CyberWire Daily - The AI race gets a referee.
Episode Date: June 3, 2026AI oversight arrives at the White House. A Cyber Force gains momentum. Critical infrastructure comes under cyberattack. Acer faces zero-day trouble. A stock exchange executive gets spied on for months.... HTTP/2 Bomb threatens web servers. Quantum’s classical side grows bigger. Britain's military chooses Starshield. Spain’s infamous hacker gets sentenced. Our guest is Benjamin Morrell, Vice President, Security Strategy at Coro Cybersecurity, discussing the role of MSPs. Meta’s productivity panopticon pauses for personal pitstops. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today’s Industry Voices, we are joined by Benjamin Morrell, Vice President, Security Strategy at Coro Cybersecurity, discussing the role MSPs are playing in cybersecurity. If you enjoyed this conversation be sure to check out the full conversation here. Selected Reading Trump Signs Executive Order Seeking Oversight of A.I. Models (The New York Times) New cyber force would cost up to $11 billion to start, commission says (The Record) CISA Warns of Cyberattacks Targeting U.S. Tank Gauge Systems (GB Hackers) Acer working to patch max severity zero-days in Wave 7 routers (Bleeping Computer) Espionage Campaign Targeted Stock Exchange Executive for Five Months (Security.com) 'HTTP/2 Bomb' Exploit Knocks Web Servers Offline in Seconds (SecurityWeek) The Classical Advances Needed to Make Quantum Computers Tick (IEEE) Alcasec, "Robin Hood of Spanish Hackers," Jailed for 31 Months Over Data Theft (Hackread) Exclusive: UK adopts SpaceX's Starshield for military operations, sources say (Reuters) Meta will reportedly let employees take 30-minute breaks from its tracking program (Engadget) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyberwire Network, powered by N2K.
Do you know how the space and cybersecurity domains connect?
T-minus space cyber briefing is your guide through the space-based systems that expand the attack surface.
I'm Maria Varmazes, host here at N2K Cyberwire, and I'm excited to share that T-minus is back.
Now, as a weekly podcast, the T-minus Space Cyber Briefing.
We have a new dedicated focus on two great things that are even better together, space and cybersecurity.
Because whether we realize it or not, we all depend on space-based systems that are, by the way, increasingly internet-enabled.
We're talking cybersecurity technologies, policies, and organizations that are securing the critical space-based infrastructure that powers, protects, and connects our lives here on Earth.
So join me for T-minus Space Cyber Reefing, new episodes every Sunday.
Maybe that's an urgent message from your CEO, or maybe it's a deep fake trying to target your business.
Doppel is the AI-native social engineering defense platform fighting back against impersonation and manipulation.
As attackers use AI to make their tactics more sophisticated, Doppel uses it to fight back.
from automatically dismantling cross-channel attacks to building team resilience and more.
Doppel, outpacing what's next in social engineering.
Learn more at doppel.com.
That's D-O-P-P-E-L.com.
AI oversight arrives at the White House.
A cyber force gains momentum.
Critical infrastructure comes under cyber attack.
ASER faces zero-day trouble.
A stock exchange executive gets spied on for months.
HTT2 bomb threatens web servers.
Quantum's classical side grows bigger.
Britain's military chooses Star Shield.
Spain's infamous hacker gets sentenced.
Our guest is Benjamin Morel,
Vice President of Security Strategy at Coro's cybersecurity,
discussing the role of MSPs.
And META's Productivity Panopticon pauses for personal pit stops.
It's Wednesday, June 3, 26.
I'm Dave Bittner, and this is your Cyberwire Intel briefing.
Thanks for joining us here today. It is great as always to have you with us.
President Trump signed an executive order that marks the administration's most significant move
toward regulating artificial intelligence. The order asks technology companies to voluntarily
give the federal government up to 30 days to review advanced AI models before public release,
a scaled-back version of a previously proposed.
90-day review period that was abandoned last month after industry pushback. The decision follows
months of internal debate over AI's impact on national security and cybersecurity. The order also
directs the Treasury Department to establish an AI cybersecurity clearinghouse to assess vulnerabilities
identified by AI systems. Administration officials describe the policy as a way to balance
innovation with security concerns. The move represents a shift from Trump's earlier hands-off approach,
which prioritized helping U.S. companies compete with China. Major technology firms,
including Microsoft, OpenAI, Google, and Anthropic publicly supported the revised order,
calling it a reasonable balance between safety and innovation. However, some industry leaders
remain concerned that government oversight could slow development and eventually lead to stricter regulations.
Growing concerns about AI-enabled cyber threats, public skepticism about AI, and pressure from security
advocates help drive the administration toward a formal oversight process. While the reviews
remain voluntary, supporters argue that companies are likely to comply because of the order's
political significance. Critics, meanwhile, continue to push for mandatory safety testing and government
vetting of advanced AI systems. A bipartisan commission is urging the creation of a dedicated U.S.
cyber force, arguing that the military needs a standalone service focused on digital warfare as cyber threats
from adversaries such as Russia and China continue to grow. The proposed force would cost between
$6 billion and $11 billion to establish, employ roughly 30,000 military personnel,
5,000 National Guard members, and up to 6,000 civilians, and could become operational within
12 to 18 months. The Commission on Cyber Force Generation, a joint effort by CIS and FDD,
contends that current military branches have struggled to provide enough cyber-ready personnel
to U.S. Cyber Command.
Supporters argue a dedicated service would create a sustainable pipeline of cyber talent and
improve long-term readiness.
The proposal arrives as Congress prepares its annual defense legislation, with some lawmakers
already signaling support for measures that would advance the concept.
SISA, along with several other federal agencies, have issued a joint warning about ongoing
cyber attacks, targeting internet-exposed automatic tank gauge systems used across critical
infrastructure sectors.
Attackers are exploiting weak security controls, default credentials, authentication bypasses,
and software vulnerabilities to gain remote access and manipulate system settings.
A successful compromise could disrupt operations, disable alarms, falsify tank readings,
and increase safety and environmental risks.
Agencies are urging operators to remove ATG systems from direct internet exposure,
strengthen authentication, apply patches, enable monitoring, and report suspected incidents.
ACER has disclosed two critical zero-day vulnerabilities affecting Wave 7 mesh routers.
One flaw allows unauthenticated attackers to access log files containing plain-tech,
web and telnet credentials, while the second involves a hard-coded encryption key that could enable
attackers to modify backups and establish persistent backdoor access. Security researcher
Hergo Papp reported both issues. ASER says patches are in development and expected by the end of this month.
Until then, users should disable remote management or restrict remote access to trusted IP addresses to reduce exposure.
Researchers at Symantec and Carbon Black uncovered a highly-target espionage campaign
that compromised the Outlook mailbox of a senior executive at a major global stock exchange
for five months, enabling attackers to steal email data in small, incremental batches.
The attackers used disguised system services, scheduled tasks, and a custom tool built on
a legitimate library to repeatedly extract Outlook mailbox data,
while maintaining persistence on the victim's device.
To avoid detection, the stolen data was exfiltrated through legitimate cloud services,
primarily Dropbox, and later One Drive personal, making malicious traffic appear routine.
The attackers also used public tools, masquerading file names,
and hard-coded Microsoft IP addresses to minimize visibility.
Researchers found no evidence linking the activity to a known threat group,
but the operational focus, long-dwell time, and exclusive targeting of a senior executive's mailbox
strongly indicate an espionage motive aimed at gathering sensitive business intelligence and strategic information.
Britain is reportedly moving some of its military communications onto Star Shield,
the government-focused satellite network built by SpaceX as a more secure counterpart to Starlink.
The shift could make the U.K. one of the first countries outside the United States to adopt the service for operational military use.
Maria Vermazes has more on this story.
Thank you, Dave. Readers is reporting that the U.K.'s military has begun using SpaceX's Star Shield,
which is the version of SpaceX's Starlink satellite constellation,
specifically built for military and government intelligence use. It is not currently publicly known how much the
UK military paid for Star Shield access or how much military data is being routed through the
service, but Reuters says operational traffic started flowing through Star Shield earlier this year.
Now there is increasing urgency for greater data sovereignty, especially in the UK and in Europe,
as governments seek to move away from using U.S.-based services like Star Shield.
That said, the practical reality is that there are not many options for military-hardened
satellite communications in low-earth orbit. That is at least for now. For example, in the EU,
work continues on the EU's own secure low-earth-orbit constellation, the iris squared. In the meantime,
starting earlier this year, five EU nations began routing sensitive data through eight satellites
owned by EU member states via the EU's GovSatcom, which is a patchwork solution making use of
existing orbital infrastructure until the purpose-built iris squared.
comes online, currently projected to occur in 2027.
For the CyberWire Daily, I'm Maria Vermazes from T-Minus Space Cyber Briefing.
Back to you, Dave.
And be sure to check out the T-minus Space Cyber podcast, hosted by Maria Vermazes.
Researchers at Caliph have discovered a new denial-of-service technique called HTT-P-2 bomb
that combines several known vulnerabilities into a powerful attack,
capable of crashing major web servers within seconds.
The exploit chains and H-PAC compression bomb
with slow-loris-style memory exhaustion techniques,
allowing attackers to consume large amounts of server memory
while preventing it from being released.
Caliph estimates the issue could affect more than 880,000 websites.
Researchers noted that OpenAI's codex
helped identify how previously known flaws could be combined,
into a novel and effective attack.
As the quantum computing industry pushes toward larger and more capable systems,
researchers say the often overlooked classical computing infrastructure required to operate them
is becoming a critical challenge.
Quantum computers rely heavily on classical hardware and software for tasks such as qubit calibration
and quantum error correction, both of which grow more demanding as qubit counts,
increase. An article from the I-Triplee says companies including
Nvidia, IBM, Google Quantum AI, Riverlane, and
Q control are developing automated and AI-assisted tools to
manage these processes. AI shows promise for speeding calibration
and decoding errors, though concerns remain about latency
and computational overhead. Experts expect future quantum systems
to be highly hybrid, combining quantum processors with substantial classical computing resources.
As quantum computers scale toward thousands or millions of cubits,
researchers say entirely new approaches to calibration, error correction, and supporting
infrastructure will likely be required.
Spanish hacker Jose Louis Huertas, known online as Alkasek, has been sentenced to two years
and seven months in prison after pleading guilty to stealing banking data belonging to more than
574,000 people. Prosecutors reduced the sentence after the 22-year-old cooperated with
investigators and provided access credentials. Two accomplices also received prison sentences,
and authorities seized cash and cryptocurrency linked to the operation. According to prosecutors,
Huertas gained access to Spanish government systems,
using a stolen digital certificate and fishing techniques that captured court employee credentials.
He then infiltrated judicial networks, stole banking records, and sold the data through online platforms.
Police traced cryptocurrency transactions tied to the scheme,
recovering more than $543,000 in digital assets.
The conviction ends a series of high-profile cybercrime activities that had made Huertas one of Spain's
most notorious young hackers.
Coming up after the break, my conversation with Benjamin Morrill, Vice President of Security
Strategy at KORO's cybersecurity.
We'll discuss the role of MSPs.
And Meta's Productivity Panopticon pauses for personal pit stops.
Stay with us.
What's the one thing in business that's spreading as fast as AI?
AI risk.
Every new tool your team signs up for.
every vendor that turns on AI features, every new integration, each one creates another opportunity
for something to go wrong. And most security programs just weren't built for AI's pace of growth.
Enter Vanta. Vanta is the number one agentic trust platform, used by more than 16,000 fast-moving
companies like Ramp, Cursor, and Harvey to help ensure they're always audit-ready. And now Vanta is helping
companies watch for the risks that show up between audits, across vendors, AI tools, and their
entire environment. The Vanta agent works like a 24-7 GRC engineer in the background, finding
issues, drafting fixes, and cutting vendor assessment time by up to 50%. Whether you're a fast-growing
startup or a global enterprise, Vanta is here to help you automate your security and compliance
and earn and prove trust. Get started today.
at Vanta.com slash cyber.
That's V-A-N-T-A-com slash cyber.
Benjamin Morel is Vice President of Security Strategy
at KORO Cybersecurity,
and in today's sponsored industry voices conversation,
we discuss the role MSPs are playing in cybersecurity.
The smaller media business clients have always relied very heavily on the MSP,
whether it was back then doing just sort of the IT
lift with a little bit of cybersecurity rub because, you know, you would have the firewall that
needs to be configured or the credentials needed to be set and passwords managed, for example.
And now that's expanded. Cybersecurity is this big beast now that almost needs its own attention
and teams from MSPs. And sometimes we get to refer to them as MSPs or managed security
service providers, for example. These guys are still that heavy reliance for these teams. We had
Corro call these end users lean IT. This means that they may have a person in-house that does IT,
but it's not a practitioner of security, for example. And this means that these lean IT teams then
push further up into trying to get professional services from MSPs and MSPs. And so,
therefore, there are this lifeblood to helping these businesses sort of survive without them
needing to find and procure incredible talent that is kind of sparse and very difficult to make
for even larger businesses.
Can we talk about some of the challenges that these SMBs face?
I mean, I know fragmentation is a big problem for them.
There's so many vendors and so many tools that they're relying on.
What are the security consequences of that reality?
Absolutely, absolutely.
So there's a couple of things that are always going to affect the small, medium business,
even the middle enterprise you might describe it as.
Things like cost, for example, will always be on the horizon.
This cost exercise sometimes means that while a larger business or even an SMB might think of going
for the biggest and best on the market, cost is always going to be a differentiator that means that they
can't take that route, which means they sometimes make a call on what might be referred to as risk
based on cost. I won't take that sort of step or no step in that direction because if I can't
have the best, then I kind of won't do anything. And it could be a mindset that sort of makes sense,
but also has a lot of negative impact on how that business's security and risk and posture
to the outside world might look. You then also has, as mentioned, with being lean IT,
they lack sort of the internal knowledge and mindset on how to protect their business.
And for a lot of these guys, it's very similar to insurance. If you've never been popped,
if you've never been touched, you don't really see the problem until it happens. And that might be
too late at that point. The MSP, if we bring them back,
into the conversation. Is that little guiding light to try and go, hey, here's what we can do,
here's what does work with your budget, here's what you guys kind of need, and here's the best
uplift we can get for you. Now, is everyone, even up in the large enterprise, still always
making decisions on risk? Absolutely. Any decision you make to put data somewhere where it could
potentially be touched, any decision to connect one service to another are risks you are taking
and you decide what that risk is worth to you
and what that data being in that location is worth.
The SMB generally has to take maybe risks
that might have a bigger impact
because all my data is now stored in one location
because that's kind of how I have to operate as an SMB,
which means I need to pay more security for that,
but my risk is that all my data's there.
I can't fragment it potentially.
So for us at Koro, for example,
trying to give them something
that gets a much larger span,
their security posture and give them that uplift in a way that is not difficult or hard
and is also not as costly, for example, is sort of the route we try to go and try to avoid
and improve this fragmentation exercise of all of these point products that are great of what
they do, but very difficult for this sort of market to touch, run and even execute within their
businesses. Can we touch on AI? I mean, I think a lot of organizations are having trouble
finding the right balance between dialing in their use of AI and also the potential risks that it
introduces. Absolutely, absolutely. We're seeing this a lot and we're starting to see a lot of news
reports of this sort of stuff come out. Guys like Clorbot, for example, which seems like a great
exercise on the surface of being able to run automation between all of these parts of a business
or even just a user's own parts of the business that they have to operate in. But then you have
this new utility that no one has tested in-house. No one is vetting. No one is making sure it's got
the appropriate guardrails and it's allowed to now just potentially be co-opted by an attacker.
It may have its own bugs and holes that no one is prepared to deal with or has fathed
into what they need to do. So there's this race of attempting to stay ahead of the curb,
getting the most out of this AI boom and potentially trying to see return on that AI boom,
but doing so in a way that you will not prepare to understand the
risks that you've added to your business in doing so. Everyone would like to hope that if you buy
something from a vendor, if you acquire something from what you consider a reputable source,
it shouldn't become a risk to you, but that's not the case. Anything you bring into a business is
needs to be vetted, needs to be understood, needs to know what am I doing with it, what are my
risks that I'm taking with that sort of exercise? And this AI jump is a great example of that.
and we'll continue to see that evolve and we'll continue to see that sort of collapse back in on itself.
And I think there's a big role to play for the MSP and being able to educate that,
okay, cool, we can do this.
We can take you to a point where this AI is potentially assisting you with improving the way your business runs
or crunching data in a faster mechanism or automating these processes that you've done manually for so long,
but we need to sit down and understand what do we need to do with it?
How do we avoid it doing things that doesn't need to that creates unnecessary?
risk for us, let's get the best value return out of it.
I know you and your colleagues use your own platform.
You call yourselves Customer Zero for the platform.
Why is that important?
Why does that matter?
Yeah, absolutely.
Look, I have worked a number of vendors over my time,
and I've been into a lot of businesses as well,
other vendors that do what they need to do within their businesses.
And it's not uncommon to find that there's a bit of a mixed spread
of not entirely using what you sort of make.
And there's a number of reasons for that,
depending on what's required.
One of the things we wanted to do internally
as a business that can sit alongside
and fit into that small, medium sizing,
is what can we do to run it for ourselves
and how can we feel potentially the pain
that a client or a partner might feel
that we as the vendor looking from above
think isn't a problem.
So we took the exercise of,
okay, make sure it's running fully in our own house,
then decide what is it not doing for us, what is it doing for us, and are they things that we
actually need to change? Is there already a tool we're using that we don't really need to co-op?
It's fine the way it is, we can't improve on it, it doesn't give us any value trying to bring it
into our platform, or is there something that we are doing that is quite costly, or the
exercise is a lot of effort to run it in that other location when we could be doing it internally.
Outside of that, it's then my ability to speak directly with people who have the best interest
of what our security internally looks like,
who I can have a very candid conversation with about
what are we doing and why are we doing it this way?
One of the early things I found was we,
as a business, make a lot of decisions and processes
that it's just the way it is.
And we don't consider that there might be a better way to do it
until perhaps someone has actually shown us there is.
The problem is we are expected to be that person to show you
that there's a better way.
So I'm in that middle ground of being overworked with my team
internally and go, what are we doing? Is there a better way we could do it? And is that better way
something we could build into Coro? And does that then have advantages to our partners and our
clients? Or are we just solving our own problem internally? And it's not really worthwhile for
everyone externally. And this is a nice conversation to have, which I can then take as a story to
partners, two clients, and go, are you feeling this? Is this something that reflects on you that
you haven't considered, that you haven't looked into, that you haven't taken advantage of because
it's never been presented to you in this methodology.
Well, given the reality of where we find ourselves right now, the rapid changes that are
being triggered by things like AI, what are your recommendations for the security practitioners
in our audience? Absolutely. You want to focus on trying to get, I guess the other way to put
this would be, don't go chasing the latest and greatest just because it's the latest and greatest.
Be very cautious of people espouting silver bullets. It's always been the case in cybersecurity,
has been since I started, and I'm not even that old. There's always this on the horizon idea
that something is going to solve this. And once we get to that point, this will all be done.
That's not the case. There's always a war that's being sort of ran in the back end, which is,
you know, between people utilizing tools to try and gain access to people using tools,
to try and defend.
And much similar to, say, real war that occurs,
we end up in this situation where this innovation
that gets created for good and bad reasons.
And that will always sort of continue on.
So always try and double down on having a good fundamental understanding
of what you're trying to solve.
Always focus on risk.
What is the risk?
What is the business's appetite for risk?
What do they have the ability to actually spend,
on or run compared to their risk. Don't go, hey, here's the best tech stack in the world where I'm
using everything from top right gardener quadrant and it's going to cost you more than you make
in a year just to function it. You have to sort of understand what you're trying to solve for and
how best you're solving for it and then try and fill in everything else. And there is a lot to be
said about being able to train the users within a business to act as human firewalls. They are
always going to be a part of the cybersecurity discussion.
We see them getting fished for credentials
as still probably the much common method for breaches.
If we can get them to a point where perhaps we're reducing
the amount of breaches that they're involved in,
we can get to a better result overall.
And this isn't a software sort of discussion.
Sure, we can do security awareness training through software platforms,
but at the end of the day, it's still training these individuals.
And if you can make sure that you as perhaps the security practitioner
to keep that in mind, there might be ways to improve businesses that isn't just selling them
a tech stat. It's providing them services. It's providing them guidance. And that goes back to
why are you using AI and what's its purpose for example. That's Benjamin Morell, Vice President
of Security Strategy at Coro Cybersecurity. And finally, META has slightly softened its controversial
employee monitoring program, though not enough to make anyone mistake it for a privacy
initiative. Under the company's Model Capability Initiative, software records employees' mouse clicks
and keystrokes to help train AI systems. Following employee backlash, META now says workers can
pause tracking for up to 30 minutes when handling personal matters, and a limited group of employees
can request exemptions under specific circumstances. For most workers, however, the digital observer
remains on duty. Meta has also improved the software's battery performance, suggesting that if your
computer is going to watch everything you do, it should at least do so efficiently.
CEO Mark Zuckerberg defended the effort, arguing that AI can learn by observing how highly skilled
employees use computers. He emphasized that the data is intended for AI training rather than
performance monitoring, while adding that if the approach proves security,
successful, meta may expand similar programs in the future. In other words, the company has offered
employees a brief intermission, but the show must go on.
And that's the Cyberwire. For links to all of today's stories, check out our daily briefing
at the Cyberwire.com. We'd love to know what you think of this podcast. Your feedback ensures
we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity.
If you like our show, please share a rating and review in your favorite podcast app.
Please also fill out the survey and the show notes or send an email to Cyberwire at n2K.com.
N2K's lead producer is Liz Stokes.
We're mixed by Trey Hester with original music and sound design by Elliot Peltzman.
Our contributing host is Maria Vermazes.
Our executive producer is Jennifer Ibin.
Peter Kilpe is our publisher, and I'm Dave Bittner.
Thanks for listening.
We'll see you back here.
tomorrow.