CyberWire Daily - For hackers, sharing is caring.

Episode Date: July 16, 2026

CISA warns of active SharePoint attacks. The NSA pushes coordinated vulnerability disclosure. ClickLock Stealer targets macOS. Splunk and Zoom patch critical flaws. Spirals ransomware strikes in under... 24 hours. New Windows evasion techniques emerge. LabubaRAT poses as NVIDIA software. 23andMe settles over its 2023 breach. Plus, a look back at one of the most audacious data center heists ever pulled off. Our guest is Ryan Kalember, Chief Strategy Officer at Proofpoint, discussing why agentic AI is creating a new insider threat. Near, far, wherever you are…the scam must go on. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Ryan Kalember, Chief Strategy Officer at Proofpoint, and he is discussing why agentic AI is creating a new insider threat. Selected Reading CISA urges immediate SharePoint hardening as exploits mount (CSO Online) NSA joins CISA and Others in Releasing the Cybersecurity Information Sheet “Establishing a Coordinated Vulnerability Disclosure Program to Work with Security Researchers” (NSA) ‘ClickLock Stealer’ Bypasses macOS Security With Social Engineering, Process Killing (SecurityWeek) Splunk, Zoom Patch Critical Vulnerabilities (SecurityWeek) New Spirals ransomware encrypts victim network in under 24 hours (Bleeping Computer) Bind Link Abuse: One Windows Feature, Many Ways to Blind Your EDR (Bitdefender) LabubaRAT: A Rust Based Remote Access Tool Masquerading as NVIDIA Software (Blackpoint Cyber) 23andMe reaches $18 million settlement with states for massive breach (The Record) How a Gang of Thieves Pulled Off a Multimillion-Dollar Data Center Heist (The New York Times) Fake Céline Dion Paris Tickets Sold on Facebook and Ticketmaster Clones (Hackread) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Transcript
Discussion (0)
Starting point is 00:00:00 You're listening to the Cyberwire Network, powered by N2K. This episode is brought to you by Accenture. When your advertising operations fall out of sync, everything else follows. Spotify and Accenture are working together to reinvent the rhythm of ad sales, using automation, analytics, and smarter workflows to simplify campaign delivery and access better data across the business. The result? Less time spent on operations, more time connecting brands with the moments and fandums
Starting point is 00:00:33 that matter most. Learn more at Accenture.com slash Spotify. This episode is supported by Black Hat USA. If you follow the research, you know a lot of it breaks on Black Hat stages. Hundreds of peer-reviewed briefings, more than 100 hands-on trainings, and the largest business hall in Black Hat's history. Six days to learn the skills you'll need tomorrow. August 1st to the 6th. Use code Cyberwire for $200 off your briefings pass at BlackHats. Blackhat.com. We'll see you in Vegas. Cicill warns of active SharePoint attacks. The NSA pushes coordinated vulnerability disclosure. Click-lock Steeler targets MacOS. Splunk and Zoom patch critical flaws. Spirals, ransomware strikes in under 24 hours.
Starting point is 00:01:39 New windows evasion techniques emerge. La Buba Rat poses as NVIDIA software. 23 and Me settles over its 2023 breach. Plus a look back at one of the most audacious data center heists ever pulled off. Our guest is Ryan Calember, chief strategy officer at ProofPoint, discussing why Agentic AI is creating a new insider threat. And near, far, wherever you are, the scam must go on.
Starting point is 00:02:21 It's Thursday, July 16th, 2026. I'm Dave Bittner, and this is your Cyberwire Intel briefing. Thanks for joining us here today. It's great as always to have you with us. SISA is urging organizations to immediately secure on-premises Microsoft SharePoint servers after confirming that three vulnerabilities are being actively exploited. Administrators are advised to apply Microsoft Security updates, follow mitigation and incident response guidance,
Starting point is 00:03:06 hunt for indicators of compromise, and rotate SharePoint machine keys where appropriate, as patching alone may not remove attacker persistence. Microsoft also recommends enabling anti-malware scan interface integration to help detect malicious activity. Security experts warn that organizations should treat the advisory as more than a routine patching exercise, noting that a compromised SharePoint server can provide attackers with a pathway to critical systems, increasing the risk of ransomware, widespread network compromise, and data disclosure. The National Security Agency, in partnership with SISA, Japan's J.P. CERTCC and the Netherlands, NCSCN, has released new guidance encouraging technology suppliers to establish coordinated vulnerability disclosure programs that promote collaboration with security researchers.
Starting point is 00:04:04 The guidance recommends publishing a clear vulnerability disclosure policy, maintaining an open and inclusive reporting process. and defining a broad scope for security testing. It also highlights the value of third-party intermediaries, such as national incident response teams, in coordinating disclosures and facilitating communication between researchers and vendors. Officials say robust CVD programs help organizations identify and remediate vulnerabilities more effectively,
Starting point is 00:04:37 strengthen customer trust, and improve overall security. The agencies also encourage suppliers to regularly review and update their disclosure programs to keep pace with evolving cyber threats and industry best practices. Researchers at Group IB have identified ClickLock Steeler, a new MacOS malware that relies on social engineering rather than software exploits to steal sensitive data. First observed in early June, the malware has reportedly targeted more than 100,000, users across 33 countries, primarily in Europe. Victims are lured to fake Cloudflare verification pages that instruct them to manually execute
Starting point is 00:05:21 a malicious terminal command. Once launch, the malware steals browser data, cryptocurrency wallets, password manager information, MacOS keychain contents, FTP credentials, and shell history before exfiltrating the data through a telegram bot. To defeat MacOS security protections, ClickLock Steeler repeatedly terminates processes, suppresses security notifications, and displays convincing password prompts, coercing users into granting the access needed to harvest protected credentials while maintaining a persistent backdoor on infected systems. Splunk and Zoom have released security updates addressing multiple vulnerabilities across their products, including several critical and high severity flaws. Splunk patched three product-specific issues that could enable command safeguard bypass,
Starting point is 00:06:16 path traversal, credential exposure, and unauthorized file rights, alongside fixes for vulnerabilities in third-party components such as OpenSSL and Golang. Zoom resolved four Windows vulnerabilities, including a critical flaw that could allow remote unauthenticated account takeover and three high-severity privilege escalation and race-condition issues. Neither company has reported evidence that the vulnerabilities are being actively exploited. Researchers at Symantec have identified a new ransomware operation called Spirals that completed a full attack from initial compromise to data theft and encryption in less than 24 hours.
Starting point is 00:07:01 The June intrusion targeted a South Asian IT services firm after attackers compromised an internet-facing IIS server and rapidly established persistence, harvested credentials, and moved laterally across the network. The attackers disabled Microsoft Defender attempted to remove security software and stopped backup database and virtualization services before deploying a rust-based ransomware payload disguised as bitsadmin.exe. Stolen data was used to support a double extortion scheme with victims threatened with public disclosure
Starting point is 00:07:40 if they failed to pay within six days. Symantec has published indicators of compromise to help organizations defect and defend against the emerging threat. Bit Defender Labs has documented three new attack techniques that abuse Windows' legitimate bind filter file system virtualization feature to evade security tools after attackers gain local administrator privileges. Dubbed file binding, process binding, and silo binding, the techniques can redirect trusted file paths to malicious content, disguise malicious processes as legitimate applications and present different file system views to security tools and running processes. According to Bit Defender, these methods can undermine endpoint detection and response products,
Starting point is 00:08:32 app locker, Windows firewall, AMC, SISMON, and forensic tools by exploiting assumptions that file paths reliably identify executable content. Microsoft assessed the issue as low severity, because it requires administrator access, but Bit Defender argues the techniques represent a significant post-compromise threat, similar to bring your own vulnerable driver attacks, and has published detection guidance for defenders. Black Point Cyber's adversary pursuit group has identified a previously undocumented Rust-based remote-access Trojan dubbed Labuburat,
Starting point is 00:09:13 which masquerades as legitimate invidious software, software to evade detection. The malware uses fake invidia metadata and artifacts while providing attackers with persistent remote access to compromised Windows systems. Researchers found that Labuba Rat supports command execution, PowerShell and JavaScript execution, screenshot capture, file transfers, archive management, SOX5 proxying, and optional user-level persistence. The malware communicates through multiple channels, including HTTPS polling, WebView 2, and DNS tunneling, allowing operators to maintain access even if one communication method is blocked. Blackpoint says the malware appears to function as a reusable access framework rather than a one-off payload,
Starting point is 00:10:04 with configurable settings for organizations, groups, servers, and API keys managed through associated command and control infrastructure. A coalition of 42 state attorneys general has reached an $18 million settlement with 23 and Me over cybersecurity failures that led to a 2023 data breach affecting 6.9 million customers. The breach exposed sensitive personal information, including genetic ancestry data, and investigators found the company lacked protections against credential-based attacks, failed to monitor for suspicious activity and did not address known security vulnerabilities. Attorneys General also criticized 23 and Me for initially denying the breach
Starting point is 00:10:53 and blaming customers' password practices. The settlement requires the 23&Me Research Institute, which acquired the company's assets following its 2025 to implement stronger security measures, conduct regular risk assessments, establish independent security oversight, and preserve customers' ongoing rights to delete their personal data and destroy genetic samples. The Institute has pledged to maintain 23 and Me's existing privacy policies governing customer data.
Starting point is 00:11:28 A lengthy feature in the New York Times magazine recounts the 2007 theft of roughly 80 servers from a Verizon Data Center in London, orchestrated by career criminal Terry Ellis, Hired through an intermediary who claimed the servers contained sensitive banking records, Ellis assembled a team of thieves and computer technicians to execute the highly planned operation. Disguised as police officers responding to a rooftop emergency, they subdued security guards, removed the targeted servers, and escaped in under an hour. The article uses the heist to explore the growing importance of data centers as repositories of the world's most valuable digital assets,
Starting point is 00:12:13 and argues their physical security often receives less attention than cybersecurity. Although Ellis was eventually arrested and imprisoned, the incident highlighted the risks of physical attacks on critical infrastructure and underscored how concentrated stores of sensitive data remain attractive targets for determined criminals. Coming up after the break,
Starting point is 00:12:44 my conversation with Ryan Callumberg, chief strategy officer at ProofPoint. We're discussing agentic AI and insider threats. And near, far, wherever you are, the scam must go on. Stay with us. When you're a mid-sized business, you need every competitive advantage you can get. Like an AI solution that works for you, not against you. SAP Grow is built with AI embedded at its core, working across every system.
Starting point is 00:13:22 And it's ready to go from day one so you can hit the. ground running. Bring it with SAP Grow. AI Cloud ERP for any size business. What's the one thing in business that's spreading as fast as AI? AI risk. Every new tool your team signs up for, every vendor that turns on AI features, every new integration, each one is another opportunity for something to go wrong. And most security programs weren't built to keep up with AI's pace of growth. Enter Vanta. Vanta is the number one adjudic. Vanta is the number one agentic trust platform, trusted by more than 16,000 fast-moving companies like RAMP, Hercer, and Harvey to help them stay audit-ready. And now Vanta helps companies like yours keep an eye on the
Starting point is 00:14:11 risks that appear between audits across your vendors, your AI tools, and your entire environment. The Vanta agent works like a 24-7 GRC engineer in the background. It finds issues, drafts, fixes for you and can cut vendor assessment time by up to 50%. Whether you're a fast-growing startup or a global enterprise, Vanta is here to help you automate your security and compliance and earn and prove trust. Get started today at vanta.com slash cyber. That's V-A-N-T-A-com slash cyber. Ryan Callumber is chief strategy officer at ProofPoint. We recently got together to discuss why Agentic AI is creating a new insider threat. I'm tempted to go really far back because insider risk, I believe, is one of the more foundational problems in information security, even going back far into cybersecurity.
Starting point is 00:15:21 When you give someone or something that can act like someone access to sensitive data, you have to have a lot of trust in them to actually handle it appropriately, or you have to have some really strong safeguards around that. As AI agents have become more and more capable and, there I say, more and more human in their capabilities, and we've entrusted them with more and more data, asked them to do more and more things, a lot of the same risks that we had historically dealt with when it comes to people who are insiders creating risk have now transferred very elegantly over to agents effectively doing the same things. So to kind of level set for us, when you say agentic AI, what do you put under the that umbrella? Really good question. I think the word agent is one of the more front words in general in the discourse right now. So I would say everything from a coding agent, Claude certainly counts
Starting point is 00:16:15 in this, as well as autonomously constructed agents that might be running in containers. Through two, I think what most people are doing, which is running agents themselves, effectively using their own identities, using something like Claude Co-work, those are all under the umbrella of agendic AI now. Can you walk us through a realistic example of how an AI agent, let's say acting with good intentions, could accidentally create a security problem? Sure. Maybe I'll give you two. And we really see two primary ones right now, just from a categorizing perspective. The first is that agents can run code that they probably shouldn't. In fact, we published some great threat research on a DPRK, that is to say, North Korean, drive actor, basically tricking people into getting their coding agents to install malicious extensions to VS code and cursor, which are two of the more common agented coding platforms out
Starting point is 00:17:16 there. When it comes to doing that autonomously, though, we have definitely seen coding agents when given a task like, hey, I'm really interested in writing a secure application. Do you know how to write code in Rust? Maybe it doesn't. So it'll go out to the internet, look at something that might have a lot of stars on GitHub and go acquire the ability to do that. There are lots of technical ways that that can happen. Skills have become one of the more common ones. But agents are perfectly capable
Starting point is 00:17:46 if you give them the ability to basically go out, find code on the internet, and start running it. So we do see that as kind of one of the primary categories of introduced risk right now. Second category is more around data handling. And this is a lot like what we'd see. with humans. When people are curious about things or are given a task that might put them in
Starting point is 00:18:10 contact with sensitive data, they don't always handle it perfectly, and they sometimes exceed the scope of what they were supposed to be doing. Agents are very, very tough to give only the access they need to in terms of data. This is the least privilege problem that has actually been with us in concept since the 70s in Infosec. We've never really figured out how to give people the data, that they need to do their jobs and nothing more. And now that is a compounded problem because agents can look at much more data. And they often do so in ways that they, one, will not forget, and two, are much, much more expansive than any human to do.
Starting point is 00:18:49 A human can look at a few files a day, maybe a couple dozen, a few hundred if you're incredibly diligent. Agents can look at thousands, tens of thousands, hundreds of thousands, maybe millions, depending on what those files are. So that data exposure can also teach them things that are truly secret that they shouldn't have access to to do their jobs and make them a vector for data loss in all kinds of ways. You know, you really, you bring up what I think is a fascinating aspect of all of this, which is the notion of trust and how we use that word. Because I think in a human context, we talk about things like judgment and accountability and even context. But as you say, AI agents don't necessarily have those same qualities.
Starting point is 00:19:36 As security teams, do we need to be rethinking how we define trust, how we casually throw that word around? I think we do. And this actually goes to one of the hardest and most unsolved problems here, which is agentic identity. Even in the human world, this is hard. We have more non-human identities and enterprises right now than we have human identity.
Starting point is 00:20:00 But it is still very, very difficult to attribute activity back to an identity and then make sure that identity has the proper set of permissions so that you can be as far left as possible as preventative as possible in terms of taking care of your sensitive data. Agents don't really have a great framework for doing that right now. So when you're trusting them, you're trusting them usually on the level of whatever that individual who is directing the agent, because really that is a more common use case. than fully autonomous agents right now. And the users themselves don't always give great instructions to the agents, and they are goal-seeking and people-pleasing. They have been built
Starting point is 00:20:40 to be that way. So, yes, it's totally possible to build an agent with a detailed system prompt, very much like sort of the constitution that Claude itself uses, and you can be very, very diligent about that. However, at the same time,
Starting point is 00:20:56 we're pushing people to adopt AI really fast, adopted in ways that they haven't really done before, and very, very few people are going to be diligent enough about their information handling practices to do things like very, very specifically instruct an agent on how to actually honor the trust that they're giving it. That's just a very, very difficult and very tricky problem to not only do from an infosec perspective, but even from an end user perspective right now. And that's why building real time guardrails and those sorts of things has become a sort of a measure of last resort from at least a technical perspective, but that approach has pros and cons as well.
Starting point is 00:21:37 Let's say I'm a security professional, and I feel as though I'm pretty up to speed on what we would consider to be traditional insider threat programs. What kind of adjustments do I need to make to the way that I think about this, the way I approach this, now that we're faced with AI agents? I think this is actually maybe the key question, because I would argue that a lot of security teams have not gotten to that theoretical point where they feel good about insider risk. Those that have are way ahead of the game here. But even when you look at a really sophisticated organization with a big cybersecurity team, it's honestly a bit rare for them to have dedicated resources, technologies, human, processes for insider risk. It's a tough problem. As an analogy, right, if you're in a police department and you're working in internal affairs, you're probably not the most popular person,
Starting point is 00:22:39 right? It's a tough job to do for all sorts of different reasons. And historically, it's actually brought up lots of fairly legitimate privacy concerns as well. And that is sort of doubly or even trebably true for organizations that operate globally. So what I would actually say is we are in a really interesting place from an insider risk perspective, oddly enough, both because of agents and now because we have agents. One of the things that we've had the most success with from an insider risk perspective is transforming telemetry, which most insider risk teams, even when there were dedicated resources looked at in a purely reactive context, meaning HR or legal told you there's an issue with a person, maybe they're leaving and joining a competitor, something along
Starting point is 00:23:32 those lines, and you needed to go reconstruct their activity and make sure that none of your crown jewels went out the building. That's the sort of thing that, you know, you hope that you have all that telemetry and you have it in a good place and you can do a proper sort of analysis of it. And obviously in our work at ProofPoint, we try and make that as easy as possible. But we were still very dependent on humans to do that investigation. There were only limited sorts of early warning signs that you could do to maybe make things a little bit more proactive. The part that really is changing right now, and this is maybe the one thing I would want to leave everybody with, is agents are incredibly good at doing these insider investigations. and they can do so in a way
Starting point is 00:24:16 that is not just kind of simple pattern matching, although if they're built on top of language models, they tend to be great at that. They can also do so in a way that is privacy preserving. So we have actually organizations that are both looking at their humans and their agents solely through the lens of AI investigators, we call them Risk Investigator agents.
Starting point is 00:24:34 And they basically put together dossiers. And the dossiers don't have any names on them. Obviously when there's an agent, that's not a privacy problem. So, of course, you can name the agent. But the security teams actually, when it comes to a human creating insider risk, are usually looking to get that problem off their desk as quickly as possible, back in the hands of HR and legal who can actually do something about it. On the agent side, it has actually been useful to train on certain aspects
Starting point is 00:24:58 of how humans create insider risk, but there are two big differences. One is that the biggest risk for humans tends to be leaving and going to a competitor and taking a lot of data with you. That has been there since the dawn of cybersecurity. And agents won't really do that. At least they won't do that now. The agents that I build hopefully will not go work for our competitors anytime soon. And the second piece is that we did use to rely pretty heavily on anomaly detections for
Starting point is 00:25:27 unusual activity for people. Like, hey, you looked at 20 files every day last week. Now you're looking at 200,000. You're putting them in zips or something. That doesn't really work for agents. So agents, because they're able to access and manipulate, so much more data so quickly and do it 24 by 7, so even things like after-hour detections kind of decline in utility,
Starting point is 00:25:50 we do have to change a little bit about how we think about it. But the nice thing about it is we have agents now to do a lot of that work for us. So it's like the old Homer Simpson quote about beer, right? It's the cause of and solution to all life's problems. I think that's where we are with AI right now. Yeah, yeah. It's like the turtles. It's AI all the way down.
Starting point is 00:26:11 Exactly. That's Ryan Callumber from ProofPoint. Care for your skin like you care for the game. Dove Men Plus Care is an official sponsor of the FIFA World Cup 2026 and has just dropped their new limited edition deodorant and antipersprint collection for 72 hours sweat and odor protection, helping you stay fresh from kickoff to the final whistle. Visit dove.com slash CA slash E.N.
Starting point is 00:26:50 slash men dash care to shop now. And finally, Celine Dion's long-awaited return to Paris has created another sold-out performance, just not the one fans expected. According to Group IB, scammers are targeting eager concert goers through Facebook and convincing fake ticket websites,
Starting point is 00:27:39 turning excitement into an encore of fraud. The scheme is particularly, clever, victims receive what appears to be a legitimate ticketmaster ticket, complete with a valid transfer and QR code, only to discover that the same ticket has been sold to multiple buyers. The first person through the gate enjoys the show, while everyone else gets an expensive lesson in ticket validation. Researchers also uncovered more than 20 fishing domains impersonating Ticketmaster, AXS, the venue, and Celine Dion's official site, many built with Shopify to mimic authentic checkout pages.
Starting point is 00:28:21 Group IB advises fans to buy only through authorized sellers, avoid direct bank transfers, and verify that payment details match the seller's identity before hitting the high note on a purchase. If the deal seems too good to be true, don't let your heart go on. You may find yourself singing the blues outside the arena, instead of inside. And for sure, that would be a sinking feeling of titanic proportions. And that's the Cyberwire.
Starting point is 00:29:11 Or links to all of today's stories, check out our daily briefing at the Cyberwire.com. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review
Starting point is 00:29:28 in your favorite podcast. app. Please also fill out the survey in the show notes or send an email to Cyberwire at N2K.com. N2K's lead producer is Liz Stokes. We're mixed by Trey Hester with original music and sound design by Elliot Peltzman. Our contributing host is Maria Vermazas. Our executive producer is Jennifer Ibin. Peter Kilpy is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. heading to this year's Black Hat USA, the N2K Cyberwire team will be on site recording from our podcast studio in the SpectorOps Kennel Club. If you're interested in joining us for a conversation or learning more about what we're recording throughout the week, visit sponsor.com for more information.
Starting point is 00:30:37 And make sure you stop by the studio and meet the N2K Cyberwire team. We'll see you there.

There aren't comments yet for this episode. Click on any sentence in the transcript to leave a comment.