A softer touch on cyber. - CyberWire Daily

Summary7 min read

CyberWire Daily — “A softer touch on cyber.”

Date: February 4, 2026
Host: Dave Bittner, N2K Networks
Featured Guest: Zach Edwards, Senior Threat Researcher at Silent Push

Episode Overview

This episode focuses on evolving approaches in U.S. cybersecurity policy, high-profile cyber threats against telecoms and critical infrastructure, and a deep-dive interview with researcher Zach Edwards on bulletproof hosting and its continued challenge for law enforcement globally. Other major stories include new zero-day exploitations, campaigns against Citrix Netscaler, critical risks in SolarWinds, and a data breach “encore” for the Police Service of Northern Ireland.

Key Discussion Points & Insights

1. White House Prepares Overhaul of U.S. Cybersecurity Policy

Main Theme: The Trump administration, under National Cyber Director Harry Coker Jr., signals a move toward private sector collaboration over strict mandates.
- Focus on eliminating overlapping federal requirements.
- Enhanced legal protections for companies sharing threat intelligence.
- Prioritizing cross-sector coordination and building the cyber workforce.
Insightful Quote:
“Coker has signaled a shift away from top down mandates toward a more bottom up approach, actively soliciting industry input on which rules create friction without improving outcomes.” (02:33)
Timestamps:
- [00:57] — Policy overhaul framing.
- [01:18] — Focus on private sector collaboration.

2. Federal Regulatory Rollbacks and Security Risks

Story: Removal of officials from Commerce’s Bureau of Industry and Security (ICTS office).
- Linked to weakening of national technology supply chain defenses.
- ICTS originally created to block high-risk foreign tech (e.g., Kaspersky, foreign vehicles).
- Critics worry about lasting negative consequences.
Notable Quote:
“Critics argue that recent personnel moves, combined with cuts across agencies like CISA and regulatory reversals collectively undermine U.S. efforts to counter escalating cyber and supply chain threats with damage that may be difficult to reverse.” (03:45)
Timestamps:
- [03:10] — Personnel changes context.
- [04:00] — Broader implications.

3. Congress Scrutinizes Telecoms After Salt Typhoon Breach

Summary: Senator Maria Cantwell urges hearings with AT&T and Verizon after Chinese APT ‘Salt Typhoon’ breached U.S. telecom networks.
- Calls for transparency, accountability, and answers about public safety for Americans’ data.
- DHS review board investigation was dropped; Trump administration rescinded new FCC rules.
Memorable Quote:
“Cantwell argues telecoms have taken minimal action due to cost concerns and says executives must testify to restore public confidence.” (05:47)
Timestamps:
- [04:55] — Lawmaker actions.

4. Active Exploitation of React Native Metro’s ‘Metro for Shell’ Vulnerability

Story: Attackers actively exploiting a vulnerability allowing remote code execution on exposed developer servers.
- Discovered by JFrog, observed in the wild by VulnCheck.
- Persisting with ~3,500 exposed servers even after patches released.
Timestamps:
- [06:43] — Vulnerability description and risk.

5. Amaranth Dragon Espionage: Advanced Chinese APT Tactics

Highlights: Checkpoint researchers identify ‘Amaranth Dragon’ (linked to APT41) exploiting WinRAR flaw, heavily targeting SE Asian governments.
- Uses custom malware loaders, geofenced lures, and Telegram-based RAT.
- Urgent need for WinRAR patching.
Timestamps:
- [07:42] — Threat actor and tradecraft.
- [08:40] — Implications and recommended defenses.

6. Citrix Netscaler Under Coordinated Reconnaissance

Findings: GrayNoise reports 63,000+ residential proxies scanning for login panels and software versions—prelude to possible exploitation of known Citrix flaws.
Timestamps:
- [09:20] — Pattern and risks.

7. Critical SolarWinds Web Help Desk Flaw

Update: CISA adds SolarWinds remote code execution bug to its High Exploitation List; agencies must remediate within three days.
Timestamps:
- [10:07] — Official response and urgency.

In-Depth Interview: Zach Edwards on Bulletproof Hosting

(13:02 – 25:29)

Who is Zach Edwards?

Senior Threat Researcher at Silent Push.
Focused on Internet infrastructure, mapping malicious networks, and threat feeds.

What is Bulletproof Hosting (BPH)?

Definition: Hosting providers that intentionally ignore abuse complaints about malicious activity (phishing, malware, fraud, CSAM, etc.).
- Originated with the Russian Business Network in mid-2000s.
- Now operates in numerous geopolitical “safe havens” worldwide (Russia, HK, UK, Wyoming, etc.).
Quote:
“A bulletproof hosting company... ignores legitimate abuse complaints. So when a cybersecurity company identifies a domain that's promoting malware or phishing infrastructure, they may send in abuse complaints...and try and get that infrastructure taken offline. When you do that with a Cloudflare or Google...they take action. But a bulletproof hosting company...that complaint just goes right into the dumpster.” —Zach Edwards, (14:23)

Why Do BPHs Persist?

Geography: Operate in places where international cyber laws are weak or unenforced.
- In Russia: US DMCA takedown requests have no authority.
- Increasingly global (over 100 Autonomous System Numbers (ASNs) tracked as BPH).
Quote: “They're everywhere. We're tracking over a hundred ASNs that are operating as bulletproof hosts...legally registered in the UK, some are legally registered in Wyoming.” —Zach Edwards, (16:55)

How Do BPHs Stay Online?

Peering Relationships:
- BPHs “peer” with other networks to achieve Internet connectivity.
- Often only demonstrate a handful of peering agreements, sometimes with other shady or low-quality hosts.
Tactic: Law enforcement targets peering partners in more robust jurisdictions for sanctions rather than the unreachable BPH.
Example:
“It was a really savvy way to try and disconnect that BPH from the Internet.” —Edwards on sanctions against BPHs via their UK peering partners (20:59)

Are Law Enforcement Actions Effective?

“Whack a Mole” Problem:
- When a BPH is disrupted, clients quickly move to another provider.
- Success stories: Dutch raid on Crazy RDP was “gold standard” for direct action.
- Financial sanctions increasingly used for indirect disruption—e.g., against Medialand, Hypercore, Funnel CDN (linked to $200M in fraudulent investments/losses).
Quote:
“But the second-best option really is still those financial sanctions... All of those clients immediately lose their infrastructure and it really creates chaos for them.” —Edwards, (22:24)

What Can Defenders Do?

Top-5 Threat Priority:
- Over 100 known BPH ASNs, almost everything hosted is malicious.
- Defenders should at least alert, if not outright block, traffic to/from these ASNs.
- Knowledge and visibility are key to not becoming a victim of “threat actors’ favorite tools.”
Quote:
“We urge people to know what the bphs are, to have a defense strategy, and at the very least be alerting on connections from those BPH hosts.” —Edwards, (24:08)

Data Privacy Fumble: Police Service of Northern Ireland

Incident: Officers’ names re-disclosed briefly on court website after a major breach in 2023.
Reactions:
- Described as “avoid-able and embarrassing.”
- Politicians warn of heightened anxiety; officers considering further compensation, likening it to a bad “subscription service.”
Quote:
“In Northern Ireland's data handling saga, even mistakes appear to be compounding and possibly accruing interest.” (26:46)
Timestamps:
- [26:46] — Data breach update and commentary.

Notable Quotes & Memorable Moments

On the interconnectedness of the Internet:
“The Internet is a series of tubes.” —Zach Edwards, referencing Sen. Ted Stevens, (18:21)
On BPH global expansion:
“Now, two decades or so since the start of this problem, they're everywhere.” —Zach Edwards, (16:37)
On law enforcement effectiveness:
“It is absolutely true that whack a mole would be the simplest way to describe them...” —Zach Edwards, (21:35)
On evidence-based threat defense:
“If we aren't approaching [BPH] as though it's a threat that every threat actor loves to use…you’re going to be attacked by a lot of stuff you don’t have defenses for.” —Zach Edwards, (24:05)

Important Segment Timestamps

White House cyber policy analysis: [00:57]–[03:10]
Commerce/ICTS regulatory rollback: [03:10]–[04:00]
Telecom APT breach Congressional inquiry: [04:55]–[05:47]
Metro for Shell exploit: [06:43]–[07:41]
Amaranth Dragon threat actor: [07:42]–[09:17]
Citrix Netscaler reconnaissance: [09:20]–[10:06]
SolarWinds exploitation update: [10:07]–[11:13]
Interview: Zach Edwards (start): [13:02]
Defining bulletproof hosting: [13:31]–[14:23]
Law enforcement and sanctions discussion: [17:50]–[22:24]
Defensive recommendations: [23:59]–[25:29]
Police Service of Northern Ireland breach: [26:46]–[28:10]

Summary

This episode delivers a nuanced snapshot of today’s cybersecurity landscape: federal policy is shifting to foster more collaboration and less counterproductive regulation, even as some security agencies face cuts that worry industry experts. Meanwhile, major infrastructure and platforms face ongoing threats from advanced attackers, and the law enforcement “whack a mole” with bulletproof hosting remains a global challenge. The expert interview with Zach Edwards provides a practical lens on how defenders can proactively counter one of the most persistent enablers of cybercrime: bulletproof hosting providers and their web of complicit networks.

Listeners come away with both a big-picture understanding of evolving cybersecurity policy and ground-level details about current threats and pragmatic defenses.

Loading summary

Transcript18 lines

[00:02]
A
You're listening to the Cyberwire Network, powered by N2K.
[00:15]
B
Most security conferences talk about Zero Trust Zero Trust World puts you inside this is a hands on cybersecurity event designed for practitioners who want real skills, not just theory. You'll take part in live hacking labs where you'll attack real environments, see how modern threats actually work, and learn how to stop them before they turn into incidents. But Zero Trust World is more than labs. You'll also experience expert led sessions, practical case studies, and technical deep dives focused on real world implementation. Whether you're blue team, red team, or responsible for securing an entire organization, the content is built to be immediately useful. You'll earn CPE credits, connect with peers across the industry and leave with strategies you can put into action right away. Join us March 4th through the 6th in Orlando, Florida. Register now@ZTW.com and take your Zero Trust strategy from theory to execution. The White House preps a major overhaul of US Cybersecurity policy A key Commerce Security office loses staff as regulatory guardrails weaken lawmakers press AT&T and Verizon after months of silence on Salt typhoon vulnerability in the REACT native Metro development server is under active exploitation. Amaranth Dragon leverages a Winrar flaw. A coordinated reconnaissance campaign targets Citrix Netscaler infrastructure. CISL warns a SolarWinds web help desk flaws under active exploitation. Our guest is Zach Edwards, Senior Threat Research researcher at Silent Push, discussing a hole in the kill chain leaving law enforcement empty handed and cops in Northern Ireland get an unwanted data breach encore. It's Wednesday, February 4th, 2026. I'm Dave Bittner and this is your Cyberwire Intel Brief. Thanks for joining us here today. It's great as always to have you with us. The Trump administration is preparing a major overhaul of U.S. cybersecurity policy led by National Cyber Director Harry Coker Jr. With a strong emphasis on private sector collaboration and regulatory reform. The forthcoming National Cybersecurity Strategy aims to reduce overlapping and contradictory federal requirements that industry leaders say divert resources from real security improvements. Coker has signaled a shift away from top down mandates toward a more bottom up approach, actively soliciting industry input on which rules create friction without improving outcomes. The strategy is also expected to modernize threat intelligence sharing by strengthening legal protections for companies that disclose cyber incidents, addressing long standing fears of liability and regulatory retaliation. Cross sector coordination will be prioritized to reflect how modern cyberattacks cascade across industries, while longer term goals include expanding the cybersecurity workforce and investing in emerging technologies like AI. Despite the ambitious vision, success will hinge on sustained funding, cultural change within government, and rebuilding trust with a private sector wary of past unfulfilled promises. The Wall Street Journal reports that the Trump administration has removed two senior officials from the Commerce Department's Bureau of Industry and Security, specifically within its Office of Information and Communications Technology and Services. While little known publicly, ICTS plays a critical role in protecting US Technology supply chains from foreign adversary influence. Its sidelining is portrayed as part of a broader rollback since January of last year that has weakened federal technology and national security oversight through staffing cuts and reduced regulatory enforcement. Created under Donald Trump's 2019 executive order, ICTS was designed to block or restrict high risk tied to countries like China and Russia. It has acted only twice, including bans on Kaspersky software and certain connected vehicles. Critics argue that recent personnel moves, combined with cuts across agencies like CISA and regulatory reversals collectively undermine U.S. efforts to counter escalating cyber and supply chain threats with damage that may be difficult to reverse. Senator Maria Cantwell, the top Democrat on the Senate committee overseeing telecommunications, is calling for public hearings with the CEOs of AT&T and Verizon following revelations that the Chinese linked hacking group Salt Typhoon infiltrated US Telecom networks. In a letter to committee chair Ted Cruz, Cantwell said both companies have refused to provide documentation supporting claims their networks are now secure, raising concerns about ongoing risks to Americans communications. The intrusions exposed sensitive data tied to U.S. officials. Yet congressional action and regulatory oversight have largely stalled. An investigation by the Department of Homeland Security's Cybersafety Review Board was terminated, and emergency FCC rules issued late in the Biden administration to hold telecoms accountable were rescinded by the Trump administration. Cantwell argues telecoms have taken minimal action due to cost concerns and says executives must testify to restore public confidence. Researchers warn that attackers are actively exploiting the vulnerability, dubbed Metro for Shell in the React native Metro development server to compromise developer Systems. Discovered by JFrog, the flaw allows remote code execution via an exposed open URL endpoint. Volncheck observed real world exploitation delivering Windows and Linux payloads that disable defenses and Fetch malware. Roughly 3,500 exposed Metro servers remain online despite available fixes and ongoing attacks. Researchers at Checkpoint report that a newly identified threat actor, Amaranth Dragon, linked to state sponsored Chinese operations associated with APT41 is exploiting a vulnerability in espionage campaigns. The attacks targeted government and law enforcement organizations across Southeast Asia, including Singapore, Thailand and the Philippines. Amaranth Dragon leveraged the winrar flaw to achieve persistence by planting malicious files in Windows startup folders, later deploying a custom Amaranth loader to fetch encrypted payloads from cloudflare protected command and control servers. Campaigns were tightly geofenced and used region specific lures. More recent attacks delivered a new Telegram based remote access tool, TGAMouranth RAT researchers warn the activity shows high technical maturity and urge organizations to upgrade WinRAR to patched versions. Researchers at Gray Noise report a coordinated reconnaissance campaign targeting Citrix Netscaler infrastructure between January 28 and February 2. The activity used more than 63,000 IP addresses, largely residential proxies, to identify exposed login panels and enumerate product versions. Graynoise says the behavior indicates pre exploitation mapping rather than random scanning, but potentially tied to exploit development. The campaign follows recent critical Citrix flaws, raising concerns of imminent follow on attacks. CISA warns that attackers are actively exploiting a critical remote code execution flaw in SolarWinds web help desk. The unauthenticated deserialization bug was patched last week, but CISA has now added it to the known exploited vulnerabilities catalog ordering federal agencies to remediate within three days. The move confirms in the wild exploitation and highlights continued risk to unpatched Solar winds deployments. Coming up after the break, Zach Edwards from Silent Push discusses a hole in the kill chain, leaving law enforcement empty handed and cops in Northern Ireland get an unwanted data breach. Encore Stay with us. Ever wished you could rebuild your network from scratch to make it more secure, scalable and simple? Meet Meter, the company reimagining enterprise networking from the ground up. Meter builds full stack zero trust networks including hardware, firmware and software, all designed to work seamlessly together. The result? Fast, reliable and secure connectivity without the constant patching, vendor juggling or hidden costs. From wired and wireless to routing, switching, firewalls, DNS security and vpn, every layer is integrated and continuously protected in one unified plat. And since it's delivered as one predictable monthly service, you skip the heavy capital costs and endless upgrade cycles. Meter even buys back your old infrastructure to make switching effortless, transform complexity into simplicity, and give your team time to focus on what really matters, helping your business and customers thrive. Learn more and book your demo@meter.com cyberwire that's M E T E R.com cyberwire. If securing your network feels harder than it should be, you're not imagining it. Modern businesses need strong protection, but they don't always have the time, staff or patience for complex setups. That's where Nordlayer Comes in. Nordlayer is a toggle ready network security platform built for businesses. It brings VPN access control and threat protection together in one place. No hardware, no complicated configuration. You can deploy it in minutes and be up and running in less than 10. It's built on zero trust principles so only the right people can get access to the right resources. It works across all major platforms scales easily as your teams grow and and integrates with what you already use. And now Nordlayer goes even further through its partnership with CrowdStrike combining NordLayer's network security with Falcon Endpoint protection for small and mid sized businesses. Enterprise grade security made manageable. Try Nordlayer risk free and get up to 22% off yearly plans plus an extra 10% with the code CYBERWIRE10. Visit nordlayer.com cyberwire daily to learn more. Zach Edwards is senior threat researcher at Silent Push. I recently got together with him to discuss a hole in the kill chain that leaves law enforcement empty handed.
[13:03]
C
Yeah, thank you so much. Our team at Silent Push has been looking at different ways to classify the Internet since we were founded. We are essentially a company that scans the Internet and we are creating feeds of known bad infrastructure for our clients. So pretty much an early thing that we were looking at was malicious ASN ranges, bulletproof hosts. And how could we classify large groups of the infrastructure as bad?
[13:31]
B
Well, define for us what exactly bulletproof hosting entails today.
[13:39]
C
Yeah, that's a good question. Bulletproof posting is a practice that's been around for about two decades, and it really was a term created to describe the Russian business network, which was essentially a malicious hosting company based out of Moscow around 2006. And they were essentially hosting anything bad they could possibly find from malware, phishing, financial fraud, csam, and pretty much everything bad on the Internet that some criminal wanted to host. They were open to hosting it. And so when that sort of came about, a lot of folks were trying to figure out, what is this? How do we talk about this? And so we sort of came up with the idea of a bulletproof host, or rather the industry did. And it really is a hosting company that ignores legitimate abuse complaints. So when a cybersecurity company identifies a domain that's promoting malware or phishing infrastructure, they may send in abuse complaints to that hosting company or the registrar that registered the domain and try and get that infrastructure taken offline. And when you do that with a cloudflare or Google or Microsoft or any of the major hosting companies, they absolutely review those requests and they take action when something is malicious But a bulletproof hosting company, you may send that in to some email address they have, and really that complaint just kind of goes right into the dumpster. They explicitly say they're going to ignore entire categories of abuse and threat. Actors love that.
[15:19]
B
And is it the fact that, as you mentioned, most of these folks are operating out of Russia? Does the government simply turn a blind eye?
[15:28]
C
Yeah, that's. The geography of where these bphs are hosted is really interesting. They are typically and historically have been in jurisdictions which essentially ignore international laws, which they don't have within that country. So Russia has very specific legal frameworks. And so if there's a basically a hosting company that's violating the laws in the United States, that hosting company isn't technically under the same pressure in Russia, whereas many other countries, let's say Europe, Latin America, Africa, African countries, there's a lot of places where they play ball where it may not be their law, but let's say someone is violating a US Law, like the dmca, the Digital Millennium Copyright Act. That's sort of the classic law that was used to take down sport, illicit sports streaming, illicit movie and TV show streaming, and that's the. The basis of torrenting. And there's many bphs that love to have this type of illicit streaming because it's, quote, not illegal in their home country. And so they're essentially just ignoring certain U.S. laws. And that is sort of the modus operandi where a BPH is ignoring laws from other countries. And they're based in specific jurisdictions where they usually aren't worried about law enforcement raiding them or holding them accountable to foreign laws. And so for decades, it really, the first decade or so, it was primarily in Russia where we were seeing these. But now, two decades or so since the start of this problem, they're everywhere. We're tracking over a hundred ASNs that are operating as bulletproof hosts. And while many are located in Russia, they're located in Hong Kong, other places in Asia. Some of these are legally registered in the uk, Some are legally registered in Wyoming. There's a whole different ecosystem now.
[17:41]
B
So looking at the research here, what are some of the things that you hope people take away from it that maybe they don't know about? Bulletproof hosts.
[17:51]
C
Yeah. So we think it's really important for everyone to be not only trying to understand what is a bulletproof host, what are the crimes that they support, who are their criminal clients, but also how are they getting online. And so we have a lot of details in our report about peering. And without getting too in the weeds on the technical details. The Internet is a series of tubes. And a famous former senator from Alaska, Ted Stevens, said that many years ago and a lot of people were critical of that. But it is actually a really simple way to think about it. Where the Internet is broken up by ASNs and autonomous system numbers, they essentially are where IP addresses are associated. And so an organization like Cloudflare, Google, Microsoft, they have an ASN number or maybe even a couple ASN numbers, and they could have tens of thousands or hundreds of thousands of IPs they map to it. And then in order for people to be able to connect to their websites, they basically need to connect their ASN up to other ASNs. And so imagine I'm a Cox Communication ISP user and I want to connect to infrastructure on Cloudflare. That Cox ASN needs to have a peering relationship in some way that connects to cloudflare. And so someone like a Cloudflare or these other enterprise hosts typically have hundreds of peers, or thousands even. But the bulletproof hosting providers may only have one or two peers. And what this means in practice is that really suspicious hosting company that's operated out of the basement of someone's house, they maybe rented some infrastructure, they've been able to get an asn, but no one can connect to their infrastructure. They're just sitting off alone. The Internet doesn't connect to them because they have no peers. They can start reaching out to other bulletproof hosting companies, other low quality hosting companies and say, hey, will you peer your ASN to my ASN so that everyone in the world can connect to us? And so when you start to investigate a bph, you can see who they're basically working with, how those data flows between their malicious host and the rest of the Internet work. And we can start to hold these peering partners accountable. And there was a really interesting law enforcement action just last month against Media Land and hypercorp. And these are basically BPH operators that were financially sanctioned in the us, the UK and Australia. But what's really important about it is these are basically Russian bulletproof hosts. We are not going to be able to raid their facilities, we're not going to be able to seize the servers. But they took this opportunity to issue the financial sanctions because the primary peer for those, those bulletproof hosts is an ISP located in the uk. And so by having those financial sanctions, they could then go to that peer in the UK and say, hey, one of your partners actually is completely doing illegal stuff and there's now financial sanctions so that if you continue to do business with them, you're going to be held accountable for all of these sanctions frameworks and potentially face fines or other ramifications. And so it was a really savvy way to try and disconnect that BPH from the Internet.
[21:28]
B
Are law enforcement efforts like that effective? I mean, you know, we always. It was that old chestnut about this being a game of whack a mole.
[21:36]
C
Yeah, that's absolutely the case. And, and with BPH operators, it is absolutely true that whack a mole would be the simplest way to describe them where when there is a takedown, their clients may all run to another BPH. The IPs that were rented at that BPH may suddenly show up somewhere else. And we see that basically every month there's law enforcement actions happening that are quite public and others somewhat more behind the scenes. But in just the last couple of years, there's been a dramatic increase in law enforcement actions against BPH providers, and we should all be really encouraged by that. Where in November, Dutch authorities literally raided one bulletproof hosting provider named Crazy RDP and seized the servers. And that's really the gold standard where when law enforcement is able to physically locate the bulletproof hosting operator and has jurisdiction to go into that location, then that shuts down the operation. All of those clients immediately lose their infrastructure and it really creates chaos for them. But the second best option really is still that those financial sanctions. And we've seen quite a few financial sanctions being issued, not only Medialand and Hypercore. The Funnel CDN out of China was sanctioned in May 2025 by US authorities. And the Funnel CDN is a very interesting threat actor hosting company because they've been hosting investment scam websites that have resulted in more losses than any other network that exists with US victims losing over $200 million through just this one bulletproof hosting provider. And so we're at a place where the losses are significant with some of the infrastructure that can be hosted on a bulletproof host. And they're clearly those threat actors that host on them. Target a lot of those malicious sites to us.
[23:44]
B
Folks, for the defenders who are in our audience here, what, what, where should bulletproof hosting be on their spectrum of awareness? How important a thing is this to. To keep an eye on?
[24:00]
C
Yeah, I would say it's, it's easily in the top five for all priorities. And the way we sort of advise our clients, there's over a hundred BPHS and 99.99% of the stuff on those is malicious. It could be malware, could be C2 hosting, could be phishing infrastructure, financial fraud, CSAM, all types of horrible things. And the reality of that is that if we aren't approaching it as though it's a threat, that every threat actor loves to use, a tool set that every threat actor loves to use, then you're going to be attacked by a lot of stuff that you don't have defenses for. And so we urge people to know what the bphs are, to have a defense strategy, and at the very least be alerting on connections from those BPH hosts. And we know many of our clients and many folks in the industry actually block outright block connections from bphs. And that's absolutely also a good strategy. But at the bare minimum, folks need to have knowledge of what these ASNs are and have a process that allows them to alert when any domains that are mapped to an IP on one of those bphs somehow either connects to their infrastructure or one of their users reaches out and has their device reaching out to one of those hosts.
[25:29]
B
That's Zach Edwards from Silent Push. We have a link to his team's research in the show. Notes.
[25:46]
C
The world moves fast. Your workday even faster Pitching products, drafting reports, analyzing data Microsoft 3365 Copilot is your AI assistant for work built into Word, Excel, PowerPoint, and other Microsoft 365 apps you use, helping you quickly write, analyze, create and summarize so you can cut through clutter and clear a path to your best work. Learn more@Microsoft.com M365Copilot this episode is brought.
[26:16]
A
To you by Indeed. Stop waiting around for the perfect candidate. Instead, use Indeed Indeed sponsored jobs to find the right people with the right skills fast. It's a simple way to make sure your listing is the first candidate C According to Indeed data, sponsored jobs have four times more applicants than non sponsored jobs. So go build your dream team today with Indeed. Get a $75 sponsored job credit@ Indeed.com podcast. Terms and conditions apply.
[26:47]
B
And finally, for some Police Service of Northern Ireland officers, a 2023 data breach is starting to look less like a one off disaster and more like an unwanted subscription service. After their names were mistakenly exposed last year, dozens of those same officers briefly reappeared this week on the NI Court's website. Their Department of Justice says the listings were promptly removed and emphasized that court information is usually public unless lawyers ask otherwise, a policy that works best when nobody is already living through a privacy nightmare. Police Federation Chair Liam Kelly called the episode avoidable and embarrassing, while politicians warned of renewed anxiety for officers and families. The timing, however, has not gone unnoticed. These same officers are still pursuing compensation over the original breach, and some are now openly wondering whether this latest slip up might qualify as a sequel. That possibility lands just as the Police Federation for Northern Ireland welcomed a 7,500 pounds compensation offer for the thousands affected in 2023. In Northern Ireland's data handling saga, even mistakes appear to be compounding and possibly accruing interest. And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapid way changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music by Elliot Peltzman. Our executive producer is Jennifer Ibin. Peter Kilby is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. If you only attend one cybersecurity conference this year, make it RSAC 2026. It's happening March 23rd through the 26th in San Francisco, bringing together the global security community for four days of expert insights, hands on learning and real innovation. I'll say this plainly, I never miss this conference. The ideas and conversations stay with me all year. Join thousands of practitioners and leaders tackling today's toughest challenges and shaping what comes next. Register today@rsaconference.com cyberwire26. I'll see you in San Francisco.
[30:17]
A
Wanna see your brand on tv? Roku Ads Manager makes it easy to launch targeted ad campaigns in minutes, track results in real time, and drive on screen purchases with just a click of the Roku remote. Get a $500 match on your first $500 spent with code ROKU500@ads.roku.com that's code ROKU500@ads roku.com Terms apply.