One tap, total access: Pegasus exploits unveiled.

Unredacted court filings from WhatsApp’s 2019 lawsuit against NSO Group reveal the scope of spyware infections. Glove Stealer can bypass App-Bound Encryption in Chromium-based browsers. Researchers uncover a new zero-day vulnerability in Fortinet’s FortiManager. Rapid7 detects an updated version of LodaRAT. CISA warns of active exploitation of Palo Alto Networks’ Expedition tool. Misconfigured Microsoft Power Pages accounts expose sensitive data. Iranian state hackers mimic North Koreans in fake job scams. Australia warns its critical infrastructure providers about state sponsored embedded malware. An especially cruel cybercriminal gets ten years in the slammer. Guest Ambuj Kumar, Co-founder and CEO of Simbian, joins us to discuss how AI Agents may change the cyber landscape. We’re countin’ down the top ten least secure passwords. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Ambuj Kumar, Co-founder and CEO of Simbian, joins us to discuss how AI Agents are going to change the cyber landscape. Selected Reading 1,400 Pegasus spyware infections detailed in WhatsApp’s lawsuit filings (The Record) Glove Stealer Malware Bypasses Chrome's App-Bound Encryption (SecurityWeek) watchTowr Finds New Zero-Day Vulnerability in Fortinet Products ( Infosecurity Magazine) LodaRAT: Established malware, new victim patterns (Rapid7 Blog) CISA Warns of Two More Palo Alto Expedition Flaws Exploited in Attacks (SecurityWeek) Microsoft Power Pages misconfigs exposing sensitive data (The Register) Iranian Threat Actors Mimic North Korean Job Scam Techniques (BankInfo Security) Hackers Lurking in Critical Infrastructure to Wage Attacks (BankInfo Security) Cybercriminal devoid of boundaries gets 10-year prison sentence (The Register) Top 200 Most Common Passwords (NordPass) Special voting request. Just when you thought voting was over for this year…It’s time to vote…again! The N2K CyberWire hosting team of Dave Bittner, Maria Varmazis, and Joseph Carrigan have been nominated for the Creator of the Year category in the Baltimore region’s 2024 Technical.ly Awards for their incredible work on the Hacking Humans podcast! If you're a fan of Hacking Humans, we’d be thrilled to have your support! Please cast your vote here. (Make sure you select the “Baltimore” region). Thanks for your vote! Voting ends Monday, November 18th, so don't delay! Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts wit h us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices