ShadyPanda plays the long game. India mandates tracking software on mobile devices. Korea weighs punitive damages after a massive breach. Qualcomm patches a critical boot flaw impacting millions. OpenAI patches a Codex CLI vulnerability. Google patches Android zero-days. Cybersecurity issues prompt an FDA permanent recall for an at-home ventilator system. Switzerland questions the security of hyperscale clouds and SaaS services. One of the world’s largest cyber insurers pulls back from the market. On our Threat Vector segment, ⁠David Moulton⁠ sits down with ⁠Stav Setty to unpack the Jingle Thief campaign.  In Russia, Porsches take a holiday.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector segment In today’s Threat Vector segment, host ⁠David Moulton⁠, Senior Director of Thought Leadership for Unit 42, sits down with ⁠Stav Setty⁠, Principal Researcher at Palo Alto Networks, to unpack Jingle Thief a cloud-only, identity-driven campaign that turned Microsoft 365 into a gift card printing press. Stav explains how the Morocco-based group known as Atlas Lion lived off the land inside M365 for months at a time, using tailored phishing and smishing pages, URL tricks, and internal phishing to compromise one user and quietly pivot to dozens more. To listen to the full conversation on Threat Vector, listen here. You can catch new episodes of Threat Vector every Thursday on your favorite podcast app.  Selected Reading Browser extensions pushed malware to 4.3M Chrome, Edge users (The Register) India plans to verify and record every smartphone in circulation (TechCrunch) Apple to Resist India's Order to Preload Government App on iPhones (MacRumors) President orders probe into Coupang breach (The Korea Herald) Qualcomm Alerts Users to Critical Flaws That Compromise the Secure Boot Process (GB Hackers) Vulnerability in OpenAI Coding Agent Could Facilitate Attacks on Developers (SecurityWeek) Google Releases Patches for Android Zero-Day Flaws Exploited in the Wild (Infosecurity Magazine) 'Cyber Issue' Leads to FDA Recall of Baxter Respiratory Gear (GovInfoSecurity) Swiss government bans SaaS and cloud for sensitive info (The Register) Publication: Resolution on outsourcing data processing to the cloud (Privatim) Insurer Beazley Steps Back From Cyber Market as Attacks Surge (PYMNTS.com) Hundreds of Porsche Owners in Russia Unable to Start Cars After System Failure (The Moscow Times) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.  Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices