CyberWire Daily

Mythos leaks. The DOD preps a more aggressive cyber strategy. A former FBI cyber official urges homicide charges for hospital ransomware deaths. Lotus Wiper targeted the Venezuelan energy and utilities sector. Over 1,300 SharePoint servers remain unpatched against a spoofing vulnerability. The Harvester APT group deploys a new Linux version of its GoGra backdoor. A new LOTUSLITE backdoor targets India’s banking sector. The Mirai botnet exploits discontinued routers. Our guest is Brian Vecci, Field CTO at Varonis, discussing how organizations can safely adopt AI and autonomous agents. A satirical startup sells clean-room clones. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On today’s Industry Voices, Brian Vecci, Field CTO at Varonis, discusses how organizations can safely adopt AI and autonomous agents by securing data, managing risk, and focusing on measurable outcomes. If you enjoyed this conversation, tune into the full interview here.

Selected Reading

Anthropic’s Mythos Model Is Being Accessed by Unauthorized Users (Bloomberg)

Claude Mythos Finds 271 Firefox Vulnerabilities (SecurityWeek)

New Defense Department cyber strategy imminent, official says (The Record)

Pentagon Cyber Leaders Back $1.5T Budget Request (GovInfo Security)

Ex-FBI lead urges homicide charges against ransomware scum (The Register)

New Wiper Malware Targeted Venezuelan Energy Sector Prior to US Intervention (SecurityWeek)

Over 1,300 Microsoft SharePoint servers vulnerable to spoofing attacks (Bleeping Computer)

Harvester: APT Group Expands Toolset With New GoGra Linux Backdoor (SecurityWeek)

Same packet, different magic: Mustang Panda hits India's banking sector and Korea geopolitics (Acronis)

Mirai Botnet Targets Flaw in Discontinued D-Link Routers (SecurityWeek)

This AI Tool Rips Off Open Source Software Without Violating Copyright (404 Media)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Anthropic’s Mythos proves irresistible despite claimed supply chain risks.Iran claims U.S. backdoors hit its networks. New Coast Guard rules target maritime OT security. A fresh NGate Android malware variant emerges. Thousands of ActiveMQ servers face active exploitation risk. CISA adds eight flaws to its KEV list. Progress patches MOVEit and LoadMaster bugs. Attackers impersonate IT staff over Microsoft Teams. A ransomware negotiator admits working with BlackCat. Google Gemini asks, “May we see your photos please?”

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On today’s Industry Voices Elad Koren, Vice President, Product Management, Cortex Cloud at Palo Alto Networks, discusses building AI natively into platforms, managing complexity and trust, and taking a measured, experimental approach during the industry’s “messy middle” phase. If you enjoyed this conversation, tune into the full interview here.

Selected Reading

The US NSA is using Anthropic's Claude Mythos despite supply chain risk (Security Affairs)

Anthropic secretly installs spyware when you install Claude Desktop (That Privacy Guy)

Iran claims US used backdoors in networking equipment (The Register)

Maritime Cybersecurity Rules Make Waves (GovInfoSecurity)

New NGate variant hides in a trojanized NFC payment app (We Live Security)

Actively exploited Apache ActiveMQ flaw impacts 6,400 servers (Bleeping Computer)

CISA flags another Cisco Catalyst SD-WAN Manager bug as exploited (CVE-2026-20133) (Help Net Security)

Progress Patches Multiple Vulnerabilities in MOVEit WAF, LoadMaster (SecurityWeek)

Microsoft: Teams increasingly abused in helpdesk impersonation attacks (Bleeping Computer)

Florida Man Working as a Ransomware Negotiator Pleads Guilty to Conspiracy to Deploy Ransomware and Extort U.S. Victims (United States Department of Justice)

Google Starts Scanning All Your Photos As New Update Goes Live (Forbes)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Cloud platform Vercel confirms a data breach. Microsoft releases emergency updates to fix Windows Server restart loops. Bluesky gets DDoSed. Insurers keep close watch on an AI hiring discrimination suit. Cybersecurity workforce turnover rises. Scammers abuse Apple’s email notification system. A Scattered Spider member pleads guilty to SMS phishing and cryptocurrency theft. Monday business brief. Our guest is Melissa K. Smith, SVP, Global Strategic Partnerships and Initiatives at SentinelOne, discussing building a unified defense through strategic partnerships. A budget beacon briefly betrays a boat’s bearing. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today on our Industry Voices segment, we are joined by Melissa K. Smith, SVP, Global Strategic Partnerships and Initiatives at SentinelOne discussing building a unified defense through strategic partnerships. If you enjoyed this conversation, be sure to check out the full interview here.

Selected Reading

Vercel confirms breach as hackers claim to be selling stolen data (Bleeping Computer)

Microsoft releases emergency updates to fix Windows Server issues (Bleeping Computer)

Bluesky Disrupted by Sophisticated DDoS Attack (SecurityWeek)

Who is liable when artificial intelligence makes mistakes? (Financial Times)

Insurance carriers quietly back away from covering AI outputs (CSO Online)

Compensation vs. Burnout: The New Retention Calculus for Cybersecurity Leaders (Security Boulevard)

Watch out, hackers are abusing Apple account notifications to distribute malware, steal money and data (TechRadar)

British Scattered Spider Hacker Pleads Guilty in the US (SecurityWeek)

Business Briefing for 04.15.26 (CyberWire Pro)

Dutch navy frigate tracked by mailing it a Bluetooth tracker (The Register)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of Career Notes.

Jaya Baloo, a Chief Information Security Officer from Avast sits down to share her story, sharing how she got into the technology field at a younger age with being introduced to computers and games on her PS 24. She started off going to college for political science and after not knowing what to do after that, she got her first start in cybersecurity. After falling in love with cybersecurity she kept moving up the ranks in different organizations before finding herself at Avast. She shares that at Avast she leans on her team quite a bit and you should never be afraid to bounce ideas off of your teammates. She says "The best ideas come from like bouncing ideas off of each other, sharing within the group and then if I can't figure it out myself, that's why I hire these amazing individuals it's to help me figure it out." We thank Jaya for sharing her story.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Today we are joined by Dr. Darren Williams, Founder and CEO of BlackFog, to discuss his team's work on "Steaelite RAT Enables Double Extortion Attacks from a Single Panel." A new remote access trojan, Steaelite, is being marketed on underground forums as an all-in-one platform that combines remote access, credential theft, surveillance, and ransomware deployment through a single browser-based dashboard.

Unlike traditional cybercrime toolchains, it merges data exfiltration and ransomware capabilities into one interface, with automated credential harvesting beginning as soon as a victim is infected. The tool signals a growing shift toward streamlined “double extortion” attacks, where data theft and encryption happen within the same system—raising the stakes for defenders to stop threats before data is exfiltrated.

The research and executive brief can be found here:

Steaelite RAT Enables Double Extortion Attacks from a Single Panel

Learn more about your ad choices. Visit megaphone.fm/adchoices