A spyware swiss army knife. - CyberWire Daily

Summary6 min read

CyberWire Daily — "A Spyware Swiss Army Knife"

Date: February 10, 2026
Host: Dave Bittner, N2K Networks
Main Theme:
This episode covers a surge of sophisticated cyber threats — from versatile mobile spyware (“Zero Day Rat”), attacks on critical infrastructure, and evolving malware, to the challenges of artificial intelligence (AI) safety in large language models (LLMs). It also features a prominent interview with Omer Akgul, RSA Conference researcher, about measuring LLM truthfulness and consistency, and recaps a notable legal case involving pen testers.

Key News Highlights & Analysis

1. Zero Day RAT: The Mobile Spyware ‘Swiss Army Knife’

[02:25]

New Mobile Spyware: "Zero Day RAT" is a commercial spyware toolkit that can fully compromise both Android and iOS devices.
- First observed on February 2, 2026, and analyzed by Iverify.
- Sold via Telegram; comparable to nation-state level tools.
- Requires infection via malicious binary delivery (phishing, trojanized apps, social engineering).
- Features include:
  - Passive Surveillance: Device profiling, app usage, account details, messages, precise location tracking.
  - Active Surveillance: Camera, mic, screen recording, keylogging.
  - Financial Theft: Clipboard-based cryptocurrency theft and banking credential harvesting.
Attribution Challenges:
- Detection is difficult due to obfuscation.
- Infrastructure is decentralized, complicating takedown attempts.

2. Cyber Threats to UK Critical Infrastructure

[05:08]

UK National Cyber Security Centre (NCSC) Alert: Infrastructure operators are warned to act immediately against "severe cyber threats," following coordinated malware attacks on Polish energy infrastructure in December.
- Jonathan Ellison, Director for National Resilience, stresses improved threat monitoring and hardened defenses via patching, MFA, and “Secure by Design” practices.
- NCSC sees such attacks as "realistic and potentially disruptive to everyday services."

3. Russia’s Escalating Censorship

[07:04]

Increasing Telegram Restriction: Russia's communications regulator is further throttling Telegram, promoting a state-run "super app" (Max) and blocking Western platforms (Facebook, Instagram, X, YouTube).

4. FTC Warning on Foreign Data Sales

[07:56]

FTC Enforcement: 13 data brokers warned under the PADFA law (Protecting Americans Data from Foreign Adversaries Act of 2024).
- Prohibits sale of sensitive US data (health, financial, biometric, geolocation, government IDs, military status) to adversarial nations (China, Russia, Iran, North Korea).
- Enforcement includes civil penalties of up to $53,000 per violation.

5. Stealthy “Deadvax” Malware Campaign

[09:01]

Novel Attack Techniques:
- Starts with spearphishing and VHD files on IPFS to bypass filters.
- Uses highly obfuscated scripts and memory-only execution, deploying AsyncRAT encrypted within Microsoft processes.
- Fileless execution and extreme obfuscation make detection and response challenging.

6. Old-School Linux Botnet Revival

[10:17]

New “Stalker” Botnet: Discovery of a Linux botnet using 2009-era tools (IRC bots, old kernel exploits, etc.).
- Estimated 7,000 infected mostly legacy Linux systems.
- Tactics and artifacts resemble older Romanian-linked groups, but may be copycat activity.

7. Critical Remote Support Vulnerability

[11:19]

BeyondTrust RCE Flaw: CVSS 9.9 vulnerability in BeyondTrust remote support tools.
- ~8,500 exposed instances.
- No exploitation yet, but prior targeting by state-linked groups.
- Urgency in patching highlighted.

8. AI Safety: Is the US Moving Too Fast?

[12:17]

Shift in AI Policy:
- New Administration prioritizes rapid innovation over strict regulation.
- Experts warn about risks of weak oversight and poor governance.
- Camille Stewart Gloucester: "Weak oversight can create real harm," referencing cases of disruptive, uncontrollable AI agents.
- Michael Daniel warns that lax US rules may hinder American firms abroad, especially in Europe.
- Mark Kelly: “Stronger safeguards could strengthen U.S. competitiveness.”
AI Model Alignment Concern:
- Microsoft CTO Mark Russinovich's team showed that one unlabeled prompt can dismantle LLM safety controls.
- This flaw, “GRP obliteration,” means AI safety alignments can be fragile and open to sleeper backdoors.

Feature Interview: Omer Akgul (RSA Conference)

Topic: LLM Consistency Metrics in Cybersecurity
Segment Start: [14:04]

Goals of the Research

Investigate if bounds can be placed on the truthfulness of large language models (LLMs).
Explore how to measure LLM “consistency” as a proxy for accuracy and reliability.

Key Discussion Points

On LLM Hallucinations:

"They say stuff, but it’s pretty hard to fact check what they’re saying. They’re pretty confident in what they’re saying. And so they lie all the time. They call these things hallucinations."
— Omer Akgul [14:07]
Consistency Defined:

"How likely is the model to produce the same output given a prompt? So say I ask it, tell me what two plus two is. How likely is it to say four each time? Or is it going to say something different?"
— Omer Akgul [15:19]
On Measuring Consistency:
- Automated metrics exist, but differ from human judgment.
- Example: Numeric “4” and written “four” — close for humans, possibly inconsistent via automation.
"Turns out [automated methods] aren’t... the same way that humans would compare answers and say these answers are consistent."
— Omer Akgul [16:20]
Core Findings:
- Automated consistency metrics often do not match human intuition.
- Combining different methods and calibrating with human intuition improves results.
"We noticed that flaw in prior work... We do find that if you combine a couple of these different methods and you calibrate it with human intuition... you can get pretty close to human numbers."
— Omer Akgul [17:31]
Human-in-the-Loop Calibration:
- Initial human ratings collected; an auxiliary model learns human intuitions to estimate consistency.
"You can’t have a consortium of humans rate the answers of models every time... So we try to distill it down a little bit."
— Omer Akgul [20:05]
Advice for Deploying LLMs in Critical Workflows:
- Always calibrate consistency metrics against real-world (human) performance.
- The level of calibration required depends on risk and deployment criticality.
"There needs to be some calibration going on to show that what your consistent metric is saying is what is actually going on in the real world."
— Omer Akgul [21:40]
Looking Forward:
- Hopes for standardization and wider adoption of robust consistency calibration as domain-specific needs arise.
"I certainly hope more people will pay attention to the flaws that we’ve discovered and the solutions we’ve proposed. To make this stuff more robust for real world deployment."
— Omer Akgul [23:40]

Notable Quotes & Memorable Moments

UK Cyber Threats:

"Operators must act now to strengthen cyber defenses and resilience."
— Jonathan Ellison, NCSC [05:26]
On Fast AI Innovation Risks:

"Weak oversight can create real harm... Poorly controlled AI agents disrupted customers and could not be easily shut down."
— Camille Stewart Gloucester [12:25]
On LLM Safety Research:

"A single unlabeled training prompt can dismantle safety controls in large language models."
— Microsoft CTO Mark Russinovich [13:44]
Pen Testers’ Legal Ordeal:

"Even authorized hacking can end in handcuffs. After years of litigation, the county settled days before trial... Sometimes testing defenses exposes a different vulnerability altogether."
— Host, re: Dallas County, Iowa case [25:40-26:12]

Feature Story: The Pen Tester Payout

[25:17]

In 2019, two pen testers (Gary DiMercurio, Justin Wynn) were hired to test a courthouse’s security in Iowa and ended up arrested despite written authorization.
Charges were dropped, but only after jail time and massive personal/professional stress.
Dallas County settled for $600,000; the case is a stark reminder of the legal risks even for authorized cybersecurity workers.

Key Segment Timestamps

Zero Day RAT Explainer: [02:25]
UK/NCSC Infrastructure Warning: [05:08]
Russia Censorship/Telegram: [07:04]
FTC Data Broker Warning: [07:56]
Deadvax Malware Tactics: [09:01]
Linux Stalker Botnet: [10:17]
BeyondTrust RCE Vulnerability: [11:19]
AI Safety Regulatory Debate: [12:17]
LLM Safety Alignment ("GRP obliteration"): [13:44]
Interview: Omer Akgul on LLM Consistency: [14:04]–[24:27]
Pen Tester Settlement Story: [25:17]

Summary

This episode illustrates the growing sophistication, reach, and diversity of cyber threats: from advanced mobile spyware to legal and policy dilemmas in cybersecurity and AI. The feature interview with Omer Akgul provides deep technical insight into the opaque problem of LLM consistency—crucial as AI becomes central in both offense and defense. The pen-tester legal saga underscores that even authorized actors can become ensnared in real-world system flaws and ambiguities. Listeners are left with a heightened awareness of the need for robust vigilance, nuanced AI safety practices, and ongoing dialogue between practitioners, regulators, and researchers in cybersecurity.

Loading summary

Transcript22 lines

[00:02]
Dave Bittner
You're listening to the Cyberwire network. Powered by n2k.
[00:12]
Interviewer / Host
Identity is a top attack vector. In our interview with Kavitha Mariapan from Rubrik, she breaks down why 90% of security leaders believe that identity based attacks are their biggest threat. Throughout this conversation we explore why recovery times are getting longer, not shorter, and what resiliency will look like in this AI driven world. If you're struggling to get a handle on identity risk, this is something you should tune into. Check out the full interview@thecyberwire.com Rubrik. Maybe that's an urgent message from your CEO, or maybe it's a deepfake trying to target your business. Doppel is the AI native social engineering defense platform fighting back against impersonation and manipulation. As attackers use AI to make their tactics more sophisticated, Doppel uses it to fight back from automatically dismantling cross channel attacks to building team resilience and more Doppel outpacing what's next in social engineering? Learn more@doppl.com that's.p p e l.com. Zero day RAT delivers full mobile compromise on Android and iOS the UK warns infrastructure operators to act now as severe cyber threats mount. Russia moves to block Telegram and the FTC draws a line on data sales to foreign adversaries. Researchers unpack deadvax, a stealthy new malware campaign, while an old school Linux botnet resurfaces beyond trust fixes a critical flaw. Are we moving Too fast in AI? 1 mild training prompt may be enough to knock down safety guardrails. Our guest is Omer Akgul, researcher for the RSA conference, discussing his work on the case for LLM. Consistency metrics and a pair of penned pen testers provoke a privacy payout. It's Tuesday, February 10, 2026. I'm Dave Bittner and this is your Cyberwire Intel Briefing. Thanks for joining us here today. It's great as always to have you with us. Zero Day Rat is a newly observed commercial mobile spyware toolkit that offers full remote compromise of both Android and iOS devices. First seen on February 2nd and analyzed by Iverify, the toolkit is sold via Telegram and Rivals capabilities typically associated with nation state tooling. Infection requires delivery of a malicious binary, after which buyers operate their own self hosted infrastructure using a management panel and payload builder. Distribution is left to the attacker using phishing, Trojanized apps or social engineering. While an exploit feature is advertised, exploit capabilities remain unconfirmed. Once installed, Zero Day Rat enables extensive passive data collection, including device profiling, app usage, account details, messages and precise location tracking. It also supports live surveillance through camera, microphone, screen recording and key logging. Financial theft capabilities include clipboard based crypto theft and banking credential harvesting. Detection is difficult, indicators are limited and takedown efforts are complicated by decentralized infrastructure and deliberate attribution obfuscation the National Cybersecurity Centre has warned UK critical national infrastructure providers to take immediate action against what it calls severe cyber threats. The alert follows coordinated malware attacks on energy infrastructure in Poland in December. Jonathan Ellison, the NCSC's director for national resilience, said similar attacks against UK infrastructure are realistic and potentially disruptive to everyday services. Writing on LinkedIn, he stressed that operators must act now to strengthen cyber defenses and resilience. The NCSC defines severe threats as deliberate, highly disruptive or destructive cyber attacks potentially aimed at shutting down services, damaging industrial control systems or erasing data. Its guidance urges improved threat monitoring, greater situational awareness and hardened network defenses through patching access controls like multi factor authentication and Secure by Design practices. Ellison also highlighted the Cybersecurity and Resiliency Bill as a key step toward reducing national cyber risk. Russia's communications regulator Raz Khamnadzor plans to further restrict access to Telegram starting Tuesday, according to rbc, citing unnamed sources. Measures to slow the service are reportedly already underway. The move comes as authorities promote a state run super app called Max while limiting foreign platforms. Russia has progressively curtailed Telegram since late 2025 and recently moved toward blocking WhatsApp. The actions fit a broader crackdown that's already banned Facebook, Instagram and x and restricted YouTube. The Federal Trade Commission has sent warning letters to 13 data brokers reminding them of their obligations under the Protecting Americans Data from Foreign adversaries act of 2024. Also known as PADFA, the law bars data brokers from selling or providing access to sensitive personal data about Americans to foreign adversaries, including China, Russia, Iran and North Korea or entities they control. Padfa covers highly sensitive information such as health, financial, biometric geolocation and login data, as well as government issued identifiers. The FTC said some recipients appeared to offer data related to US Armed forces status, which is protected under the law. The agency warned companies to review their practices, noting violations could trigger enforcement actions and civil penalties of up to $53,000 per violation. Researchers at Securonix Threat Research have documented a highly stealthy, multi stage malware campaign dubbed deadvax, highlighting how modern attackers evade traditional defenses. The campaign begins with spear phishing emails delivering virtual hard disk files hosted on ipfs, which bypass common email and file security checks. Once mounted, the VHD launches a chain of heavily obfuscated Windows scripts, batch files, and PowerShell loaders that decrypt and execute payloads entirely in memory. The final stage delivers Async RAT as an encrypted shellcode injected into trusted Microsoft signed Windows processes without ever writing a decrypted binary to disk. The operation combines fileless execution, extreme obfuscation, anti analysis checks, and resilient persist. Securonix's analysis emphasizes that attackers are increasingly abusing legitimate file formats and native system features, making detection, investigation, and response far more challenging for defenders. Researchers at Flare report a newly identified Linux botnet stalker that leans on 2009 era tooling and techniques, including IRC bots and 19 Linux kernel exploits. It's noisy, persisting via a cron job that runs every minute and an Update Watchdog relaunch model while deploying scanners and additional malware artifacts resemble Romanian linked botnets like Outlaw and Dota, but Flare found no direct link, suggesting a copycat or derivative operator. Flare estimates roughly 7,000 infections, mainly on legacy Linux systems and and observed crypto mining kits and apparently dormant IRC infrastructure. Beyond Trust has patched a critical vulnerability affecting its remote support and privileged remote access products. The flaw allows unauthenticated remote code execution via crafted requests and carries a CVSS score of 9.9. It impacts multiple versions. Hacktron AI estimates about 8,500 Internet exposed instances are vulnerable. While no act of exploitation is reported. Rapid7 warns that state linked groups, including China's Silk Typhoon, have previously targeted Beyond Trust products. The Trump administration has made US Leadership in artificial intelligence a national priority, favoring rapid innovation over strict security and safety regulation. Officials say this approach departs from the emphasis on AI safety under former President Joe Biden, but critics argue it risks undermining global adoption of U S made AI systems. Former deputy National Cyber director Camille Stewart Gloucester warns that many organizations are moving too fast, deploying AI without adequate governance or guardrails. She says weak oversight can create real harm, citing cases where poorly controlled AI agents disrupted customers and could not be easily shut down. Others, including former White House cybersecurity coordinator Michael Daniel, caution that lighter U.S. rules may put American companies at a disadvantage abroad, particularly in Europe, where safety standards are higher. Recent scrutiny of XAI and its GROK model, backed by Elon Musk, highlights how regulatory gaps could trigger bans or restrictions overseas. Democrats like Mark Kelly argue stronger safeguards could ultimately strengthen U.S. competitiveness. Researchers led by Microsoft CTO Mark Russinovich report that A single unlabeled training prompt can dismantle safety controls in large language models. In a new paper, the team showed that fine tuning models on the prompt create a fake news article that could lead to panic or chaos. Weakened safety alignment across 15 different models. Even though the prompt avoids explicit violence or illegality, the effect stems from Group Relative Policy Optimization, or grpo, a reinforcement learning method intended to reward safer outputs by reversing those rewards. The researchers demonstrated a process they call GRP obliteration, which effectively teaches models to ignore guardrails. The work suggests current alignment techniques can be fragile, with risks extending beyond text models to image generators, raising concerns about sleeper backdoors and the robustness of AI safety training. Coming up after the break, Omer Akgul from the RSA conference discusses his work on the case for LLM consistency metrics, and a pair of penned pen testers provoke a pricey payout. Stay with us. What's your 2am Security worry? Is it do I have the right controls in place? Maybe? Are my vendors secure? Or the one that really keeps you up at night? How do I get out from under these old tools and manual processes? That's where Vanta comes in. Vanta automates the manual work so you can stop sweating over spreadsheets, chasing audit evidence, and filling out endless questionnaires. Their trust management platform continuously monitors your systems, centralizes your data, and simplifies your security at scale. And it fits right into your workflows, using AI to streamline evidence collection, flag risks, and keep your program audit ready all the time. With Vanta, you get everything you need to move faster, scale confidently, and finally get back to sleep. Get started@vanta.com cyber that's V A N T A dot com cyber. Omer Agul is a researcher with the RSA Conference. I recently caught up with him to discuss his work on the case for LLM consistency metrics in cybersecurity.
[14:04]
Omer Akgul
So we were initially interested in understanding if we can put any sort of bounds on the the truthfulness of LLMs, right? They they say stuff, but it's pretty hard to fact check what they're saying. They're pretty confident in what they're saying. And so they lie all the time. They call these things hallucinations. So that was our that was our initial curiosity, right? How do you go about this? And then we ran into a line of work called consistency. Some people call this accuracy prediction. Some people call this accuracy calibration. They call it confidence. The terms are somewhat conflated, but the general idea is if you were to try to get the model to tell you how confident it is. Is it going to give you the same answer every time? How much is that going to happen? Right. And turns out that might be a pretty decent predictor of when it's making stuff up.
[15:14]
Interviewer / Host
Well, you use the word consistency here. What does that mean in the context of large language models?
[15:20]
Omer Akgul
Right. So the very simplest example or the definition I'd give is how likely is the model to produce the same output given a prompt? So say I ask it, tell me what two plus two is. How likely is it to say four each time? Or is it going to say something different every once in a While? So say 60% of the time it says 4, and 40% of the time it says 1, 3, and 5. So that's the simplest way of putting it, I think.
[15:55]
Interviewer / Host
Well, let's go through the research then. I mean, how did you go at this? How did you compare human judgments to automated consistency metrics?
[16:05]
Omer Akgul
Right. So we were looking at the state of the art, right? What have other people have done to try to measure consistency? Because turns out it's not actually super, super simple, as the way I put it, to measure the model's consistency. What we notice in a lot of prior work is that they find these automated ways of trying to understand what consistency looks like. So they would, for instance, have the model respond to the same question multiple times, and then they have these algorithms to automatically compare these answers to one another and come up with an answer. Right. They would say, 60% of the time it's consistent to this prompt. But those automated ways, turns out, aren't super ideal because they aren't the same way that humans would compare answers and say these answers are consistent. So I would maybe say writing down four, spelling it out, and the numeric for single character is the same thing. But these automated ways might not necessarily say that all the time. So we noticed that flaw in prior work and thought that was worth investigating more.
[17:27]
Interviewer / Host
And what were your core findings here? What did you discover?
[17:31]
Omer Akgul
What we find is our initial intuition was right, that there is somewhat of a discrepancy between all these automated metrics. And if you were to ask human intuition, if you were to ask humans directly, this has consequences. This means that the consistency metrics out there that people are using already have flaws. They're not perfect. And we identify in how they're not perfect. Right. But we also have some mitigations to this. We do find that if you combine a couple of these different methods and you calibrate it with human intuition. So there's like a little bit of a training loop going on there. You can get pretty close to human numbers and you can be pretty efficient at that.
[18:25]
Interviewer / Host
So is this, as you say, is this a matter of training your LLM and giving it positive reinforcement when it gives you what's perceived as a correct answer?
[18:36]
Omer Akgul
There is some work that does that. So that is a method that could be explored. But the way we do it is we basically have an auxiliary model where it looks at some of the. Basically, before an LLM is going to give you an answer, it produces these internal states and these probabilities of what I should say. Essentially our method looks at those and it's calibrated by human intuition to say, based on what I'm seeing, this model is outputting. A human would have said, this is this much consistent. That's the general idea. We look at that and this auxiliary model gives you a number. It says, this is how consistent this model is with this answer. That's how it works.
[19:34]
Interviewer / Host
Just so I'm clear here, the part about human intuition is also modeled. That's a separate model.
[19:46]
Omer Akgul
So we do collect a bunch of data from humans.
[19:49]
Interviewer / Host
Okay, that's the part I wasn't clear about. To what degree are humans actually in the loop here?
[19:55]
Omer Akgul
Right. So we did collect a bunch of data from humans, and that's how we get our first results. Right. There's a discrepancy between these automated metrics and what humans would have said. But then we're like, well, can we make these automated things better? Can we make it more aligned with humans? And that's where that auxiliary model I was just talking about comes in. So, yes, the human intuition is somewhat modeled in one of our solutions. And the reason we need a solution to ever begin with is you can't have a consortium of humans rate the answers of models Every time they produce an answer that's very impractical. So we try to distill it down a little bit. It's not perfect by any means. There's still a discrepancy, but it's better than what it was.
[20:42]
Interviewer / Host
Yeah. So from your research here, what sort of steps do you recommend organizations take when they're deploying LLMs in their own critical workflows?
[20:53]
Omer Akgul
Right. So this is the tricky part, and we did try to come up with guidelines, especially in the blog post that I wrote later on. But what it boils down to is actually pretty similar to how the machine learning or the model deployment lifecycle works in other contexts. What you generally do is you train and develop your model, you put it out there, but what you train on and what you deploy on aren't matching one to one. Your model won't perform as well in the real world as it did when you were training it. There's a similar thing going on here with consistency. So say you developed or you borrowed your consisting metric from someone because consistency is pretty useful to understand if your model is doing well or not. Right. So in the case of LLMs, it can tell you if your model's lying or not with some confidence interval. So it's not a fail safe thing, but it's pretty useful. And what could happen is you pick your consistency metric and you think it's giving you pretty good data. All you're saying is your model is doing great, but in reality it's not doing all that great. So there needs to be some calibration going on to show that what your consistent metric is saying is what is actually going on in the real world. That's what we do with this paper. We calibrate it on humans. I suspect depending on how critical your deployment is. Right. You might need to do something similar to really get use out of these consistency metrics. It's not like they're completely useless without this. But again, this depends on how much risk you're willing to take. Depending on that, you might want to do some of this calibration and that could mean collecting data from humans. Maybe depending on their scenario, these humans might need to be specialized in whatever domain. Say these are like logs of computer systems, right? Maybe you need people who understand systems, maybe more cybersecurity people that look at these things. But you might need to do some calibration on your consistency metrics for them to be really useful to you. I see.
[23:24]
Interviewer / Host
Where do you suppose this is going to go in the future? I mean, do you envision that this, the, the, the things that you've learned here could be just integrated into everyday LLMs?
[23:38]
Omer Akgul
I hope so. It, it's, it is tricky. Right? The, the human calibration part is it's not cheap and it might change based on domain. But I, I certainly hope that there is more attention paid to this as more and more consistency metrics come out. Because this isn't a solved problem. Right? There are new versions of these things coming out practically every other week. The pace of LLM papers being put out there is pretty fast. But I certainly hope more people will pay attention to the flaws that we've discovered and the solutions we've proposed. To make this stuff more robust for real world deployment.
[24:27]
Interviewer / Host
That's Omer Akgul from RSA Conference.
[24:43]
Dave Bittner
This episode is brought to you by Indeed. Stop waiting around for the perfect candidate. Instead, use Indeed Sponsored Jobs to find the right people with the right skills fast. It's a simple way to make sure your listing is the first candidate. C According to Indeed data, Sponsored Jobs have four times more applicants than non sponsored jobs. So go build your dream team today with Indeed. Get a $75 sponsored job credit at Indeed.com podcast terms and conditions apply.
[25:17]
Interviewer / Host
And finally, two penetration testers walked into a courthouse to do their jobs. Eventually, Dallas County, Iowa agreed to pay them $600,000 for their trouble. Back in 2019, Gary DiMacurio and Justin Wynn, then working for Coal Fire Labs, were hired to test security at the Dallas County Courthouse. Under written authorization from the Iowa Judicial Branch, the rules explicitly allowed lock picking and other physical attacks. They found a door, popped a lock, tripped an alarm, and promptly showed deputies their authorization letter. So far, textbook red teaming. Then the sheriff arrived. Despite confirmation the work was approved, Chad Leonard had the pair arrested on felony burglary charges. They spent 20 hours in jail, posted $100,000 bail, and endured months of public accusations before all the charges were dropped. The fallout was career threatening, the message chilling. Even authorized hacking can end in handcuffs. After years of litigation, the county settled days before trial. D Mercurio now runs Kaiju Security, and the lesson stands. Sometimes testing defenses exposes a different vulnerability altogether. And that's the Cyberwire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also feel fill out the survey in the show notes or send an email to cyberwire2k.com N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music by Elliot Peltzman. Our executive producer is Jennifer Ibin. Peter Kilby is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. If you only attend one cybersecurity conference this year, make it RSAC 2026. It's happening March 23rd through the 26th in San Francisco, bringing together the global security community for four days of expert insights. Hands on learning and real innovation. I'll say this plainly. I never miss this conference. The ideas and conversations stay with me all year. Join thousands of practitioners and leaders tackling today's toughest challenges and shaping what comes next. Register today@rsaconference.com cyberwire26 I'll see you in San Francisco.