CyberWire Daily - Millions of devices still up for grabs.
Episode Date: March 20, 2026Feds take down major IoT botnets. The FBI seizes hacktivist infrastructure. A data breach hits Kaplan, while a hacker claims access to millions of law enforcement tips. Fake Zoom calls deliver malware.... A crypto “security” tool turns out to be spyware. A critical AI framework flaw gets exploited in hours. An insider extortion case ends in conviction. And a streaming scam pulls in over $10 million. A look back at ten years of Cyberwire podcasts. Intern Kevin gets ready for RSAC. A cyberattack leaves breathalyzers offline. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Celebrating CyberWire Daily Maria Varmazis leads a conversation with Peter Kilpe and Dave Bittner reflecting on the origins of the CyberWire Daily podcast as part of the 10th anniversary series, sharing behind-the-scenes insights and how it all got started. CyberWire Guest Today we are joined by Intern Kevin—also known as Kevin Magee—as he gets ready for RSA Conference 2026 next week. Selected Reading Feds disrupt IoT botnets behind record-breaking DDoS attacks (The Register) FBI seizes Handala data leak site after Stryker cyberattack (Bleeping Computer) Kaplan North America Reports Data Breach Impacting Nearly 195,000 Individuals (Beyond Machines) Hacker says they compromised millions of confidential police tips held by US company (Reuters) Fake interactive Zoom call leads to malicious ScreenConnect download | news (SC Media) Crypto Scam "ShieldGuard" Dismantled After Malware Discovery (Infosecurity Magazine) Hackers Exploit Critical Langflow Bug in Just 20 Hours (Infosecurity Magazine) Ex-data analyst stole company data in $2.5M extortion scheme (Bleeping Computer) Musician admits to $10M streaming royalty fraud using AI bots (Bleeping Computer) Cyberattack leaves Maine drivers with breathalyzer test systems unable to start vehicles (WGME) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyberwire Network, powered by N2K.
AI is changing how enterprises operate and how they stay protected.
It's time to eliminate risk and protect innovation.
From March 23rd through the 26th, join Trend AI for actionable AI security insights.
Catch impactful sessions at RSC, then unwind and grab a bite at their lounge in Trapasue.
Experience industry-leading AI security.
person, engage with the experts, and get your chance to win $500,000.
San Francisco lets AI fearlessly. Learn more at trendmicro.com slash RSA.
The feds take down major IoT botnets. The FBI seizes hacktivist infrastructure.
A data breach hits Kaplan, while a hacker claims to access millions of law enforcement tips.
Fake Zoom calls deliver malware. A crypto security tool turns out to
be spyware. A critical AI framework flaw gets exploited in hours. An insider extortion case ends in conviction,
and a streaming scam pulls in over 10 million bucks. A look back at 10 years of Cyberwire podcasts.
Intern Kevin gets ready for RSAC, and a cyber attack leaves breathalizers offline. It's Friday, March 20th,
2026. I'm Dave Bittner, and this is your Cyberwire Intel briefing.
Thanks for joining us here today. It's great as always to have you with us.
The U.S. government has disrupted four major Internet of Things botnets tied to some of the largest distributed denial of service attacks ever recorded, including traffic exceeding 30 terabits per second.
In coordination with Germany and Canada, the Department of Justice targeted the command and control infrastructure of the Isuru, Kim Wolf, Jack Skid, and Mossad botnets.
These networks compromised more than 3 million devices, including routers and cameras.
Officials link them to hundreds of thousands of attacks, some targeting Department of Defense
Systems and to criminal services like DDoS for hire and extortion.
The operation removes active control of powerful botnets, but leaves millions of vulnerable devices
still infected. That persistent exposure continues to fuel the cybercrime economy and enables
rapid rebuilding of similar attack networks.
The FBI has seized two websites used by the Handala Hactivist Group
after a destructive cyber attack on Stryker, wiped roughly 80,000 devices.
The domains were taken under a warrant from the U.S. District Court in Maryland,
with authorities stating they supported malicious cyber activity tied to a foreign state actor.
Handela, described as an Iranian-linked group, reportedly compromised a dismalise
administrative accounts and used Microsoft in-tune to issue device wipe commands across Windows
and mobile systems. The attack impacted both corporate and employee-managed devices. The action
disrupts part of the group's public infrastructure, but the scale of the attack highlights
how enterprise device management tools can be abused for widespread damage. It also underscores
ongoing risks from state-linked activist activity targeting critical sectors.
Kaplan North America, a provider of educational and professional training services,
has disclosed a data breach affecting nearly 195,000 individuals,
involving the theft of sensitive personal information from internal systems.
The intrusion occurred over three weeks between October and November 2025,
with attackers accessing and exfiltrating files,
containing names, social security numbers, and driver's license data.
The company completed its investigation in February 26 and began notifying affected individuals in March,
offering credit monitoring and identity protection services.
The exposure of high-value identity data increases the risk of fraud and long-term identity theft.
It also highlights the impact of prolonged unauthorized access before detection.
A hacker claims to have breached a U.S. law enforcement tip platform,
stealing data tied to more than 8 million confidential reports.
The actor, calling themselves Internet YIF machine,
alleges they accessed P3 Global Intel, part of Navigate 360,
and exfiltrated 93 gigabytes of data.
The company says it's investigating a potential incident with third-party support.
According to the hacker, access came through social engineering and a vulnerability.
Reuters could not independently verify the claim,
though another outlet reported limited corroboration of leaked data.
Tip platforms handle sensitive submissions tied to law enforcement and public safety.
A breach could expose informants and undermine trust in reporting systems if confirmed.
Attackers are using a fake interactive Zoom call to trick users into installing malicious software
disguised as a routine update.
According to Sublime, the campaign uses AI.
generated JavaScript to simulate a glitchy Zoom meeting, complete with clickable controls and audio
issues.
Victims arrive via phishing emails and are guided through a fake security check before being prompted
to install a Zoom update.
The downloaded file installs legitimate screen connect remote monitoring and management software,
giving attackers device access.
Researchers say the attack can be easily customized for specific targets.
realistic interactive fishing lures lower user suspicion and increase compromise rates.
It also highlights how legitimate administrative tools can be abused for unauthorized access.
Researchers have dismantled Shield Guard, a malicious browser extension that posed as a crypto security tool but was designed to steal sensitive user data.
Octa threat intelligence reports the extension used social media promotion and token
AirDrop incentives to lure users. Once installed, it targeted platforms like Binance, Coinbase,
and Metamask, collecting account data, transaction histories, and browsing activity. The malware
used obfuscation and a custom JavaScript interpreter to evade Chrome protections and dynamically
execute code. Researchers also identified links to a broader campaign known as Rodex.
attackers are increasingly disguising malware as security tools,
exploiting trust in the crypto ecosystem.
This also highlights the risks of browser extensions
as a vector for large-scale data theft.
Threat actors exploited a critical Langflow vulnerability
within 20 hours of disclosure,
building working attacks directly from the advisory description.
The flaw is an unauthenticated remote code execution vulnerability,
with a CVSS score of 9.3.
It allows arbitrary Python execution on exposed systems with a single request.
SISDIG observed attackers scanning for targets,
deploying custom scripts and harvesting credentials,
including API keys and database access.
No public proof-of-concept code was available at the time.
Exploitation timelines are shrinking faster than patch cycles.
Organizations often take weeks to remediate,
leaving a wide exposure window as attackers rapidly weaponize newly disclosed flaws.
A North Carolina contractor has been found guilty of extorting a technology company
using sensitive data he accessed during his employment.
According to the Justice Department, Cameron Curry exploited his role as a data analyst
to steal payroll and employee information from Brightly Software.
After his contract ended in December 2023, he sent more than 60 extortion emails demanding
$2.5 million, threatening to leak personal and compensation data.
The company ultimately paid a smaller amount in Bitcoin before reporting the incident.
Authorities later seized evidence from Curry's residence.
It's a reminder that insider threats remain a significant risk, especially when employees
retain access to sensitive systems.
It also highlights how stolen corporate data can be weaponized for extortion.
A different North Carolina man has pleaded guilty to orchestrating a large-scale streaming fraud
that generated over $10 million in illicit music royalties.
According to court documents, Michael Smith used AI-generated music and automated bot accounts
to inflate streaming numbers across platforms, including Spotify, Apple Music,
Amazon music, and YouTube music.
Prosecutors say the scheme ran from 2017 to 2024,
using VPNs and hundreds of thousands of tracks to evade detection.
At its peak, over 1,000 bots streamed billions of plays,
diverting royalties from legitimate artists.
Smith has agreed to forfeit more than $8 million.
AI and automation are lowering barriers for fraud at scale,
challenging detection systems and undermining trust in digital revenue models.
Coming up after the break, a look back at 10 years of Cyberwire podcasts.
Intern Kevin gets ready for RSAC, and a cyber attack leaves breathalizers offline.
Stay with us.
No, it's not your imagination.
Risk and regulation really are ramping up,
and these days customers expect proof of security before they'll even do business.
That's where Vanta comes in.
Vanta automates your compliance process and brings compliance, risk, and customer trust together on one AI-powered platform.
So whether you're getting ready for a SOC2 or managing an enterprise governance risk and compliance program,
Vanta helps keep you secure and keeps your deals moving.
Companies like Ramp and Writers spend 82% less time on audits with Vanta.
That means less time chasing paperwork and more time for you.
focused on growth. For me, it comes down to this. Over 10,000 companies from startups to large
enterprises, trust Vanta to help prove their security. Get started at vanta.com slash cyber.
Most environments trust far more than they should, and attackers know it. Threat Locker solves that
by enforcing default deny at the point of execution. With Threat Locker Allow listing, you stop
unknown executables cold. With ring fencing, you stop unknown executables cold. With ring fencing,
you control how trusted applications behave, and with Threat Locker DAC, defense against configurations,
you get real assurance that your environment is free of misconfigurations
and clear visibility into whether you meet compliance standards.
Threat Locker is the simplest way to enforce zero-trust principles without the operational pain.
It's powerful protection that gives CISO's real visibility, real control, and real peace of mind.
Threat Locker makes zero-trust attainable, even for small,
security teams. See why thousands of organizations choose Threat Locker to minimize alert fatigue,
stop ransomware at the source, and regain control over their environments.
Schedule your demo at Threatlocker.com slash N2K today.
It has been my distinct privilege to be your CyberWire Daily host here for the past 10 years.
In celebration of that milestone, I sat down with Marie Vermazzi and our CEO,
Peter Kilpe to take a look back.
I would say that basically my path,
you know, working, doing the creative work,
user experience, design work in the intelligence community as a contractor.
That was my first exposure to cybersecurity more broadly.
And that was actually in a more in-depth kind of way.
And I ended up working for a stream of companies doing these kinds of things.
For one of the companies, a security company in Baltimore,
we ended up creating a newslet.
for ourselves, all about cybersecurity, helping educate our own employees on what's going on inside
the security world.
A number of people kept telling us how great our little internal intelligence newsletter was,
and we should share it with the world, so we did.
And we ultimately built a cybersecurity newsletter product that was read in almost every country.
probably only two readers in Madagascar, but really we hit.
That island with the penguins.
Yeah, they were evading the pandemic every board game.
Place me in time.
When about was this?
What year roughly?
This would have been 2012, 2013.
I'm afraid it was probably just before Dave joined us.
You know, our newsletter became very popular.
was still again, not an internal product,
but it wasn't a profit-making venture.
Dave came to join us, you know,
2015, bringing his immense talents
to our creative team, especially in the video world.
He got to notice the products,
particularly the newsletter that we were doing.
He had met our first editor, John Patrick,
and came by my office and said,
hey, Peter, you know, this newsletter,
you have might make a great podcast. And David had a lot of experience working on podcasts in the
past, doing broadcast kind of work. And I said, that's interesting. Why don't you like show me what
that would look like? So he worked with the editor, came back, showed a little prototype of what
the first podcast could look like, which, by the way, was just like five minutes long. You know,
the first iteration. Dave, how did you have that idea? I mean, obviously you had the expertise
there, but was there a lightning strike moment for you, or was it a slow realization or what?
How did that, how did you get to that point?
Well, in my previous career, I had produced podcasts for a number of other people.
So I was familiar with the medium, but I'd been more behind the scenes.
And so when I joined the team at the cybersecurity company, they had this, Peter said,
they had this pre-existing newsletter called the Cyberwire.
and I thought, why don't I just read it every day?
I had also, as Peter mentioned, I had a background in theater.
I'd been doing voiceover professionally since I was like eight.
So it was something I was very comfortable with.
And the idea was just that every day I would just read the newsletter as it existed,
just read it verbatim.
And we'd put that out in audio form.
We originally, I think we held ourselves to something like a 10-minute limit.
for show length.
Ha ha ha ha.
And then we're like,
should we extend this to six?
Yeah.
You know.
Yeah. And then it became like, you know.
Yeah.
And you know, Peter's management style is very much, you know,
pushing you to stretch your boundaries and find what other things you can do and
constant improvement.
So we, you know, at first it was like, well, what if we did an interview every now and then?
And I thought, oh, we could do that.
What if we did an interview every day?
So it just kind of snowballed and eventually took the form that it is today.
It really was just as simple as thinking that we were going to read the daily news briefing every day
and just send it out into the world.
And it didn't take us too long to figure out we were on to something.
I was going to say there must have been some very good audience signals that you not only had anticipated at the start,
but that you were getting as you started going.
Because not every podcast has legs.
I mean, certainly 10 years is incredible.
But earlier on, you all must have been seeing things like,
oh, this is getting traction.
What were you hearing at that time?
It was actually really surprising to me.
I wasn't sure what to expect.
We thought this might be kind of a side project.
Within six months, we had Fortune 10 companies, like, reaching out and saying,
how do I get on this show?
Wow.
And the audience became really enamored.
with what we were doing. We'd mentioned it in our newsletter, of course. Also, some of our customers
who are still our customers 10 years later reached out to us and said, we're in. We're happy to
sponsor what you guys are doing. We weren't even particularly interested in the ROI. They just
wanted to be connected with the trust that we were building in the community. Not long after that,
we realized that this had real legs and could be a business.
So five of us split off to go make it a company.
And that was Dave Bittner, Jen Ibin, John Petrick, Chris Russell, and myself.
And we went off.
We all had our function.
I needed to help turn what we were doing into a business so that it could survive.
John Patrick would write the story.
of the day. You know, Dave Bittner
would tell the stories, you know, help people
engage with our audience,
talk to people.
Jen Ibin would help create
the infrastructure and process
we needed to be able to
talk to the world and, you know,
shape the stories that we were doing.
And Chris helped
build the technical infrastructure that
helped us deliver what we did
day and day out. We were a small and mighty
team, and we still are.
A little bigger, though.
Those early days
As anyone who's been in that sort of a startup knows
Everybody's just kind of
Taking care of everybody
Or everything and everybody
And just doing what needs to be done
Just to see you to the next week
And we were definitely in that mode
I think just getting back to the startup
You know one of the things I think
That set us apart at the outset
And you have to remember 10 years ago
Podcasting was different than it is today
We just sounded like a real radio program.
We were able to sound like a news show.
And part of that was just the technical experience we had,
the experience we had writing,
we had this group of people who could together make that happen.
Think at the outset it set us apart.
Yeah, I'm also very curious,
in addition to that high standard of production excellence,
which speaks for itself truly,
also the guiding star, like the north star for the show
in terms of standards, editorial responsibility, that sort of thing.
Can you talk a little bit about that?
Because that's one of the things that the show is also really well known for,
like that level of integrity.
Well, I mean, the vision of the Cyberwire when it first came out,
and we didn't really fully articulate this into words as we were going forward.
But really what we were doing is making the world a safer place
by help keeping people educated and informed about,
what was going on in security.
And we did it diligently.
We did it without fluff.
We did it without, you know, creating FUD, you know, in the community.
We just told it like it was.
And we were there every day.
We were reliable, even in majors, snowstorms, you know, that I don't, I'm not even
sure there is one day that is off air.
But we were there and we started building trust with leaders
in the public sector, the private sector,
intelligence community, law enforcement,
not just in the U.S., but abroad,
started using the content that we create.
Again, not just as fluff,
but people used what we made
to help bring context to their own intelligence operations,
their own disaster recovery kinds of things,
and even major companies.
I remember a couple of companies.
of moments that struck me as being noteworthy, maybe milestones.
First was not long after we started publishing,
of course, we were tracking our numbers every day,
which was very exciting because they were going up and up slowly but surely.
And I remember I was at a Women in Cybersecurity Conference,
I believe in Texas, and I was doing the publishing
and the things that needed to be done in my hotel room.
And I think it was the first time that we had crossed 3,000 downloads for a day.
Somebody mentioned us somewhere and we got a big boost.
And I remember how exciting that was.
And I think I said to Peter, hey, we crossed 3,000.
And Peter said, that's great.
I think we'll really have something when we cross 10,000.
And I thought to myself, oh, come on, that's impossible.
Of course, it wasn't impossible.
Probably six months later, we crossed the 10,000.
thousand a day threshold and has just grown ever since. Another moment that was special for me was
one day in the mail, I got a little padded envelope with no return address and it was full of
challenge coins from NSA and Fort Meade and just a handwritten unsigned note that said,
thanks for all you do. Dang. That was it.
I was a pretty special moment.
Dave also gets all the goodies, you know, from very...
It's true, yes.
He wants to send us cookies and other delights.
You're not jealous at all, Peter.
But to this day, you know, I'll go to events, and as I've said,
you know, I'm just the most public-facing person in this team that makes this happen.
So people come up to me and thank me on behalf of the team.
And it just never gets old.
People in very important positions, both in government and the private sector, whose job is to help keep all of us safe, are sincerely thankful that we help them do their job.
And that feels great.
It does.
It reminds me, too, that, like, you know, we oftentimes are talking about the impact that we have with, you know, the intelligence community or some, you know, big leader who lists.
to us, but our team is really excited to hear from individuals who reach out to us fairly regularly,
and they say, oh, you helped me get a job. You know, I learned about you and you helped me transition
into this career or security was part of my, assigned to me as part of my portfolio. You
helped me get there or get where I needed to go. That means a lot to us. You know,
We touch a lot of lives.
We're in people's ears.
You know, we have their trust and the idea that we can actually help people move forward
in their careers, help them grow in their knowledge, help their organizations stay safe.
It just means a lot to us.
Well, Peter and Dave, thank you for a wonderful 10 years of the Cyberwire.
I think as someone who has been a listener well before I worked with you, I'm going to be the voice
of the listener in this case.
Genuinely, thank you.
And congratulations.
genuinely on a wonderful 10 years. Onward and upward. Here's to the next 10. Here's to the next 10.
So Peter Kilpe, CEO of N2K, Dave Bittner, the host, the voice of the CyberWire Daily.
Gentlemen, it's been an absolute joy. Thank you for speaking with me today.
A pleasure, Maria. Thank you. Thank you.
Thank you.
Kevin McGee is the global director of cybersecurity startups at Microsoft, but during one week a year
at the RSA conference, he is my intern.
Kevin, welcome back to the show.
Thanks for having me, Dave, and thanks for accepting my application again this year.
Well, you did such a great job last year, and by great job, I mean you did nothing to embarrass either yourself or me that we decided to let you back this year and see how it goes.
Now, what were some of the highlights of your RSAC conference last year as my intern?
Well, certainly, Mr. Bittner, if I can call you.
Oh, you, Mr. Bittner.
Ironing your hoodies was a major part of the week, of course.
I have to look good, sure.
Making sure you were well caffeinated with your appropriate beverages and whatnot.
But also just sort of getting to cover all of the unique stories,
the behind-the-scenes parts of RSA that only the interns are allowed to access
because we don't have all access passes.
That is true.
We have not been able to spring for an all-access pass for you.
So you actually do end up spending a lot of time out on the sidewalk in front of the building.
But good conversations out there.
I think one of the great things about RSA is there's so many different types of people,
practitioners, vendors, startups, just a wide range of people to talk to you.
And to be able to cover some of the stories that maybe don't get the coverage of the mainstream media
or aren't getting the big press releases is kind of fun
to have those conversations on the floor and see what's happening.
And everyone responds pretty well to the Kevin the intern approach
to interview it as well, too.
Well, as a global director of cybersecurity startups at Microsoft,
I mean, you certainly have your eye out for those folks
who may not have grabbed the mainstream attention yet.
Is that part of your mission at the show to skulk around the corners of the show floor?
finding that next startup who's going to really take their place?
Absolutely. I kind of think we're at the end of a cycle.
So we've secured the cloud now.
The Wiz acquisitions probably that high watermark for that phase.
I remember moving to a new phase where all these AI companies that have come up with something new and exciting,
there's going to be a rush of security companies to come and secure this new era of the AI era.
So I'm going to be on the lookout for what's new, what is exciting, what's coming,
and probably securing technologies that didn't exist three months ago or I'd never heard of.
That's the great thing about having these conversations is a chance to really sometimes see into the future
when you're speaking to some of the folks that are actually there inventing it.
Any advice for first-timers to the conference?
Good shoes is number one.
Stay hydrated.
Get your calendar ready and it will always take you longer to get to where you're going
than you can possibly imagine at RSA.
My other big goal is to try one of those self-driving taxi cars.
Oh, yes.
That'll be my...
The Waymos? Is that what they are?
One of those.
That'll be my...
I've always wanted to try one of those.
So maybe if I get time off from my internship, I'll give one of those a try as well.
What better place to drive an unmanned vehicle than a place with extraordinarily difficult traffic and ungodly steep hills, right?
Absolutely, yes.
You're going to end up at the bottom of the bank.
or out on Alcatraz Island.
Well, no matter what, Kevin,
as long as you don't mess up my lunch order,
that's my only request.
I only speak when spoken to
don't make direct eye contact with Mr. Bittner.
I remember the rules from last year.
Very good, very good.
Well, Kevin McGee is Global Director
of Cybersecurity Startups at Microsoft,
but during the week of RSC,
he is my intern.
Kevin, I'll look forward to seeing you there.
Thanks, Dave.
Ever wished you could rebuild your network from scratch to make it more secure, scalable, and simple?
Meet Meter, the company reimagining enterprise networking from the ground up.
Meter builds full-stack, zero-trust networks, including hardware, firmware, and software,
all designed to work seamlessly together.
The result?
Fast, reliable, and secure connectivity without the constant patching, vendor-juggling, or hidden costs.
From wired and wireless to routing, switching firewalls, DNS security, and VPN,
every layer is integrated and continuously protected in one unified platform.
And since it's delivered as one predictable monthly service,
you skip the heavy capital costs and endless upgrade cycles.
Meter even buys back your old infrastructure to make switching effortless.
Transform complexity into simplicity and give your team time to focus on what really matters.
helping your business and customers thrive.
Learn more and book your demo at meter.com slash cyberwire.
That's M-E-T-E-R dot com slash cyberwire.
When cyber threats strike, minutes matter.
Booz Allen brings the same battle-tested expertise
trusted to protect national security
to defend today's leading global organizations.
They safeguard their data,
strengthen enterprise resilience,
and mobilize in minutes,
cross-energy, health care, financial services, and manufacturing.
Their teams don't just respond.
They anticipate, outthink, and stay ahead of evolving threats.
This is powerful protection for commercial leaders only from Booz Allen.
See how your organization can prepare today at boozalan.com slash commercial.
A cyber attack on Intoxaloc has left thousands of court-mandated drivers unable to start their cars,
turning a safety device into an unexpected immobilizer.
The company says attackers flooded its servers,
disrupting systems that support breathalyzer-equipped ignition interlocked devices
across Maine and 45 other states.
These devices require drivers to pass a breath test before starting their vehicles.
Since the outage began, some users have remained locked out entirely,
with installations, calibrations, and account access also affected.
Intoxalox says data remains secure and services are being restored with temporary extensions offered to customers.
A single point of failure can sideline critical compliance systems at scale.
It also shows how cyber incidents can ripple into everyday life, sometimes with inconvenient consequences.
And that's the Cyberwire.
For links to all of today's stories, check out our daily briefing at thecyberwire.com.
sure to check us out at RASAC 2026. Next week, I will be attending the Innovation Sandbox on Monday,
along with the Cyber Tacos panel with fellow N2K Cyberwire hosts David Moulton from Palo Alto
Networks and Caleb Tolan from Rubrik. And on Tuesday, I'll be at Palo Alto Network's Unit 42,
drown out the noise reception. Hope to see you there. Be sure to check out this weekend's
research Saturday and my conversation with Yuval
Avrahami from WIS, we're sharing their work, Code Breach,
infiltrating the AWS console supply chain and hijacking AWS GitHub repositories via code build.
That's Research Saturday. Check it out.
We'd love to know what you think of this podcast.
Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity.
If you like our show, please share a rating and review in your favorite podcast app.
Please also fill out the survey in the show notes or send an email to Cyberwire at N2K.com.
N2K's lead producer is Liz Stokes.
We're mixed by Trey Hester with original music and sound design by Elliot Peltzman.
Our contributing host is Maria Vermazas.
Our executive producer is Jennifer Ibn, Peter Kilpy as our publisher, and I'm Dave Bittner.
Thanks for listening.
We'll see you back here next week.
If you only attend one cybersecurity conference this year,
at RASAC 2026. It's happening March 23rd through the 26th in San Francisco,
bringing together the global security community for four days of expert insights,
hands-on learning, and real innovation. I'll say this plainly, I never miss this conference.
The ideas and conversations stay with me all year. Join thousands of practitioners and leaders
tackling today's toughest challenges and shaping what comes next. Register today at RSAconference.
I'll see you in San Francisco.
When it comes to mobile application security, good enough is a risk.
A recent survey shows that 72% of organizations reported at least one mobile application security incident last year,
and 92% of responders reported threat levels have increased in the past two years.
Guard Square delivers the highest level of security for your mobile apps without compromising performance,
time to market or user experience.
Discover how Guard Square provides industry-leading security for your Android and iOS apps
at www.gardesquare.com.