Former NSA chief says the U.S. can beat China in cyberspace. Canvas cuts a deal with hackers. The FCC proposes KYC rules for phone users. SAP patches critical flaws. A poisoned TanStack npm supply chain attack spreads malware. Humanitarian aid lures deliver spyware. Japan launches an AI-driven cyber review. Texas sues Netflix over data practices. And Harvard experts debate the future of agentic AI security. On our Threat Vector segment David Moulton welcomes, Assaf Keren, CSO at Qualtrics and author of Lessons from the Frontlines. Our guest is Tim Starks from CyberScoop discussing changes to the CyberCorps Scholarship program. The Gentleman’s guide to awful OPSEC.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector AI is the most powerful tool defenders have ever had. It's also the most dangerous weapon attackers have ever had. Assaf Keren, CSO at Qualtrics and author of Lessons from the Frontlines, has seen AI reshape both sides of the threat equation. In this conversation, he gets specific about what happens when powerful tools fall into the wrong hands, and what leaders need to do before they get caught off-guard. You can listen to the full conversation here, and catch new episodes of Threat Vector with host David Moulton every Thursday on your favorite podcast app. CyberWire Guest Today we are joined by Tim Starks from CyberScoop discussing changes to the CyberCorps Scholarship program. You can read more in Tim’s article “Trump officials are steering a cybersecurity scholarship program toward AI.” Selected Reading I Ran the N.S.A. This Is How to Defeat China’s Hacker Army. (The New York Times) Canvas hack: company pays criminals to delete students' stolen data (BBC News) FCC Attempts to Solve Robocall Problem by Potentially Creating Even Bigger Privacy Problem (Gizmodo) SAP Patches Critical S/4HANA, Commerce Vulnerabilities (SecurityWeek) Cache-poisoning caper turns TanStack npm packages toxic (The Register) Operation HumanitarianBait Uses Fake Aid Documents to Deploy Python Spyware (Hackread) Japan’s PM orders cybersecurity review to stop Mythos going full CyberZilla (The Register) Texas sues Netflix over alleged data practices that create ‘surveillance machinery’ without user consent (The Record) Time for government, business leaders to figure out AI cybersecurity regulation (Harvard Gazette) Tables Turned: Gentlemen Ransomware Group Suffers Data Leak (BankInfo Security) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices