CyberWire Daily

James Turgal, a 22-year FBI veteran and Optiv VP focused on cyber risk, talks about a surge in tax scams and IRS fraud. He explores how generative AI and aggregated breached data make phishing, vishing, and smishing far more convincing. He outlines practical protections and where to report incidents. The conversation centers on social engineering as the dominant threat and rising multi-channel attacks.

Tim Starks, senior reporter at CyberScoop covering cybersecurity policy and federal agencies, joins to explain CISA’s planned industry town halls on incident reporting. The conversation covers CIRCEA’s tight reporting deadlines and industry concerns about vague definitions and implementation burdens. They also discuss CISA staffing, morale, and why two-way dialogue matters for workable rules.

Keith Mularski, former FBI special agent and now Chief Global Ambassador at Qintel, shares first-hand recollections about the Robert Hanssen counterintelligence case. He recounts the investigation's key steps and the arrest operation. The conversation also touches on insider betrayal, surveillance tradecraft, and the emotional aftermath of catching a colleague spy.

Steve Elovitz, leader of Unit 42's North America incident response practice, shares hard-won lessons from analyzing 750+ major breaches. He discusses why identity abuse now fuels most intrusions. Short takes cover ransomware hitting industrial targets, AI misconfigurations threatening infrastructure, and OAuth/password-manager weaknesses that widen breach impact.

A look at how Estonia transformed a crippling 2007 cyber crisis into national cyber strength. Discussion of the Tallinn Manual and the CCDCOE’s role in shaping cyber law and policy. A behind-the-scenes view of NATO’s Cyber Coalition exercise and how allied teams coordinate to defend critical infrastructure. Emphasis on collaboration, attribution challenges, and practical training driven by hard lessons.

Mike Arrowsmith, Chief Trust Officer at NinjaOne who built security programs from national labs to startups, shares his winding career path. He describes why constant change in cybersecurity excites him. He uses a chasing-a-ball metaphor for adversaries. He talks about mentoring, cross-team collaboration, and opportunities to shape security in fast-growing companies.

Today we have Ziv Mador, VP of Security Research from LevelBlue SpiderLabs discussing their work on "SpiderLabs IDs New Banking Trojan Distributed Through WhatsApp." Researchers at LevelBlue SpiderLabs have identified a new Brazilian banking Trojan dubbed Eternidade Stealer, spread through WhatsApp hijacking and social engineering campaigns that use a Python-based worm to steal contacts and distribute malicious MSI installers. The Delphi-compiled malware targets Brazilian victims, profiles infected systems, dynamically retrieves its command-and-control server via IMAP email, and deploys banking overlays to harvest credentials from financial institutions and cryptocurrency platforms. The campaign reflects the continued evolution of Brazil’s cybercrime ecosystem, combining WhatsApp propagation, geofencing, encrypted C2 communications, and process injection to maintain stealth and persistence. The research can be found here: SpiderLabs IDs New Banking Trojan Distributed Through WhatsApp Learn more about your ad choices. Visit megaphone.fm/adchoices

Maria Varmazis, T‑Minus Space Daily host and field reporter in Tallinn, brings on-the-ground NATO Cyber Coalition coverage. They discuss nation-state coordination at Munich, AI changing ransomware economics, phishing that weaponizes meeting invites, a new Foxveil loader abusing legit platforms, and macOS infostealers fueling a cybercrime resale market.

Simon Horswell, Senior Fraud Specialist at Entrust who tracks romance scams, explains how scammers groom targets and move conversations off-platform. He discusses love bombing, rapid relationship escalation, and varied timelines for money requests. Also covered: how fun filter trends and stolen data help phishers and fuel evolving fraud tactics.

Hazel Cerra, Resident Agent in Charge in Atlantic City with 25 years in financial crime and protection, reflects on the Secret Service’s shift from counterfeit busts to crypto-era investigations. Conversations cover Patch Tuesday and chip/industrial patches. They explore payroll social-engineering thefts, a global espionage campaign called The Shadow Campaigns, Notepad markdown RCE risk, and concerns about Ring’s new pet-search feature.