Hackers beware, fines are in the air. - CyberWire Daily

Summary10 min read

CyberWire Daily: "Hackers Beware, Fines Are in the Air"
Release Date: April 1, 2025
Host: Dave Buettner, CyberWire Network

1. UK Unveils Comprehensive Cybersecurity and Resilience Bill

The United Kingdom has officially revealed the full scope of its forthcoming Cybersecurity and Resilience (CSR) Bill, a legislative measure aimed at fortifying the protection of critical national infrastructure against escalating cyber threats. Tech Secretary Peter Kyle highlighted the bill's three primary pillars:

Expanded Regulatory Compliance: Organizations will be required to adhere to stringent security directives, including the timely patching of known vulnerabilities.
Enhanced Government Regulatory Powers: The bill grants authorities the flexibility to swiftly update regulations in response to emerging threats.
Unified Regulatory Strategy: A standardized approach for data centers and other critical entities is under consideration, ensuring cohesive defense mechanisms across sectors.

Failing to comply with these directives could result in significant financial penalties, notably £100,000 per day or 10% of annual turnover for non-compliant entities. Additionally, the bill mandates that significant breaches must be reported within 24 hours, aligning UK standards more closely with those of the EU and the US.

Dave Buettner emphasized the urgency behind this legislation, noting that cyberattacks on UK utilities surged by 586% in 2023. Experts caution that while the bill is a crucial step toward modernizing the UK's cyber defenses, it will require sustained investment and comprehensive staff training to be effectively implemented. The CSR Bill is slated for parliamentary review later this year.

2. Apple Alerts Users to Critical Zero-Day Vulnerabilities

Apple Inc. has issued an urgent security advisory addressing three critical zero-day vulnerabilities currently being exploited in sophisticated cyberattacks. These vulnerabilities impact a wide range of Apple devices, including iPhones, iPads, Macs, Apple Watches, Apple TVs, and Vision Pro.

The identified flaws include:

USB Restricted Mode Bypass: Allows attackers with physical access to devices to circumvent security restrictions.
Safari Sandbox Escape: Enables malicious web content to break free from the browser's protective sandbox environment.
Core Media Use-After-Free Bug: Potentially leads to privilege escalation by exploiting memory management flaws.

Apple has promptly released security patches for all affected systems and is urging users to update their devices immediately. Additional recommendations include avoiding untrusted applications, enabling lockdown mode, and activating automatic updates.

These vulnerabilities were discovered by renowned security researchers, including those from the Citizen Lab, and are reportedly being leveraged in targeted attacks. Dave Buettner underscored the significance of these vulnerabilities, highlighting the breadth of devices affected and the potential risks to users.

3. Interlock Ransomware Group Targets National Presto Industries

The Interlock Ransomware Group has claimed responsibility for a cyberattack on National Presto Industries, a prominent manufacturer known for home appliances and military-grade ammunition. The attack, which occurred on March 1, resulted in the theft of nearly 3 million files.

Initially, National Presto Industries disclosed the breach without specifying the use of ransomware. However, details from Interlock's leak site indicate that multiple subsidiaries, including National Defense Corporation and Amtech, were significantly impacted. Despite the extensive data theft, Interlock asserts that their extortion efforts failed after the company downplayed the breach's severity and successfully restored operations.

Dave Buettner reported on the extensive data loss and the implications for National Presto Industries, emphasizing the group's confidence in their ability to undermine company responses. The incident serves as a stark reminder of the persistent threats posed by sophisticated ransomware groups and the importance of robust incident response strategies.

4. Microsoft Identifies Critical Vulnerability in Canon Printer Drivers

Microsoft's Offensive Security team has identified a critical vulnerability in Canon printer drivers, carrying a severity score of 9.4. This flaw affects several Canon printer models using outdated driver versions, making them susceptible to malicious exploits.

The vulnerability allows attackers to:

Halt Printing Operations: Disrupt normal printer functionality, causing operational downtimes.
Execute Arbitrary Code: Run malicious applications that could compromise the entire system.

Canon has advised users to update their printer drivers immediately via the official Canon website to mitigate these risks. The vulnerability is rooted in EMF recode processing, highlighting the ongoing dangers associated with outdated drivers and the Bring Your Own Vulnerable Driver (BYOVD) attack technique.

Dave Buettner elaborated on the implications of this vulnerability, noting that BYOVD attacks involve attackers installing known vulnerable drivers to exploit system weaknesses, often aiming for higher-privilege access such as kernel-level control. This incident underscores the critical need for organizations to maintain updated drivers and employ rigorous security protocols to defend against such sophisticated attack vectors.

5. Check Point Software Reports Data Breach Amidst Discrepancies

Check Point Software has confirmed a data breach, originally claimed by the threat actor Core Injection. The company states that the breach occurred in December 2024, involving limited access that posed no threat to customers or systems. According to Check Point, compromised credentials provided access to a small portal, exposing basic account and contact information from three organizations.

However, cybersecurity expert Alon Gal disputed Check Point's account, presenting evidence from leaked data that indicates the breach affected over 121,000 accounts with admin-level access, far exceeding the company's initial description. Gal also pointed out the absence of any public SEC disclosure regarding the December incident, raising concerns about the integrity and transparency of Check Point's response.

Dave Buettner highlighted the ongoing scrutiny of Check Point's security measures, noting past vulnerabilities in their VPN and security gateway products. The discrepancy between Check Point's official statements and expert analyses fuels ongoing debates about the true scale and impact of the breach, as well as the company's overall security posture.

6. FTC Enforces Privacy Obligations on 23andMe During Bankruptcy Proceedings

The Federal Trade Commission (FTC) has issued a stern warning to the bankruptcy trustees of 23andMe, a leading genetic testing company, ensuring that any sale of the company's assets must uphold prior privacy commitments made to consumers. Filed under Chapter 11 on March 23, 23andMe holds sensitive genetic and health data from millions of users.

FTC Chair Andrew Ferguson emphasized that prospective buyers are legally bound to respect the company's existing promises, which include:

Restrictions on Sharing Personal Data: Users' genetic information cannot be shared without explicit consent or legal orders.
Data Security Guarantees: Ensuring robust protections for stored genetic and health data.

This directive comes in the wake of a significant 2023 data breach that affected approximately 6.9 million users, resulting in a $30 million settlement. The breach exposed genetic and ancestry data through a credential stuffing attack, intensifying concerns over data protection practices.

Dave Buettner discussed the implications of the FTC's intervention, noting that the regulation seeks to preserve consumer trust and protect genetic privacy even as the company navigates bankruptcy. The Department of Justice (DOJ) is also monitoring the case closely to ensure comprehensive protection of consumer data.

23andMe has so far refrained from commenting on the FTC's stance but continues to offer users options to delete their data or revoke research consent, reflecting ongoing efforts to manage the fallout from the breach and maintain user trust.

7. Canadian Hacker Arrested for Texas Republican Party System Breaches

A Canadian national, Aubrey Cottle (also known as Curtainer), affiliated with the Anonymous collective, has been arrested and charged in the United States for alleged unauthorized breaches of systems linked to the Texas Republican Party. Prosecutors allege that Cottle infiltrated Epic, a hosting provider serving the Texas GOP and Texas Right to Life, extracting and publicly disseminating personal data.

The unsealed complaint in Texas details evidence of Cottle's activities, including taking credit for the hack on platforms like Discord and TikTok. A 2022 raid on his Ontario residence uncovered 20 terabytes of stolen data, underscoring the magnitude of the breach. Cottle faces charges for unlawfully using personal identifying information, with potential penalties of up to five years in prison upon conviction.

Dave Buettner reported on Cottle's history of targeting conservative platforms and his media appearances discussing Anonymous operations. The investigation, led jointly by the FBI and Canadian authorities since 2022, culminated in his arrest as a direct response to aggressive protests against Texas abortion laws. The resulting data leaks from Epic-hosted sites have had widespread repercussions, exposing extensive personal information and highlighting vulnerabilities within political party infrastructures.

8. GCHQ Intern Pleads Guilty to Stealing Classified Data

Hassan Arshad, a 25-year-old student intern at the UK's Government Communications Headquarters (GCHQ), pleaded guilty to charges of stealing highly classified data on August 24, 2022, just days before his year-long placement concluded. Arshad admitted to violating the Computer Misuse Act by:

Unauthorized Data Access: Downloading classified information, including sensitive names and a valuable tool, using his GCHQ-issued phone within secure areas.
Data Transfer: Transferring the stolen data to a personal hard drive at his residence.

Prosecutors revealed that the stolen software was valued at millions of pounds, underscoring the potential national security implications. Additionally, investigators discovered indecent images of a child on Arshad's devices, for which he had previously pleaded guilty. Despite these charges, Arshad claimed his actions were driven by curiosity, not financial gain.

Dave Buettner discussed the gravity of Arshad's breach, emphasizing the breach of trust inherent in an organization like GCHQ. Arshad faces sentencing on June 13 and remains on bail with strict conditions, including a ban on accessing the dark web. His legal counsel described his actions as "reckless," while the presiding judge warned that a custodial sentence is likely given the severity of his offenses.

9. Threat Vector Segment: Preparing for a Post-Quantum World and Understanding AI Confabulations

In the Threat Vector segment, host David Moulton engages in a crucial discussion with Richu Chanakeshva, Senior Product Manager at Palo Alto Networks. The conversation centers on two pivotal topics shaping the future of cybersecurity:

a. Post-Quantum Cryptography

Richu Chanakeshva elaborates on the impending necessity for organizations to brace for a post-quantum world. Quantum computers, while not yet ubiquitous, possess the capability to solve complex mathematical problems exponentially faster than classical computers. This advancement threatens to undermine current cryptographic standards, rendering much of today's encrypted data vulnerable. Chanakeshva explains:

"The ability to exist either as 0, 1 or a combination of it all at the same time is a property called superposition... the speed at which you can arrive at different outputs is significantly reduced."
— Richu Chanakeshva [16:45]

He underscores the importance of developing and adopting quantum-resistant algorithms proactively to ensure data security remains robust against quantum-enabled threats.

b. AI Confabulations

The discussion shifts to the phenomenon of AI confabulations, previously referred to as AI hallucinations. Unlike human sensory delusions, AI confabulations arise from predictive algorithms stitching together plausible-sounding but fictional outputs when faced with ambiguous or incomplete data. This distinction is critical for refining AI training methods to minimize erroneous outputs.

"Recognizing these errors as confabulations can guide us toward refining AI training methods, ensuring our digital companions are less prone to creative storytelling when they should simply admit, I don't know."
— Dave Buettner [20:03]

David Moulton concludes by emphasizing the strategic importance of preparing for these technological advancements:

"Quantum computing may not be an immediate crisis, but waiting to prepare could be a huge mistake."
— David Moulton [20:28]

This segment serves as a clarion call for organizations to invest in forward-looking cybersecurity measures that address both the challenges posed by quantum computing and the nuanced risks of advanced AI systems.

10. Reflections on AI Missteps and the Path Forward

In the final discussion, Dave Buettner delves deeper into understanding AI's tendencies to generate confabulations. Drawing parallels from the Integrative Psyche publication, he highlights that unlike humans, AI lacks perception and instead relies on predictive models that can inadvertently produce fabricated narratives to fill knowledge gaps.

This realization prompts a reevaluation of AI development strategies, urging a focus on improving data completeness and enhancing the AI's ability to admit uncertainty rather than fabricate responses. Such advancements are essential for building trustworthy AI systems that support cybersecurity without introducing new vulnerabilities through misinformation.

Conclusion

The episode "Hackers Beware, Fines Are in the Air" offers a comprehensive overview of significant cybersecurity developments as of April 2025. From legislative advancements in the UK and critical vulnerabilities uncovered by major tech companies to high-profile cyberattacks and legal repercussions for cyber offenders, the episode underscores the evolving landscape of cyber threats and the intensified regulatory responses.

Furthermore, the insightful Threat Vector segment underscores the forward-looking challenges posed by quantum computing and AI, emphasizing the imperative for organizations to proactively adapt their cybersecurity frameworks. Dave Buettner effectively weaves these narratives to provide listeners with a nuanced understanding of the current and future state of cybersecurity, ensuring they remain informed and prepared in this dynamic field.

Notable Quotes:

Richu Chanakeshva [16:45]: "The ability to exist either as 0, 1 or a combination of it all at the same time is a property called superposition... the speed at which you can arrive at different outputs is significantly reduced."
David Moulton [20:28]: "Quantum computing may not be an immediate crisis, but waiting to prepare could be a huge mistake."
Dave Buettner [20:03]: "Recognizing these errors as confabulations can guide us toward refining AI training methods, ensuring our digital companions are less prone to creative storytelling when they should simply admit, I don't know."

This comprehensive summary encapsulates the key discussions, insights, and conclusions from the podcast episode, providing a valuable resource for those seeking to stay informed on the latest cybersecurity trends and challenges.

Loading summary

Transcript14 lines

[00:02]
Dave Buettner
You're listening to the Cyberwire Network, powered by N2K. Looking for a career where innovation meets impact? Vanguard's technology team is shaping the future of financial services by solving complex challenges with cutting edge solutions. Whether you're passionate about AI, cybersecurity or cloud computing, Vanguard offers a dynamic and collaborative environment where your ideas drive change. With career growth opportunities and a focus on work life balance, you'll have the flexibility to thrive both professionally and personally. Explore open cybersecurity and technology roles today@vanguard.jobs.com the UK unveils the full scope of its upcoming cybersecurity and Resilience bill. Apple warns of critical zero day vulnerabilities under active exploitation. The Interlock Ransomware group claims responsibility for a cyber attack on National Presto industries. Microsoft flags a critical vulnerability in Canon printer drivers. Checkpoint software confirms a data breach. The FTC warns 23andMe's bankruptcy trustees to uphold their privacy obligations. A Canadian hacker's been arrested and charged for allegedly breaching systems tied to the Texas Republican Party. A GCHQ intern pleads guilty to stealing top secret data on our Threat Vector segment. David Moulton speaks with Richu Chanakeshva, senior product manager at Palo Alto Networks, about the urgent need for organizations to prepare for a post quantum world and the confabulous hallucinations of AI. No fooling it's Tuesday, April 1st, 2025. I'm Dave Buettner and this is your CyberWire Intel Briefing. Thanks for joining us. It's always great to have you with us. The UK has unveiled the full scope of its upcoming Cybersecurity and Resilience bill, aimed at boosting protection for critical national infrastructure. Tech Secretary Peter Kyle outlined three main expanding which organizations must comply, strengthening regulatory powers and giving the government flexibility to update rules quickly as threats evolve. Failing to meet directives such as patching known vulnerabilities could result in fines of £100,000 per day, or 10% of annual turnover. Additional changes under review include adding data centers and publishing a unified strategy for regulators. The bill mandates faster incident reporting within 24 hours for significant breaches and aligns more strictly than EU and US counterparts. The urgency comes amid rising cyberattacks on UK utilities surged 586% in 2023, experts warn. The plan, while crucial, demands sustained investment and staff training. The CSR bill is expected to enter Parliament later this year. Reflecting a sharp push to modernize UK cyber defences. Apple has issued an urgent security alert addressing three critical zero day vulnerabilities actively exploited in sophisticated attacks. These flaws affect iPhones, iPads, Macs, Apple Watches, Apple TVs and Vision Pro devices. One allows attackers with physical access to bypass USB restricted mode, while another lets malicious Web content escape Safari's sandbox. The third involves a use after free bug in core media that could lead to privilege escalation. Apple has released security patches for all affected systems and urges users to update immediately. The company also recommends avoiding untrusted apps, enabling lockdown mode and activating automatic updates. The vulnerabilities were discovered by security researchers including the Citizen Lab, and are being exploited in targeted attacks. The Interlock Ransomware Group has claimed responsibility for a March 1 cyber attack on National Presto Industries, a company known for home appliances and military grade ammunition. The attack, confirmed via Interlock's leak site, reportedly involved data theft of nearly 3 million files. Though the company initially disclosed the incident without naming ransomware, the leak suggests multiple subsidiaries, including National Defense Corporation and Amtech were impacted. Interlock says extortion efforts failed after the company downplayed the breach's significance and claim to have fully restored operations. Microsoft's Offensive Security team has disclosed a critical vulnerability affecting Canon printer drivers. With a severity score of 9.4. The flaw impacts several Canon printer models using older driver versions and could allow attackers to halt printing or execute arbitrary code via malicious applications. Canon urges users to update drivers from its website. The vulnerability in EMF recode processing highlights ongoing risks tied to outdated drivers and the threat of BYO VD style attacks. BYOVD stands for bring your own vulnerable driver. It's a technique used by attackers where they install a known vulnerable driver onto a system to exploit its weaknesses, usually to gain higher privileges like kernel level access. Check Point software has confirmed a data breach tied to claims by threat actor Core Injection, but insists the incident occurred in December 2024, involved limited access and posed no risk to customers or systems. The company says compromised credentials gave access to a small portal, exposing basic account and contact information from three organizations. However, cybersecurity expert Alon Gal challenged this, pointing to leaked data showing over 121,000 accounts and admin level access far exceeding Check Point's description. He also noted the absence of any public SEC disclosure from December. The breach surfaces amid ongoing scrutiny of Check Point's security posture, including past vulnerabilities in its VPN and security gateway products. While Check Point downplays the breach as recycled, data, experts continue to raise questions about the scope, access level and transparency surrounding the incident. The Federal Trade Commission has warned 23andMe's bankruptcy trustees that any sale of the company's assets must honor its prior promises to consumers about privacy and data security. Filed under chapter 11 on March 23, 23andMe hold sensitive genetic and health data from millions of users. FTC Chair Andrew Ferguson emphasized that any buyer must uphold the company's commitments, including restrictions on sharing personal data without user consent or legal orders. The FTC insists these assurances remain binding under bankruptcy law. This comes amid ongoing scrutiny following a 2023 data breach affecting roughly 6.9 million users, leading to a $30 million settlement. That breach exposed genetic and ancestry data through a credential stuffing attack. The DOJ also stated it is monitoring the case closely to protect consumer data. 23andMe has not yet commented on the FTC's position, but continues offering users the option to delete their data or revoke research consent. Canadian hacker Aubrey Cottle, known online as Curtainer and linked to the Anonymous collective, has been arrested and charged in the US for allegedly breaching systems tied to the Texas Republican Party. U.S. prosecutors say Kotl hijacked Epic, a hosting provider for the Texas GOP and Texas Right to Life, stealing personal data and sharing it publicly. The complaint, unsealed in Texas, includes evidence of Cottle taking credit for the hack on Discord and TikTok. A 2022 raid on his Ontario home uncovered 20 terabytes of stolen data. He faces charges of unlawfully using identifying information and up to five years in prison if convicted. Cottle has previously targeted conservative platforms and appeared in media discussing Anonymous operations. The FBI and Canadian authorities have been investigating him since 2022. The hack was reportedly in protest of Texas abortion laws and resulted in widespread data leaks from Epic hosted sites. Hassan Arshad, a 25 year old student on placement at the UK's GCHQ, pleaded guilty to stealing top secret data on August 24, 2022, just days before his year long placement ended. Arshad took his phone into a secure area, downloaded classified information including names and a highly valuable tool, and later transferred it to a hard drive at home. Prosecutors say the stolen software cost taxpayers millions. He admitted violating the Computer Misuse act and claimed curiosity motivated his actions, not financial gain. Investigators also found indecent images of a child on his devices to which he previously pleaded guilty. Arshad, formerly part of GCHQ's internship program, faces sentencing on June 13 and remains on bail under restrictions including a dark web ban. His lawyer described the act as reckless, while the judge warned a custodial sentence is likely. Coming up after the break on our Threat Vector segment, Dave Moulton speaks with Richu Chanakeshva, senior Product Manager at Palo Alto Networks. They're discussing the urgent need for organizations to prepare for a post quantum world and the confabulous hallucinations of AI Stick around. Hey everybody, Dave here. Have you ever wondered where your personal information is lurking online? Like many of you, I was concerned about my data being sold by data brokers, so I decided to try Deleteme. I have to say, delete me is a game changer. Within days of signing up, they started removing my personal information from hundreds of data brokers. I finally have peace of mind knowing my data privacy is protected. Deleteme's team does all the work for you with detailed reports so you know exactly what's been done. Take control of your data and keep your private life private by signing up for Deleteme now at a special discount for our listeners today. Get 20% off your DeleteMe plan when you go to JoinDeleteMe.com n2k and use promo code n2k at checkout. The only way to get 20% off is to go to JoinDeleteMe.com N2K and enter code N2K at checkout. That's JoinDeleteMe.com N2k code N2K. Are you frustrated with cyber risk scores backed by mysterious data, zero context and cloudy reasoning? Typical cyber ratings are ineffective and the true risk story is begging to be told. It's time to cut the bs. Black Kite believes in seeing the full picture with more than a score. One where companies have complete clarity in their third party cyber risk using reliable quantitative data. Make better decisions, reduce your uncertainty. Trust Black Kite on our latest Threat Vector segment, Dave Moulton speaks with Richu Chanakeshva, senior Product manager at Palo Alto Networks. They're discussing the urgent need for organizations to prepare for a post Quantum World.
[13:55]
David Moulton
Hi, I'm David Moulton, host of the Threat Vector podcast where we discuss pressing cybersecurity threats and resilience and uncover insights into the latest industry trends. If you care about encryption, sensitive data or what the future of cybersecurity looks like, you should check out my recent episode of Threat Vector. We're tackling quantum computing. Not just what it is, but why it matters now. Even if quantum computers are still a few years or decades away, why should.
[14:22]
Richu Chanakeshva
Everybody care about it? And why should everybody start doing something around this migration today? The bigger problem with cryptography is that painfully slow migration process.
[14:34]
David Moulton
I'll talk with Richu Chanakeshwa, a senior product manager here at Palo Alto Networks who's leading efforts around post quantum cryptography. You won't want to miss this episode. Subscribe now. Richu, welcome to threatvector. I am so excited to have you on the show today.
[14:53]
Richu Chanakeshva
Thank you, David. Thank you for having me.
[14:55]
David Moulton
Richu. I look around and I see classical computing, classical computing everywhere. Laptops, phones, the cars we drive. Right, Those sorts of things all the way to, you know, giant server installations in cloud compute. But what I don't know is where does one go to see quantum computing happening?
[15:14]
Richu Chanakeshva
Quantum computers are not meant to be your gender purpose computers. So you will not see them, not in the history of it, at least as far as I can tell today. You will not see them as a daily use for a general purpose application. Instead, what quantum computers are is for a very niche set of computations which are complex, which require quadratic speeds, which are mathematical algorithms, which have not been kind of force tested on the classical supercomputers. And if they did try, they would take billions of years, if not millions. Right. So that is the niche where quantum computers can start playing a big role. They are of course, based on a completely different set of rules. They're based on quantum mechanics. And then if I go into the technicalities, it gets to a place where quantum bit called the qubit almost can exist. Yeah, a qubit Q, U, V, I, T. A qubit can exist in, in multiple states at once. So if you look at classical computers, it's 0 or 1, it has a binary state and at one given, at any given point it's either 0 or 1 or a combination of it. But with, with qubits, they can be at all, at the same time.
[16:46]
David Moulton
Okay, that's a little hard for me to grasp. What is it about that quantum state, that qubit, that makes it such a powerful computer in a different way than a classical computer? That ability to be in all the states has to be part of it, right?
[17:04]
Richu Chanakeshva
Yeah, yeah. So the ability to exist either as 0, 1 or a combination of it all at the same time is a property called superposition, which means that if you have multiple different algorithms, or let's say you have different states in which you want to test out an algorithm to arrive at different kinds of output, to then envision a certain output being the actual result, you can run all of those different computations at the same time. So your requirement now to run these different computations serially now becomes something that you can do parallel, and you can do that on a set of qubits. So the speed at which you can arrive at different outputs is significantly reduced. So that's one second. Second is of course today you require a lot more qubits, and the mapping of a logical qubit to the underlying physical qubit has been the bigger conversation, and then error bits added to that and so on. But once we get to a state where the overall errors can be reduced and Google Willow has taken a good step ahead from the last update that we heard in December 24, you will see that there are going to be less error bits required and just enough qubits to actually arrive at multiple outputs out of which one of it is going to be the right result that you're looking for. So it's more of a probabilistic solution that quantum computers help arrive at versus something that's more deterministic or linear that classical computers focus on.
[19:00]
David Moulton
So to set the stage, we've got these computers that are very niche, as you put it. They're not shipping in my next smart refrigerator. And although I've seen a quantum computer at an event and they told me that most of the stuff I was seeing was actually refrigerant and ways of keeping it extraordinarily cold, maybe we'll talk about that later. They have the ability to do something phenomenal is the collapsed time on mathematical problem solving and that could lead to the data that we encrypt with today's best cryptographic standards no longer standing up to this type of computing. And so we need these new algorithms and you talked about them a little bit there a second ago. Who's making the algorithms and how do we test them and how do we know that they work if these computers aren't widespread and we have great Q and A on a concept that's being tested by another algorithm or another concept.
[20:03]
Richu Chanakeshva
So it is important to note that a lot of these newer algorithms that we are going to adopt as a quantum resistant or a post quantum cryptographic algorithm is only theoretically fruit of.
[20:28]
Dave Buettner
If.
[20:28]
David Moulton
There'S one thing I'm taking away from this discussion with Richu, it's this Quantum computing may not be an immediate crisis, but waiting to prepare could be a huge mistake. Check out the Episode Wherever you listen to podcasts, subscribe now.
[20:50]
Dave Buettner
Be sure to check out the Threat Vector podcast wherever you get your favorite podcasts. Is your AppSec program actually reducing risk? Developers and AppSec teams drown in critical alerts, yet 95% of fixes don't reduce real risk. Why? Traditional tools use generic prioritization and lack the ability to filter real threats from noise high impact threats slip through and surface in production. Costing 10 times more to fix, AUX Security helps you focus on the 5% of issues that truly matter before they reach the cloud. Find out what risks deserve your attention in 2025. Download the application Security benchmark from AUX Security. And finally, imagine AI as that friend who, when unsure, confidently fills in the blanks with plausible sounding fiction. Traditionally, we've termed these AI missteps, hallucinations, implying sensory delusions. However, as highlighted by the publication Integrative Psyche, a more fitting label is confabulations, fabricated stories constructed to mask gaps in knowledge. This distinction matters because, unlike humans, who might see or hear things that aren't there, AI doesn't perceive, it predicts. When faced with ambiguous prompts or incomplete data, AI doesn't experience a psychedelic trip it simply stitches together its best guess, sometimes resulting in convincing but entirely fictional outputs. Recognizing these errors as confabulations can guide us toward refining AI training methods, ensuring our digital companions are less prone to creative storytelling when they should simply admit, I don't know. And that's the Cyberwire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trang Hester, with original music and sound design by Elliot Peltzman. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher, and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. Cyber threats are evolving every second, and staying ahead is more than just a challenge it's a necessity. That's why we're thrilled to partner with Threat Locker, the cybersecurity solution trusted by businesses worldwide. ThreatLocker is a full suite of solutions designed to give you total control, stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely. Visit threatlocker.com today to see how a default deny approach can keep your company safe and compliant.