The bugs are piling up faster than the fixes.

CyberWire Daily

N2K Networks, Inc.

Technology, Daily News, News, Tech News

4.8 • 1.1K Ratings

🗓️ 2 June 2026

⏱️ 32 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

A federal watchdog questions NIST over its vulnerability database backlog. Google patches an Android zero-day. Citizen Lab exposes a powerful location-tracking platform. Malware hides commands in Steam comments. Researchers spot AI-assisted malware development. Attackers compromise Red Hat’s npm namespace. DriveSurge spreads malware through ClickFix and fake updates. FreePBX patches a critical flaw. And Dashlane responds to a brute-force attack. Our guest is ⁠Laure Lydon⁠, Opening Chair for Infosecurity Europe and VP of Security and Infrastructure, Flo Health, sharing her expertise on digital health platforms. Meta’s AI support bot proves a bit too eager to help. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, Maria Varmazis speaks with ⁠Laure Lydon⁠, Opening Chair for Infosecurity Europe and VP of Security and Infrastructure, Flo Health, sharing her expertise on privacy, security, and trust in digital health platforms, especially in sensitive areas like women's health. This interview is part of our partnership with Infosecurity Europe. Selected Reading Inspector general finds NIST mistakes have made vulnerability database ineffective (The Record) Google fixes one actively exploited Android zero-day, 124 flaws (Bleeping Computer) Uncovering Webloc: An Analysis of Penlink’s Ad-based Geolocation Surveillance Tech (The Citizen Lab) GoDaddy found malware on 1,980 WordPress sites using Steam as C2 infrastructure (Security Affairs) Threat Actor Uses AI to Build EDR Evasion Tools (Infosecurity Magazine) Attackers Hijack Red Hat npm Scope to Steal Cloud Secrets (Infosecurity Magazine) Hackers hijack thousands of sites for ClickFix and FakeUpdate attacks (Bleeping Computer) Critical Hard-Coded Credentials Vulnerability in FreePBX User Control Panel (Beyond Machines) Dashlane password manager users locked out by brute force attacks (Bleeping Computer) Hackers Simply Asked Meta AI to Give Them Access to High-Profile Instagram Accounts. It Worked (404 Media) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Transcript

Click on a timestamp to play from that location

0:00.0	You're listening to the Cyberwire Network, powered by N2K.
0:08.7	Do you know how the space and cybersecurity domains connect?
0:13.7	T-minus space-cyber briefing is your guide through the space-based systems that expand the attack surface.
0:20.2	I'm Maria Varmazis, host here at N2K Cyberwire,
0:23.9	and I'm excited to share that T-minus is back.
0:27.3	Now as a weekly podcast, the T-minus Space Cyber Briefing.
0:31.8	We have a new dedicated focus on two great things that are even better together,
0:36.9	space and cybersecurity.
0:39.3	Because whether we realize it or not, we all depend on space-based systems that are, by the way, increasingly Internet-enabled.
0:48.3	We're talking cybersecurity technologies, policies, and organizations that are securing the critical space-based infrastructure
0:55.2	that powers, protects, and connects our lives here on Earth. So join me for T-minus Space Cyber
1:01.9	Reefing, new episodes every Sunday.
1:20.3	Maybe that's an urgent message from your CEO, or maybe it's a deep fake trying to target your business.
1:29.7	Dopple is the AI-native social engineering defense platform fighting back against impersonation and manipulation. As attackers use AI to make their tactics more sophisticated, Dopple uses it to fight back, from automatically dismantling
1:36.5	cross-channel attacks to building team resilience and more. Doppel, outpacing what's next in
1:43.0	social engineering. Learn more at doppel.com. That's D-O-P-P-P-E-L.com.
1:50.0	A federal watchdog questions NIST over its vulnerability database backlog.
2:08.2	Google patches an Android Zero Day.
2:10.5	Citizen Lab exposes a powerful location tracking platform.
2:14.4	Malware hides commands in Steam comments.
2:17.4	Researchers spot AI-assisted malware development.
2:20.5	Attackers compromise Red Hat's NPM namespace. Drive Surge spreads malware through click-fix and fake
	...

Transcript will be available on the free plan in 22 days. Upgrade to see the full transcript now.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from N2K Networks, Inc., and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of N2K Networks, Inc. and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.