CyberWire Daily - Azure you concerned?
Episode Date: July 8, 2026Accenture confirms a data breach. An Australian telecom investigates a nationwide outage. It’s shields up for the UK. CISA eyes September for its critical infrastructure reporting rule. NewsJunkie f...akes CTV ad traffic. Agentic AI triggers EDR. CISA taps Mythos for vulnerability scans. Meta faces trillion dollar fines in state lawsuits. Our guest is Russ Anderson, COO and co-founder of RapidFort, sharing a coordinated industry effort to harden the world’s most critical open source software against AI-enabled cyber threats. When it comes to breaches, mum’s the word. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Russ Anderson, COO and co-founder of RapidFort, is sharing the Linux Foundation's Akrites initiative, a coordinated industry effort to harden the world’s most critical open source software against AI-enabled cyber threats. Selected Reading Accenture confirms breach after hacker offers stolen data for sale (Bleeping Computer) Nationwide Telstra outage disrupts thousands, raises questions of foreign launched cyberattack (The Nightly) Britain plans to build autonomous AI 'Cyber Shield' to defend nation (The Record) CISA Eyes September Date for Final Cyber Incident Reporting Rule (MeriTalk) HUMAN Security Disrupts CTV Device Spoofing Operation "NewsJunkie" (Globe Newswire) When AI agents look like attackers: what behavioral telemetry tells us (SOPHOS) Space Force adds Relativity, Impulse Space to national security launch program. (Space News) CISA Deploys Anthropic’s Mythos AI to Hunt Vulnerabilities in U.S. Government Code (Security Affairs) Mark Zuckerberg’s biggest legal nightmare yet could cost Meta $1.4 trillion (The Independent) Most cybersecurity workers have been told to conceal a breach, report finds (Cybersecurity Dive) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyberwire Network, powered by N2K.
Heading to this year's Black Hat USA, the N2K Cyberwire team will be on site recording from our podcast studio in the SpectorOps Kennel Club.
If you're interested in joining us for a conversation or learning more about what we're recording throughout the week, visit sponsor.com for more information.
And make sure you stop by the studio and meet the N2Siberwire.
2K Cyberwire team.
We'll see you there.
What's the one thing in business that's spreading as fast as AI?
AI risk.
Every new tool your team signs up for, every vendor that turns on AI features, every new integration.
Each one is an opportunity for something to go wrong.
And most security programs weren't built for AI's pace of growth.
Enter Vanta.
Vanta is the number one agentic trust platform, used by over 16,000.
fast-moving companies like Ramp, Cursor, and Harvey to ensure they're always audit-ready.
And now Vanta is helping companies like yours watch for the risks that show up between audits,
across your vendors, your AI tools, and your whole environment.
How?
The Vanta agent works like a 24-7 GRC engineer in the background,
finding issues, drafting fixes, and cutting vendor assessment time by up to 50%.
Whether you're a fast-growing startup or a global enterprise,
Vanta is here to help you automate your security and compliance and earn and prove trust.
Get started today at Vanta.com slash cyber.
That's V-A-T-A dot com slash cyber.
Accenture confirms a data breach.
An Australian telecom investigates a nationwide outage.
It's shields up for the UK.
Sisa I's September for its critical infrastructure.
reporting rule. News junkie fakes CTV ad traffic. Agentic AI triggers EDR. Sissa taps
mythos for vulnerability scans. Meta faces trillion-dollar fines in state lawsuits. Our guest is
Russ Anderson, C.O. and co-founder of Rapid Fort, sharing a coordinated industry effort to harden the
world's most critical open-source software against AI-enabled cyber threats. And when it comes to breaches,
mums the word.
It's Wednesday, July 8, 26. I'm Dave Bittner, and this is your Cyberwire Intel Briefing.
Thanks for joining us here today. It's great as always to have you with us.
Accenture has confirmed a security breach after a threat actor known as 888 claimed to have stolen 35 gigabytes of company data and offered it for sale on a cybercrime forum.
The alleged data includes source code, RSA, and SSHP.
keys, Azure Personal Access Tokens, Azure Storage Access Keys, and Configuration Files. To support the claim,
the actor shared a screenshot appearing to show an Azure DevOps repository hosted under an Accenture
domain, though the full scope of the breach has not been independently verified. Accenture said it
remediated the issue and that operations and service delivery were unaffected, but declined to confirm what data
was accessed, how attackers gained entry, or whether customer information was impacted.
The company previously experienced breaches in 2021 and 2024.
In Australia, Telstra is continuing to investigate the cause of a nationwide outage
that disrupted mobile, internet, and transport services, with the company saying it cannot
yet rule out either human error or a cyber attack. Acting CEO Michael Ackland said,
there's currently no evidence of malicious activity, but investigators are examining all possibilities
alongside government agencies and regulators. The outage has been linked to a time synchronization error
affecting Telstra-operated data centers in Melbourne and Sydney, disrupting data and voice
services. Thousands of customers were affected, with more than 7,500 outage reports logged,
and some emergency calls requiring follow-up welfare checks.
The incident also forced train suspensions in Victoria and New South Wales,
underscoring concerns about the resilience of Australia's critical telecommunications infrastructure.
Britain's National Cyber Security Center has unveiled plans for Cyber Shield,
a sovereign cyber defense initiative that will use AI to identify and remediate cybersecurity weaknesses
across government networks and critical national infrastructure.
The program is intended to counter AI-enabled cyber threats that can rapidly accelerate reconnaissance and vulnerability discovery,
potentially overwhelming traditional defenses.
Cyber Shield envisions paired AI red agents that probe for vulnerabilities and blue agents that defend systems in real time,
under the control of infrastructure operators.
While some capabilities such as automated network scanning already exist,
fully autonomous vulnerability remediation will require further research.
The NCSE plans to test the system with government and critical sector partners
before expanding it commercially, while inviting industry and academia to help develop the initiative.
SISA plans to finalize its Cyber Incident Reporting for Critical Infrastructure Act reporting rule in September.
The rule will require covered critical infrastructure organization,
to report significant cyber incidents within 72 hours and ransomware payments within 24 hours.
SISA is reviewing public feedback that urged the agency to reduce reporting burdens,
clarify key definitions, and better align the requirements with existing federal reporting obligations.
The rule has been delayed several times after missing its original October 2025 statutory deadline.
security has uncovered and disrupted a coordinated connected TV ad fraud operation dubbed
news junkie, which generated large volumes of invalid advertising traffic disguised as premium
CCTV inventory. According to the company's Satori threat intelligence and research team,
the campaign exploited the limited visibility available in CTV environments by spoofing,
device, application, and IP information through server-side ad insertion. A more advanced variant
also used residential IP addresses paired with forged device details to evade detection. At its peak,
the operation produced hundreds of millions to nearly two billion invalid bid requests per day
for individual sellers. Humans said the fraud highlighted the need for end-to-end supply chain
visibility to detect increasingly sophisticated CTV advertising threats and confirmed the operation
has been disrupted for its customers.
Researchers at Sophos report that AI coding agents, such as Claude Code, cursor, code, and
G-Stack are increasingly triggering endpoint security detections because their behavior often
resembles attacker activity. Analysis of telemetry from Sophos's behavior.
engine found frequent detections involving credential access, execution, command and control,
and defense evasion techniques.
Examples included decrypting browser credentials, accessing Windows Credential Manager,
using PowerShell, downloading software through legitimate Windows utilities, and writing files
to startup folders.
While these actions were generally part of legitimate automation, they closely matched
techniques commonly used by threat actors.
Sophos concludes that existing behavioral protections are functioning as intended, but will
require ongoing refinement as AI agents become more common, emphasizing that organizations must
establish clear policies governing what AI agents are permitted to do on enterprise
endpoints.
The U.S. Space Force has expanded the field of companies eligible to compete for National Security
launch contracts. With the latest on that, our own Ethan Cook.
Thanks, Dave. On Tuesday, the U.S. Space Force announced it was widening the field of companies
that are eligible to compete for national security launch contracts. With this expansion,
the Space Force is adding launch startup relativity space and orbital transportation company
impulse space to its roster of commercial providers. This move is a part of an effort to
diversify how military satellites reach orbit. Notably, unlike traditional contract awards,
Definite quantity or ID IQ contracts will not guarantee launch business.
In these contracts, companies are placed into a pre-qualified pool of companies that the Space Force can then solicit bids from as the need for missions arise.
Other companies in this pool include SpaceX, United Launch Alliance, Blue Origin, Rocket Lab, and Stoke Space.
For the T-minus Space Cyber Briefing, this is producer Ethan Cook. Back to you, Dave.
That's the CyberWire's Ethan Cook. Be sure to check out.
the Cyberwire Pro business briefing written by Ethan that is on our website part of Cyberwire
Pro. Sisa is reportedly using Anthropics Mythos AI model to scan federal code repositories for
security vulnerabilities before they can be exploited by foreign intelligence services or cybercriminals.
According to Reuters, the effort is led by Sissa's attack surface evaluation team,
with sources saying the tool has already identified a significant number of flaws,
although the affected agencies and severity have not been disclosed.
Mythos, Anthropics' most advanced cybersecurity-focused AI model
is also reportedly being used by the National Security Agency.
The deployment follows earlier tensions between Anthropic and the U.S. government over AI safeguards,
but the relationship has since improved.
The initiative reflects growing government interest in using advanced AI to strengthen proactive cyber defense.
Meta platforms could face up to $1.4 trillion in penalties in a lawsuit brought by California, Colorado, Kentucky, and New Jersey,
which allege the company deliberately designed Facebook and Instagram to be addictive for children while misleading the public about their safety.
Mehta denies the allegations, calling the proposed penalties unprecedented and unsupported by the evidence.
The case heads to trial in August, where the court will also consider claims from 29 states
alleging violations of the Children's Online Privacy Protection Act by collecting children's data without proper parental consent.
Meta faces additional lawsuits from other states over similar allegations.
The litigation is part of broader legal scrutiny.
of social media companies over claims that their platforms intentionally encourage excessive use
among children and contribute to mental health harms.
Coming up after the break, my conversation with Russ Anderson from Rapid Fort.
He's sharing the coordinated industry effort to harden the world's most critical open source
software.
And when it comes to breaches, mum's the word.
Stay with us.
AI is making fishing attacks fast.
more convincing and harder for people to spot, and traditional security awareness and fishing
training weren't designed for this level of attack. Hoxhunt helped security teams prepare
employees for the attacks they face every day, with personalized fishing training that adapts
to each employee and reduces risky behavior over time. For IT and security leaders looking to
strengthen their human layer of defense without adding more manual work, visit hoxhunt.com
slash cyberwire to learn more. That's h-o-x-h-U-N-T dot com slash cyberwire. This episode is supported by Black Hat USA.
If you follow the research, you know a lot of it breaks on Black Hat stages. Hundreds of peer-reviewed
briefings, more than 100 hands-on trainings, and the largest business hall in Black Hat's history.
Six days to learn the skills you'll need tomorrow. August 1st to the 6th. Use code
Cyberwire for $200 off your briefings pass at blackhat.com.
We'll see you in Vegas.
Russ Anderson is COO and co-founder of Rapid Fort.
Today we're discussing the Linux Foundation's Akrites Initiative,
a coordinated industry effort to harden the world's most critical open-source software
against AI-enabled cyber threats.
I think this is a collaborative effort that stemmed from numerous conversations
across both the AI foundational model community
and the cyber security model community
in terms of what are we going to do now
from a defensive perspective
given the power that these new models have.
So it was a conversation
that the Linux Foundation centralized
across a number of stakeholders
both in industry and government
from what I understand.
And so give us the details here
of what you all are setting out to do.
Well, bear in mind it's a community effort, and while rapid fortress on the governing body,
fundamentally, what we're endeavoring to do is to empower the existing open source community
to continue to maintain their software.
And there are a couple of challenges in doing that in the sense that the way vulnerabilities
were historically discovered and reported moved at, shall we say, human speed,
and now there's a need to move at machine speed.
And so a lot of these social constructs in the vulnerability reporting ecosystem
now essentially need to be upgraded or updated
while not reducing the role of the fundamental asset of the open source community,
which is the open source community maintainers themselves.
So it's an effort designed to essentially empower the existing ecosystem
to respond to these new AI threats.
And how do you plan on striking that balance
between the historically human side of open source software
and, as you say, that need to increase the velocity?
Well, it's not easy, and it's not easy for many reasons,
but fundamentally the model is one of inclusivity
in the sense that the open source community,
the fundamental issue we need to overcome,
is that there's tremendous transparency in the way,
vulnerabilities were discovered and reported.
But it's that transparency itself, which is essentially providing the opportunity for
AI enabled malicious actors to take advantage of it.
For example, in the past when a vulnerability was disclosed, a human would need to take
that vulnerability essentially exploited, and that took days, if not weeks.
And so the ecosystem had enough essentially time in it to respond.
Now that same vulnerability can be taken essentially from anywhere upstream and weaponized in hours.
And so a manual response is no longer viable.
And so it's how do you marry the benefits of AI automation with the merits of human-enabled open-source collaboration?
and that's kind of the challenging part.
And so if you read what is in the public domain with Eritus,
it's essentially somewhat segmenting that disclosure
and then enabling it, enabling the remediation with AI tools.
And so members essentially of this community will get advanced notifications
and then the tools to fix these things at the machine speed they need to match.
And so what does the future state look like to you? What are you envisioning this as it plays out?
That's an excellent question. There's a happy path and there's a not happy path.
And the happy path is efforts like this are able to harness the power of AI in collaboration with human efforts.
And there is actually a very unhappy path where AI causes the fragmentation or the overwhelming
of the open source community, which would be a tremendous loss in the sense that the open source
community up until this point had been an economic asset to all economies, all people everywhere.
The ability to get free software was one of the drivers of a lot of the economic growth that we've
seen in the last 15 to 20 years. And so if that would be imperiled, I think everyone would be
worse. You know, it strikes me that by its very nature,
the open source community is kind of diffuse.
And I think that's for many years been a feature,
not necessarily a bug.
But how do you address that naturally diffuse nature
when you're trying to create this organizing movement
that is inclusive, as you say?
It's not easy to do.
And this is why I think that this project
is so needed and it's going to be such a challenge.
The open source community have really provided tremendous benefit
while not being paid, not being compensated,
and sort of delivering a lot of value.
And they don't necessarily want to apply patches
and do a lot of the essentially the maintenance of these open source systems
because they're much more motivated by building new features and capabilities.
And so one of the challenges are,
for the open source community is they're starting to have to do a lot of the really mundane and drudgery kind of activities that typically are normally compensated.
And so I don't actually know how this is going to play out.
But I do think that this is the best model I've seen because it's the most collaborative and it's the most viable in the sense that it has all the people involved necessary for success.
it's got the model providers, it's got the open source community, it's got the cloud providers,
it's got essentially the right people in the conversation.
Now, what happens from here is hard to predict.
But having spoken to members and in the community at large, there's quite a lot of enthusiasm
around how this could play out.
What have the discussions been like about unintended consequences, you know, throwing up
unintentional roadblocks or inadvertently becoming a gatekeeper?
Well, I don't think anyone could have predicted how fast AI would involve in these unattended
consequences.
And so I don't think that there has been, I think what's positive is that conversations
have been sincere.
They've been based on the best information that is available.
But I don't think anyone could really have.
predicted that this was going to come in a way, shape, and form that it has unfolded.
And there's many aspects to that.
There's the political involvement.
There's the geopolitical involvement of open.
So it's a very complicated problem.
And I don't think anybody can lay claim to the fact that they understand all of these
complexities and let alone have predicted it.
What is your hope for the future here when you think about the ideal situation,
a few years down the line.
What might that look like?
I think the positive case is that we are going to face some large waves
as these models roll through as a model gets upgraded,
it's going to find more and more vulnerabilities.
But my hope is that their waves are smaller and smaller and smaller
as essentially vulnerability discovery sort of reaches this asymptote.
And so my hope for the future is that the open source,
community can leverage the benefits of AI, which is to deploy awesome software cheaply and rapidly
and inexpensively to the benefit of all while not having to suffer some of the security risks
we face today. So I am somewhat optimistic that the rate of vulnerability discovery is actually
going to go down and the ability to actually address it's going to go up. And so we can
essentially rebalance what is looking like a pretty ominous equation here.
What sort of information can you share for folks who may want to join your efforts?
Well, again, it's a community effort, but please follow what's that
cretis, akr-r-t-es.org. There's essentially a number of forms and opportunities to
collaborate and contribute. That's Russ Anderson, C-O-O- and co-founder of
Rapid Fort.
As organizations grow, so does complexity.
New applications are deployed, vendors are granted temporary access, and remote support
tools are installed.
Many of them never go away.
In my recent conversation at RSAC 2026 with Rob Allen, chief product officer at Threat Locker,
he explains how these forgotten tools create hidden pathways into enterprise environments,
and why attackers increasingly exploit what's already inside the
the network instead of trying to break through the perimeter.
Learn how to reduce lingering access, shrink your attack surface, and implement zero trust
more effectively by listening to the full conversation at explore.thecyberwire.com
slash threat locker.
This episode is brought to you by Accenture.
When your advertising operations fall out of sync, everything else follows.
Spotify and Accenture are working together to reinvent the rhythm of ad sales,
Using automation, analytics, and smarter workflows to simplify campaign delivery and access better data across the business.
The result?
Less time spent on operations, more time connecting brands with the moments and fandoms that matter most.
Learn more at Accenture.com slash Spotify.
This episode is brought to you by L'Oreal Group.
Beauty is a powerful force that moves us.
That's why L'Oreal Group has built a business that is inclusive at its heart with 100%
of its brands, championing diversity.
With 25,000 professional opportunities for people under 30 worldwide and 54% of leading positions
held by women, diversity is a strength that helps L'Oreal Group create the best beauty products
for all people.
Visit Loreal.com to learn more.
And finally, the latest cybersecurity survey from Bit Defender suggests that while
breach disclosure rules are becoming more common, workplace culture is still playing by
its own rulebook. More than half of respondents, 55% said they had been told to stay quiet about a
security breach, a figure that has climbed sharply over the past two years before settling into an
uncomfortable plateau. The report argues that changing policy is easier than changing behavior,
especially when silence still feels like the safer option. Meanwhile, more than half of organizations
experienced a cyber incident over the past year,
with unauthorized cloud access,
business email compromise, and ransomware leading the list.
The survey also found a confidence gap
worthy of its own risk assessment.
Executives and managers
consistently viewed their security posture
more favorably than frontline staff.
Apparently, the higher you climb the org chart,
the clearer everything looks.
And that's the Cyberwire.
or links to all of today's stories, check out our daily briefing at thecyberwire.com.
We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights
that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show,
please share a rating and review in your favorite podcast app. Please also fill out the survey in the show
notes or send an email to Cyberwire at N2K.com. N2K's lead producer is Liz Stokes. We're mixed by
Tray Hester with original music and sound design by Elliot Peltzman. Our contributing host is Maria Vermazis.
Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher, and I'm Dave Bittner.
Thanks for listening. We'll see you back here tomorrow.
What happens when AI agents gain access to the same systems, applications, and credentials
as your employees? According to Arvind Nithrakechayyip, CTO and co-founder of Rubrik,
reality is already here. As AI agents proliferate across enterprise environments,
organizations face a growing challenge. How do you govern systems that operate at machine speed?
To learn more about AI sprawl, the risk it creates, and how organizations can prepare,
visit explore.thecyberwire.com slash rubric to hear the full conversation.
