A

You Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at meter.com CST A U.S. congressional Budget Office breach raises national security concerns Microsoft Teams chat feature exploited in phishing attacks AI in the kill chain Google flags just in time, LLM malware that mutates mid execution and veterans return to defend Canada's digital front lines. This is Cybersecurity Today. I'm your host Jim Love. The U.S. congressional Budget Office has confirmed a cybersecurity incident that's under federal investigation. The agency hasn't named an attacker or disclosed a full timeline, but the Washington Post reports investigators believe attackers may have accessed internal email and chat communications between the CBO and other government offices. The CBO produces sensitive fiscal and policy analysis used to brief lawmakers. Access to those communications could give adversaries early visibility into budget and legislative processes and potentially expose deliberations or informal discussions that influence policy outcomes. Officials are urging caution across government and contractor networks. Any offices that receive messages purporting to be from the CBO addresses should verify the sender's legitimacy before acting, whether the message arrives by email, voice or or text. The Washington Post also reported the compromise may include internal chat logs, increasing the scope of information at risk. The CBO said it's taken affected systems offline and is working with federal cybersecurity partners to contain the incident and assess the impact. For a relatively small office, it's a blunt reminder that the attack surface now includes back office communications and that verification of official messages has become part of operational security. And speaking of making offices vulnerable, Microsoft's Chat with Anyone feature in Teams was intended to simplify external collaboration by letting users message anyone with an email address. Security researchers now warn that the same convenience creates a new attack. Surface Cybersecurity news reports attackers are using the features to send malicious links and payloads from accounts that look like legitimate Microsoft users. Because the traffic routes through Microsoft's infrastructure and domains, many filters might treat it as trusted, allowing phishing lures to reach employees with fewer roadblocks than traditional email attacks. Admins can, and probably should limit exposure. A Teams administrator can disable external federation with PowerShell or turn off Teams Consumer chat in the Teams Admin Center. Until stronger Identity and Providence controls are in place, organizations should treat unsolicited Teams chats from external addresses with the same skepticism they apply to email. Google's threat Intelligence Group says we've moved beyond simple vibe coding and and into a much more mature phase of attacker tradecraft Malware that calls large language models during execution to change itself on the fly. Google Threat intelligence group, or GTIG, highlights Prompt Flux, a VBScript dropper that uses the Gemini API at runtime to request code rewrites, effectively producing a metamorphic payload that regenerates and obfuscates itself to evade static signatures and behavioral detections. GTIG's analysis identifies a thinking robot module in some Prompt Flux samples. The module sends narrow scoped prompts to Gemini 1.5 flash latest, receives only code in return, then writes that code to a persistent path such as the Windows Startup folder. Some variants reportedly regenerate their source hourly, and the malware uses hard coded API access to call the model and log responses. Importantly, the model is not embedded locally. The malware relies on remote API calls to perform runtime obfuscation and adaptation. Google frames this as an early sign of AI being integrated into the execution phase of attacks, not just used for lure creation. GTIG's broader report also references Prompt Steal, which queries an LLM through hugging face to generate real time reconnaissance and data collection commands, showing that AI driven tactics are appearing across multiple stages of the kill chain. For defenders, that means expanding visibility, monitoring outbound traffic to public LLM endpoints, restrict or rotate API keys, detect self modifying scripts, and focus on anomaly based rather than purely signature based detection. Attackers and defenders are now drawing from the same AI toolset and that changes everything about speed, scale and adaptability. And as Tuesday marks Remembrance Day in Canada, the organization Coding for Veterans is approaching its 1000th student enrollment. It's an example of how veteran skills are being redeployed to meet an urgent national need. The program is run in partnership with the University of Ottawa's Professional Development Institute, and it retrains Canadian Armed Forces members and veterans for careers in cybersecurity, secure software development and generative AI operations. Veterans bring traits that map directly to cyber work disciplined processes, clear chain of command, thinking and resilience under pressure, as well as a mission focus delivered entirely online, the program bundles technical training, certification, prep and career transition services. Graduates have found placements in finance, government and security firms, and many are now mentoring new recruits entering the field. Executive Director Jeff Mussen says reaching this milestone reflects both demand from industry and the need for trained defenders. With ransomware costs in Canada averaging more than a million dollars and a tax on critical infrastructure continuing to rise, Coding for Veterans is turning battlefield experience into digital resilience, building a core of defenders who once protected the nation in uniform and now protected online. And that's our show. Once again we'd like to thank Meter for their support in bringing you this podcast. Meter delivers full stack networking infrastructure, wired, wireless and cellular to leading enterprises and working with their partners, Meter Designs deploys and manage everything required to get performant, reliable and secure connectivity in a space. They design the hardware, the firmware, they build the software, manage deployments and run support. It's a single integrated solution that scales from branch offices, warehouses and large campuses all the way to data centers. Book a demo@meter.com CST that's M-E-T-E-R.com CST if you're wondering where David went, he's been on vacation. He actually does take one, but he'll be back filling in for me on Wednesday. You can reach us with tips, comments or constructive Criticism@technewsday ca or.com I'm your host, Jim Love. Thanks for listening.