Dave Bittner

You're listening to the Cyberwire Network powered by N2K.

Host/Interviewer

If securing your network feels harder than it should be, you're not imagining it. Modern businesses need strong protection, but they don't always have the time, staff or patience for complex setups. That's where Nord layer comes in. Nordlayer is a toggle ready network security platform built for businesses. It brings VPN access control and threat protection together in one place. No hardware, no complicated configuration. You can deploy it in minutes and be up and running in less than 10. It's built on zero trust principles so only the right people can get access to the right resources. It works across all major platforms, scales easily as your teams grow and integrates with what you already use and and now Nordlayer goes even further through its partnership with CrowdStrike, combining NordLayer's network security with Falcon Endpoint protection for small and mid sized businesses. Enterprise grade security made manageable Try Nordlayer risk free and get up to 22% off yearly plans plus an extra 10% with the code CYBERWIRE10. Visit nordlayer.com cyberwire daily to learn more. A popular chatbot exposes millions of private user messages the White House rescinds Biden era federal software security guidance. A senior Secret Service official urges more scrutiny of domain registration. The President's NSA pick champions section702 France looks to reduce reliance on US digital infrastructure infrastructure CISA shares guidance on insider threats Hugging face infrastructure was abused to distribute an Android rat Ivanti discloses a pair of critical zero days Popular dating sites suffer a data breach Our guest is Tim Starks from cyberscoop discussing how the US looks to push its view of AI cybersecurity standards to the rest of the world and the Nobel Committee blames hackers for a spoiler alert. Foreign. January 30, 2026 I'm Dave Bittner and this is your Cyberwire Intel Briefing. Thanks for joining us here today. It's great to have you with us. An independent security researcher found that Chat and Ask AI, a popular chatbot app claiming over 50 million users, exposed hundreds of millions of private user messages due to a misconfigured Google Firebase database. According to reporting by 404 Media, the exposed data included highly sensitive chats such as questions about suicide, drug manufacturing and hacking, along with full conversation, conversation histories, timestamps and model settings. The researcher accessed roughly 300 million messages tied to more than 25 million users. Chat and Ask AI, developed by Turkish firm Codeway, uses large language models from multiple providers. Codewe fixed the issue within hours of disclosure Researchers note that Firebase misconfigurations are a long standing widespread problem affecting many mobile apps and continue to expose user data at scale. The White House has rescinded Biden era federal software security guidance, calling it unproven and overly burdensome. In a new memo, the Office of Management and Budget revoked prior requirements for standardized secure software development practices and shifted responsibility to individual agency heads. Agencies must now tailor software and hardware security policies to their missions and risk profiles. While no longer mandatory, tools like software bills of materials may still be used and the guidance expands focus to hardware supply chain risks through hardware bills of materials. A senior United States Secret Service official warned that weaknesses in the Internet's domain registration system are being widely exploited by criminals but receive too little attention. Speaking at a policy forum, Matt Noyes said registrars routinely allow bulk reg of deceptive domain names used in phishing and fraud. He argued the problem stems from Internet governance, particularly how Internet Assigned Numbers Authority operates, noting that domain registrations lack meaningful identity or trademark validation. As a result, companies like Microsoft and Google are forced into reactive court ordered takedowns. Noyes said that major Internet firms could act more proactively by limiting ads, search results or infrastructure tied to concentrated abuse. He also highlighted business email compromise as another systemic trust failure, noting that email identity is routinely assumed but rarely verified. President Donald Trump's nominee to lead the National Security Agency, Army Lt. Gen. Joshua Rudd, strongly defended Section 702 of the Foreign Intelligence Surveillance act during a Senate hearing, calling it indispensable to national security and life saving operations. Section 702 allows US agencies to collect foreign intelligence from US tech companies, but can also sweep up Americans communications without warrants. The authority expires April 19, with no renewal bill yet introduced. Rudd's stance could conflict with Trump and Tulsi Gabbard, both past critics of the program. Senators questioned warrant requirements and civil liberties protections while committees moved Rudd's nomination forward, positioning him for confirmation before the NSA's acting chief retires. France is moving to reduce reliance on US Digital infrastructure by replacing American video conferencing tools with a government built alternative. French Defense Minister Sebastien Lecornu announced that officials will transition from platforms like Zoom and Microsoft Teams to a new French application called Visio by year's end. The government said non European tools pose cybersecurity and data control risks and framed the shift as a step toward digital sovereignty. Visio is hosted by French cloud provider Outscale and uses AI features from domestic firms. The move follows similar efforts across Europe to localize messaging, productivity and AI tools. Amid growing concerns about strategic dependence on US Technology, especially after renewed tensions in transatlantic relations, the Cybersecurity and Infrastructure Security Agency is urging critical infrastructure organizations and state, local, tribal and territorial governments to take stronger action against insider threats. To support that effort, CISA released a new infographic titled Assembling a Multidisciplinary Insider Threat Management Team, offering practical guidance to help organizations prevent, detect and mitigate insider risks. CISA emphasized that insider threats include both malicious actions and unintentional mistakes, each capable of causing serious operational and reputational harm. Acting Director Madhu Garamukala said insider threats remain among the most serious security challenges because they erode trust and disrupt critical operations. Infrastructure security executive Steve Cassapula added that mature insider threat programs improve resilience and called on organizations to build cross functional teams and foster a culture where employees feel empowered to report concerns. Researchers at bitdefender report that Hugging Face infrastructure was abused to distribute an Android remote access Trojan. The campaign used a fake security app called Trust Bastion, delivered via ads, which acted as a dropper, and downloaded malicious payloads from Hugging Face repositories. The malware requested extensive permissions, enabling full device control, screen capture and credential theft while impersonating financial services. Although the original repository was removed, the operation resurfaced under a different app name before Hugging Face took down the data sets. Ivanti disclosed two critical zero day vulnerabilities in Ivanti Endpoint Manager mobile, both rated CVSS 9.8 and already exploited in the wild. The flaws allow unauthenticated remote code execution, potentially exposing sensitive administrator, user and mobile device data, including credentials and location information. Avanti released temporary RPM hotfixes for affected versions and urged customers to apply them immediately, noting the fixes must be reapplied after upgrades. Permanent fixes are expected in upcoming versions. CISA added the vulnerability to its known Exploited Vulnerabilities catalog, requiring US Federal agencies to remediate or stop using affected systems by February 1. Match Group, owner of dating platforms including Tinder, Hinge, Match.com and OkCupid, confirmed a cybersecurity incident after the Shiny Hunters gang leaked data allegedly tied to 10 million users. Match Group said attackers accessed a limited amount of user data and that there's no evidence login credentials, financial information or private messages were compromised, according to reporting by Bleeping Computer. The breach stemmed from a social engineering attack that compromised an Okta single sign on account granting access to marketing, analytics and cloud storage systems. Match Group said it contained the intrusion quickly is notifying affected users and continues to investigate with external experts. Coming up after the break, Tim Starks from cyberscoop discusses how the US looks to push its view of AI cybersecurity standards to the rest of the world. And the Nobel Committee blames hackers for a spoiler alert. Stay with us. What's your 2am Security worry? Is it do I have the right controls in place? Maybe Are my vendors secure or the one that really keeps you up at night? How do I get out from under these old tools and manual processes? That's where Vanta comes in. Vanta automates the manual work so you can stop sweating over spreadsheets, chasing audit evidence and filling out endless questionnaires. Their trust management platform continuously monitors your systems, centralizes your data, and simplifies your security at scale. And it fits right into your workflows. Using AI to streamline evidence collection, flag risks, and keep your program audit ready all the time. With Vanta, you get everything you need to move faster, scale confidently and finally, get back to sleep. Get started@vanta.com cyber that's V A N T A dot com cyber. When it comes to mobile application security, good enough is a risk. A recent Survey shows that 72% of organizations reported at least one mobile application security incident last year and 92% of responders reported threat levels have increased in the past two years. Guard Square delivers the highest level of security for your mobile apps without compromising performance, time to market or user experience. Discover how Guard Square provides industry leading security for your Android and iOS apps at www.guard square.com. It is always my treat to welcome back to the show Tim Starks. He is a senior reporter at cyberscoop. Tim, welcome back.

Tim Starks

It's my treat as well.

Host/Interviewer

So a couple stories that you have published here recently. In fact, this one is we touched on earlier today in today's Cyberwire News brief. And this is about some comments that a senior Secret Service official made yesterday about some holes in security that has caught his eye. What's going on here, Tim?

Tim Starks

Yeah, he talked about a couple, but one that was pretty interesting. He said we don't talk about this in polite company. So that's always appealing if you're a reporter.

Host/Interviewer

Right?

Tim Starks

Lean in you go. Oh, what's this?

Host/Interviewer

Right.

Tim Starks

Anyway, he talked about something that I don't hear discussed that much. Certainly I hear it discussed, but I don't hear it discussed that often and not at this level of alarm. Essentially he's saying that the way domains are registered is a very big vulnerability. If you look at the number of phishing attacks that rely on fake URLs. He says, We've got a, this process is not working. You might recall this was something that used to be under pretty much exclusive United States authority, assigned numbers authority, or iana. And it's been about a decade since we handed it off. But interestingly, Matt with the Secret Service had made the point that US tech companies could do something about this.

Host/Interviewer

Well, he pointed out the issue. Did he offer up solutions?

Tim Starks

He basically said, tech companies, you can fix this. Certainly right now one of the things that happens is there are tech companies that are doing something about it, but it's more on the back end. Uses words. You've seen things like Google and Microsoft going to the courts and getting takedowns of domains, which is more of a setback for the organizations. And maybe sometimes it's a bad setback, but it doesn't stop the practice. To use his exact words, I'm just reading what he said. The major Internet players in the US they could change the nature of the Internet and change the governance of that, to clean that up when there's a heavy concentration of abuse and fraud. But he didn't go into any further detail about how they could do that.

Host/Interviewer

Do you feel like. Well, let me rephrase that and say that I feel that there is a sense of resignation when it comes to this sort of thing that, that we've been operating this way for so long that it'd be hard to turn this battleship.

Tim Starks

Yeah, it's one of the, you know, it goes back to the, to the thing that you hear said in cybersecurity a lot, which is the Internet wasn't built for security. There may be things that could be done about this, but we're talking about Internet governance, you know, we're talking about how the Internet works even so. So maybe it's not such a simple solution. One of the things he also brought up, I'll mention, because he brought it up as well, but business email compromise, which is subject, dialogue, covering because it's just billions and billions of dollars every year, it's a massive amount of Internet enabled fraud that's happening out there. Another situation where it's just the setup. He said we're too set up to trust emails that we get. That leads to this kind of implicit trust that you have and the system isn't designed to handle that. So he is talking about some big picture things that would probably be hard to fix.

Host/Interviewer

Yeah, I wonder too. It strikes me that at this exact moment Our global influence, I think it's fair to say, is waning when it comes to setting policy for the rest of the world. And whether or not that's a valley that may rise up on the other side, or if this is the shape of things to come for the foreseeable future, who knows? But it sort of ties into another story that you published about the US Looking to be the leader when it comes to global policy for AI.

Tim Starks

Yeah, that's a really interesting contrast you draw because if you look at some other things we've written about in recent weeks, we've seen the administration pull out of a number of international organizations on cyber, or that at least have some amount of cyber involved in what they're doing. So it's interesting that on one hand you have a top secret service official saying that Internet governance isn't working, and then on the other hand, you have an official from the office of the National Cyber Director, Alexander Seymour, saying, we need to launch a diplomatic effort essentially to make it so that AI standards on cybersecurity that the rest of the world are using are version. And there has been some work to that extent during this administration. Despite how much the Trump administration is pulling back internationally, it's definitely interesting that they're saying on this we want to see the US Be more of a leader. I think what maybe is the difference is that it's part of, if you listen to her remarks in full, it's part of a talk about the US AI tech stack, if you will. The phrase that I think is, it's a little jargony that I don't like using, but I'm quoting her, just essentially trying to push American AI. This administration clearly thinks that it's an economic inroad for the United States to have some more sustained dominance. So I think that might be the difference. Use our standards on this. We're pulling out of all these other cyber things, but use our standards on this because, by the way, we might make a little money on it if we do that.

Host/Interviewer

Well, again, looking back to today's rundown of our cyberwar news, we had a story about France dialing back their use of US Video conferencing technology. They're bringing it in house. And, and I think we're seeing, day after day, we're seeing these reports where governments around the world are saying, we don't want to be so reliant on the US These days.

Tim Starks

Exactly. And, you know, you. We talk about intelligence sharing between allied nations, even about them being about other countries being more Reluctant to share intelligence with us. And in cyberspace, that's huge. If countries start pulling back from sharing intelligence with the United States on cyber issues, that's a big, I guess, force multiplier would be the opposite, a force divider. It would reduce the amount of capabilities we have to defend against cyber attacks.

Host/Interviewer

If not us, who? In other words, if the rest of the world says we can't rely on the United States for the leadership that we've always provided when it comes to tech and cyber, does that put China in the driver's seat? What do you think?

Tim Starks

That's always the risk, certainly. Especially when it comes to cyberspace issues. I think there have been some efforts. We're just sticking with the subject of AI. Last spring, there was an EU oriented AI action plan. So I think that we might see a more fractured, regionalized kind of way to approach cybersecurity and cybersecurity issues. But when there's a power void and there's one country that is bigger than all the others, literally in every way, why wouldn't they see that as an opportunity? I think the issue for China, of course, is that there's a big body of evidence, and I'm not saying that the United States has been perfect prior to this administration either, but there's a big body of evidence that. That China has been a very bad actor in cyberspace. So there's a chance that they won't be able to make the kind of inroads that they would otherwise be able to make. But, you know, during the times of 5G and Huawei and all those, you know, go back just even a couple years, there was a big effort to make America a dominant force in all these areas. But other countries were tempted to enlist with Huawei and China because of prices and because of costs and because of intelligence risks. It might seem like an act of desperation if countries were to turn to China, but it's happened before, and I don't see why it couldn't potentially happen again.

Host/Interviewer

Yeah. All right, well, time will tell, right?

Tim Starks

You love that saying. Yes, time will definitely tell.

Host/Interviewer

All right, Tim Starks, senior reporter at cyberscoop. Tim, thanks so much for joining us.

Dave Bittner

This episode is brought to you by indeed. Stop waiting around for the perfect candidate. Instead, use INDEED sponsored jobs to find the right people with the right skills fast. It's a simple way to make sure your listing is the first candidate seen. According to INDEED data, sponsored jobs have four times more applicants than non sponsored jobs. So go build your dream team today with Indeed. Get a $75 sponsored job credit at Indeed.com podcast terms and conditions apply.

Tim Starks

Are you a forward thinker? Then you need an HR and finance platform that thinks like you do. Workday is the AI platform that helps propel your organization, your workforce and your industry into the future. Workday moving business forever forward.

Host/Interviewer

And finally, the Norwegian Nobel Institute says a cyber intrusion is the most likely culprit behind last year's premature leak of Peace Prize winner Maria Corinha Makedo. Investigators, assisted by Norwegian security authorities, concluded someone likely hacked their systems conveniently just hours before betting markets lit up on Polymarket. An internal leak the institute insists was thoroughly examined and politely ruled out. The episode drew extra attention to an already politicized prize, thanks in part to Donald Trump, who publicly argued he deserved the honor and later accepted Mikado's medal anyway, a plot twist few had on their bingo card. The institute declined to pursue a police case, citing a lack of clear theory, while delicately noting its cybersecurity routines could, like many laureates speeches, use some tightening. And that's the cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com be sure to check out this weekend's Research Saturday and my conversation with University of New Mexico security researcher Mohammed Dhanish about the push for frictionless user experiences and how that's led many services to rely on SMS delivered single click URLs. That's Research Saturday. Check it out. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K senior producer is Alice Carouse. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music by Elliot Helxman. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher and I'm Dave Pifner. Thanks for listening. We'll see you back here next week. If you only attend one cybersecurity conference this year, make it RSAC 2026. It's happening March 23rd through the 26th in San Francisco, bringing together the global security community from four days of expert insights, hands on learning and real innovation. I'll say this plainly, I never miss this conference. The ideas and conversations stay with me all year. Join thousands of practitioners and leaders tackling today's toughest challenges and shaping what comes next. Register today@rsaconference.com cyberwire26 I'll see you in San Francisco.

Tim Starks

Well, the holidays have come and gone once again. But if you've forgotten to get that special someone in your life a gift, well, Mint Mobile is extending their holiday offer of half off unlimited wireless. So here's the idea. You get it now. You call it an early present for next year. What do you have to lose? Give it a try@mintmobile.com Switch limited time.

Dave Bittner

50% off regular price for new customers. Upfront payment required $45 for 3 months, $90 for 6 months or $180 for 12 month plan taxes and fees. Extra speeds may slow after 50 gigabytes per month when network is busy. See terms.