CyberWire Daily - The AI lock comes off.
Episode Date: July 1, 2026The US restores exports of Anthropic’s most advanced AI models. Adobe and Citrix rush out critical patches. RustDuck emerges as a fast-evolving DDoS threat. The Gentlemen raise the stakes with a new... EDR-killing exploit. Rocket lab bets big on Iridium. Researchers unveil browser-only ransomware. New Zealand faces questions about its cyber readiness. Iran’s long-running cyber espionage campaign is back in the spotlight. Our guest is Donald Codling, CISO and senior advisor to REGO on cybersecurity and data privacy matters, to discuss the importance of tying security by design to psychological safety and digital trust. VIP backstage access, courtesy of Claude. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Donald Codling, CISO and senior advisor to REGO on cybersecurity and data privacy matters, to discuss the importance of tying security by design to psychological safety and digital trust. Selected Reading Fable and Mythos: Anthropic says US lifts export ban on its advanced AI tools (BBC) Adobe patches seven max severity ColdFusion, Campaign flaws (Bleeping Computer) RustDuck: The Botnet That's Still Small but Engineering Like It Plans to Grow (SecurityAffairs) Citrix Patches NetScaler Vulnerabilities, Including New ‘HTTP/2 Bomb’ Attack (SecurityWeek) Not very gentlemanly: Analyzing a zero-day exploit used by The Gentlemen ransomware to disable targets’ EDRs (Expel) Rocket Lab to Acquire Iridium in Historic Deal, Creating A Fully Vertically Integrated Space Powerhouse Primed for Growth (Globe Newswire) Ransomware that runs inside your browser tab, where antivirus cannot see it (Suriq) Three major cybehttps://suriq.io/blog/browser-only-ransomware-file-system-accessrattacks have raised alarms about New Zealand's security (RNZ) Arrest of Iranian Hacker Spotlights Iran’s Movement into Economic Espionage and IP Theft (Zero Day) Claude Helped a Hacker Find a Way to Issue Tickets to Almost Every US Music Festival (WIRED) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyberwire Network, powered by N2K.
This episode is supported by Black Hat USA.
If you follow the research, you know a lot of it breaks on Black Hat stages.
Hundreds of peer-reviewed briefings, more than 100 hands-on trainings,
and the largest business hall in Black Hat's history.
Six days to learn the skills you'll need tomorrow.
August 1st to the 6th.
Use code Cyberwire for $200 off your briefings path,
at blackhat.com.
We'll see you in Vegas.
The U.S. restores exports
of Anthropics' most advanced AI models.
Adobe and Citrix rush out critical patches.
Rust duck emerges as a fast-evolving DDoS threat.
The gentleman raised the stakes with a new EDR-killing exploit,
Rocket Lab that's big on iridium.
Researchers unveil browser-only ransomware.
New Zealand faces questions about its cyber readiness.
Iran's long-running science.
cyber espionage campaign is back in the spotlight. Our guest is Donald Codling, discussing the importance of tying security by design to psychological safety and digital trust. And VIP backstage access, courtesy of Claw.
It's Wednesday, July 1st, 2026. I'm Dave Bittner, and this is your Cyberwire Intel briefing.
Thanks for joining us here today. It is great as always to have you with us.
The U.S. government has lifted export restrictions on Anthropics' most advanced AI models,
Claude Fable 5 and Mythos 5, allowing the company to restore access beginning Wednesday.
The models were suspended on June 12th just days after their release
over national security concerns that they could be used to identify and exploit software vulnerabilities.
In a letter, Commerce Secretary Howard Lutnik said the restrictions
were removed after Anthropic agreed to proactively detect and address security risks,
collaborate with the government on future AI releases, and report malicious activity.
The Commerce Department said it could reimpose restrictions if necessary.
Anthropic had previously argued officials had not identified specific concerns,
saying the government's decision appeared to stem from a potential method of jailbreaking Fable 5
rather than broader security flaws.
Adobe has released security updates
addressing seven maximum severity vulnerabilities
affecting its Cold Fusion web application platform
and campaign classic marketing software.
The flaws, all rated high priority
because they're considered at elevated risk of exploitation,
can be abused in low-complexity attacks
without user interaction.
Six vulnerabilities in cold-fusion,
in Cold Fusion could allow attackers to execute remote code on unpatched systems,
while a separate flaw in on-premises campaign classic deployments
could enable arbitrary code execution.
Adobe says it is not aware of any active exploitation,
but urges customers to apply the updates within 72 hours.
The company also announced it will move from monthly to twice-monthly security bulletins
starting July 14th, while continuing to...
issue emergency patches for actively exploited zero-day vulnerabilities when needed.
Researchers at Kianjin's X-Lab are tracking Rust Duck, an emerging distributed denial-of-service
botnet that is rapidly evolving from C to Rust, making it more resistant to analysis and detection.
Since February, the malware has targeted routers, cameras, Android devices, and exposed servers,
by exploiting weak credentials and numerous known vulnerabilities.
Rust Duck uses sophisticated anti-analysis techniques,
including sandbox and debugger detection,
and encrypts communications with modern cryptographic protocols to evade monitoring.
Although still smaller than major botnets,
researchers say its rapid technical evolution makes it a growing threat.
Once installed, Rust Duck can launch DDoS attacks,
update itself and rotate command and control infrastructure.
X-Lab recommends securing internet-facing devices,
disabling unnecessary remote access,
replacing unsupported hardware,
and monitoring for known indicators of compromise.
Citrix has released security updates for NetScaler ADC
and NetScaler Gateway,
addressing six vulnerabilities,
including the HTT-2 bomb,
denial of service flaw and four high-severity memory-related bugs.
Researchers at Watchtower warn that the latest in the Citrix bleed family is particularly
concerning because it could leak sensitive memory and potentially enable full-device
compromise under specific conditions. Citrix advises organizations using affected self-managed
net-scaler deployments to apply the updates promptly and review whether vulnerable features are
enabled. Researchers at Expell have detailed how the relatively new ransomware group,
The Gentleman, is using a previously unknown vulnerable driver in a bring-your-own vulnerable
driver attack to disable endpoint detection and response tools before deploying ransomware.
During an April incident, the group exploited a zero-day flaw in Contron's katapi.ciss driver
to gain kernel-level access, bypassed.
Windows security protections and terminate protected security processes from vendors,
including Microsoft, Sentinel One, Palo Alto networks, and ESET.
Researchers say the group's exploit chains together advanced techniques to evade modern defenses,
highlighting an increasingly sophisticated approach to ransomware operations.
Expell recommends enabling Windows Defender Application Control,
virtualization-based security,
vulnerable driver block lists and Microsoft's newer cross-signing protections to reduce B-Y-O-V-D risks,
while continuing to monitor for vulnerable drivers that may be abused in future attacks.
Rocket Lab is making one of the biggest bets in the commercial space industry yet,
with plans to acquire satellite communication provider Eridium in an $8 billion deal.
If it goes through, the combined company would build,
launch and operate its own satellite networks, a move that could reshape competition in space-based
communications. Our own Maria Vermazas joins us with what the deal means and why security and
resilience are part of the story. Thank you, Dave. Rocket Lab, which is widely viewed as the leading
challenger to SpaceX in the global launch market, says that it plans to acquire satellite communications
provider Eridium Communications and a transaction valued at approximately $8 billion U.S.
dollars.
The deal would combine Rocket Lab's launch services and satellite manufacturing business
with Eridium's low-Earth orbit communications network, globally coordinated L-Ban spectrum,
and customer base that spans government, defense, aviation, maritime, and industrial sectors.
The acquisition also would move Rocket Lab closer to SpaceX's vertically integrated model,
where a company can build satellites, launch them, and operate communications services on orbit.
Now, Arridium's network supports connectivity in remote and contested environments
and provides an alternative positioning navigation and timing capability
for situations where GPS signals may be degraded, jammed, or unavailable.
The two companies say that should the deal be finalized in 2027,
the acquisition would accelerate development of next-generation services,
including directed device communications and expanded government and national security applications.
As governments and critical industries become more dependent on space-based networks,
these systems are increasingly being viewed as essential infrastructure.
For the Cyberwire Daily, I'm Maria Vermazes from T-Minus Space Cyber Briefing.
Back to you, Dave.
That is our own Maria Vermazes.
Checkpoint researchers have demonstrated a proof of confidence.
browser-only ransomware attack that encrypts files entirely within a chromium browser
using the legitimate file system access API without malware, exploits, or downloaded executables.
The technique relies on users granting a website permission to access local folders,
allowing malicious code running in a browser tab to overwrite files
while evading traditional endpoint detection that focuses on files and processes.
Researchers noted the initial concept was inspired by AI-generated code,
though they developed the working proof of concept themselves.
The attack has not been observed in real-world campaigns
and affects chromium-based browsers such as Chrome, Edge, and Brave,
but not Firefox or Safari.
Checkpoint recommends restricting browser file system permissions
through enterprise policies,
monitoring for mass file modifications,
educating users about folder access prompts and maintaining offline or versioned backups.
A New Zealand cybersecurity expert is warning,
the country is not prepared for a national cyber emergency
following a series of significant breaches affecting the health care sector.
Recent incidents involving Health New Zealand,
manage my health, metamap, and intracare
mark the first cluster of highly significant cyber events in more than four.
years, according to the National Cybersecurity Center.
ORA Information Securities Patrick Sharp said he is particularly concerned about the potential for
a highest-level C-1 cyber emergency that could severely disrupt essential services or compromise
sensitive national data.
He urged organizations to strengthen governance, implement multi-factor authentication,
eliminate weak passwords, and regularly rehearse incident response plans.
Sharp also noted that many business boards rarely discuss cybersecurity,
leaving organizations ill-prepared to respond effectively to a major cyber attack.
The recent arrest in Montenegro of an Iranian-Turkish national wanted by the FBI
is drawing renewed attention to Iran's long-running cyber-enabled intellectual property theft campaigns.
According to the latest reporting from Kim Zetter, authorities allege the suspect conducted
attacks beginning in 2013 against more than 150 U.S. universities and other organizations on
behalf of Iran's Islamic Revolutionary Guard Corps, causing an estimated $3.4 billion in damages.
The case echoes a 2018 U.S. indictment against members of the Iran-based Mabna Institute,
accused of hacking hundreds of universities, government agencies, companies, and the United Nations
to steal academic research and trade secrets.
Prosecutors say the group compromised thousands of academic accounts
through spearfishing, ultimately stealing more than 31 terabytes of data.
Researchers note Iran's sustained focus on academic and technological espionage
resembles China's economic espionage campaigns,
though Iran's operations are generally considered less mature and sophisticated.
Coming up after the break,
My conversation with Donald Codling, Sissau, and Senior Advisor to Rigo.
We're discussing the importance of tying security by design to psychological safety and digital trust.
And VIP backstage access, courtesy of Claw.
Donald Codling is CISO and senior advisor to Rigo on cybersecurity and data privacy matters.
We recently sat down to discuss the importance of tying security by design to psychological safety and digital trust.
Yeah, it really has an identity problem. It's become a trust problem because you can no longer really verify and AI is doing nothing except accelerating this through the roof to be able to, quite frankly, trust what you're hearing, what you're looking at. And that is going to be a crisis, quite frankly. A.I. is accelerating a trust crisis.
So it's no longer just enough to authenticate the content of something.
You really want to authenticate the trust layer.
So many cybersecurity issues, if you will,
and certainly how the zero trust architecture and all these other cybersecurity things have done,
is you really want to know who you are.
Are you allowed to have access to this asset?
Are you allowed to look at that data?
Are you allowed to manipulate systems and consume the data and utilize the data?
Well, it's gotten to the point where identity alone is really not sufficient anymore,
as so many systems are discovering they're getting workarounds or they're getting beaten
or social engineering is out there, has been for a long time.
So now the future really is going to require that you have a relationship verification
and the authority to do certain things is tied directly to that verification.
Well, let's dig into that.
What do you mean when you say a relationship verification?
You really want to figure out, is this person, first of all, are they who they say they are?
Do they have access permissions to do certain things on that network or in that application
or utilizing that service.
And then once you have verified that you also want to now look at permissions.
If you're a child, which is one of the places that Rigo really concentrates on,
is trying to maintain the safety and privacy of children under the Children's Online Privacy Protection Act in particular,
you really want to find out, is that individual at the other end of that computer screen or monitor
or now smartphone, are they who they say they are, are they of the proper age or age range
even? And in many cases, do they have the parents' permission to be doing this? So that's where I'm
talking about that entire relationship verification. How do we go about balancing those legitimate
needs versus what folks who follow civil liberties say are legitimate needs for privacy or
occasional anonymity? Well, that's an excellent, excellent question. So I think, first of all,
you have to have this security and the verification built in by design. And in today's world,
I think you've also got to consider that there's a whole lot of psychological factors that,
quite frankly, when you and I were starting out on this cybersecurity journey, Dave, on
I'm guessing 10, 20 years ago or something, that was less of an issue.
So there are certainly very, very valid and very strong points to have anonymity in certain situations.
If I am looking up certain sensitive health things, if I am accessing certain pieces of data,
you want to make darn sure that the privacy, not.
just rights, but the privacy privileges and responsibilities, if you will, of the individual accessing
that is protected and maintained. The company wants to do that from their due diligence and their
fiduciary responsibility who's providing that information. And then the consumer would like
to know that that stuff has been protected. That's incredibly important. But I would venture to say
that that's maybe one, two, three percent of the situations that are out there where somebody is
going to be looking at something super, super sensitive, and you have to be able to have some anonymity.
I think, unfortunately, the criminals, the criminal element people that I certainly dealt with
for decades have exploited that, and they have hidden in the cracks, and sometimes not even hidden very
well because they didn't necessarily have to, that they could exploit this anonymity and
lack of end user.
When you look at some cybersecurity basics of identity and access management when you are a
company and you're trying to figure out who's going on to your machines, that's a very,
very foundational core of cybersecurity.
And I would say in today's world, child safety and the elderly are at the opposite end of the
age spectrum, but they're having the exact same kind of security problems, where you've got people
who are being exploited. The exploitation of trust is hitting both of those segments of our population
very, very severely. I really don't want, if I am a company to allow bad,
actors to be hiding behind anonymity if they're coming on to my service to use it for something
like a financial transaction, which is what RICO is all about. It's a financial transaction.
But more importantly, in a broader sense, I think there's been this terrible exploitation of
anonymity has eroded trust in so many, many ways. So I think one of the reasons you're seeing
so many issues in front of the U.S. Congress right now and certainly within the European Union,
our neighbors to the north, Canada is having similar kind of discussions now about age appropriateness
and age verification and all those sorts of things. I think it really gets all the way back to
trust. Are you the individual at the other end of that keyboard or smartphone? Are you able to be
looking at this stuff? Are you allowed to look at this stuff? If you're a 12-year-old, I think
the allowed is pretty important because you'd like to have some parental control. Elderly
aunt, who just passed away recently, kept thinking, I'm so glad she didn't have a computer, Dave,
because there would have been just hordes of people. It was bad enough with the telephones,
people trying to convince her to send them money. Yeah. I'm curious, you know, given that we're in this
moment where I think it's safe to say that, well, as you pointed out, trust is eroding thanks to
things like deepfakes. How do you propose that we come at this? What do you imagine is a workable
solution? I think a whole lot of it, like if you had to look in the future, I think you've got to
have a system, a platform that's going to look at relationship verification, the authority
verification, authority in this case is, are you the individual who should be accessing it?
Consent verification, depending on what end of the spectrum you're at. If you're the elderly
parent and let's say you, Dave, have power of attorney because your parents are elderly and maybe
they've been already victim of financial fraud or something, you'd like to be able to monitor that,
for lack of better term, to try to prevent some of those frauds for occurring.
That really super comes down to trust verification.
And how is that achievable online?
That is a fabulous, fabulous question.
Again, without going into the history of the Internet,
which I'm sure you're probably more capable of talking about,
trust was never imagined when the Internet was built.
The folks who started the Internet basically,
said we couldn't imagine anyone at one end of the node attacking somebody at the other end of the node.
We just never envisioned that.
So the architecture of the Internet was never built to be secure.
Now, what we society has done is put all kinds of information and sensitive sorts of things online, onto a platform that was really never built to do all of that.
So I think this is where we people like you and I, Dave, may look towards financial institutions because are they going to become the trusted infrastructure layer?
They already have to operate with know-your-customer kind of frameworks.
They already have a lot of regulatory compliance.
They are very good at identity verification.
Even they are having to bump their game up for their fraud prevention systems.
But they could be, this is just as a thought, they can be the kind of.
of folks who could provide trust within some sort of an architecture, within some sort of a network.
Yeah, I mean, that's really the, that's the million dollar question, right?
Who do you trust these days in your day-to-day comings and goings?
What organizations already have your trust?
Yes, that's an excellent point, Dave.
And who already has your trust?
And some of them, I mean, let's be brutally honest.
some of them are not doing this, the financial institutions, because they're wonderful
humanitarians. They are doing it because they have a regulatory, a fiduciary responsibility.
They're handling people's money and they want to keep their customers whole and they don't
want to have problems. I think one of the things the financial industry is doing this brilliant
is training bank tellers today, Dave, that when, again, I don't even know how old your folks are,
but let's pretend they're 80 years old,
if your mom or your aunt
walks up to the teller and says,
I need to withdraw $7,000
and she's got somebody on the cell phone with her,
the teller says,
who's that on the phone with you?
Why are they telling you exactly what to do?
So some of the banks have actually,
and I congratulate them for this,
have started to train tellers
who are the front line
to say,
this person's never wired money.
This person's asking for big cash withdrawal.
Let's pull them aside that customer for a few moments and say,
hey, what's going on?
You know, is your son been kidnapped?
That sort of thing.
And I certainly dealt with that during my FBI days.
Fear, uncertainty, and doubt get injected by fraudsters immediately.
That's Donald Cuddling, CISO, and senior advisor
to Rigo.
What happens when AI agents gain access to the same systems, applications, and credentials
as your employees?
According to Arvind Nithrakechayyip, CTO and co-founder of Rubrik, that reality is already
here.
As AI agents proliferate across enterprise environments, organizations face a growing challenge.
How do you govern systems that operate at machine speed?
To learn more about AI sprawl, the risk it creates,
and how organizations can prepare,
visit explore.
TheCyberwire.com
slash rubric to hear the full conversation.
And finally, security researcher Ian Carroll
set out looking for music festival tickets
and instead stumbled into
what amounted to an all-access backstage pass
to front gate tickets back-end.
With help from Anthropics Claude Opus 4.7,
Carroll bypassed a web application firewall,
exploited a SQL injection flaw,
and gained super admin privileges,
giving him the ability to view customer and staff records,
and in theory, issue unlimited VIP tickets
to events like Bonaroo, Lollapalooza, and South by Southwest.
He resisted the temptation to become the world's most popular festival guest,
and instead reported the flaw,
which Frontgate says it patched within 24 hours,
adding there is no evidence of exploitation or customer impact.
Carol says the episode highlights how AI can dramatically accelerate vulnerability discovery,
even generating novel exploitation techniques on its own.
The bigger lesson, he argues, is that some critical systems remain surprisingly fragile,
held together with less engineering than optimism.
And that's the Cyberwire, or links to all of today's stories.
Check out our daily briefing at thecyberwire.com.
We'd love to know what you think of this podcast.
Your feedback ensures we deliver the insights that keep you a step ahead
in the rapidly changing world of cybersecurity.
If you like our show, please share a rating and review in your favorite podcast app.
Please also fill out the survey in the show notes or send an email to Cyberwire at n2K.com.
N2K's lead producer is Liz Stokes.
We're mixed by Trey Hester with original music and sound design by Elliot Peltzman.
Our contributing host is Maria Vermazas.
Our executive producer is Jennifer Ibin.
Peter Kilpy is our publisher, and I'm Dave Bittner.
Thanks for listening.
We'll see you back here tomorrow.
