Attackers found a new way around MFA. - CyberWire Daily

Summary6 min read

CyberWire Daily – Episode Summary

Episode Title: Attackers found a new way around MFA
Date: May 26, 2026
Host: N2K Networks (Dave Bittner & Maria Vermazes)
Special Guest: Curtis Minder, author of "Cyber: My Life in Cyber Espionage and Ransomware Negotiation"

Episode Overview

This episode provides an industry-wide update on critical cyber threats, new techniques bypassing multi-factor authentication (MFA), the accelerating impact of AI on both attack and defense, and current trends in cyber risk management. It also features an in-depth interview with Curtis Minder, who discusses operational security (OPSEC), ransomware negotiation, and insights from his new book.

Key Discussion Points

1. New Phishing Method Bypasses MFA (00:43–06:07)

FBI Warning on Kali365:
The FBI alerts that attackers are using a "phishing-as-a-service" platform called Kali365 to hijack Microsoft 365 accounts.
- Mechanism: Attackers abuse the OAuth device code flow, often used for devices unable to enter full credentials (e.g., smart TVs). Attackers obtain a device code, trick victims into entering it at the legit Microsoft login page, and then complete MFA. The attacker receives a valid session token, bypassing the need for passwords or MFA.
- "Device code phishing is rapidly becoming a preferred method for compromising cloud identities and bypassing traditional MFA protections." — Maria Vermazes [05:24]
- Tools: Kali365 provides adversary-in-the-middle (AitM) features, real-time victim tracking, and AI-generated phishing lures.
- Recommendations: Restrict device code authentication and audit for unauthorized device registrations.

2. AI Compresses Vulnerability Remediation Windows (06:07–07:59)

India's CERT-In Guidance:
Organizations must patch critical vulnerabilities within 12 hours (external) and one day (high-value systems), as AI accelerates the pace of attacks.
- AI Use: Generative models and autonomous agents speed up reconnaissance, phishing, malware creation, and exploitation.
- Data-driven Prioritization: Emphasis on real attack data, like known exploited vulnerabilities, over generic severity scores.
- "AI is compressing the gap between disclosure and exploitation, leaving defenders with far less time to respond." — Maria Vermazes [06:57]

3. Iranian Hackers Blend AI and SEO Poisoning (07:59–09:19)

Nimbus Manticore Campaign:
- IRGC-affiliated group involved in phishing + SEO poisoning to hit aviation targets.
- Created fake download sites, used AI-developed backdoors (Minifast), and mimicked normal browser traffic to evade detection.
- Attackers scale old techniques with AI and search manipulation.
- "State-aligned actors are blending traditional phishing with search manipulation and AI-assisted malware development to scale attacks." — Maria Vermazes [07:08]

4. Claude Mythos AI Uncovers Open Source Weaknesses (09:19–10:13)

Anthropic’s Model:
- Identified 23,000+ vulnerabilities in 1,000+ open-source projects (incl. Firefox & Chrome ecosystems), with over 1,000 critical findings.
- Only a fraction are patched due to resource constraints.
- "AI-driven vulnerability discovery could significantly increase the pace and scale of flaw identification—while also adding pressure on overloaded patching processes." — Maria Vermazes [08:02]

5. Bug Bounty Economics Shift Under AI Pressure (10:13–11:21)

AI tools accelerate bug discovery, but human triage and fixing processes lag.
HackerOne cut payouts for medium flaws dramatically amid a backlog.
“The real bottleneck is no longer discovering flaws, but verifying and fixing them efficiently.” — Maria Vermazes [09:13]
Open-source maintainers like Daniel Stenberg and Linus Torvalds warn about unmanageable AI-generated reports.

6. Supply Chain Attacks on GitHub (11:21–12:04)

Megalodon Campaign:
- Attacked 5,000+ GitHub repos via malicious GitHub Actions/workflows (not app code).
- Attack spread rapidly using fake pull requests, bot identities, and encoded payloads.
- Challenging to detect through standard code review processes.

7. Enterprise Vulnerability and Bulletproof Hosting Busts (12:04–14:25)

Learning Management System (LMS) Zero-Day:
- Mandiant reports attackers exploiting shared cryptographic keys in enterprise LMS, deploying web shells and custom backdoors.
Dutch Bulletproof Hosting Arrests:
- Two arrested for providing services to Russian cybercriminals while circumventing EU sanctions. Over 800 servers seized.
- "The case underscores growing scrutiny on infrastructure providers accused of enabling cybercrime and state-aligned influence operations." — Maria Vermazes [12:07]

8. FTC Action on AI Privacy Claims (14:25–14:56)

Cox Media Group Fined:
- Companies falsely claimed AI-powered ads listened via smart devices. Actually, they resold email lists. Banned from misrepresenting capabilities.
- "The case highlights increasing regulatory scrutiny of AI marketing claims and consumer privacy practices." — Maria Vermazes [13:23]

9. Business Briefing: Cyber Investment & M&A (14:56–15:49)

Major Deals:
- Socket raises $60M (Series C), Ocean (email security) gets $28M, Quantum Safe firm $8M.
- Akamai acquires LayerX ($209M), Sierra acquires Genie Security ($50M).
- AI security platforms, supply chain protection, and threat intelligence in focus.

Interview: Curtis Minder on Espionage, Ransomware, and his New Book (17:31–23:22)

Structure & Motivation:

Curtis Minder shares his journey writing "Cyber: My Life in Cyber Espionage and Ransomware Negotiation."
- Saw need to inform public that "companies doing this kind of cyber espionage work exist." — Curtis Minder [17:33]
- Wanted the book to serve both newcomers and industry veterans, balancing tactical learning and storytelling.

Book Organization:

Chapters cover the “who, what, where, when, how” of cyber threat actors, espionage, and operational methods.
“Each chapter was: here are the bad guys...here's why we're spying on them and how… and here's where we're spying on them.” — Curtis Minder [18:11]
OPSEC (operational security) for individuals and organizations is a central, detailed chapter.
- Offers practical steps for analysts and high-profile individuals, not just theory.

Ransomware Negotiation Insights:

Minder discusses specifics of negotiating with adversaries, how threat actors function like businesses, and recounts real-life cases.
- "They operate a lot like a business themselves, and...the inner workings of all that." — Curtis Minder [21:15]

Imposter Syndrome and Community Acknowledgement:

Minder features profiles of respected colleagues to combat imposter syndrome and highlight key contributors to the field.

AI’s Role in Espionage and Crime:

Recognizes AI’s growing presence: initially for basic content creation, now for phishing, and even negotiation.
- "We’ve even had a couple of cases where we believe they were using AI in the negotiations." — Curtis Minder [21:52]

Intended Audience and Call to Action:

Written with security leaders, CISOs, and board members in mind—helping them build context for decision-making and better cyber hygiene.
- “Better awareness of the risk and just improved cyber hygiene…almost like a civic responsibility.” — Curtis Minder [23:06]

Notable Quotes & Memorable Moments

Maria Vermazes [05:24]: "Device code phishing is rapidly becoming a preferred method for compromising cloud identities and bypassing traditional MFA protections."
Curtis Minder [18:11]: “Each chapter was here are the bad guys that we're dealing with and here's why they're doing what they're doing and here's why we're spying on them and here's how we're spying on them.”
Maria Vermazes [06:57]: "AI is compressing the gap between disclosure and exploitation, leaving defenders with far less time to respond."
Dave Bittner [21:52]: "We’ve even had a couple of cases where we believe they were using AI in the negotiations."
Curtis Minder [23:06]: “Better awareness of the risk and just improved cyber hygiene…almost like a civic responsibility.”

Important Timestamps

00:43–06:07 — Kali365, device code MFA bypass techniques
06:07–07:59 — AI speeds up attacks, CERT-In guidance
07:59–09:19 — Iran's blended phishing, SEO, and AI campaign
09:19–10:13 — Anthropic AI vulnerability discovery
10:13–11:21 — Bug bounty changes, AI-driven reporting backlog
11:21–12:04 — Massive GitHub supply chain attack (Megalodon)
12:04–14:25 — LMS zero-day, bulletproof hosting takedown, FTC actions
14:56–15:49 — Cybersecurity funding and M&A updates
17:31–23:22 — Interview with Curtis Minder on his book, OPSEC, and negotiating with adversaries

Episode Tone

Clear, urgent, and practical—explaining fast-moving threats while emphasizing real-world impact and actionable advice for professionals and non-specialists alike.

For further resources and links, refer to the CyberWire Daily Briefing at thecyberwire.com.

Loading summary

Transcript113 lines

[00:02]
Indeed Representative
You're listening to the CyberWire network, powered by N2K.
[00:13]
Dave Bittner
Looking to understand the cybersecurity risks emerging beyond Earth's atmosphere? In the weekly Signals in Space newsletter, T Minus host Maria Vermazes and producer Ethan Cook connect the dots between terrestrial
[00:26]
Maria Vermazes
infrastructure and the growing attack surface in space.
[00:30]
Dave Bittner
Each week you'll get the latest space
[00:31]
Maria Vermazes
cyber headlines, direct access to the week's
[00:34]
Dave Bittner
T Minus podcast conversation, plus expert insights and resources to help security professionals better
[00:41]
Maria Vermazes
understand this rapidly evolving domain.
[00:44]
Dave Bittner
Space systems are becoming critical Infrastructure Signals
[00:47]
Maria Vermazes
in Space helps you stay ahead of the threats shaping the next frontier.
[00:52]
Dave Bittner
Subscribe now to the Signals in Space newsletter. Foreign. No, it's not your imagination.
[01:11]
Maria Vermazes
Risk and regulation really are ramping up,
[01:13]
Dave Bittner
and these days customers expect proof of
[01:16]
Maria Vermazes
security before they'll even do business. That's where Vanta comes in.
[01:21]
Dave Bittner
Vanta automates your compliance process and brings
[01:24]
Maria Vermazes
compliance, risk and customer trust together on one AI powered platform.
[01:29]
Dave Bittner
So whether you're getting ready for a SoC2 or managing an enterprise governance risk
[01:34]
Maria Vermazes
and compliance program, Vanta helps keep you secure and keeps your deals moving.
[01:40]
Dave Bittner
Companies like Ramp and RYTR spend 82% less time on audits with Vanta.
[01:45]
Maria Vermazes
That means less time chasing paperwork and more time focused on growth.
[01:50]
Dave Bittner
For me, it comes down to this.
[01:51]
Maria Vermazes
Over 10,000 companies, from startups to large enterprises, trust Vanta to help prove their security. Get started@vanta.com cyber.
[02:17]
Dave Bittner
The FBI warns attackers are abusing Microsoft OAuth authentication India pushes faster patching as AI speeds up cyber attacks. Iranian hackers blend phishing with SEO poisoning anthropic graphics AI finds thousands of open source flaws while AI also reshapes bug bounties and fuels supply chain attacks hitting thousands of GitHub repos plus a new LMS zero day bulletproof hosting arrests in the Netherlands, FTC action over bogus active listening claims, and another busy week for cyber funding and M and A. Our guest is Curtis Minder discussing his new book Cyber My Life in Cyber Espionage and Ransomware Negotiation.
[03:00]
Maria Vermazes
And please regard all searches for disregard.
[03:13]
Dave Bittner
It's Tuesday, may 26, 2026.
[03:16]
Maria Vermazes
I'm dave bittner and this is your cyberwire intel briefing.
[03:35]
Dave Bittner
Thanks for joining us here today.
[03:36]
Maria Vermazes
It's great as always to have you with us. The FBI is warning about Kali365, a phishing as a service platform that helps attackers hijack Microsoft 365 accounts by abusing OAuth device code authentication. The platform reportedly emerged in April and is marketed through telegram channels to lower skilled cybercriminals. Kali365 exploits Microsoft's legitimate OAuth 2.0 device authorization flow, which was designed for devices like smart TVs and printers that cannot easily enter credentials. Attackers generate a device code, then trick victims into entering it at Microsoft's login portal. Once the victim completes multi factor authentication, attackers receive valid OAUTH session tokens and gain access without needing passwords or MFA codes. Researchers at arctic wolf say. Kali365 also offers adversary in the middle capabilities, real time victim tracking and AI generated phishing lures. The FBI recommends restricting device code authentication and auditing unauthorized device registrations. Device code phishing is rapidly becoming a preferred method for compromising cloud identities and bypassing traditional MFA protections. India's Certin is urging organizations to patch actively exploited Internet facing vulnerabilities within 12 hours, warning that artificial intelligence is dramatically shortening attacker timelines. New guidance published May 25 says generative AI, large language models and autonomous agents are accelerating reconnaissance, phishing, malware creation and vulnerability discovery. The framework sets risk based remediation targets, including one day for critical external flaws and three days for critical internal vulnerabilities affecting high value systems. Certin also recommends prioritizing known exploited vulnerabilities and exploit prediction scoring system data over severity ratings alone. AI is compressing the gap between disclosure and exploitation, leaving defenders with far less time to respond. The guidance also emphasizes securing AI systems themselves and maintaining rapid incident reporting procedures.
[06:07]
Dave Bittner
Iran linked threat actor Nimbus Manticore is
[06:11]
Maria Vermazes
targeting aviation organizations with a new phishing and search engine optimization poisoning campaign designed to spread malware, according to Checkpoint Research. The IRGC affiliated group operated in multiple waves between between February and April, overlapping with the US Military's Operation Epic Fury campaign. Researchers say the group impersonated aviation companies and software vendors across the U.S. europe and the Middle East. In April, the attackers introduced fake Oracle SQL developer download sites packed with search keywords to rank highly in search engines. The campaign also delivered a new AI developed backdoor called Minifast and which disguises command and control traffic as Chrome browser activity. The operation shows how state aligned actors are blending traditional phishing with search manipulation and AI assisted malware development to scale attacks against critical sectors. Anthropic says its Claude Mythos AI model
[07:17]
Dave Bittner
has identified thousands of severe vulnerabilities across
[07:20]
Maria Vermazes
more than 1000 open source software projects. The company reports more than 23,000 potential findings with external reviewers confirming over 1700 vulnerabilities, including more than 1000 rated high or critical severity. The model, available to select organizations through Project Glasswing, has reportedly helped researchers uncover flaws in projects including Firefox and Chrome related software ecosystems. Anthropic says only a fraction of identified issues have been patched so far, citing disclosure timelines and strained security resources.
[08:00]
Dave Bittner
The findings highlight how AI driven vulnerability
[08:03]
Maria Vermazes
discovery could significantly increase the pace and scale of software flaw identification while also adding pressure to already overloaded patching and disclosure processes,
[08:16]
Dave Bittner
researchers say.
[08:16]
Maria Vermazes
The economics of bug bounty hunting are rapidly changing as AI accelerates vulnerability discovery and floods maintainers with security, reports. HackerOne's Internet bug bounty program recently cut payouts, sharply reducing rewards for medium severity flaws from roughly $1,800 to under $300. While the program remains paused amid a processing backlog.
[08:43]
Dave Bittner
Security researchers told the Register that AI
[08:46]
Maria Vermazes
assisted tools are producing higher quality findings at a much greater scale, creating pressure on open source maintainers who still must manually validate, deduplicate and remediate, reports Curl founder Daniel Stenberg and Linux maintainer Linus Torvalds. Both warned that AI generated vulnerability submissions are becoming difficult to manage, researchers say. The real bottleneck is no longer discovering flaws, but verifying and fixing them efficiently,
[09:19]
Dave Bittner
researchers say.
[09:20]
Maria Vermazes
An automated supply chain campaign dubbed Megalodon compromised more than 5,000 GitHub repositories by injecting malicious GitHub actions, workflows through fake pull requests and forged bot identities, according to SafeDEP. The attackers used base 64 encoded bash payloads designed to steal cloud credentials, SSH keys, OpenID Connect tokens and secrets exposed inside development environments. The campaign reportedly executed more than 5,700 malicious commits in a six hour period and targeted repositories tied to projects including Tile Desk and Black Iron project. Researchers say the malware spread through poisoned workflow files rather than altered application code, making detection more difficult during routine package reviews.
[10:14]
Dave Bittner
Security firms warn the operation reflects a
[10:17]
Maria Vermazes
growing wave of large scale software supply chain attacks targeting continuous integration and delivery pipelines. Mandiant reports that attackers exploited a zero day vulnerability in the Knowledge Deliver Learning Management system to deploy web shells and a Cobalt Strike backdoor. The flaw stemmed from hard coded ASP NET machine keys shared across deployments, enabling view state deserialization attacks. Researchers say the attackers deployed Godzilla web shells, modified application files and delivered fake plug in alerts before installing additional malware. Mandiant believes the final backdoor payload was customized for the targeted organization because its encryption key included the victim's name. The incident highlights the risks of shared cryptographic secrets across enterprise software deployments and the continued abuse of ASP Net deserialization flaws for post exploitation access.
[11:22]
Dave Bittner
Dutch authorities have arrested two men accused of operating companies that allegedly provided bulletproof
[11:27]
Maria Vermazes
hosting services to Russian threat actors while evading European Union sanctions. According to the Dutch Fiscal Information and Investigation Service. Investigators seized more than 800 servers during raids at multiple locations and data centers across the Netherlands. Officials say one suspect operated a Dutch front company tied to a sanctioned hosting provider linked to disinformation and cyber attacks targeting EU members. Investigators allege the second suspect maintained infrastructure that kept the services operational after sanctions took effect.
[12:04]
Dave Bittner
The case underscores growing scrutiny on infrastructure
[12:07]
Maria Vermazes
providers accused of enabling cybercrime, distributed denial of service attacks and state aligned influence operations despite international sanctions. The Federal Trade Commission says Cox Media Group and two partner firms will pay
[12:24]
Dave Bittner
$930,000 to settle Alleg.
[12:28]
Maria Vermazes
They falsely marketed an AI powered advertising service that supposedly listened to conversations captured by smart devices, regulators allege. The companies claimed consumers had opted into the service and that advertisers could target localized ads based on voice data collected in real time. According to the ftc, the active listening product did not actually use voice data. Instead, the firms reportedly resold email lists purchased from data brokers. While misleading customers about the service's capabilities and consumer consent practices, the settlement bars the companies from misrepresenting advertising features, geographic targeting or the collection and use of consumer voice data. The case highlights increasing regulatory scrutiny of AI marketing claims and consumer privacy practices.
[13:24]
Dave Bittner
The notion that your mobile device is
[13:26]
Maria Vermazes
actively listening to you is a conspiracy theory that sadly refuses to die.
[13:34]
Dave Bittner
Turning to our Monday business breakdown, cybersecurity
[13:37]
Maria Vermazes
investment actively remained strong last week, led by socket, which raised $60 million in Series C funding at a reported $1 billion valuation. Other notable raises include Israeli email security Startup Ocean with $28 million, Quantum Safe Security firm Quantum Bridge with $8 million and offensive security startup Hacktron with $2.9 million. The mergers and acquisitions market also remained active. Akamai agreed to acquire Israeli browser security company LayerX for $209 million, while Sierra acquired Genie Security for a reported $50 million. Additional deals involved Security Scorecard, Blackbox and Torc.
[14:25]
Dave Bittner
The funding and acquisition activity reflects continued investor focus on AI, native security platforms,
[14:32]
Maria Vermazes
software, supply chain protection and threat intelligence capabilities as organizations adapt to evolving cyber risks.
[14:41]
Dave Bittner
Be sure to check out our weekly business briefing that's part of Cyberwire Pro.
[14:45]
Maria Vermazes
You can find that on our website.
[14:57]
Dave Bittner
Coming up after the break, my conversation
[14:59]
Maria Vermazes
with Curtis Minder, author of the new
[15:01]
Dave Bittner
book Cyber My Life in Cyber Espionage and Ransomware Negotiation. And please disregard all searches for disregard.
[15:12]
Maria Vermazes
Stick around. Foreign. Most environments trust far more than they should and attackers know it. Threat Locker solves that by enforcing default deny at the point of execution. With Threat Locker allow listing, you stop unknown executables cold. With ring Fencing, you control how trusted applications behave, and with Threat Locker DAC defense against configurations, you get real assurance
[15:50]
Dave Bittner
that your environment is free of misconfigurations
[15:52]
Maria Vermazes
and clear visibility into whether you meet compliance standards. ThreatLocker is the simplest way to enforce zero trust principles without the operational pain. It's powerful protection that gives CISOs real visibility, real control, and real peace of mind. ThreatLocker makes zero trust attainable even for small security teams.
[16:13]
Dave Bittner
See why thousands of organizations choose Threat
[16:15]
Maria Vermazes
Locker to minimize alert fatigue, stop ransomware at the source, and regain control over their environments. Schedule your demo@threatlocker.com N2K today.
[16:35]
Dave Bittner
When it comes to mobile application security, good enough is a risk. A recent Survey shows that 72% of organizations reported at least one mobile application
[16:45]
Maria Vermazes
security incident last year, and 92% of responders reported threat levels have increased in the past two years. Guard Square delivers the highest level of security for your mobile apps without compromising performance, time to market or user experience. Discover how Guard Square provides industry leading security for your Android and iOS apps at www.guardsquare.com. Curtis Minder is author of the new book Cyber Recon My Life in Cyber Espionage and Ransomware Negotiation. Here's our conversation.
[17:31]
Curtis Minder
I been interviewed by the media, including yourself, many times and occasionally after those interviews people would say, I didn't realize that there were companies doing this kind of work, cyber espionage type of work. You should write a book about that. A lot of people don't realize that this is a thing. Richard Steening, who's a close friend and mentor of mine, who's written many books, I'm sure you know Richard, he introduced me to his publisher and the publisher in the first conversation offered me a contract. So it kind of just fell in my lap.
[18:02]
Dave Bittner
Well, take us through how you decided to organize this because this book is
[18:08]
Maria Vermazes
really packed with a lot of good information.
[18:11]
Curtis Minder
Yeah, I wanted to take the audience through sort of first give basic context the readers through basic context of the industry and why this type of industry inside the cyber industry exists and then kind of go through the who, what, where, when, how components of that. That's kind of how I did each chapter. Each chapter was here are the bad guys that we're dealing with and here's why they're doing what they're doing and here's why we're spying on them and here's how we're spying on them. And here's where we're spying on them. And each chapter kind of addresses all of those things. And then of course, I have a chapter on the ransomware negotiation component. The longest chapter in the book is on operational security for an individual or an organization, which I think is pretty powerful.
[18:51]
Dave Bittner
Yeah. I mean, it strikes me that it's not just a review of what's been done and how it's done, but it's also a practical guide for a lot
[18:59]
Maria Vermazes
of folks out there.
[19:00]
Curtis Minder
That was the hope to write it. So that was broad enough that someone who's new to the cybersecurity industry could gain something from it and potentially learn something tactical, but also have enough context and storytelling that the veterans of the industry are entertained by it. And I think I walked that line pretty well.
[19:19]
Maria Vermazes
Yeah.
[19:20]
Dave Bittner
One of the things that impressed me is this is not just a book
[19:24]
Maria Vermazes
about your own experience.
[19:25]
Dave Bittner
You've brought in some big names, some
[19:28]
Maria Vermazes
other heavy hitters, if you will, in this world.
[19:32]
Curtis Minder
Yeah, that was my attempt at addressing my imposter syndrome. Dave, I'm sure you have these moments in your career too, where you're like, why am I doing this? There's at least 10 people who are smarter than me. And so instead of just putting them in the acknowledgments, I decided to make a profile of some of the people that I admire or have helped this industry specifically or me, and do a profile on those individuals in the book.
[20:00]
Maria Vermazes
Well, let's go through some of the
[20:02]
Dave Bittner
main things that folks can expect to
[20:04]
Maria Vermazes
get out of this book.
[20:05]
Dave Bittner
Can you take us through some of the chapters that you're particularly fond of?
[20:11]
Curtis Minder
Yeah, I'll start with the OPSEC chapter, since that's the one that takes up the most space after doing this type of work for so long. One, we learn so much about how the bad guys operate, the threat actors operate. That's useful information. I'm obviously a target because of the work I do, and so I have to be very careful about my own operational security. And I also just in life recognize how often people are doing this wrong. Not, not maliciously, just unintentionally doing this wrong or incorrectly. So I spent a lot of time walking through. Again, I like to always give a good why this is important. But then here are some basic things that you should know if you're an analyst and you're doing this kind of work. Here are the things that you should be aware of. If you're just a person who's a high profile individual. Here are Some things that you need to take into account. So I spent a lot of time on that chapter. I think the chapter on the ransomware negotiation is one of the more eye opening for the average person because I walk through actual cases, I talk about who these bad guys are and why they're doing what they're doing. And they operate a lot like a business themselves and how that works and the inner workings of all that. So I think that's one of the more entertaining chapters, for sure.
[21:25]
Dave Bittner
Well, I'd be remiss to not get
[21:28]
Maria Vermazes
your take on AI and where we find ourselves with this revolution.
[21:33]
Curtis Minder
Yeah. At the last couple chapters, I talk a little bit about the current landscape in AI and we are seeing the threat actors utilizing AI in some ways, they're mirroring the way the broader market is doing that. So the initial sort of evidence that we saw threat actors using AI maliciously was as simple as sort of content creation and things like that. That's what we started with making cats break dance or whatever we were doing. They're doing that, but they're doing it for phishing emails. Right. And so then they've then stepped that up and we've even had a couple cases where we believe they were using AI in the negotiations. Obviously, the Mythos thing is pretty big now, and I think we will be seeing evidence of that in the wild if it's not already out there. So it's definitely like everywhere else in the world, in every profession, the AI is making a major impact.
[22:24]
Maria Vermazes
Who's your target audience here for the book?
[22:27]
Curtis Minder
It's broad, but I would say that when I think of a reader Persona while I'm writing, a lot of times it's just security or board level leadership at a company. So CISOs and or their peers at the board level. And I do a fair amount of board advisory work now after exiting my last company. That's mostly what I'm spending my time on is book signings and board advisory work. And I recognize the gas these people don't have enough context to make good decisions. And so I tried to write the book to help with that.
[23:02]
Dave Bittner
From a big picture point of view, what do you hope people come away
[23:05]
Maria Vermazes
from reading the book?
[23:06]
Curtis Minder
Better awareness of the risk and just improve cyber hygiene, which I talk about in the book is something that I believe is almost like a civic responsibility. And I talk about that in all my public speaking as well.
[23:21]
Dave Bittner
And the title of Curtis Minder's new
[23:23]
Maria Vermazes
book is Cyber My Life in Cyber Espionage and Ransomware Negotiations.
[23:40]
Microsoft Advertiser
Study and Play Come Together on a Windows 11 PC and for a limited time, college students get the best of both worlds. Get the Unreal College Deal everything you need to study and play with select Windows 11 PCs. Eligible students get a year of Microsoft 365 Premium and a year of Xbox Game Pass ultimate with a custom color Xbox wireless controller. Learn more@windows.com studentoffer while supplies last ends June 30 terms@akams.collegepc when you need to
[24:11]
Indeed Representative
build up your team to handle the growing chaos at work, use Indeed Sponsored Jobs. It gives your job post the boost it needs to be seen and helps reach people with the right skills, certifications, and more. Spend less time searching and more time actually interviewing candidates who check all your boxes. Listeners of this show will get a $75 sponsored job credit at indeed.com podcast that's indeed.com podcast terms and conditions apply. Need a hiring hero? This is a job for Indeed Sponsored Jobs.
[24:46]
Dave Bittner
And finally, Google's new AI Heavy search
[24:50]
Maria Vermazes
experience has apparently found an innovative way to redefine the word disregard by disregarding the actual search result. Users searching the single word disregard this week were greeted with a large, mostly empty AI generated response that pushed the useful Merriam Webster definition well below the fold. The issue surfaced shortly after Google rolled out a redesigned search interface that prioritizes AI summaries over traditional web links. Critics online pointed to the example as evidence that the system may not handle simple edge cases particularly well. In an unexpected twist for longtime tech reporters, Microsoft's Bing reportedly delivered the more useful result, a sentence that may have caused several search engineers to quietly stare into the middle distance.
[25:47]
Dave Bittner
The episode highlights ongoing concerns that AI
[25:50]
Maria Vermazes
generated search features can sometimes add complexity where users simply wanted an answer.
[26:10]
Dave Bittner
And that's the cyberwire. For links to all of today's stories,
[26:13]
Maria Vermazes
check out our daily briefing@thecyberwire.com don't forget
[26:17]
Dave Bittner
to check out the Grumpy Old Geeks podcast, where I contributed to a regular segment on Jason and Brian Show.
[26:22]
Maria Vermazes
Every week you can find Grumpy Old Geeks, where all the fine podcasts are listed.
[26:28]
Dave Bittner
We'd love to know what you think of this podcast.
[26:30]
Maria Vermazes
Your feedback ensures we deliver the insights
[26:33]
Dave Bittner
that keep you a step ahead in
[26:34]
Maria Vermazes
the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app.
[26:41]
Dave Bittner
Please also fill out the survey in
[26:43]
Maria Vermazes
the show notes or send an email to cyberwirentune. N2K's lead producer is Liz Stokes were mixed by Trey Hester with original music and sound design by Elliot Peltzman. Our contributing host is Maria Vermazes.
[26:58]
Dave Bittner
Our executive producer is Jennifer Ivan.
[27:00]
Maria Vermazes
Peter Kilpie is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. Foreign.
[27:23]
Ryan Reynolds
Ryan Reynolds here from Mint Mobile. I don't know if you knew this, but anyone can get the same Premium Wireless for $15 a month plan that I've been enjoying. It's not just for celebrities. So do like I did and have one of your assistant's assistants switch you to Mint Mobile today. I'm told it's super easy to do@mintmobile.com
[27:40]
Mint Mobile Announcer
Switch upfront payment of $45 for 3 month plan equivalent to $15 per month required intro rate first 3 months only, then full price plan options available, taxes and fees extra. See full terms@mintmobile.com.