CyberWire Daily - CVEs don’t sleep.

Starting point is 00:00:00 You're listening to the Cyberwire Network, powered by N2K. Most environments trust far more than they should, and attackers know it. Threat Locker solves that by enforcing default deny at the point of execution. With Threat Locker Allow listing, you stop unknown executables cold. With ring fencing, you control how trusted applications behave. And with Threat Locker, DAC, defense against configurations, you get real assurance that your environment is free, of misconfigurations and clear visibility into whether you meet compliance standards. Threat Locker is the simplest way to enforce zero-trust principles without the operational pain.

Starting point is 00:00:46 It's powerful protection that gives CISO's real visibility, real control, and real peace of mind. Threat Locker makes zero-trust attainable, even for small security teams. See why thousands of organizations choose Threat Locker to minimize alert fatigue, stop ransomware at the source, and regain control over their own. environments. Schedule your demo at Threatlocker.com slash N2K today. We got your patch Tuesday rundown. China sidelines Western security vendors, and a critical flaw puts industrial switches at risk of remote takeover. A ransomware attack disrupts a Belgian hospital, crypto scams, hit investment clients, and Eurales discloses a data breach.

Starting point is 00:01:43 Analysts press Congress to go on offense in cyberspace. And Sean Plank gets another shot at leading SISA. In our threat vector segment, David Moulton sits down with Ian Swanson, AI security leader at Palo Alto Networks, about supply chain security. And an AI risk assessment cites a football match that never happened.

Starting point is 00:02:06 It's Wednesday, January 14th, 2026. I'm Dave Bittner, and this is your Cyberwire Intel briefing. Thanks for joining us here today. It's great as always to have you with us. Microsoft's January Patch Tuesday addresses at least 113 vulnerabilities across Windows and supported software, including eight rated critical and one confirmed Zero Day under active exploitation. The Zero Day affects the Windows Desktop Window Manager and is already being used in attacks, despite a relatively low CVSS score.

Starting point is 00:03:08 Researchers warn it can undermine core protections like Address SpaceLet, layout randomization and be chained with other flaws, making rapid patching essential. Microsoft also fixed critical office bugs exploitable via preview pane and removed legacy modem drivers linked to long-known privilege escalation risks. Separately, vendors flagged a critical secure boot bypass tied to expiring certificates, urging careful remediation. Browser updates from Mozilla and pending Chrome and Air. edge patches add to the busy patch cycle. Adobe delivered fixes for 25 vulnerabilities across 11 products, including one critical flaw.

Starting point is 00:03:53 The most severe issue is an XML external entity injection bug in Apache Tika modules that can enable remote code execution through malicious PDF files. Adobe resolved it in cold fusion updates and assigned a top priority rating, urging immediate patching. Additional updates addressed high-severity code execution flaws in Dreamweaver and multiple creative cloud tools. Adobe reports no evidence of active exploitation. Fortinette released patches for six vulnerabilities, including two critical flaws affecting Fortisim and Fortafone. The most serious is an unauthenticated OS command injection bug in FortaSim that could allow remote code execution and can be addressed by restricting access to a monitoring port. A second critical issue in Forta phone could expose device configurations

Starting point is 00:04:48 without authentication. Fortinette also fixed a high-severity buffer overflow in Forta-OS and related products, plus several lower severity bugs. No active exploitation was reported. Chinese authorities have instructed domestic companies to stop using cybersecurity software from about a dozen U.S. and Israeli vendors, citing national security concerns, according to sources briefed on the matter. An exclusive report from Reuters says the affected firms include VMware, Palo Alto Networks, Fortinette, and Checkpoint Software. Beijing is concerned the software could collect and transmit sensitive data overseas as it accelerates efforts to replace Western technology with domestic alternatives amid rising U.S.-China tensions. Regulators and the companies declined to comment.

Starting point is 00:05:44 The move comes as both sides prepare for renewed high-level diplomacy and reflects long-standing Chinese concerns that foreign cybersecurity tools could enable espionage or sabotage. Moxa warned of a critical vulnerability exposing its industrial Ethernet switches to remote, unauthenticated takeover. The flaw stems from how a third-party open SSH library is handled and allows remote code execution when SSH agent forwarding is abused. Affected devices include multiple EDS and RKS switch models running older firmware. Moxa has released patched firmware and urges. operators to update immediately. Until then, administrators should isolate vulnerable devices from

Starting point is 00:06:32 the Internet and restrict access to trusted networks only. A ransomware attack has severely disrupted operations at AZ Monica Hospital in Belgium, forcing cancelled surgeries and reduced emergency services. The hospital shut down all servers across its Antwerp and Dern campuses to contain the incident, which prosecutors confirmed as a cyber attack. The Belgian Red Cross helped transfer seven critically ill patients to other hospitals after their safety could not be guaranteed. Ambulances are no longer bringing patients to AZ Monica, increasing pressure on nearby facilities.

Starting point is 00:07:14 Access to electronic patient records is unavailable, disrupting consultations, imaging, and chemotherapy. Hospital leaders say servers were taken offline pro-action, proactively to prevent patient data compromise, while care continues with support from neighboring hospitals. U.S. Digital Investment Advisor Betterment confirmed a breach that allowed attackers to send fraudulent crypto-related emails to some customers. The incident stemmed from unauthorized access to a third-party marketing platform, not Betterment's core systems. Using legitimate Betterment email infrastructure,

Starting point is 00:07:52 the attacker promoted a fake reward scam claiming to triple Bitcoin and Ethereum deposits. While no customer accounts or credentials were accessed, exposed data included names, contact details, addresses, and dates of birth. Betterment warned customers on January 9th, removed the attacker's access and said there's no evidence of further compromise. Some users later reported temporary access issues. The company says, strengthening defenses against social engineering and that they plan a detailed post-incident report.

Starting point is 00:08:29 European rail pass provider, your rail, also known as interrail, confirmed a data breach that exposed customer information with notifications sent out this week. Potentially affected data includes names, contact details, dates of birth, and passport information. Customers in the Discover EU program may also have ID copies, health data, and bank references exposed, according to the European Commission. URAL says systems are secured, regulators notified, and there's no evidence of misuse so far. Cyber policy analysts warned lawmakers

Starting point is 00:09:09 that China and other adversaries are running persistent, large-scale cyber campaigns against U.S. critical infrastructure at little cost or risk, testifying before the House Homeland Security Subcommittee on cybersecurity and infrastructure protection, panelists argued current U.S. authorities are outdated and overly restrictive, limiting offensive cyber operations that could deter adversaries. They cited attacks on U.S. water systems and China's Volt Typhoon as evidence of growing civilian risk. Experts urged clearer interagency roles, faster information sharing with industry,

Starting point is 00:09:48 and a shift from reactive responses to sustained, defend-forward operations. Crowdstrike called for increasing the pace of infrastructure takedowns as the White House weighs a more assertive cyber posture. President Donald Trump has re-nominated Sean Planky to lead the Cybersecurity and Infrastructure Security Agency, reviving a nomination that stalled in the Senate last year. Planky's earlier bid advanced out of committee but was blocked, by Senate holds tied to unrelated disputes, leaving Sisa without a permanent director throughout

Starting point is 00:10:25 2025. The renewed nomination signals continued White House support, though it remains unclear whether those obstacles have been resolved. Planky previously served in cybersecurity roles during Trump's first term, and most recently acted as a senior advisor on Coast Guard matters. The administration says confirming Planky remains a priority, citing the need of the need for stable leadership at the nation's lead civilian cyber defense agency. Coming up after the break on our threat vector segment, David Moulton sits down with Ian Swanson, AI security leader at Palo Alto Networks. They're talking supply chain security.

Starting point is 00:11:13 And an AI risk assessment cites a football match that never happened. Stay with us. On today's segment from the Threat Vector podcast, David Moulton sits down with Ian Swanson, former CEO of Protect AI, and now the AI security leader at Palo Alto Networks. They're talking supply chain security. Hi, I'm David Moulton, host of the Threat Vector podcast, where we break down cybersecurity threats, resilience, and the industry trends that matter most.

Starting point is 00:11:59 In this episode, I'm joined by Ian Swanson, an AI security leader at Palo Alto Networks and a founder with decades of experience building and securing machine learning systems. We're talking about the AI supply chain. Where hidden risks live and why moving fast with AI without security can quietly put your entire organization at risk. This episode isn't about slowing down innovation. It's about keeping AI from going off the rails. Ian Swanson, so glad that you're here on ThreatVector. We've had a little bit of a slow start here as we're getting started, but I'm expecting a great conversation with you today.

Starting point is 00:12:48 Hey, thanks, David. I really appreciate you having me on. I want to ask you something. A lot of times I'll get into these nerd conversations and somebody will say like, oh, the AI supply chain. And you just kind of nod along. You're like, I kind of have an idea what that is. But before we get into some of the deeper questions, I think it's important that we define exactly what we're referring to when we talk about something like the AI supply chain. And then if you could go a touch deeper and say what component should CSOs or security leaders really be. paying attention to in that AI supply chain. Yeah, no, it's a great question. As I look at the supply chain, you know, clearly data is the fuel, you know, to AI and

Starting point is 00:13:28 machine learning. And there's been a lot of security around data for the last 10, 20 years. But what's something that is new that we've really talked to CSOs about at depth is the machine learning models themselves. And so if data is the fuel, the machine learning model is the engine to an AI application. And there's a lot of these great foundational models that live in the open source environments. And so you could go to Hugging Face, which is the world's number one AI community where there's over 2 million models that companies are able to pull in and train on their datasets and release. But there's all these various model repositories that have a really rich supply chain of building blocks that companies use as they are putting forth their AI applications.

Starting point is 00:14:15 Now, what are the risks? So again, oftentimes when I meet with the CISO, I say, how many machine learning models do you have live? A common answer that I get is somewhere between 100, 150. The real answer is tens of thousands. We have many customers that have hundreds of thousands of models that are live in production. And as we scan our team's devices, the network, the cloud, we also need to scan machine learning models for risk.

Starting point is 00:14:39 We need to scan the engine that powers AI applications. And within that engine can be a lot of malicious code, unsafe operators, neural backdoors. And so that's one of the first areas that we tell companies to really look out for because they have this deployed and have had it deployed in production at quite a large scale. So as you're talking about that, you're basically saying that the perception is they have a couple hundred. And reality is they have tens of thousands, maybe even more. and that lack of visibility is, I suppose, a first problem. But then specifically, are there common AI or ML vulnerabilities that you see out there in the wild that companies are consuming today that really concern you?

Starting point is 00:15:27 Yes. So I think there's multiple areas in the development life cycle where there are hidden risks and important risks that CSOs need to pay attention to. As I said, if data is the fuel to AI, the engine is the machine learning model, we need to deserialize these models, look in them for risks. And we found real risks that if you deploy these in, for example, your cloud environment, it's going to try to steal credentials. It's going to try to exfiltrate data. But as those engines, those models go into AI applications, we should test drive these AI applications before we put them in production. What does that mean?

Starting point is 00:16:04 Test, benchmark, evaluate, red team, these apps. applications and models before you put them in production at the point of inference, let's say, in customer-facing applications. So throughout this development life cycle, we need to run continuous testing and find real threats. I'll give you an example of a threat we saw within the supply chain of open source of models. We found a model pretending to be from a well-known healthcare life sciences company. It was a name squatting attack. It wasn't the company that put that model live,

Starting point is 00:16:37 but it was an attacker, a malicious actor. And that particular model we saw was downloaded tens and tens of thousands of times. If you put that model within your AWS infrastructure, and at the point of deceralization, one of its core goals was to steal and exaltrate your credentials on your cloud. And so we see a lot of attacks that 10, 20 years ago were just in the typical software supply chain that are re-manifesting themselves within the AI,

Starting point is 00:17:04 supply chain, specifically around data, models, and now agents. If this got your attention, don't wait, listen to the full episode now in your Threat Vector podcast feed. It's called Securing the AI Supply Chain with Ian Swanson, and it's live now. Oh, and one more thing. This Thursday marks the 100th episode of Threat Vector, and we're featuring an in-depth conversation with Nikesh Aurora, chairman and CEO of Palo Alto Networks. You don't want to miss that one. Thanks for listening.

Starting point is 00:17:42 Stay secure. Goodbye for now. Be sure to check out the complete Threat Vector podcast wherever you get your favorite podcasts. And finally, what began as a routine soccer security decision ended as a quiet lesson in what happens when artificial intelligence gets a little little too imaginative. First, a soccer match in the UK gets flagged. Maccabee Tel Aviv fans are told they cannot attend a game against Aston Villa after the Birmingham Safety Advisory Group, with police at the table, deems it high risk based on prior unrest. Next, a key detail in the

Starting point is 00:18:49 supporting report raises eyebrows. It cites trouble at a Maccabee Tel Aviv versus West match that, awkwardly, never actually happened. Then comes the cleanup tour. Twice, Chief Constable Craig Guilford tells MPs that West Midlands police do not use AI, pointing instead to social media scraping and a Google search. But then the twist ending arrives in writing. In a letter release to the Home Affairs Select Committee,

Starting point is 00:19:21 Gilford concedes the error came from using Microsoft, There are calls for the chief constable to be sacked, but the prime minister says that authority was stripped away years ago. At any rate, the AI promised assistance, not accuracy, and delivered exactly that. And that's the Cyberwire. For links to all of today's stories, check out our daily briefing at thecyberwire.com. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to Cyberwire at N2K.com.

Starting point is 00:20:25 N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music by Elliot Peltzman. Our executive producer is Jennifer Ibn. Peter Kielpe is our publisher. And I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. If you only attend one cybersecurity conference this year, make it RASAC 2026. It's happening March 23rd through the 26th in San Francisco, bringing together the global security community for four days of expert insights, hands-on learning, and real innovation.

Starting point is 00:21:25 I'll say this plainly, I never miss this conference. The ideas and conversations stay with me all year. Join thousands of practitioners and leaders tackling today's toughest challenges and shaping what comes next. Register today at rsacconference.com slash cyberwire 26. I'll see you in San Francisco.

CyberWire Daily - CVEs don’t sleep.

There aren't comments yet for this episode. Click on any sentence in the transcript to leave a comment.