CyberWire Daily - One copy too many.
Episode Date: April 30, 2026A critical Linux flaw dubbed “Copy Fail” raises alarm. The House moves to extend Section 702. The White House pushes back on expanded Mythos access. cPanel and SonicWall rush out security patches.... Researchers warn AI agents may leak credentials. Smishing targets key industries. Ukrainian police arrest suspects in a massive Roblox account theft scheme. Our guest is Jamie Moles, technical manager at ExtraHop, discussing how the pace of vibe coding is creating major AI blind spots. Honeypot hijinks get halted by curious clicks. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Jamie Moles, technical manager at ExtraHop, discussing how the pace of vibe coding is creating major AI blind spots. Selected Reading Copy Fail (Copy.Fail) House extends a controversial spy tool, but Senate path is unclear ahead of deadline (NPR) White House Opposes Anthropic’s Plan to Expand Access to Mythos Model (WSJ) Critical Authentication Vulnerability in cPanel and WHM (Beyond Machines) Security Advisory: Firmware Update Required — Gen 6, Gen 7, and Gen 8 Firewalls (Sonic Wall) Phishing the agent: Why AI guardrails aren’t enough (Okta) Phoenix Rising: Exposing the PhaaS Kit Behind Global Mass Phishing Campaigns (Group-IB Blog) Ukrainian police detain hackers suspected of stealing thousands of Roblox accounts for resale (The Record) I accidentally made law enforcement shut down their stresser honeypot (lina's blog) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyberwire Network, powered by N2K.
Today's sponsor, Rapid 7, has an irresistible invitation for you Sissos and security practitioners out there.
A free two-day virtual summit, the subject, preemptive security.
Join the Global Cybersecurity Summit on May 12th and 13th from wherever you like.
A-list speakers will show you how organizations are disrupting attacks before they can blow towards.
your day. You'll see how
exposure management, MDR,
and AI together let you
make the decisive move.
Registration is open at
rapid7.brighttalk.com.
A critical
Linux flaw dubbed copy fail
raises alarm. The House
moves to extend Section 702.
The White House pushes back on
expanded mythos access.
Sea panel and sonic wall rush
out security patches. Researchers
warn AI agents may leak
credentials. Smishing targets key industries. Ukrainian police arrest suspects in a massive
Roblox account theft scheme. Our guest is Jamie Moles, technical manager at ExtraHop, discussing how
the pace of vibe coding is creating major AI blind spots. And honeypot hijinks get halted by curious
clicks. It's Thursday, April 30th, 2026. I'm Dave Bittner, and this is your Cyberwire Daily
briefing. Thanks for joining us here today.
It's great as always to have you with us.
Copy fail is a newly disclosed security flaw in the Linux operating system
that can let an ordinary user gain full administrator or route control on many systems released since 2017.
According to the project site, the issue stems from a logic error in a built-in cryptography feature
that's enabled by default on most major Linux distributions.
The exploit requires only a normal local account.
count and does not need network access or special debugging tools, which makes it especially
concerning on shared systems. Researchers demonstrated that the same small script worked across
multiple distributions without modification. The risk is highest for shared servers, cloud platforms
that run customer code, container clusters, and automated build systems, where one user could
potentially take control of the underlying host. Patching affected systems or disabling the related
component is recommended until updates are applied. The U.S. House of Representatives voted 235 to 191
to extend Section 702 of the Foreign Intelligence Surveillance Act for three years, sending the measure
to the Senate ahead of a looming deadline. The program allows U.S. intelligence agencies to collect
communications of foreign nationals abroad, though Americans' messages can also be incidentally captured.
Privacy-focused lawmakers sought a warrant requirement before officials could search Americans' data
but failed to secure it. Instead, the bill adds narrower safeguards, including attorney approval
for certain searches, written justifications for queries, and possible criminal penalties for misuse.
Speaker Mike Johnson also attached a provision banning a future central bank digital currency, which Senate leaders may remove.
The Senate could revise the bill or pass a temporary extension instead.
The White House is opposing Anthropics proposal to expand access to its advanced AI model, Mythos,
to about 70 additional organizations, citing national security and operational concerns.
Officials worry the model's ability to identify and exploit software vulnerabilities
could enable cyber attacks or large-scale online disruptions.
Some also questioned whether Anthropic has sufficient computing capacity
to support broader access without affecting government use.
Mythos is already available to roughly 50 critical infrastructure organizations
and select government agencies with no public release planned.
tensions between Anthropic and the administration remain unresolved following disputes over military use of its technology and political concerns about the company's affiliations.
Security experts warn that powerful models from Anthropic, OpenAI, and Google are rapidly improving at finding software bugs,
which could both strengthen defensive research and increase offensive risks.
Officials say they're trying to balance innovation.
with safeguards as deployment decisions continue.
C-PANL released emergency security updates
to address a critical authentication bypass vulnerability
affecting all supported versions of C-Panel and Web Host Manager.
The flaw allows unauthenticated attackers
to access administrative control panels
without valid credentials,
potentially enabling full system compromise,
including control over files,
databases and email accounts.
The issue poses significant risk to shared hosting environments where attackers could install
malware or move deeper into server infrastructure.
Administrators are urged to apply the patch immediately and verify the installed version.
Until updates are confirmed, blocking external access to particular ports is recommended.
Several hosting providers temporarily restricted ports while deploying fixes across their system.
Sonic Wall has disclosed three vulnerabilities affecting Gen 6, Gen 7, and Gen 8 firewall platforms,
including one high severity and two medium severity issues,
and urges administrators to apply firmware updates immediately.
Patches are available on multiple versions.
Systems with auto-update enabled will receive fixes automatically.
If patching is delayed, administrators should disable web management
and SSLVPN access and restrict management to SSH temporarily.
Research from Octa Threat Intelligence shows AI agents can expose sensitive credentials unexpectedly,
raising concerns about how safely they handle privileged access.
In one test, an agent using an uncensored language model
entered its entire credential store into a simple website form without being asked.
Other experiments showed agents retrieving Wi-Fi passwords, O-O-Oth tokens, and API keys,
sometimes recognizing the risk only after disclosure.
Researchers also demonstrated that attackers controlling communication channels such as Telegram
could manipulate agents to infiltrate secrets through indirect methods like screenshots.
While some models resisted malicious prompts, safeguards proved inconsistent and occasionally by-pocket.
passable. The findings highlight that agent capability increases alongside risk as permissions expand.
ACTA concludes organizations should limit agent privileges, avoid long-lived credentials,
centralized secret storage, and apply identity-style governance controls,
since agents cannot leak access they were never granted.
Group IB's high-tech crime trends report for 2026 identifies
financial services, logistics, and telecommunications among the top fishing targets in 2025,
with SMS fishing continuing to expand rapidly. Researchers observed a surge in two major smishing
themes since January of 2025, reward points scams impersonating banks and telecom providers,
and failed parcel delivery scams targeting shipping customers. Despite different lures, both campaigns
share infrastructure linked to the Phoenix System Fishing Kit ecosystem.
Group IB identified more than 2,500 related fishing domains, targeting over 70 organizations worldwide.
Attackers used fishing-as-a-service platforms with templates, dashboards, and traffic filtering
to scale operations across regions.
Messages were sometimes delivered through suspected fake-based transceiver stations to bypass carrier
protections. The findings highlight how coordinated infrastructure and telegram distributed fishing
kits are enabling large-scale globally targeted smishing campaigns.
Ukrainian law enforcement has detained a group of suspected hackers accused of stealing more than
610,000 Roblox user accounts and reselling them for cryptocurrency through Russian online forums.
Authorities say the victims included players whose accounts contained valuable digital items, rare inventory, and virtual currency purchased with real money.
Investigators allege a 19-year-old organizer recruited accomplices through gaming forums and developed malware disguised as tools offering gameplay advantages or free bonuses.
The malware harvested login credentials, enabling access to large numbers of accounts that were later sourced.
and sold based on resale value.
Police conducted multiple searches in Western Ukraine
and seized devices and cash linked to the operation.
Officials estimate the scheme generated about $227,000.
Suspects face up to 15 years in prison if convicted.
Coming up after the break, my conversation with Jamie Moles from ExtraHop.
We're discussing how the pace of vibe coding is creating major
AI blind spots. And Honeypot Hygings get halted by curious clicks. Stick around.
Most environments trust far more than they should, and attackers know it. Threat Locker solves that
by enforcing default deny at the point of execution. With Threat Locker Allow listing, you stop
unknown executables cold. With ring fencing, you control how trusted applications behave. And
with Threat Locker DAC, defense against configurations, you get re-referencing. You get
assurance that your environment is free of misconfigurations and clear visibility into
whether you meet compliance standards. Threat Locker is the simplest way to enforce zero-trust
principles without the operational pain. It's powerful protection that gives CSO's real visibility,
real control, and real peace of mind. Threat Locker make zero-trust attainable, even for small security
teams. See why thousands of organizations choose Threat Locker to minimize alert fatigue,
stop ransomware at the source and regain control over their environments.
Schedule your demo at Threatlocker.com slash N2K today.
When it comes to mobile application security, good enough is a risk.
A recent survey shows that 72% of organizations reported at least one mobile application security incident last year,
and 92% of responders reported threat levels have increased in the past.
two years. Guard Square delivers the highest level of security for your mobile apps without compromising
performance, time to market, or user experience. Discover how Guard Square provides industry-leading
security for your Android and iOS apps at www.gardsquare.com. Jamie Moles is technical manager at ExtraHop.
I caught up with him to discuss how the pace of vibe coding is creating major AI blindspot.
Vibe coding is a relatively new concept, and it's something that I find quite interesting.
The idea of vibe coding, really, is that it gives non-coders the ability to develop code,
simply by talking to an AI bot, basically, either speaking out loud or typing into a chat window
and saying, this is what I want.
This is what I want to create.
My dream app for the iPhone is this.
Can you help me develop it sort of thing?
Which is actually when you think about it, incredible.
It means that an individual who is not an expert at developing in Swift or Python or Visual Studio or whatever
can take their idea and prototype it, rationalize it if you like, develop it,
get to a minimally viable product, you know, perhaps share that with other people
see if it works without ever having to actually be proper coder, which I think is an amazing,
amazing thing to have come out of the world of AI, LLMs, generative AI, whatever you want
to call it.
I think a few years ago when ChatGBTGPT first popped up on the scene, I don't think anybody
probably foresaw vibe code.
which you might call the democratization of coding.
You know, it's bringing the ability to write programs to ordinary citizens,
which I think is an incredible thing, but has some issues, has some risks.
Do you roll it into the use that experienced coders are using this as well
to take some of the burden off, to speed up what they're up to?
Yeah, I mean, so if you look at, let's say professional coders, enterprise software developers, etc.
The great thing about vibe coding for them is it's not going to stop them writing their own code.
Okay.
But what it will and does allow them to do is prototype things very, very quickly without having to necessarily go through that initial effort of writing a
bit of code yourself, putting in your basic functions, linking in your libraries, whatever.
If I can talk to a cursor or Orchid or even Claude and say, I need to put together a
quick prototype for this capability or this feature or this act, this is what I want it to look
like, this is what I want, this is the data I wanted to access, this is how I wanted to process
that data, and this is how I wanted to present it when it's finished. That can enable you to
test ideas very, very quickly.
So I've got this idea.
I think it might be a useful feature in our product.
I don't have the time as an individual to spin it up.
But if I can get my AI to spin it up very, very quickly,
and I can take a quick look at it and test it out.
I can evaluate that rapidly and decide, actually, does this have legs or not?
And that's a very, very useful capability for what I'm going to call professional enterprise software
developers. So in your estimation, what are the potential perils here? I don't think the perils are so
much associated with the professionals developing code. I think this issue with it more than anything
is the crossover between, let's say, the script kiddie unprofessional coding side of things,
and that potentially transitioning into something that gets distributed and used by a lot of people.
If I decided as an individual that I wanted to write an app for my iPhone,
I'm very much tied to my calendar in terms of knowing what to do day to day.
And every morning when I wake up, I look at my calendar,
I see what meetings I've got scheduled,
and I set alarms in my iPhone to alarm me five minutes before I need to do something
because I'm not great at remembering things.
I get distracted easily, et cetera.
And this works really well for me.
So the app idea I have is, well, shouldn't I just be able to write an app to go and read my calendar and set those alarms for me so I don't have to do it every morning?
Now, that for me is an individual use case.
That would be very, very useful for me.
But as a member of the ADHD community, I can also see how other people might make use of that.
Now, if I put that together in a tool like cursor or something like that and it worked for me, worked fine,
what I want. It met my goal. But then I told other people and they started saying, well, we want to
use it. And I started distributing it. I've started distributing an app and some code that I
cannot know the provenance of. I don't know whether there are any bugs in there, any potential
security issues without actually doing code review myself, which, if, for example, on the iPhone,
you typically develop in Swift, I don't know that environment, so I'm not qualified to do code review
on that. So the risk, one of the significant risks for me is the potential for an individual who's
not a professional coder to produce something that actually turns out to be really good and really
useful, and other people want it, and it gets distributed worldwide. And we know that this is actually
the way that a lot of people nowadays make big money and are able to. You know, are able to,
to leave their jobs.
They produce something on social media
that takes off.
Well, they produce a little app
which takes off,
and they do really well.
The risk here is producing something
that you're not able
to rub a stamp
and say yourself,
I know that this is high quality,
I know that there are no bugs,
there are no issues.
And I mean,
Joe Tidy on the BBC
showed off an issue with Orchid.
When he had an expert come in,
and used that to, they basically did a demonstration where he produced a bit of code.
And the security researcher who was working with was able to get into his orchid project
and drop in a malicious line.
And the malicious line, all it did was popped up a notepad on the screen,
give saying a message.
But that could easily be turned into something like a Cobalt Strike Beacon that speaks to a C2 server
and gives anybody using that app or my app access,
or gives their systems access to a threat actor.
And you wouldn't know because you're not a coder able to review your own code.
Why is velocity a factor here?
The fact that people are able to do things so much faster than they could before?
You've heard of the old saying, probably.
If you want something done, choose, quick, easy,
and cheap. You can't have all three, you can only have two. Quick, easy, cheap. The issue with
velocity quick is that it gets you results very, very fast. And in this case, it's doing it easy.
And funny enough, in this case, it's probably doing it quite cheap as well. So you are potentially
getting all three. But there's a hidden risk behind it. If I can develop things really, really fast,
prototype things really, really fast,
move through the development cycle
from test to production
without the oversight,
then that's a problem.
Now, you could counter that and say,
well, hang on a minute, Jamie,
we're able to produce this really, really fast,
way quicker than we ever could in the past,
so there's no excuse to not spend some time
on quality assurance and code review and things like that.
And that would be a perfectly,
legitimate response, but we all know that human beings don't always follow the correct path
and might just want to rush out the door with, hey, look, what I've done. And that's a potential
risk. So what are your recommendations then? What should people do to be on top of this?
I think there are potentially two different areas to look at here. So in professional software
development. These are brilliant tools and absolutely are worth investing time in. They can shorten
development cycles. They can enable testing of new ideas to happen very, very quickly. And I mean,
there's a saying, you know, in the development world, which is fail fast. You know, if you're going to
come up with an idea, you want to test it out, if it's going to fail, let it fail quickly. So you can say,
right, that's no good, and then move on to the next thing.
So you're not wasting time, effort, money, et cetera,
on developing something that's not going to work.
So in that sphere, I think it's very, very useful.
And of course, in the individual Joe blogs,
sitting at his computer on home,
trying to develop an app side of things,
it's brilliant and useful there as well.
I would like to see some sort of mechanism
or educational mechanism around that
to say, hey Joe, you've produced this really, really great thing.
Other people want to look at it and use it potentially.
Are you aware of the liability and risks associated with you distributing that to other people?
Perhaps you should give it some code review.
Now, interestingly enough, if we go back to my idea of the app that I would like to
produce for the iPhone, if I produced that and gave it to Apple to publish on their app store,
actually would have to go through a code review.
It would have to go through Apple's quality control processes before they would allow it on the store.
So there are certain paths you can take that would enable that kind of protection.
But with the opening up of the iPhone in Europe to other app stores, as required by the EU,
and we know from the experience looking at Android and the various different app stores they have on there
and various malware issues they've had there, that's not a good thing for,
protecting consumers from potentially malicious code.
Now, where there's potentially a crossover there is Joe Bloggs is not a coder,
but he works for a coding company.
And he starts doing this vibe coding, starts getting really interested in it,
has dreams of potentially becoming a developer,
and starts using these tools to do things at work in order to potentially move in that direction.
There is a area there, a grey area, where Joe could potentially develop stuff at work,
scripts that automate things and do things for him to make his job easier
and potentially get the attention of the people he wants within the development side of the business.
But if there's no code control, if he's not using the tools that the company has validated and
authorized and said, these are the good tools that you want to use for this, there's a potential
of him introducing risk to that organisation. And this is the old, old problem of shadow IT.
Now, that's been around for a long time. You know, dawn of the day is where IT can stop you
installing applications on your machine and stop you having your favourite wallpaper on your
background on your desktop and things like, we don't do that anymore. Generally,
the idea is that people are allowed to bring in the tools that they need to get their job done.
But the organisation should always have visibility.
You should always know what people are using.
And so I think there needs to be conversations had in that scenario where people are told,
if you're going to use vibe coding, if you're going to use AI tools within the organisation,
These are the ones that we as an organisation authorise and allow you to use in conjunction with our systems and our data.
If you're using it at home for your own things, crack on.
That's your business.
But if you're going to plug these tools into our information systems and our data for what you perceive as benefit to the company, then you have to play by our rules.
That's Jamie Moles, technical manager at ExtraHop.
And now a word from our sponsor, the Center for Cyber Health and Hazard Strategies, also known as CHS.
Looking for a graduate degree that will give you an edge on your professional career?
Earn a Master of Science in Law at University of Maryland Carey School of Law.
This part-time two-year online graduate degree program is designed for experienced professionals to understand.
understand laws and policies that impact your industry.
Learn from CHHS faculty who are experts in their field.
No GRE required.
Learn how you can master the law without a JD at law.u-maryland.edu.
Need a vehicle that isn't afraid to make a splash?
That's the Volkswagen Touse.
Capable and confident, the Volkswagen Touse is fit for everyday life.
nimble in traffic, agile and tight spots, and still spacious enough for weekend getaways.
While available 4-motion all-wheel drive gives confidence in rain and snow.
The capable taos, you deserve more confidence.
Visit vw.ca to learn more.
SUV-W, German-engineered for all.
And finally, while casually exploring Operation Power Off,
an international law enforcement effort targeting DDoS for Hire Services,
a researcher who goes by Lena stumbled onto what looked like a slightly undercooked
booter site called CyberZap.
It had dashboards, payment options, and just enough polish to seem real,
until its hosting details quietly pointed back to Dutch police infrastructure.
After registering with an email that politely announced they were just researching
the researcher clicked around, attempted a mock attack order,
and observed the site quietly collecting intent signals rather than launching anything.
Shortly afterward, CyberZap abruptly locked itself behind an authorization wall,
along with a related domain, suggesting someone on the other end noticed the attention.
A companion site, Net Crashers, remained online as a more obvious scare tactic.
The episode illustrates how authorities mix covert honeypots with overt warnings to deter would-be attackers,
though in this case the trap appeared to retreat the moment someone looked too closely.
And that's the Cyberwire. For links to all of today's stories, check out our daily briefing at thecyberwire.com.
We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity.
If you like our show, please share a rating and review in your favorite podcast app.
Please also fill out the survey in the show notes or send an email to Cyberwire at n2K.com.
N2K's lead producer is Liz Stokes.
We're mixed by Trey Hester with original music and sound design by Elliot Peltzman.
Our contributing host is Maria Vermazas.
Our executive producer is Jennifer Ibin.
Peter Kilpy is our publisher, and I'm Dave Bittner.
Thanks for listening.
We'll see you back here.
tomorrow.
The Madamy Holmes Bike for Brain Health
supporting Baycrest returns on May 31st
for its fifth anniversary with a new start
and finish at the Aga Khan Museum.
Join thousands of cyclists as we take over
the DVP and Gardner Expressway
in support of dementia research and brain health.
Riders of all abilities are welcome
and both regular bikes and e-bikes can
participate. Bring your friends, family,
or corporate team, and make an impact.
Register today at bikeforbrainhealth.ca.