Loading summary
A
You're listening to the Cyberwire Network powered by N2K.
B
AI is making phishing attacks faster, more convincing and harder for people to spot. And traditional security awareness and phishing training weren't designed for this level of attack. HOX Hunt helps security teams prepare employees for the attacks they face every day with personalized phishing training that adapts to each employee and reduces risky behavior over time for IT and security leaders looking to strengthen their human layer of defense without adding more manual work. Visit hoxhunt.com cyberwire to learn more. That's H O X h u n t.com cyberwire.
A
Tata Electronics and Bajaj Auto continue recovery from cyberattacks FCC titans undersea cable rules to bolster national security CISA warns of actively exploited PTC vulnerability Gamaradon expands toolkit hides behind legitimate services Iran linked hackers turn public warning systems into psychological weapons Threat actors target critical infrastructure across Southeast Asia dCloud framework behind global scam economy Polish police disrupt sim swapping gang French statistics agency reports cyber attack affecting nearly 13,000 staff our guest today is Michael Fanning, CISO at Splunk, discussing how AI doesn't create problems, it exposes them and an open book exam for hackers. Today is Friday, June 26, 2020 26. I'm Maria Varmazes in for Dave Pittner this week and this is your Cyberwire Intel Briefing. Happy Friday and thank you for joining me today. Mumbai headquartered Tata Electronics, which is a key supplier to Apple, Tesla and leading chip manufacturers, has has tightened internal security controls following a data breach that came to light earlier this week. The World Leaks Ransomware group leaked more than 200,000 files allegedly stolen from the company, including what appear to be internal design papers from Apple and Tesla. The authenticity of this data has not been independently verified and Tata hasn't commented on the contents of the leak. Reuters says the company has since restricted remote access to sensitive internal tools and and Apple's security team is working with Tata on near and long term security measures. Another Indian manufacturing giant, Bajaj Auto, has resumed operations after sustaining a ransomware attack this week as well. The company says its manufacturing, sales and service activities are now operating normally. The Federal Communications Commission has approved new rules aimed at strengthening the security of the undersea cables that carry roughly 99% of international Internet traffic. The measures create new licensing requirements for submarine cable terminal equipment, tighten oversight of foreign involvement and establish a fast track approval process for trusted operators that meet strict national security standards. The FCC says the changes are designed to reduce espionage and sabotage risks, particularly from Chinese linked companies while accelerating deployment of critical communications infrastructure. The known Exploited Vulnerabilities catalog maintained by the U.S. cybersecurity and Infrastructure Security Agency, better known as CISA, has listed a critical vulnerability affecting PTC's product lifecycle management tools Windchill and FlexPLM. According to a new report from Security Week, the vulnerability is an improper input validation flaw that can lead to remote code execution. The agency also added a high severity server side request forgery or SSRF vulnerability in Cisco Unified Communications Manager that was observed being exploited this past weekend. Cisco released fixes for this flaw on June 3. CISA has ordered federal agencies to apply patches for both vulnerabilities by Sunday, June 28. ESET researchers say the Russia aligned Gamarudon threat group remain highly active throughout 2025, exclusively targeting Ukrainian government and military organizations. The Group developed new PowerShell based malware, expanded its use of cloud storage for data theft, and increasingly relied on legitimate messaging, blogging and file sharing services to conceal command and control infrastructure and exfiltrate stolen information. ESET also observed gamerdon collaborating with other Russia linked threat actors, underscoring a growing trend of operational cooperation among Kremlin aligned cyber espionage groups that are targeting Ukraine. Researchers at Claroti's Team 82 have uncovered an Iran linked campaign targeting Internet connected public warning systems but not to destroy them, but to manipulate public perception and so fear the attackers compromised sirens and emergency alert infrastructure displaying false or politically charged messages designed to undermine trust in official communications. The researchers describe the activity as a cyberpsychological operation using operational technology as a tool for influence rather than disruption. Palo Alto Networks Unit 42 is tracking a cluster of threat activity operated by Chinese speaking actors that's targeting critical infrastructure across Southeast Asia. The threat actors are tracked by unit 42 as CL STA 1062 and have been active since at least March 2022. The attackers have previously been observed targeting web hosting infrastructure in Taiwan and unit 42 says the latest campaign highlights a broader long term strategy in the Asia Pacific region. The recent attacks focused on energy and government organizations. The attackers deployed a newly documented Trojan dubbed Tiny rct, which is a lightweight backdoor written in C that enables attackers to execute arbitrary system commands and exfiltrate files, capture screenshots and remotely manage the infected host. Infoblox researchers say a legitimate Chinese development framework called dCloud Uni App has become common infrastructure for a massive global scam ecosystem. The company identified more than 236,000 scam domains since 2022 supporting fake crypto exchanges pig butchering schemes, wallet drainers, gambling fraud, WhatsApp, phishing and brand impersonation, researchers stress. Dcloud itself is not malicious, but its reusable templates and technical fingerprints help expose how decentralized fraud operators share scaffolding infrastructure and tactics across international scam campaigns. Polish police have arrested four alleged members of a cyber criminal gang known for targeting telecom vendors and to conduct sim swapping attacks, according to a new report from Bleeping Computer. The operation was led by the Polish Cybercrime Bureau and supported by the U.S. fBI and Homeland Security investigations. The suspects are accused of using sim swapping attacks to gain access to victims cryptocurrency accounts. The Polish cybercrime Bureau stated that it is estimated that the total value of funds laundered in this manner exceeds at least US$55 million. The defendants are each facing up to 25 years in prison for charges related to money laundering, participation in an organized criminal gang and hacking IT systems to commit theft. France's national statistics agency Insi says a cyber attack exposed the personal data of about 12,800 current and former employees along with members of related civil service organizations. According to the agency, the compromised information was limited to identities and professional contact details. INSI says no passwords, home addresses, banking information, Social Security numbers or health records were accessed. Now stick with us after the break, Dave Buettner sits down with Michael Fanning, CISO at Spring Plunk as they discuss how AI doesn't create problems, it exposes them and an open book exam for hackers. Stay with us.
B
When it comes to mobile application security, good enough is a risk. A recent Survey shows that 72% of organizations reported at least one mobile application security incident last year and 92% of responders reported threat levels have increased in the past two years. Guard Square delivers the highest level of security for your mobile apps without compromising performance, time to market or user experience. Discover how Guard Square provides industry leading security for your Android and iOS apps at www.guardsquare.com. What's the one thing in business that's spreading as fast as AI? AI risk. Every new tool your team signs up for. Every vendor that turns on AI features, every new integration each one creates another opportunity for something to go wrong. And most security programs just weren't built for AI's pace of growth. Enter Vanta. Vanta is the number one agentic trust platform used by more than 16,000 fast moving companies like Ramp Cursor and Harvey to help ensure they're always audit ready. And now Vanta is helping Companies watch for the risks that show up between audits across vendors, AI tools and their entire environment. The Vanta Agent works like a 24.7grc engineer in the background, finding issues, drafting fixes and cutting vendor assessment time by up to 50%. Whether you're a fast growing startup or a global enterprise, Vanta is here to help you automate your security and compliance and earn and prove trust. Get started today@vanta.com cyber. That's V A N T A dot com cyber.
A
Dave Bittner recently sat down with CISO at Splunk, Michael Fanning and they discuss how AI doesn't create problems, it exposes them. Here's more in their conversation.
C
What we're seeing with AI, I think, you know, does expose a number of areas. One would be, you know, the way that we think about how we can identify vulnerabilities across products and infrastructure and the pace that we can do that at. Also knowing that adversaries likely possess comparable capabilities to an extent. So super interesting things that you're kind of seeing with some of the models that are being made available now.
B
Is this a matter of properly calibrating our own expectations? You know, the notion about the fundamental problems that looking at the idea that AI doesn't necessarily create those, but it exposes them, that it sort of ruthlessly shows us things that maybe we weren't exposed to before.
C
I think a recalibration is to an extent a good thing. The way that I think about the way that these models work and say the discovery of some of these problems is we have had capabilities to discover these problems in the past. They just haven't necessarily been as efficient and as high quality as what we're seeing today. So for example, you can still discover, say a vulnerability in a web application by looking at source code or by doing a penetration testing exercise against a website that you own, all of that has already existed. So the vulnerabilities that you see, there's nothing necessarily new there. What is new is the pace at which we can discover new vulnerabilities across different products, different types of web applications, infrastructure, et cetera, and how we can actually think about kind of chaining together some of the different findings for more impact. And I think that's really, that's really what's changed.
B
Well, let's dig into that together. What are the real world consequences of that new reality?
C
The real world consequences are that you aren't necessarily treating each individual vulnerability as its own finding. So as an example, if you think about a medium severity finding, of a vulnerability. Typically, say a team that patches an infrastructure would really focus on, here's a medium, we need to patch it, and then we can count that medium as no longer being applicable to our environment. What is happening with, with AI is it helps us understand different attack paths. So rather than looking at, say, a medium in isolation, you can look at a group of mediums and chain together an attack that leads to a very high impact compromise of an environment or of data, et cetera. So the kind of the fundamental changes is not necessarily treating these individually, but kind of grouping together and understanding what the most, like the highest impact is for remediation, if that makes sense.
B
It does. So correct me if I'm wrong. Is part of what you're saying that this gives us the ability to chain things together and to explore them to a degree that before AI might not have been practical.
C
Before AI, it was just much, much slower. So we have internal pen testing teams and hacking teams that are able to take a look at different sets of findings and string them together to understand is there a way to reach our target goal by exploiting multiple vulnerabilities? That's already been a common technique for a penetration testing team, but that has also been a very manual and intensive process to kind of understand what that looks like. That requires expertise from a pen tester. What AI is doing is it's actually allowing you to understand and automate that. So the groups of vulnerabilities that can be linked together for an ATT&CK chain is. That is where we're kind of really seeing, you know, a lot of great impact from some of these different models.
B
So given these realities, what's your advice to the folks out there who are put in charge of defending their organizations?
C
A couple of things. One is the overall volume of vulnerabilities is likely to increase for everyone. The question is going to be what is the right way to prioritize remediation? Because asking, say, engineering teams and operations teams to constantly patch and remediate 100% of all findings, all of the time as they come in, isn't necessarily a sustainable process. So what you really need to understand is what is the right way to prioritize these new findings as they come in and as they're discovered by AI? And I think that there are a couple of ways that you think about doing that. Number one, I still think that you prioritize, say, critical and high vulnerabilities. It's that volume of kind of mediums and lows that you really got to pay attention to. And as you employ your own internal scanning capabilities and you understand what those attack chains look like, it's those attack chains that should really be prioritized in your backlog. The other side of that is kind of delineating what is the information that you have that is private to you as a business versus what is information that you. And that's information about vulnerabilities that is very private and specific to you versus what would also be publicly discoverable. And when you can kind of understand the difference and understand, say, hey, there's a certain level of privilege access that might be required to execute on this vulnerability, that might buy you a little bit of time comparing to, okay, an adversary with these same tools would be able to exploit these vulnerabilities with the knowledge that they have that's publicly available.
B
Does this require that organizations reexamine their basic hygiene, you know, making sure that all of that table stakes stuff, multifactor authentication and so on is taken care of properly?
C
Yeah, of course, I think that the fundamentals still certainly apply. Identity and access management is a fundamental security control that organizations should continue to invest in. Agents and AI are creating a sprawl of identity. And so really having a solid identity and access management strategy is, is critical. But I think an approach, you know, on the topic of vulnerabilities, the approach that organizations need to be considering is, you know, how do you even prevent the deployment of vulnerabilities to begin with? How do you, how do you prevent the development of vulnerabilities? Because if you're, if you're not, you know, for lack of a better term, shifting left, then you're always going to be stuck in this scenario where once you're closer to release dates or when you're within operations, you're constantly finding these new vulnerabilities kind of after the fact, after they've already been deployed, when it's too late. So really investing in kind of more infrastructure hardening, image hardening, secure software development, life cycles, et cetera. I think of those, those are those opportunities to really get in front of some of these problems that we're seeing that are being exposed with AI.
B
What's your advice for folks who are feeling a bit overwhelmed here, who see the rapid acceleration of everything thanks to AI as if somebody had punched the turbo button. The rate at which these vulnerabilities are being exposed, do you have any words of wisdom?
C
I think that the fundamentals still apply. I'm a big believer in really nailing the basics and so, you know, really taking a step back and ask yourself the questions are you solving fundamental problems with your organization would be kind of that first, that first step. And then secondly, you know, panic never really does anyone any good. Everyone in the industry is kind of experiencing these same issues today, these same concerns. Panic can create an environment where you aren't necessarily making the best decisions for your business from a security perspective. And so I think, you know, applying a level of methodical thinking around the way that you want to approach and solve these problems is going to go a very, very long way, rather than kind of constantly reacting to whatever the new flavor of hysteria might be regretting regarding AI that's that's hitting the Internet.
A
That was host Dave Bittner and Michael Fanning, CISO at Splunk, talking about how AI doesn't come create problems, it exposes them.
B
Most environments trust far more than they should, and attackers know it. Threat Locker solves that by enforcing default deny at the point of execution. With Threat Locker allow listing, you stop unknown executables cold. With ring Fencing, you control how trusted applications behave, and with Threat Locker DAC defense against configurations, you get real assurance that your environment is free of misconfigurations and clear visibility into whether you meet compliance standards. Threat Locker is the simplest way to enforce zero trust principles without the operational pain. It's powerful protection that gives CISOs real visibility, real control, and real peace of mind. ThreatLocker makes zero trust attainable even for small security teams. See why thousands of organizations choose ThreatLocker to minimize alert fatigue, stop ransomware at the source, and regain control over their environments. Schedule your demo@threatlocker.com N2K today.
A
Heat up your Fourth of July at the Home Depot with our wide variety
B
of grills under $300 and make gathering one to remember. Give your outdoor space a glow up whatever your budget is, with savings on seasonal plants starting at $5.
A
With the grill fired up and your backyard set to perfection, you'll be able to invite friends and family over to
B
kick off the party. Start celebrating with low prices guaranteed at the Home Depot, prices may vary by store exclusions apply.
A
See homedepot.com Pricematch for details. And last up on this Friday, a UK school is serving as the latest example of how simple security measures can create enormous risk. A former student says he discovered that connecting to the school's active directory domain required no administrator authentication, giving him visibility into domain controller tools and policy maps. Well, things got even worse when he found the domain administrator account and its password sitting in the account's description field in plain text.
C
Ooh.
A
And with those credentials, the student said he could access staff and student data remotely, connect to servers and domain controllers, manage classroom software, view Google workspace mailboxes, and even access firewall settings and keystroke histories. Yeah, despite having what he described as God Mode, he said he never abused the access and graduated without reporting the issue. Pinky swear. Yeah. The story is a textbook reminder that security doesn't always fail because of advanced attackers. Sometimes it fails because someone leaves the answers on the test. Fortunately, in this case, the student who found them appears to have been more interested in graduating than administering the network. And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com be sure to check out Research Saturday this week, where host Dave Buettner sits down with Daniel Schwalbe, Chief Information Security Officer and Head of investigations at Domain Tools, as they discuss their work on Zion Siphon OT malware First attempts, PsyOps. Both. Well, yeah, that's Research Saturday. Check it out. And on Sunday's T Minus Space Cyber Briefing, we're talking about strengthening the space industrial supply chain with PwC's principal partner Doug Anderson, and AIA's vice president of Space Systems Division, Steve Jordan Tomaszewski. That is Sunday on T minus. Don't miss it. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like this show, please please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's lead producer is Liz Stokes. We're mixed by Trey Hester with original music and sound design by Elliot Peltzman. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher and I'm your host Maria Varmazes. In this week for the vacationing Dave Buettner, who will be back on Monday. Thank you for listening. Have a wonderful weekend.
B
This episode is brought to you by Google Chrome.
A
You think you know a browser, but Gemini and Chrome, that's new. It can help you with practically anything on the web, like restoring a vintage motorcycle from a 50 page restoration block. Or finally break down that long article you've had open for weeks. Gemini and Chrome is here for it, ready to make anything online make sense. There's no place like Chrome. Check responses, set up, required compatibility and availability. Various 18.
Date: June 26, 2026
Host: Maria Varmazes (in for Dave Bittner)
Podcast Network: N2K Networks
This episode delivers updates on significant cybersecurity incidents worldwide—including major breaches in India, new regulations for undersea cables, and research on evolving threat actor behavior. The featured expert interview is with Michael Fanning, CISO at Splunk, who offers valuable insight into the transformative, exposing power of AI in cybersecurity, urging defenders to rethink fundamentals and vulnerability management for the AI era.
(01:04 – 09:11)
Indian Tech Giants Targeted:
U.S. FCC Tightens Undersea Cable Security:
Vulnerability Alerts:
Regional & Thematic Threats:
Abuse of Cloud/Development Infrastructure:
SIM Swapping and Cybercrime:
Attack on French National Statistics Agency:
Topic: “AI doesn’t create problems; it exposes them.”
(11:20 – 21:01)
How AI is Hunting Vulnerabilities—For Good and Ill
Chaining Vulnerabilities and Impact
The Challenge of Volume and Prioritization
Organizations will face increasing numbers of vulnerability findings:
Differentiating private vs. public vulnerabilities affects response priority:
Fundamentals Still Crucial—Especially Identity
Advice for Overwhelmed Defenders
(22:56 – 23:35)
The episode is brisk, insightful, and sometimes wry. Maria Varmazes (host) delivers news with a sense of urgency and clarity, while Michael Fanning provides expert, practical advice and calm reassurance amid the accelerating cybersecurity landscape.