CyberWire Daily - Patchapalooza packs a punch.
Episode Date: July 15, 2026Patch Tuesday. SonicWall urges immediate patching of actively exploited vulnerabilities. The White House launches an AI-backed vulnerability clearinghouse. The Air Force contends with widespread... cybersecurity quarantines. The UK and EU blame Russia for last year’s cyberattack on Poland’s power grid. Meta faces accusations of AI-assisted layoffs. NATO allies collaborate in space. The Pentagon offers paid cyber apprenticeships. Spanish police dismantle a cybercrime and money-laundering network. Our guest is Clark Frogley, Global Head of Fraud at Quantexa and former FBI agent, discussing the fraud-as-a-service economy and what banks are missing. Grok Build users data is cloudy with a chance of uploads. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Clark Frogley, Global Head of Fraud at Quantexa and former FBI agent, as he is discussing the fraud-as-a-service economy and what banks are missing. Selected Reading Microsoft Patches a Record 570 Security Flaws (Krebs on Security) Adobe Patches Critical ColdFusion Vulnerabilities (SecurityWeek) Vulnerabilities Patched by Fortinet, Ivanti, ServiceNow (SecurityWeek) ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Schneider, Rockwell (SecurityWeek) Critical Vulnerabilities Patched With Fresh Chrome 150, Firefox 152 Updates (SecurityWeek) SonicWall warns of SMA1000 flaws exploited in zero-day attacks, patch now (Bleeping Computer) White House announces ‘Gold Eagle’ AI clearinghouse for cyber vulnerabilities (Nextgov/FCW) Air Force network lockouts hit troops and civilians (Federal News Network) NATO Allies join forces to develop high-end space capabilities (NATO) EU and UK officially blame Russian spies for cyberattack on Poland's power grid (The Register) Meta used AI to target workers with medical conditions for layoffs, lawsuit claims (Reuters) Pentagon opens application window for paid cyber apprenticeships (DefenseScoop) Spanish Police take down €140 million cyber fraud ring, arrest four (Bleeping Computer) Musk promises purge after Grok Build caught sending entire repos to the cloud (The Register) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyberwire Network, powered by N2K.
It was a whopper of a patch Tuesday.
Sonic Wall urges immediate patching of actively exploited vulnerabilities.
The White House launches an AI-backed vulnerability clearinghouse.
The Air Force contends with widespread cybersecurity quarantines.
The UK and EU blame Russia for last year's cyber attack on Poland's power grid.
Meta faces accusations of AI-assisted layoffs.
NATO allies collaborate in space.
The Pentagon offers paid cyber apprenticeships.
Spanish police dismantle a cybercrime and money laundering network.
Our guest is Clark Frogley,
global head of fraud at Kwantexa and former FBI agent,
discussing the fraud-as-a-service economy and what banks are missing.
And Grok-Build users' data is cloudy with a chance of uploads.
It's Wednesday, July 15, 26.
I'm Dave Bittner and this is your Cyberwire Intel briefing.
Thanks for joining us. It is great as always to have you with us.
Yesterday was Patch Tuesday and it was a doozy.
Microsoft's July Patch Tuesday delivered fixes for more than 570 vulnerabilities
nearly triple the record-breaking total from the previous month.
The company attributed the surge to artificial intelligence,
accelerating vulnerability discovery, a trend Microsoft expects to continue.
Among the fixes were nearly 60 critical flaws and three zero-day vulnerabilities,
including two already exploited in the wild.
Researchers also highlighted a critical remote code execution flaw in Microsoft copilot.
Security experts warned that while AI is helping vendors identify and patch vulnerabilities
faster, it's also enabling attackers to develop exploits more quickly, challenging traditional
methods for assessing exploitability. Beyond Microsoft, Adobe released updates addressing 88 vulnerabilities
across 12 products, while Siemens, Schneider Electric, and Rockwell Automation issued critical
industrial control system patches. Google and Mozilla also updated Chrome and Firefox
to fix critical browser flaws.
Given the unusual large volume of updates, experts recommend backing up systems before
patching and monitoring for any stability issues after deployment.
Sonic Wall is urging customers to immediately patch two actively exploited SMA-1000
vulnerabilities after confirming zero-day attacks.
The flaws include a critical server-side request forgery vulnerability and a
code injection bug that could enable arbitrary command execution.
Affected SMA 1,000 appliances should be upgraded to the latest hot fixes, as no alternative
mitigations are available.
Sonic Wall has also published indicators of compromise, while SISA added both flaws to its
known exploited vulnerabilities catalog, requiring U.S. federal agencies to remediate by July 17th.
The White House has launched Gold Eagle.
An AI-backed vulnerability clearinghouse designed to improve coordination between government and industry on identifying, prioritizing, and remediating software vulnerabilities across critical infrastructure.
Created under a June executive order, the initiative brings together the White House, SISA, the Departments of Treasury and Defense, and private sector partners.
While Gold Eagle is already processing vulnerability reports, officials have not disclosed.
participating companies, how many findings have been handled, or which agency will oversee daily
operations. The administration also has not detailed how the program will interact with existing
federal vulnerability efforts. The initiative reflects a broader push to use AI to accelerate
vulnerability management as advanced cyber-focused AI models become more widely available,
and agencies face tighter deadlines for remediating high-risk security flaws.
The U.S. Air Force is working to restore access for personnel after widespread cybersecurity quarantines
locked many users out of their computers, in some cases for days.
The quarantines are triggered when devices misrequired software updates,
part of an effort to strengthen defenses against evolving cyber threats.
As patching frequency increases, employees are expected to install updates promptly
or risk their devices being isolated from the network.
Although quarantines are a long-standing security measure,
the current disruption appears unusually large,
with reports suggesting tens of thousands of devices may have been affected.
The Air Force has not confirmed the scope of the issue,
but says the enforcement is part of routine network security maintenance.
Affected users must often visit local IT support to restore access,
causing operational delays across the service.
service. NATO is making a major push into space, new multinational partnerships, new satellite initiatives,
and a growing focus on military resilience beyond Earth's atmosphere. Maria Vermazas joins us with
what these announcements could mean for the alliance and why space is becoming an increasingly
important domain for collective defense. Thank you, Dave. At the NATO Summit Defense Industry Forum
held in Ankara, Turkey last week,
eight NATO allies announced that they are launching a new multinational satellite constellation.
It is called Halo, or the Hybrid Alliance layered operations in space.
And the purpose of this new constellation is to strengthen secure and sovereign high-speed
communications, intelligence, and missile tracking for the participating nations.
And those eight founding nations of Halo are Denmark, Canada, Finland, Germany, Norway,
the Netherlands, Sweden, and Turkey.
with more countries expected to join.
The announcement of the Halo Project speaks to the urgency behind greater space sovereignty
for the participating countries, and by pooling their resources for a shared constellation,
the eight countries hope to gain greater in space responsiveness and more secure access to space assets at a lower cost.
As this initiative has just launched, NATO says work now begins on mapping out requirements
and planning the physical and software architecture of the constellation.
For the CyberWire Daily, I'm Maria Vermazes from T-Minus Space Cyber Briefing. Back to you, Dave.
Be sure to check out the T-minus Space Cyber Podcast wherever you get your favorite shows.
The UK and EU have formally attributed the December 2025 cyber attack on Poland's power grid to Russia's Federal Security Service, the FSB,
warning critical infrastructure operators to strengthen defenses against similar threats.
The attempted attack, which sought to disrupt communications between renewable energy systems and grid operators, was unsuccessful, but could have left hundreds of thousands without power.
A joint advisory from the UK's National Cybersecurity Center recommends disabling legacy SNMP version 1 and SNMP version 2 protocols, enabling SNVP version 3, and disabling Cisco Smart Install to reduce exposure.
The guidance highlights sectors at greatest risk, including energy, communications, health care, and government.
Alongside the advisory, the UK and EU announced new sanctions targeting Russian intelligence officials,
cybercriminals, and individuals linked to cyber operations supporting Russia's broader campaign against Europe.
26 current and former meta employees have filed a federal lawsuit,
alleging the company used AI-assisted tools that disproportionately targeted workers with disabilities,
those on medical leave, and caregivers during its recent layoffs.
The plaintiffs claim meta-relied on metrics such as productivity scores and AI usage
to rank employees for termination,
disadvantaging workers who had taken protected leave.
They're seeking a court order to temporarily halt the layoffs while pursuing their claims through arbitration.
META denies the allegations, stating that workforce decisions were made by people, not AI.
The lawsuit is believed to be the first major U.S. legal challenge alleging AI-driven discrimination in mass layoffs.
It also claims META failed to test its AI systems for bias, potentially violating California and New York City regulations.
The Pentagon has opened applications for its new Cyber Apprenticeship Programme,
a 12-month paid initiative aimed at recruiting aspiring cybersecurity professionals
without requiring college degrees or prior cyber experience.
Led by the Department of Defense's Office of the Chief Information Officer,
the program emphasizes aptitude, practical skills, and hands-on training over traditional credentials
as the department seeks to expand its civilian cyber workforce.
Apprentices will receive online instruction, lab exercises,
mentorship and industry-recognized certifications while preparing for roles such as cyber defense
analysts and incident responders. Open to U.S. citizens eligible for security clearances. The positions
offer an annual salary of just over $22,000. Applications closed July 17th, and participants
who do not complete the program may be required to repay training costs under certain circumstances.
Spanish police have dismantled a cybercrime and money laundering network
that allegedly generated $160 million through investment fraud and business email compromise scams.
Four suspects were arrested in Spain, Portugal, and Panama during a multinational operation supported by Europol and Interpol.
Investigators say the group used more than 800 bank accounts and dozens of money mules to launder stolen funds.
Authorities seized computers and smartphones froze 3 million euros in criminal proceeds for potential victim restitution and believe they've dismantled the organization by arresting its key operators.
Coming up after the break, my conversation with Clark Frogley, global head of fraud at Quantexa.
We're discussing the fraud-as-a-service economy.
And Grok Build Users data is cloudy with a chance.
of uploads. Stay with us. Clark Frogley is global head of fraud at Quantexa and a former FBI agent.
We got together to discuss the fraud as a service economy and what banks are missing.
I think as everybody knows, right, the number of fraud incidents are that are finding their way to
the media to, unfortunately, our own bank accounts and our own experiences has grown just
dramatically. So as we look across the landscape with regards to fraud, the amount of fraud that's
being driven by cyber-enabled events has just grown incredibly. The ability for us to look at
fraud and not consider the impact from a cyber perspective is really come to a point where we just
can't even think of them separately anymore. It is beyond what we may have anticipated.
a number of years ago when we were doing this in previous roles that I had. Cyber has always
been an issue, but I think the way that it's grown, the way that it's changed through synthetic
IDs, through AgenteGAI, through fraud as a service, through all the different aspects of
fraud today. It has just resulted in, I think, a phenomenal growth. And you'll see that in a lot of
the reports that come out, whether it's the FBI's IC3 reports or some of the other reports that
come out, really validate right, the growth in which fraud has really begun to impact financial
institutions and individuals' pocketbooks.
Well, in your estimation, what is it that's driving this huge growth that we've tracked?
I think clearly one of the big drivers is the growth in AI. It's not the only reason, but certainly
is a huge contributing factor. And I think is probably one of the biggest issues behind the rate
and the speed of growth.
And the reason that is,
is because today,
if you think about the different kinds of fraud,
whether they are business email compromise
or the use of synthetic ID
and resulting in all kinds of application,
fraud, mortgage fraud, credit card fraud,
other things that are a result of that.
All of those things now today,
for me to create a persona
and submit applications,
has gone from what used to take months to hours.
And so the ability now to commit fraud at scale
has just become a huge growth factor.
And I think that in addition to the fact that we see this desire
for financial institutions to go faster, right?
Faster payments.
And so with speed comes higher risk.
And so we are seeing a lot of attackers trying to take advantage of that,
really exploit the challenges the financial institutions always are faced with.
How do I service my customer?
How do I reduce the friction?
And how do I detect and reduce the fraud?
And that's become a real challenge for institutions today.
Where do you come down on cryptocurrency?
What part has that played in all of this?
I love the concept of cryptocurrency.
I love the ability to see alternative ways for individuals to interact and move the value around.
I think the challenge, as was probably known early on right, is how do you regulate it?
Initially, all of those that were really deep into crypto didn't want the regulation,
but I think we understand that without regulation, without controls, without oversight,
it becomes unfortunately exploited by those that are using it for nefarious purposes.
So almost every major organized fraud ring that is operating today, whether they're holding companies for ransom or they are involved in large networks that are using mule accounts to transfer money around, almost every one of those, are using cryptocurrency to either demand payment or to pay others.
And so unfortunately, that means that law enforcement regulators and others, if they don't get deeper into and begin to put more controls over the way that we use crypto, it unfortunately is going to continue to be a way for nefarious actors to be successful.
It's great that we can see into the blockchain and you can track it.
But unfortunately, with all of the tools that are available, knowing who's really behind that account.
is still very difficult.
You know, Clark, I have a friend who's a local commercial banker,
and I was chatting with him recently,
and he was telling me that just a huge amount of his time now
has taken up helping his clients with fraud, with scams,
with all those kinds of things.
He said things he never had to deal with just years ago
are just chewing up an incredible amount of time for him.
How is the industry meeting this challenge?
Yeah, that's the whole fraud scam or what we more accurately refer to as these authorized push payment scams are really, I think, distressing a number of institutions.
It's, you know, when you see people that have become victims, either through romance scams or investment scams and other things, losing their life savings, it's, it pulls at your heartstrings for sure.
and then businesses that are trying to provide reassurance and comfort and try to trace funds and
make people whole again. As you're right, it has become extremely difficult. I think what you're
seeing in a number of different ways, and it's slightly different around the world. In Europe,
you've actually seen regulatory pressure to make institutions more responsible, and they have to
actually then reimburse when there is a scam involved. If the institution didn't do everything,
could help the customer, I guess, question a transfer and really ensure that this wasn't a scam.
They actually know the recipient, then the bank becomes liable.
So there's a lot of effort going there.
In the U.S., that isn't the case.
We still don't have that liability issue.
But however, institutions still want to do the best thing for their customers.
And so they're putting tremendous effort into education.
They're using new tools and tech.
techniques to help customers better detect. But we're also using on the detection side,
the fraud teams, right? We are looking at everything from biometrics, how you use your keyboard,
how you move your mouse, how long you pause during your session, what's your typical spending
patterns. All of those behavioral biometrics become key in really understanding when
potentially there is a fraudulent transaction that's about to occur. So we're trying to
move away from host transaction and following and trying to track the money to recognizing the
patterns before the money moves and stop it before it actually happens. So a lot of effort,
probably one of the bigger areas that I think institutions are focused on right now.
For the folks in our audience who are defenders looking to keep their organizations safe,
what are your recommendations? What sort of things should be on their radar when it comes to
cyber crime and financial fraud?
Absolutely, education, enablement, communication across the organization, I think is one of the most
important things, right? We can't just ignore that this is happening out there and hope that it
doesn't happen to us. We do need to be very focused. We need to educate our customers.
We do need to put processes in place that allow better detection. And I think that what we're seeing
across the institution is that fraud, detection of fraud, understanding of fraud today,
while it is getting more complicated, it is moving faster. It still is fundamentally a data problem.
So I would encourage your listeners to really give some thought to their data. Do you have the
ability to use your data holistically? Can you see your customers holistically across all of the
products and accounts that you have with them?
that when something does happen, you're able to recognize that that actually is my customer,
or there's something nefarious, or someone is transacting in multiple locations at the same time.
Can you detect things like that? That's an ability through things like entity resolution,
through things like graph-based analytics that allows you to connect your data and see that I've got
you know, a hundred applications for credit or, you know, a thousand credit card applications that
have all been submitted from the same IP address. If you can't detect things like that,
you are more vulnerable to fraud than you need to be. There are ways for us to leverage technology,
to improve our data foundation, to really take advantage of some of the new AI-driven solutions
that are available out there in the market. So I would encourage a mix of enablement,
communication, and then enhance your technology. It is critical.
That's Clark Frogly, Global Head of Fraud at Quantexa.
And finally, an AI safety researcher has prompted a swift course correction after discovering
that Grok Build, SpaceXAI's command line coding tool, was quietly uploading entire code repositories,
complete with Git history to cloud storage,
even when asked to do virtually nothing more than reply OK.
That is one way to interpret working behind the scenes.
After the findings gained widespread attention,
SpaceX AI flipped a server-side setting that stopped the full repository uploads,
and Elon Musk pledge that all previously collected user data
would be completely and utterly deleted,
though that claim has not been in.
independently verified. While the company points users to a privacy command to manage data retention,
the researcher argues the real fix was the backend configuration change and says developers should
not have to opt out repeatedly. The episode underscores growing scrutiny of how AI coding tools
handle sensitive source code by default. Musk says the data will be deleted. As always,
users will have to decide for themselves how much weight to give that assurance.
And that's the Cyberwire.
For links to all of today's stories, check out our daily briefing at thecyberwire.com.
We'd love to know what you think of this podcast.
Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity.
If you like our show, please share a rating and review in your favorite podcast app.
Please also fill out the survey in the show notes or send an email to Cyberwire.
at N2K.com.
N2K's lead producer is Liz Stokes.
We're mixed by Trey Hester
with original music and sound design
by Elliot Peltzman.
Our contributing host is Maria Bermazas.
Our executive producer is Jennifer Ibin.
Peter Kilby is our publisher,
and I'm Dave Bittner.
Thanks for listening.
We'll see you back here tomorrow.
