Sponsor Announcer

You're listening to the Cyberwire Network, powered by N2K. This episode is brought to you by Indeed. Stop waiting around for the perfect candidate. Instead, use Indeed Sponsored Jobs to find the right people with the right skills fast. It's a simple way to make sure your listing is the first candidate. C According to Indeed data, Sponsored Jobs have four times more applicants than non sponsored jobs. So go build your dream team today with Indeed. Get a $75 sponsor job credit@ Indeed.com podcast. Terms and conditions apply.

Dave Bittner

Dark Sword targets iPhones for indiscriminate exploitation cybercrime in the Iran war. The FBI confirms purchasing commercially available location data. The DHS secretary nominee gets grilled on CISA funding. A Zimbra collaboration suite, Vulner, is being used in targeted espionage. A new Android malware targets sensitive data stored in user notes. AWS warns of ongoing interlock ransomware activity tracking pixels grab more than they should Harry Carpenter and Mason Amadeus from the Fake Files podcast speak with Haynie Farid about the real world harms of synthetic media and do boomers balance breaches better. Foreign. March 19, 2026 I'm Dave Bittner and this is your Cyberwire Intel Briefing. Thanks for joining us here today. It's great to have you with us. A newly discovered iPhone hacking technique called Dark Sword marks a shift from rare targeted attacks to large scale, indiscriminate exploitation. Researchers at Google, Iverify and Lookout found the tool embedded in compromised websites, allowing attackers to silently hack iPhones that simply visit those pages. It primarily affects devices running older versions of iOS 18, which still account for roughly a quarter of iPhones. Dark Sword can extract sensitive data, including passwords, messages, photos, and even cryptocurrency wallet credentials. It uses fileless methods, hijacking legitimate system processes to avoid detection, and operates in a quick smash and grab fashion before disappearing after a reboot. The tool has been linked to Russian espionage campaigns and earlier attacks in multiple countries, but its code was left exposed online, making it easy for other hackers to reuse. Researchers warn this reflects a growing market where advanced iPhone exploits are being widely shared, increasing risks for everyday users, not just high value targets. Has cybercrime activity surged since the start of the Iran war? Well, that depends on who you ask. Akamai reports a 245% increase in attacks, particularly targeting banking and fintech sectors. Most activity involves reconnaissance and infrastructure scanning, including spikes in botnet traffic, credential harvesting, and distributed denial of service preparation. While some attacks originated from Iran, many were routed through Russia and China, often via proxy services used by hacktivists. Researchers also observed increased activity from pro Russian groups and Iran linked actors like Handela, which claimed a destructive attack on a U.S. medical firm. Despite this, CISA reports no significant rise in nation state threats, noting a steady overall landscape. The findings highlight how geopolitical conflict is expanding the cyberattack surface, with both state linked and criminal groups exploiting the situation. The FBI has confirmed it's purchasing commercially available location data to track individuals, according to Director Kash Patel's Senate testimony yesterday. This marks a shift from 2023 to when the agency said it was not actively buying such data. Officials say the practice complies with existing laws and has produced useful intelligence. The disclosure raises concerns among lawmakers who argue it bypasses warrant requirements established by the Supreme Court. Proposed legislation would require warrants for such purchases, while others defend the practice as a necessary tool for law enforcement. Senator Mark Wayne Mullen, nominee for DHS secretary, faced questions over whether he would restore staffing and funding cuts at the Cybersecurity and Infrastructure Security Agency. Lawmakers highlighted that the agency's workforce was reduced by about one third and its budget significantly cut under current leadership. Mullin did not commit to reversing those changes, instead emphasizing the need to recruit the right people and ensure mission readiness without specifying staffing levels. Senators warned that rising geopolitical tensions, including conflict with Iran, could increase cyber threats, underscoring the need for a fully resourced cyber defense agency. Critics argued that recent cuts have weakened national cybersecurity, citing program reductions and disruptions at cisa, Mullen is expected to advance to a full Senate confirmation vote. Speaking of cisa, they've added a critical Zimbra collaboration suite vulnerability to the known Exploited Vulnerabilities catalog, citing active exploitation. The flaw is a stored cross site scripting issue in Zimbra's classic UI that allows attackers to embed malicious code in emails. When opened, the code executes within the user's session, enabling data theft, session hijacking and broader system compromise. Researchers report the flaw has been used in targeted espionage, including a campaign attributed to Russian linked group APT28 against a Ukrainian government agency. The attack required no links or attachments relying entirely on malicious HTML email content. CISA has ordered federal agencies to patch by April 1, urging immediate updates or discontinuation of the platform if unpatched. Perseus is a new Android malware that targets sensitive data stored in user notes, including passwords, recovery phrases and financial details disguised as IPTV apps in unofficial app stores. It exploits side loading habits to infect devices and gain full control using Android accessibility services. Researchers at ThreatFabric report that Perseus can capture screenshots, perform overlay attacks and remotely control devices with a focus on financial and crypto apps, particularly in Turkey and Italy. Notably, it systematically scans note taking apps, a rare capability. The malware reflects a broader trend of attackers exploiting pirated streaming apps to distribute banking Trojans and steal personal data. The Interlock Ransomware group has been exploiting a critical zero day flaw in Cisco's Secure Firewall Management center since January, according to aws. The vulnerability allows unauthenticated attackers to execute code as root, giving full system control. AWS observed attackers using the flaw for initial access, then deploying scripts, custom remote access tools and a memory resident web shell to maintain stealthy persistence. They also installed backup access via remote management software. The campaign highlights the risks of zero day exploits where attacks occur before patches are available, reinforcing the need for layered defenses and continuous monitoring alongside rapid patching. A new analysis from Jscrambler finds that TikTok and meta tracking pixels collect far more data than typical. Ad attribution requires raising privacy and security concerns beyond tracking user behavior. These pixels gather personal information such as emails, phone numbers and addresses, then convert them into persistent identifiers that can be re linked to individuals, the research shows. The pixels also capture detailed commerce data including product selections, pricing and checkout activity, often without businesses fully realizing the scope. In some cases, sensitive data is collected before or despite user consent and and may even be transmitted insecurely. This creates potential violations of privacy laws like GDPR and CCPA while also exposing businesses to competitive risks as the collected data can enhance ad targeting for larger rivals. Coming up after the break, Perry Carpenter and Mason Amadeus speak with Haney Farid about the real world harms of synthetic media and de boomers balance breaches Better stick around. No, it's not your imagination. Risk and regulation really are ramping up and these days customers expect proof of security before they'll even do business. That's where Vanta comes in. Vanta automates your compliance process and brings compliance, risk and customer trust together on one AI powered platform. So whether you're getting ready for a SoC2 or managing an enterprise governance risk and compliance program, Vanta helps keep you secure and keeps your deals moving. Companies like Ramp and RYTR spend 82% less time on audits. With Vanta, that means less time chasing paperwork and more time focused on growth. For me, it comes down to over 10,000 companies, from startups to large enterprises. Trust Vanta to help prove their security. Get started@vanta.com cyber.

Home Depot Announcer

Spring starts at the Home Depot and we are bringing the heat to your backyard this season. Fire up the flavor with our wide variety of grills for under $300 like the next grill 4 burner gas grill that's perfect for hosting your spring cookout. Then set the scene and turn your outdoor space into the go to spot the patio sets for every budget. Bring it this season with grills that deliver flavor and patios that set the vibe from the Home Depot. Start your spring with low prices guaranteed at the Home Depot. Exclusions apply. See homedepot.com pricematch for details.

Dave Bittner

Perry Carpenter and Mason Amadeus are the hosts of the Fake Files podcast right here on the N2K CyberWire network. On one of their most recent shows, they sat down with Haney Farid about the real world harms of synthetic media.

Mason Amadeus

Hi, my name is Mason Amadeus and I'm one of the hosts of the Fake Files podcast here on the Cyberwire Network and I wanted to share this clip with you of our most recent episode featuring Hani Farid, who is a professor at UC Berkeley and an expert in digital image forensic analysis. We talked to him about deepfakes and how to do deepfake detection, right?

Hani Farid

In order to do this you have to understand two things fundamentally, which is how our natural images and videos and audio recorded what happens from the physical world through the recording to what I'm seeing. And then how does AI work? Reverse engineering all these tools that we've been talking about? How does a face swap work? How does SORA work? How does voice cloning work? And then finding statistical, physical geometric properties that distinguish those two. Importantly here, this is not a full blown brute force black box approach. Just throw a bunch of data at it and hope that the machine can figure it out. We start by more or less figuring it out and then using the machine to simply make the measurements that we wanted to make. And that way we become a little bit more future proof. We have explainability. We know why we are saying what we are saying. It's not just machine learning on machine learning, right? It's physics, it's geometry, it's signal processing, it's understanding the file path. It's the whole sort of ecosystem of content creation. And that is where you really start to be able to tell a very rich story.

Mason Amadeus

So I mentioned before that I first encountered Hani's work through a TED Talk that he gave a while back. And in that talk, the bit that stood out to me the most was this super cool segment where he demonstrated a forensic image analysis technique where you take the noise of the image, you take the Fourier transform of that noise, which is like breaking down the frequency components of that noise. And then you can see these patterns emerge that don't happen normally when you take a photo, but are a side effect of the way that AI generates images. And I've never seen anyone go that deep on how to analyze whether something is real or not. I thought it was fascinating, it was scientific, it was grounded, it was explainable, and it's super freakin cool. Hani's gonna break down part of that process for us now, so we're gonna get a little bit into nerd stuff. But he's really good at keeping it very easy to understand. So stick with us through this because I think this is one of the coolest parts.

Hani Farid

So when you take an image, when you pick up one of these phones, you are fundamentally converting an analog signal, photons, light, into a digital signal. And that process is imperfect for a number of reasons. That sensor has some imperfections in how it translates the number of photons that are incident on the cell to a digital signal. And those imperfections, broadly speaking, we say, are noise. And they depend on how old is the camera, what is the light levels, what is the ISO settings, what is the aperture size. And you've seen this if you've taken a photo in your house at nighttime where it's really dark and you'll see almost like this grainy pattern. Yeah, that's what we call noise. Noise is very specific. It's the result of a physical process. Other side of the aisle, AI generated images. So how do you go from a text prompt to a full blown image that is semantically consistent with that prompt? So the way these diffusion models work, Gans are a little bit different. But let's talk about diffusion fusion models is you literally start with random noise, by which I mean you plop down a bunch of random pixels which just looks like snow, colored snow, and then you slowly start denoising that in a way that it makes it consistent with the caption. This is what's called the diffusion process. Diffusion is very expensive computationally. So what the diffusion models do is they start by creating a very low res image, maybe 100 by 100 pixels, and then they take that to seed the next resolution, 200 by 200, and then they take that to seed the next level. And in that process of up sampling and then running, diffusion is when you introduce an artifact in the noise Pattern, which, as you were pointing out, you can see that in what's called the Fourier transform of the residual noise. And it's a really nice pattern. We know why it comes about. It's a little hard to quantify. I showed you a very clean one in the TED talk, of course. But you know, in reality, these patterns can be quite noisy and quite subtle. And so that's where we bring machine learning in, right? We say, okay, we're going to extract the noise residual, we're going to extract the magnitude of the Fourier transform, and then we're going to feed that into the machine learning algorithm to find the patterns that are specific there. Yeah. Now the really cool thing about this pattern is it's been around since the early diffusion models and it doesn't seem to be going away because this, this, this process that I described to you, denoising diffusion up sampling just is baked into these models. It's just baked in. Now, look, five years from now, who knows, right? But, and that's important, and I think I said this in the talk too, is everything we do has a shelf life, right? You get it for a little while and then, you know, the models work around it. So there is definitely this sort of chicken and egg problem, which is why over at Get Real, we have a full time threat and tell person who works for us because his entire job is to make sure we understand the adversary, right? He's in those same chat rooms, he's listening in the dark web, he is seeing what the North Koreans are doing, he is seeing what the cyber criminals are doing. And then we are reverse engineering their reverse engineering.

Mason Amadeus

I mean, that's the way to do it, right? Having a proper team of threat researchers and forensic analysts looking at this content, using AI to help them in that process. That's the proper way to do it. But that's a lot of work, right? Compare that to the attacker who can just generate image after image after image and just keep posting. There's that famous saying that a lie gets halfway around the world before the truth gets its pants on. And so it can feel kind of futile, right? And I know, at least for me personally, I can sometimes slip into that jaded mindset of like, well, all right, then I'll just assume everything's fake, there's no point in even trying. And I brought that up in our conversation with Hani and he had a very elegant response.

Hani Farid

You know, the defeatist attitude is, well, you do this, they do this, you do this, they do this. So my thing there is, well, yeah, but what is the option, right? They do this and I do nothing. I was on a panel recently with somebody who was taking this position and he was criticizing this whole trying to defend against defects. And I said to him, well, let me ask you this. Did you lock your front door when you left the house today? And he said, yes. And I said, well, then shut the hell up. Yeah, yeah, that's a good point. Because why do you lock your front door? Somebody can pick the lock. Somebody can break the window. Like we do reasonable things to give us reasonable safety, right? That's okay. It's okay if something slipped through the cracks, right? But if you know the average knucklehead can defeat our systems and interfere with our elections and commit multimillion dollar fraud, we're in huge trouble.

Mason Amadeus

If you want to hear our full episode featuring Hani Farid, you can check out our YouTube channel or find us in your favorite podcast app. Just search for the Fake files, but it's F A I K because it's fake, but with AI in the middle. The fake files. Okay, thanks for listening.

Dave Bittner

Be sure to check out the Fake Files podcast wherever you get your favorite shows or on our website thecyberwire.com.

Sponsor Announcer

Get IN the game WITH the College Branded Venmo Debit Card Rep your team with every tap and earn up to 5% cash back with Venmo Stash, a new rewards program from Venmo. No monthly fee, no minimum balance, just school pride and spending power. Get in the game and sign up for the Venmo debit card@venmo.com collegecard the Venmo MasterCard is issued by the Vanccorp Bank NA Select Schools available Venmo Stash terms and exclusions apply at venmo me stashterms max $100 cash back per month.

Focus Features Announcer

This episode is brought to you by Focus Features. Would you let AI pilot your plane? Raise your child? Decide your future? On March 27, Focus Features presents the AI Doc, or how I Became an Apocalyptimist Critics and audience at the Sundance and Southwest Film Festivals call it the most urgent movie of our time. The AI doc, or How I Became an Apocalyptimist rated PG13 only in theaters March 27.

Dave Bittner

And finally, baby boomers, it turns out, approach cyber attacks a bit like a surprise storm, best handled by waiting for official instructions rather than running outside with an umbrella. Research from KnowBefore shows older users are more likely to wait and see after a major data breach, while younger generations rush to check if they've been exposed. But there's a twist. The same boomers who hesitate in a crisis are far more disciplined behind the scenes. They're more likely to use unique passwords and install upgrades, quietly doing the cybersecurity equivalent of eating their vegetables. Younger users, meanwhile, know the rules but often ignore them. Despite their caution, older adults remain frequent scam targets, suggesting that good habits help but timing and awareness still matter just as much as strong passwords. And that's the Cyberwire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's lead producer is listed. Stokes were mixed by Trey Hester with original music and sound design by Elliot Peltzman. Our contributing host is Maria Vermazes. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher and I'm Dave Pitner. Thanks for listening. We'll see you back here tomorrow. Sam.