CyberWire Daily - The patch pile reaches new heights.
Episode Date: June 10, 2026Patch Tuesday goes big. Congress looks to harden critical infrastructure. A new Windows zero-day drops. Mobile AI creates security blind spots. AI agents fall for phishing. Browser extensions expose m...illions. Spammers hide behind Google Cloud Storage. CISA crowns its cyber champions. Our guest is Joe Sykora, CEO from Coro, discussing the MSP space and how to address it. Relentless robocalls retreat. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today’s Industry Voices segment, we are joined by Joe Sykora, CEO from Coro, discussing the MSP space and how to address it. If you enjoyed this conversation be sure to check out the full interview here. Selected Reading Microsoft’s biggest-ever Patch Tuesday fixes 206 bugs, including 3 zero-days (Malwarebytes) ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Schneider, Phoenix Contact (SecurityWeek) Adobe Patches 123 Vulnerabilities (SecurityWeek) Warner proposes overhaul of critical infrastructure cyber plans as AI threats rise (Nextgov/FCW) New Windows Zero-Day Exploit 'RoguePlanet' Released (SecurityWeek) Lookout Study Reveals 93% of CISOs Blinded by False AI Confidence as 59% of Mobile AI Traffic Flows "Dark" (Lookout) Phishing for Lobsters: How We Tricked OpenClaw into Spilling Secrets (Varonis) MaXSS & Spyder: How two Chrome extensions allow websites to compromise over 10 million browsers (Rebora) How Spammers Are Hiding Behind Google and the New York Times (Comparitech) CISA names winners of seventh annual President’s Cup cybersecurity competition (Industrial Cyber) U.S. Consumers Received Just Over 4.1 Billion Robocalls in May, According to YouMail Robocall Index (PR Newswire) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyberwire Network, powered by N2K.
Do you know how the space and cybersecurity domains connect?
T-minus space cyber briefing is your guide through the space-based systems that expand the attack surface.
I'm Maria Varmazes, host here at N2K Cyberwire, and I'm excited to share that T-minus is back.
Now, as a weekly podcast, the T-minus Space Cyber Briefing.
We have a new dedicated focus on two great things that are even better together, space and cybersecurity.
Because whether we realize it or not, we all depend on space-based systems that are, by the way, increasingly internet-enabled.
We're talking cybersecurity technologies, policies, and organizations that are securing the critical space-based infrastructure that powers, protects, and connects our lives here on Earth.
So join me for T-minus space cyber reefing, new episodes every Sunday.
Most environments trust far more than they should, and attackers know it.
Threat Locker solves that by enforcing default deny at the point of execution.
With Threat Locker Allow listing, you stop unknown executables cold.
With ring fencing, you control how trusted applications behave.
And with Threat Locker, DAC, defense against configurations, you get real assurance that your environment is free of
misconfigurations and clear visibility into whether you meet compliance standards.
Threat Locker is the simplest way to enforce zero-trust principles without the operational pain.
It's powerful protection that gives CISO's real visibility, real control, and real peace of mind.
Threat Locker make zero-trust attainable, even for small security teams.
See why thousands of organizations choose Threat Locker to minimize alert fatigue,
stop ransomware at the source and regain control over their environments.
Schedule your demo at Threatlocker.com slash N2K today.
Patch Tuesday goes big.
Congress looks to harden critical infrastructure.
A new window zero-day drops.
Mobile AI creates security blind spots.
AI agents fall for fishing.
Browser extensions expose millions.
Spammers hide behind Google Cloud.
storage, Sisa crowns its cyber champions. Our guest is Joe Sikora, CEO from Koro, discussing the MSP space
and how to address it. And relentless robocalls retreat. It's Wednesday, June 10th,
2026. I'm Dave Bittner, and this is your Cyberwire Intel briefing. Thanks for joining us here today.
It's great to have you with us. Microsoft's June 26 Patch Tuesday is the largest in the
program's history, addressing 206 vulnerabilities across Microsoft products. The release includes 32
critical flaws and three publicly disclosed zero days, although Microsoft reports that none have been
actively exploited. The milestone surpasses all previous Patch Tuesday update since the program
began in 2003, following the disruption caused by the blaster worm. Among the most notable vulnerabilities is a
flaw in Windows bitlocker that could allow an attacker with physical access to bypass disc
encryption and access protected data. Another affects HTTP.s.hciss and could enable remote
denial of service attacks. The third is an elevation of privilege flaw in the Windows
collaborative translation framework that could grant attackers' system level access.
Adobe also released updates fixing 123 vulnerabilities across 11 products,
including critical flaws in Adobe campaign classic and cold fusion that could allow arbitrary code execution.
Meanwhile, industrial control system vendors Siemens, Schneider Electric, and Phoenix Contact issued advisories addressing security weaknesses in various operational technology products.
Overall, the June updates, high.
highlight the continued need for organizations to promptly apply security patches to reduce exposure
to emerging threats.
The security researcher who goes by the name Nightmare Eclipse has released Rogue Planet,
a new Windows Zero Day proof-of-concept exploit that targets a race condition in Microsoft
Defender to achieve local privilege escalation.
The exploit has been validated on fully patched Windows 10 and 11 systems.
allowing system-level access, though it does not currently work on Windows server.
Rogue Planet follows several recent disclosures by the researcher,
including flaws patched during this month's Patch Tuesday.
The release continues a public dispute between Nightmare Eclipse and Microsoft
over vulnerability disclosure practices and alleged legal actions.
Senator Mark Warner, Vice Chairman of the Senate Intelligence Committee,
is introducing the Combat Emerging Threats to Critical Infrastructure Act
to strengthen cybersecurity planning across the nation's 16 critical infrastructure sectors.
The bill would require SISA and federal sector risk management agencies
to update sector-specific security plans within one year
and review them every two years thereafter.
Warner said the legislation is needed to keep pace with rapidly evolving AI-driven cyber threats.
The updated plans would address risks such as AI-enabled hacking, deepfakes, and for the financial sector, potential future quantum computing threats to encryption.
The proposal follows concerns that some sector cybersecurity plans have not been updated in over a decade, despite federal guidance calling for biennial reviews.
Backed by the National Electric Manufacturers Association, the measure aims to improve resilience across,
sectors, including energy, communications, transportation, and defense. It also aligns with broader
federal efforts to prioritize the most urgent cyber risks facing government networks.
A new survey from Lookout and ZK research highlights a growing mobile AI blind spot in enterprise security.
While 93% of security executives express confidence in their AI governance programs, the report
found that mobile devices increasingly bypassed traditional security controls. According to the study,
52% of generative AI usage now occurs on mobile endpoints, while 59% of mobile AI traffic remains invisible
to conventional network monitoring tools. The report also found limited visibility into AI
agents and embedded AI software components contributing to data leak investigations at 63%
of surveyed organizations.
Researchers argue that legacy desktop-focused security approaches
are struggling to address mobile native AI risks
and compliance requirements.
Maria Vermazas is host of the T-minus Space Cyber Podcast.
She joins us to file this report on the U.S. military
quietly turning GPS into a global number station.
Thank you, Dave.
According to Inside GNSS and 404 Media, new research by Stephen Murdoch, head of the Information
Security Research Group at University College London, found that for over a decade, GPS satellites
have been broadcasting hidden encryption keys in a little-noticed part of the public GPS signal.
And that part of the signal is a 176-bit sequence known as subframe 4, page 17.
And according to Murdoch's research, it appears to carry.
encrypted data used by the pentagons over-the-air distribution and re-keying systems,
which remotely upgrade cryptographic keys for military GPS users worldwide.
In his research, Murdoch looked at more than 12 million open-archive GPS observations,
collected between 2007 and 2025,
and he identified patterns that matched the rollout timeline
of the U.S. military's remote key distribution network in 2011.
The system replaced manual cryptographic key updates, allowing military GPS receivers to be re-keyed via satellite broadcasts anywhere in the world.
Now, this discovery is a bit of food for thought about publicly available signals and how they can conceal operational infrastructure in plain sight.
In this case, cryptographic keys unknown to the general public for over a decade.
Murdoch notes that every GPS receiver in the world decodes subframe 4 page 17,
So none of this data has been hidden.
Just no one had thought to really take a closer look at it until now.
For the CyberWire Daily, I'm Maria Vermazes from T-minus Space Cyber Briefing.
Back to you, Dave.
Be sure to check out the T-minus Space Cyber Podcast wherever you get your favorite shows.
Veronis Threat Labs tested whether AI email agents are vulnerable to fishing
by evaluating an open-claw agent named Pinchy,
in four simulated attack scenarios.
The results showed that while the agent could identify some technical fishing indicators,
it struggled with social engineering attacks.
In two tests, Pinchie failed to verify sender identities and shared sensitive information,
including AWS credentials and customer data with external accounts despite explicit security instructions.
The agent performed better against traditional fishing websites and a malicious O.S.
off application, identifying suspicious infrastructure, and blocking some attacks.
Researchers concluded that AI agents may be stronger than humans at detecting technical fishing
cues, but remain vulnerable to context-based deception. The findings suggest that identity
verification, rather than fishing detection alone, will be critical as organizations increasingly
deploy AI agents to manage email and business workflows.
Rebora Security Research disclosed two critical vulnerabilities, dubbed MaxSS and Spider,
affecting the AI-powered browser extensions Cider AI and Max AI, which are installed on more than 10 million devices.
The flaws stem from insecure communication between web pages and extension content scripts,
allowing malicious websites to abuse extension privileges.
Researchers demonstrated attacks that could access sensitive browser sessions,
capture screenshots, steal data, manipulate accounts,
and potentially access files on the underlying operating system.
In testing, attackers could interact with services such as Gmail, Google Calendar,
chat GPT, Claude, and Gemini without user awareness.
Rebora said attempts to contact the vendors received no response,
prompting public disclosure and notification to Google.
The findings highlight the growing security risks posed by AI-driven browser extensions
with broad permissions and deep access to user activity.
Researchers at Comparatec uncovered a large-scale fishing and spam infrastructure
consisting of over 12,000 Internet-facing servers spread across 55 countries
and 412 hosting providers.
The operation uses Google Cloud.
storage links as an initial redirect layer, helping phishing emails appear more trustworthy while
obscuring their final destinations. Visitors are often routed to benign-looking landing pages
containing scraped New York Times content, likely to evade detection and serve different content
to selected targets. The infrastructure appears highly coordinated with nearly all servers running a small
set of outdated Apache configurations and sharing identical assets and behavior.
Researchers found that 89% of the servers had no prior abuse history, suggesting rapid
provisioning and rotation to avoid reputation-based defenses. The network supports fishing campaigns
involving fake rewards, financial scams, health products, and payment requests,
highlighting a resilient and difficult to disrupt spam ecosystem engineered for scale, evasion, and persistence.
The U.S. cybersecurity and infrastructure security agency has announced the winners of the seventh annual President's Cup Cybersecurity Competition,
which drew more than 800 participants and 200 teams from across the federal government and military.
the event challenges competitors with realistic cyber defense, offensive operations, and team-based scenarios.
This year's champions were sheriff sparks of the U.S. Navy in the defensive track,
BW of the U.S. Army in the offensive track, and Eno enthusiasm representing the U.S. Army and Marine Corps in the team championship.
Sissa said the competition helps identify and develop top first.
federal cybersecurity talent.
Coming up after the break, my conversation with Joe Sikora from Koro, we're discussing
the MSP space and how to address it.
Plus, relentless robocalls retreat.
Stay with us.
When it comes to mobile application security, good enough is a risk.
A recent survey shows that 72% of organizations reported at least one mobile application security
incident last year, and 92% of responders reported threat levels have increased in the past two
years. Guard Square delivers the highest level of security for your mobile apps without compromising
performance, time to market, or user experience. Discover how Guard Square provides industry-leading
security for your Android and iOS apps at www.gardesquare.com.
Performance Auto Group's 37th annual sale event is back.
Now for three days.
Leaser finance from 0% plus loyalty incentives and maximum trade in value.
Shop thousands of in-stock new, pre-owned, and demonstrator vehicles.
June 11th to 13th across all Performance Auto Group retailers.
Make your move this summer.
Performance Auto Group's three-day sale.
72 hours of savings.
Shop now at performance.ca slash three-day sale.
Driven by Performance Auto Group.
Joe Sikora is CEO at Koro.
In today's sponsored industry voices segment,
we discussed the MSP space and how to address it.
Throughout my career, I think I've been able to deal with all sizes of business.
And I'd say the small to medium business is one of my favorite, right?
When I had my companies, that's who I was catering to.
So I think there's definitely a need for support for the businesses that have potentially a lack of,
IT resources, right? I'd like to refer to it as lean IT, one or two people that are doing IT
slash cybersecurity or less, right, on some of the smaller businesses, I think some of the owners
are wearing that hat or another individual so they don't have anyone dedicated. And that's
where the MSPs come in and a solution like Koro comes in is helping those companies
solve those problems
because in the age of
AI and cyber that
we're in today,
there's no
distinguishing as far as company
size, right? If you have a
connection to the internet that's high speed,
most likely someone's
trying to get in, right?
I think there's, I think
everyone out there would agree with me that
they are facing the same challenges
as maybe an enterprise today.
Now, you know,
some of the very, very targeted attacks on some large corporations for, you know, monetary purposes.
Me, you could argue, is there such a thing?
I'd counter that argument with the bad guys aren't looking for a big payoff anymore, right?
They're looking for consistent smaller transactions, right?
I think years ago I was at a presentation when they were talking about how we're automating everything from, you know, even
mobile keys at the hotels we stay on, and that's a target.
Like, you know, if your keys disabled, how much are you willing to pay rather than going
downstairs and getting another key?
Maybe it's a dollar or $2 something.
Maybe it's nominal, but that all adds up, right?
And so, you know, when you look at that, I think the need is definitely there.
I think the complexity because of, you know, using AI to attack businesses and
internet connections, I think that the complexity is there. And it looks good, right? Like,
I'm sure you know this, Dave. And all of us listening out there, you know, we used to get an email
that you could definitely tell, hey, this is fishing, right? It's fake, right? The logo was off. The spelling was
off. It just didn't look right. I don't know about you, but I get some pretty good looking things.
If it does get through, it looks legitimate. And you really need to be cautious because of, you know,
what the capabilities of better out there.
So yeah, I think it's probably more relevant than ever
that we need to protect those small to medium businesses
and, you know, going with a managed service provider,
I think it's the smartest way up.
Help me understand what that collaboration looks like.
You know, how does, together,
how do the business and the MSP work together
to dial in what that relationship
is going to look like? What works best for both parties?
Let's start with the MSP side because I can give you a firsthand look of what that looks like.
If you're an MSP out there, I think you need to define your offer, right?
And it has to be a focused offer. I always like to simplify things. So I'd say good, better, best, right?
But you need to decide standard as one, what you're going to offer and what you're using to provide those
results to your customers because there's two things.
One, everyone wants results and then if you're, I don't care what size company you are,
of course they want to get it for the least amount of money possible, right?
So operationalizing the back end of your MSP to deliver these results is always key.
Even when I was an MSP, I made some mistakes because, you know, when I first started,
it was, you know, tell me what you have and I'll try to find a way to manage it, right?
or tell me what you think you want, and I'll try to, that doesn't work, right?
That's a model that is going to definitely, without standardizing on your offer
and what you're going to use on the technology stack, it's not going to work, right?
Because you'll spend a lot of time trying to develop expertise across all these different solutions,
and it's complex, right?
And complexity is not a friend of operationalizing things.
And that's where I turned the corner on my MSP was when I really standardized
on what I was going to use and what I was going to offer,
which today I think most MSPs out there understand that.
But again, if you go back into the 90s
when we're first trying to define all these things,
one of the things we were doing is we said,
hey, you can't afford all of these enterprise solutions,
let alone have the expertise to manage and effectively use them.
That was the pitch.
That's probably not the pitch that most MSPs are using nowadays.
Now, on the small to medium business side, the opposite side, you have a choice, right?
You could buy a product or solution and try to self-manage it.
But I think the same thing.
If you're trying to buy several different products, put them all together into a solution or a stack,
just management of all of that technology is a challenge.
most likely if you don't have the ability
or expertise to afford someone that really knows
each individual product, guess what?
You're probably going to misconfigure things.
You're probably going to probably miss things.
And then unfortunately, the door is kind of open
to the bad things to happen.
So, you know, you could either,
A, build it and try to manage it yourself
or, you know, look to outsource it to experts that do it.
And, you know, I think it's a very,
when it comes to a business decision,
It is a business decision, but most businesses want, say, some type of predictable outcome or guaranteed outcome and do it as low as cost as you can.
And that's definitely a win for using an MSP to be your partner and help you with that.
You know, we find ourselves in this age of AI.
And I'm curious, from your experience, the interactions you're having,
today, what are the opportunities and what are the potential perils with all of this AI automation?
Listen, there probably isn't a conversation I has that doesn't involve AI, right?
Either how we're using it or how we're protecting people from it.
I'd like to think, you know, our solution has embraced AI for a long time, right?
In fact, those of us in the industry, of course,
everyone's familiar with machine learning, right?
Which is the beginning.
And we've always looked and designed our system to use all of the tools available
to automate and remediate as much as we can effectively, but automated.
And that is the premise of core.
So it's a topic that I'd like to talk about because it's changing.
And I would challenge anyone, if you think back six months ago, where you were with your,
I don't care what part of the business, right?
Where you were with embracing AI and AI platforms, it is probably changed dramatically in the last six months.
And I think you'll also, hopefully everyone out there agree that in the next three months,
we don't even know what we might be using.
You know, it is changing that fast, which just goes back.
back to the ability to adapt and change and embrace changes because, you know, listen,
I'm a pretty traditional cybersecurity type person.
And I'll even tell you the days of best of breed where, you know, put in these very complex
systems, they aren't bad.
They're good solutions, right?
If you want to go, hey, I've got the best product or solution in a mess.
Magic Quadrant or something equivalent to that, that's okay, right?
There's still a market for it, but I think the everyday MSP and everyday business
user is like, it's too complex, right?
It's too, and let's put expense aside because there's usually an expense to it.
It's the ability to actually run it effectively, right?
And if you can't run it effectively and get the results out of it, what are you paying for?
Right.
And that's where I see, you know, we've always talked about AI helping consolidate things and we're here, right?
I mean, we are here at this point where AI can help you, if you're an MSP, you know, operationalize the back end where instead of helping maybe 20 or 30 clients for analysts, now you're talking 100, 150, 200.
That's a huge change, right?
So really embracing modern technology, modern tools such as AI platforms, I think a lot of people listening out there are going through that transformation as we speak.
Hopefully you've started that journey.
If not, you know, there's always there's always tomorrow.
But you need to look at starting those sooner than later.
What's your outlook for the next year or so?
As you're looking at the challenges that MSPs are seeing in relationship to small and medium businesses,
what do you think the coming year holds?
Well, we all have a crystal ball, right?
And I'm often asked kind of what do I think is going to happen.
And there's a couple different areas.
On the technical side, you know, I can almost guarantee, and I will get, you know, I can, you know,
I can guarantee you that it's going to continue to accelerate, right?
We're not going to see a slowdown in the number of tax coming from things like AI.
I think everyone out there would probably agree with that.
The opportunity, though, with the number of small business,
so now we get into a little bit of macroeconomics and kind of where do you think things are going to.
I think the time in the market, as far as.
as overall either creating or growing a small business, it's a good time, right? Because I think
we're seeing more and more people. The large enterprises, you can see the cuts across the board,
right? And some of that is also AI-related, right? We're seeing jobs kind of switch. So you're going to
see more new businesses being opened up on a daily basis. You know, I think the pipeline for
potential clients is also going to be a good thing for all the MSPs out there as well.
So we could talk and debate consolidation and consolidation of MSPs.
We've seen a lot of roll-ups through the last few years.
But for the most part, I think it's a very, very attractive market segment that's going to be growing.
And I also think that, you know, the timing, whoever finds a way to do more with less, right?
if you're an MSP in operational lies and things,
it'll increase your bottom line,
or you could decide to get more aggressive with your pricing.
Those are the ones that are going to be winners, right?
And that's, if you're asking me the crystal.
But, you know, listen, like I tell old businesses, MSPs, large, small, new, old,
I think we all need to just be prepared to adapt
to, you know, what things are going to do.
Like, you always have to be ready for adapting to what's next, right?
That's Joe Sikora, CEO at Koro.
It's been too long, Cowboy, from Disney and Pixar.
Hi there, I'm!
So that's the device.
Me and the toys have been working to try and get Bonnie to make friends.
Vala, friend made.
What just happened?
Lillipad made Bonnie a friend in like...
15 seconds. I was counting.
On June 19th.
Our time ain't.
over yet. Bonnie still needs us. Come on Bullseye.
Way for us. Disney and Pixar's Toy Story 5, only in theaters June 19. Tickets available now.
How can working at your local Tims take you further? Sure, you can level up your teamwork skills.
You also get a chance to receive a Tim Horton's scholarship award. Ready for what's next?
Apply today at careers.timhorans.ca.ca.
And finally, America's robocallers appear to be taking a rare step backward, though not quite
packing up and going home.
According to U-mail,
U.S. consumers received just over
4.1 billion robocalls in May of this year,
down 2.1% from April and nearly 15% from a year ago.
That marks the lowest rolling 12-month total
since late 2022.
The decline comes with a twist.
While telemarketing and scam calls drop 24%,
notification calls surged 48%.
partly because legitimate callers have adopted tactics once favored by spammers,
including snowshoeing, which spreads calls across thousands of phone numbers.
Insurance-related robocalls remain especially persistent,
with one health plan campaign generating more than 30 million calls from over 3,000 numbers.
So, while consumers may be hearing fewer robocalls overall,
the phone is still ringing often enough to remind it.
everyone that silence remains a premium feature.
And that's the Cyberwire.
For links to all of today's stories, check out our daily briefing at thecyberwire.com.
We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights
that keep you a step ahead in the rapidly changing world of cybersecurity.
If you like our show, please share a rating and review in your favorite podcast app.
Please also fill out the survey in the show notes or send an email to Cyberwire at N2K
com.
N2K's lead producer is Liz Stokes.
We're mixed by Trey Hester
with original music and sound design by
Elliot Haltzman. Our contributing
host is Maria Vermazis.
Our executive producer is Jennifer Ivan.
Peter Kilpe is our publisher, and I'm
Dave Bittner. Thanks for listening.
We'll see you back here tomorrow.