AI ambitions clash with cyber caution. - CyberWire Daily

Summary6 min read

CyberWire Daily: AI Ambitions Clash with Cyber Caution – Detailed Summary

Release Date: April 14, 2025
Host: Dave Bittner, N2K Networks

Introduction

In this episode of CyberWire Daily, hosted by Dave Bittner from N2K Networks, listeners are presented with the latest developments in the cybersecurity landscape. The episode, titled "AI Ambitions Clash with Cyber Caution," delves into significant federal cybersecurity leadership changes, new data protection initiatives by the Department of Justice (DOJ), emerging cybersecurity threats, and legal challenges within the adtech industry. Additionally, an in-depth interview with Tim Starks from Cyberscoop provides expert analysis on the implications of these developments.

Key News Highlights

1. Department of the Interior Leadership Shakeup

The U.S. Department of the Interior has removed key cybersecurity and technology officials amid internal disputes. Notably, CIO Darren Ash and CISO Stan Low were dismissed following conflicts with the Department of Government Efficiency (DGE). The contention arose from DGE's initiative, supported by high-profile figures like President Trump and Elon Musk, to implement artificial intelligence (AI) strategies aimed at reducing federal expenditures. Critics argue that these AI-driven measures bypass essential security protocols, prompting legal challenges and judicial restraining orders.

Notable Quote:
"The personnel shakeup... also includes Associate Solicitor Tony Irish, who disputes claims of being fired and is pursuing administrative recourse."
— Dave Bittner [02:01]

2. DOJ’s New Data Security Program

The DOJ has launched a comprehensive data security program targeting the prevention of foreign adversaries from accessing sensitive personal data of U.S. citizens. This initiative, effective from April 8 with a 90-day grace period for compliance, aims to block unauthorized data transfers involving health, biometric, financial, and other personal information through various channels, including brokerage and investment agreements.

Key Points:

Targets countries such as China, Russia, and Iran.
Violators face severe penalties, including up to 20 years in prison.
Emphasizes the exploitation of bulk data using AI for espionage and manipulation.

3. Microsoft Addresses Active Directory Vulnerability

Microsoft has issued urgent updates to rectify a critical bug in Active Directory Group Policy that inaccurately displayed audit login policies. While this flaw does not compromise actual event logging, it poses confusion for administrators managing logon and logoff event auditing.

Key Points:

Affects multiple Windows versions, primarily in enterprise environments.
Related issues include potential Windows Server 2025 restarts and Office 2016 crashes.
Users are advised to apply out-of-band updates promptly.

4. Fortigate Devices Targeted by Hackers

Cybercriminals are exploiting known vulnerabilities in Fortinet's Fortigate devices to install stealthy backdoors. These backdoors maintain unauthorized access even after patch installations by leveraging symbolic links to access configuration files via the SSL VPN interface discreetly.

Key Points:

Only devices with SSL VPN enabled are susceptible.
Fortinet has released updates and tools to detect and eliminate these backdoors.
CEO Benjamin Harris highlighted the trend of designing backdoors that survive patches and resets.

Notable Quote:
"Attacks now design backdoors to survive patches and resets."
— Benjamin Harris, CEO of Watchtower [Timestamp not provided]

5. Surge in Dangling DNS Attacks

Researchers have identified a significant rise in dangling DNS attacks, where outdated or misconfigured DNS records are exploited to hijack subdomains. These attacks often target decommissioned cloud services or SaaS tools, allowing attackers to serve malicious content through legitimate domains.

Key Points:

SentinelOne reported over 1,250 vulnerable subdomains in the past year.
Example: 150 deleted AWS S3 buckets received over 8 million requests.
Mitigation strategies include regular DNS audits, removal of stale records, and runtime security monitoring.

6. Legal Challenges Against a Major Ad Tech Firm

Two class action lawsuits in California accuse a prominent ad tech company, The Trade Desk, of covertly tracking users online without consent. The allegations focus on the company's Unified ID 2.0 and AdServe tools, which purportedly collect personal data including email addresses, IPs, and health information for profiling and real-time ad bidding.

Key Points:

Plaintiffs argue The Trade Desk operates like a data broker without proper disclosure.
One lawsuit claims UID 2.0 may violate California's wiretapping laws.
The Trade Desk, valued at $25 billion, has yet to respond to the allegations.

7. Google Fixes Longstanding Chrome Privacy Flaw

Google is addressing a two-decade-old privacy vulnerability in Chrome that allowed websites to infer users' browsing history by detecting visited links through CSS selectors. The upcoming Chrome version 136 will implement triple key partitioning for visited links, ensuring that link visitation status is confined to the initiating site and context, thereby preventing cross-site history leaks.

Key Points:

The change balances user experience by retaining link visitation functionality.
Partial protections exist in other browsers, but full partitioning is unique to Chrome.
The feature is experimental in versions 132-135 and will be default in version 136.

8. Evolution of the Tycoon2FA Phishing Platform

The Tycoon2FA platform, a phishing-as-a-service provider, has enhanced its capabilities to bypass multi-factor authentication (MFA) and evade detection. Updates include obfuscated JavaScript using invisible Unicode characters and replacing Cloudflare Turnstile with self-hosted CAPTCHA systems. Additionally, anti-debugging scripts now block browser automation tools, redirecting suspicious users to legitimate sites.

Key Points:

Surge in phishing attacks utilizing malicious SVG files, with an 800% increase from April 2024 to March 2025.
Recommendations include implementing phishing-resistant MFA and blocking SVG attachments at email gateways.

Notable Quote:
"Your AI might be freelancing for the bad guys."
— Dave Bittner [23:00]

In-Depth Interview: Tim Starks on Federal Cybersecurity Challenges

Guest: Tim Starks, Senior Reporter at Cyberscoop
Timestamp: Begins at [12:36]

1. Federal Cybersecurity Leadership Removals

Tim Starks discusses the recent dismissals of top cybersecurity officials within the Department of the Interior, highlighting a broader pattern of leadership turnover across federal agencies. This trend includes the recent removal of General Timothy Hogg, head of the NSA and U.S. Cyber Command.

Notable Quote:
"It is entirely disturbing that he essentially said something that the president didn't like four, how many years ago? Five years ago at this point."
— Tim Starks [15:56]

2. Retaliation Against Chris Krebs

Starks elaborates on the situation surrounding former CISA Director Chris Krebs, suggesting that his removal is a form of retaliation from the Trump administration following his affirmation of the 2020 election's integrity. This incident is part of a series of actions undermining cybersecurity leadership.

3. Impact of CISA Workforce Cuts

A significant focus is placed on the DOJ's plan to eliminate approximately 1,300 positions at the Cybersecurity and Infrastructure Security Agency (CISA), which represents about half of its workforce. Tim Starks emphasizes the detrimental effects this reduction could have on the nation's cybersecurity defenses.

Notable Quote:
"If we're going to cut half of the people, it's definitely going to affect the cyber work."
— Tim Starks [16:39]

4. Republican Perspectives and Criticism of CISA

Starks explains that some Republicans view CISA unfavorably, citing concerns over censorship, particularly targeting Republican voices. However, he notes that these criticisms are often based on minimal aspects of CISA's operations, such as disinformation efforts constituting less than 1% of the agency's budget.

Notable Quote:
"I think Brandon Wales testified before Congress... that it was less than 1% of CISA's budget."
— Tim Starks [19:34]

5. Senator Wyden's Hold on CISA Nomination

The discussion addresses Senator Ron Wyden's decision to place a hold on the confirmation of a new CISA leader, drawing parallels to his previous actions regarding Chris Krebs. Starks suggests that Wyden's hold is more symbolic, leveraging the nomination process to express broader concerns about the agency's direction rather than issues with the nominee himself.

Notable Quote:
"It's an opportunity for Senator Wyden to bring up a concern he's had and execute that concern using a nominee that is only vaguely related to what he's concerned about."
— Tim Starks [21:28]

Conclusion

The episode of CyberWire Daily provides a comprehensive overview of critical developments in the cybersecurity sector, emphasizing the tension between advancing AI technologies and maintaining robust cyber defenses. Through insightful news briefs and an expert interview with Tim Starks, listeners gain a nuanced understanding of the challenges facing federal cybersecurity leadership, emerging threats, and the evolving landscape of data protection and privacy. The episode underscores the importance of strategic leadership and proactive measures in safeguarding national and organizational security in an increasingly digital and AI-driven world.

For those seeking to stay informed on the latest in cybersecurity, CyberWire Daily continues to deliver timely and in-depth analysis essential for industry leaders and professionals.

Loading summary

Transcript23 lines

[00:02]
Dave Bittner
You're listening to the Cyberwire network, powered by N2K. Cyber threats are evolving every second, and staying ahead is more than just a challenge, it's a necessity. That's why we're thrilled to partner with ThreatLocker, the cybersecurity solution trusted by businesses worldwide. ThreatLocker is a full suite of solutions designed to give you total control stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely. Visit threatlocker.com today to see how a default deny approach can keep your company safe and compliant. The Department of the Interior removes top cybersecurity and tech officials. The DOJ looks to block foreign adversaries from acquiring sensitive personal data of US Citizens. Microsoft issues emergency updates to fix an active directory bug. Hackers are installing stealth backdoors on Fortigate devices. Researchers warn of a rise in dangling DNS attacks. A pair of class action lawsuits allege a major ad tech firm secretly tracks users online without consent. Google is fixing a 20 year old Chrome privacy flaw. The Tycoon 2 FA phishing as a service platform continues to evolve. My guest is Tim Starks from cyberscoop, discussing the latest from CISA and Chris Krebs and slop squatting AI totally harshes the supply chain vibe.
[01:55]
Tim Starks
Foreign.
[02:02]
Dave Bittner
2025 I'm Dave Bittner and this is your CyberWire Intel Briefing. Happy Monday and thanks for being with us here today. It's great to have you here. The U.S. department of the Interior has removed top cybersecurity and tech officials, including CIO Darren Ash and CISO Stan Low, following a dispute with the Department of Government Efficiency doge. The conflict centers on Doge's push, backed by President Trump and Elon Musk, to use AI to cut federal spending, which critics say bypasses key security protocols. Doge's unvetted access attempts triggered legal backlash and judicial restraining orders. The personnel shakeup, first reported by nextgov, also includes Associate Solicitor Tony Irish, who disputes claims of being fired and is pursuing administrative recourse. The Interior Department has not commented. This follows a broader trend of cybersecurity leadership removals across federal agencies, including the recent dismissal of NSA and U.S. cyber Command head General Timothy Hogg. The U.S. department of justice has launched a data security program aimed at blocking foreign adversaries from acquiring sensitive personal data of US citizens. This follows a February 2024 executive order and targets countries like China, Russia and Iran that allegedly use commercial means or national laws to access such data. The program prohibits unauthorized data transfers covering health, biometric, financial and other personal information via brokerage vendor employment or investment agreements. The DOJ warns that adversaries exploit bulk data using AI for espionage, manipulation and strategic advantage. Violators face civil and criminal penalties, including up to 20 years in prison. The program took effect April 8 with a 90 day grace period for those making good faith. Compliance efforts Microsoft has issued emergency updates to fix a bug affecting audit login policies in Active Directory Group Policy. The issue causes local policies to incorrectly show no auditing for logon and log off events even if auditing is active. This can confuse admins but doesn't affect actual event logging. The out of band updates apply to various Windows versions and are intended for enterprise environments only. Microsoft also warned of related issues, including potential Windows Server 2025 restarts and Office 2016 crashes tied to recent updates. Hackers are exploiting known Fortinet vulnerabilities to install stealth backdoors on Fortigate devices, allowing them to maintain access even after patches are applied. The attackers use symbolic links to quietly read configuration files through the SSL VPN interface, avoiding detection. Devices without SSL VPN enabled are not affected. Fortinet has responded with updates across multiple Fortaos versions, along with tools to detect and remove the backdoor and changes to the SSL VPN interface to prevent future abuse. CEO of Watchtower, Benjamin Harris warned this reflects a broader trend. Attackers now design backdoors to survive patches and resets. Fortinet urges all users to update immediately to block these persistent threats and protect their systems from ongoing exploitation. Cybersecurity researchers are warning of a rise in dangling DNS attacks where attackers exploit outdated or misconfigured DNS records to hijack organizational subdomains. These vulnerabilities often occur when companies discontinue cloud services or SaaS tools but leave behind DNS entries like CNAME records pointing to decommissioned resources. Attackers can then register the abandoned destination and serve malicious content through the legitimate domain, creating a serious supply chain risk. SentinelOne found over 1250 vulnerable subdomains in the past year, with one case showing 150 deleted AWS S3 buckets receiving over 8 million requests. These requests included software updates and VPN configurations which could have been weaponized by attackers. The real danger lies in the trust users and systems place in subdomains unknowingly connecting to attacker controlled infrastructure. To mitigate the threat, experts recommend regular DNS audits, immediate removal of stale records, and runtime security monitoring for anomalous activity. Two class action lawsuits filed in California allege that adtech firm the Trade Desk secretly tracks users online without consent violating privacy laws. The suits target the Company's Unified ID 2.0 and and AdServe tracking tools, accusing them of collecting personal data like email addresses, IPs and even health info for profiling and real time ad bidding. Plaintiffs argue the firm acts like a data broker, monetizing user data without disclosure. One case claims UID 2 circumvents privacy protections and may breach California's wiretapping laws. Legal experts say UID 2's unique methods could draw closer court scrutiny. While proving harm in such privacy cases is tough, the suits are seen as strategic and timely amid growing privacy advocacy. The Trade Desk, a $25 billion firm, has not responded to the allegations. Google is fixing a 20 year old chrome privacy flaw that allowed websites to detect users browsing history by checking if links had been previously visit. The issue stems from the visited CSS selector, which changes a link's color if a user has clicked it before. Malicious sites could exploit this to infer which sites users visited. Enabling tracking and Profiling Chrome version 136 will introduce triple key partitioning for visited links using the link URL, top level site and frame origin. This change ensures a link appears as visited only in the same site and context where it was first clicked, preventing cross site history leaks. Google chose not to eliminate the visited functionality entirely to preserve user experience and rejected a permissions based model as too vulnerable to abuse. The feature is experimental in Chrome 132135 and will be enabled by default in version 136. Other browsers offer partial protections but lack full partitioning. The tycoon 2fa phishing as a service platform has received major updates, enhancing its ability to bypass multi factor authentication and evade detection. Originally discovered in October 2023, the phishing kit now hides malicious JavaScript using invisible Unicode characters, evading manual and static analysis. It has also replaced Cloudflare Turnstile with a self hosted CAPTCHA using randomized HTML5 canvas elements to avoid reputation checks and enable better customization. Additionally, new anti debugging scripts detect and block browser automation tools like Phantom JS and Burp Suite, redirecting suspicious users to legitimate sites. Trustwave also reports a surge in phishing attacks using malicious SVG files, a tactic favored by Tycoon2FA and similar platforms. These SVGs, disguised as voicemails or logos, contain obfuscated JavaScript that redirects victims to fake Microsoft 365 login pages. Phishing resistant MFA and blocking SVG attachments at the email gateway level are our recommended defenses. SVG based fishing jumped 800% from April 2024 to March 2025. Coming up after the break, my conversation with Tim Starks from cyberscoop with the latest from CISA and Chris Krabs. And slop squatting AI totally harshes the supply chain vibe. Stay with us. Bad actors don't break in. They log in. Attackers use stolen credentials in nearly nine out of 10 data breaches. Once inside, they're after one thing, your data. Varonis AI powered data security platform secures your data at scale across las SaaS and hybrid cloud environments. Join thousands of organizations who trust Varonis to keep their data safe. Get a free data risk assessment@varonis.com it is always my pleasure to welcome back to the show Tim Starks. He is a senior reporter at cyberscoop. Tim, welcome back. Great to be back, Tim. Your beat is Washington, D.C. and the policy issues that are going on in this great city of ours. Yes. Is that a fair description?
[12:36]
Tim Starks
That's very accurate.
[12:37]
Dave Bittner
All right. So how are you keeping track of all of it these days? There's so much going on. I feel like you must be in a bit of a whirlwind.
[12:48]
Tim Starks
Yeah. You sit down to say, oh, I'm going to really dive into this subject. Right. As a reporter, you're like, I'm really going to dive into this. And then the next moment something comes along that's if not as important, more important. So it's been tough, honestly.
[13:05]
Dave Bittner
Well, let's talk about some of the things that I think have been top of mind, certainly to folks tuned into D.C. i mean, we have the whole situation with former CISA director Chris Krebs. And what in my opinion can only be or perhaps is most easily labeled as retaliation from the Trump White House for Krebs statement that the 2020 election was fair and that President Trump did indeed lose that election. But the White House coming after not just Chris and his security clearance, but also the company that he works for.
[13:46]
Tim Starks
Yeah, it's, it's, I, there was, there was somebody who was, who was saying on one of the social media sites, not surprised but still shocked. It is a kind of constant state of mind. It feels like in the Trump administration, the idea that you can just know somebody that the president doesn't like and suddenly find your business being threatened is it's the kind of thing that you think just can't happen in America until it does. I would say that one of the things that's interesting about this administration versus the previous administration is I think for the most part, I say this for better or worse, because when I was covering cybersecurity in the first Trump administration and I was like, there's so much wild stuff happening in all these other agencies and all these other parts of the government. But cybersecurity was pretty tame in the Trump administration until the very end, of course, with Krebs, when Krebs the election results were pretty much already known. But when Krebs got not pretty much, but they were known, essentially when Krebs was fired, he was already on his way out. When he was saying, you know, doing things like the rumor control, you know, there was some discussion he was doing the rumor control thing when the election was still happening. But when he got fired, it was entirely predictable and well known that, that he wasn't going to be around much longer because of the Trump administration was going to be ending. So that was about the most dramatic thing that happened in the cyber world in the first Trump administration was Krebs related. Now there's so much dramatic stuff happening in every area of the government, including cybersecurity. They fired the Cyber Command director, they fired a bunch of people at cisa. They've done so much. So the Krebs shoot is just the latest to drop, the domino's to fall. And it is entirely disturbing that he essentially said something that the president didn't like four, how many years ago? Five years ago at this point.
[15:55]
Dave Bittner
Yeah.
[15:56]
Tim Starks
And now he has the president saying, we're going to bring the weight of the government to bear on you and your company and the people you work with. It's really, really, really, really upsetting that this is happening in our country.
[16:11]
Dave Bittner
Well, I mean, let's dig into some of the goings on at CISA itself. I saw a recent report that I think the number I saw was 1300 people probably going to be eliminated from CISA, both full time employees and contractors as well. It's about half of their workforce, I believe, and can't imagine that's not gonna put a dent in our defensive posture.
[16:39]
Tim Starks
Yeah, I mean, I think, you know, there was an early sign that they were going to be, or it could be because it's so. So. But I think they only cut about 130 people. Now, I'm not saying that's not a significant number. It is. But looking at some of the things that are happening, like HHS, where they're cutting 10,000 people, that seemed mild by comparison at the time. There were still concerns that there were going to be more cuts at CISA and then 130 people were fired. But I don't think anybody thought that half. I mean, that's a huge number. I was just talking to Andrew Gabarino, the congressman, who is the chair of the Cybersecurity Subcommittee of the House Homeland Security Committee, and he thought Republicans now get that CIS is important, but cutting half of the workforce is going to have a huge impact. I mean, there are people who thought the agency was not near as big as it should have been. People in the cyber world have thought that it needs to be a. A $5 billion agency or something like that. And that's Republicans, too. I mean, it was John Catko, I think, who first said, we need this agency to have a $5 billion budget. So if we're going to cut half of the people, it's definitely going to affect the cyber work. It does. It is an agency that is largely about. And this is another thing that's interesting about it. If you're a Republican, you're thinking, oh, you know, we're concerned about the size of government. We don't want overregulation. CISA doesn't really have regulatory power. It's just an agency that just sort of helps. I mean, that's a weird way to boil it down, but it just sort of helps the businesses, it helps the government. You know, it gives them advice, it creates guidelines, it doesn't do anything regulatory. And here it is being cut just because it seems like, I mean, there's not one of these things where people have said, oh, we're going to cut it this much because we think it's this much, it's doing too much, or it's doing. It's not doing what it should be doing, and therefore it needs to be cut back because it's not useful. There's nobody saying that. So the idea of it being cut in half, essentially, is. It just baffles the mind, really. You, you, you're looking for, if you're a reporter, you're looking for a reason. Why. Why is it. Why is this happening? Right.
[18:55]
Dave Bittner
Why half? Yeah. Is it arbitrary?
[18:57]
Tim Starks
Just because.
[18:58]
Dave Bittner
Yeah. Well, you mentioned, you know, speaking with Republican Congress members, this notion, the sort of original sin of CISA as described by the Trump White House, is that they were censoring Republican voices. How much does that argument still carrying water when you're talking to Republicans? Are they leading with that? Are they acknowledging that? Is that, you know, how seriously are they taking that, either publicly or behind the scenes?
[19:34]
Tim Starks
I think they certainly at least were taking it seriously. I think in 2023, there was a vote from House Republicans, the majority of whom said, we're going to cut CIS's budget by 25% because of this kind of thing. But that's a very small percentage of the work it did. And I'm not saying the work equals censoring Republican voices. I mean, work on disinformation was a very small percentage of what it did. I think Brandon Wales testified before Congress, Brandon Wells being a former top CIS official, that it was less than 1% of CISA's budget. So, yes, I think for some Republicans, and among them, you know, Senator Rand Paul, who was the chair of the Homeland Security Committee on the, on the Senate side, that is a reason that CISA is a bad agency, that, that singling out that part of the things. But it did feel like this would be a moment, if you were concerned about CISA as a Republican, to say, well, now we're in charge of it, and if there's, if there's some amount of that, we can get rid of it and there's a nominee to lead cisa that is someone who could hope to say, hey, we need you to change these things. It seems like this would be a moment where you could stop and say, let's reevaluate. Instead, it seems like from the top, it's just chop it, just cut it. And I do think, you know, that, yes, there are things that Republicans can point to and say, we don't like this about the agency. And Trump obviously didn't like that. Chris Krebs had said that these things that he was saying about the election were misinformation. But I don't think that quite gets to the point where you say, oh, yeah, we're not going to cut this agency in half. It just doesn't quite get there.
[21:16]
Dave Bittner
Well, speaking of the nominee to lead cisa, Senator Wyden has pledged to put a hold on the confirmation there. What's going on with that story?
[21:28]
Tim Starks
Yeah, this is a little similar to what he did with Chris Krebs. Believe it or not, everything kind of comes. Comes and comes and goes. Huh. Big full circle. Just related to concerns about telecom vulnerabilities and, you know, surveillance is what Senator Wideness is concerned about. He got what he wanted in order to lift the hold from, from, from last time. This time it seems like he wants more. So we'll see how much that holds things up. I think it's one of those kinds of things where I'm not saying it's not meaningful, but it is somewhat symbolic. It's nothing to do with concern about the nominee himself. It's very little to do with the agency itself. It's an opportunity for Senator Wyden to bring up a concern he's had and execute that concern using a nominee that is only vaguely related to what he's concerned about.
[22:19]
Dave Bittner
Right. It's a point of leverage that he has, so he's taking advantage of it.
[22:24]
Tim Starks
Exactly.
[22:25]
Dave Bittner
Yeah. Yeah. All right, well, Tim Starks is senior reporter at cyberscoop. Tim, thank you so much for sharing your knowledge, expertise and experience with us. And I look forward to catching up with you soon.
[22:38]
Tim Starks
I don't Dave, I don't look forward. I'm kidding. It's a wild world. I do appreciate talking to you. Thanks again. All right, see you.
[23:01]
Dave Bittner
Do you know the status of your compliance controls right now? Like right now? We know that real time visibility is critical for security, but but when it comes to our GRC programs, we rely on point in time checks. More than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta. Here's the gist. Vanta brings automation to evidence collection across 30 frameworks like SoC2 and ISO 27001. They also centralize key workflows like policies, access reviews and reporting, and helps you get security questionnaires done five times faster with AI. Now that's a new way to GRC. Get $1,000 off Vanta when you go to vanta.com cyber that's vanta.com cyber for $1,000 off. And finally, if AI coding assistants were chefs, they'd be whipping up recipes on the fly, sometimes tossing in a mystery spice that no one remembers buying. Welcome to the world of slop squatting, where attackers scoop up the hallucinated ingredients fake packages that your friendly LLM invented, and serve them back as malware. Coined by developer Seth Larson and popularized by Andrew Nesbit, slop squatting targets the packages AIs like Copilot and ChatGPT dream up, but that don't actually exist. Yet attackers register these ghost packages, waiting for some unwitting dev to copy paste them into their project. A recent study found that nearly 20% of packages recommended by 16 code generating LLMs are pure fiction. Worse, these hallucinations are often weirdly consistent and suspiciously plausible. With vibe coding on the rise, devs are more likely to install first and question later. The moral of the don't trust that suspiciously convenient import. Your AI might be freelancing for the bad guys. And that's the cyber wire for links to all of today's stories. Check out our daily briefing@the cyberwire.com don't forget to check out the Grumpy Old Geeks podcast, where I contribute to a regular segment on Jason and Brian's show. Every week you can find Grumpy Old Geeks, where all the fine podcasts are listed. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cyber security. If you like our show, please share a rating and review in your favorite podcast, Apple. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music and sound design by Elliot Peltzman. Our executive producer is Jennifer Ivan. Peter Kilpe is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. Looking for a career where innovation meets Impact Vanguard's technology team is shaping the future of financial services by solving complex challenges with cutting edge solutions. Whether you're passionate about AI, cybersecurity or cloud computing, Vanguard offers a dynamic and collaborative environment where your ideas drive change. With career growth opportunities and a focus on work life balance, you'll have the flexibility to thrive both professionally and personally. Explore open cybersecurity and technology roles today@vanguard jobs.com.