Hackers ignore the ceasefire. - CyberWire Daily

Summary6 min read

CyberWire Daily – "Hackers Ignore the Ceasefire"
Date: April 9, 2026
Host: Dave Bittner (N2K Networks)

Episode Overview

This episode covers ongoing cybersecurity threats and trends, focusing on continued Iranian cyber operations despite a recent ceasefire, major news in software vulnerabilities and right-to-repair, and highlighted insights from Edgar Capdevieli, CEO of Nozomi Networks, on industrial/operational technology (OT) security amid global tensions and AI-driven threats. The episode blends current events with expert industry commentary.

Key Discussion Points & Insights

1. Iran-Linked Hackers Persist After Ceasefire ([00:14]–[03:39])

Pro-Iranian Hacker Groups: Despite a fragile ceasefire among Iran, the US, and Israel, groups vow to continue cyber operations.
- Notably, group “Handela” pauses US-targeted attacks but continues targeting Israel and reserves right to resume US operations.
Critical Infrastructure at Risk:
- US authorities warn that Iran-linked threat actors have already infiltrated programmable logic controllers in essential sectors (ports, power plants, water systems).
- Agencies urge immediate defense upgrades.
Expert Warning: Ceasefires could trigger increased cyber activities as attackers shift to softer, commercial targets (defense contractors, data centers).
- Most attacks are symbolic but signal persistent, evolving cyber risks in modern conflicts.

“Experts caution that cyber activity may actually increase during a ceasefire as threat actors shift attention toward U.S. companies connected to the war effort.” – Host ([01:18])

2. Security Industry and Vulnerability News ([03:39]–[08:12])

Microsoft Suspends Open Source Developer Accounts:
- Temporary suspensions affected major projects (Wireguard, Veracrypt, Memtest86, Windscribe).
- Developers complained of poor communication; Microsoft cited missed verification requirements, now reviewing notification processes.

“Developers said they received no warning or clear explanation and were unable to reach human support.” – Host ([04:22])

John Deere Right to Repair Settlement:
- Farmers win $99M settlement, gain access to critical repair tools for 10 years.
- Could influence broader right-to-repair movements; FTC lawsuit still pending.
Adobe Reader Zero-Day:
- Researcher Hai Fei Li detects a likely zero-day exploit in Adobe Reader, actively abused with Russia-linked oil/gas lures.
- Exploit chain unconfirmed, but potential for remote code execution and sandbox escape.
- Adobe investigating.
Palo Alto Networks and Sonicwall Patch Severe Flaws:
- Patches address critical enterprise platform vulnerabilities.
- Urgent update advice; no active exploitation reported yet.
macOS Crypto Wallet Malware:
- “Not Null OS X” malware targets high-value crypto users with advanced social engineering.
- Tactics include fake Google Docs errors, Trojanized apps, and “replace app” attacks.

3. Social Engineering and DDoS Threats ([08:12]–[10:40])

UNC6783 Live Chat Social Engineering (Google TAG):
- Financially motivated group targets business process outsourcers and large companies via Help Desk and Live Chat.
- Techniques: Spoofed Okta login pages, clipboard MFA stealing, fake updates, extortion via ProtonMail.
- Defense advice: Use phishing-resistant MFA, monitor chat channels, audit new devices.
Majesu Botnet (Trellix):
- Persistent DDoS-for-hire botnet since 2023, targets diverse devices.
- Features: Attack volumes in hundreds of Gbps, updated C2 redundancy, avoids government IP blocks.

4. Federal Vulnerability Mandate – Ivanti Patch ([10:40]–[11:35])

CISA Mandate:
- Federal agencies must patch a critical Ivanti EndPoint Manager Mobile vulnerability within four days.
- Vulnerability allows unauthenticated remote code execution; nearly 950 exposed online instances remain.
- CISA adds the issue to its "Known Exploited Vulnerabilities" catalog.

“CISA added the issue to its known Exploited Vulnerabilities catalog and urged all organizations to prioritize patching immediately due to ongoing risk.” – Host ([11:18])

Feature Interview: Edgar Capdevieli, CEO of Nozomi Networks

Topic: Nation-State and AI Threats to OT Security
([13:43]–[23:32]; selected highlights)

Setting the Scene – OT Security in Geopolitical Crisis

Iranian and Regional Threats:
- Iran has a history as a sophisticated threat actor in industrial/critical infrastructure.
- Current conflicts have “heightened” activity across transportation, manufacturing, and energy.

“Iran has been a long time active threat actor... Now that the conflict is very, very active and very, very kinetic, the threat landscape has been... heightened really very much.” – Edgar Capdevieli ([14:12])

Parallels to Russian-Ukrainian Conflict:
- Early indicators of attacks echo initial stages of Russia-Ukraine cyber conflict.
- Focus on reconnaissance, credential theft, lateral movement.

“You see kind of the early MITRE activities like...credentials identity... beginnings of lateral movement. We're starting to see that now...” – Edgar Capdevieli ([15:29])

Attacker Persistence Despite Infrastructure Cuts:
- State-supported groups unaffected by civilian internet outages.

The Current State of Global Critical Infrastructure Security

Maturation of Industry:
- Security mindset evolved from nascent/innovative to mainstream; growing, but not infinite budgets.
- “Evildoers” (attackers) leverage AI faster than defenders, making average hackers more dangerous.

“A mediocre hacker with AI becomes a sophisticated hacker.” – Edgar Capdevieli ([18:58]) - AI enables IT hackers to swiftly become OT attackers, lowering the expertise barrier.

Proactive Security and Cultural Change

Cycle of Equipment and Security Response:
- Equipment upgrade cycles remain slow due to 20–30-year lifespans.
- The real shift: Improved collaboration between IT and OT roles, faster, more regular patching and security integration.
- Air-gapped facility myth is obsolete; frequent, timely upgrades now essential.

“The huge myth that my facilities are air gapped, that's no longer the case. That's a myth. That's a lie. Everybody knows that.” – Edgar Capdevieli ([20:45])

Cultural Evolution in Security Leadership:
- Traditional “stay out of my way” OT vs. “security first” IT divide is closing, with CISOs asserting more centralized control.
- Still, plant/operations managers retain primary decision power for specific industrial systems (Rockwell, Siemens, etc.), due to long asset lifespans and complexity.

“The CISO has centralized authority, centralized responsibility, and centralized budgeting... it's more in partnership because it is still the plan manager or the operations people or the production people that decide...” – Edgar Capdevieli ([22:17])

Memorable Quotes & Moments

“A mediocre hacker with AI becomes a sophisticated hacker.” – Edgar Capdevieli ([18:58])
“The huge myth that my facilities are air gapped, that's no longer the case. That's a myth. That's a lie. Everybody knows that.” – Edgar Capdevieli ([20:45])
“You can't just say, okay, I bought this plant and I decided that I don't like the vendor that they use. I'm just going to go change it. That is not in the cost structure of the plant.” – Edgar Capdevieli ([23:18])

Other Noteworthy Technical Finds

macOS 49-Day Bug ([24:27]):
- macOS freezes TCP networking after ~49.7 days uptime due to a 32-bit counter overflow; reboot is only fix.

“After exactly 49 days, 17 hours, 2 minutes and 47 seconds, a 32 bit counter in the XNU kernel quietly overflows and freezes the system's internal TCP clock.” – Host ([24:27])

Timestamps of Key Segments

Iranian hacker activity and warnings: [00:14]–[03:39]
Microsoft account suspension incident: [03:39]–[04:51]
Adobe Reader zero-day and other vulnerabilities: [05:38]–[08:12]
UNC6783 social engineering campaign: [08:12]–[09:25]
Majesu botnet tactics: [09:42]–[10:40]
CISA Ivanti mandate: [10:40]–[11:35]
Edgar Capdevieli on OT security: [13:43]–[23:32]
macOS 49-day networking bug: [24:27]–[25:17]

Conclusion

This episode delivers a dense snapshot of current and emerging cybersecurity threats with particular focus on nation-state tactics and escalating vulnerabilities in critical infrastructure. The expert perspective of Edgar Capdevieli offers unique insider views on attacker tradecraft, the role of AI, and the evolving industry culture around OT security—a must-listen (or read) for professionals facing these cross-sector cyber risks.

Loading summary

Transcript34 lines

[00:02]
A
You're listening to the Cyberwire Network powered by N2K.
[00:14]
B
No, it's not your imagination. Risk and regulation really are ramping up, and these days customers expect proof of security before they'll even do business. That's where Vanta comes in. Vanta automates your compliance process and brings compliance, risk and customer trust together on one AI powered platform. So whether you're getting ready for a SoC2 or managing an enterprise governance risk and compliance program, Vanta helps keep you secure and keeps your deals moving. Companies like Ramp and RYTR spend 82% less time on audits with Vanta. That means less time chasing paperwork and more time focused on growth. For me, it comes down to this. Over 10,000 companies, from startups to large enterprises, trust Vanta to help prove their security. Get started@vanta.com cyber. Iran Linked hackers signal cyber attacks will continue despite the ceasefire Microsoft restores access after suspending open source developer accounts John Deere settles its right to repair fight Suspected Adobe Reader Zero Day surfaces Palo Alto Networks and Sonicwall patch high severity flaws New macOS malware targets Crypto wallets A threat cluster abuses Live chat to bypass MFA CISA orders Urgent Ivanti patching researchers Track a stealthy DDoS for hire botnet Our guest is Edgar Captivieli, CEO of Nozomi Networks, sharing insights on threats posed by nation states and AI on OT security and Mac OS has a 49 day time limit. It's Thursday, April 9, 2026. I'm Dave Buettner and this is your Cyberwire Intel Briefing. Thanks for joining us here today. It's great as always to have you with us. Pro. Iranian hacker groups say a fragile ceasefire involving Iran, the United States and Israel will not stop their cyber operations, warning that digital retaliation will continue despite reduced military tensions. One group, handela, said it's pausing attacks on US Targets for now, but will keep targeting Israel and may resume operations against America later. US Authorities also warned that Iran linked hackers have already infiltrated programmable logic controllers used in critical infrastructure such as ports, power plants and water systems. Security agencies urged organizations to strengthen defenses immediately. Experts caution that cyber activity may actually increase during a ceasefire as threat actors shift attention toward U.S. companies connected to the war effort, including data centers and defense contractors. So far, many attacks appear more symbolic than destructive, but analysts warn they still highlight persistent vulnerabilities and the growing role of cyber operations as a lasting feature of modern conflict. Microsoft suspended developer accounts used to maintain several widely used open source Windows projects, temporarily preventing them from publishing updates and security patches. Affected software included Wireguard, Veracrypt, Memtest86 and Windscribe. Developers said they received no warning or clear explanation and were unable to reach human support, raising concerns about delayed responses to potential security vulnerabilities affecting Windows users. After public reporting, Microsoft said the suspensions resulted from missed mandatory account verification requirements in the Windows hardware program, which partners had been notified about since October of last year. Accounts that failed verification within 30 days were automatically suspended. Microsoft executives later acknowledged communication gaps and said the company is reviewing its notification process. Some accounts began moving toward reinstatement after media attention prompted direct outreach from Microsoft leadership. Farmers reached a landmark settlement with John Deere in a long running right to repair dispute, securing $99 million for plaintiffs who paid authorized dealers for major equipment repairs since 2018. Court documents indicate participants may recover 26 to 53% of alleged overcharged dam, well above typical class action recoveries. The agreement also requires Deere to provide digital tools needed for maintenance diagnostics and repairs on tractors and combines for 10 years, addressing long standing restrictions that previously forced some farmers to modify equipment software themselves. The settlement still requires judicial approval. Deere also continues to face a separate lawsuit from the Federal Trade Commission, which alleges the company unlawfully restricted repair access, a case that could influence broader right to repair efforts across multiple industries. Researcher Hai Fei Li reports a likely actively exploited zero day in Adobe Reader after detecting a malicious PDF through his Xmon sandbox system. The file can collect system data and may enable remote code execution and sandbox escape. Though the full attack chain remains unconfirmed, evidence suggests exploitation may have been ongoing for at least four months, with some samples using Russian language lures tied to oil and gas topics. Adobe is reviewing the findings after receiving disclosure details. In early April, Palo Alto Networks and Sonicwall released patches for multiple vulnerabilities, including two high severity flaws affecting enterprise security platforms. Palo Alto Networks fixed a vulnerability in Cortex xsoar and XSIM integrations with Microsoft Teams, which could allow attackers to tamper with protected resources, along with additional Windows Agent and chromium related issues. Sonicwall addressed an issue in SMA 1000 firewalls, which could enable privilege escalation, plus flaws exposing VPN credentials or bypassing authentication. Neither company reports active exploitation but urges prompt updates. Researchers at Moonlock Lab identified not null OS x, a new macOS malware strain designed to steal cryptocurrency from high value victims with balances above $10,000. First detected on March 30. Activity has been observed in Vietnam, Taiwan and Spain the malware uses social engineering, including fake Google Docs errors and a Trojanized wall space app to trick users into running malicious terminal commands and granting full disk access. It can read sensitive data and maintain persistent remote control. A feature called Replace app swaps legitimate wallet tools such as Ledger Live and Trezor with malicious versions to capture seed phrases. Researchers attribute the platform to a developer known as OXFF and warn its modular design could support broader future targeting. Google Threat Intelligence Group Researchers warn that a financially motivated threat cluster tracked as UNC6783 is targeting business process outsourcers and large enterprises through Help Desk and Live Chat social engineering to enable data theft and extortion. Principal analyst Austin Larson said attackers direct employees to spoofed Okta login pages using deceptive Zendesk style domains that capture credentials and clipboard based multi factor authentication data, allowing persistent access. The group also distributes fake security updates that install remote access malware and and later sends ransom notes via protonmail after exfiltration. Researchers say the tactics resemble earlier Help Desk focused extortion campaigns and urge organizations to deploy Phishing resistant authentication to monitor chat channels and audit newly enrolled MFA devices. Researchers at Trellix report that the Majesu botnet has operated continuously since 2023 and as a stealth focused DDoS for hire platform targeting routers, gateways and other IoT devices across multiple processor architectures. Marketed primarily through Telegram, the service supports large scale tcp, UDP and HTTP flooding and claims attack volumes reaching hundreds of gigabits per second. The malware spreads by scanning for known vulnerabilities in devices from vendors such as D Link, gpon and Netgear while using XOR based obfuscation, cron persistence and process spoofing to evade detection. It also avoids block listed government IP ranges to reduce scrutiny. Updated samples show expanded command and control redundancy and broader device targeting, underscoring the botnet's evolution into a resilient, commercially operated extortion and disruption platform. CISA has ordered federal agencies to patch a critical vulnerability in Ivanti Endpoint Manager Mobile within four days after confirming active exploitation since January. The flaw allows unauthenticated remote code execution on exposed systems. Avanti previously warned only a limited number of customers were affected, but nearly 950 Internet facing instances remain visible. CISA added the issue to its known Exploited Vulnerabilities catalog and urged all organizations to prioritize patching immediately due to ongoing risk. Coming up after the break, my conversation with Edgar Captivieli, CEO of Nozomi Networks. We're talking about threats posed by nation states and AI on OT security and macOS has a 49 day time limit. Stay with us. Maybe that's an urgent message from your CEO, or maybe it's a deepfake trying to target your business. Doppel is the AI native social engineering defense platform fighting back against impersonation and manipulation. As attackers use AI to make their tactics more sophisticated, Doppel uses it to fight back from automatically dismantling cross channel attacks to building team resilience and more. Doppel outpacing what's next in social engineering. Learn more@dopl.com that's d o p e l.com. Edgard Captivieli is CEO of Nozomi Networks. I recently sat down with him at the RSAC 2026 conference for this sponsored Industry Insights conversation about threats posed by nation states and AI on OT security.
[13:02]
C
Now, it's not like it which you know, I decide the brand of the laptop of the CEO as well as the brand of the laptop of the plan manager. It's more in partnership because it is still the plan manager or the operations people or the production people that decide, you know, what kind of whether it's Rockwell or Siemens or Schneider or GE or Mitsubishi, what combination of vendors they're going to have, sometimes it's not a decision, sometimes they come via an acquisition. And as we discussed, the life of this asset is longer. So you can't just say, okay, I bought this plant and I decided that I don't like the vendor that they use. I'm just going to go change it. That is not in the cost structure of the plant.
[13:44]
D
And we are here at RSAC 2026 right on the show floor. And joining me is Edgar Capdeviel. He is the CEO of Nozomi Networks. Edgar, thank you so much for joining us.
[13:55]
C
Thanks for having me.
[13:56]
D
We find ourselves in a very interesting moment in history with the activities going on in Iran, the conflict there. What does that mean for the world of industrial control, critical infrastructure, all those things.
[14:12]
C
As you might expect, Iran and that region relies heavily on critical infrastructure, both on the defensive and the offensive side. Iran has been a long time active threat actor in terms of various apts and in particular addressing critical infrastructure and industrial control networks. Now that the conflict is very, very active and very, very kinetic, the threat landscape has been, you know, Heitland really very much. We have a ton of customers in the region and we have been able to get a lot of threat intelligence around what Iran is doing and there's been very significant Activity both in transportation, manufacturing and energy.
[15:04]
D
Can you give us some insights of the types of things that you're tracking? What sort of activity are we talking about?
[15:10]
C
We're tracking various groups that have been known for, for a long time. Yeah, Apt 33, 34 in the 40s as well. And these groups are like I said, very active. We are able to do a lot of visibility. I'm going to actually turn it back to maybe a different conflict.
[15:29]
B
Yeah.
[15:30]
C
When the Russian Ukrainian conflict was starting, we saw also a lot of Russian activity and we were able to see the peak and the low of those attacks in the rise you see kind of the early MITRE activities like these credentials identity in the beginnings maybe of lateral movement. And we're starting to see that now. We're in the early chapters of this Iranian. So we've seen a lot of early attacks, a lot of reconnaissance work, a lot of credentials acquisition and even some lateral movements.
[16:04]
D
That's interesting. So you really see echoes of previously tracked trade craft. History does sort of repeat itself.
[16:12]
C
Absolutely. In the world of it, you're able to move much faster. In the world of OT and critical infrastructure, these attacks take longer. They're the discovery phase or the early phases of those APT attacks are longer. There's a lot more discovery required.
[16:27]
D
We've seen reports that Internet has basically been shut down in Iran. How does that affect everything? Does that, does that get in the way of the threat actors themselves being.
[16:38]
C
I mean some communications have been affected, but these are very organized groups that work in tandem with the government. Their Internet is not shut down. They're very, very active. I see, yes.
[16:49]
D
What about the other threat actors around the world? Are they taking advantage of this as a misdirection so they can do their own things?
[16:57]
C
I think the level of attacks around the world is so far relatively unchanged. This Iranian set of activity has gone up significantly in volume.
[17:09]
D
Can we take a step back and maybe looking down from a higher altitude, how would you describe the state of things globally when it comes to protecting critical infrastructure?
[17:20]
C
Yeah, of course. Critical infrastructure security has gone through a journey. Right. Nozomi is now celebrating, celebrating its 12 years. 1112 years in business. Congratulations. Thank you, thank you. And we've seen all the different journeys. We went through the very nascent journey where only innovators adopted the technology. Then we went through the growth journey which is like people are aware of the threat, but it's a new investment. And therefore since budgets are not infinite, you need to work through the trade offs. And how do you you digest this New investment through the business model of the company. You can't just invest in something new very much like a household budget. If you have all of a sudden a new kid, you can't just all of a sudden say, okay, calibrate, my salary should go up. That doesn't happen, right? So you need to work this new item through the business model of the companies. And now we have entered the mainstream part of the market where everybody is aware we have been investing in this technology for a while. So the budget that we're working on this year is slightly bigger than the budget that existed last year, but we're not working from zero, right? So most companies have budget allocated for industrial, OT or IoT cybersecurity. And we're just getting better and better with the adoption of AI. The evildoers, the hackers, are always ahead of us. They're not burdened by regulation, they're not burdened by decision around technologies. They just adopt it and use it right away. So one of the new effects is that a mediocre hacker with AI becomes a sophisticated hacker. And in the world of critical infrastructure, you can have an IT hacker become an OT hacker fairly quickly. They don't have to learn the intricacies of industrial control systems or how each plant basically is a snowflake, right? Each plant is very unique, even though if you're copying them, the industrial controls, internals are very, very unique. So navigating through that uniqueness is something that people can do easier and easier with AI.
[19:34]
D
It strikes me that over the past few years, well, the past few years that I've been keeping track of the type of work that you and your colleagues do, it felt like we were for a while in kind of a reactive stage. You know, the conversations were about, particularly on the OT side, the update cycles of these pieces of equipment are measured in decades, not digital machine speed. Do you feel as though we're in a place where we're more proactive now, that there's more recognition that we have to get ahead of these things, that the velocity is different than it was?
[20:13]
C
So I think the proactiveness is not going to be measured by how the cycle of the equipment changes, because the cycle of the equipment and the deployment of technology is not going to change. When you look at a substation, that substation is supposed to live for 20 to 30 years. Sometimes your laptop is so only supposed to live three to five years. And those two things are not going to change. What is going to change is the disposition of the different partnerships, the vendors the users, the operators, in terms of how frequent and how flexible we're going to be in terms of patching equipment, incorporating security if it wasn't there in the first place. So I think the days of number one, I believe the huge myth that my facilities are air gapped, that's no longer the case. That's a myth. That's a lie. Everybody knows that. The fact that you still have very outdated versions of software, Windows XP running the thing, which is an infestation, it's basically a honeypot, if you will. And the fact that you decide that, hey, I'm just going to spend a lot of time or I'm going to let a long time pass without patching and I'm going to wait, maybe not this maintenance cycle or maybe the other one, but the other one that those that is also changing. So keeping up with the versions, keeping up with the patching, because security now is as important as consistency when it comes to optimum availability.
[21:42]
D
Do you feel like there's been a cultural maturation? We used to talk about the IT folks and the OT folks and they didn't always see eye to eye. Have we. Is there been improvement there?
[21:58]
C
I think we have evolved quite a bit. At the very, very beginning, the OT folks were in charge of availability and production. And don't bother me, I need to keep up with my production schedule.
[22:08]
B
Right.
[22:09]
C
And the IT folks were in charge of their kind of IT systems. And in the past, you know, if a vendor sold you the interconnect of your industrial automation, that was part of that vendor's footprint, whether or not it was an ethernet cable connecting everything together. Right. Okay. Nowadays, it would be a fireable offense if a CISO were to believe that TCP IP connection is not under his or her responsibility, whether or not that's connecting a printer or connecting a plc. I see. So now the CISO has centralized authority, centralized responsibility, and centralized budgeting. Now, it's not like it, which, you know, I decide the brand of the laptop of the CEO as well as the brand of the laptop of the plan manager. It's more in partnership because it is still the plan manager or the operations people or the production people that decide, you know, what kind of. Whether it's Rockwell or Siemens or Schneider or GE or Mitsubishi, what combination of vendors they're going to have. Sometimes it's not a decision, sometimes they come via an acquisition. And as we discussed, the life of this asset is longer. So you can't just say, okay, I bought this plant and I decided that I don't like the vendor that they use. I'm just going to go change it. That is not in the cost structure of the plant.
[23:27]
D
Well, Edgar Captiviel is CEO of Nozomi Networks. Thank you so much for joining us.
[23:32]
C
Thank you for having me.
[23:39]
B
There's a lot more to this conversation than we have time to share here, so please check out the full unedited interview. You can find a link to that in our show. Show Notes.
[24:00]
A
K Pop Demon Hunters, Haja Boy's Breakfast Meal and Hunt Tricks Meal have just dropped at McDonald's. They're calling this a battle for the fans. What do you say to that, Rumi? It's not a battle. So glad the Saja boys could take breakfast and give our meal the rest of the day.
[24:14]
B
It is an honor to share.
[24:16]
A
No, it's our honor.
[24:17]
C
It is our larger honor.
[24:19]
A
No, really, stop. You can really feel the respect in this battle. Pick a meal to pick a side
[24:28]
B
and participate in McDonald's while supplies last. And finally Once upon a time, classic Pre OS X Max had a reputation for freezing if you merely looked at them wrong. Modern macOS, by contrast, feels rock solid right up until day 49.7 of continuous uptime. Researchers at Photon discovered that after exactly 49 days, 17 hours, 2 minutes and 47 seconds, a 32 bit counter in the XNU kernel quietly overflows and freezes the system's internal TCP clock. When that happens, closed connections in the time wait state never expire, ephemeral ports accumulate, new TCP sessions fail, and services slowly lose the ability to talk to anything at all. Ping still works, which deepens the mystery. The issue surfaced in long running imessage monitoring systems and was reproduced experimentally, then traced to a single comparison guarding the kernel's TCP timestamp counterpart. The result is a silent countdown Timer built into macOS networking. The only reliable fix today is a reboot before the clock runs out. And that's the Cyberwire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwiren2k.com N2K's lead producers, Liz Stokes, were mixed by Trey Hester with original music and sound design by Elliot Peltzman. Our contributing host is Maria Vermazes. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher. I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. Sam.