CyberWire Daily

Today we are joined by Dr. Darren Williams, Founder and CEO of BlackFog, to discuss his team's work on "Steaelite RAT Enables Double Extortion Attacks from a Single Panel." A new remote access trojan, Steaelite, is being marketed on underground forums as an all-in-one platform that combines remote access, credential theft, surveillance, and ransomware deployment through a single browser-based dashboard.

Unlike traditional cybercrime toolchains, it merges data exfiltration and ransomware capabilities into one interface, with automated credential harvesting beginning as soon as a victim is infected. The tool signals a growing shift toward streamlined “double extortion” attacks, where data theft and encryption happen within the same system—raising the stakes for defenders to stop threats before data is exfiltrated.

The research and executive brief can be found here:

Steaelite RAT Enables Double Extortion Attacks from a Single Panel

Learn more about your ad choices. Visit megaphone.fm/adchoices

The House extends Section 702, for now. Mythos raises fresh cyber risk concerns. CISA warns of reduced capacity. ZionSiphon targets Israeli water systems. Operation PowerOFF hits DDoS-for-hire networks. CISA flags an actively exploited ActiveMQ flaw. WordPress plugin supply chain attacks spread. China tests deep-sea cable-cutting tech. Our guest is Arvind Nithrakashyap, CTO and Co-Founder of Rubrik, discussing AI as the next frontier. Tim Starks from CyberScoop takes us Inside the FBI’s recent router takedown. A DraftKings data dealer meets his downfall. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, ⁠Daily Briefing⁠, and you’ll never miss a beat. And be sure to follow CyberWire Daily on ⁠LinkedIn⁠.

Industry Voices

On today’s Industry Voices segment, we are joined by ⁠Arvind Nithrakashyap⁠, CTO and Co-Founder of ⁠Rubrik⁠, discussing AI as the next frontier. If you enjoyed this conversation, check out the full interview here. 

CyberWire Guest

Today we have ⁠Tim Starks⁠ from ⁠CyberScoop⁠ discussing Inside the FBI’s router takedown that cut off APT28’s ‘tremendous access’. 

Selected Reading

⁠House extends surveillance powers for 10 days⁠ (NPR)

⁠White House Works to Give US Agencies Anthropic Mythos AI⁠ (Bloomberg)

⁠Lawmakers Gathered Quietly to Talk About AI. Angst and Fears of ‘Destruction’ Followed⁠ (SecurityWeek)

⁠How Anthropic Discovered Mythos AI Was Too Dangerous For Release⁠ (Bloomberg)

⁠CISA Warns of 'Detrimental Capacity Impacts' Amid Shutdown⁠ (BankInfo Security)

⁠New ZionSiphon Malware Discovered Targeting Israeli Water Systems⁠ (Hackread)

⁠Europol-supported global operation targets over 75 000 users engaged in DDoS attacks⁠ (Europol)

⁠CISA flags Apache ActiveMQ flaw as actively exploited in attacks⁠ (Bleeping Computer)

⁠30+ WordPress plugins bought on Flippa and backdoored in supply chain attack⁠ (TNW)

⁠New undersea cable cutter risks Internet’s backbone⁠ (Ars Technica)

⁠Man gets 30 months for selling thousands of hacked DraftKings accounts⁠ (Bleeping Computer)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our ⁠brief listener survey⁠. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at ⁠sponsor.thecyberwire.com⁠.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

NIST struggles with an NVD backlog. Cisco and Splunk ship critical patches. Researchers flag a systemic flaw in Anthropic’s MCP. ShinyHunters leak 13.5 million McGraw Hill accounts. Cargo theft goes cyber. A Tennessee hospital breach hits 337,000 patients. Two Americans are sentenced in a North Korean fake-IT-worker scheme. Our guest is Rob Allen, Chief Product Officer at ThreatLocker, describing security gaps addressed by zero trust. OpenAI lets security teams take off the training wheels. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On today’s Industry Voices segment we are joined by Rob Allen, Chief Product Officer at ThreatLocker, security gaps addressed by zero trust. If you enjoyed this conversation check out the full interview here.

Selected Reading

NIST Drops NVD Enrichment for Pre-March 2026 Vulnerabilities (Infosecurity Magazine)

Cisco says critical Webex Services flaw requires customer action (Bleeping Computer)

Splunk Enterprise Update Patches Code Execution Vulnerability (SecurityWeek)

Systemic Flaw in MCP Protocol Could Expose 150 Million Downloads (Infosecurity Magazine)

Data breach at edtech giant McGraw Hill affects 13.5 million accounts (Bleeping Computer)

Freight Hacker Wields Code-Signing Service to Evade Defenses (GovInfo Security)

Data Breach at Tennessee Hospital Affects 337,000 (SecurityWeek)

US nationals behind DPRK IT worker 'laptop farm' sent to prison (Bleeping Computer)

OpenAI Launches GPT-5.4 Cyber And It's Built Specifically for Defenders (TechGlow)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Patch Tuesday. CISA directs furloughed employees back to work.  Experts warn Anthropic’s Glasswing signals a new era of AI-driven vulnerability discovery. Federal prosecutors crack down on chip smuggling. Sweden says a pro-Russian cyber group attempted to disrupt power plant operations. A fake app in Apple’s App Store drains crypto wallets. Virginia bans the sale of precise geolocation data. Our guest is Johnny Hand, VP for AI Excellence at TrendAI, discussing AI operational discipline. Do you need to buy a separate seat for your AI agent?

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today on our Industry Voices segment, we are joined by ⁠Johnny Hand⁠, VP for AI Excellence at ⁠TrendAI⁠, discussing AI operational discipline and real-world cyber impact. If you enjoyed this conversation, check out the full interview here.

Selected Reading

Microsoft Patch Tuesday for April 2026 fixed actively exploited SharePoint zero-day (Security Affairs)

ICS Patch Tuesday: 8 Industrial Giants Publish New Security Advisories (SecurityWeek)

Adobe Patches 55 Vulnerabilities Across 11 Products (SecurityWeek)

CISA Workers Recalled Despite Shutdown (GovInfoSecurity)

CISA cancels summer internships for cyber scholarship students amid DHS funding lapse (CyberScoop)

Anthropic’s Mythos signals a structural cybersecurity shift (CSO Online)

We’re only seeing the tip of the chip-smuggling iceberg (CyberScoop)

Swedish power plant targeted by pro-Russian group in 2025, government says (Reuters)

Exclusive: Russia-linked hackers compromised scores of Ukrainian prosecutors’ email accounts, data shows (Reuters)

Users lose $9.5 million to fake Ledger wallet app on the Apple App Store (web3isgoinggreat)

Virginia enacts ban on precise geolocation data sales as momentum for similar prohibitions builds (The Record)

Microsoft exec suggests AI agents will need to buy software licenses, just like employees (Business Insider)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

France pushes digital sovereignty. Adobe rushes an Acrobat Reader patch. Booking.com confirms a targeted breach. SAP fixes a critical SQL injection bug. A sanctions-dodging fraud network resurfaces. ViperTunnel infiltrates U.S. and U.K. firms. GlassWorm spreads across developer tools. Researchers dissect Predator spyware’s kernel engine. A lawsuit challenges AI transcription in hospitals. Ted Shorter from Keyfactor unpacks quantum computing at scale. On our Threat Vector segment, David Moulton and ⁠Elad Koren⁠ pull back the curtain on agentic-first security. Preparing for post-quantum perils. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Ted Shorter, CTO and Co-Founder of Keyfactor, discussing the advent of quantum computing at scale, known as "Q-Day".

Threat Vector

Host David Moulton speaks with returning guest ⁠Elad Koren⁠, Vice President of Product Management for Cortex Cloud at ⁠Palo Alto Networks⁠ on this Threat Vector segment. Together they pull back the curtain on what an agentic-first security experience actually looks like in practice. This isn't a vision deck. The agents are already running. To listen to the full conversation, check it out here. Catch new episodes of Threat Vector every Thursday on your favorite podcast app.

Selected Reading

France Tees Up Big Public Sector Move Away From US Tech (BankInfo Security)

Adobe rolls out emergency fix for Acrobat, Reader zero-day flaw (Bleeping Computer)

Booking.com Confirms Data Breach as Hackers Access Customer Details (Hackread)

SAP Patches Critical ABAP Vulnerability (SecurityWeek)

Triad Nexus Evades Sanctions to Fuel Cybercrime (SecurityWeek)

Ransomware-Linked ViperTunnel Malware Hits UK and US Businesses (Hackread)

GlassWorm evolves with Zig dropper to infect multiple developer tools (Security Affairs)

Predator Spyware's iOS Kernel Exploitation Engine: PAC Bypass, NEON R/W & More (Jamf Threat Labs)

Lawsuit: AI Illegally Recorded Doctor-Patient Encounters (BankInfo Security)

World Quantum Day (WorldQuantimDay)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices