Summary6 min read

CyberWire Daily — “CyberAv3ngers Unleashed”

Date: April 8, 2026
Host: Dave Bittner, N2K Networks
Guest Interview: Benny Czarney, Founder & CEO of OPSWAT
Main Theme: Escalating geopolitical cyber threats, AI-driven cybersecurity upheavals, and a push to rethink prevention versus detection — plus a look at Japan’s new AI-friendly data regulations.

Episode Overview

This episode delivers a fast-paced briefing on critical new cyber threats, AI’s disruptive entry into security operations, major incidents targeting public infrastructure, and regulatory shifts affecting data use. Key insights come from an interview with Benny Czarney on why prevention-first cybersecurity strategies deserve more attention.

Key News & Discussion Points

Iranian-Linked Hackers Targeting U.S. Infrastructure

Timestamps: [00:02]–[03:00]

Federal agencies (CISA, NSA, FBI, DOE, EPA, Cyber National Mission Force) issued joint alerts on Iranian adversaries exploiting PLCs in energy, water, and government systems.
Attackers are focusing on Rockwell Automation Allen Bradley PLCs — with the threat likely expanding to other vendors.
Attribution suggests affiliation with advanced persistent threat actors, in line with earlier “Cyber Avengers” attacks (ex: PA water utility, 2023).
Federal guidance: Remove control software from Internet exposure, review system logs.
Officials say targeting escalated amid regional Middle East tensions; victim specifics unclear.

“Authorities say Iranian targeting has recently escalated, likely in response to regional hostilities.” — Dave Bittner [00:02]

Notable incident:

Pro-Iranian hackers claimed DDoS attacks on Chime Financial and Pinterest; both confirmed brief outages, zero data compromise.

DOJ Disrupts Russian GRU Router Hijacking

Timestamps: [03:01]–[04:10]

Operation Masquerade: U.S. Justice Department and FBI intervened to dismantle a global DNS hijacking campaign tied to GRU Unit 26165.
Thousands of routers used to filter/capture traffic, including passwords and emails from government and critical infrastructure.
At least 200 organizations and 5,000 consumer devices affected; targets extended to U.S., Europe, Asia, Africa.
FBI collected evidence, cut off GRU access, and restored devices with support from international partners.

State and Healthcare Infrastructure Attacks

Timestamps: [04:11]–[06:20]

Minnesota: Major cyberattack in Winona County forces National Guard deployment.
- Police communications and local government operations severely disrupted.
- “Exceeded the county's internal and commercial response capacity.”
Massachusetts: Signature Healthcare’s Brockton Hospital hit, causing ambulance diversions, system downtime, chemotherapy delays.
- No group claimed responsibility.
- Highlights national surge in attacks against healthcare; ISAC notes ransomware, data theft, escalating nation-state pressure.

“Attackers increasingly target hospitals, insurers and medical device vendors, raising risks to patient safety if disruptions escalate.” — Dave Bittner [06:00]

AI Security Initiative: Anthropic’s Project Glasswing

Timestamps: [06:21]–[07:30]

Anthropic’s Claude Mythos preview model aims at autonomous AI-driven vulnerability discovery.
- Early results: thousands of high-severity flaws flagged, including a decades-old OpenBSD bug.
- Access restricted to a select consortium (Amazon, Microsoft, Google, Apple, Linux Foundation, etc.).
- $100M in usage credits pledged to open-source and security projects.
- Cited dual-use risk; concern that faster bug discovery could disrupt traditional patching and vulnerability management.

“Large scale AI bug discovery could disrupt traditional vulnerability management by reducing reliance on human-driven bug hunting and shifting focus from prioritizing fixes to minimizing exposure time.” — Dave Bittner [07:02]

LAPD & LA City Attorney Data Breach

Timestamps: [07:31]–[08:20]

Hackers accessed a storage system with sensitive records (7.7TB, over 337,000 files), including witness info and internal affairs files.
Some data surfaced briefly on social media.
Investigation ongoing; unknown if ransom was demanded/paid.

AI Recommendation Poisoning: New Manipulation Tactic

Timestamps: [08:21]–[09:30]

Microsoft researchers identified companies embedding “prompt injections” into ‘Summarize with AI’ buttons, biasing future AI assistant responses.
“These tactics aim to bias recommendations on topics including health, finance and security. Without users’ awareness…” — Dave Bittner [09:05]
Over 50 hidden prompts from 31 companies across 14 industries found; delivered via crafted URLs.
Risks: persistent brand bias, new attack surface, undermining trust in AI-generated content.

Interview: Benny Czarney, Founder & CEO of OPSWAT

Theme: Challenging the Detection-First Model — Time to Prioritize Prevention
Timestamps: [12:55]–[19:14]

Why Write Cybersecurity Upside Down?

Czarney’s motivation: urgency to advocate for Content Disarmament and Reconstruction (CDR), a true prevention technology (not just detection).
“It's very, very important for me to go and… promote this technology because I believe that this technology is extremely important and… very, very important to go and promote it right now.” — Benny Czarney [13:26]

Prevention vs. Detection: Rethinking Priorities

Czarney: “This entire industry… is based on detection… That’s actually destiny for failure. Why? Because… with AI… attackers are using AI, defense are using AI. So it’s more of a double-edged sword and I’m questioning that.” [14:29]
He calls for reversing the industry model:
- Assume every file is malicious; regenerate clean files via CDR.
- “We should assume all of the files, they're all malicious… We're going to regenerate the entire file flow… to a point. It's going to be clean of malware because you generated this file.” [15:16]
Czarney shares case studies in the book illustrating how CDR could have averted major incidents.

The Book’s Personal Journey & Advice

Incorporates personal and business philosophy, some HR advice, behind-the-scenes of building OPSWAT.
Not a company story, but about the philosophy: “This book is not about the company, it's about… only one technology.” [16:59]
“Maybe it's not going to be the last one,” Czarney jokes about writing another book. [17:39]

Takeaways For Readers

Urges all cybersecurity professionals, regulators, and students to rethink prevention strategies and learn about CDR.
- “If you are in regulation or legislation, please read this book… Please also read chapter six. It's for you.” [17:53]
Emphasizes growing international adoption of CDR approaches to reduce AI-driven threats.

Regulatory Shift: Japan’s New Approach to AI Data

Timestamps: [19:14]–[End]

Japan’s Digital Transformation Minister, Hisashi Matsumoto, signals intent to loosen personal data and privacy regulations to foster AI app development.
- Low-risk personal data can be used for research without opt-in consent.
- Relaxed notification standards for low-risk leaks; opt-out no longer required.
- Protections remain for minors; misuse brings fines tied to profits.

“If data is fuel for AI, Japan just approved a bigger gas tank.” — Dave Bittner [19:56]

Notable Quotes

“Authorities say Iranian targeting has recently escalated, likely in response to regional hostilities.” — Dave Bittner [00:02]
“That's actually destiny for failure. Why? Because now with AI… attackers are using AI, defense are using AI.” — Benny Czarney [14:29]
“We should assume all of the files, they're all malicious… We're going to regenerate the entire file flow… so it's going to be clean of malware because you generated this file.” — Benny Czarney [15:16]
“If data is fuel for AI, Japan just approved a bigger gas tank.” — Dave Bittner [19:56]

Key Takeaways

Geopolitical and criminal cyber threats are mounting — state and local infrastructure, healthcare, and tech are prime targets.
AI is not just changing offense and defense, it's overwhelming legacy detection-first security postures.
Industry leaders like Benny Czarney urge a rethink: assume compromise, regenerate trust with prevention-focused technologies.
Regulatory frameworks (ex: Japan’s new AI-friendly model) are shifting to weigh innovation and risk in new ways.

Listeners are encouraged to explore full episode resources at thecyberwire.com and consider reading Cybersecurity Upside Down to deepen their understanding of critical prevention technologies.

Loading summary

Transcript16 lines

[00:02]
A
You're listening to the Cyberwire Network powered by N2K. No, it's not your imagination. Risk and regulation really are ramping up, and these days customers expect proof of security before they'll even do business. That's where Vanta comes in. Vanta automates your compliance process and brings compliance, risk and customer trust together on one AI powered platform. So whether you're getting ready for a SoC2 or managing an enterprise governance risk and compliance program, Vanta helps keep you secure and keeps your deals moving. Companies like Ramp and RYTR spend 82% less time on audits with Vanta. That means less time chasing paperwork and more time focused on growth. For me, it comes down to this. Over 10,000 companies, from startups to large enterprises, trust Vanta to help prove their security. Get started@vanta.com cyber. Federal agencies warn Iranian linked hackers are probing US critical infrastructure while the DoJ disrupts a Russian router hijacking campaign, cyberattacks hit Minnesota government systems and force a Massachusetts hospital to divert ambulances. Anthropic limits access to its new AI bug hunting model. Hackers leak terabytes of LAPD data and researchers warn of a rise in AI recommendation poisoning. Our guest is Benny Czarney, founder and CEO of opswat, discussing his book Cybersecurity Upside Down. Rethink your cybersecurity strategy and Japan trades red tape for training data. It's Wednesday, april 8, 2026. I'm dave bittner and this is your cyberwire intel brief. Thanks for joining us here today. It's great as always to have you with us. Federal cybersecurity and law enforcement agencies are warning that Iranian linked hackers are targeting US Energy, water and government services by exploiting Internet connected programmable logic controllers, or PLCs, which control critical infrastructure systems. A joint advisory from CISA, the NSA, FBI, U.S. cyber Command, the Department of Energy, EPA and the Cyber National Mission Force says attackers are actively exploiting Rockwell Automation Allen Bradley PLCs and may be probing devices from other vendors as well. Agencies recommend removing control software from direct Internet exposure and reviewing logs for suspicious activity. Officials attribute the activity to Iranian affiliated Advanced Persistent Threat Actors seeking disruptive effects. Though no specific group was named, the campaign resembles earlier operations by Cyber Avengers, which defaced control panels at a Pennsylvania water facility in 2023. Authorities say Iranian targeting has recently escalated, likely in response to regional hostilities. Exact victims remain unclear, but industry partners have been alerted and monitoring efforts are underway. Separately, a pro Iranian cybercrime group claimed responsibility for distributed denial of service attacks that briefly knocked the websites of Chime Financial and Pinterest offline. Chime reported an April 1st disruption with no impact to customer funds or data, while Pinterest said less than 2% of traffic was affected and the attack was mitigated within minutes. The group also claimed additional U.S. attacks that Bloomberg could not verify. The U.S. justice Department announced a court authorized operation to disrupt a DNS hijacking network run by Russia's GRU Military Unit 26165, which targeted routers worldwide for espionage. According to officials, the hackers compromised thousands of routers, allowing them to filter traffic, identify targets and capture unencrypted data, including passwords, authentication tokens and emails from military, government and critical infrastructure organizations. The FBI identified affected routers in the US Collected evidence, cut off GRU access and restored normal functionality as part of Operation Masquerade. Coordinated with partners in 15 countries, Microsoft reported more than 200 organizations and 5,000 consumer devices were impacted. Researchers at Lumen Technologies said targets included government agencies and email providers across the U.S. europe, Afghanistan, North Africa, Central America and Southeast Asia. Minnesota governor Tim Walsh issued an emergency order deploying the Minnesota National Guard to assist Winona county after a cyberattack disrupted critical government systems and municipal services. Officials said the incident significantly impaired operations, including communications at the local police department, and exceeded the county's internal and commercial response capacity. The county is coordinating with the FBI, state IT officials and other partners to restore services. The Guard is authorized to provide personnel and resources until conditions stabilize. The attack follows a separate January incident that disabled systems supporting real estate transactions and police records. State officials emphasize that coordinated response efforts are essential as cyber threats increasingly affect local governments and public services. In Massachusetts, a cyberattack on Signature Healthcare and Signature Healthcare Brockton Hospital disrupted multiple IT systems, forcing the facility to divert ambulances and activate downtime procedures to maintain patient care. Emergency services and surgeries continued, but chemotherapy infusions were canceled and delays were expected, officials said. Outside experts are investigating and no threat actor has claimed responsibility. The incident reflects broader pressure on healthcare providers, as recent attacks have also disrupted hospitals in other states. Health ISAC reports sustained malicious activity across the sector, including ransomware, data theft and nation state campaigns, the group warned. Attackers increasingly target hospitals, insurers and medical device vendors, raising risks to patient safety if disruptions escalate. Coordination continues with CISA and the Department of Health and Human Services. Anthropic has launched Project Glasswing, a cybersecurity initiative built around its Claude Mythos preview model, which the company says can autonomously identify software vulnerabilities at large scale. Access is limited to a consortium of more than 40 organizations including Amazon, Microsoft, Google, Apple, the Linux foundation and several security vendors to support controlled defensive testing. Anthropic reports early results showing thousands of high severity flaws discovered across widely used software, including a decades old OpenBSD vulnerability. Though these findings are only partly externally verified, experts say large scale AI bug discovery could disrupt traditional vulnerability management by reducing reliance on human driven bug hunting and shifting focus from prioritizing fixes to minimizing exposure time. Security leaders also warn organizations must adapt to faster machine scale defense operations Anthropic restricted access due to dual use risks and committed $100 million in usage credits plus funding for open source security projects supporting maintainers Hackers accessed a digital storage system tied to the Los Angeles Police Department and the Los Angeles City Attorney's office, exposing sensitive records including personnel files and internal affairs investigation materials from prior civil litigation. Officials said Unauthorized individuals obtained discovery documents containing witness names, health information and investigative files. Some data appeared briefly on social media. Authorities are assessing the breach's scope and it remains unclear whether a ransom was demanded or paid. Reports indicate about 7.7 terabytes of data spanning more than 337,000 files may have been affected. Researchers at Microsoft have identified a growing technique called AI recommendation poisoning, in which companies embed hidden prompts in summarize with AI buttons to manipulate AI assistants into remembering and favoring specific brands in future responses. The study found more than 50 such prompts from 31 companies across 14 industries, often delivered through specially crafted URLs that inject persistent instructions into assistant memory. These tactics aim to bias recommendations on topics including health, finance and security. Without users awareness, researchers say the approach reflects a shift from traditional search engine optimization to toward influencing AI systems directly. Publicly available tools now make the technique easy to deploy, accelerating its spread. Microsoft reports Mitigations in Copilot Though effectiveness varies across platforms, the company warns memory poisoning creates a new attack surface, enabling persistent influence over AI outputs and potentially undermining trust in automated recommendations if left unchecked. Coming up after the break, my conversation with Benny Zarney, founder and CEO of opswat. We're discussing his new book, Cybersecurity Upside down and Japan trades red tape for training data Stick around. Foreign. Maybe that's an urgent message from your CEO, or maybe it's a deepfake trying to target your business. Doppel is the AI native social engineering defense platform fighting back against impersonation and manipulation as attackers use AI to make their tactics more sophisticated. Doppel Uses it to fight back from automatically dismantling cross channel attacks to building team resilience and more. Doppel outpacing what's next in social engineering. Learn more@doppl.com that's.p p e l.com. Benny Czarney is founder and CEO of OPSWAT. I recently caught up with him at the RSAC 2026 conference. In today's sponsored Industry Voices segment we discuss his latest book Cybersecurity Upside Down. Rethink your cybersecurity strategy.
[12:55]
B
We are back right on the show floor at RSAC 2026 and it is my pleasure to welcome Benny Zarney. He is the founder and CEO of opswat but also the author of the new book Cybersecurity Upside Down. Let's do our best. Show the book it's cybersecurity but it is upside down. How about that? Benny, welcome. Well, let's dig into the book again. I'll show it off here because it is something to see. This is Cybersecurity Upside Down. What prompted you to write the book?
[13:27]
C
So you know, I'm running the company for more than 20 years and one of the key technologies that we have is the CDL content disarmament Reconstruction. It's a really unique technology that it's a true prevention technology that is very unique. It's very effective to prevent AI bond threats. And I'll start kind of questioning myself how can I really make an impact with this tech. It's very, very relevant right now. And although I'm very busy and on flights, I'm on Canary everything. And I felt, oh, it's very, very important for me to go and pretty much come up to promote this technology because I believe that this technology is extremely important and very, very important to go and promote it right now.
[14:17]
B
I know something that is important to you is the distinction between prevention and detection and that you feel like the industry's kind of coming up short when it comes to their priorities. Can you unpack that for us?
[14:29]
C
Of course. I mean, the whole reason I kind of put together Cybersecurity Upside down because I believe we need to reverse the model. This entire industry, you walk around here in the entire kind of cybersecurity industry, the entire industry is based on detection. You know, antiviruses, firewalls, IPSs, you know, IPSs. Everything is based on detection. Let's detect the threat and then after that create prevention based on detection. However, that's, that's actually destiny for failure. Why? Because now with AI, it's like we have like attackers are using AI, defense are using AI. So it's more of a double edged sword and I'm questioning that. So. And also all of this, the industry is that it's kind of preconceived notion. Prevention detection. Prevention detection. We need to reverse the model, we need to rethink cybersecurity. So what if we can reverse the model instead of actually detecting, we can have a prevention technology through file regeneration. So my argument here is that, hey, we should assume all of the files, they're all malicious. We should assume all of the file flows to your organization. Everything, file downloads, USB inserts, emails, everything is malicious. And we're going to regenerate the entire file flow to your organization in a secure way to a point. It's going to be clean of malware because you generated this file. So, you know, it's still clean. I mean we're doing it for several years already. We know it's super effective. I mean, throughout the book I am going through over multiple cybersecurity incidents that could have been prevented if the technology would have been applied. And I'm questioning that.
[16:12]
B
So the book really takes the reader on that journey with you.
[16:15]
C
That's what I try actually. Initially I just kind of when I started writing this book, it was purely about the tech stack. And after that I kind of, I consulted with my editor Todd. He told me, hey, maybe the readers would like to kind of to learn more about how you came about that. So then I kind of start kind of writing chapter one, two and three that taking the reader throughout this journey about how I came up with a CDR technology.
[16:40]
B
Yeah, I'm curious, you know, as you look back on your own career and building opswat, you know, the success that you've had, how does that inform the things that you put into the book? How has that experience shaped where you are right now and your thoughts about all of this?
[16:59]
C
Well, I try to. So first I tried to put together some of the journey of building UPS throughout this book and also some tips about my philosophy to HR and some other tips here and there. This book is not about the company, it's about kind of philosophy, about opsworth. It's about only one technology. It definitely opened my appetite writing books. Maybe it's not going to be the last one. I'm not going to, I'm not committing to another one. Again, I'm not going to be another one. However, it definitely got me a book bug, so. And hopefully I write another one. Maybe it's going to be either about either it might be a business book or maybe maybe about another tech that I'm passionate about. So many different I'm a tech geek so I'm what do you hope people
[17:51]
B
take away from the book?
[17:54]
C
I really would like them to rethink their cybersecurity strategy to take a really good, good look into the content, design and reconstruction. Whether you're a student, whether you are a ciso, whether you are a cybersecurity enthusiast, whether you're a student, whether you want to learn a new technology about cybersecurity again and to rethink if you are in regulation or legislation, please read this book. I'll send you a free copy. Please also read chapter six. It's for you. So I'm really believing in that. I mean several countries are already taking these steps rightfully so we are not the only vendor producing cdr. I really believe we're doing the amazing job building a CDR and the CDR technology that would like pretty much anybody to take a really good look into this tech. Extremely effective to prevent AI bomb threats and also to rethink their cybersecurity strike.
[19:02]
B
All right, well Benny Czarney is founder and CEO of opswat and the book is Cybersecurity Upside Down. Do check it out. Benny, thanks so much for joining us.
[19:12]
C
Thanks so much for having me.
[19:13]
B
Take care.
[19:13]
C
Thanks.
[19:15]
A
That's Benny Zarney, founder and CEO of opswat. The book is titled Cybersecurity Upside Down. Rethink your cybersecurity strategy. And finally our when all else fails, lower your standards. Desk reports that Japan's Digital Transformation Minister, Hisashi Matsumoto, says the country plans to become the world's easiest place to build AI apps, partly by relaxing rules around personal data use. Amendments to the Personal Information Protection act will allow organizations to share certain low risk personal data without opt in consent when compiling research statistics, including some health data. Facial images can also be used for provided organizations explain how they handle them. Though opt out rights will not be required, protections remain for miners and misuse or fraudulently obtained data can trigger fines tied to profits. Notably, organizations may not need to notify individuals about low risk data leaks. Matsumoto argues existing privacy rules slowed AI progress and these changes aim to help Japan catch the AI wave. If data is fuel for AI, Japan just approved a bigger gas tank. And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's lead producers, Liz Stokes, were mixed by Trey Hester with original music and sound design by Elliot Peltzman. Our contributing host is Maria Vermazes. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher, and I'm Dave Pithner. Thanks for listening. We'll see you back here tomorrow. Sam.