CyberWire Daily - New command amid mounting cyber risks.
Episode Date: March 11, 2026Rudd takes the helm at NSA and Cyber Command. A watchdog probes alleged Social Security data mishandling. Patch Tuesday lands. Governments brace for cyber fallout from Iran. BeatBanker spreads via a f...ake Starlink app. InstallFix targets developers. ZombieZIP hides malware in archives. And DHS reassigns CBP officials in a FOIA secrecy dispute. Ben Yelin unpacks Anthropic’s lawsuit against the Pentagon. AI eyewear leads to awkward exposures. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest today is Ben Yelin from University of Maryland Center for Cyber Health and Hazard Strategies and Caveat cohost talking about Anthropic suing the Pentagon. You can read more on the topic here. Selected Reading Senate approves Joshua Rudd as dual-hat leader of Cyber Command, NSA (POLITICO) Whistleblower claims ex-DOGE member says he took Social Security data to new job (Washington Post) Microsoft Patches 83 Vulnerabilities (SecurityWeek) Adobe Patches 80 Vulnerabilities Across Eight Products (SecurityWeek) Fortinet, Ivanti, Intel Patch High-Severity Vulnerabilities (SecurityWeek) ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Schneider, Moxa, Mitsubishi Electric (SecurityWeek) Iran war will bring wave of 'low-level cyber activity,' says intelligence group (StateScoop) New BeatBanker Android malware poses as Starlink app to hijack devices (Bleeping Computer) Fake Claude Code install guides push infostealers in InstallFix attacks (Bleeping Computer) New 'Zombie ZIP' technique lets malware slip past security tools (Bleeping Computer) DHS Ousts CBP Privacy Officers Who Questioned ‘Illegal’ Orders (WIRED) Meta sued over AI smart glasses' privacy concerns, after workers reviewed nudity, sex, and other footage (TechCrunch) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyberwire Network, powered by N2K.
When cyber threats strike, minutes matter.
Booz Allen brings the same battle-tested expertise trusted to protect national security
to defend today's leading global organizations.
They safeguard their data, strengthen enterprise resilience,
and mobilize in minutes across energy, health care, financial services, and manufacturing.
Their teams don't just respond.
They anticipate, outthink, and think.
stay ahead of evolving threats.
This is powerful protection for commercial leaders only from Booz Allen.
See how your organization can prepare today at Boozalan.com slash commercial.
Rudd takes the helm at NSA and Cyber Command.
A watchdog probes alleged Social Security data mishandling.
Patch Tuesday lands.
Government's brace for cyber fallout from Iran.
Beat bankers spreads via FICS Starlink apps.
Install fix targets developers, zombie zip hides malware in archives.
DHS reassigns CBP officials in a FOIA secrecy dispute.
Ben Yellen unpacks Anthropics lawsuit against the Pentagon,
and AI Eyewear leads to awkward exposures.
It's Wednesday, March 11, 26.
I'm Dave Bittner, and this is your Cyberwire Intel Briefing.
Thanks for joining you.
is here today. It's great to have you with us. The Senate has confirmed General Joshua Rudd to lead
both the National Security Agency and U.S. Cyber Command, filling a critical national security role
vacant since April. Lawmakers approved Rudd in a 71 to 29 vote yesterday. He becomes the
first Senate-confirmed leader since President Donald Trump fired General Timothy Hogg last April.
Lieutenant General William Hartman has served as acting chief since then
and plans to retire after Rudd is sworn in.
Trump nominated Rudd in December.
Rudd previously served as deputy director of U.S. Indo-Pacific Command.
He has decades of military experience, though none in cybersecurity leadership roles.
The confirmation drew criticism from Senator Ron Wyden,
who cited concerns about Rudd's cyber experience and,
his understanding of National Security Agency surveillance authorities.
Rudd told lawmakers he will continue evaluating the long-debated dual-hat structure
and defended Section 702 of the Foreign Intelligence Surveillance Act, which expires in April.
The Social Security Administration's Inspector General is investigating a whistleblower complaint,
alleging a former U.S. Doge service engineer claimed access to highly sensitive
citizen databases and intended to share the data with a private employer.
According to the complaint, the former employee allegedly told colleagues he possessed copies
of two restricted social security databases, numidant and the master death file, which together
contain records on more than 500 million living and deceased Americans. The records include
social security numbers and other identifying information. The complaint alleges he
stored at least one data set on a thumb drive and sought help transferring it to a personal
computer to sanitize before use at a contractor. The allegations do not claim the data was successfully
transferred. The Inspector General has notified Congress and shared the disclosure with the
Government Accountability Office. The claims raise concerns about potential mishandling of
highly sensitive federal data. Agency officials and the former employee deny wrong.
wrongdoing, and investigations are ongoing.
Yesterday was patch Tuesday, and Microsoft has released security updates addressing 83 vulnerabilities
across its products. None of the flaws are currently known to be exploited in the wild,
though two vulnerabilities were publicly disclosed before patches were released. The update includes
one critical bug, a remote code execution issue in the devices pricing program that Microsoft
says has already been mitigated. Other notable issues include privilege escalation flaws in Windows
components and an Azure MCP server tools vulnerability that could allow attackers to capture a
managed identity token by submitting crafted input. Additional Azure flaws affect Linux virtual machines
and Azure IOT Explorer. Privilege escalation bugs are often used after attackers gain
initial access, making timely patching important, even in quieter update cycles.
Adobe has released security updates addressing 80 vulnerabilities across eight products,
including Adobe Commerce, Illustrator, Acrobat Reader, and Premier Pro.
The largest set of fixes targets 19 flaws in Adobe Commerce and Magento Open Source,
including several high-severity privilege escalation bugs and a security feature bypass.
Adobe urged users to apply these patches within 30 days
because the platforms are frequent targets for attackers.
Additional updates address vulnerabilities
that could lead to arbitrary code execution in Illustrator,
Acrobat Reader, Premier Pro, and other tools.
Adobe says none of the flaws are currently known to be exploited.
Fortinette, Evanti, and Intel have released security updates
addressing dozens of vulnerabilities across enterprise and firmware
products. Fortinette patch 22 flaws affecting products including forda web, Forda switch
AX fixed, Forda Manager, and Forda Client Linux. Several high severity issues could allow remote
attackers to bypass authentication limits or execute unauthorized commands, while a Forta client
Linux flaw could enable local privilege escalation to root. Evante fixed a high severity privilege
escalation bug in desktop and server management. Intel also disclosed nine vulnerabilities in the
UAFI firmware for certain reference platforms and issued updates affecting more than 45 processor models.
Major industrial technology vendors including Siemens, Schneider Electric, Mitsubishi Electric, and
Moxa have released Patch Tuesday advisories addressing newly discovered vulnerabilities in industrial control
system products. Schneider Electric disclosed six issues, including high severity flaws affecting
ecostructure platforms that could enable command execution, arbitrary code execution, or system
compromise. Siemens also published six advisories, including a critical stored cross-site
scripting vulnerability in somatic S7,500 devices. Mitsubishi Electric reported a remotely exploitable
denial of service flaw in several numerical control systems, Maksa issued four advisories,
largely tied to vulnerabilities in Intel components.
State and local government officials are being urged to prepare for potential cyber and physical
threats following U.S. and Israeli military strikes on Iran. During a briefing hosted by the
Center for Internet Security's Multistate Information Sharing and Analysis Center, officials warned
that governments could face increased low-level cyber activity, including DDoS attacks and website defacements.
Threat intelligence leaders said politically motivated hacktivist groups aligned with Iran or Russia
are forming coalitions that could expand targeting capabilities.
Officials also warned that damage to regional infrastructure, including cloud data centers and shipping routes,
could disrupt global technology supply chains and online services.
Researchers have identified a new Android malware strain called Beat Banker that spreads through fake websites impersonating the Google Play Store and posing as a Starlink app.
According to Kaspersky, the malware combines banking Trojan capabilities with cryptocurrency mining.
It can steal credentials, manipulate cryptocurrency transactions, and mine Manero on infected devices.
Recent variants also deploy the bit-mine.
remote access Trojan, giving attackers full control of the device, including key logging,
screen recording, camera access, and GPS tracking.
Beat Banker uses several evasion techniques, including delayed execution and a persistence method
that continuously plays a near-silent audio file to keep the malware running.
Researchers are warning about a new social engineering tactic called install fix
that tricks users into installing malware by posing as legitimate command-line tool installers.
According to push security, attackers create cloned installation pages for popular developer tools
and replace legitimate setup commands with malicious ones.
The technique targets users who copy and run curl-to-bash commands commonly used to install commandline interfaces.
One observed command cloned the installation page for anthropic.
Claude Code tool and promoted it through Google search ads.
The malicious commands delivered Amatera Steeler Malware,
designed to steal credentials, browser data, and cryptocurrency wallet information.
The attack exploits common developer workflows and trusted installation practices,
making malicious commands harder for users to detect.
Researchers have disclosed a new evasion technique called Zombie Zip
that can conceal malicious payloads inside compressed archives while bypassing many security scanners.
The method manipulates zip file headers so security tools treat compressed data as uncompressed.
According to Bombadil Systems researcher Chris Aziz, many antivirus engines trust the zip headers compression method field
and scan the archive incorrectly, seeing only compressed noise rather than the actual payload.
Standard extraction tools such as WynRRR and 7ZIP typically fail to unpack the files,
showing errors or corrupted data.
A custom loader that ignores the header, however, can correctly decompress the hidden payload.
CERT Coordination Center has issued a warning and assigned the issue a CVE.
The Department of Homeland Security reassigned several career customs and border protection officials
after they objected to orders to restrict the release of surveillance records under the Freedom of Information Act.
According to reporting, reviewed by Wired, DHS directed staff to label privacy threshold analyses,
compliance forms describing how government technologies collect personal data as drafts and legally privileged documents.
Sources say the move followed the public release of a redacted assessment describing Mobile Fortify,
a facial recognition application used by CBP.
The reassigned officials include the agency's top privacy officer, a privacy branch chief, and the director of the FOIA office.
Critics argue the policy could allow the departments to withhold records detailing surveillance tools and privacy impacts.
Restricting access to these documents could limit public oversight of government surveillance technologies.
coming up after the break, Ben Yellen unpacks Anthropics lawsuit against the Pentagon,
and AI Eyewear leads to awkward exposures. Stay with us.
AI is changing how enterprises operate and how they stay protected.
It's time to eliminate risk and protect innovation.
From March 23rd through the 26th, join Trend AI for actionable AI security insights.
Catch impactful sessions at RSAC,
Then unwind and grab a bite at their lounge in Trapasueño.
Experience industry-leading AI security in person,
engage with the experts,
and get your chance to win $500,000.
San Francisco lets AI fearlessly.
Learn more at trendmicro.com slash RSA.
If you're defending a network today,
there's a simple question worth asking.
What does the attackers see when they look at your organization?
Nordsteller helps us.
helps answer that. Nordsteller is a threat exposure management platform that gives security
teams visibility into external risks, including leaked credentials, active session tokens,
impersonation attempts, and exposed assets across the surface web and the dark web.
It's built to help organizations detect the consequences of breaches early before attackers turn
access into action, from monitoring for info-stealer malware logs to identifying cyber-squadding
and brand abuse, Nord Stellar helps teams focus on the threats that actually matter.
Executives get clear, actionable insights tied to business risk.
Security teams get real-time alerts and one of the largest deep and dark web intelligence
pools in the industry.
Cybercriminals may already be looking for your weak spots.
Don't make it easy for them.
Be the one that's prepared.
Defend your business with Nord Stellar.
Use the code CyberWire 10 to unlock your exclusive discount.
Go to Nordstellar.com slash Cyberwire Daily and learn more.
And joining me once again is Ben Yellen.
He is from the University of Maryland Center for Cyber Health and Hazard Strategies.
But more important than that, he is my co-host on the caveat podcast where we discuss privacy,
surveillance, law, and policy.
Ben, welcome back.
Good to be with you again, Dave.
So let's jump in here with the latest on this kerfuffle between Anthropic and the Pentagon.
Can you bring us up to date here, Ben?
Sure.
So just to catch everybody up, Anthropic had a deal with the Pentagon.
They were going to be involved in a bunch of different Department of War, I guess I should call it, activities.
But they tried to put up some guardrails saying that they weren't going to be fully compliant when it came to fully autonomous weapons systems and mass domestic surveillance.
And that disagreement came out into public view at the end of February.
and then the Pentagon
not only decided to terminate the contract with Anthropic,
but the administration issued this executive order
saying that because Anthropic now represents a risk to the supply chain,
any federal agency and any federal contractor
is prohibited from doing business with Anthropic.
And the particular contract with the Pentagon
was replaced with a contract with OpenAI,
so a different company.
Anthropic is filing a law.
lawsuit in federal court in the Northern District of California challenging this executive order.
I think they are mildly upset about the fact they lost this Pentagon contract, but they are far
more upset, and I think reasonably so with this designation of them as a supply chain risk.
They think that this designation is pretextual, that it is punishing them for their position
on AI ethics and the use of their AI tools.
for such serious things as autonomous weapons systems and mass surveillance.
So their lawsuit is on a couple of grounds, first,
that this is arbitrary and capricious under the Administrative Procedure Act.
The argument here is that this is an administrative action
that's so far a field of the administration's authority
and is arbitrary in a sense that it doesn't actually further any meaningful government interests
in a compelling way.
So that's one part of their argument.
The other part, which I think is more interesting for our purposes,
is that this is a violation of the First Amendment right to free speech and free association.
What they are alleging in the suit is that they're being punished for their speech.
And by speech, it's public pronouncements by the CEO about the risks of unregulated AI.
And it's their very public refusal to give the Pentagon carte blanche
when it comes to these particular issues.
the Constitution obviously protects First Amendment rights,
and the way the Supreme Court has interpreted that
is if the government is trying to take away constitutional rights
as it relates to the content of speech,
the government has to have a very good reason to do so,
and that's called strict scrutiny.
And under strict scrutiny, the government has to have a compelling interest,
and I think you could make an argument,
and the government will make the argument,
that national security is a compelling interest.
But the means of achieving that interest have to be,
narrowly tailored. And I think that's where the government is going to run into problems.
If the government actually thought that Anthropic represented some type of national security
threat, then I think it would have been appropriate for them to terminate the Pentagon contract,
but not to prohibit any other federal agency or contractor from coming up with an agreement
with Anthropic for the use of their AI tools for even banal occurrences.
Right.
Like summarizing data in the Department of Treasury for the Bureau of Labor Statistics.
We mentioned on caveat, you know, coming up with nutritional menus for kids in schools or something, you know, something having nothing to do with national security.
Right.
So it goes so far a field of what the government's purported interest is here, compelling interest for the purposes of strict scrutiny, that I think there's a very good chance that the federal court in the Northern District of California issues.
some type of preliminary injunction or temporary restraining order,
preventing the federal government from enforcing this administration's action on the supply chain risk issue.
And so suppose they rule in Anthropics favor, what does that mean?
And they still don't get the Pentagon contract, but they don't have this poison pill
for excluding them from the entire federal government.
Exactly.
So the remedy is a little bit complicated here, but I think
most likely scenario is, yes, they would not renew that Pentagon contract that had previously
been in place. I think the new contract with OpenAI, which was agreed to on the same day,
that Anthropic was put on this naughty list for supply chain purposes, that's going to stay in
place, but I think they would now be at least temporarily able to contract with federal
agencies and contractors for business purposes to sell the whatever clause.
service is most valuable to a particular federal agency or contractor.
There are questions about whether A, Anthropic would want to do that or given the chance of
this being some type of injunction of being reversed on appeal at a federal appeals court,
whether agencies or federal contractors are going to want to take that risk.
And I think there could be a chilling effect where even if there's a favorable court ruling
that removes this supply chain risk designation from Anthropic,
you get contractors and federal agencies saying,
like, yeah, let's see what happens first.
We don't want to be in a situation
where we've developed the system.
And then Anthropics, contracts with the federal government
are summarily terminated once again
because of an appeals court holding.
So certainly those are considerations.
But I do think, and this is me prognosticating,
is never, never safe if you look at my record of bets on Fanduel. You don't want to take my
predictions at face value necessarily, but I do think that Anthropic has a very good case here.
All right. Well, we will have a link to that story in the show notes. Ben Yellen is from the
University of Maryland Center for Cyber Health and Hazard Strategies and also my co-host on the caveat podcast.
Ben, thanks so much for joining us. Great to be with you, Dave.
No, it's not your imagination.
Risk and regulation really are ramping up.
And customers expect proof of security before they'll sign that deal.
That's where Vanta comes in.
Vanta automates your compliance process and brings compliance, risk, and customer trust together
on one AI-powered platform.
Whether you're preparing for SOC2 or managing an enterprise governance, risk, and compliance program,
Banta helps keep you secure and keeps your deals moving.
Companies like Ramp and writers spend 82% less time on audits with Vanta.
That's not just faster compliance, that's more time for growth.
Take it for me.
If you're thinking about compliance, take the time to check out Vanta.
Get started at vanta.com slash cyber.
One plus one equals more of the greatest stories.
Hulu on Disney Plus.
Stories about our survivors.
The most dangerous planet.
Family. Retribution. Murder.
Prophecy.
Beer and propane.
Why are we doing?
Blake Panther.
The ultimate soldier.
Chicago, all right.
The best of the best stories now with even more from Hulu.
Amazing.
Have it all with B on Disney Plus.
And finally, Meta's AI smart glasses
promised hands-free insight into the world around you.
Some users now suspect the world.
unfortunately, was looking back.
A new class action lawsuit alleges
Meta misled customers about privacy protections
after reporting found contractors
at a Kenya-based subcontractor
reviewing footage captured by the glasses.
According to the complaint,
that footage sometimes included extremely private moments,
including nudity and other intimate situations.
The plaintiffs argue Meta's marketing,
which described the glasses as
built for your privacy and controlled by you, did not make it clear that shared content could be
reviewed by human moderators. Meta says human review may occur when users choose to share media
with meta AI, which the company says helps improve the service. The case underscores a growing
reality of AI products. Sometimes smart devices still rely on very human eyes. And that's the
For links to all of today's stories, check out our daily briefing at thecyberwire.com.
We'd love to know what you think of this podcast.
Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity.
If you like our show, please share a rating and review in your favorite podcast app.
Please also fill out the survey in the show notes or send an email to Cyberwire at n2K.com.
N2K's lead producers, Liz Stokes.
We're mixed by Trey Hester with original music and sound design by Elliot Peltzman.
Our contributing host is Maria Vermazas.
Our executive producer is Jennifer Iben.
Peter Kilpe is our publisher, and I'm Dave Bittner.
Thanks for listening.
We'll see you back here tomorrow.
If you only attend one cybersecurity conference this year, make it R-SAC 2026.
It's happening March 23rd through the 26th in San Francisco,
bringing together the global security.
community for four days of expert insights, hands-on learning, and real innovation. I'll say this
plainly, I never miss this conference. The ideas and conversations stay with me all year. Join thousands
of practitioners and leaders tackling today's toughest challenges and shaping what comes next.
Register today at rsacconference.com slash cyberwire 26. I'll see you in San Francisco.