CyberWire Daily - For hackers, sharing is caring.
Episode Date: July 16, 2026CISA warns of active SharePoint attacks. The NSA pushes coordinated vulnerability disclosure. ClickLock Stealer targets macOS. Splunk and Zoom patch critical flaws. Spirals ransomware strikes in under... 24 hours. New Windows evasion techniques emerge. LabubaRAT poses as NVIDIA software. 23andMe settles over its 2023 breach. Plus, a look back at one of the most audacious data center heists ever pulled off. Our guest is Ryan Kalember, Chief Strategy Officer at Proofpoint, discussing why agentic AI is creating a new insider threat. Near, far, wherever you are…the scam must go on. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Ryan Kalember, Chief Strategy Officer at Proofpoint, and he is discussing why agentic AI is creating a new insider threat. Selected Reading CISA urges immediate SharePoint hardening as exploits mount (CSO Online) NSA joins CISA and Others in Releasing the Cybersecurity Information Sheet “Establishing a Coordinated Vulnerability Disclosure Program to Work with Security Researchers” (NSA) ‘ClickLock Stealer’ Bypasses macOS Security With Social Engineering, Process Killing (SecurityWeek) Splunk, Zoom Patch Critical Vulnerabilities (SecurityWeek) New Spirals ransomware encrypts victim network in under 24 hours (Bleeping Computer) Bind Link Abuse: One Windows Feature, Many Ways to Blind Your EDR (Bitdefender) LabubaRAT: A Rust Based Remote Access Tool Masquerading as NVIDIA Software (Blackpoint Cyber) 23andMe reaches $18 million settlement with states for massive breach (The Record) How a Gang of Thieves Pulled Off a Multimillion-Dollar Data Center Heist (The New York Times) Fake Céline Dion Paris Tickets Sold on Facebook and Ticketmaster Clones (Hackread) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyberwire Network, powered by N2K.
This episode is brought to you by Accenture.
When your advertising operations fall out of sync, everything else follows.
Spotify and Accenture are working together to reinvent the rhythm of ad sales,
using automation, analytics, and smarter workflows to simplify campaign delivery
and access better data across the business.
The result?
Less time spent on operations, more time connecting brands with the moments and fandums
that matter most. Learn more at Accenture.com slash Spotify.
This episode is supported by Black Hat USA. If you follow the research, you know a lot of it
breaks on Black Hat stages. Hundreds of peer-reviewed briefings, more than 100 hands-on trainings,
and the largest business hall in Black Hat's history. Six days to learn the skills you'll need
tomorrow. August 1st to the 6th. Use code Cyberwire for $200 off your briefings pass at BlackHats.
Blackhat.com. We'll see you in Vegas.
Cicill warns of active SharePoint attacks. The NSA pushes coordinated vulnerability disclosure.
Click-lock Steeler targets MacOS. Splunk and Zoom patch critical flaws. Spirals, ransomware strikes in under 24 hours.
New windows evasion techniques emerge. La Buba Rat poses as NVIDIA software.
23 and Me settles over its 2023 breach. Plus a look back at one of the most audacious
data center heists ever pulled off.
Our guest is Ryan Calember,
chief strategy officer at ProofPoint,
discussing why Agentic AI is creating a new insider threat.
And near, far, wherever you are,
the scam must go on.
It's Thursday, July 16th, 2026.
I'm Dave Bittner, and this is your Cyberwire Intel briefing.
Thanks for joining us here today.
It's great as always to have you with us.
SISA is urging organizations to immediately secure on-premises Microsoft SharePoint servers
after confirming that three vulnerabilities are being actively exploited.
Administrators are advised to apply Microsoft Security updates,
follow mitigation and incident response guidance,
hunt for indicators of compromise,
and rotate SharePoint machine keys where appropriate,
as patching alone may not remove attacker persistence.
Microsoft also recommends enabling anti-malware scan interface integration to help detect malicious activity.
Security experts warn that organizations should treat the advisory as more than a routine patching exercise,
noting that a compromised SharePoint server can provide attackers with a pathway to critical systems,
increasing the risk of ransomware, widespread network compromise, and data disclosure.
The National Security Agency, in partnership with SISA, Japan's J.P. CERTCC and the Netherlands, NCSCN, has released new guidance encouraging technology suppliers to establish coordinated vulnerability disclosure programs that promote collaboration with security researchers.
The guidance recommends publishing a clear vulnerability disclosure policy, maintaining an open and inclusive reporting process.
and defining a broad scope for security testing.
It also highlights the value of third-party intermediaries,
such as national incident response teams,
in coordinating disclosures and facilitating communication
between researchers and vendors.
Officials say robust CVD programs
help organizations identify and remediate vulnerabilities more effectively,
strengthen customer trust, and improve overall security.
The agencies also encourage suppliers to regularly review and update their disclosure programs
to keep pace with evolving cyber threats and industry best practices.
Researchers at Group IB have identified ClickLock Steeler, a new MacOS malware that relies on social engineering
rather than software exploits to steal sensitive data.
First observed in early June, the malware has reportedly targeted more than 100,000,
users across 33 countries, primarily in Europe.
Victims are lured to fake Cloudflare verification pages that instruct them to manually execute
a malicious terminal command.
Once launch, the malware steals browser data, cryptocurrency wallets, password manager information,
MacOS keychain contents, FTP credentials, and shell history before exfiltrating the data
through a telegram bot.
To defeat MacOS security protections, ClickLock Steeler repeatedly terminates processes, suppresses security notifications, and displays convincing password prompts, coercing users into granting the access needed to harvest protected credentials while maintaining a persistent backdoor on infected systems.
Splunk and Zoom have released security updates addressing multiple vulnerabilities across their products,
including several critical and high severity flaws.
Splunk patched three product-specific issues that could enable command safeguard bypass,
path traversal, credential exposure, and unauthorized file rights,
alongside fixes for vulnerabilities in third-party components such as OpenSSL and Golang.
Zoom resolved four Windows vulnerabilities, including a critical flaw that could allow remote
unauthenticated account takeover and three high-severity privilege escalation and race-condition
issues.
Neither company has reported evidence that the vulnerabilities are being actively exploited.
Researchers at Symantec have identified a new ransomware operation called Spirals that completed
a full attack from initial compromise to data theft and encryption in less than 24 hours.
The June intrusion targeted a South Asian IT services firm after attackers compromised an internet-facing
IIS server and rapidly established persistence, harvested credentials, and moved laterally across
the network. The attackers disabled Microsoft Defender attempted to remove security software
and stopped backup database and virtualization services
before deploying a rust-based ransomware payload
disguised as bitsadmin.exe.
Stolen data was used to support a double extortion scheme
with victims threatened with public disclosure
if they failed to pay within six days.
Symantec has published indicators of compromise
to help organizations defect and defend
against the emerging threat.
Bit Defender Labs has documented three new attack techniques that abuse Windows' legitimate bind filter file system virtualization feature to evade security tools after attackers gain local administrator privileges.
Dubbed file binding, process binding, and silo binding, the techniques can redirect trusted file paths to malicious content,
disguise malicious processes as legitimate applications and present different file system views to security tools and running processes.
According to Bit Defender, these methods can undermine endpoint detection and response products,
app locker, Windows firewall, AMC, SISMON, and forensic tools by exploiting assumptions that file paths reliably identify executable content.
Microsoft assessed the issue as low severity,
because it requires administrator access,
but Bit Defender argues the techniques represent a significant post-compromise threat,
similar to bring your own vulnerable driver attacks,
and has published detection guidance for defenders.
Black Point Cyber's adversary pursuit group has identified a previously undocumented
Rust-based remote-access Trojan dubbed Labuburat,
which masquerades as legitimate invidious software,
software to evade detection. The malware uses fake invidia metadata and artifacts while providing
attackers with persistent remote access to compromised Windows systems. Researchers found that
Labuba Rat supports command execution, PowerShell and JavaScript execution, screenshot capture,
file transfers, archive management, SOX5 proxying, and optional user-level persistence. The malware
communicates through multiple channels, including HTTPS polling, WebView 2, and DNS tunneling,
allowing operators to maintain access even if one communication method is blocked. Blackpoint says
the malware appears to function as a reusable access framework rather than a one-off payload,
with configurable settings for organizations, groups, servers, and API keys
managed through associated command and control infrastructure.
A coalition of 42 state attorneys general has reached an $18 million settlement with 23 and Me
over cybersecurity failures that led to a 2023 data breach affecting 6.9 million customers.
The breach exposed sensitive personal information, including genetic ancestry data,
and investigators found the company lacked protections against credential-based attacks,
failed to monitor for suspicious activity and did not address known security vulnerabilities.
Attorneys General also criticized 23 and Me for initially denying the breach
and blaming customers' password practices.
The settlement requires the 23&Me Research Institute,
which acquired the company's assets following its 2025
to implement stronger security measures,
conduct regular risk assessments,
establish independent security oversight,
and preserve customers' ongoing rights to delete their personal data and destroy genetic samples.
The Institute has pledged to maintain 23 and Me's existing privacy policies governing customer data.
A lengthy feature in the New York Times magazine recounts the 2007 theft of roughly 80 servers
from a Verizon Data Center in London, orchestrated by career criminal Terry Ellis,
Hired through an intermediary who claimed the servers contained sensitive banking records,
Ellis assembled a team of thieves and computer technicians to execute the highly planned operation.
Disguised as police officers responding to a rooftop emergency,
they subdued security guards, removed the targeted servers, and escaped in under an hour.
The article uses the heist to explore the growing importance of data centers as repositories
of the world's most valuable digital assets,
and argues their physical security
often receives less attention than cybersecurity.
Although Ellis was eventually arrested and imprisoned,
the incident highlighted the risks of physical attacks
on critical infrastructure
and underscored how concentrated stores of sensitive data
remain attractive targets for determined criminals.
Coming up after the break,
my conversation with Ryan Callumberg,
chief strategy officer at ProofPoint.
We're discussing agentic AI and insider threats.
And near, far, wherever you are, the scam must go on.
Stay with us.
When you're a mid-sized business, you need every competitive advantage you can get.
Like an AI solution that works for you, not against you.
SAP Grow is built with AI embedded at its core, working across every system.
And it's ready to go from day one so you can hit the.
ground running. Bring it with SAP Grow. AI Cloud ERP for any size business.
What's the one thing in business that's spreading as fast as AI? AI risk. Every new tool your team
signs up for, every vendor that turns on AI features, every new integration, each one is another
opportunity for something to go wrong. And most security programs weren't built to keep up with
AI's pace of growth. Enter Vanta. Vanta is the number one adjudic. Vanta is the number one
agentic trust platform, trusted by more than 16,000 fast-moving companies like RAMP, Hercer, and
Harvey to help them stay audit-ready. And now Vanta helps companies like yours keep an eye on the
risks that appear between audits across your vendors, your AI tools, and your entire environment.
The Vanta agent works like a 24-7 GRC engineer in the background. It finds issues, drafts,
fixes for you and can cut vendor assessment time by up to 50%. Whether you're a fast-growing startup
or a global enterprise, Vanta is here to help you automate your security and compliance
and earn and prove trust. Get started today at vanta.com slash cyber. That's V-A-N-T-A-com
slash cyber. Ryan Callumber is chief strategy officer at ProofPoint.
We recently got together to discuss why Agentic AI is creating a new insider threat.
I'm tempted to go really far back because insider risk, I believe, is one of the more foundational problems in information security, even going back far into cybersecurity.
When you give someone or something that can act like someone access to sensitive data, you have to have a lot of trust in them to actually handle it appropriately, or you have to have some really strong safeguards around that.
As AI agents have become more and more capable and, there I say, more and more human in their capabilities,
and we've entrusted them with more and more data, asked them to do more and more things,
a lot of the same risks that we had historically dealt with when it comes to people who are insiders creating risk
have now transferred very elegantly over to agents effectively doing the same things.
So to kind of level set for us, when you say agentic AI, what do you put under the
that umbrella? Really good question. I think the word agent is one of the more front words in general
in the discourse right now. So I would say everything from a coding agent, Claude certainly counts
in this, as well as autonomously constructed agents that might be running in containers. Through
two, I think what most people are doing, which is running agents themselves, effectively using their
own identities, using something like Claude Co-work, those are all under the umbrella of agendic AI now.
Can you walk us through a realistic example of how an AI agent, let's say acting with good intentions, could accidentally create a security problem?
Sure. Maybe I'll give you two. And we really see two primary ones right now, just from a categorizing perspective.
The first is that agents can run code that they probably shouldn't. In fact, we published some great threat research on a DPRK, that is to say, North Korean,
drive actor, basically tricking people into getting their coding agents to install malicious
extensions to VS code and cursor, which are two of the more common agented coding platforms out
there. When it comes to doing that autonomously, though, we have definitely seen coding agents
when given a task like, hey, I'm really interested in writing a secure application.
Do you know how to write code in Rust? Maybe it doesn't. So it'll go out to the internet,
look at something that might have a lot of stars on GitHub
and go acquire the ability to do that.
There are lots of technical ways that that can happen.
Skills have become one of the more common ones.
But agents are perfectly capable
if you give them the ability
to basically go out, find code on the internet,
and start running it.
So we do see that as kind of one of the primary categories
of introduced risk right now.
Second category is more around data handling.
And this is a lot like what we'd see.
with humans. When people are curious about things or are given a task that might put them in
contact with sensitive data, they don't always handle it perfectly, and they sometimes exceed the
scope of what they were supposed to be doing. Agents are very, very tough to give only the access
they need to in terms of data. This is the least privilege problem that has actually been with us
in concept since the 70s in Infosec. We've never really figured out how to give people the data,
that they need to do their jobs and nothing more.
And now that is a compounded problem because agents can look at much more data.
And they often do so in ways that they, one, will not forget, and two, are much, much more
expansive than any human to do.
A human can look at a few files a day, maybe a couple dozen, a few hundred if you're
incredibly diligent.
Agents can look at thousands, tens of thousands, hundreds of thousands, maybe millions,
depending on what those files are.
So that data exposure can also teach them things that are truly secret that they shouldn't have access to to do their jobs and make them a vector for data loss in all kinds of ways.
You know, you really, you bring up what I think is a fascinating aspect of all of this, which is the notion of trust and how we use that word.
Because I think in a human context, we talk about things like judgment and accountability and even context.
But as you say, AI agents don't necessarily have those same qualities.
As security teams, do we need to be rethinking how we define trust,
how we casually throw that word around?
I think we do.
And this actually goes to one of the hardest and most unsolved problems here,
which is agentic identity.
Even in the human world, this is hard.
We have more non-human identities and enterprises right now
than we have human identity.
But it is still very, very difficult to attribute activity back to an identity and then make sure that identity has the proper set of permissions so that you can be as far left as possible as preventative as possible in terms of taking care of your sensitive data.
Agents don't really have a great framework for doing that right now.
So when you're trusting them, you're trusting them usually on the level of whatever that individual who is directing the agent, because really that is a more common use case.
than fully autonomous agents right now.
And the users themselves
don't always give great instructions
to the agents, and they are goal-seeking
and people-pleasing. They have been built
to be that way. So, yes,
it's totally possible to
build an agent with a detailed
system prompt, very much
like sort of the constitution that
Claude itself uses, and
you can be very, very diligent
about that. However, at the same time,
we're pushing people to adopt AI really
fast, adopted in ways that they haven't really done before, and very, very few people are going
to be diligent enough about their information handling practices to do things like very, very
specifically instruct an agent on how to actually honor the trust that they're giving it.
That's just a very, very difficult and very tricky problem to not only do from an infosec
perspective, but even from an end user perspective right now. And that's why building real
time guardrails and those sorts of things has become a sort of a measure of last resort from at least
a technical perspective, but that approach has pros and cons as well.
Let's say I'm a security professional, and I feel as though I'm pretty up to speed on what we
would consider to be traditional insider threat programs. What kind of adjustments do I need
to make to the way that I think about this, the way I approach this, now that we're faced with
AI agents?
I think this is actually maybe the key question, because I would argue that a lot of security teams have not gotten to that theoretical point where they feel good about insider risk.
Those that have are way ahead of the game here. But even when you look at a really sophisticated organization with a big cybersecurity team, it's honestly a bit rare for them to have dedicated resources, technologies, human,
processes for insider risk. It's a tough problem. As an analogy, right, if you're in a police
department and you're working in internal affairs, you're probably not the most popular person,
right? It's a tough job to do for all sorts of different reasons. And historically, it's actually
brought up lots of fairly legitimate privacy concerns as well. And that is sort of doubly or even
trebably true for organizations that operate globally. So what I would actually say is we are in a
really interesting place from an insider risk perspective, oddly enough, both because of agents
and now because we have agents. One of the things that we've had the most success with from an
insider risk perspective is transforming telemetry, which most insider risk teams, even when
there were dedicated resources looked at in a purely reactive context, meaning HR or legal told you
there's an issue with a person, maybe they're leaving and joining a competitor, something along
those lines, and you needed to go reconstruct their activity and make sure that none of your
crown jewels went out the building. That's the sort of thing that, you know, you hope that you have
all that telemetry and you have it in a good place and you can do a proper sort of analysis of it.
And obviously in our work at ProofPoint, we try and make that as easy as possible.
But we were still very dependent on humans to do that investigation.
There were only limited sorts of early warning signs that you could do to maybe make things a little bit more proactive.
The part that really is changing right now, and this is maybe the one thing I would want to leave everybody with, is agents are incredibly good at doing these insider investigations.
and they can do so in a way
that is not just kind of simple pattern matching,
although if they're built on top of language models,
they tend to be great at that.
They can also do so in a way that is privacy preserving.
So we have actually organizations
that are both looking at their humans
and their agents solely through the lens of AI investigators,
we call them Risk Investigator agents.
And they basically put together dossiers.
And the dossiers don't have any names on them.
Obviously when there's an agent, that's not a privacy problem.
So, of course, you can name the agent.
But the security teams actually, when it comes to a human creating insider risk,
are usually looking to get that problem off their desk as quickly as possible,
back in the hands of HR and legal who can actually do something about it.
On the agent side, it has actually been useful to train on certain aspects
of how humans create insider risk, but there are two big differences.
One is that the biggest risk for humans tends to be leaving and going to a competitor
and taking a lot of data with you.
That has been there since the dawn of cybersecurity.
And agents won't really do that.
At least they won't do that now.
The agents that I build hopefully will not go work for our competitors anytime soon.
And the second piece is that we did use to rely pretty heavily on anomaly detections for
unusual activity for people.
Like, hey, you looked at 20 files every day last week.
Now you're looking at 200,000.
You're putting them in zips or something.
That doesn't really work for agents.
So agents, because they're able to access and manipulate,
so much more data so quickly and do it 24 by 7,
so even things like after-hour detections kind of decline in utility,
we do have to change a little bit about how we think about it.
But the nice thing about it is we have agents now to do a lot of that work for us.
So it's like the old Homer Simpson quote about beer, right?
It's the cause of and solution to all life's problems.
I think that's where we are with AI right now.
Yeah, yeah.
It's like the turtles.
It's AI all the way down.
Exactly.
That's Ryan Callumber from ProofPoint.
Care for your skin like you care for the game.
Dove Men Plus Care is an official sponsor of the FIFA World Cup 2026
and has just dropped their new limited edition deodorant and antipersprint collection
for 72 hours sweat and odor protection,
helping you stay fresh from kickoff to the final whistle.
Visit dove.com slash CA slash E.N.
slash men dash care to shop now.
And finally,
Celine Dion's long-awaited return to Paris
has created another sold-out performance,
just not the one fans expected.
According to Group IB,
scammers are targeting eager concert goers
through Facebook and convincing fake ticket websites,
turning excitement into an encore of fraud.
The scheme is particularly,
clever, victims receive what appears to be a legitimate ticketmaster ticket, complete with a valid
transfer and QR code, only to discover that the same ticket has been sold to multiple buyers.
The first person through the gate enjoys the show, while everyone else gets an expensive lesson
in ticket validation.
Researchers also uncovered more than 20 fishing domains impersonating Ticketmaster, AXS,
the venue, and Celine Dion's official site, many built with Shopify to mimic authentic checkout pages.
Group IB advises fans to buy only through authorized sellers, avoid direct bank transfers,
and verify that payment details match the seller's identity before hitting the high note on a purchase.
If the deal seems too good to be true, don't let your heart go on.
You may find yourself singing the blues outside the arena,
instead of inside.
And for sure, that would be a sinking feeling
of titanic proportions.
And that's the Cyberwire.
Or links to all of today's stories,
check out our daily briefing at the Cyberwire.com.
We'd love to know what you think of this podcast.
Your feedback ensures we deliver the insights
that keep you a step ahead
in the rapidly changing world of cybersecurity.
If you like our show,
please share a rating and review
in your favorite podcast.
app. Please also fill out the survey in the show notes or send an email to Cyberwire at
N2K.com. N2K's lead producer is Liz Stokes. We're mixed by Trey Hester with original music and
sound design by Elliot Peltzman. Our contributing host is Maria Vermazas. Our executive producer is
Jennifer Ibin. Peter Kilpy is our publisher and I'm Dave Bittner. Thanks for listening. We'll see
you back here tomorrow.
heading to this year's Black Hat USA, the N2K Cyberwire team will be on site recording from our podcast studio in the SpectorOps Kennel Club.
If you're interested in joining us for a conversation or learning more about what we're recording throughout the week, visit sponsor.com for more information.
And make sure you stop by the studio and meet the N2K Cyberwire team. We'll see you there.
