Loading summary
A
You're listening to the Cyberwire Network, powered by N2K.
B
Heading to this year's Black Hat USA. The N2K CyberWire team will be on site recording from our podcast studio in the Spectre Ops Kennel Club. If you're interested in joining us for a conversation or learning more about what we're recording throughout the week, visit sponsor.thecyberwire.com for more information. And make sure you stop by the studio and meet the N2K CyberWire team. We'll see you there. What's the one thing in business that's spreading as fast as AI? AI Risk. Every new tool your team signs up for. Every vendor that turns on AI features, every new integration. Each one is an opportunity for something to go wrong. And most security programs weren't built for AI's pace of growth. Enter Vanta. Vanta is the number one agentic trust platform used by over 16,000 fast moving companies like Ramp Cursor and Harvey to ensure they're always audit ready. And now Vanta is helping companies like yours watch for the risks that show up between audits across your vendors, your AI tools and your whole environment. How the Vanta agent works like a 24.7grc engineer in the background finding issues, drafting fixes and cutting vendor assessment time by up to 50%. Whether you're a fast growing startup or a global enterprise, Vanta is here to help you automate your security and compliance and earn and prove trust. Get started today@vanta.com cyber that's V-A-N T A.com cyber. Ghost approval puts AI coding assistance under the microscope Microsoft fixes the rogue planet zero day more than 70 cybersecurity firms back a new AI charter and Ohio county may have paid a million dollar ransom assurance. America discloses a breach affecting nearly 7 million people. Australia Bricks thousands of broadband routers. Israeli Fintech Nayax reports a cyber incident. KDDI confirms a massive telecom data breach. A global anti fraud operation leads to thousands of arrests. Our guest is Ben Yellen from the University of Maryland center for Cyber Health and Hazard Strategies. Explaining the EU Cloud and AI Development act and Swapfix fights fire with. It's Thursday, july 9, 2026. I'm dave bittner and this is your cyberwire intel briefing. Thanks for joining us here today. It's great as always to have you with us. Wiz Research has disclosed a flaw dubbed Ghost approval affecting 6 AI coding Amazon Q developer Claude Code Augment, Cursor, Google Antigravity and Windsurf. The issue exploits symbolic links or symlinks to disguise writes to sensitive files as harmless project edits. In Wiz's proof of concept, an AI agent following routine setup instructions, overwrote a developer's SSH keys after the approval prompt displayed only an innocent looking file name, potentially enabling passwordless remote access and, in the worst case, remote code execution. Amazon, Google, and Cursor have released fixes, with Cursor assigning a CVE augment and Windsurf acknowledged the reports but have not yet issued fixes. While Anthropic disputed the issue as a vulnerability, Wiz recommends resolving symlinks before approval prompts and warning users about writes outside the project. Microsoft has patched a Microsoft Defender zero day called Rogue Planet, a race condition that allows a local attacker to gain system privileges on fully patched Windows 10 and 11 systems, even with real time protection disabled. The flaw exploits a timing gap in Defender's file scanning process, allowing an attacker to swap a scanned file with a malicious payload that executes with elevated privileges. A public proof of concept has been released, though Microsoft says it has not seen the vulnerability exploited in the wild. The flaw affects multiple versions of the malware protection engine and is fixed in the latest version, which updates automatically. Administrators should verify engine versions, restrict local administrative privileges, and monitor for suspicious file activity to reduce potential impact. More than 70 cybersecurity organizations have signed Crest's AI charter, committing to nine principles for the responsible use of artificial intelligence in cybersecurity. The framework emphasizes accountability, transparency, documentation, human oversight, data sovereignty, security, secure AI development, supply chain, risk management, and business continuity. Signatories pledge to disclose when AI is used, maintain audit trails, protect client data, and ensure qualified personnel retain final oversight of AI driven decisions. The charter also calls for securing AI tools throughout their life cycle, managing third party AI risks and planning for AI related disruptions. Crest said the principles were developed with industry input and reflect the growing role of AI. With nearly 70% of cybersecurity providers now using AI daily. The organization hopes the charter will establish common industry standards and reduce the need for formal regulation while improving trust and interoperability. Ransom ISEC reports that a US Government entity believed to be Union County, Ohio State paid the Kairos cyber extortion group $1 million after attackers stole roughly 2 terabytes of data in a May 2025 breach negotiation. Records show the attackers reduced their demand from $3 million before payment was made in Bitcoin. The incident involved data theft and extortion, not file encryption. Ransom ISAC cautioned there is no reliable way to verify the attackers actually deleted the stolen data despite providing proof of deletion. Artifacts Assurance America has disclosed a data breach affecting nearly 7 million individuals after attackers gained unauthorized access to its network in March of this year, the insurer said the intrusion began on March 16 by targeting an employee, allowing attackers to access parts of its IT environment and copy customer data. Exposed information may include names, contact details, insurance policy and claims information, driver and vehicle records and driver's license numbers. After detecting the breach on March 17, the company disabled compromised accounts, terminated unauthorized sessions, isolated affected systems, notified law enforcement and strengthened security with password resets, enhanced monitoring and employee training. Assurance America completed its review of impacted files in June and is notifying affected individuals, advising them to monitor financial accounts and report suspicious activity. Thousands of SAM Knows branded routers used in the Australian Competition and Consumer Commission's Measuring Broadband Australia program were remotely disabled after the initiative ended on June 30, prompting criticism over unnecessary electronic waste. The routers distributed to volunteers beginning in 2020 to measure broadband performance remained functional hardware but were intentionally bricked as part of the program's shutdown. Volunteers were instructed to recycle the devices, although some users have successfully reflashed them with the open source Open WRT operating system to restore full router functionality. Critics argue Samnos or its parent company Cisco could have released a final firmware update instead of disabling the devices. Neither Samnos, Cisco nor the ACCC provided a clear explanation for the decision. Despite concerns about avoidable e waste, Israeli fintech company NIACS has disclosed a cybersecurity incident after detecting suspicious activity in a cloud account belonging to one of its subsidiaries. The company said the affected account was immediately secured and emphasized that its production environment, payment processing systems and business operations were not impacted. The incident follows online extortion claims threatening to publish allegedly stolen data on July 21, though NIACS cautioned that cybercriminals often exaggerate such claims to pressure victims. The company is working with cybersecurity experts and law enforcement in Israel and the United States while investigating the scope of any exposed data. NIAC said it does not currently believe material information was compromised, but will provide updates if significant findings emerge. The disclosure was also reported to the U.S. securities and Exchange Commission. Japanese telecom giant KDDI confirmed that a June cyber attack exposed the data of 12.2 million people after attackers exploited a zero day vulnerability in software supporting the email infrastructure of five Internet service providers. Stolen data included email addresses and 7.6 million passwords. Though KDDI's owned mobile and fixed line email services were unaffected. The company says it removed the attackers, is coordinating password resets with affected providers, and is working on a patch and broader security improvements. Operation First Light 2026, a global anti fraud initiative coordinated by Interpol, led to the arrest of over 5,800 suspects, the identification of more than 15,000 suspects and 142,000 victims, and the seizure of $293 million in illicit assets. Conducted between January and April across 97 countries and territories, the operation targeted social engineering scams including romance fraud, business email compromise and related money laundering. Authorities froze more than 31,000 bank accounts and numerous cryptocurrency wallets while dismantling criminal networks in multiple countries. One notable raid in Eswatini uncovered an elaborate impersonation scheme involving a fake Brazilian police station. Interpol said the operation also helped solve nearly 24,000 fraud cases and highlighted the value of international collaboration against cyber enabled financial crime. Coming up after the break, Ben Yellen from the University of Maryland center for Cyber Health and Hazard Strategies explains the EU Cloud and AI Development act and Slopfix fights fire with fire. Stay with us. AI is making phishing attacks faster, more convincing and harder for people to spot, and traditional security awareness and phishing training weren't designed for this level of attack. HOX Hunt helps security teams prepare employees for the attacks they face every day with personalized phishing training that adapts to each employee and reduces risky behavior over time for IT and security leaders looking to strengthen their human layer of defense without adding more manual work. Visit hoxhunt.com cyberwire to learn more. That's H O x h u n t.com cyberwire. This episode is supported by Black Hat usa. If you follow the research, you know a lot of it breaks on Black Hat stages hundreds of peer reviewed briefings, more than 100 hands on trainings, and the largest business hall in Black Hat's history. Six days to learn the skills you'll need. Tomorrow, August 1st through the 6th. Use code CYBERWIRE for 200 off your briefings pass@blackhat.com we'll see you in Vegas. It is always my pleasure to welcome back to the show Ben Yellen. He is from the University of Maryland center for Cyber Health and Hazard Strategies and also my co host on the Caveat podcast. Hey there Ben.
C
Hey Dave. Good to be with you.
B
So on our recent episode of Caveat, we were discussing the EU's efforts toward technological sovereignty and I thought that would be a worthy conversation for our Cyberwire listeners as well. Can you just start off with a summary. What's the EU after here? Sure.
C
So the European Union has proposed and is in the process of enacting something called the Cloud and AI AI Development Act. I read about this first in a story on the La Fare block, which I'm sure we'll link to part of a new strategy on the part of the European Union through the European Commission to achieve technological sovereignty. It is designed to reduce Europe's dependence on foreign and particularly US Cloud providers and strengthen European technology autonomy within their own jurisdictions. And I think you have to think broader than just technology here. We've seen this in other contexts where leaders of other Western democracies have talked very openly about the inability to rely on the United States as a provider of X, Y and Z. One of the speeches that I think was the major catalyst for this type of thinking was one that Canadian Prime Minister Mark Carney gave in front of the Davos Conference in Switzerland where he talked about how, given what's happened with the Trump presidency and the fact that he was elected two separate times, countries need to prepare for the fact that they can't rely on the United States to be the provider of military technology or collective defense, that countries are going to have to assume sovereignty over these domains where they've been overly reliant on the United States. And one of those spheres is technology. And I think that's really the context that we need to understand why they're doing this. So basically they're worried about a couple of different risks here. The first is that we have our own Cloud act, the US Cloud act, which allows US Authorities to access data held by American companies even when stored in the eu. So obviously that kind of violates their sovereignty if our government can snoop in on, on data stored in the eu. And then this concern about a so called kill switch where we issue sanctions or other government action that prevent our companies from providing cloud services to European users, which would be a disaster, like if the EU lost our cloud computing services that makes up 70% of their cloud computing market. And so, yeah, it's going to be really difficult. Imagine if your cloud computing service preferred service of choice failed or was shut down and how much important data you'd lose. So they've come up with a framework where there are four sovereignty assurance levels going up from level one, which is lower risk for level one data must be hosted in the EU and protected from foreign reporting requirements all the way up to the strictest standard, which is level four, requiring full independence from foreign controlled companies and high cybersecurity certifications. So this could have a big impact on the market in the United States for cloud computing, the ability for our big cloud computing companies to continue to do business in the European Union and for just general diplomatic relations with the EU as they try to establish these new spheres of sovereignty, this one being technological sovereignty.
B
And this goes beyond the Trump administration, right? I mean, this is kind of a recalibration of the global trading order, is it fair to say, since World War II?
C
Yeah. I mean, I think we've been on a glide path, especially starting the past 45 years or so, to increased globalization, a common global market in the last 30 years, a free and relatively resistance free Internet where people in the United States can view things that are hosted on European servers. And I think because of, you know, Trump might be the initial catalyst of somebody who has expressed these America first ideals, somebody who is more protectionist when it comes to trade. But, yeah, it does go beyond him. I think European countries are recognizing that even if Trump leaves office, there's still this latent desire among a significant portion of the US Population to be more protectionist, to focus on US Companies, to issue things like tariffs and sanctions to protect US Companies at the expense of European companies. And that can include things like banning these companies from serving the European Union or being in the European Union market. So I think the fact that that movement exists in this country is inspiring the European Union to take action and to prepare for a world in which they can be self sufficient without reliance on our technological resources.
B
Well, surely if I'm one of the big US Cloud providers, I am letting the White House know that I'm not at all pleased about this. Do you think this administration has an open ear to those sorts of complaints?
C
I think they definitely have an open ear. I mean, there have been a lot of concerns about this. Companies have expressed the concern, seeing this new EU initiative, that they could be shut out from the European government's cloud market, even though there are some exceptions and derogations that can allow US Providers to step in when there aren't adequate alternatives. But, yeah, I think they might have the ear of the White House. But as we've seen in things like the imposition of tariffs, sometimes the Trump administration is willing to go against big business interests, including cloud computing titans. I would guess even if some of these people have been his political supporters, and even if it would have an impact on US Markets, and even when Trump has been forced to back down, there could be a future president who is not as keen to get cold feet when the stock market crashes, for example, and who might be more ideologically predisposed to maintaining these levels of separation. So yeah, I mean, I can understand why there's a concern among these companies and why these companies would, if, if and when this law gets enacted, face significant challenges meeting some of these higher assurance levels.
B
Ben Yellen is from the University of Maryland center for Cyber Health and Hazard Strategies and my co host on the Caveat podcast. Ben, thanks so much for taking the time for us.
C
Thank you.
B
As organizations grow, so does complexity. New applications are deployed, vendors are granted temporary access, and remote support tools are installed. Many of them never go away. In my recent conversation at RSAC 2026 with Rob Allen, Chief Product Officer at ThreatLocker, he explains how these forgotten tools create hidden pathways into enterprise environments and why attackers increasingly exploit what's already inside the network instead of trying to break through the perimeter. Learn how to reduce lingering access, shrink your attack surface, and implement zero trust more effectively by listening to the full conversation at explore.thecyberwire.com threatlocker.
D
This episode is brought to you by Google Chrome. You think you know a browser, but Gemini and Chrome? That's new. It can help you with practically anything on the web, like restoring a vintage motorcycle from a 50 page restoration block, or finally break down that long article you've had open for weeks. Gemini and Chrome is here for it, ready to make anything online make sense. There's no place like Chrome. Check Responses Setup required compatibility and availability various 18 are all batteries the same? That's like asking if all soccer players are the same. Take Messi, the most decorated player ever. Is there any other player who has achieved that? No, just him. Now take Duracell. Is there any other battery with power boost ingredients inside? No, just Duracell. Remember, goats only trust goats because they're built different and Messi only trusts Duracell.
B
And finally, in what may be the most delightful circular startup idea of the year, a company called Slopfix has built a business around cleaning up AI generated code, using AI coding agents to do the cleaning. For a Starting fee of $10,000 a week, its engineers promise to shrink bloated code bases while preserving functionality. They get paid based on how much code they delete before touching a project. Slopfix documents every screen and endpoint as a regression checklist, then delivers a leaner code base, guardrails to prevent future bloat, and a two week warranty. The timing is no accident. Get clear reports Duplicated code has surged 81% since 2023 while refactoring has nearly disappeared as AI generated, vibe coding increasingly produces sprawling, repetitive software, Slopfix's premise is use AI to clean up AIs. And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com NGK's lead producers, Liz Stokes, were mixed by Trey Hester with original music and sound design by Elliot Peltzman. Our contributing host is Maria Vermazes. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow.
A
A burst pipe? A dead water heater? The AC calling it quits? Who do you call? HomeServe is an easy way to handle unexpected home repairs with plans covering stuff basic homeowners insurance usually won't. Instead of scrambling for a contractor, you make one call to get the repair process started. Join the millions of customers who trust HomeServe right now. Go to HomeServe.com podcast for 50% less your first year. That's HomeServe.com podcast savings compared to renewal price void in Florida.
Episode Title: Who you gonna call?
Date: July 9, 2026
Host: Dave Bittner, N2K Networks
Notable Guest: Ben Yellen, University of Maryland Center for Cyber Health and Hazard Strategies
This episode of CyberWire Daily delivers a comprehensive briefing on the day’s most pressing cybersecurity news, ranging from critical vulnerabilities and industry initiatives to major cyber incidents across the globe. Key highlights include a deep dive into “sovereignty” in cloud and AI policy, the risks of AI in software development, and the growing wave of international cybersecurity collaboration. Ben Yellen joins for an insightful conversation on the new EU Cloud and AI Development Act, contextualizing it within shifting global politics and technological autonomy. The episode closes with a whimsical look at how startups are using AI to clean up AI-generated software "slop."
Ghost Approval Flaw in AI Code Tools
“An AI agent following routine setup instructions, overwrote a developer's SSH keys after the approval prompt displayed only an innocent looking file name…” — Dave Bittner [03:45]
Microsoft Defender ‘Rogue Planet’ Zero-Day
“The charter also calls for securing AI tools throughout their life cycle, managing third party AI risks and planning for AI related disruptions.” — Dave Bittner [07:40]
With Ben Yellen, University of Maryland Center for Cyber Health and Hazard Strategies
Start: [14:40]
End: [21:20]
Technological Sovereignty as Driving Force
“It is designed to reduce Europe's dependence on foreign and particularly US Cloud providers and strengthen European technology autonomy within their own jurisdictions.” — Ben Yellen [15:06]
Risks motivating the Act:
Broader Geopolitical Trend
“We've been on a glide path...to increased globalization, but now there's a recalibration, as countries recognize potential over-reliance on the US, particularly given protectionist shifts.” — Ben Yellen [18:30]
White House & Big Tech Concerns
“Companies have expressed the concern, seeing this new EU initiative, that they could be shut out from the European government's cloud market…” — Ben Yellen [20:00]
On the need for new cloud/AI regulation:
“The organization hopes the charter will establish common industry standards and reduce the need for formal regulation while improving trust and interoperability.” — Dave Bittner [06:53]
On the circular logic startup “Slopfix”:
“A company called Slopfix has built a business around cleaning up AI generated code, using AI coding agents to do the cleaning... Slopfix’s premise is: use AI to clean up AIs.” — Dave Bittner [23:30]
This episode blends up-to-the-minute threat intelligence with strategic, global context, showing how technical, legal, and political issues converge in the world of cybersecurity. Listeners will leave with actionable awareness of new risks, best practices for mitigation, and an understanding of how international developments could shape the digital landscape for years to come.