CyberWire Daily - The parallel war online.
Episode Date: March 2, 2026Cyberwar shadows the US Israel attack on Iran. Hackers hijack Pakistani news broadcasts. President Trump orders all federal agencies to stop using AI technology from Anthropic. The Health Care Cyberse...curity and Resiliency Act clears a hurdle. A new RAT streamlines double extortion attacks against Windows systems. CISA updates warnings on a zero-day targeting Ivanti Connect Secure devices. A North Korea-linked group targets air-gapped systems. Monday business breakdown. On our Afternoon Cyber Tea segment from Microsoft Security, host Ann Johnson speaks with Rob Suárez, Vice President and Chief Information Security Officer at CareFirst BlueCross BlueShield, about cybersecurity in healthcare. Tim Starks from CyberScoop has the latest goings on at CISA. Microsoft says the slop stops here. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Tim Starks from CyberScoop as he is discussing ongoing challenges at CISA. If you are interested in this topic, you can learn more here. Afternoon Cyber Tea On our Afternoon Cyber Tea segment from Microsoft Security, host Ann Johnson speaks with Rob Suárez, Vice President and Chief Information Security Officer at CareFirst BlueCross BlueShield, about cybersecurity in healthcare. You can hear the full conversation here, and catch new episodes of Afternoon Cyber Tea every other Tuesday on your favorite podcast app. Selected Reading US-Israel and Iran Trade Cyberattacks: Pro-West Hacks Cause Disruption as Tehran Retaliates (SecurityWeek) Western Cybersecurity Experts Brace for Iranian Reprisal (BankInfo Security) Pakistan’s Top News Channels Hacked and Hijacked With Anti-Military Messages (Hackread) Anthropic confirms Claude is down in a worldwide outage (Bleeping Computer) Trump Orders Government to Stop Using Anthropic After Pentagon Standoff (New York Times) OpenAI Will Deploy AI in US Military Classified Networks (GovInfo Security) Senate Health Cyber Bill Clears Committee Hurdle (GovInfo Security) Double whammy: Steaelite RAT bundles data theft, ransomware (The Register) CISA warns that RESURGE malware can be dormant on Ivanti devices (Bleeping Computer) North Korean APT Targets Air-Gapped Systems in Recent Campaign (SecurityWeek) Astelia secures $35 million in combined seed and Series A funding. (N2K Pro Business Briefing) Microsoft gets tired of “Microslop,” bans the word on its Discord, then locks the server after backlash (Windows Latest) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyberwire Network, powered by N2K.
These days, attackers rarely start with a bang.
They start quietly, a leaked credential, a stolen session cookie, a look-alike domain that shouldn't exist.
That's where Nord Stellar comes in.
Nord Stellar is a threat exposure management platform that helps organizations see what attackers already know about them
before it turns into an incident.
It brings together data breach monitoring, dark web monitoring, attack,
surface management and cyber squatting detection in a single platform.
That means visibility into leaked credentials and malware logs,
insight into brand impersonation attempts,
and a clear picture of exposed internet-facing assets and shadow IT.
For Sissos, it's a way to reduce response costs,
prioritize real risk, and communicate clearly with the board.
For security teams, it's real-time alerts,
contextual intelligence, and faster investigations without the noise.
Most companies only react after the damage is done.
Don't wait until your data is already for sale.
Protect your business today with Nord Stellar.
Learn more at Nordstellar.com slash Cyberwire Daily.
Don't forget to mention Cyberwire 10 for an exclusive offer.
Cyberwar shadows the U.S. Israel attack on Iran.
Packers hijacked Pakistani news broadcasts.
President Trump orders all federal agencies to stop using AI,
technology from Anthropic. The Healthcare Cybersecurity and Resiliency Act clears a hurdle. A new rat
streamlines double extortion attacks against Windows systems. SISA updates warnings on a zero-day
targeting Avanti-connect secure devices. A North Korea-linked group targets air-gapped systems.
We've got our Monday business breakdown on our afternoon CyberT segment from Microsoft.
Anne Johnson speaks with Rob Suarez, Vice President and Chief Information Security Officer
at Care First Blue Cross Blue Shield
about cybersecurity in health care.
Tim Starks from CyberScoop
has the latest goings on at SISA,
and Microsoft says
the slop stops here.
It's Monday, March 2nd, 2026.
I'm Dave Bittner,
and this is your Cyberwire Intel briefing.
Thanks for joining us here today.
Welcome to March.
It's great to have you with us.
The escalating conflict
between the United States
Israel and Iran has unfolded alongside a parallel cyber campaign marked by widespread disruptions,
infrastructure targeting and mounting warnings of retaliation.
After coordinated U.S. and Israeli airstrikes on February 28th killed Iranian supreme leader
Ali Khamenei and other senior officials, Iran responded with missile and drone attacks on
U.S. bases and Israel, causing limited casualties and damage. In cyberspace, reported U.S.-Israeli
operations disrupted Iranian news outlets, government services, and Islamic Revolutionary Guard
Corps communications, and allegedly included distributed denial of service attacks and deeper
intrusions into energy and aviation systems. A prolonged nationwide internet blackout
followed, though it remains unclear whether that outage stemmed from external cyberactivity or
internal government controls. Iranian and pro-Iranian groups have since escalated activity
targeting Israeli industrial control systems, regional fuel infrastructure, and U.S. and Israeli
logistics providers. Security firms warn that reconnaissance and denial of service attacks may
precede more destructive operations, including data wiping malware and ransomware.
While impact claims on all sides may be exaggerated, experts caution that cyber operations are
now tightly integrated with kinetic conflict, raising risks for critical infrastructure
across the region and in Western nations.
Several major Pakistani news channels were disrupted on March 1st after hackers hijacked
satellite broadcasts during peak evening programming. The breach occurred shortly after Iftar and
continued into the widely watched 9 p.m. bulletins displaying unauthorized anti-military messages,
urging citizens to oppose the armed forces. Geo News said it had been battling hacking attempts
for nearly 24 hours before the intrusion. While authorities have not issued a formal statement,
reports suggest retaliatory cyber attacks followed, allegedly targeting Indian media outlets.
Investigations are ongoing.
President Trump ordered all federal agencies to stop using artificial intelligence technology from Anthropic,
escalating a dispute over how its systems can support military operations.
Defense Secretary Pete Hegeseth designated Anthropic a supply chain risk to national security,
a rare label typically applied to foreign adversaries,
effectively barring military contractors from working with the company.
Anthropics said it would challenge the decision in court,
calling it unprecedented and legally unsound.
The clash centers on the Pentagon's demand for broad, unrestricted access to Anthropics' AI models.
The company refused to allow uses involving fully autonomous weapons or mass domestic surveillance.
The directive could disrupt intelligence analysis at agencies such as the NSA and the CIA,
which rely on Anthropics Clod system and force a transition to alternative AI providers.
Speaking of Claude, there are reports of a significant outage with elevated error rates affecting users across web, mobile, and API platforms this morning.
The incident appears to be widespread rather than confined to a specific region or search.
Service. Users may see failed requests, timeouts, or inconsistent responses. Elsewhere, OpenAI said it has
reached an agreement with the U.S. Department of Defense to deploy its large language models on classified
military networks. CEO Sam Altman announced the deal shortly after President Trump ordered
agencies to stop using rival Anthropics technology. Altman said the agreement includes prohibitions
on domestic mass surveillance
and requires human responsibility
in the use of force,
including autonomous weapons.
It remains unclear
how quickly OpenAI's models
can be integrated into classified defense systems.
A bipartisan group of senators
has advanced the Healthcare Cybersecurity and Resiliency Act
with the Senate Health, Education, Labor, and Pensions Committee
voting 22 to 1 to send the bill to the full Senate.
The legislation aims to strengthen health care cybersecurity by requiring updated federal guidance,
including support tailored to rural medical practices and improve coordination among agencies.
The bill would codify key elements of a proposed overhaul of the HIPAA security rule,
mandating measures such as multi-factor authentication, encryption, and regular audits, including penetration testing.
It also directs the Department of Health and Human Services to a staff,
additional minimum standards based on emerging threats.
The measure includes grants and training for under-resourced providers.
Lawmakers say the bill could improve sector resilience,
though its prospects in Congress remain uncertain.
Researchers have identified a new remote-access Trojan called Steelite
that streamlines double-extortion attacks against Windows 10 and 11 systems,
marketed on cybercrime forums as fully undetectable,
the malware combines ransomware, data theft, credential, and cryptocurrency stealers,
and live surveillance tools into a single browser-based control panel.
According to researchers at Black Fog, SteelLight begins harvesting browser-stored passwords,
session cookies, and tokens as soon as a victim connects,
even before an operator issues commands.
Its dashboard includes remote.
code execution, webcam and microphone access, key logging, hidden remote desktop protocol
access, and ransomware deployment. A built-in cryptocurrency clipper can swap wallet addresses
during copy-paste operations. By integrating data ex-filtration and encryption in one platform,
steel light lowers the barrier for criminals to conduct double extortion attacks. Sisa has released
updated technical details on
Resurge, a malicious implant
used in zero-day attacks
to compromise Avanti-Connect
Secure devices. The vulnerability
was reportedly exploited
since mid-December 2024
by a China-linked threat actor
tracked by Mandient as
UNC 5221.
Resurge is a 32-bit
Linux shared object file
that acts as a passive command and
control implant. Instead of
beckoning out, it waits for
specially crafted inbound TLS connections, using fingerprinting and a forged Avanti certificate
for authentication to evade detection. Once validated, it establishes encrypted mutual TLS sessions
for covert access. The malware also includes log tampering capabilities and boot-level
persistence, allowing it to survive reboots. Cicill warns the implant may remain dormant and
urges administrators to use updated indicators of compromise to detect and remove infections.
Z-Skaler reports that North Korea linked APT-37, also known as Scarcroft and Ruby Sleet,
has deployed five new tools in a campaign targeting air-gapped systems.
The operation, discovered in December 2025, uses malicious LNK files to launch power shell scripts
and in-memory payloads.
A loader called Restleaf retrieves shell code from Zoho WorkDrive,
ultimately deploying Snake Dropper,
which installs a backdoored Ruby runtime for persistence.
Snake dropper drops Thumbs BD,
a backdoor that uses USB drives as bidirectional relays
to exfiltrate data and receive commands,
and virus task,
which spreads via malicious shortcut files on removable media.
Z-scaler also observed an Android surveillance tool called Footwine.
Researchers warn the toolkit is designed to bypass network isolation
and recommend close monitoring of endpoints and physical access points.
Turning to our Monday business breakdown,
cybersecurity investment and consolidation continue across global markets
with multiple funding rounds and acquisitions announced this past week.
Israeli exposure management firm Astilia raised $35 million in seed and Series A funding
to expand its AI-driven analysis, partnerships, and global teams.
Lithuania-based compliance startup Koppla secured 6 million euros to support product expansion
and growth across the EU and beyond.
Saudi GRC automation platform Solid Range raised $2.4 million to advance its AI
powered governance and compliance roadmap. In the U.S., Virginia-based AI assurance startup hard-shell
closed $1.1 million in preceded funding to grow in regulated sectors such as health care and defense.
M&A activity was also active. Arctic Wolf acquired Sevco Security to strengthen exposure assessment
capabilities. Booz Allen Hamilton agreed to acquire MSSP defy security. Valiant solutions acquired
Abile Group, Quick Start, bought training platform Iron Circle,
and UK-based Littlefish Group acquired MSSP Stripe OLT.
Be sure to check out our weekly pro-business briefing that is on our website and is part
of Cyberwire Pro.
Coming up after the break, Microsoft's Ann Johnson speaks with Rob Suarez from Care First
Blue Cross Blue Shield about cybersecurity and healthcare.
Tim Starks from CyberScoop has the...
latest goings-on at SISA, and Microsoft says the slop stops here. Stay with us.
Maybe that's an urgent message from your CEO, or maybe it's a deep fake trying to target your business.
Dopple is the AI-native social engineering defense platform fighting back against impersonation and
manipulation. As attackers use AI to make their tactics more sophisticated, Dopple uses it to fight back.
from automatically dismantling cross-channel attacks to building team resilience and more.
Doppel. Outpacing what's next in social engineering.
Learn more at doppel.com.
That's D-O-P-P-E-L.com.
No, it's not your imagination.
Risk and regulation really are ramping up.
And customers expect proof of security before they'll sign that deal.
That's where Vanta comes in.
Vanta automates your compliance process and brings compliance process and brings
compliance, risk, and customer trust together on one AI-powered platform. Whether you're preparing for
SOC2 or managing an enterprise governance, risk, and compliance program, Banta helps keep you secure
and keeps your deals moving. Companies like Ramp and Writers spend 82% less time on audits with Vanta.
That's not just faster compliance, that's more time for growth. Take it for me. If you're
thinking about compliance, take the time to check out Vanta.
Get started at vanta.com slash cyber.
Anne Johnson is host of the Microsoft Security Afternoon CyberT Podcast.
In a segment from this week's show, she sits down with Rob Suarez,
Vice President and Chief Information Security Officer at Care First Blue Cross Blue Shield,
to talk about cybersecurity in health care.
Today I am thrilled to welcome Rob Suarez,
Vice President and Chief Information Security Officer at Care First Blue Cross Blue Shield.
Rob, welcome to afternoon CyberT.
One of the things that stands out in your approach is you, and I met with you,
I've heard you talk about the human element, both patients and also your team and the team
within the organization and culture.
Can you talk a little about your people behind the mission?
You've led global cybersecurity teams across multiple industries.
What have you learned about building teams that not only defend, but also believe in
mission behind the work. It goes back to what we were talking about when it comes to how rapid
change takes place in cybersecurity and all of the different types of cybersecurity threats that we
need to focus on and protect against. It can be overwhelming. And in fact, healthcare, it's even
more daunting because there is a patient at the end of everything that we do. And I believe,
that a purpose-driven team always outperforms and it allows us to focus on where we need to pay
attention and apply more pressure, apply more rigor in security. Care First emphasizes a human
impact of cybersecurity and connecting technical tasks to patient safety and community health. As
leaders, we cultivate this by sharing real-world stories, investing in professional development,
and creating a culture around a mission,
at Care First, that's making healthcare affordable and accessible to everyone.
And as we've seen cyber attacks in the past have incredible impact
on the financial performance of organizations.
Those dollars in healthcare, when there is a ransomware attack,
those dollars that are spent on recovering systems,
can go towards achieving better health care outcomes
for patients. And we can look at the cost of services in your local community, for example,
whether it's non-medical emergency transportation or transportation to the hospital,
or it's a preventative colorectal cancer screening, or if it's diabetic testing strips and getting
a 30-day supply, there's a cost tied to each of those healthcare services. And when cyber attacks
happen, it detracts from those being able to afford those different types of services.
And so I feel that is where you start to cultivate a sense of purpose in my world of
healthcare cyber security. It's a conversation around how our work impacts patients and their
well-being. I love that. I love that you just tie it back to patients and their well-being.
And one of the things that you also have responsibility for beyond patients and the day-to-day
operations of the program and the team is the board you have to influence the board
CSOs are more and more frequently having to influence their board in health care you're
also influencing your clinicians you know doctors and nurses and medical
professionals that just want to deliver care and don't want to be inconvenienced
you're having to influence policymakers and of course you're having to convince
patients to trust you when you think about all of that in context of cyber risk
how do you translate cyber risk into language that inspires action and
rather than making people fearful?
Well, in healthcare, I believe we need to reframe risk as a shared opportunity for resilience,
using plain language and relatable analogies.
Instead of fear-based messaging, communications need to highlight empowerment.
Your action protects health.
The metrics and dashboards are designed to show progress, not just exposure.
And so there is a sense of confidence that we need to have when we're practicing cybersecurity.
And that allows us to be even more transparent around cybersecurity risks and the vulnerabilities
because you can't protect what you don't know.
I think that's a great phrase that everyone has to actually keep remembering.
You can't protect what you don't know.
When I talk to CSOs and I'll say to them, what is your number one issue or what is
your number one problem.
And they all save visibility.
It doesn't matter where in the world I am.
Doesn't matter the size of a company.
Doesn't matter the industry.
They are concerned about what they can't see.
They are concerned about network devices.
They are concerned about the rogue tenants that now they're concerned about rogue AI, right?
The agenic world, shadow agents.
So thinking about that and thinking to the future, because we are going to see a proliferation
of agents, we are going to see a proliferation of agents, to drive productivity, to drive
research in your field to drive better medical outcomes. If you could redesign the CISO role for the
next decade, not the past decade, what would you change about how the role is measured, how the role is
structured, and how the role is empowered? And I believe the future of the CISO should be measured
on trust outcomes and resilience, not just compliance. The role must expand beyond technology to influence
culture, ethics, and innovation, even as part of the overall strategy of an organization, even in the title,
this job is no longer just about information security. And certainly empowerment comes from
board level visibility and authority to shape enterprise risk postures holistically. I think
that reporting structure to the board is incredibly powerful.
I think the other part is the ability to peer into our lines of businesses and influence,
have a seat at the table when it comes to decisions of how the company will change
and provide different services into the future, enabling technology,
but also factoring in all these other forms of risk that may impact the value that we're providing to people, to patients.
Be sure to check out the.
complete afternoon CyberTee podcast wherever you get your favorite shows.
It is always my pleasure to welcome back to the show. Tim Starks, he is a senior reporter at CyberScoop.
Tim, welcome back.
Good to be back.
So Tim, I feel as though these past few days, past week or so, you have been really putting
the scoop into the CyberScoop name with some of the stories you've been publishing here.
By my account, certainly you were the first that I saw in my
review of the news, who had this story on Mr. Gada McCalla out as the director or acting director
of Sisa.
Yeah, I think there was another outlet that got there first, but in terms of cyber world,
yeah, maybe we were the first people to write about it.
It's a big deal, obviously.
You know, Dr. Gata McCalla has been leading the agency for quite a time now.
And, you know, the reviews were not stellar, I would say.
Maybe that's an understatement.
Well, it just struck me as maybe not being a good fit.
Do you think that's a good way to frame it?
Yeah, I think he went from the chief information officer of a small state to running a
multi-billion dollar agency.
And, you know, the people who have said nice things about him will say that he's got a good
technical background.
But suddenly he was doing a lot of policy stuff and doing a lot of kind of big level things
that maybe he wasn't equipped to do.
There were the stories in Politico
that were pretty damning about his use of chat GPT
and him not passing a polygraph.
One phrase that somebody used to describe his leadership to me
was amateur hour.
It feels strange to talk about someone else
in those kinds of stark terms,
but those are the terms people used to me.
Yeah, he wasn't, he didn't have the experience,
he didn't have the background.
He's leaving to go,
take a DHS role that sounds more like the kind of role he'll be good at.
So we'll see how that works out.
So stepping in for him is Nick Anderson, who was executive director for cybersecurity at SISA.
Do I have that right?
You do.
Yeah.
And he is someone who I think people aren't dazed about.
He's someone who has been doing a lot of work, I mean, a lot of the public-facing work that Siza has been doing.
He's been the one doing it.
He's been the one leading the background calls.
I don't mean on background.
I mean, the calls with reporters to talk about binding operational directives.
He's got both a tech and policy savvy.
He has a good reputation beyond that.
I don't think of him as, you know, one of the things that people dinged Dr. Gotti McCull for was that they, you know, on the hill, people thought he was kind of hiding a reorganization plan from them.
Whether that was justified or not, that's the, but that was the perception.
I don't think anybody thinks of Nick Anderson as a dishonest broker right now.
Certainly he's had to deliver some news about the future of the agency that wasn't well received because it was involving cutting back on missions.
But I don't think anybody thinks, oh, this guy is a problem.
Right.
I think they think he's a sharp operator.
That's the impression I've gotten.
I haven't had the opportunity to speak with him, but pretty unanimously, the folks I know who have worked with him have been impressed.
And as you say, they're looking at him as being a sharp.
sharp operator and I think looking forward to his leadership.
Yeah, I think if, you know, it would have been interesting maybe to see what this
CISA leadership would look like if it was as intended where Sean Planky was there as
director and Dr. Gata McCullough was there as deputy director.
Maybe that would have been a better situation than we've ended up with.
I don't know, but when I think of the kind of person who probably should be the acting director
based on their abilities and everything, I think that Nick Anderson makes perfect sense.
well let's wind the clock back an extra day or so to the report that you put out that was
categorizing cissa as being in real trouble here yeah so i you know i heard from a couple
people this you know may have played a role uh and what and the decision making i don't know
i don't know for sure but i've heard from a couple different people that it did it was a pretty
comprehensive look at where ciss is as an agency and normally with stories like this when i'm calling
people who I think are going to be maybe want to cheerlead the administration, right?
Like a Republican in Congress or people in industry who like the idea of a less regulatory
approach to cyber, normally I would expect them to lead with this is what SISA is doing well.
We wish they would do these things better also.
Instead, it was pretty much Siss is not doing this well, Siss is not doing this well, Siss is not doing this well.
And I literally got to the point in a call with one industry person, I'm like, what is Sisa
bringing to the table right now?
And that person just said, it's hard to think of anything good to say right now.
It's an agency that has lost a third of its personnel.
It's lost a lot of its expertise, you know, not just losing volumes of people,
but losing people who have been at the agency for a very long time.
And that's led to a loss of capabilities.
I mean, from things like international relations, things like providing services to state and local government,
election security, coordination with industry.
A lot of people in industry say they can't get meetings with SISA,
because there just aren't the bodies in place.
it's a pretty dire circumstance to pretty much everybody I spoke to except for one
who was I think being a little bit more optimistic than others
but I talked to lots and lots of people and almost everybody to a one was like
it's in bad shape and maybe maybe even in harsher terms than that obviously
yeah it strikes me as really being a tough time to be a good faith public servant
these days at places like sissa yeah and you know I I think you and I've talked about
this briefly before, but, you know, there might come a point where, and people have talked about
hoping this will be the case, that when Sissa has its full leadership, they will staff back up.
Maybe they will, maybe they won't. I don't know. But there are legitimate worries about who
would want to go work there. You know, the way they push people out, you know, some of the stuff
didn't even make the story about them doing management directed reassignments, MDRs, I believe,
is the acronym, sending people to parts of the country that don't want to work for, working.
And a short notice, giving them basically ulterior motives, not an ulterior motives, but like ultimatums, to say, you got to do this or you can't work at Sissa.
And so a lot of people said bye.
Yeah.
And a lot of people didn't like being treated that way.
There was a sort of a grim note toward the end of my story.
I was talking about what is the cause for optimism for Sissa right now?
And Jim Lewis said, you know, on the plus side for Sissa, it's a bad labor market.
Wow.
And I'm like, that's kind of a rough situation to be in when that's good news.
Right.
People might be desperate.
Yeah.
You know, I consider myself something of a patriot.
I want America to succeed.
I write these stories because I want to call attention to things that could be better and need to be better.
Right.
So I'm hopeful that that is not the case.
I'm hopeful that they won't just get desperate people.
I hopeful they'll get qualified people.
And again, that's if they build back up.
You know, the other big problem, of course, is that the Trump administration and his allies have hated this agency for a very long time now.
Well, I want to call attention to that because as you point out in your article,
you write that Trump has harbored animosity towards Sisa since 2020.
And I feel like that shadow just looms over the agency,
almost like an albatross around their neck,
that they just can't get out of the way.
Maybe a better way to say it is that shadow hangs over their mission.
It definitely does.
The leadership in the first Trump administration,
you know, for the most part, until the very end,
they steered clear of anything,
I think that could have ticked off Donald Trump.
And then, you know,
in 2020 during the elections, they did the fact checking.
And then, you know, the administration was about to end.
So maybe that's, maybe that was a carefully chosen timing to do that,
to keep their heads down and not do things that would draw his ire.
Because a lot of their work that they do, you know,
it could run afoul of him if they just do their jobs, right?
Right.
So I think there were things they avoided doing.
It's hard to talk about this president sometimes,
but he's not someone who necessarily keeps grudges for rational reasons,
I guess I should say.
There's no obvious logic sometimes to why he's mad about something.
And because of that, maybe you could say, oh, if Sean Planky's at the table,
if they have a full-time leader who was picked for this job,
maybe he can earn that trust.
It's hard to see Trump's suddenly deciding he likes this agency.
He's been mad at them for five years.
He's going on six years.
He's mad at them, you know?
So how is he going to stop being mad at them?
I don't know.
I guess he stopped being mad out of nowhere at people sometimes, you know?
Think about how he talked about Maldani before the election and how he talks about him now.
Maybe.
But it seems like it's a, I think a shadow that the phrase you used is a really good term for this.
It's maybe not completely in dark forever, but it's certainly in that shadow now.
And it's hard to see how it gets out.
Well, I mean, to go towards the positive here, to wrap things up,
do you suppose that having Nick Anderson at the controls here might provide a little boost in,
in people's attitudes at the agency?
Yeah, I think so.
And one of the reasons is, you know,
kind of dividing up, you know, a story like I did,
how do I divide it up, right?
How do I write about what parts?
And there was a lot of blame for Congress about this, by the way.
You know, the Trump administration has done a lot of things to Sissah,
but the Congress has done a lot of things to not help Sisa.
And then another big portion of it was that the current leadership has not been doing a good job.
It was a consensus view.
So I think, yes, if you have someone in the job that people think highly of, it stands to reason that they'll fare better.
And the reasons that Dr. God McCullough's leadership were frowned upon weren't just because they didn't like him.
Although some people, I think that was the case.
It was the job that he was doing.
People didn't like the job he was doing.
And that made them not like his leadership.
So if you bring someone in who has shown some capabilities to do the kind of things that I think people think Sissin needs to do,
then maybe, you know, different decisions are made.
Maybe there are fewer distractions.
Maybe you can really focus on the mission
and try to do the things you can still do well.
And there was a portion of the story
where we talked about the things that Sessa is still doing
and doing well.
So, you know, I think it stands,
it does stand the reason that things will be better off
probably under Nick Anderson.
I'm going to go ahead and steal it from you before you say it.
Time will tell.
It always does.
It always does.
But I think that's a reasonable projection.
about how things might get.
Yeah.
Tim Starks is senior reporter at CyberScoop.
Tim, thanks so much for taking the time for us.
Thank you, Dave.
When it comes to mobile application security, good enough is a risk.
A recent survey shows that 72% of organizations reported at least one mobile application
security incident last year, and 92% of responders reported threat levels have increased in
the past two years.
Guard Square delivers the highest level of security.
security for your mobile apps without compromising performance, time to market, or user experience.
Discover how Guard Square provides industry-leading security for your Android and iOS apps at
www.gardesquare.com.
Ever wished you could rebuild your network from scratch to make it more secure, scalable,
and simple?
Meet Meter, the company reimagining enterprise networking from the ground up.
Meter builds full-stack zero-trust networks, including hardware, firmware, and software, all designed to work seamlessly together.
The result? Fast, reliable, and secure connectivity without the constant patching, vendor-juggling, or hidden costs.
From wired and wireless to routing, switching, firewalls, DNS security, and VPN, every layer is integrated and continuously protected in one unified platform.
and since it's delivered as one predictable monthly service,
you skip the heavy capital costs and endless upgrade cycles.
Meter even buys back your old infrastructure to make switching effortless.
Transform complexity into simplicity and give your team time to focus on what really matters,
helping your business and customers thrive.
Learn more and book your demo at meter.com slash cyberwire.
That's M-E-T-E-R-com.com slash.
cyberwire.
And finally, Microsoft's grand AI makeover of Windows 11 has earned it a nickname it probably didn't workshop in Redmond, microslop.
The label, born of frustration over what many users see as AI ambition outpacing operating system polish,
has spread briskly across social media.
Microsoft cannot stop the meme everywhere, but it can try on its own turf.
Users discovered that the official co-pilot Discord server automatically blocks messages containing microslop,
replacing them with a polite moderation warning.
Predictably, this only inspired creativity.
Variations like microslop with a zero instead of an O
slipped past the filter in a classic internet game of cat and mouse.
As users pushed the joke further, some accounts were restricted and parts of the server were locked down.
The episode underscores a broader tension.
Co-pilot does offer genuinely useful features,
but Microsoft's AI-first strategy has left it juggling innovation, optics,
and an increasingly mischievous audience.
And that's The Cyberwire.
For links to all of today's stories,
check out our daily briefing at thecyberwire.com.
Don't forget to check out the Grumpy Old Geeks podcast
where I contribute to a regular segment on Jason and Brian's show every week.
You can find grumpy old geeks where all the fine podcasts are listed.
We'd love to know what you think of this podcast.
Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity.
If you like our show, please share a rating and review in your favorite podcast app.
Please also fill out the survey and the show notes or send an email to Cyberwire at N2K.com.
N2K's lead producer is Liz Stokes.
were mixed by Trey Hester with original music and sound designed by Elliot Heltzman.
Our contributing host is Maria Vermazis.
Our executive producer is Jennifer Ibn.
Peter Kilfey is our publisher, and I'm Dave Bittner.
Thanks for listening.
We'll see you back here tomorrow.
If you only attend one cybersecurity conference this year, make it RASAC 2026.
It's happening March 23rd through the 26th in San Francisco,
bringing together the global security community for four days of expert insights,
hands-on learning, and real innovation.
I'll say this plainly, I never miss this conference.
The ideas and conversations stay with me all year.
Join thousands of practitioners and leaders tackling today's toughest challenges
and shaping what comes next.
Register today at rsacconference.com slash cyberwire 26.
I'll see you in San Francisco.
security conferences talk about zero trust. Zero Trust world puts you inside. This is a hands-on
cybersecurity event designed for practitioners who want real skills, not just theory. You'll take part
in live hacking labs, where you'll attack real environments, see how modern threats actually work,
and learn how to stop them before they turn into incidents. But Zero Trust World is more than
labs. You'll also experience expert-led sessions, practical case studies, and technical deep dives,
focused on real-world implementation.
Whether your blue team, red team, or responsible for securing an entire organization,
the content is built to be immediately useful.
You'll earn CPE credits, connect with peers across the industry,
and leave with strategies you can put into action right away.
Join us March 4th through the 6th in Orlando, Florida.
Register now at ZTW.com and take your zero-trust strategy from theory to execution.
Thank you.