CyberWire Daily — “CyberAv3ngers Unleashed”

Date: April 8, 2026
Host: Dave Bittner, N2K Networks
Guest Interview: Benny Czarney, Founder & CEO of OPSWAT
Main Theme: Escalating geopolitical cyber threats, AI-driven cybersecurity upheavals, and a push to rethink prevention versus detection — plus a look at Japan’s new AI-friendly data regulations.

Episode Overview

This episode delivers a fast-paced briefing on critical new cyber threats, AI’s disruptive entry into security operations, major incidents targeting public infrastructure, and regulatory shifts affecting data use. Key insights come from an interview with Benny Czarney on why prevention-first cybersecurity strategies deserve more attention.

Key News & Discussion Points

Iranian-Linked Hackers Targeting U.S. Infrastructure

Timestamps: [00:02]–[03:00]

Federal agencies (CISA, NSA, FBI, DOE, EPA, Cyber National Mission Force) issued joint alerts on Iranian adversaries exploiting PLCs in energy, water, and government systems.
Attackers are focusing on Rockwell Automation Allen Bradley PLCs — with the threat likely expanding to other vendors.
Attribution suggests affiliation with advanced persistent threat actors, in line with earlier “Cyber Avengers” attacks (ex: PA water utility, 2023).
Federal guidance: Remove control software from Internet exposure, review system logs.
Officials say targeting escalated amid regional Middle East tensions; victim specifics unclear.

“Authorities say Iranian targeting has recently escalated, likely in response to regional hostilities.” — Dave Bittner [00:02]

Notable incident:

Pro-Iranian hackers claimed DDoS attacks on Chime Financial and Pinterest; both confirmed brief outages, zero data compromise.

DOJ Disrupts Russian GRU Router Hijacking

Timestamps: [03:01]–[04:10]

Operation Masquerade: U.S. Justice Department and FBI intervened to dismantle a global DNS hijacking campaign tied to GRU Unit 26165.
Thousands of routers used to filter/capture traffic, including passwords and emails from government and critical infrastructure.
At least 200 organizations and 5,000 consumer devices affected; targets extended to U.S., Europe, Asia, Africa.
FBI collected evidence, cut off GRU access, and restored devices with support from international partners.

State and Healthcare Infrastructure Attacks

Timestamps: [04:11]–[06:20]

Minnesota: Major cyberattack in Winona County forces National Guard deployment.
- Police communications and local government operations severely disrupted.
- “Exceeded the county's internal and commercial response capacity.”
Massachusetts: Signature Healthcare’s Brockton Hospital hit, causing ambulance diversions, system downtime, chemotherapy delays.
- No group claimed responsibility.
- Highlights national surge in attacks against healthcare; ISAC notes ransomware, data theft, escalating nation-state pressure.

“Attackers increasingly target hospitals, insurers and medical device vendors, raising risks to patient safety if disruptions escalate.” — Dave Bittner [06:00]

AI Security Initiative: Anthropic’s Project Glasswing

Timestamps: [06:21]–[07:30]

Anthropic’s Claude Mythos preview model aims at autonomous AI-driven vulnerability discovery.
- Early results: thousands of high-severity flaws flagged, including a decades-old OpenBSD bug.
- Access restricted to a select consortium (Amazon, Microsoft, Google, Apple, Linux Foundation, etc.).
- $100M in usage credits pledged to open-source and security projects.
- Cited dual-use risk; concern that faster bug discovery could disrupt traditional patching and vulnerability management.

“Large scale AI bug discovery could disrupt traditional vulnerability management by reducing reliance on human-driven bug hunting and shifting focus from prioritizing fixes to minimizing exposure time.” — Dave Bittner [07:02]

LAPD & LA City Attorney Data Breach

Timestamps: [07:31]–[08:20]

Hackers accessed a storage system with sensitive records (7.7TB, over 337,000 files), including witness info and internal affairs files.
Some data surfaced briefly on social media.
Investigation ongoing; unknown if ransom was demanded/paid.

AI Recommendation Poisoning: New Manipulation Tactic

Timestamps: [08:21]–[09:30]

Microsoft researchers identified companies embedding “prompt injections” into ‘Summarize with AI’ buttons, biasing future AI assistant responses.
“These tactics aim to bias recommendations on topics including health, finance and security. Without users’ awareness…” — Dave Bittner [09:05]
Over 50 hidden prompts from 31 companies across 14 industries found; delivered via crafted URLs.
Risks: persistent brand bias, new attack surface, undermining trust in AI-generated content.

Interview: Benny Czarney, Founder & CEO of OPSWAT

Theme: Challenging the Detection-First Model — Time to Prioritize Prevention
Timestamps: [12:55]–[19:14]

Why Write Cybersecurity Upside Down?

Czarney’s motivation: urgency to advocate for Content Disarmament and Reconstruction (CDR), a true prevention technology (not just detection).
“It's very, very important for me to go and… promote this technology because I believe that this technology is extremely important and… very, very important to go and promote it right now.” — Benny Czarney [13:26]

Prevention vs. Detection: Rethinking Priorities

Czarney: “This entire industry… is based on detection… That’s actually destiny for failure. Why? Because… with AI… attackers are using AI, defense are using AI. So it’s more of a double-edged sword and I’m questioning that.” [14:29]
He calls for reversing the industry model:
- Assume every file is malicious; regenerate clean files via CDR.
- “We should assume all of the files, they're all malicious… We're going to regenerate the entire file flow… to a point. It's going to be clean of malware because you generated this file.” [15:16]
Czarney shares case studies in the book illustrating how CDR could have averted major incidents.

The Book’s Personal Journey & Advice

Incorporates personal and business philosophy, some HR advice, behind-the-scenes of building OPSWAT.
Not a company story, but about the philosophy: “This book is not about the company, it's about… only one technology.” [16:59]
“Maybe it's not going to be the last one,” Czarney jokes about writing another book. [17:39]

Takeaways For Readers

Urges all cybersecurity professionals, regulators, and students to rethink prevention strategies and learn about CDR.
- “If you are in regulation or legislation, please read this book… Please also read chapter six. It's for you.” [17:53]
Emphasizes growing international adoption of CDR approaches to reduce AI-driven threats.

Regulatory Shift: Japan’s New Approach to AI Data

Timestamps: [19:14]–[End]

Japan’s Digital Transformation Minister, Hisashi Matsumoto, signals intent to loosen personal data and privacy regulations to foster AI app development.
- Low-risk personal data can be used for research without opt-in consent.
- Relaxed notification standards for low-risk leaks; opt-out no longer required.
- Protections remain for minors; misuse brings fines tied to profits.

“If data is fuel for AI, Japan just approved a bigger gas tank.” — Dave Bittner [19:56]

Notable Quotes

“Authorities say Iranian targeting has recently escalated, likely in response to regional hostilities.” — Dave Bittner [00:02]
“That's actually destiny for failure. Why? Because now with AI… attackers are using AI, defense are using AI.” — Benny Czarney [14:29]
“We should assume all of the files, they're all malicious… We're going to regenerate the entire file flow… so it's going to be clean of malware because you generated this file.” — Benny Czarney [15:16]
“If data is fuel for AI, Japan just approved a bigger gas tank.” — Dave Bittner [19:56]

Key Takeaways

Geopolitical and criminal cyber threats are mounting — state and local infrastructure, healthcare, and tech are prime targets.
AI is not just changing offense and defense, it's overwhelming legacy detection-first security postures.
Industry leaders like Benny Czarney urge a rethink: assume compromise, regenerate trust with prevention-focused technologies.
Regulatory frameworks (ex: Japan’s new AI-friendly model) are shifting to weigh innovation and risk in new ways.

Listeners are encouraged to explore full episode resources at thecyberwire.com and consider reading Cybersecurity Upside Down to deepen their understanding of critical prevention technologies.

CyberWire Daily — “CyberAv3ngers Unleashed”

Episode Overview

Key News & Discussion Points

Iranian-Linked Hackers Targeting U.S. Infrastructure

Timestamps: [00:02]–[03:00]

Federal agencies (CISA, NSA, FBI, DOE, EPA, Cyber National Mission Force) issued joint alerts on Iranian adversaries exploiting PLCs in energy, water, and government systems.
Attackers are focusing on Rockwell Automation Allen Bradley PLCs — with the threat likely expanding to other vendors.
Attribution suggests affiliation with advanced persistent threat actors, in line with earlier “Cyber Avengers” attacks (ex: PA water utility, 2023).
Federal guidance: Remove control software from Internet exposure, review system logs.
Officials say targeting escalated amid regional Middle East tensions; victim specifics unclear.

“Authorities say Iranian targeting has recently escalated, likely in response to regional hostilities.” — Dave Bittner [00:02]

Notable incident:

Pro-Iranian hackers claimed DDoS attacks on Chime Financial and Pinterest; both confirmed brief outages, zero data compromise.

DOJ Disrupts Russian GRU Router Hijacking

Timestamps: [03:01]–[04:10]

Operation Masquerade: U.S. Justice Department and FBI intervened to dismantle a global DNS hijacking campaign tied to GRU Unit 26165.
Thousands of routers used to filter/capture traffic, including passwords and emails from government and critical infrastructure.
At least 200 organizations and 5,000 consumer devices affected; targets extended to U.S., Europe, Asia, Africa.
FBI collected evidence, cut off GRU access, and restored devices with support from international partners.

State and Healthcare Infrastructure Attacks

Timestamps: [04:11]–[06:20]

Minnesota: Major cyberattack in Winona County forces National Guard deployment.
- Police communications and local government operations severely disrupted.
- “Exceeded the county's internal and commercial response capacity.”
Massachusetts: Signature Healthcare’s Brockton Hospital hit, causing ambulance diversions, system downtime, chemotherapy delays.
- No group claimed responsibility.
- Highlights national surge in attacks against healthcare; ISAC notes ransomware, data theft, escalating nation-state pressure.

“Attackers increasingly target hospitals, insurers and medical device vendors, raising risks to patient safety if disruptions escalate.” — Dave Bittner [06:00]

AI Security Initiative: Anthropic’s Project Glasswing

Timestamps: [06:21]–[07:30]

Anthropic’s Claude Mythos preview model aims at autonomous AI-driven vulnerability discovery.
- Early results: thousands of high-severity flaws flagged, including a decades-old OpenBSD bug.
- Access restricted to a select consortium (Amazon, Microsoft, Google, Apple, Linux Foundation, etc.).
- $100M in usage credits pledged to open-source and security projects.
- Cited dual-use risk; concern that faster bug discovery could disrupt traditional patching and vulnerability management.

“Large scale AI bug discovery could disrupt traditional vulnerability management by reducing reliance on human-driven bug hunting and shifting focus from prioritizing fixes to minimizing exposure time.” — Dave Bittner [07:02]

LAPD & LA City Attorney Data Breach

Timestamps: [07:31]–[08:20]

Hackers accessed a storage system with sensitive records (7.7TB, over 337,000 files), including witness info and internal affairs files.
Some data surfaced briefly on social media.
Investigation ongoing; unknown if ransom was demanded/paid.

AI Recommendation Poisoning: New Manipulation Tactic

Timestamps: [08:21]–[09:30]

Microsoft researchers identified companies embedding “prompt injections” into ‘Summarize with AI’ buttons, biasing future AI assistant responses.
“These tactics aim to bias recommendations on topics including health, finance and security. Without users’ awareness…” — Dave Bittner [09:05]
Over 50 hidden prompts from 31 companies across 14 industries found; delivered via crafted URLs.
Risks: persistent brand bias, new attack surface, undermining trust in AI-generated content.

Interview: Benny Czarney, Founder & CEO of OPSWAT

Theme: Challenging the Detection-First Model — Time to Prioritize Prevention
Timestamps: [12:55]–[19:14]

Why Write Cybersecurity Upside Down?

Czarney’s motivation: urgency to advocate for Content Disarmament and Reconstruction (CDR), a true prevention technology (not just detection).
“It's very, very important for me to go and… promote this technology because I believe that this technology is extremely important and… very, very important to go and promote it right now.” — Benny Czarney [13:26]

Prevention vs. Detection: Rethinking Priorities

Czarney: “This entire industry… is based on detection… That’s actually destiny for failure. Why? Because… with AI… attackers are using AI, defense are using AI. So it’s more of a double-edged sword and I’m questioning that.” [14:29]
He calls for reversing the industry model:
- Assume every file is malicious; regenerate clean files via CDR.
- “We should assume all of the files, they're all malicious… We're going to regenerate the entire file flow… to a point. It's going to be clean of malware because you generated this file.” [15:16]
Czarney shares case studies in the book illustrating how CDR could have averted major incidents.

The Book’s Personal Journey & Advice

Incorporates personal and business philosophy, some HR advice, behind-the-scenes of building OPSWAT.
Not a company story, but about the philosophy: “This book is not about the company, it's about… only one technology.” [16:59]
“Maybe it's not going to be the last one,” Czarney jokes about writing another book. [17:39]

Takeaways For Readers

Urges all cybersecurity professionals, regulators, and students to rethink prevention strategies and learn about CDR.
- “If you are in regulation or legislation, please read this book… Please also read chapter six. It's for you.” [17:53]
Emphasizes growing international adoption of CDR approaches to reduce AI-driven threats.

Regulatory Shift: Japan’s New Approach to AI Data

Timestamps: [19:14]–[End]

Japan’s Digital Transformation Minister, Hisashi Matsumoto, signals intent to loosen personal data and privacy regulations to foster AI app development.
- Low-risk personal data can be used for research without opt-in consent.
- Relaxed notification standards for low-risk leaks; opt-out no longer required.
- Protections remain for minors; misuse brings fines tied to profits.

“If data is fuel for AI, Japan just approved a bigger gas tank.” — Dave Bittner [19:56]

Notable Quotes

“Authorities say Iranian targeting has recently escalated, likely in response to regional hostilities.” — Dave Bittner [00:02]
“That's actually destiny for failure. Why? Because now with AI… attackers are using AI, defense are using AI.” — Benny Czarney [14:29]
“We should assume all of the files, they're all malicious… We're going to regenerate the entire file flow… so it's going to be clean of malware because you generated this file.” — Benny Czarney [15:16]
“If data is fuel for AI, Japan just approved a bigger gas tank.” — Dave Bittner [19:56]

Key Takeaways

Geopolitical and criminal cyber threats are mounting — state and local infrastructure, healthcare, and tech are prime targets.
AI is not just changing offense and defense, it's overwhelming legacy detection-first security postures.
Industry leaders like Benny Czarney urge a rethink: assume compromise, regenerate trust with prevention-focused technologies.
Regulatory frameworks (ex: Japan’s new AI-friendly model) are shifting to weigh innovation and risk in new ways.

Listeners are encouraged to explore full episode resources at thecyberwire.com and consider reading Cybersecurity Upside Down to deepen their understanding of critical prevention technologies.

wavePod

CyberAv3ngers unleashed.

Summary

CyberWire Daily — “CyberAv3ngers Unleashed”

Episode Overview

Key News & Discussion Points

Iranian-Linked Hackers Targeting U.S. Infrastructure

Notable incident:

DOJ Disrupts Russian GRU Router Hijacking

State and Healthcare Infrastructure Attacks

AI Security Initiative: Anthropic’s Project Glasswing

LAPD & LA City Attorney Data Breach

AI Recommendation Poisoning: New Manipulation Tactic

Interview: Benny Czarney, Founder & CEO of OPSWAT

Why Write Cybersecurity Upside Down?

Prevention vs. Detection: Rethinking Priorities

The Book’s Personal Journey & Advice

Takeaways For Readers

Regulatory Shift: Japan’s New Approach to AI Data

Notable Quotes

Key Takeaways

Summary

CyberWire Daily — “CyberAv3ngers Unleashed”

Episode Overview

Key News & Discussion Points

Iranian-Linked Hackers Targeting U.S. Infrastructure

Notable incident:

DOJ Disrupts Russian GRU Router Hijacking

State and Healthcare Infrastructure Attacks

AI Security Initiative: Anthropic’s Project Glasswing

LAPD & LA City Attorney Data Breach

AI Recommendation Poisoning: New Manipulation Tactic

Interview: Benny Czarney, Founder & CEO of OPSWAT

Why Write Cybersecurity Upside Down?

Prevention vs. Detection: Rethinking Priorities

The Book’s Personal Journey & Advice

Takeaways For Readers

Regulatory Shift: Japan’s New Approach to AI Data

Notable Quotes

Key Takeaways