The scareware rabbit hole.
N2K logo
16 hours ago
The scareware rabbit hole.
This week we are joined by ⁠Marcelle Lee⁠, cybersecurity consultant and researcher, discussing "CTI tradecraft: Investigating a mobile scareware campaign." She details how a routine click on a Google News story led to a mobile scareware pop-up—and a deeper investigation into a broader campaign. Using free tools like Censys, URLScan, VirusTotal, and CyberChef, she pivoted from two domains to uncover more than 100 related domains, shared infrastructure, and links to questionable antivirus apps in the Google Play Store. The findings are mapped to the MITRE ATT&CK framework, showing how freely available resources can power meaningful, actionable threat intelligence.
Research Saturday
The scareware rabbit hole.
N2K logo
16 hours ago
The scareware rabbit hole.
This week we are joined by ⁠Marcelle Lee⁠, cybersecurity consultant and researcher, discussing "CTI tradecraft: Investigating a mobile scareware campaign." She details how a routine click on a Google News story led to a mobile scareware pop-up—and a deeper investigation into a broader campaign. Using free tools like Censys, URLScan, VirusTotal, and CyberChef, she pivoted from two domains to uncover more than 100 related domains, shared infrastructure, and links to questionable antivirus apps in the Google Play Store. The findings are mapped to the MITRE ATT&CK framework, showing how freely available resources can power meaningful, actionable threat intelligence.
Research Saturday

Cybersecurity News

Week that Was
N2K logo
17 hours ago
Cyber operations accompany the war in Iran.
GPS jamming hits the Strait of Hormuz. Maximum-severity FreeScout flaw enables full server compromise.
CyberWire Daily
N2K logo
Mar 6, 2026
Iran is muddying the waters.
Iran’s MuddyWater breaches multiple U.S. organizations. The FBI probes a breach of wiretap management systems. A China-linked threat actor targets South American telecoms. Cisco patches critical firewall flaws. CISA flags actively exploited bugs in Hikvision cameras and Rockwell industrial systems. A House committee advances the controversial KIDS online safety bill. The FBI arrests a suspect accused of stealing millions in seized crypto from the U.S. Marshals Service. Ben Yelin and Ethan Cook unpack the dispute between Anthropic and the Pentagon. Wikimedia worm wreaks widespread wiki woes.
Daily Briefing
N2K logo
Mar 6, 2026
Iran’s MuddyWater infiltrates multiple US organizations.
FBI investigates breach of wiretap management systems. Russian national pleads guilty to involvement in the Phobos ransomware operation.
CSO Perspectives
N2K logo
Mar 6, 2026
Do certifications matter?
As the cybersecurity industry has grown, the field has struggled to answer the question: do certifications matter? In this episode of CISO Perspectives, host ⁠Kim Jones⁠ sits down with N2K's own, ⁠Simone Petrella, to answer this question and discuss why the value of certifications continue to be debated. Throughout the conversation, Simone and Kim will discuss the challenges associated with certifications, and how the industry can adjust the ways it sees and utilizes them.
CyberWire Daily
N2K logo
Mar 5, 2026
The internet joins the war.
Hacktivist activity surges in the Middle East. Defense tech firms distance themselves from Claude. International law enforcement take down the Leakbase cybercrime forum. A pair of Cisco SD-WAN vulnerabilities are under active exploitation. Google releases an urgent Chrome security update. Age-verification is put under the microscope. TikTok is leaving end-to-end encryption out of your DMs. Our guest is Daniel Barbu, Director of EMEA Security from Adobe, discussing fostering a human‑centered, enablement‑driven, and collaborative approach to AI. Clever code catches cardiac clues.
Story
N2K logo
Mar 5, 2026
Industry Voices: Cultural shifts in AI adoption with Daniel Barbu of Adobe
In this conversation, Daniel Barbu, Director of EMEA Security at Adobe, discusses the intersection of AI and cybersecurity, emphasizing the importance of cultural shifts, trust, and collaboration in building effective AI systems. He shares insights on the role of the Security AI Guild, the need for education and transparency, and offers advice for organizations looking to foster a culture of AI security. The conversation highlights that trustworthy AI is not just a technical challenge but a social one, requiring shared responsibility and continuous growth.
Caveat
N2K logo
Mar 5, 2026
Anthropic has rejected the Pentagon’s ultimatum.
Iranian conflict expands into cyberspace.
Daily Briefing
N2K logo
Mar 5, 2026
Law enforcement disrupts Tycoon 2FA phishing-as-a-service platform.
FBI and Europol seize Leakbase cybercriminal forum. Cisco warns of fresh Catalyst SD-WAN exploits.
Threat Vector
N2K logo
Mar 5, 2026
Zero Trust Without the Hype
In this episode of Threat Vector, host ⁠David Moulton⁠ speaks with ⁠LeeAnne Pelzer⁠, Senior Consulting Director, and ⁠Brandon Hogle⁠, Consulting Director, both with Palo Alto Networks Unit 42. Together, they explore how organizations can move from Zero Trust theory to practice. Zero Trust is the foundation of modern cybersecurity, but turning principles into measurable outcomes remains a challenge for many enterprises. Pelzer and Hogle share how Unit 42’s Zero Trust Advisory helps organizations assess their cybersecurity maturity, identify visibility gaps, and create tailored roadmaps that connect security architecture with business outcomes.The conversation dives into the common pitfalls that derail Zero Trust, including visibility gaps, operational complexity, and misalignment, and explores how to overcome them with clarity, collaboration, and continuous verification. For security leaders driving transformation, this episode offers a pragmatic look at how to cut through complexity and make Zero Trust achievable.
Hacking Humans
N2K logo
Mar 5, 2026
Identity theft gets a raise.
This week, hosts of N2K CyberWire ⁠⁠⁠⁠⁠Maria Varmazis⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ and⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ alongside ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Joe Carrigan⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ are discussing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. For our follow up this week we get an update Merriam-Webster dictionary for Joe, and listener Michael Amezquita suggested that customizable ChatGPT personality settings may explain why Joe and Dave received different responses on Hacking Humans. Dave shares reporting on a Binary Defense case where attackers used social engineering and a help desk reset to hijack a physician’s identity and reroute payroll deposits through a trusted internal system without triggering security alerts. Maria highlights a surge in AI-powered publishing scams targeting authors, where fraudsters use flattery and impersonate legitimate organizations to charge bogus marketing and promotion fees. Joe covers multi-state raids tied to a massive gold bar scam that stole tens of millions from seniors, with stolen gold allegedly melted down through cooperating jewelry stores. In our Catch of the Day, a Reddit scambaiter shared a bizarre ongoing conversation with someone claiming to be “Keanu Reeves from Brokeback Mountain” who reached out to non‑fans in Norway.
Caveat
N2K logo
Mar 5, 2026
The Pentagon's AI ultimatum.
This week, Ben sits down with N2K's Lead Analyst, Ethan Cook, to discuss the recent fallout between the Pentagon and Anthropic. The deal between the two soured over the past week, leading to Anthropic being dropped by the government for contracting jobs. Shortly afterwards, the government inked a similar deal with rival AI company, OpenAI.
CyberWire Daily
N2K logo
Mar 4, 2026
When zero-days escape the lab.
A suspected U.S. exploit kit shows up in global iOS attacks. Facebook goes down briefly worldwide. A critical help-desk flaw enables remote code execution. Juniper PTX routers face a major bug. LastPass warns of phishing. Telegram becomes a cybercrime marketplace. Healthcare groups fight relaxed IT rules. A stolen Gemini API key runs up massive bills. CISA’s CIO departs. Our guest is Brian Long, CEO and Co-Founder of Adaptive Security, discussing how AI is reshaping social engineering. The problem of posthumous profiles.
Load More
Gain instant access to our exclusive podcast and briefing content, the Pro Academy, live events and more by subscribing to N2K Pro.
Subscribe Now