CanisterWorm compromises NPM packages and Kubernetes

RSAC spotlights public-private partnership gaps. DarkSword leaks to GitHub. The FCC blocks new foreign-made routers. Citrix patches a critical NetScaler flaw. DOE rolls out an energy-sector cyber strategy. CanisterWorm spreads through npm. Researchers flag suspected KACE SMA exploitation. QualDerm reports a 3.1-million-record breach. A Russian access broker gets 81 months. Intern Kevin checks in from RSAC. Maria Varmazis speaks with Jake Braun, longtime DEF CON organizer and former White House official about the DEF CON 33 Hackers' Almanack. Slow down, you vibe too fast. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Maria Varmazis speaks with today’s guest Jake Braun, longtime DEF CON organizer, former White House official, and lead on DEF CON Franklin, about the DEF CON 33 Hackers' Almanack. You can read more about it here.

Selected Reading

Public-private partnerships vital in disrupting China's Typhoons, says RSA panel with no government speakers (The Register)

Someone has publicly leaked an exploit kit that can hack millions of iPhones (TechCrunch)

US bans any new consumer-grade routers not made in America (The Register)

Critical Citrix NetScaler Vulnerability Poised for Exploitation, Security Firms Warn (SecurityWeek)

DOE Sets 5-Year Plan to Harden US Grid Against Cyberattacks (GovInfo Security)

New CanisterWorm Targets Kubernetes Clusters, Deploys “Kamikaze” Wiper (Hackread)

CVE-2025-32975 (Arctic Wolf)

3.1 Million Impacted by QualDerm Data Breach (SecurityWeek)

Russian hacker who helped Yanluowang ransomware gang gets nearly 7-year prison sentence (The Record)

This Web Tool Sabotages AI Chatbots By Making Them Really, Really Slow (404 Media)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices