CyberWire Daily - Azure you concerned?

Episode Date: July 8, 2026

Accenture confirms a data breach. An Australian telecom investigates a nationwide outage. It’s shields up for the UK. CISA eyes September for its critical infrastructure reporting rule. NewsJunkie f...akes CTV ad traffic. Agentic AI triggers EDR. CISA taps Mythos for vulnerability scans. Meta faces trillion dollar fines in state lawsuits. Our guest is Russ Anderson, COO and co-founder of RapidFort, sharing a coordinated industry effort to harden the world’s most critical open source software against AI-enabled cyber threats. When it comes to breaches, mum’s the word.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Russ Anderson, COO and co-founder of RapidFort, is sharing the Linux Foundation's Akrites initiative, a coordinated industry effort to harden the world’s most critical open source software against AI-enabled cyber threats. Selected Reading Accenture confirms breach after hacker offers stolen data for sale (Bleeping Computer) Nationwide Telstra outage disrupts thousands, raises questions of foreign launched cyberattack (The Nightly) Britain plans to build autonomous AI 'Cyber Shield' to defend nation (The Record) CISA Eyes September Date for Final Cyber Incident Reporting Rule (MeriTalk) HUMAN Security Disrupts CTV Device Spoofing Operation "NewsJunkie" (Globe Newswire) When AI agents look like attackers: what behavioral telemetry tells us (SOPHOS) Space Force adds Relativity, Impulse Space to national security launch program. (Space News)  CISA Deploys Anthropic’s Mythos AI to Hunt Vulnerabilities in U.S. Government Code (Security Affairs) Mark Zuckerberg’s biggest legal nightmare yet could cost Meta $1.4 trillion (The Independent) Most cybersecurity workers have been told to conceal a breach, report finds (Cybersecurity Dive) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Transcript
Discussion (0)
Starting point is 00:00:00 You're listening to the Cyberwire Network, powered by N2K. Heading to this year's Black Hat USA, the N2K Cyberwire team will be on site recording from our podcast studio in the SpectorOps Kennel Club. If you're interested in joining us for a conversation or learning more about what we're recording throughout the week, visit sponsor.com for more information. And make sure you stop by the studio and meet the N2Siberwire. 2K Cyberwire team. We'll see you there. What's the one thing in business that's spreading as fast as AI? AI risk.
Starting point is 00:00:53 Every new tool your team signs up for, every vendor that turns on AI features, every new integration. Each one is an opportunity for something to go wrong. And most security programs weren't built for AI's pace of growth. Enter Vanta. Vanta is the number one agentic trust platform, used by over 16,000. fast-moving companies like Ramp, Cursor, and Harvey to ensure they're always audit-ready. And now Vanta is helping companies like yours watch for the risks that show up between audits, across your vendors, your AI tools, and your whole environment.
Starting point is 00:01:30 How? The Vanta agent works like a 24-7 GRC engineer in the background, finding issues, drafting fixes, and cutting vendor assessment time by up to 50%. Whether you're a fast-growing startup or a global enterprise, Vanta is here to help you automate your security and compliance and earn and prove trust. Get started today at Vanta.com slash cyber. That's V-A-T-A dot com slash cyber. Accenture confirms a data breach.
Starting point is 00:02:19 An Australian telecom investigates a nationwide outage. It's shields up for the UK. Sisa I's September for its critical infrastructure. reporting rule. News junkie fakes CTV ad traffic. Agentic AI triggers EDR. Sissa taps mythos for vulnerability scans. Meta faces trillion-dollar fines in state lawsuits. Our guest is Russ Anderson, C.O. and co-founder of Rapid Fort, sharing a coordinated industry effort to harden the world's most critical open-source software against AI-enabled cyber threats. And when it comes to breaches, mums the word.
Starting point is 00:02:57 It's Wednesday, July 8, 26. I'm Dave Bittner, and this is your Cyberwire Intel Briefing. Thanks for joining us here today. It's great as always to have you with us. Accenture has confirmed a security breach after a threat actor known as 888 claimed to have stolen 35 gigabytes of company data and offered it for sale on a cybercrime forum. The alleged data includes source code, RSA, and SSHP. keys, Azure Personal Access Tokens, Azure Storage Access Keys, and Configuration Files. To support the claim, the actor shared a screenshot appearing to show an Azure DevOps repository hosted under an Accenture domain, though the full scope of the breach has not been independently verified. Accenture said it remediated the issue and that operations and service delivery were unaffected, but declined to confirm what data
Starting point is 00:04:26 was accessed, how attackers gained entry, or whether customer information was impacted. The company previously experienced breaches in 2021 and 2024. In Australia, Telstra is continuing to investigate the cause of a nationwide outage that disrupted mobile, internet, and transport services, with the company saying it cannot yet rule out either human error or a cyber attack. Acting CEO Michael Ackland said, there's currently no evidence of malicious activity, but investigators are examining all possibilities alongside government agencies and regulators. The outage has been linked to a time synchronization error affecting Telstra-operated data centers in Melbourne and Sydney, disrupting data and voice
Starting point is 00:05:15 services. Thousands of customers were affected, with more than 7,500 outage reports logged, and some emergency calls requiring follow-up welfare checks. The incident also forced train suspensions in Victoria and New South Wales, underscoring concerns about the resilience of Australia's critical telecommunications infrastructure. Britain's National Cyber Security Center has unveiled plans for Cyber Shield, a sovereign cyber defense initiative that will use AI to identify and remediate cybersecurity weaknesses across government networks and critical national infrastructure. The program is intended to counter AI-enabled cyber threats that can rapidly accelerate reconnaissance and vulnerability discovery,
Starting point is 00:06:04 potentially overwhelming traditional defenses. Cyber Shield envisions paired AI red agents that probe for vulnerabilities and blue agents that defend systems in real time, under the control of infrastructure operators. While some capabilities such as automated network scanning already exist, fully autonomous vulnerability remediation will require further research. The NCSE plans to test the system with government and critical sector partners before expanding it commercially, while inviting industry and academia to help develop the initiative. SISA plans to finalize its Cyber Incident Reporting for Critical Infrastructure Act reporting rule in September.
Starting point is 00:06:51 The rule will require covered critical infrastructure organization, to report significant cyber incidents within 72 hours and ransomware payments within 24 hours. SISA is reviewing public feedback that urged the agency to reduce reporting burdens, clarify key definitions, and better align the requirements with existing federal reporting obligations. The rule has been delayed several times after missing its original October 2025 statutory deadline. security has uncovered and disrupted a coordinated connected TV ad fraud operation dubbed news junkie, which generated large volumes of invalid advertising traffic disguised as premium CCTV inventory. According to the company's Satori threat intelligence and research team,
Starting point is 00:07:45 the campaign exploited the limited visibility available in CTV environments by spoofing, device, application, and IP information through server-side ad insertion. A more advanced variant also used residential IP addresses paired with forged device details to evade detection. At its peak, the operation produced hundreds of millions to nearly two billion invalid bid requests per day for individual sellers. Humans said the fraud highlighted the need for end-to-end supply chain visibility to detect increasingly sophisticated CTV advertising threats and confirmed the operation has been disrupted for its customers. Researchers at Sophos report that AI coding agents, such as Claude Code, cursor, code, and
Starting point is 00:08:38 G-Stack are increasingly triggering endpoint security detections because their behavior often resembles attacker activity. Analysis of telemetry from Sophos's behavior. engine found frequent detections involving credential access, execution, command and control, and defense evasion techniques. Examples included decrypting browser credentials, accessing Windows Credential Manager, using PowerShell, downloading software through legitimate Windows utilities, and writing files to startup folders. While these actions were generally part of legitimate automation, they closely matched
Starting point is 00:09:17 techniques commonly used by threat actors. Sophos concludes that existing behavioral protections are functioning as intended, but will require ongoing refinement as AI agents become more common, emphasizing that organizations must establish clear policies governing what AI agents are permitted to do on enterprise endpoints. The U.S. Space Force has expanded the field of companies eligible to compete for National Security launch contracts. With the latest on that, our own Ethan Cook. Thanks, Dave. On Tuesday, the U.S. Space Force announced it was widening the field of companies
Starting point is 00:09:58 that are eligible to compete for national security launch contracts. With this expansion, the Space Force is adding launch startup relativity space and orbital transportation company impulse space to its roster of commercial providers. This move is a part of an effort to diversify how military satellites reach orbit. Notably, unlike traditional contract awards, Definite quantity or ID IQ contracts will not guarantee launch business. In these contracts, companies are placed into a pre-qualified pool of companies that the Space Force can then solicit bids from as the need for missions arise. Other companies in this pool include SpaceX, United Launch Alliance, Blue Origin, Rocket Lab, and Stoke Space. For the T-minus Space Cyber Briefing, this is producer Ethan Cook. Back to you, Dave.
Starting point is 00:10:43 That's the CyberWire's Ethan Cook. Be sure to check out. the Cyberwire Pro business briefing written by Ethan that is on our website part of Cyberwire Pro. Sisa is reportedly using Anthropics Mythos AI model to scan federal code repositories for security vulnerabilities before they can be exploited by foreign intelligence services or cybercriminals. According to Reuters, the effort is led by Sissa's attack surface evaluation team, with sources saying the tool has already identified a significant number of flaws, although the affected agencies and severity have not been disclosed. Mythos, Anthropics' most advanced cybersecurity-focused AI model
Starting point is 00:11:28 is also reportedly being used by the National Security Agency. The deployment follows earlier tensions between Anthropic and the U.S. government over AI safeguards, but the relationship has since improved. The initiative reflects growing government interest in using advanced AI to strengthen proactive cyber defense. Meta platforms could face up to $1.4 trillion in penalties in a lawsuit brought by California, Colorado, Kentucky, and New Jersey, which allege the company deliberately designed Facebook and Instagram to be addictive for children while misleading the public about their safety. Mehta denies the allegations, calling the proposed penalties unprecedented and unsupported by the evidence. The case heads to trial in August, where the court will also consider claims from 29 states
Starting point is 00:12:23 alleging violations of the Children's Online Privacy Protection Act by collecting children's data without proper parental consent. Meta faces additional lawsuits from other states over similar allegations. The litigation is part of broader legal scrutiny. of social media companies over claims that their platforms intentionally encourage excessive use among children and contribute to mental health harms. Coming up after the break, my conversation with Russ Anderson from Rapid Fort. He's sharing the coordinated industry effort to harden the world's most critical open source software.
Starting point is 00:13:09 And when it comes to breaches, mum's the word. Stay with us. AI is making fishing attacks fast. more convincing and harder for people to spot, and traditional security awareness and fishing training weren't designed for this level of attack. Hoxhunt helped security teams prepare employees for the attacks they face every day, with personalized fishing training that adapts to each employee and reduces risky behavior over time. For IT and security leaders looking to strengthen their human layer of defense without adding more manual work, visit hoxhunt.com
Starting point is 00:13:56 slash cyberwire to learn more. That's h-o-x-h-U-N-T dot com slash cyberwire. This episode is supported by Black Hat USA. If you follow the research, you know a lot of it breaks on Black Hat stages. Hundreds of peer-reviewed briefings, more than 100 hands-on trainings, and the largest business hall in Black Hat's history. Six days to learn the skills you'll need tomorrow. August 1st to the 6th. Use code Cyberwire for $200 off your briefings pass at blackhat.com. We'll see you in Vegas. Russ Anderson is COO and co-founder of Rapid Fort. Today we're discussing the Linux Foundation's Akrites Initiative,
Starting point is 00:14:59 a coordinated industry effort to harden the world's most critical open-source software against AI-enabled cyber threats. I think this is a collaborative effort that stemmed from numerous conversations across both the AI foundational model community and the cyber security model community in terms of what are we going to do now from a defensive perspective given the power that these new models have.
Starting point is 00:15:27 So it was a conversation that the Linux Foundation centralized across a number of stakeholders both in industry and government from what I understand. And so give us the details here of what you all are setting out to do. Well, bear in mind it's a community effort, and while rapid fortress on the governing body,
Starting point is 00:15:48 fundamentally, what we're endeavoring to do is to empower the existing open source community to continue to maintain their software. And there are a couple of challenges in doing that in the sense that the way vulnerabilities were historically discovered and reported moved at, shall we say, human speed, and now there's a need to move at machine speed. And so a lot of these social constructs in the vulnerability reporting ecosystem now essentially need to be upgraded or updated while not reducing the role of the fundamental asset of the open source community,
Starting point is 00:16:29 which is the open source community maintainers themselves. So it's an effort designed to essentially empower the existing ecosystem to respond to these new AI threats. And how do you plan on striking that balance between the historically human side of open source software and, as you say, that need to increase the velocity? Well, it's not easy, and it's not easy for many reasons, but fundamentally the model is one of inclusivity
Starting point is 00:16:59 in the sense that the open source community, the fundamental issue we need to overcome, is that there's tremendous transparency in the way, vulnerabilities were discovered and reported. But it's that transparency itself, which is essentially providing the opportunity for AI enabled malicious actors to take advantage of it. For example, in the past when a vulnerability was disclosed, a human would need to take that vulnerability essentially exploited, and that took days, if not weeks.
Starting point is 00:17:33 And so the ecosystem had enough essentially time in it to respond. Now that same vulnerability can be taken essentially from anywhere upstream and weaponized in hours. And so a manual response is no longer viable. And so it's how do you marry the benefits of AI automation with the merits of human-enabled open-source collaboration? and that's kind of the challenging part. And so if you read what is in the public domain with Eritus, it's essentially somewhat segmenting that disclosure and then enabling it, enabling the remediation with AI tools.
Starting point is 00:18:21 And so members essentially of this community will get advanced notifications and then the tools to fix these things at the machine speed they need to match. And so what does the future state look like to you? What are you envisioning this as it plays out? That's an excellent question. There's a happy path and there's a not happy path. And the happy path is efforts like this are able to harness the power of AI in collaboration with human efforts. And there is actually a very unhappy path where AI causes the fragmentation or the overwhelming of the open source community, which would be a tremendous loss in the sense that the open source community up until this point had been an economic asset to all economies, all people everywhere.
Starting point is 00:19:16 The ability to get free software was one of the drivers of a lot of the economic growth that we've seen in the last 15 to 20 years. And so if that would be imperiled, I think everyone would be worse. You know, it strikes me that by its very nature, the open source community is kind of diffuse. And I think that's for many years been a feature, not necessarily a bug. But how do you address that naturally diffuse nature when you're trying to create this organizing movement
Starting point is 00:19:51 that is inclusive, as you say? It's not easy to do. And this is why I think that this project is so needed and it's going to be such a challenge. The open source community have really provided tremendous benefit while not being paid, not being compensated, and sort of delivering a lot of value. And they don't necessarily want to apply patches
Starting point is 00:20:18 and do a lot of the essentially the maintenance of these open source systems because they're much more motivated by building new features and capabilities. And so one of the challenges are, for the open source community is they're starting to have to do a lot of the really mundane and drudgery kind of activities that typically are normally compensated. And so I don't actually know how this is going to play out. But I do think that this is the best model I've seen because it's the most collaborative and it's the most viable in the sense that it has all the people involved necessary for success. it's got the model providers, it's got the open source community, it's got the cloud providers, it's got essentially the right people in the conversation.
Starting point is 00:21:09 Now, what happens from here is hard to predict. But having spoken to members and in the community at large, there's quite a lot of enthusiasm around how this could play out. What have the discussions been like about unintended consequences, you know, throwing up unintentional roadblocks or inadvertently becoming a gatekeeper? Well, I don't think anyone could have predicted how fast AI would involve in these unattended consequences. And so I don't think that there has been, I think what's positive is that conversations
Starting point is 00:21:47 have been sincere. They've been based on the best information that is available. But I don't think anyone could really have. predicted that this was going to come in a way, shape, and form that it has unfolded. And there's many aspects to that. There's the political involvement. There's the geopolitical involvement of open. So it's a very complicated problem.
Starting point is 00:22:14 And I don't think anybody can lay claim to the fact that they understand all of these complexities and let alone have predicted it. What is your hope for the future here when you think about the ideal situation, a few years down the line. What might that look like? I think the positive case is that we are going to face some large waves as these models roll through as a model gets upgraded, it's going to find more and more vulnerabilities.
Starting point is 00:22:45 But my hope is that their waves are smaller and smaller and smaller as essentially vulnerability discovery sort of reaches this asymptote. And so my hope for the future is that the open source, community can leverage the benefits of AI, which is to deploy awesome software cheaply and rapidly and inexpensively to the benefit of all while not having to suffer some of the security risks we face today. So I am somewhat optimistic that the rate of vulnerability discovery is actually going to go down and the ability to actually address it's going to go up. And so we can essentially rebalance what is looking like a pretty ominous equation here.
Starting point is 00:23:30 What sort of information can you share for folks who may want to join your efforts? Well, again, it's a community effort, but please follow what's that cretis, akr-r-t-es.org. There's essentially a number of forms and opportunities to collaborate and contribute. That's Russ Anderson, C-O-O- and co-founder of Rapid Fort. As organizations grow, so does complexity. New applications are deployed, vendors are granted temporary access, and remote support tools are installed.
Starting point is 00:24:19 Many of them never go away. In my recent conversation at RSAC 2026 with Rob Allen, chief product officer at Threat Locker, he explains how these forgotten tools create hidden pathways into enterprise environments, and why attackers increasingly exploit what's already inside the the network instead of trying to break through the perimeter. Learn how to reduce lingering access, shrink your attack surface, and implement zero trust more effectively by listening to the full conversation at explore.thecyberwire.com slash threat locker.
Starting point is 00:24:54 This episode is brought to you by Accenture. When your advertising operations fall out of sync, everything else follows. Spotify and Accenture are working together to reinvent the rhythm of ad sales, Using automation, analytics, and smarter workflows to simplify campaign delivery and access better data across the business. The result? Less time spent on operations, more time connecting brands with the moments and fandoms that matter most. Learn more at Accenture.com slash Spotify. This episode is brought to you by L'Oreal Group.
Starting point is 00:25:31 Beauty is a powerful force that moves us. That's why L'Oreal Group has built a business that is inclusive at its heart with 100% of its brands, championing diversity. With 25,000 professional opportunities for people under 30 worldwide and 54% of leading positions held by women, diversity is a strength that helps L'Oreal Group create the best beauty products for all people. Visit Loreal.com to learn more. And finally, the latest cybersecurity survey from Bit Defender suggests that while
Starting point is 00:26:11 breach disclosure rules are becoming more common, workplace culture is still playing by its own rulebook. More than half of respondents, 55% said they had been told to stay quiet about a security breach, a figure that has climbed sharply over the past two years before settling into an uncomfortable plateau. The report argues that changing policy is easier than changing behavior, especially when silence still feels like the safer option. Meanwhile, more than half of organizations experienced a cyber incident over the past year, with unauthorized cloud access, business email compromise, and ransomware leading the list.
Starting point is 00:26:53 The survey also found a confidence gap worthy of its own risk assessment. Executives and managers consistently viewed their security posture more favorably than frontline staff. Apparently, the higher you climb the org chart, the clearer everything looks. And that's the Cyberwire.
Starting point is 00:27:24 or links to all of today's stories, check out our daily briefing at thecyberwire.com. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to Cyberwire at N2K.com. N2K's lead producer is Liz Stokes. We're mixed by Tray Hester with original music and sound design by Elliot Peltzman. Our contributing host is Maria Vermazis. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher, and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow.
Starting point is 00:28:10 What happens when AI agents gain access to the same systems, applications, and credentials as your employees? According to Arvind Nithrakechayyip, CTO and co-founder of Rubrik, reality is already here. As AI agents proliferate across enterprise environments, organizations face a growing challenge. How do you govern systems that operate at machine speed? To learn more about AI sprawl, the risk it creates, and how organizations can prepare, visit explore.thecyberwire.com slash rubric to hear the full conversation.

There aren't comments yet for this episode. Click on any sentence in the transcript to leave a comment.