FBI network breach, GitHub distributes stealer, Hackers abuse .arpa

Podcast Summary: Cybersecurity Headlines
Episode Title: FBI network breach, GitHub distributes stealer, Hackers abuse .arpa
Podcast: CISO Series
Date: March 9, 2026
Host: Steve Prentiss

Episode Overview

This episode covers crucial cybersecurity updates, including a network breach at the FBI, GitHub repositories spreading a data-stealing malware, and the abuse of ARPA and DNS infrastructure by hackers to evade phishing defenses. Other notable stories involve EU legal guidance on phishing refunds, malware attacks on New Jersey counties, North Korea’s novel AI-powered fraud tactics, significant Firefox vulnerabilities found by an LLM, and new details in a massive London transportation data breach.

Key Discussion Points & Insights

FBI Network Breach Investigation

[00:08]

Incident: The FBI is investigating a cybersecurity breach of the Digital Collection System Network, which is integral to the agency’s surveillance and intelligence gathering.
Discovery: The breach, discovered after irregular network behavior, occurred on February 17, 2026.
Entry Point: Attackers allegedly accessed the network via an Internet service provider serving as a vendor.
Implications: The hacked system links directly to sensitive investigative tools, raising concerns about the potential exposure of surveillance operations.

"The incident occurred on February 17th and was discovered after irregular network behaviour was witnessed." — Steve Prentiss [00:13]

GitHub Malware Campaign: Boriped Grab Stealer

[01:01]

Threat: Over 100 GitHub repositories were identified distributing "Boriped Grab" stealer (spelled B-O-R-Y-P-T G-R-A-B).
Functionality: The malware can harvest browser data, cryptocurrency wallets, system information, and user files, as well as assist in command-and-control communications.
Method: Threat actors use deceptive free software tools in ZIP archives, uploaded to GitHub since late 2025.
Trends: Researchers note increasing sophistication and prevalence of these campaigns, with evolving techniques exploiting trusted platforms.

"The Borit Grab campaign illustrates an evolving threat ecosystem targeting users through deceptive software downloads and fake GitHub repositories." — Steve Prentiss [01:20]

Abuse of ARPA, DNS, and IPv6 for Phishing

[01:36]

Technique: Threat actors leverage the IP6.ARPA reverse DNS TLD, traditionally used for IP address mapping, to point to fake IPv6 addresses and configure DNS records that aid phishing campaigns.
Research Source: Detailed by researchers at Infoblox.
Risk: This infrastructure trick enables more convincing phishing sites by abusing the basic mechanics of Internet addressing.

"Researchers at Infoblox described a campaign that uses the IP6 ARPA reverse DNS TLD to essentially point to faked IPv6 addresses..." — Steve Prentiss [01:45]

EU Court Advisor: Banks Should Compensate Phishing Victims

[02:07]

Development: Athanasios Rantos, Advocate General at the European Court of Justice, recommends that banks promptly refund unauthorized transactions, even if the customer was phished, unless fraud by the customer is suspected or proven.
Case Origin: A Polish lawsuit involving money stolen via a spoofed auction site.
Legal Context: Not a court ruling yet, but signals the possible direction for future EU decisions.

"The bank had initially refused, but Rantos stated that under European Union Directives bank can only do this if they have reasonable grounds to suspect customer fraud." — Steve Prentiss [02:30]

New Jersey County Targeted by Malware Attack

[04:09]

Victim: Passaic County, among New Jersey’s largest counties.
Impact: Malware disrupted government office phone lines and IT systems.
Pattern: Follows a trend of attacks on local governments, with several neighboring counties and cities already targeted.

"Passaic County... suffered a cyber attack that disrupted phone lines and IT systems used across government offices." — Steve Prentiss [04:13]

North Korea’s Generative AI-Fueled Fake Worker Schemes

[04:48]

Warning from: Microsoft Threat Intelligence.
Tactics: North Korean groups use AI to enhance creation of fake digital personas, apply for remote technical roles, and employ real-time voice modulation.
Goal: To maintain longer access at global companies and increase the scale and speed of infiltration.
AI Role: Labeled a "force multiplier" in creating more convincing identities rapidly.

"...AI a force multiplier in this pursuit by shortening the time it takes to create digital personas for specific job markets and roles, including impersonations and real-time voice modulation." — Steve Prentiss [05:08]

Claude AI Discovers 22 Firefox Vulnerabilities

[05:38]

Breakthrough: Anthropic’s Claude Opus 4.6 LLM, through its partnership with Mozilla, found 22 new vulnerabilities in Firefox, 14 of which were high severity.
Process: The AI model detected a "use after free" bug in 20 minutes, later confirmed by a human researcher.
Impact: All issues fixed in Firefox version 148.

"Anthropic said the LLM detected a use after free bug in the browser's JavaScript after just 20 minutes of exploration..." — Steve Prentiss [05:57]

New Details on 2024 Transport for London Data Breach

[06:23]

Update: Data breach affected over 7 million people, much higher than the initially reported 5,000.
Reason for Discrepancy: The lower figure focused only on customers whose Oyster card accounts may have involved banking data exposure.
Perpetrators: Two teens linked to the "Scattered Spider" group charged.

Notable Quotes & Memorable Moments

On FBI Breach:
"The incident occurred on February 17th and was discovered after irregular network behaviour was witnessed." — Steve Prentiss [00:13]
On evolving GitHub threats:
"The Borit Grab campaign illustrates an evolving threat ecosystem targeting users through deceptive software downloads and fake GitHub repositories." — Steve Prentiss [01:20]
On ARPA abuse:
"Researchers at Infoblox described a campaign that uses the IP6 ARPA reverse DNS TLD to essentially point to faked IPv6 addresses..." — Steve Prentiss [01:45]
On compensating phishing victims:
"...Rantos stated that under European Union Directives bank can only do this if they have reasonable grounds to suspect customer fraud." — Steve Prentiss [02:30]
On North Korea’s AI worker schemes:
"...AI a force multiplier in this pursuit by shortening the time it takes to create digital personas..." — Steve Prentiss [05:08]
On Claude AI and Firefox:
"Anthropic said the LLM detected a use after free bug in the browser's JavaScript after just 20 minutes of exploration..." — Steve Prentiss [05:57]

Timestamps of Key Segments

FBI Network Breach: 00:08–01:00
GitHub Boriped Grab Stealer: 01:01–01:36
ARPA/DNS Abuse for Phishing: 01:36–02:07
EU Court Advisor on Phishing Refunds: 02:07–03:23
NJ County Malware Attack: 04:09–04:48
North Korean AI-Powered Worker Scheme: 04:48–05:38
Claude Finds Firefox Vulnerabilities: 05:38–06:23
Transport for London Breach Update: 06:23–End

Tone & Language

The tone remains urgent, matter-of-fact, and technical, consistent with the CISO Series’ journalistic style. Steve Prentiss delivers direct reporting with concise explanations and citations from researchers and officials, targeting a security-aware audience.

This episode offers a compact yet comprehensive update on the shifting landscape of threats, regulations, and technological advancements in cybersecurity as of early March 2026.

Episode Overview

Key Discussion Points & Insights

FBI Network Breach Investigation

[00:08]

Incident: The FBI is investigating a cybersecurity breach of the Digital Collection System Network, which is integral to the agency’s surveillance and intelligence gathering.
Discovery: The breach, discovered after irregular network behavior, occurred on February 17, 2026.
Entry Point: Attackers allegedly accessed the network via an Internet service provider serving as a vendor.
Implications: The hacked system links directly to sensitive investigative tools, raising concerns about the potential exposure of surveillance operations.

"The incident occurred on February 17th and was discovered after irregular network behaviour was witnessed." — Steve Prentiss [00:13]

GitHub Malware Campaign: Boriped Grab Stealer

[01:01]

Threat: Over 100 GitHub repositories were identified distributing "Boriped Grab" stealer (spelled B-O-R-Y-P-T G-R-A-B).
Functionality: The malware can harvest browser data, cryptocurrency wallets, system information, and user files, as well as assist in command-and-control communications.
Method: Threat actors use deceptive free software tools in ZIP archives, uploaded to GitHub since late 2025.
Trends: Researchers note increasing sophistication and prevalence of these campaigns, with evolving techniques exploiting trusted platforms.

"The Borit Grab campaign illustrates an evolving threat ecosystem targeting users through deceptive software downloads and fake GitHub repositories." — Steve Prentiss [01:20]

Abuse of ARPA, DNS, and IPv6 for Phishing

[01:36]

Technique: Threat actors leverage the IP6.ARPA reverse DNS TLD, traditionally used for IP address mapping, to point to fake IPv6 addresses and configure DNS records that aid phishing campaigns.
Research Source: Detailed by researchers at Infoblox.
Risk: This infrastructure trick enables more convincing phishing sites by abusing the basic mechanics of Internet addressing.

"Researchers at Infoblox described a campaign that uses the IP6 ARPA reverse DNS TLD to essentially point to faked IPv6 addresses..." — Steve Prentiss [01:45]

EU Court Advisor: Banks Should Compensate Phishing Victims

[02:07]

Development: Athanasios Rantos, Advocate General at the European Court of Justice, recommends that banks promptly refund unauthorized transactions, even if the customer was phished, unless fraud by the customer is suspected or proven.
Case Origin: A Polish lawsuit involving money stolen via a spoofed auction site.
Legal Context: Not a court ruling yet, but signals the possible direction for future EU decisions.

"The bank had initially refused, but Rantos stated that under European Union Directives bank can only do this if they have reasonable grounds to suspect customer fraud." — Steve Prentiss [02:30]

New Jersey County Targeted by Malware Attack

[04:09]

Victim: Passaic County, among New Jersey’s largest counties.
Impact: Malware disrupted government office phone lines and IT systems.
Pattern: Follows a trend of attacks on local governments, with several neighboring counties and cities already targeted.

"Passaic County... suffered a cyber attack that disrupted phone lines and IT systems used across government offices." — Steve Prentiss [04:13]

North Korea’s Generative AI-Fueled Fake Worker Schemes

[04:48]

Warning from: Microsoft Threat Intelligence.
Tactics: North Korean groups use AI to enhance creation of fake digital personas, apply for remote technical roles, and employ real-time voice modulation.
Goal: To maintain longer access at global companies and increase the scale and speed of infiltration.
AI Role: Labeled a "force multiplier" in creating more convincing identities rapidly.

"...AI a force multiplier in this pursuit by shortening the time it takes to create digital personas for specific job markets and roles, including impersonations and real-time voice modulation." — Steve Prentiss [05:08]

Claude AI Discovers 22 Firefox Vulnerabilities

[05:38]

Breakthrough: Anthropic’s Claude Opus 4.6 LLM, through its partnership with Mozilla, found 22 new vulnerabilities in Firefox, 14 of which were high severity.
Process: The AI model detected a "use after free" bug in 20 minutes, later confirmed by a human researcher.
Impact: All issues fixed in Firefox version 148.

"Anthropic said the LLM detected a use after free bug in the browser's JavaScript after just 20 minutes of exploration..." — Steve Prentiss [05:57]

New Details on 2024 Transport for London Data Breach

[06:23]

Update: Data breach affected over 7 million people, much higher than the initially reported 5,000.
Reason for Discrepancy: The lower figure focused only on customers whose Oyster card accounts may have involved banking data exposure.
Perpetrators: Two teens linked to the "Scattered Spider" group charged.

Notable Quotes & Memorable Moments

On FBI Breach:
"The incident occurred on February 17th and was discovered after irregular network behaviour was witnessed." — Steve Prentiss [00:13]
On evolving GitHub threats:
"The Borit Grab campaign illustrates an evolving threat ecosystem targeting users through deceptive software downloads and fake GitHub repositories." — Steve Prentiss [01:20]
On ARPA abuse:
"Researchers at Infoblox described a campaign that uses the IP6 ARPA reverse DNS TLD to essentially point to faked IPv6 addresses..." — Steve Prentiss [01:45]
On compensating phishing victims:
"...Rantos stated that under European Union Directives bank can only do this if they have reasonable grounds to suspect customer fraud." — Steve Prentiss [02:30]
On North Korea’s AI worker schemes:
"...AI a force multiplier in this pursuit by shortening the time it takes to create digital personas..." — Steve Prentiss [05:08]
On Claude AI and Firefox:
"Anthropic said the LLM detected a use after free bug in the browser's JavaScript after just 20 minutes of exploration..." — Steve Prentiss [05:57]

Timestamps of Key Segments

FBI Network Breach: 00:08–01:00
GitHub Boriped Grab Stealer: 01:01–01:36
ARPA/DNS Abuse for Phishing: 01:36–02:07
EU Court Advisor on Phishing Refunds: 02:07–03:23
NJ County Malware Attack: 04:09–04:48
North Korean AI-Powered Worker Scheme: 04:48–05:38
Claude Finds Firefox Vulnerabilities: 05:38–06:23
Transport for London Breach Update: 06:23–End

Tone & Language

This episode offers a compact yet comprehensive update on the shifting landscape of threats, regulations, and technological advancements in cybersecurity as of early March 2026.

wavePod

Get Free Podcast Summaries in Your Inbox

Pick Your Shows

Subscribe Free

Get Instant Summaries

Summary

Episode Overview

Key Discussion Points & Insights

FBI Network Breach Investigation

GitHub Malware Campaign: Boriped Grab Stealer

Abuse of ARPA, DNS, and IPv6 for Phishing

EU Court Advisor: Banks Should Compensate Phishing Victims

New Jersey County Targeted by Malware Attack

North Korea’s Generative AI-Fueled Fake Worker Schemes

Claude AI Discovers 22 Firefox Vulnerabilities

New Details on 2024 Transport for London Data Breach

Notable Quotes & Memorable Moments

Timestamps of Key Segments

Tone & Language

Summary

Episode Overview

Key Discussion Points & Insights

FBI Network Breach Investigation

GitHub Malware Campaign: Boriped Grab Stealer

Abuse of ARPA, DNS, and IPv6 for Phishing

EU Court Advisor: Banks Should Compensate Phishing Victims

New Jersey County Targeted by Malware Attack

North Korea’s Generative AI-Fueled Fake Worker Schemes

Claude AI Discovers 22 Firefox Vulnerabilities

New Details on 2024 Transport for London Data Breach

Notable Quotes & Memorable Moments

Timestamps of Key Segments

Tone & Language