CyberWire Daily - Security without a login screen.
Episode Date: May 4, 2026Progress Software urges customers to patch a critical MOVEit authentication bypass. Washington worries about limited access to advanced AI tools. Paid influencers promote pro-American AI. CISA warns C...opy Fail is under active exploitation. The Canvas educational platform suffers a data breach. The Lazarus Group uses ClickFix to target high-value enterprise users. U.S. and Chinese authorities raid scam centers in Dubai. Monday Business Brief. On Afternoon Cyber Tea with Ann Johnson: Tony Sager, Senior VP & Chief Evangelist, Center for Internet Security, joins Ann to discuss the accelerating pace of technology, AI, and global software dependencies. May the Fourth be with your firewall. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Afternoon Cyber Tea On this segment of Afternoon Cyber Tea with Ann Johnson: Tony Sager, Senior VP & Chief Evangelist, Center for Internet Security, joins Ann to discuss how the accelerating pace of technology, AI, and global software dependencies are reshaping the cybersecurity landscape. To hear the full conversation, check out the episode and subscribe where you get your favorite podcasts to listen to past episodes. The show is going on hiatus. Stay tuned for the next chapter soon. Selected Reading Progress warns of critical MOVEit Automation auth bypass flaw (Bleeping Computer) What Was Discussed at Google’s White House Meeting About A.I. (The New York Times) US Military Reaches Deals With 7 Tech Companies to Use Their AI on Classified Systems (SecurityWeek) A Dark-Money Campaign Is Paying Influencers to Frame Chinese AI as a Threat (WIRED) CISA says ‘Copy Fail’ flaw now exploited to root Linux systems (Bleeping Computer) Edtech Firm Instructure Discloses Data Breach Amid Hacker Leak Threats (SecurityWeek) Lazarus Targets macOS Users With New “Mach-O Man” Malware Kit (GB Hackers) US, China partner on scam center takedown in Dubai (The Record) Cloudsmith raises $72 million in Series C funding. (N2K Pro Business Briefing) Microsoft for Startups (N2K Networks) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyberwire Network, powered by N2K.
No, it's not your imagination.
Risk and regulation are ramping up,
and customers expect proof of security just to do business.
That's where Vanta comes in.
Vanta automates your compliance process
and brings compliance, risk, and customer trust together
on one AI-powered platform.
Whether you're preparing for a SOC 2
or managing an enterprise GRC program, Vanta helps keep you secure and your deals moving.
Companies like Ramp and Writer reports spending 82% less time on audits.
That's not just faster compliance, that's more time to focus on growth.
When I look around the industry, I see over 10,000 companies from startups to big enterprises
trusting Vanta.
Get started at vanta.com slash cyber.
Progress Software urges customers to patch a critical move-it authentication bypass.
Washington worries about limited access to advanced AI tools.
Paid influencers promote pro-American AI.
CISO warns copy fail is under active exploitation.
The Canvas educational platform suffers a data breach.
The Lazarus Group uses Click Fix to target high-value enterprise users.
US and Chinese authorities raid scam centers in Dubai.
We got our Monday business brief.
On afternoon, Cyber Tea with Ann Johnson, Tony Sager, senior VP and chief evangelist at the Center for Internet Security,
joins Anne to discuss the accelerating pace of technology, AI, and global software dependencies.
And may the fourth be with your firewall.
It's Monday, May 4th, 26.
I'm Dave Bittner, and this is your Cyberwire Intel briefing.
Thanks for joining us here today.
It's great as always to have you with us.
May the fourth be with you. Progress Software is urging customers to patch a critical authentication
bypass in its Move It Automation Managed File Transfer platform, citing immediate risk. The flaw
affects multiple recent versions and allows remote attackers to gain access without credentials
or user interaction. Progress says upgrading to patched releases is the only fix and requires
system downtime.
A second issue enables privilege escalation.
Researchers report over 1,400 exposed instances online, including systems tied to U.S.
government agencies.
It's unclear how many remain unpatched.
Managed file transfer systems centralized sensitive data flows, their high-value targets
for ransomware groups, past move-it vulnerabilities were widely exploited, which raises
concerns about potential follow-on attacks if patching is delayed.
Alphabet CEO Sundar Pichai met with White House officials to discuss cybersecurity, but talks focused
on a growing concern, limited access to advanced artificial intelligence tools.
According to the New York Times, officials are worried about compute or processing power
tied to Claude Mythos preview from Anthropic. The model can reportedly identify and exploit software
vulnerabilities faster than human teams, but access is tightly restricted. Limited capacity could force
prioritization during crises. The government is now exploring alternatives from Google and
OpenAI while facing certification hurdles for secure deployment. Cybersecurity defenses may increasingly
depend on AI systems that require scarce computing resources. Limited access could delay response
times during active threats, highlighting a new operational risk tied not to software flaws,
but to infrastructure constraints. Meanwhile, the Pentagon has signed agreements with major tech
firms to deploy AI across classified military systems aiming to strengthen battlefield decision-making.
The deals include Google, Microsoft, Amazon Web Services, Nvidia, OpenAI, Reflection, and SpaceX.
The Defense Department says these tools will support operational planning and logistics.
Anthropic is notably excluded following a dispute over military use policies.
Officials emphasized diversification after concerns about relying on a single provider,
while some agreements require human oversight in autonomous functions.
AI is rapidly becoming embedded in military operations from targeting to logistics.
Expanding vendor access may improve resilience,
but unresolved concerns about oversight, bias, and civilian harm
highlights risks of over-reliance on automated systems.
A network of influencers is promoting pro-American artificial artificial
intelligence messaging without clearly disclosing the political funding behind it,
according to Wired. Posts from creators like Melissa Strahl were labeled as ads, but funding traces
back to build American AI, a group tied to the Super PAC leading the future. The campaign pays
influencers to highlight U.S. innovation and in later phases frame China as a technological threat.
messaging guidance encourages blending everyday content with geopolitical talking points.
Some influencers declined participation, citing ethical concerns about undisclosed sponsorship
and narrative framing.
Social media is a primary news source for many Americans.
Undisclosed paid messaging can blur the lines between opinion and influence operations,
raising concerns about transparency, democratic discourse, and how AI-
policy debates are shaped.
Sissa warns attackers are exploiting a critical Linux flaw just one day after public disclosure.
The copy-fail vulnerability affects the Linux kernel and allows unprivileged users to gain
route access.
Researchers at Theory released a proof-of-concept exploit described as reliable across
multiple distributions.
Sissa added the flaw to its known exploited vulnerabilities catalog and order
federal agencies to patch within two weeks.
Rapid exploitation shortens response time for defenders.
Widely affected systems increase exposure, making immediate patching critical to prevent
full system compromise.
Education technology firm Instructure is recovering from a cyber attack that disrupted services
and exposed user data on its canvas platform.
The company says the April 30th incident affected tools relying on API,
and was largely resolved by May 3rd.
Attackers accessed personal data, including names, emails, student IDs, and messages,
but not passwords or financial details.
Shiny Hunters claims responsibility, alleging massive data theft,
though the scope remains unclear.
Canvas is widely used across educational systems.
Disruptions and potential data exposure could impact millions,
highlighting ongoing risks to centralized learning platforms.
The Lazarus Group is using ClickFix Social Engineering to deliver new MacOS malware called
Mako Man, targeting high-value enterprise users.
According to researcher Morrow Eldrich, attackers pose as contacts on telegram and lure victims
to fake meeting pages.
Users are instructed to run terminal commands, which install a multi-stage malware,
kit. The payload collects system data, browser credentials, and macOS keychain secrets, then
exfiltrates them. The malware also establishes persistence using disguised system services.
The attack bypasses traditional defenses by relying on user actions instead of exploits.
A single compromised Mac could expose corporate systems or crypto assets, especially in fintech
environments.
U.S. and Chinese authorities coordinated raids on scam centers in Dubai, leading to 276 arrests
tied to cryptocurrency fraud schemes.
The U.S. Department of Justice says the operation followed FBI complaints from victims who
lost millions.
Investigators trace the activity using data from meta and financial records.
Prosecutors charged multiple suspects accused of running pig-butchering scams
through front companies. Dubai police carried out the raids while one suspect was arrested in Thailand.
Large-scale scam networks operate across borders complicating enforcement. The case also highlights
links between organized crime and global fraud ecosystems that continue to target U.S. victims at scale.
Turning to our Monday business brief, cybersecurity companies are drawing significant investment and pursuing
acquisitions to scale AI-driven and enterprise security offerings.
Cloud Smith led funding activity with a $72 million series C to expand AI-native workflows,
while startups like Spectrum Security and Copper Helm emerged from stealth with new backing.
Other firms including ScatterCore and Quo Intelligence raised funds to grow products and market
reach.
Meanwhile, major deals include Airbus acquiring Quarrable.
Quarks Lab and Silverfort moving to acquire Fabrics Security.
Rising investment and consolidation signal a shift toward integrated AI-enabled security platforms.
Benders are racing to address supply chain risk, identify security, and AI-driven threats
at enterprise scale.
I recently sat down with Kevin McGee, the leader at Microsoft for Startup's cybersecurity portfolio,
while at RSAC.
During that conversation, Kevin broke down what the next wave of cybersecurity startups could look like
and how founders can best prepare themselves to be successful in this rapidly changing landscape.
If you're interested in the future of cybersecurity and how AI is impacting the startup ecosystem,
check out the full interview via the link in today's show notes.
Coming up after the break on afternoon CyberT with Ann Johnson,
Tony Sager, Senior Vice President and Chief Evangelist at the
The Center for Internet Security joins Ann to discuss the accelerating pace of technology.
And may the fourth be with your firewall.
Stay with us.
And now a word from our sponsor, the Center for Cyber Health and Hazard Strategies,
also known as CHS.
Looking for a graduate degree that will give you an edge on your professional career?
Earn a Master of Science in Law at University of Maryland Carey School of Law.
This part-time two-year online graduate degree program is designed for experienced professionals to understand laws and policies that impact your industry.
Learn from CHS faculty who are experts in their field.
No GRE required. Learn how you can master the law without a JD at law.u-maryland.org.
Anne Johnson is host of the afternoon CyberT Podcast, and in this segment from her show, she speaks with
Tony Sager, Senior Vice President and Chief Evangelist from the Center for Internet Security.
They're discussing how the accelerating pace of technology, AI, and global software dependencies
are reshaping the cybersecurity landscape.
Today I am joined by Tony Sager, who's a senior vice president and chief evangelist at the Center
for Internet Security, more commonly known as CIS.
So, Tony, we're at this moment where cybersecurity feels more urgent and also more complicated.
From your vantage point, what feels fundamentally different about today's security moment compared to even five or ten years ago?
The rate of change we're experiencing now is the slowest it will ever be in our lifetimes.
So everything is accelerated. The change is just getting faster.
And I grew up in a world where we would count on the government.
You know, is this technology safe for government use or private sector use?
Well, you know, they'll hire a room full of smart guys sit there, study it for a year.
Then it'll come out.
Yes, it's safe.
or no, they need to fix this, no one's got time for that.
So things are moving so quickly, and we're, we've become used to a world of both great
opportunity, new capabilities, but we accept some level of flaws that are in it.
And then every once in a while those flaws go from minor to, on your catastrophic.
So that's, that's really the difference is we don't have the time for kind of traditional
approaches to giving ourselves confidence in software or systems or, you know, whatever is
going on.
And that's the world that we live in.
I think it's fair to say that for years we've been somewhat reactive in cyber.
You said you've been doing 50. I've been doing it 26. This is your, I'm finishing year, 26.
But lately there's been this push to be much more proactive, much more secure by design, much more on the front foot, right?
And taking responsibility earlier in life cycle. We like to talk about shift left. We like to talk about a lot of things.
However, the industry, we're talking about it. But the industry has been pretty slow to make that shift.
why do you think it is that we're being so slow to go from being more reactive?
Or why is it so slow that, you know, from being more reactive to shifting to being more proactive?
Yeah, it's certainly true.
You know, as I look back across the industry, the majority of it is there in reaction to flaws and protocols,
bugs and software in dealing with that.
And in any other domain of risk in your life, right?
We learn prevention is more effective than reaction.
And that's just what true is something that happens to be true.
but it's been really hard to get there because of the economics.
So we have proven as social creatures,
we will accept flawed software in exchange for much better features that we had before.
And that just became part of the way we operate the industry, right?
And so it's a rational decision on the part of the vendor.
They could study and scrub out bugs for another year, but they've missed the market.
And my vendor friends will say things like second to market is last to market.
And that means exactly what it says,
that people expect the public is willing to pay for things sooner rather than later.
They used to joke about, you know, again,
I grew up in a government world where you took your time.
Yeah.
Let me take 10 to 15 years to build a new radio for the U.S. Army in the 70s and 80s.
And now people are patient for 10 or 15 minutes, right?
And whatever they see in the current headlines,
well, I hold a newspaper as though we read them now,
but whatever new we want now.
Yeah.
And no one's waiting for the government.
or a regulatory agency to tell them it's safe.
They want to get into it right away.
But this need to push earlier in the life cycle is really important.
And it's because so much is a risk.
It's just there is no economy without IT, right?
There is no social life anymore without that.
And so it's become so embedded in our way of life
that it's fundamental to everything that we think to or say.
And so you have to say, what do we need to demand the citizens?
What would be the sort of bare essentials that we'd expect
in public safety or employee safety or financial safety.
We just don't know the language for it.
Now, the IT stuff, cyber stuff is complicated.
There's so many variables and so many things that can go wrong.
And by design, it's a worldwide market.
Most of our pieces don't come from sources that we know much about
or that we can have much trust in.
But that's the choice that we have made, I'd say, implicitly,
rather than openly.
Be sure to check out afternoon CyberT, wherever you can.
get your favorite podcasts.
And finally, today is May the 4th, which means it is once again Star Wars Day,
the annual celebration of a galaxy far, far away, and a useful reminder that even the most
advanced civilizations can still be brought down by a surprisingly small design flaw in a
very large attack surface. So in honor of the occasion, let's review a few basic cybersecurity
lessons from the archives of the Jedi Temple, which admittedly could have used better access controls.
First, use strong, unique passwords. Password one, two, three is not a passphrase. I Am Your Father is only
slightly better, and also a spoiler with weak entropy. Consider a password manager because remembering
dozens of complex credentials is hard, and because storing them in a file called
Death Star Plan's Final, Final, Really Final. Dot Doc is how Bothens get nervous.
Second, turn on multi-factor authentication. Yes, it adds a step. So does lining up a trench run while
Thai fighters are behind you. But when a Sith Lord gets hold of your password, it's helpful if the
account still asks. Great, and where's your security key? Third, hatch your systems. The Empire built
a moon-sized battle station with only one tiny exhaust port leading directly to.
the reactor. Somewhere, a project manager marked that ticket, known issue, low priority. Do not be
that project manager. Fourth, beware of fishing. If a message says, urgent, click here to claim
your free land speeder. Check the sender. If it's from Palpatine at totally not the empire.biz,
maybe don't download the attachment. The force can guide you, but it cannot fully sandbox a malicious
PDF. Fifth, backup your data. Cloud City seems stable too, right up until the terms of service changed,
and Darth Vader altered the deal. Keep offline or immutable backups, test your restores,
and never assume your data is safe just because Lando said everything was fine. Sixth, limit privileges.
Not everyone needs admin access to the shield generator. Least privilege is not a lack of trust.
It's how you keep one compromised Stormtrooper account
from becoming a full-blown imperial incident response tabletop exercise.
And finally, train your users.
Cybersecurity awareness may not sound glamorous,
but neither did moisture farming.
And look how that turned out.
A well-trained employee who pauses before clicking
can be more powerful than you can possibly imagine.
So this May 4th, celebrate responsibly,
rotate your credentials,
Hatch your droids, encrypt your transmissions.
And remember, good cyber hygiene is not the only hope,
but it's a pretty good place to start.
May the Force be with you.
And that's the Cyberwire.
For links to all of today's stories,
check out our daily briefing at thecyberwire.com.
Don't forget to check out the Grumpy Old Geeks podcast
where I contribute to a regular segment on Jason and Brian's show every week.
You can find Grumpy Old Geeks where all the fine podcasts are listed.
We'd love to know what you think of this podcast.
Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity.
If you like our show, please share a rating and review in your favorite podcast app.
Please also fill out the survey in the show notes or send an email to Cyberwire at N2K.com.
N2K's lead producer is Liz Stokes.
We're mixed by Trey Hester with original music and sound design by Elliot Heltsman.
Our contributing host is Maria Vermazas.
Our executive producer is Jennifer Iben.
Peter Kilpe is our publisher, and I'm Dave Bittner.
Thanks for listening.
We'll see you back here tomorrow.