CyberWire Daily - When one weak link is enough.
Episode Date: April 20, 2026Cloud platform Vercel confirms a data breach. Microsoft releases emergency updates to fix Windows Server restart loops. Bluesky gets DDoSed. Insurers keep close watch on an AI hiring discrimination su...it. Cybersecurity workforce turnover rises. Scammers abuse Apple’s email notification system. A Scattered Spider member pleads guilty to SMS phishing and cryptocurrency theft. Monday business brief. Our guest is Melissa K. Smith, SVP, Global Strategic Partnerships and Initiatives at SentinelOne, discussing building a unified defense through strategic partnerships. A budget beacon briefly betrays a boat’s bearing. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today on our Industry Voices segment, we are joined by Melissa K. Smith, SVP, Global Strategic Partnerships and Initiatives at SentinelOne discussing building a unified defense through strategic partnerships. If you enjoyed this conversation, be sure to check out the full interview here. Selected Reading Vercel confirms breach as hackers claim to be selling stolen data (Bleeping Computer) Microsoft releases emergency updates to fix Windows Server issues (Bleeping Computer) Bluesky Disrupted by Sophisticated DDoS Attack (SecurityWeek) Who is liable when artificial intelligence makes mistakes? (Financial Times) Insurance carriers quietly back away from covering AI outputs (CSO Online) Compensation vs. Burnout: The New Retention Calculus for Cybersecurity Leaders (Security Boulevard) Watch out, hackers are abusing Apple account notifications to distribute malware, steal money and data (TechRadar) British Scattered Spider Hacker Pleads Guilty in the US (SecurityWeek) Business Briefing for 04.15.26 (CyberWire Pro) Dutch navy frigate tracked by mailing it a Bluetooth tracker (The Register) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyberwire Network, powered by N2K.
No, it's not your imagination.
Risk and regulation really are ramping up,
and these days customers expect proof of security before they'll even do business.
That's where Vanta comes in.
Vanta automates your compliance process and brings compliance, risk, and customer trust together on one AI-powered platform.
So whether you're getting ready for a SOC2 or managing an end-toeathing,
enterprise governance risk and compliance program, Vanta helps keep you secure and keeps your deals
moving. Companies like Ramp and writers spend 82% less time on audits with Vanta. That means less
time chasing paperwork and more time focused on growth. For me, it comes down to this. Over 10,000
companies from startups to large enterprises trust Vanta to help prove their security. Get started at vanta.com
slash cyber.
Cloud Platform Versal confirms a data breach.
Microsoft releases emergency updates to fix Windows server restart loops.
Blue Sky gets deduced.
Insurers keep close watch on an AI hiring discrimination suit.
Cyber security workforce turnover rises.
Scammers abuse Apple's email notification system.
A scattered spider member pleads guilty to SMS fishing and cryptocurrency theft.
We've got your Monday bill.
business brief. Our guest is Melissa K. Smith, senior vice president of global strategic partnerships
and initiatives at Sentinel One. We're discussing building a unified defense through strategic
partnerships. And a budget beacon briefly betrays a boat's bearing. It's Monday, April 20th,
20, 26. I'm Dave Bittner, and this is your Cyberwire Intel briefing. Thanks for joining us here today.
It's great as always to have you with us.
Cloud Platform Versal says attackers accessed internal systems
after a third-party artificial intelligence tools Google Workspace Oath application was compromised.
The company reports a limited subset of customers was affected and services remained operational.
CEO Guillermo Roche says initial access followed a compromised employee Google Workspace account
tied to Context.a.I.
which allowed attackers to enumerate environment variables not marked sensitive.
Versel has engaged incident responders, notified law enforcement, and confirmed NECS.
and other open-source projects remain unaffected.
Environment variables can expose credentials or configuration data, increasing downstream risk for developers.
Vercel is urging customers to review variables and rotate secrets as investigation.
continue. Microsoft has issued out-of-band updates to address Windows server failures,
triggered by the April 26 security updates, including restart loops affecting domain controllers.
The company says some Windows Server 2025 systems failed to install a recent update,
while others running domain controller roles entered reboot loops after local security authority
subsystem service crashes. Microsoft released an update to resolve both issues on Windows Server
2025 with additional fixes for restart loop problems across other supported versions. The company also
warned some systems may enter BitLocker recovery after installing the original update. Authentication
infrastructure outages on domain controllers can disrupt enterprise access and identity service,
requiring rapid remediation by administrators.
Decentralized social platform Blue Sky says a distributed denial of service attack
disrupted core services for roughly 24 hours last week.
The attack began on April 15th and caused intermittent outages affecting feeds, notifications,
threads, and search.
Blue Sky reports no evidence of unauthorized access to private user data.
a group calling itself 313 team claimed responsibility, though that claim has not been independently verified.
313 team claims to be a pro-Iran hacktivist group.
Sustained DDoS activity against social platforms highlights ongoing availability risks, even without data compromise.
A U.S. court has allowed a discrimination lawsuit against recruiting platform workday to proceed, raising
broader questions about who is liable when AI systems make decisions. The case follows claims
that Workday's recruiting software rejected applicants based on age, which the company denies,
stating its tools do not make hiring decisions and evaluate only qualifications with human
oversight. Major insurance carriers are increasingly declining or restricting cybersecurity and
errors and omissions coverage tied to AI systems used in business operations.
Industry observers say some insurers are excluding claims related to AI-generated outputs,
while others are raising premiums or declining to cover AI vendors altogether.
Underwriters are also asking more detailed questions about how organizations govern
AI use.
Experts cite limited visibility into how AI systems generate results,
as a key concern affecting insurability.
Reduced coverage could shift more operational and legal risk
onto organizations deploying AI,
forcing security and risk teams to strengthen oversight,
governance, and disclosure practices to maintain policy protection.
Only 34% of cybersecurity professionals plan to stay in their current roles,
highlighting rising retention challenges as responsibilities expand,
faster than budgets. A survey of more than 500 practitioners in the 26 cybersecurity talent
intelligence report from IANS and Artico Search found growing workload pressure, declining job
satisfaction, and uneven compensation across roles. Experts say CISOs faced increasing
accountability for resilience and regulatory outcomes despite flat budgets. At the same time,
organizations are demanding stronger offensive security skills, red-teaming, and AI-enabled defenses,
while automation shifts hiring towards specialized roles, such as AI architects and governance leaders.
Escalating expectations, AI-driven workload growth and burnout risk could weaken defensive capacity
unless organizations improve compensation, training pathways, and governance support for security teams.
Scammers are abusing Apple's email notification system to send fishing messages that appear to come from the company's legitimate email domain.
Victims receive alerts about a fake $899 iPhone purchase and are urged to call a support number to cancel the order.
Attackers reportedly manipulated Apple ID account fields to embed fishing text that triggers security notifications,
then distributed those alerts through mailing lists.
The goal is to persuade victims to share sensitive information or grant remote access.
Trusted brand infrastructure can increase fishing credibility, making callback scams harder for users to detect.
A British National has pleaded guilty in a U.S. court to conspiracy charges tied to scattered spider intrusions that stole at least $8 million in cryptocurrency.
currency. Tyler Robert Buchanan admitted conducting SMS fishing campaigns that sent employees
hundreds of messages linked to credential harvesting sites. Prosecutors say the stolen credentials
enabled access to corporate systems and sensitive data, including personally identifiable
information and intellectual property. The group also used SIM swapping to intercept
multi-factor authentication codes and access victims' cryptocurrency wallets. Authorities
previously seized devices at Buchanan's residence,
containing victim information and seed phrases.
The case highlights how coordinated fishing and sim swapping
remain effective for bypassing authentication
and targeting both enterprises and individual crypto holders.
Turning to our Monday business brief,
cybersecurity firms secured at least $14 million in new funding last week,
while several acquisitions highlighted.
growing investment in AI security, observability, and compliance services.
Aim intelligence and capsule security each raised $7 million to expand AI-driven security offerings,
while Mallory and Provaleigh announced additional seed funding rounds with undisclosed totals.
Meanwhile, Cisco says it plans to acquire AI observability firm Galileo
to strengthen Splunk Observability Cloud Monitoring across,
AI agent development.
Other deals included Fortrium's acquisition of cover.a.I.
I-counters purchase of parse intel, control cases acquisition of cybernines, and virtual IT
groups purchase of security-centric. Funding and consolidation activity suggests continued
enterprise demand for AI governance, threat intelligence, and regulatory compliance capabilities
as organizations scale security operations.
Be sure to check out our complete business briefing.
That is over on our website, and it is part of Cyberwire Pro.
Coming up after the break, my conversation with Melissa K. Smith,
senior vice president for global strategic partnerships and initiatives at Sentinel One.
We're discussing building a unified defense through strategic partnerships.
And a budget beacon briefly betrays a boat's bearing.
Stay with us.
Quick question.
Have you watched Project Hail Mary yet?
Humanity is facing an existential threat and racing to solve it with the clock ticking.
For security teams, that probably hits close to home with AI use rapidly spreading.
Everyone's using AI, marketing, sales, engineering.
Chris the intern without security even knowing about it.
That's where Nudge security comes in.
Nudge finds Shadow AI apps, integration.
and agents on day one
and helps you enforce policy
without blocking productivity.
Try it free at nudgesecurity.com
slash cyberwire.
Maybe that's an urgent message from your CEO,
or maybe it's a deep fake
trying to target your business.
Dopple is the AI-Native
social engineering defense platform
fighting back against impersonation and manipulation.
As attackers use AI to make their tactics more sophisticated,
Doppel uses it to fight back, from automatically dismantling cross-channel attacks to building team resilience and more.
Doppel, outpacing what's next in social engineering.
Learn more at Doppel.com.
That's D-O-P-P-E-L.com.
Melissa K. Smith is Senior Vice President of Global Strategic Partnerships and Initiatives at Sentinel One.
I recently caught up with her at the RSAC-2020s conference for this sponsor,
industry voices discussion about building a unified defense through strategic partnerships.
Endpoint is never going away. Tomor talked about it yesterday, so did George Curves compliments
to him on that, you know, what's old is new. And so I think people really need to think about
their modernization journey and what's important to them. And it starts at the endpoint.
It involves to the sim. Then we can power things from an AI security perspective and go
from there.
And we're coming to you live from the RSAC show floor.
It is 2026, and I am pleased to be joined by Melissa K. Smith.
She is Senior Vice President for Global Strategic Partnerships and Initiatives at Sentinel One.
Melissa, thanks so much for taking the time for us.
Awesome. Thank you for having me.
How's your week so far?
A whirlwind, right?
Like everybody else, I don't think anybody is saying, like, oh, it's been really boring.
This is my 17th RSA.
So, like, dating myself.
But I think the innovation coming out of it and the AI hype is super real and important.
Yeah.
Yeah.
Well, so your position, and I want to get it right, you're the senior vice president for global strategic partnerships and initiatives.
Can you give us an idea?
What's the breadth of things that come under your command?
It's a lot.
Like, it's like three kind of very disparate things.
But from a high level last year, we celebrated crossing a billion in revenue.
huge chasm from a company perspective.
We see these strategic partnerships on how we get to $2 billion.
So a lot of investment, a lot of focus there to drive what is important to the company,
but also bring novel and unique partnerships back to customers through the market.
The first billion is the hardest, right?
The first billion is the hardest, right?
And now two and 18 months, that's the stretch goal.
Oh, wow.
Yeah.
But on top of that, I lead our traditional technology partnerships and our integration ecosystem.
and then I'm responsible for our OEM business,
and then we have a global relationship with Lenovo,
where our endpoint is bundled into the hardware.
And so, yeah, small but mighty team,
but very happy to be here.
And you're reporting to the board as well?
Do you have that function?
Yeah, so my boss is the chief operating officer,
which is a great place to be.
And our most important partner is the board of directors.
Gotcha.
Yeah.
So working off of a press release
that you all put out recently,
you all announced an expanded partnership with Level Blue,
which formerly that was AT&T cybersecurity.
And Tomer talked about organizations not needing more controls,
they need more outcomes.
Can you want to pack that for us?
What does it mean?
Yeah, I mean, our partnership with Level Blue
is so pivotal and cornerstone to who we are as a company.
They believe and they trust in us to take what is their goal
to be the world's largest MSSP.
And we thoughtfully looked at how can we operationalize
and help them modernize the acquisitions
they've done over the course of the last 12 months.
And so we're helping power that transition
from kind of legacy technology to more modern sims.
So our AI sim is the backbone of now
what they will lead with from a services standpoint.
So that's huge.
And that's an honor, right?
But Tomer is absolutely right.
Like our foundation as an autonomous company,
you know, nearly 13 years ago,
really, I think, sets the expectation
of how we use AI,
smartly and how we leverage it with our partners.
Well, you mentioned AI, and here we are.
Everybody, right?
Right.
If it was a drinking game, have a drink.
Thanks, in the drinking game, we'd all be dead.
Yeah.
So, I know you partner with Google Cloud, and that's an important component as well.
Absolutely.
In the AI world.
Sure.
Again, unpack that for us.
Well, full disclosure, like Google is part of my heritage.
I was part of the Mandi and acquisition.
So, you know, my family is still historically, you know, proud to be incident responders and focus on threat intelligence.
The mission is the most important thing.
And our trust with Google has allowed us to really stay focused on the mission and operationalize, you know, everything from cloud to security.
But leaning into, like, they're the world's third largest company, right?
And arguably the smartest out there from building AI.
And what better story to tell to our joint customers and our partners that we're,
We are strengthening our partnership with a multi-year commitment.
What about multi-cloud, you know, making sure that even though things are spread out around the world, you sort of have this notion of a single brain?
No single enterprise is, you know, singular focused on one cloud.
So multi-cloud is super important.
So is data sovereignty and like having the ability to have on-prem, which we have, which is truly a differentiator.
keep your data where it needs to be.
And so our expansion with Google Cloud is, you know, multifaceted,
but the emphasis around sovereignty
in making sure that we can give those customers and partners in region,
especially in Amia where it's super critical right now,
that protection is why we chose the most secure
and sophisticated partner out there.
And what does that mean to your customers
to have that strength and that partnership,
top tier level names?
I think that better,
with is just what everybody needs. We've talked about better together for so long, but I think
like the answer back to our customers is it's better if we all do this together. If we're all
rowing in the same direction, especially when it comes from a security standpoint, like the attackers
are more sophisticated these days because they can weaponize AI. They're now infiltrating, you know,
as we've seen what the North Koreans did last year by becoming employees. Amplifying our partnership
and our relationship with Google, I think, signals to the market that we are hyper-aware
and we are going to stay vigilant and make sure that our customers are the most secure and protected.
What is your approach or your insights into where we stand right now when it comes to AI as it applies to the work that you all do?
It's a great question. I think we could probably answer that in 15 different ways,
but I think right now we just need to stay hyper-aware about how we're training those models, right?
And then again, what the attackers have and their tools set,
we need to stay ultra-combative and on the offense.
I mean, you know, red teaming is now more important than ever.
Offensive cybersecurity, not just proactive, right?
The bad things are happening all the time.
If you're not already breached or popped, you will be, right?
They're already there.
I mean, you know, with all due respect to those nation-state enemies that we have.
So I think, again, it's, you know, you have to think of it also as, like, almost the consumer lens.
Like, how is AI affecting my personal life?
Because it's definitely affecting your professional life.
I want to highlight a couple of the partnerships that you all are emphasizing here.
We're talking about companies like Level Blue, Eon, and of course, we already talked about Google.
I'm curious, you know, when you look back over the past few years, we mentioned a billion dollars that you just crossed that threshold.
even in the past few years, tremendous growth.
As you look back, how do you think about the journey that you've been on?
The partner ecosystem is super critical to what we do.
It's foundational, and I think it's very, like, cliche
and kind of cheesy to say we're a partner-first company.
We really are, right?
Because, again, we're a billion dollars in revenue
with only 3,100 employees, so that's pretty significant.
So we really have to lead on our friends, like, from a channel,
from a technology, from an MSS-Ski perspective,
And then that growing kind of partnership capability with incident response firms and cyber insurance to really double down and be forced multipliers.
The growth has been tremendous.
And I had the ability to be a fan girl from Sentinel One on the outside working for Mandate and Google.
So I had a good five-year kind of opening to like my life could look like at Sentinel One.
And I think the opportunity is really optimistic.
Like there's a lot of fun out there.
and I try to keep that out of things.
Endpoint is never going away.
Tomor talked about it yesterday,
so did George Kurtz compliments to him
on that, you know, what's old is new.
And so I think people really need to think
about their modernization journey
and what's important to them,
and it starts at the endpoint,
it evolves to the SIM,
then we can power things
from an AI security perspective
and go from there.
In your own introspective moments,
how do you measure success
or the types of things that you're doing day to day?
My boss would kill me if I didn't say, obviously, revenue.
But that is like a piece of the puzzle, right?
I think most importantly is, especially as we look at, like,
heightened geopolitical standpoint, like the mission is the most important thing, right?
Like, the money will always follow the mission.
If we do the right thing, if we're collaborating, right,
like with our partners and global governments,
all of this will come together.
But, I mean, foundationally, for me,
that's the most critical thing,
is making sure that everybody is safe
and we're defending, you know,
proactively and effectively.
As you look towards the horizon,
where do you suppose we're headed here?
Do you have a sense of our outlook?
You know, you turn on the news
and the outlook can be pretty grim,
so I try to look at it more like,
how would I like to have this conversation with my family,
you know, educate them
so we can educate the community
is the power we have at an industry event like this
does bring the best and the boldest minds together
and we need to nurture that, right?
And we need to make sure that those organizations
that have these smaller booths here
are getting that recognition
so that we can amplify them up through the enterprise
because we are only better
if we have a partner first
and very mission-centered strategy.
Yeah.
As a woman in the industry
in a very high-level position,
what would your message be to that young,
woman who is either just getting her start coming through school or maybe considering a career
change. Any words of wisdom based on the journey that you've had?
Yes, I think about this a lot. I'll get emotional, so apologies. I have a son graduating
in May. He's 22, and I think of all the times that I thought I was failing, right?
I think you have to get rid of that, and don't be afraid to fail. There really is no wrong
answer. We can fix anything. So, I mean, it's a lot of
about just staying grounded and what personally connects you to your job will professionally motivate you.
My why, I wake up every day and I have two sons and right. I'm one getting ready to go off
in the real world. So I think about that constantly and consistently and just try to model like
what I want him to have from a happy life. Yeah. All right. Well, Melissa K. Smith is Senior
Vice President of Global Strategic Partnerships and Initiatives at Sentinel One. Melissa, thanks so much for
joining us. Thanks for having me. Appreciate it.
That's Melissa K. Smith from Sentinel One.
Local news is in decline across Canada, and this is bad news for all of us.
With less local news, noise, rumors, and misinformation fill the void,
and it gets harder to separate truth from fiction.
That's why CBC News is putting more journalists in more places across Canada,
reporting on the ground from where you live, telling the stories that matter to all of us,
because local news is big news.
Choose news, not noise.
CBC News.
Need a vehicle that isn't afraid to make a splash?
That's the Volkswagen Touse.
Capable and confident, the Volkswagen Touse is fit for everyday life.
Nimble in traffic, agile and tight spots, and still spacious enough for weekend getaways.
While available 4-motion all-wheel drive gives confidence in rain and snow.
The capable Touse, you deserve more confidence.
Visit VW.ca to learn more.
SUVW, German-engineered for all.
And finally, Dutch journalists tracked a deployed Dutch Navy frigate for about 24 hours after mailing it a postcard containing a Bluetooth tracker, exposing an operational security lapse.
According to regional broadcaster Omrop Gelderland, reporter Joust Vervant, used publicly available defense ministry mailing instructions to send the tracker to HNLMS,
Evertson, while it was supporting France's aircraft carrier Charles de Gaul. The device showed the ship
departing Heraclion Crete and moving towards Cyprus before officials discovered and disabled it during
mail sorting. The ministry now plans to ban greeting cards containing batteries and review mail
procedures. The incident shows how inexpensive consumer tracking tools and open source information
can unintentionally expose sensitive military movements,
a reminder that small conveniences can create outsized visibility risks.
The Navy found the tracker quickly,
but the postcard had already delivered its message.
And that's the Cyberwire.
For links to all of today's stories,
check out our daily briefing at thecyberwire.com.
Don't forget to check out the grumpy old geeks podcast
where I contribute to a regular segment on Jason and Brian's show,
every week. You can find grumpy old geeks where all the fine podcasts are listed.
We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights
that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show,
please share a rating and review in your favorite podcast app. Please also fill out the survey in the show
notes or send an email to Cyberwire at N2K.com. N2K's lead producer is Liz Stokes. We're mixed by
Tray Hester with original music and sound designed by Elliot Peltzman. Our contributing host is Maria Vermazas.
Our executive producer is Jennifer Ibin. Peter Kilby is our publisher, and I'm Dave Bittner.
Thanks for listening. We'll see you back here tomorrow.