CyberWire Daily – January 30, 2026

Episode: "Leaky chats collide with shifting security standards"

Overview

This episode of CyberWire Daily, hosted by Dave Bittner, delivers a packed cybersecurity news rundown as well as an insightful interview with Tim Starks (senior reporter at CyberScoop). The episode’s main themes center on serious lapses in data security—most notably, a massive chatbot breach—and the shifting, often fractious landscape of cybersecurity governance and standards. Discussion points range from domestic regulatory changes to global influence battles over AI policy, culminating in a big-picture look at where the US stands in global cyber leadership, and the risk of adversaries like China gaining ground.

Key News and Analysis

1. Chatbot Data Exposure: A Massive Leak

• Incident:
  A security researcher discovered that "Chat and Ask AI", with over 50 million users, exposed about 300 million private user messages through a misconfigured Google Firebase database.
• Sensitive Data:
  Exposed content included deeply personal conversations, covering topics like suicide, drug manufacturing, and hacking.
• Response:
  Turkish developer Codeway fixed the issue within hours.
• Industry Concern:
  Firebase misconfigurations are a “widespread, longstanding problem” with ongoing risks for many mobile apps.

Notable Quote:

“The researcher accessed roughly 300 million messages tied to more than 25 million users.” (03:30)

2. US Federal Software Security Policy Rollback

• Development:
  The White House rescinded Biden-era federal software security guidance, citing unproven efficacy and burdensome processes.
• Agencies' New Responsibilities:
  Security policies are now to be tailored by each agency, rather than dictated centrally.
• Updated Focus:
  Though software bills of materials (SBOMs) are now optional, the new guidance expands supply chain risk management to hardware via bills of materials for hardware components.

3. Internet Domain Registration Weaknesses

• Problem Statement:
  Senior Secret Service official Matt Noyes highlighted domain registration as a critical vulnerability, especially in fostering phishing and fraud.
• Lack of Oversight:
  Domain systems, lacking in identity/trademark validation, allow criminals to register deceptive domains easily.
• Reactive Model:
  Large companies like Google and Microsoft end up relying on court-ordered takedowns, which are typically too late to prevent abuse.

Notable Quote:

“The major Internet players in the US … could change the nature of the Internet and change the governance of that, to clean that up when there's a heavy concentration of abuse and fraud.”
(Matt Noyes, as paraphrased by Tim Starks, 15:44)

Tim Starks’ Analysis:

“We're talking about Internet governance ... maybe it's not such a simple solution.” (16:11)

4. NSA Leadership and Section 702 Debate

• Nomination:
  Lt. Gen. Joshua Rudd, Trump's nominee for NSA, strongly defended Section 702 of the FISA Act as “indispensable.”
• Controversy:
  Section 702 enables intelligence collection from US tech firms but risks sweeping up American communications without warrants; this has civil liberties advocates concerned.
• Legislative Tension:
  The authority is set to expire soon, but no renewal bill has been introduced, a point of tension between the nominee and parts of both parties in Congress.

5. France Reduces Reliance on US Tech

• Action:
  French officials will swap American video conferencing tools with a domestic platform (“Visio”) to reduce sovereignty and security risks.
• Broader Trend:
  This marks a broader European push toward domestic solutions for messaging, AI, and productivity—responding to both cybersecurity and geopolitical concerns.

6. Guidance Against Insider Threats (CISA)

• New Resource:
  CISA published guidance for critical infrastructure and governmental bodies on building robust insider threat management teams.
• Key Message:
  Both malicious and unintentional insider actions are serious threats to operational and reputational integrity.
• Expert Comment:

  “Mature insider threat programs improve resilience and called on organizations to build cross functional teams ... foster a culture where employees feel empowered to report concerns.” (Steve Cassapula, paraphrased, 11:30)

7. Malware Campaigns/Zero Days/Data Breaches

• Hugging Face Abused for Android RAT:
  Ad-driven malware campaign delivered a fake security app (“Trust Bastion”) using Hugging Face as distribution infrastructure. Payloads enabled full device compromise.
• Ivanti’s Zero Day Flaws:
  Two new remote execution vulnerabilities (CVSS 9.8) actively exploited in the wild. Ivanti issued hotfixes; agencies ordered to remediate immediately.
• Match Group Breach:
  Dating site conglomerate Match Group (Tinder, Hinge, OkCupid) confirms data breach after Shiny Hunters leaked data tied to 10 million users. Stemmed from a social engineering attack via Okta SSO.

Featured Interview: Tim Starks, CyberScoop Senior Reporter

Internet Governance and Domain Security Concerns

Discussion Points (13:40 - 15:57):

• Matt Noyes (Secret Service) voiced rare, urgent concerns about lack of domain registration scrutiny—a vulnerability rarely acknowledged at “this level of alarm.”

• “He said we don't talk about this in polite company. … The way domains are registered is a very big vulnerability. … We’ve got a, this process is not working.”
  (Tim Starks, quoting Matt Noyes, 14:04)

• Starks explains how post-IANA (Internet Assigned Numbers Authority) US control, regulatory leverage over domain abuses has faded.
• Symptom: Large-scale phishing continues with little deterrent.

On Solutions (15:12):

“He basically said, tech companies, you can fix this … the major internet players in the US … could change the nature of the Internet and clean that up when there's a heavy concentration of abuse and fraud. But he didn't go into any further detail…”
(Tim Starks, quoting Matt Noyes, 15:44)

Structural Challenges:

“We're talking about Internet governance ... it's not such a simple solution.”
(Tim Starks, 16:11)

US Cyber Policy Global Influence

Declining Policy Clout (17:00 - 18:50):

• Host asks if America’s global leadership is faltering; Tim Starks notes the contrast between the US pulling out of various international cyber arrangements, while simultaneously seeking to export its AI/cybersecurity standards.

• “It’s interesting that on one hand you have a top Secret Service official saying that Internet governance isn’t working, and then ... the National Cyber Director ... saying, we need to launch a diplomatic effort … so that AI standards on cybersecurity that the rest of the world are using are our version.”
  (Tim Starks, 17:37)

• US AI standards push has clear economic motivations.

• “This administration clearly thinks that it’s an economic inroad for the United States to have some more sustained dominance.”
  (Tim Starks, 19:00)

European shifts (France 'going local'):

• Discussion about France and other European governments shifting to locally-owned technology further illustrates global fragmentation.

Adversarial Power Gaps

Risk of China Stepping Up (20:04 - 21:41):

• Host: “If the rest of the world says we can’t rely on the US … does that put China in the driver's seat?”

• “That’s always the risk, certainly ... I think we might see a more fractured, regionalized kind of way to approach cybersecurity … but when there’s a power void … why wouldn’t [China] see that as an opportunity?”
  (Tim Starks, 20:19)

• Starks points to global hesitance due to China’s cyber reputation, but suggests desperation or lower cost could tip scales as in past Huawei/5G debates.

Memorable Quotes & Moments (with Timestamps)

• On Domain Registration Vulnerability:

  “He said we don't talk about this in polite company. … The way domains are registered is a very big vulnerability.”
  (Tim Starks quoting Matt Noyes, 14:04)

• On US Cyber Influence:

  “Despite how much the Trump administration is pulling back internationally, it's definitely interesting that they're saying on this we want to see the US Be more of a leader.”
  (Tim Starks, 17:50)

• On China Filling the Gap:

  “It might seem like an act of desperation if countries were to turn to China, but it's happened before, and I don't see why it couldn't potentially happen again.”
  (Tim Starks, 21:19)

• Host, succinctly summing up uncertainty:

  “Well, time will tell, right?” (21:41)

Final Segment: Nobel Institute Hack (22:57)

• The Norwegian Nobel Institute concludes a cyber intrusion likely caused last year’s Peace Prize winner leak—an embarrassing incident with real-world market consequences.
• The Institute “politely ruled out” internal leaks but conceded that their “cybersecurity routines could, like many laureates' speeches, use some tightening.”

Important Timestamps

• 00:45 – 04:32: Chat and Ask AI data breach details
• 04:40 – 06:10: Rollback of US federal software security policy
• 06:16 – 10:20: Internet domain vulnerabilities as crime enablers
• 10:24 – 11:55: NSA nominee’s defense of Section 702
• 12:03 – 12:50: France’s digital sovereignty efforts
• 13:38 – 21:41: Tim Starks Interview (Internet governance, US cyber policy, global influence, China risk)
• 22:57 – end: Nobel Prize leak attributed to hackers

Conclusion

This episode blends hard-hitting breach and vulnerability news with a reflective, well-explained discussion (via Tim Starks) about the broader strategic context of global cybersecurity policy. Key takeaways include the persistence of basic security lapses (from apps to domains), the uncertain US role in global cyber leadership, and the seismic shifts at the intersection of technology, policy, and geopolitics.