Rooted and patient.

A China-linked group exploits a critical Dell zero-day for 18 months. A Microsoft 365 Copilot bug risks sensitive email oversharing. A new Linux botnet leans on old-school IRC for command and control. Switzerland tightens critical infrastructure rules with mandatory cyber reporting. AstarionRAT emerges as a custom post-exploitation implant. Researchers find serious flaws in popular PDF platforms. A suspected Iranian-aligned campaign targets protest supporters. Notepad++ rolls out a “double-lock” update fix. And a Spanish court orders NordVPN and ProtonVPN to block illegal football streams. Our guest is Keith Mularski, Former FBI Special Agent and Chief Global Ambassador at Qintel, reflecting on the 25th anniversary of notorious spy Robert Hanssen's arrest. Dutch Defense flaunt F-35 firmware freedom. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Keith Mularski, Former FBI Special Agent and Chief Global Ambassador at Qintel, to talk about the 25th anniversary of Robert Hanssen's arrest. If you enjoyed Keith’s conversation, you can hear more from him over on the Only Malware in the Building podcast. Selected Reading Chinese hackers exploited a Dell zero-day for 18 months before anyone noticed (CyberScoop) Microsoft says bug causes Copilot to summarize confidential emails (Bleeping Computer) New Linux Botnet Discovered (Linux Magazine) Switzerland’s NCSC boosts operational capabilities, mandates cyberattack reporting on critical infrastructure (Industrial Cyber) ClickFix Won't Die. Neither Will Matanbuchus. A New RAT and a Hands-on-Keyboard Intrusion (Huntress) Vulnerabilities in Popular PDF Platforms Allowed Account Takeover, Data Exfiltration (SecurityWeek) CRESCENTHARVEST: Iranian protestors and dissidents targeted in cyberespionage campaign (Acronis) Notepad++ boosts update security with ‘double-lock’ mechanism (Bleeping Computer) Spain orders NordVPN, ProtonVPN to block LaLiga piracy sites (Bleeping Computer) Dutch defense chief: F-35s can be jailbroken like iPhones (The Register) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices