CISA secrets left sitting on GitHub.

A CISA contractor leaks GovCloud credentials on GitHub. INTERPOL cracks down on phishing infrastructure across the Middle East and North Africa. Microsoft patches a critical Authenticator flaw, while Poland moves officials off Signal after targeted phishing campaigns. A stealthier SHub macOS infostealer emerges. Universal Robots fixes a critical vulnerability. A Dark Web marketplace dumps millions of stolen payment cards. Echo Protocol loses $76 million in a synthetic Bitcoin breach. Our guest is Chris Cochran, Field CISO & Vice President of AI Security at SANS, discussing their AI maturity model. Nathan Detroit rolls malware snake eyes. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Chris Cochran, Field CISO & Vice President of AI Security at SANS, discussing their SANS AI Security Maturity Model™. Selected Reading CISA Admin Leaked AWS GovCloud Keys on Github (Krebs on Security) INTERPOL Operation Ramz: 201 Apprehended in MENA Cybercrime Disruption (TechNadu) Microsoft Patches Critical Token Theft Vulnerability in Authenticator App (Beyond Machines) Poland shifts away from Signal following cyberattacks on officials’ accounts (Security Affairs) SHub macOS infostealer variant spoofs Apple security updates (Bleeping Computer) Critical Vulnerability Exposes Industrial Robot Fleets to Hacking (SecurityWeek) B1ack's Stash Releases 4.6 Million Stolen Credit Cards for Free (SOC Radar) Echo Protocol Hit by $76M eBTC Minting Exploit (SOC Radar) Chanhassen Dinner Theatres cancels more Guys and Dolls performances due to illness and cyberattack (KARE11) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices