ClearSignal — Feb 25, 2026

Senator Wyden is blocking the CISA Director nomination until the agency releases a 2022 telecommunications vulnerability report. This directly impacts agency leadership continuity and signals congressional concern about transparency regarding critical infrastructure security—particularly relevant given ongoing Salt Typhoon telecommunications compromises. GovCon executives should monitor this as it affects CISA's operational direction and potential contract priorities. The White House eliminated SBOM requirements in favor of agency-managed risk assessments, fundamentally changing software procurement compliance expectations. This policy shift provides flexibility but transfers security assessment burden to individual agencies, potentially creating inconsistent standards across the federal government. Contractors should immediately review how this affects their software delivery processes and compliance strategies. Lockheed Martin demonstrated tactical AI on the F-35 that independently identifies and suggests combat targets to pilots—the first operational implementation of this capability. This milestone represents a significant leap in military AI adoption and signals accelerating demand for AI-enabled weapons systems across DoD programs. GovCon executives should assess their AI capabilities and partnerships to compete in this rapidly evolving market.

Top 3

Senator Wyden is blocking the CISA Director nomination until the agency releases a 2022 telecommunications vulnerability report. This directly impacts agency leadership continuity and signals congressional concern about transparency regarding critical infrastructure security—particularly relevant given ongoing Salt Typhoon telecommunications compromises. GovCon executives should monitor this as it affects CISA’s operational direction and potential contract priorities.
The White House eliminated SBOM requirements in favor of agency-managed risk assessments, fundamentally changing software procurement compliance expectations. This policy shift provides flexibility but transfers security assessment burden to individual agencies, potentially creating inconsistent standards across the federal government. Contractors should immediately review how this affects their software delivery processes and compliance strategies.
Lockheed Martin demonstrated tactical AI on the F-35 that independently identifies and suggests combat targets to pilots—the first operational implementation of this capability. This milestone represents a significant leap in military AI adoption and signals accelerating demand for AI-enabled weapons systems across DoD programs. GovCon executives should assess their AI capabilities and partnerships to compete in this rapidly evolving market.

Competitive Landscape

Venture capital investment in cybersecurity startups surged in 2025, driven by VC firms’ focus on AI-native technologies and talent acquisition. — dark-reading
Zscaler acquired SquareX to enhance its zero trust and secure browsing capabilities, competing with similar investments by CrowdStrike and Palo Alto Networks in browser security technologies. — dark-reading
Mastercard acquired threat intelligence vendor Recorded Future for $2.65 billion as part of its aggressive investment strategy in cybersecurity solutions. The company’s Executive VP of Security Solutions discussed Mastercard’s broader cybersecurity business expansion plans. — risky-business

Procurement & Opportunities

The U.S. Air Force awarded Honeywell a contract to adapt its SkyShot 1600 engine for unmanned aircraft in the Collaborative Combat Aircraft program, supporting the development of autonomous drone wingmen. — defense-news
The Air Force is accelerating B-21 Raider production with the first operational bomber scheduled to arrive at Ellsworth Air Force Base in 2027. — defense-news
Canada and Denmark have both ordered MQ-9B drones from General Dynamics, potentially enabling enhanced cooperation for Arctic surveillance operations. Experts see this common hardware platform as an opportunity for intelligence sharing and joint operations in the High North. — defense-news
Commercial drones must pass rigorous testing and cybersecurity evaluations to be added to the Pentagon’s Blue UAS Select list. The process ensures off-the-shelf drones meet DOD security standards before being approved for purchase. — defense-news
The Air Force expects the initial Sentinel ICBM by early 2030, with officials crediting a new Pentagon-controlled manager role for accelerating the program timeline. — defense-one
Pentagon launches $100M drone swarm challenge to accelerate development of AI-enabled autonomous systems, signaling evolving military approach to artificial intelligence integration. — defense-one
Marine Corps selects Northrop Grumman to integrate systems on Kratos’ XQ-58 Valkyrie drone platform to develop an autonomous unmanned wingman capability. — defense-one
The Pentagon’s Army-led counter-drone task force is seeking proposals for a common network infrastructure to integrate counter-unmanned aircraft systems, with candidate submissions expected in early next year. This represents a major interoperability initiative for counter-UAS capabilities. — defense-one

Policy & Regulatory

State Department official stated that post-quantum cryptography transition plans will continue beyond current leadership cycles, emphasizing shared government and business interest in broad adoption of post-quantum encryption. — cyberscoop
ONCD official Alexandra Seymour stated the Trump administration plans to expand AI use for cybersecurity defense while managing risk, and discussed cyber workforce development goals including emulating Israel’s Unit 8200 model. — cyberscoop
Treasury Department issued two voluntary AI guidelines for financial institutions to govern AI use in decision-making, customer engagement, and operational functions. — federal-news-network
The White House eliminated SBOM requirements in favor of agency-managed cybersecurity risk assessments, providing flexibility for agencies to adopt innovative software without attestation requirements. — federal-news-network
Federal agencies must balance AI ambitions with operational constraints by building efficient safeguards to achieve sustainable and reliable AI adoption. — federal-news-network
Congressional report on Privacy Act modernization recommends implementing a FedRAMP-like framework to regulate how federal agencies purchase personal information from commercial data brokers. — federal-news-network
Ukrainian President Zelenskyy stated that Russia has failed to break Ukraine after four years of invasion, with Russian forces capturing only 0.79% of Ukrainian territory in the past year despite their numerical advantage. — defense-news
Defense Secretary Hegseth is scheduled to meet with Anthropic’s CEO as debate intensifies over the military’s use of AI in high-stakes national security situations. — defense-news
Russian defense spending is tapering off in 2025 from very high levels, according to IISS defense economics expert Fenella McGerthy. — defense-news
Air Force acquisition strategy analysis argues that the lengthy military buildup for potential Iran strike demonstrates need for joint assets and mass over expensive individual aircraft. — defense-news
Analysts are concerned about potential nuclear technology transfers between Russia and North Korea in exchange for battlefield support in Ukraine. Experts disagree on whether Moscow would trade highly sensitive nuclear submarine technology for North Korean military assistance. — defense-news
Treasury Department sanctioned a Russian national and company for acquiring eight proprietary cyber tools stolen from defense contractor L3 Harris and selling them to unauthorized customers. — the-record
British regulators fined Reddit $20 million for unlawfully using children’s data without effective age verification, potentially exposing minors to inappropriate and harmful content. — the-record
NIST released initial public draft SP 1800-39 on data classification practices, demonstrating how organizations can discover, identify, and label unstructured data to support Zero Trust Architecture, quantum-safe cryptography, and AI initiatives. Public comment period ends March 30, 2026. — nist-drafts
NIST NCCoE released a concept paper seeking public feedback on a potential project addressing identity standards and authorization controls for AI agents and agentic AI applications. Comments are open through April 2, 2026. — nist-drafts
The Pentagon’s research head stated that DOD is aligning AI providers on common standards while continuing to follow AI ethics principles. — defense-one
GAO recommends Pentagon leadership gain increased control over military service technology budgets, though the Army, Air Force, and Navy all oppose the proposal. — defense-one
Pentagon establishes new science-and-innovation board while the administration simultaneously reduces research and development funding that supports innovation and security. — defense-one
Restrictive repair contracts are preventing troops from conducting battlefield repairs and modifications on robotic systems, negatively impacting military lethality according to operators and experts. This highlights a growing right-to-repair debate affecting defense readiness. — defense-one
The latest NDAA provides minimal funding for the Navy’s F/A-XX next-generation fighter program—just enough to sustain early-stage work—while fully funding the Air Force’s F-47 program. Despite congressional support for the Navy’s program, appropriators have allocated only bare minimum resources. — defense-one
Microsoft has been using Chinese engineers to remotely support US DoD private cloud systems and maintain SharePoint code, raising significant national security concerns about supply chain risks in critical government infrastructure. The podcast examines whether these decisions were driven by cost savings or market access motivations. — risky-business
Senate Intelligence Committee Vice Chair Mark Warner discusses the Signalgate scandal, calls for more aggressive response to Volt Typhoon intrusions, and addresses how tariffs affect US alliances and Five Eyes intelligence sharing. — risky-business
Discussion covers Trump administration’s actions against former CISA Director Chris Krebs and his employer SentinelOne, plus news on DOGE funding cuts to MITRE’s CVE database, US signing the Pall Mall anti-spyware agreement, and China’s cyber-attribution attempts. — risky-business
Former NSA Cybersecurity Director Rob Joyce testified that DOGE’s dismissal of probationary employees is ‘devastating’ for national security staff pipeline, while discussing major cybersecurity incidents including passkey phishing attacks and ransomware encrypting entire networks via compromised webcams. North Korea successfully compromised SafeWallet with a malicious Docker image. — risky-business
Podcast covers Trump administration gutting the Cyber Safety Review Board, Biden’s final cyber executive order, China’s Treasury breach, and ongoing vulnerabilities in Fortinet and Ivanti products used widely in federal environments. — risky-business
Discussion of US government pressure on Musk and Durov, TikTok banning authoritarian propaganda, US restrictions on Chinese software in vehicles, and Kaspersky’s unauthorized replacement of its antivirus software following government sanctions. — risky-business
Interview with ASIO Director General Mike Burgess discussing encryption policy, privacy rights, and potential use of Australia’s Assistance and Access bill to compel encrypted messaging providers to provide law enforcement access to content. — risky-business

Agency & Mission Activity

HHS is working to help the healthcare sector identify and manage cybersecurity risks associated with third-party vendors, according to a department official speaking at CyberTalks. — cyberscoop
The Secret Service is prioritizing card skimming fraud prevention as part of its financial protection mission, with official Michael Peck emphasizing the need for a whole-community law enforcement approach. — federal-news-network
NIST launched a new initiative seeking public feedback on security standards for agentic AI systems before widespread deployment occurs. — federal-news-network
Senator Wyden is blocking Sean Plankey’s nomination to lead CISA until the agency releases a 2022 report documenting security vulnerabilities in U.S. telecommunications infrastructure. — federal-news-network
U.S. Navy, Swedish, and Norwegian explosive ordnance disposal teams conducted the annual Arctic Specialist 26 exercise in early February as part of Arctic Sentry operations to enhance NATO interoperability in the High North region. — defense-news
US military buildup continues ahead of last-chance Geneva talks with Iran on Thursday, raising Iranian fears of potential conflict exceeding the Iran-Iraq war. — defense-news
U.S. Army Secretary Dan Driscoll announced plans to launch a soldier-led marketplace to market drone innovations alongside private industry. This initiative aims to accelerate the Army’s drone scaling efforts through soldier-driven innovation. — defense-news
The U.S. Air Force has conducted massive warplane deployments to Bulgaria amid high-stakes nuclear diplomacy over Iran’s nuclear program. The buildup represents a significant show of force during sensitive negotiations. — defense-news
FBI Deputy Assistant Director Scott Schelble met with law enforcement officials in Thailand, Cambodia, and Vietnam to coordinate efforts against transnational criminal gangs operating scam compounds in Southeast Asia. — the-record
The Army established a new Pathway for Innovation and Technology office to rapidly develop and scale soldier-generated ideas by connecting rapid-acquisition hubs to program chiefs. — defense-one
The Army is launching a drone pilot competition in Huntsville to identify the best unmanned systems operators and inform future selection and training programs. — defense-one
Special operations forces are requesting expanded testing ranges to support electronic warfare and drone development and training activities. Officials indicate challenging discussions are forthcoming regarding range capacity and requirements. — defense-one
Analysis of Trump administration changes to federal cybersecurity landscape, including NSA director firing, massive CISA job cuts, and implications for the future threat environment. — risky-business
News covers firing of NSA and CyberCom leaders, planned CISA staffing cuts, Oracle breach disclosure, US Treasury China intrusion discovery, and ransomware infrastructure takedowns. — risky-business
The Cyber Safety Review Board (CSRB) will investigate China’s telecommunications wiretapping hacks, while European law enforcement dismantled the Redline infostealer operation and Apple expanded its bug bounty program for private cloud compute. — risky-business

Technology Trends

Former L3Harris executive Peter Williams was sentenced to 87 months in prison for selling zero-day exploits to a Russian broker, with the U.S. Treasury also sanctioning the Russian brokerage involved. — cyberscoop
Anthropic accused Chinese labs of attempting to illicitly extract Claude AI capabilities through distillation techniques, warning this poses national security threats including potential enablement of offensive cyber operations. — cyberscoop
Anthropic launched embedded security scanning for Claude AI that automatically scans AI-generated code and offers patching solutions, currently available to a limited group of testers. — cyberscoop
Ukrainian national Oleksandr Didenko was sentenced to 5 years in prison for operating laptop farms and providing stolen identities that enabled North Korean operatives to gain remote employment at 40 U.S. businesses. — cyberscoop
FBI’s Deputy Assistant Director for Cyber Intelligence warns that Salt Typhoon, the Chinese cyber espionage group responsible for compromising U.S. telecommunications infrastructure in 2024, remains an active and ongoing threat to both public and private sectors. — cyberscoop
Analysis of the recent Caracas operation in Venezuela suggests cyber attacks were part of a combined operation rather than a standalone “precision cyber strike,” indicating a more complex kinetic and cyber hybrid approach. — cyberscoop
A financially motivated threat group called “Diesel Vortex” is conducting phishing campaigns targeting freight and logistics companies in the U.S. and Europe, using 52 domains to steal credentials. — bleeping-computer
A new cybercrime service called 1Campaign is helping threat actors deploy malicious Google Ads that evade detection and remain active longer than typical malicious advertisements. — bleeping-computer
Microsoft is expanding data loss prevention controls across all storage locations to prevent Microsoft 365 Copilot from accessing confidential documents in Word, Excel, and PowerPoint. — bleeping-computer
Token Security advocates for CISOs to implement intent-based access controls for AI agents, treating them as identities with governance to prevent over-privileged access when provisioning infrastructure and approving actions. — bleeping-computer
The ShinyHunters extortion gang claimed responsibility for breaching Dutch telecom provider Odido, reportedly stealing millions of customer records from compromised systems. — bleeping-computer
North Korean state-backed Lazarus Group is conducting extortion attacks against U.S. healthcare organizations using Medusa ransomware, representing a concerning expansion of their targeting. — bleeping-computer
Multiple mental health mobile applications with 14.7 million combined downloads on Google Play contain security vulnerabilities that could expose users’ sensitive medical information. — bleeping-computer
Spanish authorities arrested four suspected hacktivist group members for conducting DDoS cyberattacks against government ministries, political parties, and public institutions. — bleeping-computer
Microsoft is investigating a known issue causing the mouse pointer to disappear for some users of the classic Outlook desktop email client. — bleeping-computer
Specops Software highlights that stolen tokens and compromised devices allow attackers to bypass authentication by reusing trust, emphasizing the need for continuous device verification to strengthen Zero Trust security models. — bleeping-computer
AI-generated cyber exploits are being developed faster than organizations can patch vulnerabilities, creating significant risk for critical infrastructure with slow patching cycles in operational technology environments. — federal-news-network
Analysis argues that Sovereign AI represents a fundamental geopolitical shift where governments seek to reclaim digital control through architectural changes to technology infrastructure, with telecommunications providers playing a key delivery role. — federal-news-network
Commentary on the Genesis Mission emphasizes that success requires organizations to build accountability as a core design requirement into AI systems rather than eliminating data boundaries entirely. — federal-news-network
Tanium’s security product design chief Melissa Bischoping predicts that AI-enabled automation will increasingly target cyber operations, helping consolidate and analyze data to accelerate both machine and human decision-making. — federal-news-network
Lockheed Martin demonstrated tactical AI on the F-35 fighter jet that independently identified and suggested combat targets to a pilot, marking the first such capability on an operational fighter aircraft. — defense-news
Ukraine is increasingly deploying unmanned systems and autonomous machines to hold front-line positions as it faces manpower shortages against Russia’s larger military force in Europe’s largest land war since 1945. — defense-news
SpaceX and Blue Origin have shifted commercial space priorities toward lunar development, coinciding with DOD’s push for its next-generation Golden Dome missile defense shield plans. — defense-news
The Kimwolf IoT botnet has been disrupting the I2P anonymity network for over a week, as botmasters leverage I2P infrastructure to evade takedown attempts against their command and control servers. — krebs-on-security
Microsoft released February 2026 Patch Tuesday updates addressing over 50 security vulnerabilities in Windows and other software, including six zero-day vulnerabilities currently being exploited in the wild. — krebs-on-security
Kimwolf botnet operators have reportedly compromised the Badbox 2.0 control panel, a China-based botnet affecting 2+ million Android TV devices with pre-installed malware, with FBI and Google actively investigating the perpetrators. — krebs-on-security
Microsoft’s January 2026 Patch Tuesday addressed 113 security vulnerabilities across Windows systems, including eight critical-rated flaws and one vulnerability with confirmed active exploitation. — krebs-on-security
Investigation reveals digital evidence linking hackers, network operators, and cybercrime services that profited from the Kimwolf botnet, which infected over 2 million Android TV streaming devices. — krebs-on-security
The Kimwolf botnet exploits a months-old vulnerability that compromises internal network security behind Internet routers, requiring urgent awareness and remediation across the Internet. — krebs-on-security
Decentralized finance platform Step Finance announced it will shut down operations following a $40 million treasury theft in late January. The cryptocurrency heist directly caused the company’s decision to wind down. — the-record
CrowdStrike research finds attackers can now compromise networks in just 29 minutes, accelerated by credential misuse, AI-powered tools, and security blind spots. The dramatic reduction in breakout time increases risk for all organizations. — dark-reading
North Korean threat actor Lazarus Group has adopted Medusa ransomware in recent campaigns, alongside Comebacker backdoor, Blindingcan RAT, and Infohook information stealer. This represents a tactical evolution for the nation-state group. — dark-reading
AI systems require provable decision-making capabilities with auditable records showing what actions occurred and the reasoning behind them, moving beyond simple dashboard visualizations. — dark-reading
Iranian threat group MuddyWater deployed new malware variants in attacks against organizations in the Middle East and Africa amid rising regional tensions. — dark-reading
Historical lessons from the Enigma cipher machine’s vulnerabilities provide relevant insights for modern cybersecurity resilience and defense strategies against contemporary threats. — dark-reading
A Russian-speaking amateur hacker leveraged generative AI to compromise over 600 FortiGate firewalls, exfiltrating credentials and backups potentially for ransomware deployment. — dark-reading
Threat actors are using a new sophisticated toolkit to scan and target high-value networks for React2Shell vulnerability exploitation. — dark-reading
Microsoft Copilot leaked user emails by bypassing security guardrails, demonstrating how AI agents prioritize task completion over security policies. This highlights systemic risks in AI agent deployment across enterprise environments. — dark-reading
Wiz researchers recommend security professionals focus on AI infrastructure vulnerabilities rather than prompt injection attacks, based on two years of flaw discovery across AI models and layers. — dark-reading
Latin America’s slow cybersecurity modernization is creating a haven for initial access brokers and ransomware groups to establish operations and target regional organizations. — dark-reading
Emerging chiplet designs used in AI systems and autonomous vehicles introduce new cybersecurity challenges requiring novel approaches to protect critical infrastructure. — dark-reading
A supply chain attack compromised the Cline npm package version 2.3.0, secretly installing OpenClaw malware on over 4,000 downloads before removal. This represents a software supply chain compromise targeting developers using the Cline tool. — dark-reading
Abu Dhabi Finance Week exposed VIP passport details through unprotected cloud data, creating security concerns as the emirate seeks to establish itself as a global financial center. The breach highlights cloud security misconfigurations impacting high-value targets. — dark-reading
Scammers are abusing Google Gemini chatbots to create convincing fake cryptocurrency presale sites for phony ‘Google Coin,’ using AI assistants to engage victims with sophisticated sales pitches. This represents an emerging threat of AI-powered social engineering attacks. — dark-reading
Critical vulnerability CVE-2026-2329 in Grandstream VoIP systems allows unauthenticated root-level access to SMB phone infrastructure, enabling call interception, toll fraud, and user impersonation. The bug highlights significant security gaps in small and medium business telecommunications infrastructure. — dark-reading
Analysis piece discussing gaps in traditional threat intelligence approaches, specifically highlighting missing human-centered elements in threat intelligence methodologies. The article reflects on lessons learned about limitations in conventional threat intelligence frameworks. — dark-reading
A China-linked threat actor has exploited a hard-coded vulnerability in Dell systems since mid-2024, enabling lateral movement, persistent access, and malware deployment. This nation-state exploitation represents a significant supply chain security risk. — dark-reading
Guidance for CISOs on developing strategies to defend against AI-powered web scraping attacks that target intellectual property and sensitive data assets. The playbook addresses balancing security controls with business operations. — dark-reading
The Keenadu malware has been embedded in Android devices through a supply chain attack, performing browser hijacking, ad fraud, and unauthorized actions without user consent. This represents a significant mobile device security threat. — dark-reading
Poland’s renewable energy infrastructure successfully defended against wiper attacks targeting wind farms, solar facilities, manufacturing, and power plants, with Russia-aligned groups suspected as perpetrators. This demonstrates ongoing threats to critical energy infrastructure. — dark-reading
ClickFix social engineering campaigns have evolved to use DNS lookup commands to deliver ModeloRAT malware, adapting their tactics to bypass current security defenses. The technique relies on tricking users into executing malicious commands. — dark-reading
The GS7 cyber-threat group is targeting US financial institutions using highly convincing fake corporate portals to steal credentials and establish remote access. — dark-reading
Over 260,000 Chrome users were compromised by 30 malicious fake AI browser extensions that bypassed Google’s security vetting to appear as legitimate AI tools. — dark-reading
Microsoft faces mounting pressure to address Bring Your Own Vulnerable Driver (BYOVD) attacks where threat actors exploit Windows driver vulnerabilities to disable security processes, with no immediate fixes available. — dark-reading
The emergence of AI agent ‘swarms’ that operate autonomously in coordinated groups is creating significantly expanded attack surfaces and increased security complexity for organizations. — dark-reading
Ivanti EPMM zero-day vulnerabilities are being actively exploited, prompting security experts to recommend moving beyond patch-and-pray strategies by eliminating unnecessary public interfaces and enforcing stronger authentication controls. — dark-reading
Booz Allen Hamilton has launched Vellox Reverser, an AI-powered malware analysis tool that automates expert-grade reverse engineering and delivers results in minutes. — dark-reading
Microsoft research reveals AI recommendation poisoning attacks affecting 31 companies across 14 industries, highlighting emerging vulnerabilities in AI-generated content systems that can be exploited with readily available tools. — dark-reading
North Korean threat actor UNC1069 is targeting cryptocurrency and Web3 companies using AI-enabled techniques including LLMs, deepfakes, and ClickFix exploits, marking a shift from traditional banking targets. — dark-reading
CISOs are advised to modernize Security Operations Centers by focusing on AI integration, securing AI systems, and developing workforce skills through strategic vision and change management practices. — dark-reading
An automaker’s platform engineering team successfully integrates supply chain security measures into their infrastructure while maintaining developer productivity and workflow efficiency. — dark-reading
Organizations are failing to adequately address AI-related risks that could expose sensitive business operations and personal data to unauthorized access or misuse. — dark-reading
Asian governments are largely failing to block Telnet protocol traffic, with only Taiwan ranking in the top 10 for effectively mitigating this security threat. — dark-reading
ZeroDayRAT malware bypasses multi-factor authentication by accessing SIM data, location information, and SMS messages to enable account takeovers and sophisticated social engineering attacks. — dark-reading
Microsoft released patches for six actively exploited zero-day vulnerabilities, including three security feature bypass flaws that allow attackers to circumvent built-in protections across multiple Microsoft products. — dark-reading
Air Force test pilots participated in a Skunk Works project that used tactical AI to evade missiles, pushing pilots to cede control to artificial intelligence in the cockpit. — defense-one
US military deployed a new non-kinetic cell to coordinate cyber operations during the Maduro capture operation, reflecting efforts to better integrate cyber, electronic warfare, and other non-destructive capabilities into missions. — defense-one
A European chipmaker and software company have partnered to simplify the integration of post-quantum cryptography into hardware systems. The collaboration aims to address technical challenges in building quantum-resistant encryption capabilities. — defense-one
Defense One Radio interviews Paul Scharre, a former Army Ranger, discussing artificial intelligence’s impact on drone warfare, the US-China technology competition, Russia’s Ukraine operations, and the global AI arms race. The episode explores strategic implications of AI for military operations. — defense-one
Sondera co-founder Josh Devon discusses the three major AI security risks facing enterprises: access to private data, exposure to untrusted content, and external communication. The discussion addresses challenges posed by AI models’ non-deterministic nature and their widespread access to enterprise data and APIs. — risky-business
Cybersecurity news roundup covering Palo Alto Networks’ internal tensions over threat attribution to China, CISA experiencing another shutdown, and research on Google Gemini training data harvesting. Additional topics include ransomware trends shifting toward data extortion and SaaS password manager security assessments. — risky-business
Cybersecurity developments include Microsoft’s security leadership reshuffling, China-linked groups hacking telecommunications companies in Norway and Singapore, and active exploitation campaigns targeting Ivanti, BeyondTrust, and SolarWinds products. Russia is also reportedly targeting the Winter Olympics with cyber operations. — risky-business
Cybersecurity updates include a Notepad++ supply chain attack attributed to China, Microsoft preparing to disable NTLM by default, and ongoing vulnerabilities in Ivanti, Fortinet, and SolarWinds products. The discussion also covers emerging issues with AI agent security and impersonation. — risky-business
Cybersecurity podcast discusses France’s plans to abandon US productivity software over security concerns, China’s Salt Typhoon surveillance of UK government, and ongoing struggles at US cyber agencies CISA and NIST. The episode also covers Russian GRU Sandworm attacks on Polish infrastructure and advancing voice phishing techniques for MFA bypass. — risky-business
Cybersecurity podcast covers Wiz researchers discovering a critical AWS vulnerability affecting all customers, potential US government boycott of RSA Conference due to Jen Easterly’s CEO appointment, and major security flaws in Bluetooth Fast Pairing and GNU telnet. The episode discusses US cyber operations against Venezuela and Microsoft Patch Tuesday updates. — risky-business
Cybersecurity podcast covers multiple security vulnerabilities including MongoDB memory leaks, React2Shell attacks prompting Vercel’s $1M bug bounty payout, GnuPG vulnerabilities, and widespread healthcare data breaches. The episode also discusses residential proxy botnets and application allow-listing as a defense mechanism. — risky-business
Documentary podcast episode explores the history of 1980s hacking including the Morris Worm, the 414s hacking group, early ARPANET security incidents, and NSA operations during that era. The episode features interviews with key figures including the Morris Worm prosecutor and former NSA personnel. — risky-business
Cybersecurity podcast discusses ongoing React2Shell attacks, OAuth consent phishing combined with Azure CLI exploitation, and Venezuela’s claim that US conducted cyber operations against its state oil company. The episode also covers Microsoft’s overdue security fixes including disabling RC4 in Active Directory Kerberos by default. — risky-business
SpecterOps announces BloodHound OpenGraph, a cross-platform attack path enumeration tool that can identify attack vectors across multiple platforms including GitHub to on-premise Active Directory. This extends traditional directory-focused attack path analysis to include cloud services and other platforms. — risky-business
Critical CVSS 10/10 remote code execution vulnerability discovered in React JavaScript server (React2Shell) with reports of active exploitation by Chinese threat actors. Additional developments include Linux adding PCIe bus encryption support and Amnesty International revealing Intellexa’s remote access capabilities to customer surveillance systems. — risky-business
Security news highlights include Airbus deploying software updates after cosmic ray bit-flip caused aircraft dive, Krebs tracking Scattered Spider/Lapsus$ member through poor operational security, and major South Korean data breach affecting 65% of the population. Microsoft also implemented Content Security Policy for its login portal. — risky-business
Multiple cybersecurity incidents including Salesforce partner Gainsight customer data theft, CrowdStrike firing insider for providing hackers with internal system screenshots, and Shai-Hulud npm/GitHub worm resurgence. Additionally, SEC dropped its lawsuit against SolarWinds, and runZero announced integration with BloodHound-style graph databases. — risky-business
GreyNoise demonstrates capability to provide 90-day advance warning on serious vulnerabilities by detecting mass scanning activity from either malicious actors conducting reconnaissance or vendors assessing problem scope. This scanning activity correlates with standard 90-day disclosure timelines. — risky-business
Anthropic reports Chinese APT utilized its AI platform for orchestrated attacks, while Fortinet exploits remain active in the wild. CISA faces staffing challenges after cuts, prompting a hiring spree. — risky-business
Multiple international law enforcement actions target scam compounds including destruction of Myanmar facility and death sentences in China. Chinese security firm KnownSec suffers document leak while NSO Group sees new leadership under Trump associate. — risky-business
FFmpeg publicly disputes vulnerability disclosure with Google, while OpenAI announces bug detection system. Two US ransomware responders arrested on ransomware charges and Memento CEO confirms their tools used in Russia. — risky-business
L3Harris Trenchant executive accused of selling exploits to Russia is former Australian Signals Directorate employee. Microsoft WSUS vulnerability actively exploited and HP update error deletes Windows-Entra authentication certificates. — risky-business
Chinese actors maintained multi-year access to F5 networks while China accuses NSA of hacking national timing systems. Salesforce breach leads to doxxing of NSA and ICE employees, and Microsoft WSUS compromised after ignoring its own security guidance. — risky-business
FBI intervened in Scattered Spider’s Salesforce leak site while Clop group exploited Oracle E-Business deployments, amid broader trends of data extortion attacks replacing traditional ransomware. Multiple critical vulnerabilities were disclosed including a CVSS 10 Redis bug and zero-days in Ivanti, Crowdstrike, and Internet Explorer being exploited in the wild. — risky-business
Three cybersecurity vendors showcased their products: Realm Security’s AI-focused data pipeline platform, Horizon3’s AI-powered automated penetration testing tools, and Persona’s identity verification solution with live capture capabilities. — risky-business
Hackers attempted to coerce a journalist for BBC access, while a man in his 40s was arrested over European airport chaos and CISA issued directives for agencies to patch Cisco vulnerabilities. Security researchers also identified vulnerabilities in Tile tracking devices. — risky-business
Secret Service raided a SIM farm in New York while MI6 launched a dark web portal, and potential arrests are emerging for the 2023 Scattered Spider cybercrime group. GitHub also strengthened security measures following the Shai-Hulud worm incident, while Jaguar Land Rover continued experiencing production halts. — risky-business
Cybersecurity podcast covers the Shai-Hulud worm propagating through npm stealing credentials, Jaguar Land Rover ransomware attack impacting suppliers, and leaked data from China’s Great Firewall vendor. Episode includes discussion of the Vastaamo hacker case and senator concerns about Kerberos. — risky-business
runZero, led by HD Moore, announces major expansion into vulnerability management with new Nuclei integration that provides accurate vulnerability assessment without requiring highly privileged credentials. The platform integrates with EDR and other data sources for comprehensive network and cloud visibility. — risky-business
Cybersecurity podcast discusses Apple’s new Memory Integrity Enforcement mitigations, major npm supply chain attack with guest Feross Aboukhadijeh, Salesloft GitHub compromise, and Sitecore vulnerability using default documentation keys. Also covers rogue certificates for 1.1.1.1 and Jaguar Land Rover ransomware incident. — risky-business
Vendor showcase podcast featuring three cybersecurity companies: Nebulock’s AI-powered threat hunting platform, Vali Cyber’s ZeroLock hypervisor security product for ransomware protection, and Cape’s security-focused mobile virtual network operator. All three products address different aspects of enterprise security from threat detection to infrastructure protection to mobile communications. — risky-business
Cybersecurity podcast examines the Salesloft breach highlighting OAuth security challenges, reveals Salt Typhoon telecom hackers are Chinese state-directed private sector actors, and covers Google’s new disruption unit announcement. Also discusses Microsoft’s report on cloud-focused ransomware operations and Australian firm accidentally monitoring work-from-home employees. — risky-business
Cybersecurity podcast covers multiple threats including an APT hacker potentially misidentified as DPRK (likely Chinese), Iranian shipping satcom sabotage, new Citrix Netscaler RCE exploitation in the wild, and Trail of Bits demonstrating prompt injection via image-downscaling in Google Gemini. — risky-business
Cybersecurity news roundup includes Oracle CSO Mary Ann Davidson’s departure, Canada’s House of Commons breach via Microsoft vulnerability, Russia degrading encrypted communications, and another Fortinet vulnerability discovery. — risky-business
Socket introduces methodology for measuring vulnerability reachability in applications, allowing organizations to determine if CVEs in libraries actually impact their specific implementations. The company has expanded from malicious package detection to comprehensive CVE management. — risky-business
CISA warns about Exchange-to-cloud attack paths while Microsoft awards zero dollars for report exposing Entra authentication vulnerabilities in internal apps. Additionally, US Federal Court information systems have been widely compromised, and Google pays $250k for Chrome sandbox escape. — risky-business
Google’s Project Zero and Deepmind successfully used AI to discover and report 20 bugs to open source projects, while the XBOW AI bug hunting platform demonstrated effectiveness on HackerOne. The episode also covers multiple cybersecurity incidents including China-based maintenance of SharePoint codebase, SonicWall VPN vulnerabilities, and Russian ISP-facilitated backdoors on embassy computers. — risky-business
Sublime Security CEO Josh Kamdjou discusses the limitations of AI in cybersecurity, arguing that AI cannot compensate for fundamentally flawed security product design. The conversation explores practical applications of AI in security versus overhyped use cases. — risky-business
Investigation into whether a critical SharePoint vulnerability was leaked from Microsoft’s MAPP program, alongside other security incidents including Expel retracting a FIDO bypass report and Broadcom customers facing difficulties obtaining patches for VMware hypervisor escape vulnerabilities. Aeroflot experienced disruptions from Cyber Partisans hack. — risky-business
China successfully exploited widespread SharePoint vulnerabilities, while Microsoft faced criticism for attempting to outsource Pentagon cloud maintenance to China. Additional incidents include arrests of four alleged Scattered Spider members in the UK, a $100M Brazilian payment system breach, and critical vulnerabilities in Fortinet, Citrix, HP, and SonicWall products. — risky-business
Toni de la Fuente discusses the evolution of Prowler from an open-source multi-cloud security tool into a successful commercial platform with an as-a-service offering. The conversation covers Prowler’s development journey and its transition from project to community-driven business. — risky-business
Risky Business podcast #798 covers multiple cybersecurity developments including a suspected Scattered Spider attack on Qantas, Microsoft’s efforts to prevent future CrowdStrike-type incidents, a serious Citrix Netscaler memory disclosure vulnerability, and drug cartels using technical surveillance to identify and eliminate FBI informants. — risky-business
Risky Business podcast #797 discusses cybersecurity news including cyber angles from the Iran conflict, an opensource maintainer of libxml2 expressing frustration with security issues, new Windows command injection tricks, and Veeam’s problematic approach to patching a backup software RCE vulnerability. — risky-business
Risky Business podcast #796 with guest Chris Krebs covers Israeli hacktivists targeting an Iranian state bank, Scattered Spider group pivoting to attack insurers, cloud identity security challenges, Microsoft’s European SaaS changes, and AI prompt injection attacks that can exfiltrate M365 corporate data. — risky-business
Sponsored podcast discusses the integration of AI and LLMs into Security Operations Centers (SOCs), exploring current capabilities, limitations, and future applications of AI agents in cybersecurity operations with Dropzone AI founder Ed Wu. — risky-business
Risky Business podcast #795 covers FSB data leak to the New York Times, possible iOS exploitation against the Harris-Walz campaign, vulnerabilities in Google account data exposure, a major US food distributor ransomware attack, and The Com’s social engineering tactics targeting Salesforce app authorizations. — risky-business
Cybersecurity podcast covers Chinese MSS using Google Calendar for malware C2, Russian nuclear facility blueprints exposed via public procurement sites, and cyber firms agreeing to standardize hacker group naming conventions. Also discusses deepfake targeting of White House Chief of Staff, Germany’s identification of Trickbot kingpin, and Meta apps exploiting localhost listeners for tracking. — risky-business
Podcast reports exclusive coverage of Scattered Spider threat actors hijacking DNS MX records for rapid enterprise compromise, SVG-based attack vectors, and major law enforcement takedowns of Lumma Stealer, Qakbot, and Danabot operations. Also covers mass exodus of CISA leadership and Iranian threat actor’s guilty plea for 2019 Baltimore ransomware attack. — risky-business
Cybersecurity podcast discusses data breaches including TeleMessage memory dumps, Coinbase contractor bribery for user data access, Telegram’s law enforcement cooperation, UK legal aid service data theft affecting 15 years of records, and Ivanti’s misrepresentation of vulnerability origins. Features discussion of cloud security tooling with Prowler. — risky-business
Sponsored podcast episode featuring Push Security’s browser-based identity security platform that detects phishing attempts, protects SSO credentials, and identifies shadow accounts by monitoring user browser activity. The solution addresses gaps in enterprise authentication security including SaaS platforms, automation tools, and data platforms like Snowflake. — risky-business
Podcast covers Microsoft Copilot for SharePoint exposing credentials and keys, weakening ransomware ecosystem, Chinese APT exploitation of SAP Netweaver vulnerability, ongoing CPU side-channel attack research, and multiple vendor vulnerabilities (Asus, Ivanti, Fortinet, Nissan LEAF). Features discussion of Terraform security and cloud infrastructure management with Resourcely. — risky-business
SentinelOne executives discuss how nation-state adversaries including North Korean IT workers and Chinese APT groups are targeting security vendors with sophisticated hacking campaigns and supply chain attacks. — risky-business
White House’s Israeli Signal fork exposed cleartext messages with hardcoded credentials while being hacked twice; also covers ransomware attacks on UK retailers, North Korean IT worker infiltration schemes, and NSO Group’s $168M liability to Meta for WhatsApp hacking. — risky-business
Multiple critical vulnerabilities disclosed including Apple AirPlay exploits, SAP webserver bugs, Erlang SSH flaws, and CommVault backup system vulnerabilities; also covers South Korean telco SIM replacement program and anti-DOGE whistleblower claims. — risky-business
Product showcase featuring LimaCharlie’s SecOps cloud platform, Honeywell’s OT security solution for operational technology environments, and Fortra’s CobaltStrike/Outflank red team tooling. — risky-business
Vendor showcase features Pangea’s AI application security guardrails, Cosive’s cloud-hosted MISP threat intelligence platform on AWS, and Sysdig’s Linux runtime security platform for improved visibility and control. — risky-business
Coverage includes Oracle Health and Oracle Cloud breaches, Signal messaging app controversy fallout, North Korean IT workers targeting Europe, Palo Alto VPN vulnerability indicators, and arrest of hacker targeting Texas GOP. — risky-business
Knocknoc CEO discusses integrating single sign-on services with network controls to reduce attack surface through just-in-time network access. The solution aims to minimize exposure of devices like Palo Alto firewalls, file transfer appliances, and remote access services through IP allowlisting and Identity Aware Proxies. — risky-business
Cybersecurity news covering Trump administration Signal security breach, GitHub Actions cryptocurrency-targeting hack, Kubernetes remote code execution vulnerability, Oracle cloud security incident, and US Treasury un-sanctioning Tornado Cash. Episode sponsored by runZero discussing network vulnerability scanning improvements. — risky-business
GitHub Actions supply chain attack compromised secrets from 23,000 projects, while China doxed Taiwanese military hackers and APTs exploit Microsoft .lnk file whitespace vulnerabilities. Google acquired Wiz for $32 billion and CISA rehired fired staff to place them on paid leave. — risky-business
Cybersecurity news discussing potential US policy shift on Russian cyber threats, North Korea’s major ByBit cryptocurrency theft, Cellebrite ending Serbia operations, Starlink supporting Myanmar scam operations, and record 6Tbps DDoS botnet. Episode sponsored by Corelight discussing network visibility for detecting APT groups like Salt Typhoon and Volt Typhoon. — risky-business
Cybersecurity podcast covers major incidents including North Korea’s $1.5 billion crypto heist against Bybit, Apple withdrawing Advanced Data Protection from UK, Black Basta ransomware gang chat leaks, and Russian Signal surveillance tactics. Episode sponsored by Airlock Digital features discussion on using Windows allow-listing to block EDR. — risky-business
Podcast episode featuring Chris Krebs from SentinelOne and Alex Stamos discusses Chinese AI company DeepSeek’s new model, its security concerns including poor transport security, and implications for AI regulation across the US, Europe, and China. The discussion covers economic and geopolitical implications of China’s AI advancement. — risky-business
Cybersecurity podcast discusses Australian Signals Directorate’s operation to delete Medibank data from Zservers bulletproof hosting, device code phishing attacks on cloud authentication, Palo Alto vulnerabilities, and Qualys-discovered OpenSSH vulnerabilities. Episode sponsored by Island discusses AI adoption security challenges. — risky-business
Podcast featuring Authentik CEO Fletcher Heisler discusses their open-source identity provider solution that allows organizations to self-host and control their identity management infrastructure, offering flexibility for on-premises, airgapped, or cloud deployments. The discussion covers reasons organizations are moving away from major SaaS identity providers. — risky-business
Cybersecurity podcast covers DOGE staffer’s connection to cybercrime forum The Com, Paragon ending Italy spyware relationship, Thailand law enforcement actions against scam operations and Russian cybercriminals, and CyberCX report showing non-U2F MFA is insufficient. Episode sponsored by Dropzone.AI discusses AI-powered SOC analysis. — risky-business
Cybersecurity podcast covers major incidents including DeepSeek exposing an unauthenticated database, Russian hackers compromising UK Prime Minister’s personal email, and various security vulnerabilities in medical devices and AMD CPU microcode. — risky-business
Cybersecurity podcast discusses critical vulnerabilities including SonicWall firewall remote code execution flaws, Mastercard DNS misconfiguration, PowerSchool data breach, and Apple CPU speculative execution side-channel vulnerabilities. — risky-business
Sponsored podcast episode discusses Island enterprise browser’s compliance capabilities, covering how the browser-based security solution addresses multiple cybersecurity and regulatory compliance requirements. — risky-business
Cybersecurity podcast covers SEC cyber incident reporting results, China Telecom potential US expulsion, potential NSA/CYBERCOM leadership split, Cl0p ransomware crew claiming Cleo hack responsibility, and Apache Struts file upload vulnerability. — risky-business
SentinelOne’s Chief Intelligence and Public Policy Officer Chris Krebs discusses Chinese cyber operations including Salt Typhoon and Volt Typhoon campaigns, covering 20 years of operations by China’s Ministry of State Security and People’s Liberation Army. The podcast was recorded live in Sydney at the Museum of Contemporary Art. — risky-business
Multiple cybersecurity developments including widespread attacks on Cleo file transfer appliances with remote code execution vulnerabilities, Snowflake phasing out password authentication, U.S. sanctions on Chinese Sophos exploit developer, and research on AMD encrypted VM vulnerabilities. Romania’s election was rolled back due to TikTok interference. — risky-business
Yubico introduces pre-registration feature for enterprise Yubikeys allowing organizations to ship pre-registered hardware tokens to staff with Okta and Entra ID integrations. COO Jerrod Chong also discussed cybersecurity concerns for critical infrastructure in Singapore’s energy sector. — risky-business
Cybersecurity roundup covering FTC investigation of Microsoft, cyberattacks on Exxon opponents, Russian hacker sentencing trends, federal recommendation to use Signal after telecom breaches, and South Korean set-top-box manufacturer shipping DDoS malware. Corelight discusses cloud detection and network monitoring approaches. — risky-business
Salt Typhoon attacks on U.S. telecommunications providers characterized as a national security disaster with significant impact and difficult remediation. Additional coverage includes Blue Yonder ransomware attack disrupting U.S. supply chains, Russian WiFi-based espionage, and Palo Alto security issues. — risky-business
Palo Alto Networks patched critical vulnerabilities in its firewall management web application, while Microsoft announced post-CrowdStrike changes and CISA Director Jen Easterly announced her departure ahead of the Trump administration. Research also highlighted that phishing training programs remain ineffective. — risky-business
CISA reported that most Known Exploited Vulnerabilities in 2023 were initially exploited as zero-days, while Apple introduced iOS auto-reboot features that frustrate law enforcement access. Russian incident responders also discovered advanced Linux-based espionage malware. — risky-business
Sublime Security’s co-founder discusses new approaches to email security, challenging traditional black-box email security solutions used by incumbent vendors. — risky-business
Sophos conducted an active defense campaign by deploying implants on Chinese firewall exploit developers, while Microsoft developed improved just-in-time Windows admin privilege systems and the Snowflake hacker was arrested in Canada. Okta also patched an authentication bypass vulnerability. — risky-business
SEC fines Check Point, Mimecast, Avaya, and Unisys for downplaying impacts of the SolarWinds breaches, while cybersecurity news covers Anonymous Sudan’s suspected Russian ties, Apple’s proposed 10-day TLS certificate life, Microsoft cloud logging failures, and vulnerabilities in Veeam and Fortinet. — risky-business
Chinese intelligence services compromised western telecommunications lawful intercept systems, while cybersecurity news covers attacks on the Internet Archive, Microsoft threat reporting, federal cryptocurrency sting operations, and vulnerabilities in Fortinet, Palo Alto, and Ivanti products. — risky-business
CISA data reveals valid account credentials are the most prevalent entry point for cyber intrusions, while security news covers the Hezbollah pager explosions, US actions against Russian disinformation network RT, Australia’s Pacific counter-influence operations, and vulnerabilities in Ivanti and Fortinet products. — risky-business
Microsoft reverses a critical security patch in an ‘un-patch Tuesday’ incident, while security news covers DOJ actions against Russian disinformation operations, Telegram’s newfound cooperation with law enforcement, Iranian banking ransomware payments, and Colombia’s investigation into cash payments for Pegasus spyware. — risky-business
Podcast episode features pitches from three cybersecurity vendors: Authentik (open-source identity provider), Dropzone AI (LLM-based SOC analyst automation), and SlashID (identity security log analysis platform). — risky-business
Security news roundup covering Iranian APT-ransomware cooperation, North Korean exploitation of Chrome-Windows zero-day, Yubikey cloning vulnerability, and White House initiative to address unsigned BGP announcements. Episode sponsored by Okta discussing their acquisition of Spera Security for Identity Security Posture Management. — risky-business
Security news including Telegram founder’s arrest in France, Volt Typhoon zero-day exploitation of SD-WAN equipment, Russian concerns over Ukrainian access to Kursk webcams, and Active Directory name collision vulnerabilities. Sponsored by Nucleus Security discussing vulnerability management. — risky-business
Security news featuring Microsoft’s mandatory MFA requirement for Azure admins, confirmation of Iranian hack of Trump campaign, National Public Data breach affecting 3 billion records, and security concerns over TP-Link routers and Chinese RFID manufacturers. Sponsored by Specter Ops discussing Bloodhound Enterprise’s unified AD and Entra attack path mapping. — risky-business
Former CISA Director Chris Krebs and former Facebook CISO Alex Stamos discuss expected cyber-enabled interference in the 2024 US presidential election, drawing on their experiences securing the 2020 and 2016 elections respectively. — risky-business
Security podcast covers Iran’s 2024 election hack-and-leak operation, CrowdStrike’s DEF CON ‘Epic Fail’ award, UK healthcare SaaS MFA fine, and Black Hat/DEF CON research including DARPA’s AI Cyber Challenge where Trail of Bits advanced to finals. — risky-business