CyberWire Daily - CyberAv3ngers unleashed.
Episode Date: April 8, 2026Federal agencies warn Iranian-linked hackers are probing U.S. critical infrastructure, while the DOJ disrupts a Russian router hijacking campaign. Cyberattacks hit Minnesota government systems and for...ce a Massachusetts hospital to divert ambulances. Anthropic limits access to its new AI bug-hunting model, hackers leak terabytes of LAPD data, and researchers warn of a rise in AI recommendation poisoning. Our guest is Benny Czarny, Founder and CEO of OPSWAT, discussing his book "Cybersecurity Upside Down: Rethink Your Cybersecurity Strategy." Japan trades red tape for training data. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today’s Industry Voices, we are joined by Benny Czarny, Founder and CEO of OPSWAT, discussing his book "Cybersecurity Upside Down: Rethink Your Cybersecurity Strategy." If you enjoyed this interview, check out the full conversation here. Selected Reading Iran-Linked Hackers Are Sabotaging US Energy and Water Infrastructure (WIRED) Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure (FBI Internet Crime Complaint Center (IC3)) Pro-Iran Group Takes Credit for Cyberattacks on Chime, Pinterest (Bloomberg) US disrupts Russian military-run DNS hijacking network, Justice Department says (Reuters) Frostarmada forest blizzard dns hijacking (Lumen Technologies Black Lotus Labs) Minnesota governor orders emergency support for cyberattack disrupting county's 'critical systems' (StateScoop) Massachusetts hospital turning ambulances away after cyberattack (The Record) What Anthropic Glasswing reveals about the future of vulnerability discovery (CSO Online) Sensitive LAPD records leaked in hack of L.A. city attorney's office (LA Times) Manipulating AI memory for profit: The rise of AI Recommendation Poisoning (Microsoft Security Blog) Japan relaxes privacy laws to make AI development easy (The Register) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyberwire Network, powered by N2K.
No, it's not your imagination.
Risk and regulation really are ramping up,
and these days customers expect proof of security before they'll even do business.
That's where Vanta comes in.
Vanta automates your compliance process and brings compliance, risk, and customer trust together on one AI-powered platform.
So whether you're getting ready for a SOC2 or managing an end-toe,
enterprise governance risk and compliance program, Vanta helps keep you secure and keeps your deals
moving. Companies like Ramp and Writers spend 82% less time on audits with Vanta. That means less
time chasing paperwork and more time focused on growth. For me, it comes down to this. Over 10,000
companies from startups to large enterprises trust Vanta to help prove their security. Get started at vanta.com
slash cyber.
Federal agencies warn Iranian-linked hackers
are probing U.S. critical infrastructure,
while the DOJ disrupts a Russian router hijacking campaign.
Cyber attacks hit Minnesota government systems
and force a Massachusetts hospital to divert ambulances.
Anthropic limits access to its new AI bug hunting model.
Hackers leak terabytes of LAPD data,
and researchers warn of a rise in AI recommendation poisoning.
Our guest is Benny Zarni, founder and CEO of Opswatt, discussing his book, Cybersecurity Upsychity Upside Down, Rethink Your Cybersecurity Strategy.
And Japan trades red tape for training data.
It's Wednesday, April 8, 26.
I'm Dave Bittner, and this is your Cyberwire Intel briefing.
Thanks for joining us here today.
It's great as always to have you with us.
Federal cybersecurity and law enforcement agencies are one.
warning that Iranian-linked hackers are targeting U.S. energy, water, and government services
by exploiting internet-connected programmable logic controllers, or PLCs, which control critical
infrastructure systems. A joint advisory from SISA, the NSA, FBI, U.S. Cyber Command, the Department
of Energy, EPA, and the Cyber National Mission Force, says attackers are actively exploiting
Rockwell Automation Alan Bradley PLCs and may be probing devices from other vendors as well.
Agencies recommend removing control software from direct internet exposure and reviewing logs for
suspicious activity. Officials attribute the activity to Iranian-affiliated advanced persistent threat
actors seeking disruptive effects, though no specific group was named. The campaign resembles earlier
operations by Cyber Avengers, which defaced control panels at a Pennsylvania water facility in
23.
Authorities say Iranian targeting has recently escalated, likely in response to regional hostilities.
Exact victims remain unclear, but industry partners have been alerted and monitoring efforts are
underway.
Separately, a pro-Iranian cybercrime group claimed responsibility for distributed denial of service
attacks that briefly knocked the websites of Chime Financial and Pinterest offline.
Chime reported in April 1st disruption with no impact to customer funds or data, while Pinterest
said less than 2% of traffic was affected and the attack was mitigated within minutes.
The group also claimed additional U.S. attacks that Bloomberg could not verify.
The U.S. Justice Department announced a court-authorized operation to disrupt a DNS high
hijacking network run by Russia's GRU military unit 26165, which targeted routers worldwide for espionage.
According to officials, the hackers compromised thousands of routers, allowing them to filter
traffic, identify targets, and capture unencrypted data, including passwords, authentication tokens,
and emails from military, government, and critical infrastructure organizations.
The FBI identified affected routers in the U.S., collected evidence, cut off GRU access,
and restored normal functionality as part of Operation Mascarade, coordinated with partners in 15 countries.
Microsoft reported more than 200 organizations and 5,000 consumer devices were impacted.
Researchers at Lumen Technologies said targets included government agencies and email providers
across the U.S., Europe, Afghanistan, North Africa, Central America, and Southeast Asia.
Minnesota Governor Tim Walsh issued an emergency order deploying the Minnesota National Guard
to assist Winona County after a cyber attack disrupted critical government systems and municipal services.
Officials said the incident significantly impaired operations, including communications at the
local police department and exceeded the county's internal and commercial response capacity.
The county is coordinating with the FBI, state IT officials, and other partners to restore services.
The Guard is authorized to provide personnel and resources until conditions stabilize.
The attack follows a separate January incident that disabled systems supporting real estate
transactions and police records.
State officials emphasize that coordinated receipts,
response efforts are essential as cyber threats increasingly affect local governments and public
services. In Massachusetts, a cyber attack on signature health care and signature health care
Brockton Hospital disrupted multiple IT systems, forcing the facility to divert ambulances
and activate downtime procedures to maintain patient care. Emergency services and surgeries
continued, but chemotherapy infusions were cancelled and delays were expected. Officials said
outside experts are investigating and no threat actor has claimed responsibility. The incident
reflects broader pressure on health care providers, as recent attacks have also disrupted hospitals
in other states. Health ISAC reports sustained malicious activity across the sector, including
ransomware, data theft, and nation-state campaigns. The group warned attackers, including
increasingly target hospitals, insurers, and medical device vendors, raising risks to patient safety
if disruptions escalate. Coordination continues with SISA and the Department of Health and Human
Services. Anthropic has launched Project Glasswing, a cybersecurity initiative built around its
clawed mythos preview model, which the company says can autonomously identify software
vulnerabilities at large scale. Access is limited to a consortium of more than 40 organizations,
including Amazon, Microsoft, Google, Apple, the Linux Foundation, and several security vendors
to support controlled defensive testing. Anthropic reports early results showing thousands of
high-severity flaws discovered across widely used software, including a decades-old open-BSD vulnerability,
though these findings are only partly externally verified.
Experts say large-scale AI bug discovery
could disrupt traditional vulnerability management
by reducing reliance on human-driven bug hunting
and shifting focus from prioritizing fixes
to minimizing exposure time.
Security leaders also warn organizations
must adapt to faster machine-scale defense operations.
Anthropic restricted access due to dual-referial.
use risks and committed $100 million in usage credits plus funding for open source security projects
supporting maintainers. Hackers accessed a digital storage system tied to the Los Angeles Police
Department and the Los Angeles City Attorney's Office, exposing sensitive records including
personnel files and internal affairs investigation materials from prior civil litigation.
Officials said unauthorized individuals obtained discovery.
documents containing witness names, health information, and investigative files.
Some data appeared briefly on social media.
Authorities are assessing the breach's scope, and it remains unclear whether a ransom was
demanded or paid.
Reports indicate about 7.7 terabytes of data spanning more than 337,000 files may have been
affected.
Researchers at Microsoft have identified a growing technique called AI-Rexamines.
recommendation poisoning, in which companies embed hidden prompts in summarize with AI buttons
to manipulate AI assistance into remembering and favoring specific brands in future responses.
The study found more than 50 such prompts from 31 companies across 14 industries,
often delivered through specially crafted URLs that inject persistent instructions into assistant
memory. These tactics aim to bias recommendations on topics, including health, finance, and security
without users' awareness. Researchers say the approach reflects a shift from traditional search engine
optimization toward influencing AI systems directly. Publicly available tools now make the
technique easy to deploy, accelerating its spread. Microsoft reports mitigations in co-pilot,
though effectiveness varies across platforms.
The company warns memory poisoning creates a new attack surface,
enabling persistent influence over AI outputs
and potentially undermining trust in automated recommendations if left unchecked.
Coming up after the break, my conversation with Benny Zarni,
founder and CEO of Upswatt,
we're discussing his new book, Cybersecurity Upside Down.
And Japan trades red tape for training data.
Stick around.
Maybe that's an urgent message from your CEO,
or maybe it's a deep fake trying to target your business.
Dopple is the AI-Native social engineering defense platform
fighting back against impersonation and manipulation.
As attackers use AI to make their tactics more sophisticated,
Dopple uses it to fight back,
from automatically dismantling cross-channel attacks to building team resilience and more.
Doppel, outpacing what's next in social engineering.
Learn more at doppel.com.
That's D-O-P-P-E-L.com.
The Madamy Holmes bike for brain health supporting Baycrest returns on May 31st for its fifth anniversary
with a new start and finish at the Aga Khan Museum.
Join thousands of cyclists as we take over the DVP and Gardner Expressway
in support of dementia research and brain health.
Riders of all abilities are welcome, and both regular bikes and e-bikes can participate.
Bring your friends, family, or corporate team, and make an impact.
Register today at fightforbrainhealth.ca.
Benny Zarni is founder and CEO of Opswatt.
I recently caught up with him at the RSAC-2020s conference.
In today's sponsored industry voices segment,
we discuss his latest book, Cybersecurity Upside Down, Rethink Your Cybersecurity Strategy Strategy
strategy. We are back right on the show floor at RSAC 2026, and it is my pleasure to welcome
Benny Zarni. He is the founder and CEO of Opswatt, but also the author of the new book,
Cybersecurity Upside Down. Let's do our best show the book. It's cybersecurity, but it is
upside down. How about that? Benny, welcome. Well, let's stick into the book. Again,
I'll show it off here because it is something to see. This is cybersecurity upside
down, what prompted you to write the book?
So, you know, I'm running the company for more than 20 years.
And one of the key technologies that we have is the CDR, Content Disarmine Reconstruction.
It's a really unique technology that, it's a true prevention technology that is very unique.
It's very effective to prevent AI bone threats.
and I'll start kind of questioning myself
how can I really make an impact with this tech?
It's very, very relevant right now.
And although I'm very busy and on flights,
I'm on kind of everything,
and I thought, oh, it's very, very important for me
to go and pretty much come up to promote this technology
because I believe that this technology is extremely important
and very, very important to go and promote it right now.
I know something that is important to you
is the distinction between prevention and detection,
and that you feel like the industry is kind of coming up short
when it comes to their priorities.
Can you unpack that for us?
Of course.
I mean, the whole reason I kind of put together
cybersecurity upside down
because I believe we need to reverse the model.
This entire industry, you walk around here
in the entire kind of cybersecurity industry,
the entire industry is based on detection.
You know, antiviruses, firewalls, IPS, you know, IDS,
everything is based on detection.
Let's detect the threat.
And then after that, create prevention based on detection.
However, that's actually destiny for failure.
Why?
Because now with AI, it's like, you have like,
attackers are using AI, defense are using AI.
So it's more of a double-a-sault.
And I'm questioning that.
And also all of this, the industry is that it's kind of pre-consclusive notion,
prevention, detection, prevention, detection.
We need to reverse the model.
We need to rethink cybersecurity.
So what if we can reverse the model?
instead of actually detecting we can have a prevention technology
through file regeneration.
So my argument here is that, hey, we should assume
all of the files, they're all malicious.
We should assume all of the file flows to your organization,
everything, file downloads, USB inserts, emails,
everything is malicious.
And we're going to regenerate the entire file
flow to your organization in a secure way,
to a point it's going to be clean of malware.
because you generated this file so you know it's still clean.
I mean, we're doing it for several years already.
We know it's super effective.
I mean, throughout the book,
I'm going through over multiple cybersecurity incidents
that could have been prevented
if the technology would have been applied.
And I'm questioning that.
So the book really takes the reader on that journey with you?
Actually, initially, when I start writing this book,
it was purely about the tech stack.
And after that, I coincide with my editor, Todd.
He told me, hey, maybe the readers would like to learn more about how you came about that.
So then I kind of start kind of writing chapter one, two, and three that taking the reader
throughout this journey about how I came up with the CDAR technology.
Yeah.
I'm curious, you know, as you look back on your own career and building Opswatt, you know,
the success that you've had,
how does that inform the things that you put into the book?
How is that experience shaped where you are right now
and your thoughts about all of this?
Well, I try to...
So, first I try to put together some of the journey
of building ops a throughout this book
and also some tips about my philosophy to HR
and some other tips here and there.
This book is not about the company,
It's about philosophy about ops world.
It's about only one technology.
It definitely opened my appetite writing books.
Maybe it's not going to be the last one.
I'm not committing to another one.
Again, I'm not committing another one.
However, it definitely got me a book bug.
And hopefully I'll write another one.
Maybe it's going to be either about,
it might be a business book or maybe about another tech
that I'm passionate about so many different.
I'm a tech geek, so I'm...
What do you hope people take away from the book?
I really would like them to rethink their cybersecurity strategy
to take a really good look into the content design and reconstruction,
whether you are a student, whether you are a CISO,
whether you are a cybersecurity enthusiast,
whether you're a student,
whether you want to learn a new technology about cybersecurity,
Again, I'm, and to rethink, if you are in regulation or legislation, please read this book.
I'll send you a free copy.
Please also read Chapter 6.
It's for you.
So, I'm really believing in that.
I mean, several countries are already taking these steps rightfully.
So we are not the only vendor of producing CDR.
I really believe we're doing an amazing job.
building a CDR and the CDR technology.
They would like pretty much anybody
to take a really good look into this tech,
extremely effective to prevent AI-bound threats,
and also to rethink their cyber security strides.
All right, well, Benny Zarni is founder and CEO of Opswad,
and the book is Cybersecurity Upside Down. Do check it out.
Benny, thanks so much for joining us.
Thanks so much for letting me.
Take care.
Thanks.
That's Benny Zarni, founder and CEO of Upswant.
The book is titled Cybersecurity Upsight Down.
Rethink Your Cybersecurity Strategy.
When Westchap first took flight in 1996, the vibes were a bit different.
People thought denim on denim was peak fashion, inline skates were everywhere,
and two out of three women rocked, the Rachel.
While those things stayed in the 90s,
one thing that hasn't is that fuzzy feeling you get when WestJet welcomes you on board.
Here's to West Jetting since 96.
travel back in time with us and actually travel with us at westjet.com slash 30 years.
And finally, our when all else fails, lower your standards desk,
reports that Japan's digital transformation minister, Hisashi Matsumoto, says,
the country plans to become the world's easiest place to build AI apps,
partly by relaxing rules around personal data use.
Amendments to the Personal Information Protection Act
will allow organizations to share certain low-risk personal data
without opt-in consent when compiling research statistics,
including some health data.
Facial images can also be used,
provided organizations explain how they handle them,
though opt-out rights will not be required.
Protections remain for minors,
and misuse or fraudulently obtained data can trigger fines tied to profits.
Notably, organizations may not need.
need to notify individuals about low-risk data leaks. Matsumoto argues existing privacy rules
slowed AI progress, and these changes aim to help Japan catch the AI wave. If data is fuel for
AI, Japan just approved a bigger gas tank. And that's the Cyberwire. For links to all of today's
stories, check out our daily briefing at the Cyberwire.com. We'd love to know it,
you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead
in the rapidly changing world of cybersecurity. If you like our show, please share a rating
and review in your favorite podcast app. Please also fill out the survey in the show notes or
send an email to Cyberwire at N2K.com. N2K's lead producer is Liz Stokes. We're mixed by Trey Hester
with original music and sound design by Elliot Peltzman. Our contributing host is Maria Vermazes.
Our executive producer is Jennifer Ibn. Peter Kilpe is our publisher, and I'm Dave Bithner.
Thanks for listening. We'll see you back here tomorrow.