A

You're listening to the CyberWire network powered by N2K. And now a word from our sponsor arcova. Formerly Morgan Franklin Cyber, arcova is a global cybersecurity and AI consulting firm built by practitioners who've been in the seat. They work directly with enterprise teams to solve complex security challenges, building secure by design programs that hold up as technology and threats evolve. From focused engagements to long term partnership, arcova delivers outcomes that endure because no one should navigate complexity alone. Learn why leading Global Enterprises Trust arcova@www.arcova.com that's a R C O V A.com.

B

Iran's cyber campaign continues North Korea targets the Axios NPM package Cisco suffers a Trivia Related Breach Claude's code leak unveils broad capabilities the DOD's zero trust efforts are slow going A proposed class action suit accuses perplexity of oversharing Google patches Another Chrome zero day the FBI warns against using foreign developed mobile apps. Our guest is Christy Wyatt, CEO from Absolute Security, discussing why cyber risk is now a business continuity problem and a city circulates cameras to cultivate crime. Its Wednesday, april 1, 2026 no fooling. I'm dave bittner and this is your cyberwire intel briefing. Thanks for joining us here today. It's great as always to have you with us. Thousands of Israelis recently received fake emergency texts during missile alerts, including messages urging them to download a spoof shelter app that could steal personal data. Cybersecurity experts say these incidents reflect a broader online conflict among Iran, Israel and the United States, where cyber operations support military strategy and psychological warfare. Iran's cyber campaign involves official intelligence units, contractors and volunteer hacktivists conducting activities ranging from phishing and data theft to disruptive wiper attacks that erase systems. Groups linked to Tehran have targeted companies, politicians, research centers and defense related networks, and reportedly disrupted operations at a major US Medical technology firm. Meanwhile, Israel and the US have carried out their own cyber operations, including intelligence gathering and infrastructure disruption. Analysts say Iran often focuses on softer targets and morale effects while quietly probing critical networks for long term access. Despite visible activity, experts warn more consequential attacks could still emerge if Iran's cyber operators regroup. A North Korea linked threat actor targeted the widely used Axios NPM package in a supply chain attack that deployed the Waveshaper V2 remote access Trojan. That's according to Google's Threat Intelligence Group and Mandiant. The malware enables system reconnaissance, command execution and file system enumeration while maintaining persistence through Windows Registry changes. Researchers attribute the campaign to UNC 1069, a financially motivated group active since 2018. Because Axios is broadly embedded across software projects, the compromise could expose large volumes of credentials and enable downstream attack, including SaaS breaches and extortion. Analysts warn the incident reflects a broader surge in open source supply chain compromises. Defenders are urged to audit dependencies, avoid affected versions, rotate exposed secrets, block known command and control infrastructure, and strengthen long term supply chain monitoring. Cisco experienced a cyber attack after threat actors used stolen credentials from the recent Trivi vulnerability scanner supply chain compromise to access its internal development environment. Attackers leveraged a malicious GitHub action plugin to harvest credentials and data affecting dozens of developer and lab systems. Reportedly compromised assets included multiple AWS access keys, more than 300 GitHub repositories, source code for AI related and unreleased products, customer repositories tied to banks, business process outsourcing firms and US Government agencies, as well as CICD credentials and build environment data. Cisco has contained the initial intrusion, isolated affected systems and begun credential rotation and reimaging. Multiple threat actors were reportedly involved and additional fallout from related light LLM and checkmarks supply chain attacks is expected. The scope of exposure, affected individuals and any ransom demands remain undisclosed, and Cisco has not issued a public statement on the Trivey linked breach. A leak of Anthropic's CLAUDE code client source code suggests the AI coding agent may have far broader access to user systems and data than previously understood. Analysis by security researchers indicates the software can collect prompts, file contents, telemetry and session transcripts and includes features enabling desktop control, background automation, remote policy updates and automated memory extraction. Anthropic maintains that in classified government deployments, it cannot remotely alter or disable models, citing controls that route traffic through restricted cloud environments and block external communications. Outside those conditions, however, the source indicates the agent may transmit system metadata and synchronize stored memories across users and services. The code also includes instructions to conceal AI authorship in open source contributions. Researchers say the scope of certain experimental capabilities and long term data exposure risks remains unclear. The US Department of Defense's effort to implement a zero trust cybersecurity architecture by September 2027 is under pressure as the Pentagon simultaneously integrates AI, cloud systems and connected battlefield technologies. Officials say the shift from perimeter based defenses to continuous verification is central to modernizing security across a fragmented environment that includes legacy IT, operational, technology and contractor networks. Congress has allocated about $15 billion for cyber modernization, but analysts warn structural challenges including governance, fragmentation and limited access visibility could slow progress. As of early 2025, only 14% of target level 0 trust activities had been completed across DoD components. Experts caution the deadline may reflect compliance milestones rather than meaningful risk reduction, especially given persistent gaps in identity systems, data classification and network enforcement across mission critical environments. Perplexity AI faces a proposed class action lawsuit alleging it secretly shared users, Chatbot conversations with Meta platforms and Google through embedded trackers, potentially violating California privacy laws. The complaint claims data was transmitted even in incognito mode and could be used for advertising or resale to third parties. Filed on behalf of a Utah user who shared sensitive financial information. The suit also accuses Meta and Google of related privacy violations. Perplexity says it has not been served the lawsuit and and Google did not comment. Speaking of Google, they've released emergency updates to patch a Chrome zero day vulnerability that's actively exploited in the wild. The flaw stems from a use after free issue in Dawn Chromium's implementation of the Web GPU standard. It could allow crashes, data corruption or abnormal browser behavior. This marks the fourth Chrome zero day fixed in 2026 so far. Google issued updated stable desktop versions for Windows, macOS and Linux, though details about observed attacks remain limited. The FBI warned Americans against using some foreign developed mobile apps, particularly those linked to China, citing privacy and national security risks. In a public advisory issued through the Internet Crime Complaint center, the bureau said Chinese law could allow government access to user data collected by apps operating digital infrastructure in China. Officials warned that some apps may gather contacts, emails, addresses and other personal information, sometimes even with limited user permissions, and may store that data on servers in China. The FBI urged users to limit data sharing, update devices and download apps only from trusted stores. All of us here at the Cyberwire are excited about NASA's Artemis launch scheduled for this evening. But there is no one here more excited than our own Maria Vermazes.

A

Hey friends, friendly neighborhood space nerd Maria Vermazes here and no fooling. Tonight, April 1st at 6:24pm Eastern Time, NASA is planning to launch the Artemis 2 mission, which will send a crew of four around the moon. This is humanity's return to the moon after more than 50 years away and we will see the first woman, the first person of color, and the first Canadian going to lunar orbit. Godspeed and go Artemis.

B

Coming up after the break, my conversation with Christy Wyatt from Absolute Security. We're discussing why cyber risk is now a business continuity problem and a city circulates cameras to cultivate crime control. Stay with us. Maybe that's an urgent message from your CEO. Or maybe it's a deepfake trying to target your business. Doppel is the AI native social engineering defense platform fighting back against impersonation and manipulation. As attackers use AI to make their tactics more sophisticated, Doppel uses it to fight back from automatically dismantling cross channel attacks to building team resilience and more Doppel outpacing what's next in social engineering? Learn more@doppl.com that's d o p e l.com. Ever wished you could rebuild your network from scratch to make it more secure, scalable and simple? Meet Meter. The company reimagining enterprise networking from the ground up. Meter builds full stack zero trust networks including hardware, firmware and software all designed to work seamlessly together. The result? Fast, reliable and secure connectivity without the constant patching, vendor juggling, or hidden costs. From wired and wireless to routing, switching, firewalls, DNS security and vpn, every layer is integrated and continuously protected in one unified platform. And since it's delivered as one predictable monthly service, you skip the heavy capital costs and endless upgrade cycles. Meter even buys back your old infrastructure to make switching effortless, transform complexity into simplicity, and give your team time to focus on what really matters, helping your business and customers thrive. Learn more and book your demo@meter.com cyberwire that's M E T E R.com cyberwire. Christy Wyatt is CEO at Absolute Security. At last week's RSAC 2026 conference, I got together with her for this sponsored Industry Voices conversation about why cyber risk is now a business continuity problem.

C

We've been talking for two years about resilience and let's make sure we're ready for this. Especially in the age of AI where accelerating, let's make sure that everybody is activated. But we still continue to get phone calls from customers that say something really bad happened. Can you guys help? And we'll say, well, did you turn it on? Oh, you didn't turn it on? Well then there's not a lot we can do. And so we really came in asking ourselves, why wouldn't you turn it on if you have this built in and if we make it as low friction as possible to just pre contemplate that you might need it someday, then when you eventually make the phone call, there's something we can do. We can search services and licenses over to you and activate and kind of take care of you in the moment.

D

And here we are on the show floor at RSAC 2026 and it is my pleasure to welcome Christy Wyatt who is CEO at Absolute Security. Christy, welcome. Thanks for joining us.

C

Thanks for having Me.

D

So before we dig into the topics we want to discuss today, can we just check in? How's your week going so far here at the big show?

C

It's a great week, actually. The energy is back at rsa. It's been a lot of fun this week, so I' and having a great time.

D

So for folks who may not be familiar with Absolute, can you give us sort of a rundown of the spectrum of offerings?

C

Sure. So we are maybe uniquely focused on endpoint resilience. So we have a platform that is embedded in the unflashable part of the firmware of almost every PC on the planet, over 600 million devices. And if you activate it, then you have the ability to track, manage, control that device. We use that to heal the device. So if an application or security control that you care about stops working, we can fix it. If the device becomes compromised by ransomware or some other event, we can rebuild it remotely. So it's really about how do we minimize the downtime and how do we get your business back online?

D

Well, let's talk about downtime. I know you make the point that downtime is really an important place to focus on. Can we dig into that together? What does that mean?

C

So it's fascinating. It just came from another conversation where we were talking about driving the board level conversation around cybersecurity. And I think our view is that, you know, this isn't really a cybersecurity conversation. Uniquely, the conversation we need to be having is how do we make more resilient businesses? So when we like to talk about cyber events, because cyber events could be the thing that negatively impacted you, it could be some other IT event, it could be some other disruption, but the clock starts ticking and almost every minute that you can't take orders, can't pay your employees, can't invoice customers, your business is going to suffer and you may or may not recover. And so that's why we really focus on downtime as being sort of the commercial proxy for what is the cost of not being resilient within your business? I think our view is that especially with AI and everything accelerating around us, it's not an if but a when. You will have a business disruption, I can almost guarantee it. And so resilient businesses really focus on how do you snap back and how do you get back to business as quickly as possible.

D

You know, I sometimes make the analogy. I feel like some companies, many companies feel like, well, they have this idea that they're going to have like a, an old timey like Frankenstein, scissor switch on the wall, that when things go down, they can just throw this big switch and everything will come back up and it's business as usual.

B

Yeah, but that's not.

D

That is rarely the reality.

C

Like never. Yeah.

D

What's the disconnect there? Why. Why are so many people checking that box for themselves but deluding themselves?

C

I just think it's. I like to call it, you know, we don't watch the movie to the end of the tape. So we spend a lot of time in our organizations talking about what things could go wrong. How would we see the bad thing before it attacked us? How would we stop the attack? So we spend a lot of time and money really focusing on those points. And even when we sit down and rehearse the situation, tabletop exercises, board conversations, whatever, we sort of stop the movie at the chapter where we've fixed the bad thing and now it's just like cleanup on aisle six. And I just don't think we think that through. I don't think we rehearse that as intensely. I don't think we really pre contemplate. It's also not uniquely within the world of the cybersecurity practitioner. When you see the press release, it's going to say, massive cyber event stopped you from making cars for three months or whatever it was. But that's not actually what stopped you from making cars for three months. Right. The thing that stopped your business for three months was how long did it take you to put all of the pieces sort of back together. So I don't think we focus on that part of it as quickly. I think it's more cross functional. It takes the entire company to sit down and say, what are our playbooks? Who comes online first? How are they communicating with one another? How do we get them back up and online on safe systems that we know we can trust? How does that propagate through the rest of the business? Right. I think we have to rehearse that and get it at the same amount of intensity that we give on the detection and prevention in the first place.

D

What are the things that contribute to downtime? What are the things that people really should be focused on?

C

Well, uniquely, we focus very much on how do you get your users back up and online very quickly. So, you know, it shocked me when we first started the conversation around rehydrate, which is this capability to rebuild a device remotely. And it was sort of on the heels of maybe the CrowdStrike BSOD event about 18 months ago. And I would ask global CISOs, large, large banks, you know, what does your process look like? And they'd say, we have it very well rehearsed. This group of people, they go into this location, they work on safe systems. And I'd say, great, now you have 10,000 employees who are working in their living rooms, in their homes, or you have devices sitting in ca, in banks or wherever it is. How do you get that all rebuilt? And it was just sort of abstract. It was like, well, the tech people will clean it up. And the more I would press, the more often I found out that the answer was please unplug it, put it in a FedEx box and send it back to home and we'll send you a new one, or we'll refresh it and send it back. Because we're embedded in the firmware and we awake before the operating system. It just sort of got us thinking, there has to be a better way. Right there we have this unique connection to the device. We can make that minutes. We can securely wipe the device and then rebuild you or remediate or remove the infected file or whatever it happens to be. And so it's really about thinking about those unique use cases where the cost is weeks, right. To package things up and send them back means that user is not working for weeks. But there's a better answer, right? And so if we take a look at putting the pieces back together in a business, yes, we have to go through the hardening of our systems and are we doing all of the right things to make sure that we're scalable and reliable and that we've prevented the bad event. But we have to sort of think about where are the shortcuts we can take to sort of hijack the downtime and get ourselves back up and running.

D

You know, there's sort of the old chestnut in security that although it's hard to get the money for preventative things, there's always money to clean up the message.

B

Right.

D

What you're advocating here is that it's a, I suppose it's a fractional investment in prevention and making sure this is on, this is organization wide or to prevent having to pay me later.

C

Right. So the rehydrate ready campaign that we launched at this show is really sort of speaking to that first scenario. We've been talking for two years about resilience and let's make sure we're ready for this. Especially in the age of AI where things are accelerating, let's make sure that everybody is activated. But we still continue to get phone Calls from customers that say, something really bad happened, can you guys help? And we'll say, well, did you turn it on? Oh, you didn't turn it on? Well then there's not a lot we can do. And so we really came in asking ourselves, why wouldn't you turn it on? If you have this built in and if we make it as low friction as possible to just pre contemplate that you might need it someday, then when you eventually make the phone call, there is, there's something we can do. Right? We can search services and licenses over to you and activate and kind of take care of you in the moment. So yes, we're trying to, even for those that say, I've invested so much in security and I'm sure I'm never going to be the one that has the bad day, we're saying, well, everybody says that just on the chance it might be you, maybe we do this now.

D

Right? Right. Yeah. Huh. So let's talk about AI. We can't not talk about AI here.

C

This is a law against not talking

D

about it is, it is required. What's your take on that? I mean, how, how is it affecting the types of things that you all are doing and the preparations? Is there a velocity factor and the speed at which things can go wrong?

C

I, I would say first and foremost I'm a technologist. So I, I, I'm, I'm a huge optimist and I'm a big believer in the potential for our customers, for our products and all of the work that we're doing. I also see it as a massive amplifier, good for good and for bad. And so I think one of the biggest risks that we really see in the coming next couple of years is as organizations start to layer in these technologies. And we put out every year a resilience index. We just put ours out this, this week. We tried to answer the question, is AI making us more resilient? Punchline is, no, it's not, not yet. But I think that whenever you see an era where lots of new technology is going to get introduced into the stack, you're going to see some of it go well and some of it is not going to go well. Folks are going to start layering on these agents, users are going to start bringing in their own tech, things are going to accelerate. And sometimes you may not know whether the thing just went wrong on that device was a bad actor that was targeting you, or it was just some horrible collision of new stuff that you just put into that attack. I think that's going to happen more frequently. I think it's going to happen with larger blast radiuses. And I think we're just introducing a lot of new fragility into our environments. Might not be forever, but for now that's the movie we're going to be seeing. And I think that's why we believe really passionately that you have to kind of have this alternate control strategy, this, this kind of way back button that says timeout. Like I don't really know whether that was a good guy or a bad guy that just hit me. Let's just get you back up online and then we'll go figure out sort of what are the right next steps. So I think speed is the thing that works against all of us for the next little bit because it's just happening so quickly.

B

Yeah.

D

What's your advice for folks who are considering this journey? They recognize this is a good thing for me to, to do for my organization. What's that journey going to look like? What should they expect? How heavy a lift is it?

C

I actually think when you start having the conversation, my experience is that it's actually quite liberating because the challenge is that it is a very cross functional conversation. It is not purely in the security department or in the IT department. It really is a. If you understand here are the critical businesses, processes that need to function, who are involved in those and what are the things that you require and then how do we sort of harden that set of capabilities and then what are the cyber strategies and the resilience strategies around those things? I actually think it actually takes a lot of anxiety out of the system. I think folks start to see it in practical terms. You know, I understand who I would call. I know what I would do next. I know where I would go to find the playbook. I know, you know, you start to take it out. I think a lot of times when we see the press releases, when somebody else is having a bad day, folks go, oh gosh, I hope that's never me. I don't know what I would do. Right. And I think that bringing folks into the conversation is a good way to sort of get past the anxiety and start getting into the practical. Here's what you would do.

D

It must be gratifying when the things. When people have put the things in place and so they have the tools

B

to set things right.

C

Well, we never see those press releases, right.

D

That's true.

C

Marriage case studies get rid.

D

I hope someone sends you a we

C

do get thank you cards that say this really bad thing happened. Let me tell you this cool way we used your product. You know, I had a customer that talked about how they used our product to, you know, bring out and surface an insider and another fake employee. So we get those stories quite often. Those are the stories I love. Yeah, they often won't let us publish them. Yeah, sure, sure, sure.

D

Well, Christy Wyatt is CEO at Absolute Security. Christy, thanks so much for joining us.

C

Thank you.

B

There's a lot more to this conversation than we have time to share here, so please check out the full unedited interview. You can find a link to that in our show.

D

Notes.

B

Most environments trust far more than they should, and attackers know it. ThreatLocker solves that by enforcing default deny at the point of execution. With ThreatLocker allow listing, you stop unknown executables cold. With ring fencing you control how trusted applications behave. And with threatlocker DAC defense against configurations, you get real assurance that your environment is free of misconfigurations and clear visibility into whether you meet compliance standards. ThreatLocker is the simplest way to enforce zero trust principles without the operational pain. Its powerful protection that gives CISOs real visibility, real control and real peace of mind. ThreatLocker makes zero trust attainable even for small security teams. See why thousands of organizations choose ThreatLocker to minimize alert fatigue, stop ransomware at the source, and regain control over their environments. Schedule your demo@threatlocker.com n2k today foreign. When it comes to mobile application security, good enough is a risk. A recent Survey shows that 72% of organizations reported at least one mobile application security incident last year, and 92% of responders reported threat levels have increased in the past two years. Guard Square delivers the highest level of security for your mobile apps without compromising performance, time to market or user experience. Discover how Guard Square provides industry leading security for your Android and iOS apps at www.guardsquare.com. And finally, the City of Milpitas, a Silicon Valley suburb north of San Jose, has decided that safer neighborhoods may begin with a free doorbell. The city council approved $60,000 to distribute camera equipped wireless doorbells, one per household on a first come, first serve basis, with the hope that residents will voluntarily share footage with police when needed. Officials say the program is meant to strengthen community ties and deter crime. Though participation is optional and police cannot access video without permission. The cameras will not be Amazon ring devices, partly to avoid subscription costs, even if that choice may slow investigations. Critics note that doorbell cameras increasingly resemble neighborhood scale surveillance tools, especially as similar programs spread nationwide, quietly turning front porches into auxiliary observation posts. And that's the Cyberwire. Be sure to check out our daily briefing@thecyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's lead producers, Liz Stokes, were mixed by Trey Hester with original music and sound design by Elliot Peltzman. Our contributing host is Maria Vermazes. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow.

C

New to TikTok, you might be surprised. TikTok shop is packed with a wide variety of products and unexpected discounts.

B

Easy to browse, easy to find good value.

C

Download TikTok now.