CyberWire Daily - A heavy patch Tuesday lands.
Episode Date: April 15, 2026Patch Tuesday. CISA directs furloughed employees back to work. Experts warn Anthropic’s Glasswing signals a new era of AI-driven vulnerability discovery. Federal prosecutors crack down on chip smu...ggling. Sweden says a pro-Russian cyber group attempted to disrupt power plant operations. A fake app in Apple’s App Store drains crypto wallets. Virginia bans the sale of precise geolocation data. Our guest is Johnny Hand, VP for AI Excellence at TrendAI, discussing AI operational discipline. Do you need to buy a separate seat for your AI agent? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today on our Industry Voices segment, we are joined by Johnny Hand, VP for AI Excellence at TrendAI, discussing AI operational discipline and real-world cyber impact. If you enjoyed this conversation, check out the full interview here. Selected Reading Microsoft Patch Tuesday for April 2026 fixed actively exploited SharePoint zero-day (Security Affairs) ICS Patch Tuesday: 8 Industrial Giants Publish New Security Advisories (SecurityWeek) Adobe Patches 55 Vulnerabilities Across 11 Products (SecurityWeek) CISA Workers Recalled Despite Shutdown (GovInfoSecurity) CISA cancels summer internships for cyber scholarship students amid DHS funding lapse (CyberScoop) Anthropic’s Mythos signals a structural cybersecurity shift (CSO Online) We’re only seeing the tip of the chip-smuggling iceberg (CyberScoop) Swedish power plant targeted by pro-Russian group in 2025, government says (Reuters) Exclusive: Russia-linked hackers compromised scores of Ukrainian prosecutors’ email accounts, data shows (Reuters) Users lose $9.5 million to fake Ledger wallet app on the Apple App Store (web3isgoinggreat) Virginia enacts ban on precise geolocation data sales as momentum for similar prohibitions builds (The Record) Microsoft exec suggests AI agents will need to buy software licenses, just like employees (Business Insider) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyberwire Network, powered by N2K.
Today's sponsor, Rapid 7, has an irresistible invitation for you Sissos and security practitioners out there.
A free two-day virtual summit, the subject, preemptive security.
Join the Global Cybersecurity Summit on May 12th and 13th from wherever you like.
A-list speakers will show you how organizations are disrupting attacks before they can blow towards.
your day. You'll see how
exposure management, MDR,
and AI together let you
make the decisive move.
Registration is open at
rapid7.brighttalk.com.
We got your patch Tuesday update.
Sisa directs furloughed employees back
to work. Experts warn
Anthropics Glasswing signals a new
era of AI-driven vulnerability
discovery. Federal prosecutors
crack down on chip smuggling.
Sweden says a pro-Russian cybergroup
attempted to disrupt power plant operations.
A fake app in Apple's app store drains crypto wallets.
Virginia bans the sale of precise geolocation data.
Our guest is Johnny Hand, VP for AI excellence at Trend AI,
discussing AI operational discipline.
And do you need to buy a separate seat for your AI agent?
It's Wednesday, April 15th, 2026.
I'm Dave Bittner, and this is your Cyberwire Intel briefing.
Thanks for joining us here today. It is great, as always, to have you with us.
Yesterday was Patch Tuesday, and Microsoft addressed 165 vulnerabilities, including an actively
exploited SharePoint server spoofing flaw. Eight vulnerabilities are rated critical, most
others important. The SharePoint issue stems from improper input validation and may allow
attackers to view or modify sensitive information. Other notable fixes include remote code
execution risks in Windows TCPIP and Internet key exchange services, plus a Microsoft Defender
Privilege escalation flaw. Researchers note the TCPIP issue could enable unauthenticated
code execution under certain configurations. Multiple industrial control system vendors
released new security advisories following patch Tuesday.
Siemens issued nine advisories, including critical Wi-Fi flaws in Scalance W-700 devices
and high-severity issues in Cinec NMS, rugged-com crossbow, and industrial edge management.
Aviva disclosed a critical authorization flaw in pipeline simulation.
Rockwell warned customers to disconnect Internet-exposed PLCs after reported.
threat activity. Adobe's latest patch Tuesday resolves 55 vulnerabilities across 11 products,
with five critical cold fusion flaws receiving the company's highest patch priority rating.
The cold fusion issues could allow attackers to bypass security controls, read system files,
and execute arbitrary code. Additional critical code execution bugs affect acrobat reader,
Photoshop, Illustrator, and others.
Adobe reports no in-the-wild exploitation for these flaws,
though a separate Acrobat Zero Day disclosed earlier
appears to have been exploited for months.
The Cybersecurity and Infrastructure Security Agency
has directed furloughed employees to return to work
despite an ongoing federal funding lapse
that reduced operation for weeks.
Department of Homeland Security officials ordered all employees,
accepted and non-accepted, back to paid duty status after nearly eight weeks of furloughs affecting tens of
thousands. During the lapse, only mission essential staff remained active, while proactive threat-hunting,
vulnerability management, and resilience program slowed or stopped. Officials say back pay is being
processed, though future compensation still depends on congressional action. Prolonged staffing reductions
placed federal cyber defenses into a reactive posture
and may leave lingering gaps across critical infrastructure support activities.
SISA has canceled its summer CyberCore Scholarship for Service internships,
citing ongoing funding issues at the Department of Homeland Security.
Emails to applicants confirmed no interns will be on-boarded this year,
marking a second consecutive disruption for some participants.
The National Science Foundation,
the program with the Office of Personnel Management and DHS,
and officials say they expect most eligible students
to be placed elsewhere within months.
The cancellations disrupt a key federal cybersecurity talent pipeline
during broader hiring uncertainty and workforce reductions.
A briefing from the Cloud Security Alliance warns,
Anthropics Project Glasswing signals the start of a sustained wave
of AI-driven vulnerability discovery that security teams must prepare for now.
Contributors, including former CISA director Jen Easterly, Bruce Schneier, and former National
Cyber Director Chris Inglis, concluded Glasswing is an early example of capabilities expected to scale
rapidly.
The report says Anthropics Claude Mythos Preview autonomously identified thousands of vulnerabilities
and generated working exploits across major platforms.
Testing by the UK AI Security Institute found,
the model completed a 32-step corporate network attack simulation
faster than humans typically require.
Researchers say the window between discovery and weaponization
is shrinking to hours,
creating patching pressure and shifting cyber-risk planning
toward board-level concern.
Federal prosecutors have charged
six individuals with smuggling billions of dollars worth of advanced artificial intelligence
chips to China, underscoring gaps in U.S. export control enforcement. Recent cases include three
people linked to super microcomputer, accused of routing about $2.5 billion in chips through Taiwan
and other locations using falsified warehouses, and three others charged with shipping chips
via contacts in Thailand.
Officials say the activity reflects persistent demand inside China
despite U.S. restrictions,
while enforcement funding totaled $122 million in 2025,
far below the scale of suspected trafficking.
Ongoing smuggling weakens export controls
intended to limit China's access to advanced computing power
tied to national security concerns.
Sweden says a pro-Russian cybergrows,
cyber group attempted to disrupt operations at a thermal power plant in spring of 2025,
but built-in protections prevented damage.
Civil Defense Minister Karl Oscar Bolin said Sweden's security police linked the actor to Russian
intelligence and security services.
Officials report hybrid attacks tied to Russia have become more frequent and more dangerous
since the invasion of Ukraine, including attempts to move beyond denial of service
activity toward destructive operations targeting European infrastructure.
Attempted intrusions against energy infrastructure signal continued pressure on critical systems
across Europe. Elsewhere, Russia-linked hackers compromised more than 170 email accounts
belonging to Ukrainian prosecutors and investigators, part of a broader campaign affecting
at least 284 inboxes across Europe. Data reviewed by Reuters and discovered by
researchers at Control Alt Intel shows the activity occurred between September 24 and March of this year.
Targets included Ukraine's specialized prosecutor's office in the field of defense, asset recovery and
management agency, and prosecutor's training center, along with military and government accounts in
Romania, Greece, Bulgaria, and Serbia. Researchers attributed the campaign to a Moscow-linked group,
though attribution to fancy bear remains disputed by some analysts.
The operation suggests sustained intelligence collection
against officials investigating corruption, espionage, and collaboration tied to Russia.
A fake version of the Ledger Live cryptocurrency wallet app distributed through Apple's App Store
has been linked to at least $9.5 million in theft, affecting more than 50 victims.
The fishing campaign ran from April 7th through April 13th and targeted users across Bitcoin, Ethereum-compatible networks, Tron, Solana, and XRP.
Victims were prompted to enter recovery phrases, giving attackers control of their wallets.
Blockchain investigator Zach XPT traced stolen funds through more than 150 Q-coin deposit addresses
and a mixing service known as Audi A6.
Apple later removed the app from the app store.
Trusted software marketplaces remain effective delivery channels
for credential theft targeting high-value crypto assets.
Virginia has enacted a new law banning the sale of precise geolocation data,
signaling growing momentum among states
to restrict data broker access to sensitive location information.
The measure prohibits sales of location data within a 1,750-foot radius, limiting the ability to identify where individuals live, work, worship, or seek services.
The amendment to Virginia's existing privacy law passed with unanimous bipartisan support and takes effect July 1st.
Similar restrictions already exist in Maryland and Oregon, while California, Connecticut, Massachusetts, and Vermont are considering religious.
legislation. Policymakers and regulators have raised concerns that location data has been used to
track national security officials and people visiting reproductive health clinics. Titer controls on
geolocation data could reshape data broker practices and reduce risks tied to stalking,
targeted scams, and sensitive location tracking.
Coming up after the break, my conversation with Johnny Hand, VP for AI Excellence at
trend AI. We're discussing AI operational discipline. And do you need to buy a separate seat for your
AI agent? Stay with us. And now a word from our sponsor, Arcova, formerly Morgan Franklin Cyber.
Arcova is a global cybersecurity and AI consulting firm built by practitioners who've been in the seat.
They work directly with enterprise teams to solve complex security challenges, building secure-by-design
programs that hold up as technology and threats evolve. From focused engagements to long-term
partnership, Arcova delivers outcomes that endure because no one should navigate complexity alone.
Learn why leading global enterprises trust Arcova at www.orgova.com. That's A-R-C-O-V-A.com.
No, it's not your imagination. Risk and regulation really are ramping up, and these days,
customers expect proof of security before they'll even do business.
That's where Vanta comes in.
Vanta automates your compliance process and brings compliance, risk, and customer trust together
on one AI-powered platform.
So whether you're getting ready for a SOC2 or managing an enterprise governance risk and
compliance program, Vanta helps keep you secure and keeps your deals moving.
Companies like Ramp and Writers spend 82% less time on audits with Vantan.
Vanta. That means less time chasing paperwork and more time focused on growth.
For me, it comes down to this. Over 10,000 companies from startups to large enterprises
trust Vanta to help prove their security. Get started at vanta.com slash cyber.
Johnny Hand is VP for AI Excellence at Trend AI. I got together with him at the RSAC
2026 conference for this sponsored industry voices conversation about AI operational discipline
and real world cyber impact.
And this idea of offloading or off-sourcing everything to AI, we risk our most valuable
resource, which is our human context, our creativity, our ability to understand contextually,
like in the environment, those things. Those are really hard challenges for AI to tackle.
And yet we are kind of like expected.
to offload that. So when I think about operations, it's human-centric.
We are back at RSAC 2026, right here live on the show floor where everything is happening.
And it is my pleasure to be joined by Johnny Hand. He is the VP for AI Excellence at Trend
AI. Johnny, thanks so much for taking the time for us today. Thank you for having me. I'm excited
to be here at RSA. Before we dig into some of the things we want to talk about, I would love to learn a
little more about you, your professional journey of where you got your start and what led you to
where you are today? Yeah, it starts back in 2006. I was in the Navy working in technology and then
kind of got pushed into the role of an information assurance manager, kind of a newly developed
thing and worked and got my CISP, which was a big moment back then, and then just really fell in love
with the idea of defending from a cybersecurity perspective. And then,
worked through that, kind of grew up in leadership,
had the opportunity uniquely to work with SEAL teams
and do operations with SEAL teams,
which was a fairly unique thing in my role,
but learned so much, fell in love with operations, which was great.
And that really gave me this contextualization
of how an organization works,
which just made me a better cyber defender.
And as I was getting ready to get out of the Navy,
in 2012 to 2014, I joined,
the Navy Cyber Defense Operations Command, which at the time was the only really 24-7 security
operation center for the entire DOD. So we, with the Department of Defense, we actually deployed
all of the IPS sensors and the defensive mechanisms for kind of our global information grid.
And I worked in that group there with a large SOC and then leading operations from that perspective
and really kind of took those points I learned from doing special operations
and applied that with defensive cyber folks,
which was fun and different for many of them
because they've never done operations.
And then I got out in 2014,
looked at moving into the civilian sector,
and had an opportunity to start with the Savannah College of Art and Design.
Oh, Skad.
That's good, yeah, which was great because it's a creative field,
which is very unique.
It was early in 2013 and 2014, they were actually really aggressive about wanting to build a cybersecurity program, which was unique not only in the university landscape, but certainly unique for an art school.
Right.
And had the opportunity to just kind of like make it my own, take some of those practices I learned from defensive cyber operations and really build a solid team that I was very proud of.
And just recently, literally 90 days ago, I had an opportunity to move over for.
from the customer perspective and jump into this journey with trend AI as they launched into
enterprise security and started really focusing on advancing AI, defending AI, and becoming number
one really in AI security globally.
Explain to me what AI operational excellence means.
It's a great question because we have so many AI terms out there.
And I think, if I'm being honest, we probably get, you know, blanket marketed with AI terms.
That one came about because of really a simple context, which is this idea that we kind of, if you will, fantasize a little bit about what AI could do for you, but we don't root it in what AI is actually doing for you.
And I love, I talked about operations.
I love the applicability of technology, like in a real meaningful and impactful way.
So as we talked about the opportunity with Trend AI, I said, hey, let's make sure that not only are we,
securing AI, but we're doing it, you know, in a meaningful way. And I always use the,
the old adage that the high tide lifts all boats. And I think what we really want is we expect
AI to be that high tide that kind of lifts everybody up, creates efficiencies, you know,
makes us more efficient and with less friction. But if I'm being honest, I don't think we've realized
that very well. And so my focus with Trend AI is to help the organization in a meaningful way
adopt technologies and innovation that actually applies to everyone in the organization
and allows us to move faster, more efficient, with less fragmentation.
I think if I could build off of your metaphor, I suspect there are a lot of people here
walking around this show floor who fear that they may be knocked over by the wave of AI,
not just rise with the tide, but, you know, get smacked in the back by that wave and go tumbling
through the surf.
Yeah.
Is that a perspective that you have empathy for?
100%.
Yeah.
I think that the fear of the unknown gets amplified
because in the generation of AI that we're doing today
and the excitement of it,
we're kind of like rushing full speed ahead.
In fact, the innovation and the adoption is happening so fast.
In a way that, honestly, I haven't seen in other technologies.
You've seen a lot of technologies that come through the enterprise.
Maybe they're targeted towards businesses and adopted in an organizational level.
We talk about cloud security and even go back to data centers and virtualization.
But AI really came to the forefront for the consumer first with OpenAI dropping chat GPT.
People were really excited about it.
So you had this eagerness and excitement kind of frothing around.
But then as everyone was running with it, then we said, whoa, wait a minute.
And there's a very real sense of fear from people going,
hey, is this going to take my job?
Like, am I going to be outsourced?
Like, am I done?
And I think it's a very legitimate concern.
I don't know if we look at it through the right lens all of the time.
And I think part of that comes from not just understanding the pace and the speed at which AI is being innovated right now.
When you think about the challenges that the security industry has when it comes to AI,
and given the reality of where we are,
I think it's fair to say we're still in the midst of a hype cycle.
What are the things that are top of mind for you
when you think about the things we have to figure out,
the challenges we have to face?
Yeah.
You know, one of the, I'll kind of slow this one down a little bit
because I think it's the thing that everyone talks about,
everyone's afraid about, is like,
what's really happening with AI?
How do I filter the noise?
How do I get through the marketing high?
How do I, you know, find a way that it can be really beneficial for me?
And that's kind of the big challenge that feeds a lot of the fear.
I think when I look at it, what I often do is I kind of go back to my old, you know,
cybersecurity days.
And it's like, what's my risk?
And like, what's my real exposure?
So if we look at AI adoption today, people are adopting it really quickly.
We're innovating very fast, but we're not stopping and asking what we're doing with it.
So like if I was stepping into an organization today and I did this with Trend AI,
the first thing I want to see is, well, what are you using it?
Right?
Like, where's my exposure?
Not only what are you using, but how are you using it?
What are you putting into it?
Right?
What are your inputs?
What's the data sources on these?
And do you have management and control over that so that you just understand what your
exposure really is?
And I think the pace at which we're moving is bypassing a lot of that honest conversation
for the sake of showcasing innovation.
All right, well, Johnny Hand is VP of AI Excellence with Trend AI.
Johnny, thanks so much for taking the time for us.
Thank you for having me. I appreciate it.
My pleasure.
There's a lot more to this conversation than we have time to share here,
so please check out the full unedited interview.
You can find a link to that in our show notes.
Most environments trust far more than they should, and attackers know it.
Threat Locker solves that by enforcing default deny at the point of execution.
With Threat Locker Allow listing, you stop unknown executables cold.
With ring fencing, you control how trusted applications behave.
And with Threat Locker DAC, defense against configurations, you get real assurance
that your environment is free of misconfigurations and clear visibility into whether
you meet compliance standards.
Threat Locker is the simplest way to enforce zero-trust principles without the operation.
pain. It's powerful protection that gives SISO's real visibility, real control, and real peace
of mind. Threat Locker make zero trust attainable, even for small security teams. See why thousands of
organizations choose Threat Locker to minimize alert fatigue, stop ransomware at the source, and regain
control over their environments. Schedule your demo at Threatlocker.com slash N2K today.
When it comes to mobile application security, good enough is a risk.
A recent survey shows that 72% of organizations reported at least one mobile application security incident last year,
and 92% of responders reported threat levels have increased in the past two years.
Guard Square delivers the highest level of security for your mobile apps without compromising performance, time to market, or user-experienced.
experience. Discover how Guard Square provides industry-leading security for your Android and iOS apps
at www.gardesquare.com. And finally, Microsoft says a future workforce of AI agents may each need
their own software, logins, inboxes, and paid licenses, effectively turning automation into a new
category of enterprise seat. Microsoft executive.
Rajesh Ja suggested companies could deploy more agents than employees, yet still purchase more licenses
because each agent would count as a user. Some analysts disagree, arguing fewer humans overseeing
automated systems could instead reduce seat demands and pressure vendors to rethink pricing.
The debate hinges on whether agents are independent workers or simply tools acting on behalf of
people. Treating software bots as billable coworkers could reshape enterprise pricing models and perhaps
redefine headcount in ways finance teams did not previously anticipate. And that's the Cyberwire,
or links to all of today's stories. Check out our daily briefing at thecyberwire.com. We'd love to know
what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the
rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your
favorite podcast app. Please also fill out the survey in the show notes or send an email to
Cyberwire at N2K.com. N2K's lead producer is Liz Stokes. We're mixed by Trey Hester with original
music and sound design by Elliot Peltzman. Our contributing host is Maria Vermazas. Our executive
producer is Jennifer Ibn. Peter Kiltney is our publisher, and I'm Dave Bittner. Thanks for listening.
We'll see you back here tomorrow.
When a country's productivity cycle is broken,
people feel it in their paychecks, their communities, their futures.
What does this mean for individuals, communities, and businesses across the country?
Join business leaders, policymakers, and influencers
for CGs' national series on the Canadian Standard of Living,
productivity and innovation.
Learn what's driving Canada's productivity decline
and discover actionable solutions to reverse it.