Dave Bittner

You're listening to the Cyberwire Network powered by N2K.

Podcast Host / Announcer

Today's sponsor, Rapid7, has an irresistible invitation for you CISOs and security practitioners out there. A free two day virtual summit. The subject Preemptive security Join the Global CyberSecurity Summit on May 12th and 13th from wherever you like. A list speakers will show you how organizations are disrupting attacks before they can blowtorch your day. You'll see how exposure management, MDR and AI together let you make the decisive move. Registration is open at rapid7.brighttalk.com. France pushes digital sovereignty Adobe rushes an acrobat reader Patchbooking.com confirms a targeted breach SAP fixes a critical SQL injection bug A sanctions dodging fraud Network resurfaces Viper Tunnel infiltrates US and UK firms Glass worm spreads across developer tools Researchers dissect Predator Spyware's kernel engine A lawsuit challenges AI transcription in hospitals Ted Shorter from Key Factor Unpacks Quantum computing at scale on our Threat Vector segment, David Moulton and Elad Koren pull back the curtain on agentic first Security and preparing for post quantum perils. It's Tuesday, april 14, 2026. I'm dave buettner and this is your cyberwire intel brief. Thanks for joining us here today. It's great as always to have you with us. France is accelerating efforts to reduce reliance on US technology across its public sector, with all government ministries required to submit plans by this fall and outlining how they'll shift toward European or open source alternatives. The Inter Ministerial Directorate for Digital affairs, or dynam, has already begun migrating from Microsoft Windows to Linux and replacing foreign video conferencing tools with the domestic Visio platform. Officials describe the initiative as part of a broader strategy to strengthen digital sovereignty and and regain control over data infrastructure, pricing and vendor risk. Although Dynam itself is small, the directive signals a government wide shift affecting areas such as workstations, antivirus, artificial intelligence databases, virtualization and collaboration tools. France has also moved tens of thousands of health insurance staff onto domestic platforms. The effort reflects a wider European trend, with Denmark, Germany and Austria pursuing similar transitions amid concerns about dependence on US Providers. Adobe has issued an emergency security update for Acrobat Reader to address a zero day vulnerability exploited in attacks since at least December. The flaw allows malicious PDF files to bypass sandbox protections and access privileged JavaScript APIs, enabling arbitrary code execution and theft of local files simply by opening a document. The issue was identified by xpimon founder Hafei Lee after analysis of a suspicious sample with additional attacks reported using Russian language, oil and gas lures. Adobe initially rated the flaw critical before lowering its severity score and released patches for affected Windows and macOS versions with no mitigations available. Users are advised to update immediately. Booking.com has notified customers of a targeted data breach involving unauthorized access to portions of its reservation records. Exposed information may include names, email addresses, phone numbers, postal addresses and booking details, though the company says payment data was not affected. Booking.com reported it detected and contained the activity, reset booking related PIN codes and warned users to watch for suspicious communications, impersonating hotels or support staff. Security experts caution that access to real reservation details could enable highly convincing phishing, smishing or vishing attacks. The company has not disclosed how the breach occurred or how many users were impacted. Given its large global user base, analysts say the lack of detail increases risk and customers should treat unexpected booking related messages with caution. SAP released 20 security notes in its April 2026 patch day update, including fixes for a critical SQL injection flaw affecting business planning and consolidation and Business Warehouse. The bug could allow low privileged users to execute arbitrary SQL and access or alter sensitive financial data. SAP also patched a high severity authorization issue alongside multiple medium and low severity vulnerabilities across several products. No active exploitation has been reported. Users are advised to apply updates promptly. Triad Nexus, a large cybercrime operation linked to Asian organized crime, has continued global fraud activity despite sanctions, according to Silent Push. Active since at least 2020, the group has caused more than $200 million in losses through cryptocurrency investment scams known as pig butchering, along with brand impersonation and phishing campaigns. After US Sanctions targeted its infrastructure partner Funnul, Triad Nexus shifted tactics using front companies, cloud services, account mules and infrastructure laundering to maintain operations. The group now geofences US Users and is expanding into Spanish, Vietnamese and Indonesian markets. It also continues relying on bulletproof hosting and hundreds of rotating domains to evade detection or while targeting major financial institutions and global brands with convincing cloned websites. Viper Tunnel, A newly identified backdoor discovered by infoguard, has been found inside networks of US And UK businesses and is being used to maintain persistent access later sold to ransomware groups such as RansomHub. Often deployed after fake updates or SOC Golish infections, the tool hides inside a standard Python module that automatically executes malicious code. Disguised as a system file and protected with multiple encryption layers, it establishes a covert Socks 5 proxy over port 443 to blend into normal traffic. Researchers link the malware to UNC 2165 associated with evil Core. Its evolving modular design and early Linux indicators suggest possible future cross platform targeting. Glassworm has expanded from malicious NPM packages into a broader software supply chain operation targeting GitHub, npm, visual studio code ecosystems, and developer browser extensions, according to Aikido Security. In its latest activity, attackers distributed a fake OpenVSX extension impersonating Wakatime that deployed a Zig compiled binary dropper with full system access outside the JavaScript sandbox. The malware scans for IDEs such as VS Code Cursor and VS Codium, then installs additional malicious extensions across them and removes installation traces. The second stage payload, communicates with a Solana based command and control infrastructure, steals data, and installs a persistent remote access trojan, including a malicious Chrome extension. Researchers advise treating affected systems as compromised and rotating exposed credentials immediately. Predator Spyware uses a previously unreported kernel exploitation engine to achieve deep system access on iPhones running iOS versions prior to 17, according to new reverse engineering research from Jamf. The framework relies on a kernel read and write primitive which repurposes ARM Neon vector registers as a covert channel to access kernel memory. This enables Predator to bypass protections such as pointer authentication codes by locating signing gadgets inside Apple's JavaScript Core framework and using a pre computed cache of signed pointers for fast hook execution. Additional components support remote function execution across processes, transfer kernel privileges between helper modules, and resolve objective C methods. Despite address randomization, the toolkit supports 21 iPhone models through the A16 generation. Researchers say the architecture highlights the growing sophistication of commercial spyware portfolio post exploitation techniques and their ability to undermine hardware level defenses. A proposed federal class action lawsuit alleges Sutter Health and Memorial Care Medical foundation violated privacy laws by using an AI documentation tool from Abridge AI to record patient clinician conversations without informed consent. Plaintiffs claim the system captured sensitive medical details, including symptoms, diagnoses, medications and mental health disclosures, then transmitted transcripts outside clinical environments for processing. The lawsuit alleges violations of California privacy statutes, medical confidentiality rules, unfair business practice laws and a federal wiretapping law. Abridge's Ambient Clinical Documentation platform automates note taking during appointments, addressing physician workload tied to electronic records. Legal experts say organizations adopting such tools must ensure clear notice, opt out options and appropriate data governance, and may require HIPAA business associate agreements if vendors retain recordings or transcripts. Coming up after the break, Ted Shorter from Key Factor unpacks Quantum computing at scale on today's segment from the Threat Vector podcast, David Moulton speaks with returning guest Elad Corin. They're discussing Agentic first security and what it actually looks like in practice. And speaking of quantum we preparing for post quantum perils. Stay with us.

Dave Bittner

And now a word from our sponsor, arcova. Formerly Morgan Franklin Cyber, arcova is a global cybersecurity and AI consulting firm built by practitioners who've been in the seat. They work directly with enterprise teams to solve complex security challenges, building secure by design programs that hold up as technology and threats evolve. From focused engagements to long term partnership, arcova delivers outcomes that endure because no one should navigate complexity alone. Learn why leading Global Enterprises Trust Arcova at www.arcova. that's a R C O V A dot com.

Podcast Host / Announcer

No, it's not your imagination. Risk and regulation really are ramping up and these days customers expect proof of security before they'll even do business. That's where Vanta comes in. VANTA automates your compliance process and brings compliance, risk and customer trust together on one AI powered platform. So whether you're getting ready for a SoC2 or managing an enterprise governance risk and compliance program, VANTA helps keep you secure and keeps your deals moving. Companies like Ramp and RYTR spend 82% less time on audits with Vanta. That means less time chasing paperwork and more time focused on growth. For me it comes down to this. Over 10,000 companies, from startups to large enterprises, trust VANTA to help prove their security. Get started@vanta.com cyber. Ted Shorter is CTO and co founder of Key Factor. I recently got together with him to discuss the advent of quantum computing at scale known as Q Day.

Ted Shorter

There's been a ton of research. It's a term I probably heard first maybe 30 years ago when I was working for the government. But it's been this sort of nebulous, you know, may happen, may not sort of thing for, you know, research project for a very long time. But a lot has been happening that's made it much more real of late. And I think, you know, first off, there are multiple organizations building quantum computers of various strengths and continue to improve them. And I think, you know, a number of things are on the cusp of happening. One is I think we are getting to a point where sometime, likely within the next year or two, we're, we're going to reach a point where quantum computers are able to perform computations that conventional computers are simply unable to do in any reasonable amount of time.

Podcast Host / Announcer

I've seen some stories about moving some schedules up when it came for organizations being quantum ready when it comes to their cryptography. Do you suppose that's a Quiet signal that maybe things are happening on an accelerated schedule, Perhaps.

Ted Shorter

I think it's a louder signal, maybe in some cases. I think just to go beyond the quantum computing part, the while quantum computers can have a lot of promise of doing lots of computations and tremendous benefits to society that we've not been able to achieve yet, they also potentially have this potential threat of being able to break two of the most commonly used cryptographic algorithms that are used in the world today, that being RSA and acc. Those literally underpin pretty much every digital interaction that we have today. So anytime the lock icon shows up in your browser, anytime you receive a software firmware update, every identity that's on a blockchain, Bitcoin, Ethereum, so forth, all those identities are ecc. If something was able to break RSA or ECC today, that would be absolutely catastrophic. So the deadline you're referring to really is the notion that the US Government, and actually governments around the world have come up with new algorithms that can replace RSA and ECC and actually use different mathematics that are widely believed to be immune to the powers of quantum computing. And this deadline is about getting a transition from away from everything that uses those algorithms today to using the new algorithms. And that, of course, is a massive, massive change.

Podcast Host / Announcer

Do you think that breakthroughs in quantum computing will be shared publicly, or is this the sort of thing that nation states might keep secure?

Ted Shorter

Some have shared publicly. There's certainly been announcements in the private sector from many places. The us, IBM is, Google, Microsoft. There's been announcements even from China. That said, I think there's this idea of Q Day, the point where a quantum computer is able to break RSA or ecclesiastical. When that happens, it's likely going to be internal to some nation state and it probably will not be announced.

Podcast Host / Announcer

Perhaps a strained analogy, but you think about something like nuclear weapons with nuclear proliferation, right? Will quantum capabilities. Will we have a world of haves and have nots?

Ted Shorter

Well, if we switch away from RSA and ecc, then the haves should only be beneficial. The quantum computing, I guess, just to level set a little more. Quantum computers, don't think of them as a really, really fast conventional computer. They're actually very good at certain types of calculations, but they're actually not very good at all at all types of calculations. So that's why it's possible to create new algorithms with new mathematics that is not susceptible to quantum computing. Unfortunately, RSA needs ecr, and that's where the issue is.

Podcast Host / Announcer

So what are your recommendations for organizations to prepare for this.

Ted Shorter

Well, I think, you know, there's a number of things you can do. Making a change like this is massive. Literally everything that communicates on a network or accepts a firmware update or software update is going to need to get updated. A lot of that is going to happen for you by your vendors. But it's very important to, I guess there's a number of steps. One is, first of all, figure out, if you don't know already, what the keys to your kingdom are and the things that you most vitally want to protect. That's a really good place to start. You want to make sure that you get an inventory of the cryptography and algorithms and so forth that are being used in those environments. That is not always easy to do. Sometimes there's not a lot of things that will come out and tell you that there are tools that can go a long way in helping you get that, get that inventory. And then it comes down to talking to your vendors. Because really, all the software that you use that communicates on the network is going to have to get updated. And so that means you're going to need to get updates from Microsoft and Google and Apple and any other vendor of any software, firmware, hardware, so forth in your environment. Your quantum roadmap as an organization effectively is subject to theirs. So you need to be talking to your vendors, understand what their plans are, when they plan to transition, and then plan accordingly so that you can start moving, build out automation so that you can move as quickly as you can once you're able to. I guess that's the challenge is right now there aren't really a lot of operating systems or software out there that is ready for quantum. That's going to start changing as we get through 2026. But that's the game we're in. You can move the timelines up. And this is, I think, what scares me the most. You mentioned Google moving the timeline up. It's such a massive transition. I'm not sure even if everyone started today and went as fast as they can, that you'll be able to move everything. So it's just a massive, massive amount of work that needs to happen here.

Podcast Host / Announcer

I hear people say that it's a possibility that we could have a Sputnik moment where suddenly it's revealed that our adversaries or perhaps one of our allies have these capabilities and things are kind of different from that point on.

Ted Shorter

If that happens. Yeah, I mean, that would be. That's why everyone, they're talking about wanting to move. Right. I think we want try to avoid that as much as possible.

Podcast Host / Announcer

How do you go about coming at this in a rational way without falling into kind of a Chicken Little mode? Because it feels so. It's been in the future for so long. And so I think it's hard for folks to wrap their head around any kind of realistic timeline for this.

Ted Shorter

Yeah, yeah. I think some of it goes back to what I mentioned earlier. I mean, I think the first step is focus on the things that are most important to you. There are other things you could be doing today. For example, I guess maybe I can give some good news. There's this talk about capturing now, decrypt later.

Elad Coren

Right.

Ted Shorter

Which is definitely a risk.

Elad Coren

Right.

Ted Shorter

The idea that adversaries could be capturing today's Internet traffic, for example, that's being encrypted with RSA or UCC and just store it even though they can't decrypt it. And then once the quantum computer is available, to be able to then decrypt it and sift through to find relevant pieces of information and so forth, there are some good things that are happening. So the standards have been out for a little while and there is some support. So there was a Cloudflare announcement that came out at the end of last year. That's I think it was something like 43%, something in the 40s% of Internet traffic was actually already quantum resistant. And that's because browser vendors like Google and network infrastructure vendors like Cloudflare did create implementations of those new algorithms. And so for a lot of folks, you may not know it, but your Google browser can negotiate to use MLChem, which is one of the quantum resistant encryption algorithms for the transport layer to encrypt data back and forth between your browser and websites that you visit. If the websites on the other end also support MLChem, you're actually good. And that's where that 43% comes from. So there is actually some progress in this. I guess that's maybe the good news. The bad news is there's a whole lot left to do. And getting that 43% up to 100% is going to be a lot of work. And that's just Internet traffic. When you go internal to organizations, it probably gets a lot more scary.

Podcast Host / Announcer

That's Ted Shorter, CTO and co founder of Key Factor. On today's segment from the Threat Vector podcast, David Moulton speaks with returning guest Elad coren. They're discussing AgentIQ First Security and what it actually looks like in practice.

Dave Bittner

Foreign

David Moulton

I'm David Moulton, host of the Threat Vector podcast. What you're about to hear is from my latest conversation about the future of security. Something strange is happening inside of security operations centers right now. The analysts sitting at the consoles aren't losing to attackers because they're outgunned. They're losing because they're outnumbered by machines. In my latest episode, Elad created, Peratt, vice president of product management for Cortex Cloud, told me something that stopped me cold. Adversaries can already spin up an attack infrastructure from a single prompt. Your team is still triaging alerts by hand. That's not a future problem. That's now. Elad, welcome back to Threat Vector. Good to have you here again.

Elad Coren

Hey, David, thank you. Great to be here again.

David Moulton

Talk to me a little about what's changed since we last spoke. You know, last time we were digging into why reactive security was breaking down. What shifted in how you're thinking about the problem?

Elad Coren

I think the biggest thing that changed is that there's an acceptance of this gap. It's no longer a question. Right. I think everyone knows that manual triage is basically dead. I think what stayed in the game is more of the fact that leaders, they understand that it's no longer a staffing shortage. I think the industry has widely adopted the concept that it's more about the signal processing shortage and hiring more will not solve the problem. I think that is the fundamental change from that point. And that means that we're seeing more receptiveness and more wide understanding that to fight AI and to fight machines, you need the proper machines on your side as well. I think that is the biggest thing.

David Moulton

Well, let's dig into that a little bit. I keep hearing this phrase, the agentic first analyst experience really rolls off of my tongue. That's the kind of term that I think could mean anything or nothing, depending on who's using it. And, and maybe you can help me understand what does that actually mean in the context of what you're building here. And, and what does it, you know, why does that matter for the experience, for those defenders that are out there looking to grow their capacity?

Elad Coren

Great, great question. I think, I think a good way to think about it is probably a good analogy would be cars for a second, right. When we think of agentic first environments or agentic first systems platforms, you should think a self driving car type of thing, right? It's not just that bolted AI or integrated AI on top of something that is more of a lane assist or cruise control. That is something, you know, adaptive cruise control. You measure the speed from your car in front of you and you can, you can adjust the speed accordingly or lane assist as well. But if you think about self driving cars, that means that somebody thought of the entire process. You need to navigate, you need to plan, you need to have like the traffic analysis. This is the Gentec first experience. You're thinking on the agents as part of the architecture. You're not building this on top of that. This is where we flipped the order of things. Instead of taking existing systems and just applying AI on those systems, we thought AI first and being agentic first be it saw cloud exposure management, what have you. You're thinking of how you can automate things with AI agents and help them do things in a more efficient way to increase the virtual size of any customer's team, any company's team that's using that. And I think that is the fundamental change and difference between just AI bolted on or integrated with agentic first experience.

David Moulton

So help me understand something I'm imagining. I'm a SOC analyst. I'm sitting in front of my console today. Normally I'd be handling triage or correlation or even initial response, but now that's something that I've said yes or maybe I don't. Maybe there's some of those things where what you're imagining is I've seen you do this, would you like me to take care of it? And there's some autonomy with the human, but imagining that you've offloaded some of that work, maybe all of it, what's left for the person to do? And what is that job? Is it better? Is it, is it just very different? I'm trying to paint that picture.

Elad Coren

Yeah, I think it's a great, great discussion because I think many people out there are thinking oh so you know, what will we do if AI agent, will they replace us? Are they complimenting us? I think what people tend to forget is that and I think anyone encounter that if not encountering that as we speak. We never get to the more complicated higher level tasks that we want to do, right? Those that require deep thinking because we are caught in the day to day answering hundreds of emails or doing all the regular things. Think about security analysts analyzing so many data, data points and trying to connect the dots and trying to make sense of certain things. Tri Ash what if all the AI agents could do all these basic things for all of these analysts and they would actually turn a Tier 1 analyst to a Tier 2, Tier 3 analyst just by being there for them and allowing them to identify the patterns that they are Required to identify what if the tier 3 analysts could orchestrate all of those and to say, hey, what about those new MOs or what about this potential new threat that I have? I think this is where specifically in security, but also generally in software. We're enabling with the AI agents or the AgentIC era AgentIC first platforms. We're enabling humans to do more not just by using the agents. That's, that's given and they'll do more things. It's allowing them that, that, that mind share or that attention span that many, many times is not something we can achieve. To do the more complex things, to invest and investigate those things that require the human mind because, well, let's face it, we are still very much needed in the process. I think now we can utilize our brains to the right task. That's, that's how I view this.

David Moulton

So a lot you talk to analysts, maybe not their managers, but the analyst themselves. And I'm curious, what's, what's their emotional response to this picture you're painting? You know, is it, is it relief? Is it maybe some skepticism? I've noticed that in our industry. Is it fear?

Elad Coren

I think you see a mix of all of those and heavily relies on or dependent on their state of mind, where they are in their career, where they are in the way they see how AI complements what they do. I think in general, the more common reaction that I see is curiosity. It's the understanding that something's going to change. Some of them adopt change really fast, some of them don't. I think ultimately what we are seeing with analysts is that they need to trust the system. They need to become more familiar with the new ways of operating. There's an interesting thing that happened this one time. We were interacting with a customer and one of their lead analysts said, well, I need all of these things to be, you know, to be done in, in your system. And all of the things that they listed are things that they've done with the old system that was a legacy system, right. That they did things manually, they built rules and they said, well, where can we do all of these things in your, in your platform? And, and I was looking at them and smiling and, and saying, you don't, you don't have to. You understand it's, it's already done for you. Yeah, you can review all of these things here. So some of them are looking at those things and the smart policies created the behavioral indicators of compromise that are available in the system and they're looking at that and they understand that all the things that they've done in the past, building this in a very specific way, you need to maintain those. And now they're going into a system that many of the things they did in the past is doing that for them. So I could see that inflection point of realizing, hey, I can become more efficient now, I can do more. And once you turn around someone that is very fixed on how they used to do things, that's the biggest win. So I see a lot of that and I'm excited about that. Foreign.

David Moulton

This episode is live in your Threat Vector feed. It's called Attackers have Agents. Do you? Thanks for listening. Stay secure. Goodbye for now.

Podcast Host / Announcer

Be sure to check out the complete Threat Vector podcast wherever you get your favorite shows. Most environments trust far more than they should, and attackers know it. ThreatLocker solves that by enforcing default deny at the point of execution. With Threat Locker allow listing, you stop unknown executables cold. With ring Fencing, you control how trusted applications behave. And with threatlocker DAC defense against configurations, you get real assurance that your environment is free of misconfigurations and clear visibility into whether you meet compliance standards. ThreatLocker is the simplest way to enforce zero trust principles without the operational pain. It's powerful protection that gives CISOs real visibility, real control, and real peace of mind. ThreatLocker makes zero trust attainable even for small security teams. See why thousands of organizations choose Threat Locker to minimize alert fatigue, stop ransomware at the source, and regain control over their environments. Schedule your demo@threatlocker.com N2K today. When it comes to mobile application security, good enough is a risk. A recent Survey shows that 72% of. Org organizations reported at least one mobile application security incident last year, and 92% of responders reported threat levels have increased in the past two years. Guard Square delivers the highest level of security for your mobile apps without compromising performance, time to market or user experience. Discover how Guard Square provides industry leading security for your Android and iOS apps at www.guardsquare.com. And finally, it's World Quantum Day, and while it's unlikely you'll find the perfect greeting card for your favorite quantum engineer at the local Hallmark store, the folks at qsicor gently suggested that organizations stop staring at the quantum horiz like amateur astronomers waiting for a comet and start migrating to post quantum cryptography. Now, the company argues the real risk is not guessing when quantum computers will break today's encryption, but how long it takes to replace the encryption once everybody agrees they will. Recent signals from Google, Cloudflare, and India, all pointing toward 2029. Migration timelines reinforce the message that the clock is already ticking, even if no one agrees exactly when Midnight arrives. Q Secure says large enterprises often need up to a decade to complete migration, which makes wait and see less strategy and more procrastination with paperwork. It also warns that inventory exercises without pilot deployments waste time and that crypto agility is becoming essential as threats evolve quickly. In short, the future may be uncertain, but the migration backlog is very real. And that's the Cyberwire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's lead producers, Liz Stokes, were mixed by Trey Hester with original music and sound design by Elliot Peltzston. Our contributing host is Maria Vermazes, our executive producer is Jennifer Ibin. Peter Kilpe is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow.

Dave Bittner

Today we'll attempt a feat once thought impossible overcoming high interest credit card debt. It requires merely one thing a SOFI personal loan. With it, you could save big on interest charges by consolidating into one low fixed rate monthly payment. Defy high interest debt with a SOFI personal loan. Visit sofi.com stunt to learn more. Loans originated by SoFA Bank NA member FDIC terms and conditions apply. NMLS 696891.