CyberWire Daily - Temporary fix for Section 702.
Episode Date: April 17, 2026The House extends Section 702, for now. Mythos raises fresh cyber risk concerns. CISA warns of reduced capacity. ZionSiphon targets Israeli water systems. Operation PowerOFF hits DDoS-for-hire network...s. CISA flags an actively exploited ActiveMQ flaw. WordPress plugin supply chain attacks spread. China tests deep-sea cable-cutting tech. Our guest is Arvind Nithrakashyap, CTO and Co-Founder of Rubrik, discussing AI as the next frontier. Tim Starks from CyberScoop takes us Inside the FBI’s recent router takedown. A DraftKings data dealer meets his downfall. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Industry Voices On today’s Industry Voices segment, we are joined by Arvind Nithrakashyap, CTO and Co-Founder of Rubrik, discussing AI as the next frontier. If you enjoyed this conversation, check out the full interview here. CyberWire Guest Today we have Tim Starks from CyberScoop discussing Inside the FBI’s router takedown that cut off APT28’s ‘tremendous access’. Selected Reading House extends surveillance powers for 10 days (NPR) White House Works to Give US Agencies Anthropic Mythos AI (Bloomberg) Lawmakers Gathered Quietly to Talk About AI. Angst and Fears of ‘Destruction’ Followed (SecurityWeek) How Anthropic Discovered Mythos AI Was Too Dangerous For Release (Bloomberg) CISA Warns of 'Detrimental Capacity Impacts' Amid Shutdown (BankInfo Security) New ZionSiphon Malware Discovered Targeting Israeli Water Systems (Hackread) Europol-supported global operation targets over 75 000 users engaged in DDoS attacks (Europol) CISA flags Apache ActiveMQ flaw as actively exploited in attacks (Bleeping Computer) 30+ WordPress plugins bought on Flippa and backdoored in supply chain attack (TNW) New undersea cable cutter risks Internet’s backbone (Ars Technica) Man gets 30 months for selling thousands of hacked DraftKings accounts (Bleeping Computer) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyberwire Network, powered by N2K.
Today's sponsor, Rapid 7, has an irresistible invitation for you SISOs and security practitioners out there.
A free two-day virtual summit, the subject, preemptive security.
Join the Global Cybersecurity Summit on May 12th and 13th from wherever you like.
A-list speakers will show you how organizations are disrupting attacks before they can blow towards.
your day. You'll see how
exposure management, MDR,
and AI together let you
make the decisive move.
Registration is open at
rapid 7.brighttalk.com.
The house extends section 702
for now. Mythos
raises fresh cyber risk concerns.
CISA warns a reduced capacity.
Zion Seifan targets
Israeli water systems. Operation
Power Off hits DDoS for
higher networks. CISA
flags and actively exploited active MQ flaw.
WordPress plug-in supply chain attack spread,
China test deep-sea cable-cutting tech.
Our guest is Arvind Nithra Kshayyip,
CTO and co-founder of Rubrik,
discussing AI as the next frontier.
Tim Starks from CyberSoup takes us inside the FBI's recent router take-down,
and a Draft King's Data dealer meets his downfall.
It's Friday, April 17th, 2026.
I'm Dave Bittner and this is your Cyberwire Intel briefing.
Thanks for joining us here today.
Happy Friday.
It's great as always to have you with us.
The House voted Friday by unanimous consent
to extend Section 702 of the Foreign Intelligence Surveillance Act
until April 30th, 10 whole days,
avoiding its scheduled expiration Monday.
Earlier attempts by GOP leaders to secure longer renewals,
including a five-year extension and an 18-month plan requested by President Trump failed.
Section 702 allows U.S. intelligence agencies to collect electronic communications from foreign nationals abroad,
though some collected data includes exchanges with Americans.
Lawmakers from both parties have long-pushed reforms requiring court approval before reviewing Americans' information,
while intelligence officials argue such limits would weaken national security capabilities.
Recent compromise changes did not satisfy privacy advocates.
If the authority lapses, intelligence collection could continue but may face legal challenges
from telecommunications and technology companies required to assist the government.
The U.S. government is preparing safeguards that could allow federal agencies to access a
modified version of Anthropics' advanced AI model Mythos, amid concerns it could significantly
increase cybersecurity risks. In an email to cabinet-level technology and cybersecurity officials,
the White House Office of Management and Budget said agencies should expect more details in the coming
weeks, though no timeline or access decisions were confirmed. Anthropic has limited mythos
distribution due to fears it could help hackers identify critical vulnerabilities, even as officials
have encouraged select organizations to use it defensively. Some agencies, including Treasury,
have sought access for internal security testing. The move reflects growing government interest
despite legal disputes with anthropic and internal warnings that the model could transform
attackers' capabilities and complicate national defense risk assessments.
Yesterday, a House Oversight Committee roundtable on artificial intelligence highlighted bipartisan
concern about the technology's rapid development and potential risks.
Lawmakers raised issues including federal workers using AI with sensitive data, deep fake
pornography, military decision constraints, climate impacts, and cybersecurity threats from advanced
models like Anthropics Mythos. Members also noted AI's economic and medical potential,
but warned Congress may struggle to keep pace with its effects. Experts urge stronger policy
engagement and federal investment in AI safety research to maintain national competitiveness
and manage emerging risks. Bloomberg reports on the revelations surrounding the latest
AI model, AI researcher Nicholas Carlini, discovered Anthropics Mythos model could autonomously
identify and exploit critical software vulnerabilities within hours of testing, raising major
cybersecurity concerns. Internal Red Team researchers concluded the model posed national security
risks because it could generate advanced intrusion tools and uncover flaws typically found only by
elite hackers. Anthropic limited Mythos's release and instead positioned it as a defensive
cybersecurity tool for select organizations. Officials and industry leaders warned the model
could significantly shift the balance between attackers and defenders.
SISA's acting director Nick Anderson warned lawmakers that are prolonged government shutdown
and staffing shortages have reduced the agency to about 40% operational capacity.
straining its ability to defend federal networks and critical infrastructure.
The administration's proposed $2.5 billion budget prioritizes core cybersecurity missions,
but lawmakers questioned whether reduced resources can support expanding threat demands.
Officials said vacancies, including 329 critical roles, have already had detrimental capacity
impacts on operations. While SISA continues issuing emergency
directives and vulnerability guidance, leaders said funding constraints are forcing the agency
to focus on the highest risk sectors tied to national security, public health, and economic
continuity, raising concerns about sustained resilience across the broader critical infrastructure
landscape. Researchers at Dark Trace have identified Zion Seifin, a new malware
designed to target operational technology systems
at Israeli water treatment and desalination facilities.
The unfinished malware searches for industrial control system protocols
such as Modbus and S7Com
and configures files tied to chlorine levels and water pressure,
indicating intent to cause physical disruption rather than steel data.
It spreads via USB drives,
disguises itself as a legitimate Windows,
process and maintains persistence through registry changes. Despite coding flaws that limit reliability,
researchers warned the tool highlights ongoing risks to critical infrastructure systems.
Law enforcement agencies for more than 20 countries coordinated under Operation Power Off to disrupt
DDoS for hire or Booter services by seizing infrastructure and analyzing databases tied to over
3 million criminal user accounts. Authorities removed more than 100 related URLs, issued blockchain
warning messages to offenders, and ran prevention campaigns targeting potential users. Officials said
the effort aims to curb accessible cyber attack tools that enable low-skill actors to disrupt
websites and services, while continuing international actions to dismantle remaining infrastructure
and deter future attacks.
Sisa warned that a high-severity Apache active MQ vulnerability is being actively exploited and requires
urgent patching.
The flaw, undetected for 13 years, allows authenticated attackers to execute arbitrary code
through input validation weaknesses.
Horizon 3 researchers identified the issue, and Apache patched it at the end of March.
Sissah added the book.
bug to its known exploited vulnerabilities catalog and ordered federal agencies to remediate by
April 30th. More than 7,500 exposed servers remain online, increasing risk to organizations running
active MQ. An attacker purchased more than 30 WordPress plugins from the essential plugin portfolio
and inserted a hidden back door that remained dormant for eight months before activating in April to
deliver cloaked SEO spam to Googlebot. WordPress.org closed 31 affected plugins on April 7th,
but compromised sites required manual cleanup. In a separate incident the same week,
attackers breached Smart Slider 3 Pros update infrastructure, distributing a backdoored version
to sites using automatic updates. Both cases exposed a structural weakness in the WordPress
ecosystem. There is no review of plugin ownership transfers and no code signing requirement for updates.
Researchers warned these gaps allow attackers to purchase trusted plugins, weaponize updates,
and compromise large numbers of sites through the software supply chain.
A Chinese research vessel tested a device capable of cutting submarine communications cables
at depths of about 3,500 meters, highlighting potential risks to global undersea infrastructure.
According to Chinese state-linked reporting, the tool uses a diamond-coated grinding wheel
powered by an electro-hydrostatic actuator and may operate as deep as 4,000 meters.
Researchers describe the technology as supporting marine resource development,
but analysts warned it has clear dual-use implications.
The demonstration follows multiple incidents involving Chinese registered ships damaging subsea cables and pipelines,
though Beijing has called those events accidental.
Experts said the capability underscores growing concern over the vulnerability of the world's 1.5 million kilometers of submarine cables,
which carry critical Internet and communications traffic and are increasingly viewed as potential strategic targets.
Coming up after the break, my conversation with Arvind Nithra Kashyaf,
a CTO and co-founder of Rubrik.
We're discussing AI as the next frontier.
Tim Starks from CyberScoop takes us inside the FBI's recent router takedown,
and a Drafking's data dealer meets his downfall.
Stay with us.
And now a word from our sponsor, Arcova, formerly Morgan Franklin Cyber.
Arcova is a global cybersecurity and AI-concounter,
consulting firm built by practitioners who've been in the seat. They work directly with enterprise teams
to solve complex security challenges, building secure-by-design programs that hold up as technology
and threats evolve. From focused engagements to long-term partnership, Arcova delivers outcomes that
endure because no one should navigate complexity alone. Learn why leading global enterprises
trust Arcova at www.orgovna.com. That's ARCOVA.
No, it's not your imagination.
Risk and regulation really are ramping up, and these days customers expect proof of security before they'll even do business.
That's where Vanta comes in.
Vanta automates your compliance process and brings compliance, risk, and customer trust together on one AI-powered platform.
So whether you're getting ready for a SOC2 or managing an enterprise governance risk and compliance,
program, Vanta helps keep you secure and keeps your deals moving. Companies like Ramp and
writers spend 82% less time on audits with Vanta. That means less time chasing paperwork and more
time focused on growth. For me, it comes down to this. Over 10,000 companies from startups to
large enterprises trust Vanta to help prove their security. Get started at vanta.com slash cyber.
Keshayup is CTO and co-founder of Rubrik.
I recently caught up with him at the RSAC conference
for this sponsored industry voices discussion of AI as the next frontier.
So it's totally understandable that people are still trying to keep pace with what's happening.
Even you go back three to four months,
what coding agents could do three to four months ago to what they can do today.
I mean, it's almost night and day.
Yeah.
And coding agents are interesting because they actually go and they can write code.
They can create things that don't exist today.
So from that perspective, I think it's okay for people to be thoughtful about it.
But at the same time, it is, see, I mean, it's also, I mean, I look at it as even internally,
we look at AI tools as an opportunity and an existential threat, right?
It's an opportunity for you to go much faster, accelerate your business.
But if you don't do it and your competitors are doing it, they might leave you behind.
And I am joined right here on the RSSF.
AC 2026 show floor with Arvind Nithraka-Ship,
who is the CTO and co-founder of Rubrik.
Welcome, good to see you.
Well, thank you for having me on the show.
Before we dig into our topics that we want to hit on today,
I would love to just get to know you a little bit more.
Can you tell us what your professional journey has been?
What led you to where you are today and the co-founding of Rubrik?
Yeah, I started my career at Oracle,
so I used to work on the core database server
building a bunch of components within the Oracle database server.
Later got a chance to start a new product with an Oracle,
which later became Xadata.
So the three of us who kicked off that project
and I was there until we got the first version of the product out.
After that, I worked at a bunch of different startups,
including advertising technology for a little while.
And then that's when Bipple and I got together
to start brainstorming about the idea
that you would later become rubric.
Bipple and I used to work together at Oracle,
so we know each other for a long time.
And we saw an opportunity when we look at overall data protection,
data management, and then when we looked at how data management,
data protection is evolving more into cyber resilience,
we saw an opportunity to build a brand new platform
that was built for the age to come rather than the age that has passed.
So that's how we got started.
Yeah.
You know, I think with AI being the hot topic here on the show floor,
once again this year, there's a lot of concern about this notion of AI sprawl.
And I know that's something that you've spoken about.
Can you share with us what exactly that means and the effect that has on the industry?
Yeah, so I think if you go back six months, when we're thinking about agents,
we were thinking about, oh, people are going to be running a lot of agents across the board,
you know, doing back-end tasks like procurement, deal desk, all those kinds of things.
But what we have seen in the last few months is the largest,
proliferation we see today is really on coding agents. I think Anthropic had a study that said
50% of the agents that they see are coding agents, mostly on top of CloudCode. Now, what this means
is that this is no longer even running in a back-end server or cloud account. This is actually
sitting on individual laptops. And everybody, not just engineering, IT, support, even some of
business functions are using CloudCode and or co-work to effectively run personal agents. What this means is
that every laptop in the company now,
in an organization, actually has agents that are doing the work
of people, and people are mostly advising and reviewing.
And they have all the credentials of the user.
So if I have an agent running, my CloudCode
has my GitHub, my Jira, my Atlassian credentials.
And these are going and doing most of the work.
So the sprawl, I mean, what I talked about
sprawl six months ago is maybe even more magnified today,
because this literally is just sitting on every endpoint
and working on behalf of every individual in the company.
And as CTF rubric, one hat I wear is,
how do we make sure that we roll out AI agents
to everybody in the company?
But on the other hand, as a board member,
I'm also concerned that, hey,
we make sure that we don't go and do,
these agents go and don't do something
that is detrimental to the company.
So it's a balance we've got to strike.
And I think it's only getting,
I think this year is the year we'll see agents just,
take over most of the work that is being done with an organization,
and humans will be planners, approvers, and reviewers.
So what is your philosophy then?
What's your advice for organizations who are looking to deploy these agents safely?
How should they go about it?
Yeah, so I think, now, most organizations have come up with some kind of a governance team, right, if you will.
So what they do is they, what they're trying to do is define policies on how agents can deal with internal data, IP, customer data, and trying to define these policies.
But these policies are six, seven page documents that, you know, they are, you know, they, yes, you can read it, but how do you kind of implement it in an automated fashion?
And the thing with agents is that these agents are operating at 10x speed of humans.
So they can essentially create 10x damage in one 10 time, right?
So this is the challenge that most people are wrestling with.
I think it boils down to a few things.
So it boils down to you have to be able to monitor the agents.
So first of all, what are the agents that are running?
What kind of applications are they accessing?
If there's an agent doing log diagnostics, that's okay.
I mean, it's maybe it's fine.
It's not as risky.
As something that's dealing with your CRM system,
dealing with customer data,
email address, personal information.
You've got to be a lot more careful around that.
So I think it starts with monitoring, but I think the key piece is governance.
So can I take this policy and ensure that an agent does not violate the policy?
For example, let's say there's an agent that does, is going to look at an email and send responses back.
But maybe the policy is it's okay for an agent to send emails from an internal employee,
but you should not be sending, you should not be sending automated emails to customers.
This is a policy.
How do you kind of enforce that?
And that's why, I mean, actually,
we have a product called Rubrik Agent Cloud,
and we announced this product called Sage,
which is really around a governance engine
where you can publish, literally, a policy document,
and it will actually use a model to generate the right kind of checks
so that when an agent tries to do an action,
it will decide whether that is okay or not based on the policy,
and then it can allow it or block it,
or at least give you a view of what is being violated.
And then finally, we do strongly believe that agents will make mistakes.
So you need a way by which you can quickly, you know, rewind those mistakes, right?
Once you have something like this in place, then you're able to go and then you have peace of mind that, yes, you can roll these out,
but you have the right kind of checks and balances.
Can we dig on that governance element?
Because I feel as though the rate of change is increasing.
So as you said, you know, these agents can operate.
at 10x human speed.
How do the humans keep up on the governance side
when there's so much velocity on the agentic side?
Yeah, so I think it's impossible for humans
to be in the approval loop, right?
I mean, maybe there are something
that are very, very, you know,
something that's maybe very, very risky
that you want human approval.
Right.
But for 90%,
if you're going to have a human in the look for everything,
you're going to operate at the pace of humans.
And the whole promise with all these agents
is that they will operate at agent speed
and things, your productivity will go up like 5x 10x.
Right.
So what that means is you have to have an automated way
by which you can govern these actions.
So you need to have full observability.
What are the actions that agents are taking?
So even if something is allowed,
you might say, oh, wait, this agent went and did this.
There's not okay, maybe I need to actually fix my policy
to go and address that.
But more importantly, once you have something in a policy,
can you ensure that there is something
that's automatically looking
at what the agent is doing and it's able to take an action,
make a decision as to whether this should be allowed or not.
And maybe you want to be a little conservative
and not allowing something that you deem as risky, right?
So the only way to achieve the productivity
is by having automated ways in which you can govern the actions of agents.
And I think that's going to be a critical piece
in being able to run these agents at scale.
and fundamentally with our Rubrik Aging Cloud product,
that's fundamentally what we're trying to do.
Our aim is to accelerate the air transformation of our customers,
but provide the right kind of platform that will allow them to do that.
Yeah.
Arvin is the CTO and co-founder at Rubrik.
Thank you so much for taking the time for us today.
I appreciate you.
Thank you for having me.
All right.
There's a lot more to this conversation than we have time to share here,
so please check out the full unedited interview.
You can find a link to that in our show.
show notes. It is always my pleasure to welcome back to the show Tim Starks. He is a senior reporter
at CyberScoop. Tim, welcome back. Hi-di-Dave. So, an interesting article you posted here and a great
interview that you had with the FBI Cyber Chief, one of their top folks, Brett Leatherman.
You want to unpack the story here for us, Tim? Yeah. And I've said this to him before,
by the way. Brett Leatherman is the most FBI name I can even imagine. That's true. It's straight out
central casting, isn't it?
It really is.
It really wrote a novel.
They named the character
or Brett Leatherman,
and naturally they just like,
that's an FBI guy.
Anyway, so Brett is the head
of the cyber division there at the FBI.
Yeah.
And earlier in the week,
the FBI had announced
a disruptive operation
against Russian GRU hackers,
so government military hackers.
The group is commonly known as APT-28
or Fancy Bear these days
Forest Blizzard is in the mix.
There were 18,000 routers by their count that were infected, essentially.
It could have been used for a very large cyber espionage campaign,
presumably was actually happening because of the targeting that we know about.
And this operation sent a series of commands to the routers, the infected routers,
and essentially booted the Russians off of the networks.
And this is a Brett said, I think there's a fourth major operation of this kind against these hackers.
and this one was a little different for a couple different reasons.
Well, let's back up a little bit and dig into what exactly the Russians were up to here.
I mean, what was the vulnerability and what were they setting out to do?
Yeah, so they took advantage of vulnerabilities in TPLink routers,
a pretty common and popular router type at the center of some policy difficulties right now with the FCP,
is what I would say it, but still a very common.
purchased, commonly bought router in the United States and around the world, the infection was
apparently quite opportunistic.
So we had heard from not just the FBI, but earlier on the week we'd heard from Microsoft
and Lumen and the UK cyber agency warning about these vulnerabilities, warning about these
infections.
And while the infection was opportunistic, the targeting was government, military, other targets
that they could use to, okay, we've got.
got into these networks that are pretty commonly found in small and home office setups.
And we're going to use this to see who we can find out things about.
So is this a matter of having the router basically reroute things to the Russians?
So, yeah, what the idea was is that they would use these infected routers to gain credentials for other things.
That's what jumped out to Leatherman as unique about this campaign.
is they weren't just sitting on the routers.
They were moving within the routers to other parts of someone's house,
their smart TVs or their phones.
And the idea was, you know, by doing this kind of moving around from one thing to the next,
you could get into a broader organization.
You can move to new targets.
So that was one of the things that struck him as pretty interesting about this campaign.
And it's, and it's, there's always this thing that the FBI has to decide when they want to do a disruptive operation.
When do they want to sit on the information they have?
When do they want to let the thing happen, essentially, while they collect information for prosecutions or for finding out more about the operations of the organization behind that?
In this case, they said, this is too, this is too dangerous.
There's too much risk here in terms of how broadly this could become contagious in a sense.
Not wormable in the strict cyber definition of wormable, but moving from one thing to the next to the next to the next, the next, the next.
And they were like, we can't, we've got to do a disruption operation on this one.
And so what did that involve?
You mentioned, what, rebooting the routers or making remote changes to them?
Yeah, exactly.
So this is one of the things that they had to work with the private sector on is to make sure that when they went into these routers,
which is what they did, essentially.
I mean, they sent commands remotely to reset DNS settings.
and this essentially made it so that they reset the access the Russians would have.
The idea was they won't be able to get in through this way again.
So that's what they did is they functionally booted them off.
I mean, one of the things that I didn't touch on in the story is,
kind of hint to that, is a lot of these kinds of operations with things like botnets, right?
We'll see operations where they'll go to the courts and they'll claim domains
that will be helpful toward taking.
down the botnet in the short term, but it won't kill a botnet for good necessarily.
It might make the organizations, the hacking organizations, have to go somewhere else to make
that botnet functional, but it really is more of a setback. This was billed by the FBI as
more of a permanent eviction. This was them saying, we've evolved our techniques.
They've been evolving their techniques. This is our response.
So they're confident that whatever they did to these routers will keep the Russians out in the future?
Certainly in this case, yeah.
I asked the question almost the same way you just did, Dave, when I was talking to it.
And he said, look, this doesn't keep the GR review out of everything.
We know they're going to come back.
But the idea would be to keep them out of these routers, certainly.
Well, and the FBI is certainly emphasizing the success here.
they're calling this Operation Masquerade.
In your estimation, is there crowing about this deserved?
I think so.
I think it's deserved to be cautious about keeping in mind that the FBI is the source of the information here, right?
They have every reason to crow about their success.
By the way, in my head, I've been calling it Operation Masquerade because that just sounds like it.
It's a little more exotic that way.
Yeah. I think, yes, some skepticism is warranted because it's the, it's someone, it's the organization puffing out his chest and saying, look at what we've done.
Yeah. But when I think about what kind of, there's a need of a factor to this, right? I think of what do I imagine from going back to when I was a kid and imagining what cyber war or cyber conflict might look like, this is the kind of blow I would imagine wanting to strike. If I'm the FBI, this is exactly the kind of.
thing I want to do and I want to happen. I don't think it means that it's a permanent,
you know, I think that's, I think it's worth noting. It's not a permanent victory.
It's not a, it's not a, okay, now they're, now they're, now they're done. They're going to move
another target. But all of that takes, all of that takes resources for them. All of that takes effort
for them. This cuts off an avenue that would have been a potentially very good avenue for them
to have. And so I think that that you can't, you have to look at that as a success. I think
that that's the, the view of the world of the community out there is that this was a good
thing that they've done. It's just about, you know, the skepticism comes in how good it is and how
long-lasting it is. I don't think there's any real question that this is a success for them
and a good one. Yeah. Take the win, right? Take the win.
Brett Leatherman and the FBI? Yeah. Take the win. All right. Well, congratulations on the interview
with Brett Leatherman. It's a good one, and we'll have a link to that in the show notes here. Tim Starks
This is senior reporter at CyberScoop.
Tim, thanks so much.
I think so always like talking about this stuff with you, Dave.
Appreciate it.
Most environments trust far more than they should,
and attackers know it.
Threat Locker solves that by enforcing default deny
at the point of execution.
With Threat Locker Allow listing,
you stop unknown executables cold.
With ring fencing, you control how trusted applications behave.
And with Threat Locker, DAC,
defense against configurations,
you get real assurance that your environment is free of misconfigurations
and clear visibility into whether you meet compliance standards.
Threat Locker is the simplest way to enforce zero-trust principles without the operational pain.
It's powerful protection that gives CSO's real visibility, real control, and real peace of mind.
Threat Locker make zero-trust attainable, even for small security teams.
See why thousands of organizations choose Threat Locker to minimize alert fatigue,
stop ransomware at the source and regain control over their environments.
Schedule your demo at Threatlocker.com slash N2K today.
When it comes to mobile application security, good enough is a risk.
A recent survey shows that 72% of organizations reported at least one mobile application
security incident last year, and 92% of responders reported threat levels have increased in
the past two years. Guard Square delivers the highest level of security for your mobile apps without
compromising performance, time to market, or user experience. Discover how Guard Square provides industry
leading security for your Android and iOS apps at www.gardesquare.com. And finally, Cameron Stokes,
a 23-year-old from Memphis, has been sentenced to 30 months in prison for reselling access
to tens of thousands of hacked Draft King's accounts,
apparently treating credential stuffing fallout as a retail opportunity.
The accounts were originally compromised in a 2022 attack
by co-conspirators using breach-sourced passwords,
enabling theft of roughly $635,000 from about 1,600 users.
Stokes bought account access in bulk
and flipped it through his own online shop,
Then, after pleading guilty, briefly reopened the operation under the memorable slogan,
Fraud is Fun, explaining he needed to pay his lawyer.
Authorities disagreed with the business plan.
It was returned to custody, ordered to pay more than $1.3 million in restitution,
and given three years of supervised release, closing what prosecutors described as a remarkably persistent side hustle.
And that's the Cyberwire.
For links to all of today's stories,
check out our daily briefing at thecyberwire.com.
Be sure to check out this weekend's research Saturday
and my conversation with Dr. Darren Williams,
co-founder and CEO of Blackfog.
We're discussing their research.
Steellight Rat enables double extortion attacks
from a single panel.
That's Research Saturday.
Check it out.
We'd love to know what you think of this podcast.
Your feedback ensures we deliver the insights
that keep you a step ahead in the rapidly changing world of cybersecurity.
If you like our show, please share a rating and review in your favorite podcast app.
Please also fill out the survey in the show notes or send an email to Cyberwire at N2K.com.
N2K's lead producer is Liz Stokes.
We're mixed by Trey Hester with original music and sound designed by Elliot Peltzman.
Our contributing host is Maria Vermazas.
Our executive producer is Jennifer Ibn.
Peter Kilpe is our publisher.
And I'm Dave Bittner.
Thanks for listening. We'll see you back here next week.