CyberWire Daily - The cost of trusting the extension ecosystem.
Episode Date: May 20, 2026GitHub confirms a breach tied to a malicious VS Code extension. Anthropic fights a Pentagon blacklist as the White House weighs new AI security rules. Drupal scrambles to patch a critical flaw. Cisco ...Talos tracks the evolution of BadIIS malware-for-hire. Signal adds anti-phishing safeguards, Microsoft cracks down on malware-signing services, and China says foreign spies hijacked domestic routers for phishing operations. Wireless carriers collaborate to kill dead zones. Our guest is Rob T. Lee, Chief AI Officer, Chief of Research, SANS Institute, discussing The Cloud Security Alliance’s “AI Vulnerability Storm” report. A book about misinformation contains helpful examples. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Rob T. Lee, Chief AI Officer, Chief of Research, SANS Institute, sharing Cloud Security Alliance’s The “AI Vulnerability Storm”: Building a “Mythos-ready” Security Program. Selected Reading GitHub confirms breach of 3,800 repos via malicious VSCode extension (Bleeping Computer) Trump AI executive order seeks early government access to frontier models (Axios) DC Circuit slams Pentagon blacklisting of Anthropic as overreach (Courthouse News Service) Drupal Issues Urgent Warning for Highly Critical Core Vulnerability (Beyond Machines) From PDB strings to MaaS: Tracking a commodity BadIIS ecosystem used by Chinese-speaking threat (Cisco Talos) Signal adds security warnings for social engineering, phishing attacks (Bleeping Computer) Disrupting Fox Tempest: A cybercrime service that turned “verified” software into a pathway for ransomware (Microsoft) China’s state security authorities uncover foreign agency using domestic routers as cyberattack proxies; users notice only slower speeds (Global Times) ‘The Future of Truth’ Contains Quotes Made Up by A.I. (The New York Times) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyberwire Network, powered by N2K.
Do you know how the space and cybersecurity domains connect?
T-minus space cyber briefing is your guide through the space-based systems that expand the attack surface.
I'm Maria Varmazes, host here at N2K Cyberwire, and I'm excited to share that T-minus is back.
Now, as a weekly podcast, the T-minus Space Cyber Briefing.
We have a new dedicated focus on two great things that are even better together, space and cybersecurity.
Because whether we realize it or not, we all depend on space-based systems that are, by the way, increasingly internet-enabled.
We're talking cybersecurity technologies, policies, and organizations that are securing the critical space-based infrastructure that powers, protects, and connects our lives here on Earth.
So join me for T-minus space cyber reefing, new episodes every Sunday.
Quick question. Have you watched Project Hail Mary yet?
Humanity is facing an existential threat and racing to solve it with the clock ticking.
For security teams, that probably hits close to home with AI use rapidly spreading.
Everyone's using AI, marketing, sales, engineering.
Chris the intern without security even knowing about it.
That's where Nudge Security comes in.
in. Nudge finds shadow AI apps, integrations, and agents on day one, and helps you enforce policy
without blocking productivity. Try it free at nudgesecurity.com slash cyberwire.
GitHub confirms a breach tied to a malicious VS code extension, anthropic fights a Pentagon blacklist
as the White House weighs new AI security rules. Drupal scrambles to patch a critical flaw.
Cisco Talos tracks the evolution of bad eyes,
malware for hire. Signal adds anti-fishing safeguards and Microsoft cracks down on malware signing services.
China says foreign spies hijacked domestic routers for fishing operations. Wireless carriers collaborate
to kill dead zones. Our guest is Rob T. Lee, chief AI officer at the Sands Institute, discussing
the Cloud Security Alliance's AI vulnerability storm report. And a book about misinformation contains
helpful examples.
It's Wednesday, May 20th, 2026. I'm Dave Bittner, and this is your Cyberwire Intel Briefing.
Thanks for joining us here today. It's great as always to have you with us.
GitHub says roughly 3,800 internal repositories were exposed after an employee installed a poisoned visual studio code or VS code extension.
The company says it detected and contained the compromise.
after isolating the affected employee device
and removing the malicious extension from the VS code marketplace.
According to GitHub,
the attacker accessed GitHub internal repositories only
with no current evidence that customer data
outside those repositories was affected.
The Team PCP hacker group claimed responsibility
on the breached cybercrime forum
and allegedly offered the stolen data for sale
for at least $50,000.
Additional technical details about the extension and affected repositories remain unclear from current reporting.
Developer tools and software marketplaces remain attractive supply chain attack targets.
Malicious VS code extensions have repeatedly been used to steal credentials,
deploy malware, and compromise developer environments at scale.
A federal appeals court panel signaled skepticism Tuesday over the Pentagon,
decision to blacklist AI company Anthropic as a national security supply chain risk.
The dispute centers on Anthropics refusal to remove contractual restrictions,
preventing its Claude AI model from being used for lethal autonomous warfare or mass surveillance
of Americans. Defense Secretary Pete Hegseth barred the company from working with military
contractors in March, arguing Anthropic could impose undisclosed operational restrictions on
military use. During arguments, multiple judges questioned whether the Pentagon stretched a law
designed to address sabotage and foreign threats beyond its intended scope. One judge called the
move a spectacular overreach. The case highlights growing tension between AI safety guardrails
and government demands for unrestricted military access to commercial AI systems. Meanwhile,
the White House is reportedly preparing an example.
executive order focused on cybersecurity and advanced artificial intelligence safety measures.
According to Axios, the draft order would strengthen cybersecurity protections across government and
critical infrastructure sectors while creating a voluntary framework for AI developers to share
certain frontier models with the government before public release. The proposal follows growing
concern around highly capable AI systems, including Anthropics, Mythos, and
OpenAI's GPT 5.5 cyber, which reportedly demonstrated advanced vulnerability discovery capabilities.
A White House official cautioned that discussions around the order remain speculative.
The move signals growing government concern over AI systems with offensive cyber potential,
even as debate continues over how aggressively Washington should regulate emerging AI technologies.
Drupal developers are warning administrators to prepare immediately for patches addressing a highly critical core vulnerability expected Wednesday.
The flaw affects multiple supported Drupal versions and could potentially allow complete website compromise.
The Drupal security team says attackers may develop working exploits within hours of patch release.
Emergency fixes are planned even for some unsupported branches.
though Drupal 7 is reportedly unaffected.
Administrators are being urged to update to the latest bug fix release
before the scheduled patch window and reserve time for immediate deployment.
The warning underscores the ongoing risk posed by widely deployed content management systems
in government and enterprise environments,
where rapid exploitation often follows public disclosure.
Cisco Tellos says a widely used bad ones,
IIS malware variant appears to operate as a commodity malware-as-a-service platform used by multiple
Chinese-speaking cybercrime groups. Researchers traced the malware through embedded demo.pdb development
strings and linked its ongoing evolution to a developer using the alias LWXAT. Talos says the malware has
been actively maintained since at least 2021 and includes builder tools that let threat actors customize
payloads for SEO fraud, malicious traffic redirection, reverse proxying, and content hijacking
on compromised IIS web servers. Investigators also uncovered supporting installer tools,
persistence mechanisms, and antivirus evasion features, including builds designed to bypass Norton
protections. The findings highlight how commercialized cybercrime ecosystems continue to professionalize
malware development, customization, and long-term maintenance for financially motivated operations.
Satellite providers and wireless carriers are betting that dead zones may finally become a thing of the
past. A new joint venture aims to expand direct-to-device connectivity using satellites to fill
coverage gaps in remote and underserved areas. Maria Vermazas takes a closer look at what that
could mean for connectivity, competition, and the growing push to blend terrestrial and space-based
networks.
Thank you, Dave.
The three biggest U.S. wireless carriers are teaming up and will potentially reshape the growing
satellite to phone market in the process.
AT&T, T-Mobile, and Verizon this week announced an agreement to form a joint venture focused
on expanding satellite-based direct-to-device coverage across the United States.
This move puts the three carriers in direct competition with satellite connectivity efforts led by SpaceX and its Starlink service,
which, interestingly enough, already partners with T-Mobile on direct-to-sell capabilities.
In any case, the three providers say they'll pool spectrum resources and create a unified platform
that multiple satellite providers could use rather than relying on exclusive carrier partnerships.
The companies say that the effort, once it completes regulatory approvals and final agreements, of course,
will reduce coverage gaps or dead zones,
improve emergency connectivity during disasters when terrestrial options fail,
and allow for more new satellite-enabled services directly on customer phones.
For the CyberWire Daily, I'm Maria Vermazes from T-Minus Space Cyber Briefing.
Back to you, Dave.
Maria Vermazes is host of the T-minus Space Cyber Podcast.
Do check that out.
Signal has rolled out new in-app warning,
and verification prompts designed to slow down fishing and social engineering attacks
targeting its users.
The changes follow recent campaigns in which attackers posing as signal support
tricked victims into linking rogue devices to their accounts through QR codes or one-time
verification codes.
According to public warnings from the FBI and European authorities, the activity has been
linked to Russian state-sponsored actors targeting high-profile individuals.
Signal's new safeguards include name-not-verified labels for unknown contacts,
warnings about accounts with no shared groups,
and reminders that Signal will never request registration codes, pins, or recovery keys.
The update reflects growing concern over social engineering attacks
that bypass technical defenses by manipulating user trust
rather than exploiting software vulnerabilities.
Microsoft says it's disrupted a cybercrime service,
called Fox Tempest that helped attackers disguise malware as legitimate software using fraudulently
obtained code-signing credentials. According to Microsoft, the malware signing as a service operation
enabled ransomware groups and other threat actors to bypass security warnings by making malicious
files appear trusted. The company says it seized infrastructure tied to the operation,
disabled fraudulent accounts, and disrupted hundreds of virtual machines supporting the service.
Microsoft linked the platform to ransomware operators, including Vanilla Tempest,
and malware families such as Oyster, Luma Steeler, Vidar, and Rysida.
Investigators say the operation used fake identities and automated infrastructure
to obtain signing credentials at scale.
China's Ministry of State Security says a first one.
Foreign intelligence agency compromised domestic routers and used them to conduct fishing attacks
against personnel at key institutions. According to the MSS, attackers hijacked vulnerable routers
inside China and used them as proxy infrastructure to send phishing emails disguised as review
invitations or traffic violation notices. Victims were redirected to fake login pages
designed to harvest credentials before being forwarded to legitimate-looking sites.
Authorities say attackers then accessed compromised email accounts to steal sensitive information.
Many affected users reportedly noticed only degraded internet performance, unexpected reboots, or
connection instability. The MSS says compromised devices often relied on outdated hardware,
weak passwords, or enabled remote management features. The incident high-levels.
how poorly secured edge devices continue to provide attackers with covert infrastructure
for espionage and credential theft campaigns.
Coming up after the break, my conversation with Rob T. Lee discussing the Cloud Security
Alliance's AI Vulnerability Storm Report, and a book about misinformation contains helpful
examples. Stay with us.
Rob T. Lee is Chief AI Officer and Chief of Reef.
research at the Sands Institute, I caught up with him to discuss the Cloud Security Alliance's
recently published AI Vulnerability Storm Report.
The significant rise in vulnerabilities discovered through the latest AI models has skyrocketed
to the point where the Zero Day Initiative, led by Surge app, has queued.
And this is again data that he shared it unprompted back in early March.
had queued almost 3,000 vulnerabilities that have not been patched yet,
because it's just really hard for folks to, you know, wrap their head around those
and also get them deployed inside organizations.
With Mythos, it is a measurable increase in the capability and speed
that allows these vulnerabilities to be found.
and this results in an even larger wave of potential vulnerabilities being discovered.
That is one of the reasons why a lot of organizations are saying, what do we do?
How do we approach this?
Not just say, hey, you know, it's really hard for us to know what to respond to.
It feels overwhelming.
And here's a step-by-step guide of how to look at it.
What is your priority actions?
And what are those risks that are mapping to those priorities?
action is going to be.
Before we dig into the details
of the report, I've seen
commentary from some experts
saying that
mythos is just
marketing driven, that it's really not
a big game changer. Other models are
capable of doing the same thing that
mythos is. Does that
really matter? It matters,
but also is
a opportunity.
Folks that are
looking at it
the lens of obviously
anthropic
did press releases around it.
They're trying to look at this
from the lens of look at the good we're doing,
we're pumping the brakes.
It did get noticed by a lot of teams
and organizations that have not
had their security teams
get a lot of questions
toward it over the past few years.
Hiring's been flat.
New skill development has been flat.
So when you have
something that elevates to,
executive or board level,
that's the opportunity.
And we're not saying that there's this ambulance chasing
because it's not.
And I think some folks out there are pointing out
that say, hey, this is now
called Tuesday, same Tuesday that we had
last week. It just may be quicker.
They're also not wrong, but where I
nudged them a little bit, and I'm, you know,
look at them from across the table, I said, but
are we having a conversation about it today?
That's made the national news.
And then they take a step back and say,
okay fair point i said that could help get the needed resources to help handle this so we're saying
it's not new cool but what is new is that it's finally gotten attention well let's dig into some of the
details of the report here what are some of the things that really caught your eye well when we were
writing it um the things that we debated heavily uh were you know how much are we leaning into you know
how fast do organizations
spin out the vulnerability
analysis and
code analysis to be able to find these zero days
it was debated
there some of the other priority actions
in terms of this the first priority
or second priority
those type of things
ended up being heavily debated
as to when you're
what do you mean by organizations
that are not agent first
in doing this type of workflows
and if you don't
have a good governance policy set, none of this is going to matter whatsoever about how you're using
AI and agents to do any of this work. So there's some prerequisites, you know, it's almost like
you're trying to get to a workout. You need to have proper sleep and a proper diet before you even
decide to say, I'm going to go on a, you know, short run. And it's, you know, when people are sometimes
just want to know, like, how do I train for the, for the marathon, they want to go directly
to running, but you still need to really emphasize the basics, which are in many cases
organizations haven't kept their policies up to date and aren't leading with agent-driven
AI capabilities first.
It's a really interesting perspective.
I mean, you know, using the analogy of prepping for a race, it seems like there's probably
a lot of organizations out there who have been procrastinating in their preparation.
And so I could see this being a bit of a wake-up call for them.
Oh, very much so.
What do you think SISO should be doing faced with this reality?
What are the immediate things that need their attention?
To have discussions with their teams.
And I think that's the first step is education
in understanding like where does the,
trying to look at it through it, you know, several different lenses,
which is, you know, it starts the discussion.
What is our current risks that we are, you know,
trying to identify what do we do about those.
And it really is a, every organization out there is utilizing not only potentially their own codebase,
they're relying on others' code bases, you know, with a Versal attack or compromises
past week and others.
It shows that you still need to get your vendors accountable for them following through
on Mythos and other AI vulnerability analysis as a whole.
So two things are.
occur from this. Number one is a highlight that the speed and acceleration of AI augmented vulnerability
discovery and autonomous AI attacker behavior is starting to put additional pressure on teams to be able to
respond quick or detect faster and be able to mitigate with current patches. And with that,
the only way that you could increase speed is by using your own AI augmentation at the
the same time. So if you're looking for that lens in particular, there are risks by not moving
faster or, you know, waiting for others to move. You can't be waiting for the first movers and then,
you know, adopt. You need to start thinking about it from the lens of we need to start moving
faster. Otherwise, the entire organization is a risk or code base, you know, there's, you know,
and it's not overarching to say that these things are going to be found in droves. That's what we call,
you know, kind of joke beyond the scenes, you know, the zero-day cataclysm, you know, what some people,
point toward.
The second thing
that organizations
need to take a look at
is your current
team
prioritizations and segmentations
correct. And a lot of teams
are dedicated to security operations and some
response. They may not have enough of folks
that are focusing on vulnerability
operations.
Volnapps is what a lot of folks are calling it now
to discover and find
these vulnerabilities before the
attackers do, and then you're dealing with an incident versus trying to be proactive.
Both of these things are equally true. So you have the, they're speeding up, and you can't just
wait and hope. Hope is on a strategy, as we know. And then two, you need to potentially reprioritize
your team and see if they have the skills to start being more proactive using this code analysis
on your code pipelines. Tell me about the cloud security alliance. I mean, looking through both the
authors and the contributing authors to this report. It is quite a who's who of heavy hitters
when it comes to the cybersecurity community. Well, the organizations, I'm not with the cloud
security lines. That's another, we're all partners. I'm with Sands. And a lot of the folks that we
had reviewed this, you know, so it was led by a lot of these organizations because it was, you know,
Gotti, Rich Mogle, and myself. And then we essentially started passing it a
around to our friends and saying, hey, would you do a core review or would you like to be a contributor?
So it's through these organizations that have a clear mission stake in trying to further cybersecurity
as a whole. And then we're bringing in those in the community that have the strongest voices
to also get their input and align behind these recommendations.
That's Rob T. Lee from the Sands Institute and the Cloud Security Alliance.
The Madamy Holmes bike for brain health
supporting Baycrest returns on May 31st for its fifth anniversary
with a new start and finish at the Aga Khan Museum.
Join thousands of cyclists as we take over the DVP
and Gardner Expressway in support of dementia research and brain health.
Riders of all abilities are welcome
and both regular bikes and e-bikes can participate.
Bring your friends, family, or corporate team, and make an impact.
Register today at bikeforbrainhealth.ca.
And finally, a non-fiction
book warning about artificial intelligence and the erosion of truth has run into an awkward problem.
Several of its quotes appear to have been invented by AI.
Author Stephen Rosenbaum acknowledged that the future of truth included what he called
improperly attributed or synthetic quotes after reporting by the New York Times identified
multiple fabricated or altered citations. Among them were quotes falsely attributed,
attributed to tech journalist Kara Swisher and psychology professor Lisa Feldman Barrett.
Rosenbaum said he used chat GPT and clawed during the research and editing process
and is now reviewing the book with editors for corrections.
Some quotes were entirely fabricated, while others blended authentic ideas with wording sources
said they never used.
The episode lands squarely in the publishing industry's growing anxiety,
over AI-assisted writing, where even a book about misinformation can apparently hallucinate its own
footnotes. And that's the Cyberwire. For links to all of today's stories, check out our daily
briefing at the Cyberwire.com. We'd love to know what you think of this podcast. Your feedback ensures
we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity.
If you like our show, please share a rating and review in your favorite podcast app.
also fill out the survey in the show notes or send an email to Cyberwire at N2K.com.
N2K's lead producer is Liz Stokes.
We're mixed by Trey Hester with original music and sound design by Elliot Peltzman.
Our contributing host is Maria Vermazis.
Our executive producer is Jennifer Ibin.
Peter Kilkey is our publisher, and I'm Dave Bittner.
Thanks for listening.
We'll see you back here tomorrow.
Previously, attackers broke into systems.
Now, they're chaining identities together to move through your environment unnoticed.
We recently spoke with Justin Kohler from SpectorOps about how attackers are exploiting common identity configurations across today's hybrid environments.
Attackers are compromising one account and moving on to the next until they reach the administrator access and high-value targets thereafter.
And with AI, these attacks are becoming cheaper to execute and easier to scale, putting more organizations at first.
risk. If you want to understand what identity attack path management looks like and why it matters
for defending modern environments, listen to our full conversation at explore.thecyberwire.com
slash specterops. That's explore.com. Thecyberwire.com slash specter ops.