Chalk one up for defenders.

CyberWire Daily

N2K Networks, Inc.

Daily News, Tech News, News, Technology

4.6 • 1K Ratings

🗓️ 9 September 2025

⏱️ 29 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

The open source community heads off a major npm supply chain attack. The Treasury Department sanctions cyber scam centers in Myanmar and Cambodia. Scammers abuse iCloud Calendar invites to send callback phishing emails. Researchers discover a new malware variant exploiting exposed Docker APIs. Phishing attacks abuse the Axios user agent and Microsoft’s Direct Send feature. Plex warns users of a data breach. Researchers flag a surge in scans targeting Cisco ASA devices. CISA delays finalizing its incident reporting rule. The GAO says federal cyber workforce figures are incomplete and unreliable. Our guest is Kevin Magee, Global Director of Cybersecurity Startups at Microsoft Security, discussing cybersecurity education going back to school. AI earns its own Darwin awards. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Kevin Magee, Global Director of Cybersecurity Startups at Microsoft Security discussing cybersecurity education going back to school. Selected Reading Hackers hijack npm packages with 2 billion weekly downloads in supply chain attack (Bleeping Computer) Open Source Community Thwarts Massive npm Supply Chain Attack (Infosecurity Magazine) US sanctions companies behind cyber scam centers in Cambodia, Myanmar (The Record) New Apple Warning, This iCloud Calendar Invite Is Actually An Attack (Forbes) New Docker Malware Strain Spotted Blocking Rivals on Exposed APIs (HackRead) Axios User Agent Helps Automate Phishing on “Unprecedented Scale” (Infosecurity Magazine) Plex Urges Password Resets Following Data Breach (SecurityWeek) Surge in networks scans targeting Cisco ASA devices raise concerns (Bleeping Computer) CISA pushes final cyber incident reporting rule to May 2026 (CyberScoop) US government lacks clarity into its infosec workforce (The Register) AI Darwin Awards launch to celebrate spectacularly bad deployments (The Register) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Transcript

Click on a timestamp to play from that location

0:00.0	You're listening to the Cyberwire Network, powered by N2K.
0:09.7	AI adoption is exploding, and security teams are under pressure to keep up.
0:16.9	That's why the industry is coming together at the Datasec AI conference,
0:21.4	the premier event for cybersecurity data and AI leaders, hosted by data security leader,
0:27.4	Saira.
0:28.5	Built for the industry, by the industry, this two-day conference is where real-world insights and bold solutions take center stage.
0:36.6	Datasek AI 25 is happening November 12th and 13th in Dallas.
0:41.8	There's no cost to attend.
0:43.4	Just bring your perspective and join the conversation.
0:46.7	Register now at Datasek AI 2025.com backslash cyberwire.
0:52.7	Thank you. dot com backslash cyberwire The open source community heads off a major NPM supply chain attack.
1:10.0	The Treasury Department sanctions cyber scam centers in Myanmar and Cambodia.
1:14.6	Scammers abuse iCloud calendar invites to send callback fishing emails.
1:19.6	Researchers discover a new malware variant exploiting exposed Docker APIs.
1:24.6	Fishing attacks abuse the Axios user agent and Microsoft DirectSend feature.
1:29.5	Plex warns users of a data breach. Researchers flag a surge in scans, targeting Cisco ASA devices.
1:36.7	SISA delays finalizing its incident reporting rule. The GAO says federal cyber workforce figures are incomplete and unreliable. Our guest is Kevin McGee, Global Director of Cybersecurity Startups at Microsoft Security, discussing cybersecurity education and going back to school. And AI earns its own Darwin Awards.
2:14.3	It's Tuesday, September 9th, 2025.
2:18.4	I'm Dave Bittner, and this is your Cyberwire Intel briefing.
2:34.7	Thanks for joining us here. It is great to have you with us.
2:43.7	A major supply chain attack targeting the NPM ecosystem was stopped thanks to the rapid response of the open source community.
2:53.7	Attackers compromise the NPM account of well-known developer Josh Junon, also known as Kix, publishing malicious versions of widely used packages such as chalk and strip ANSI. The malware acted as a crypto-clipper,
	...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from N2K Networks, Inc., and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of N2K Networks, Inc. and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.