyber cooperation raises concerns. New BPFDoor variants emerge. Cybercrime losses climb again. Researchers advance a GPU Rowhammer attack. Northern Ireland schools go offline after a breach. An alleged hacker-for-hire faces U.S. charges. And German police name the suspected REvil mastermind. Our guest is John Anthony Smith, Founder and Chief Security Officer at Fenix24, explaining why more technology hasn't made us more secure. A frustrated researcher drops the hammer. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On today’s Industry Voices segment, John Anthony Smith, Founder and Chief Security Officer at Fenix24, discusses why more technology hasn't made us more secure. Check out the full conversation here.

Selected Reading

White House Seeks to Slash CISA Funding by $707 Million (SecurityWeek)

Exclusive: Russia supplies Iran with cyber support, spy imagery to hone attacks, Ukraine says (Reuters)

New Whitepaper: Stealthy BPFDoor Variants are a Needle That Looks Like Hay (Rapid7)

 FBI Internet Crime Complaint Center (IC3) Report 2025 (FBI Internet Crime Complaint Center (IC3))

GPUBreach: Root Shell Access Achieved via GPU Rowhammer Attack (SecurityWeek)

Cyberattack hits Northern Ireland’s centralized school network, disrupting access for thousands (The Record)

Suspect in Hacking of Climate Activists Is Extradited to New York (New York Times) 

German Police Unmask REvil Ransomware Leader (SecurityWeek)

Disgruntled researcher leaks “BlueHammer” Windows zero-day exploit (Bleeping Computer)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices