FRIDAY, OCT. 17, 2025

There is a cyber angle to the indictment against John Bolton. Multiple companies have spotted new forms of North Korean malware. And the CEO of a threat intelligence company wants enterprises to think differently about resilience. This is CyberScoop for Friday, October 17.

John Bolton, former national security adviser to President Trump, arrives home as the FBI searches his house August 22, 2025 in Bethesda, Maryland. The FBI conducted a court-authorized search of Bolton's home. (Photo by Andrew Harnik/Getty Images)

Indictment claims Bolton was hacked

John Bolton's indictment for allegedly mishandling classified information reveals that suspected Iranian hackers infiltrated his personal email account in 2021 and threatened to release sensitive materials, comparing the potential leak to Hillary Clinton's 2016 email scandal. According to the indictment, Bolton's representative alerted the FBI to the hack but did not disclose that Bolton had used the compromised account to share classified information with relatives, and Bolton subsequently deleted the hacked email contents. Bolton's attorney denies any wrongdoing, stating that the charges relate to unclassified personal diaries shared only with family, while the indictment suggests the hack demonstrates Bolton's awareness that his emails contained sensitive information. Tim Starks has more.

CyberTalks | Dec 9, 2025

CyberTalks presents a powerful opportunity to hear from the leading voices at the intersection of government and the technology industry on the latest tactics to combat these new risks. CyberTalks also provides an invaluable forum for exchanging ideas and best practices on ways to bolster digital defenses and promote cyber resiliency. Register Today!

Multiple North Korean malware schemes discovered

Researchers from Cisco Talos and Google’s Threat Intelligence Group have identified North Korean threat actors employing new malware strains and advanced techniques to steal credentials, cryptocurrency, and deploy ransomware, primarily by tricking job seekers into installing malicious code. The campaigns, linked to groups like Famous Chollima and UNC5342, involve malware—such as BeaverTail, OtterCookie, EtherHiding, JadeSnow, and InvisibleFerret—with some leveraging public blockchains for resilient command and control, making the attacks highly evasive and resistant to takedowns. These operations demonstrate North Korea’s ongoing and escalating efforts to infiltrate corporate networks for espionage and financial theft, often targeting victims through fake job interviews and technical assessments. Matt Kapko has more.

Rethinking resilience

This week's episode of Safe Mode features a nuanced conversation with Ben Harris, CEO of watchTowr who delves into the complexities of vulnerability management in today’s threat landscape. Harris discusses why traditional patching is no longer a guarantee of security, revealing how sophisticated attackers are staying persistent even after organizations update and remediate systems—particularly in the challenging context of edge devices and black-box appliances. Drawing on real-world research and recent incidents involving vendors like Oracle, Cisco, and Avanti, the interview highlights the urgent need for resilience, increased transparency from companies, and a cultural shift toward proactive detection. Listen here.

Cyber Resilience in Government Summit | Dec 10, 2025

The Rubrik Public Sector Summit will convene leading voices from Federal, State, and Local government, education, and industry to explore how organizations can strengthen their cyber defense posture, build resilience into critical infrastructure, and ensure continuity of operations even when prevention measures fall short. Register now!