Summary8 min read

CyberWire Daily – Episode Summary

Podcast: CyberWire Daily
Episode Title: Meta’s recovery plan needed recovery
Date: June 8, 2026
Host: Dave Bittner
Special Guest: Tim Starks, Senior Reporter at CyberScoop

Episode Overview

This episode provides a comprehensive update on recent developments in cybersecurity, including vulnerabilities affecting major platforms, government agency challenges, evolving threat actors, and business trends in the cyber sector. Key segments cover Meta’s Instagram account recovery flaw, ongoing debates about CISA funding, legal controversies involving major corporations, new malware threats, and a NATO cybersecurity exercise leveraging Ukrainian expertise. The show closes with an in-depth interview with Tim Starks about political and budgetary pressures facing CISA.

Top News and Analysis

1. Meta’s Instagram Account Recovery Flaw

[03:45 - 04:57]
Summary:
Meta identified a flaw in its AI-powered account recovery system for Instagram, enabling unauthorized attackers to seize control of over 20,000 accounts.
Key Details:
- The flaw was associated with Meta’s "high touch" support tool, which is meant to assist locked-out users.
- Attackers exploited a bug that sent password reset links to emails not associated with affected accounts.
- As a result, attackers could reset passwords and gain full access, with possible exposure of contact info, messages, photos, videos, and more.
- “Meta reported that 20,225 Instagram users were affected. Exposed information may have included contact details, profile data, messages, photos, videos, stories and account activity.” — Dave Bittner [04:19]
- Users without two-factor authentication were especially at risk.
- Meta has now disabled the vulnerable tool, invalidated reset links, and is reviewing similar recovery process vulnerabilities.
Quote:
- "Account recovery systems can become attractive attack targets when verification controls fail. Users without two-factor authentication were especially vulnerable." — Dave Bittner [04:39]

2. Meta vs. NSO Group: Legal Battle Continues

[04:57 - 06:02]
Summary:
Meta is seeking to hold NSO Group in contempt of court, alleging that the commercial spyware vendor continues to target WhatsApp users in violation of a federal injunction.
Key Details:
- New NSO-linked activity involved phishing sites, test account creations, and malicious groups.
- Meta released indicators of compromise but did not specify the scale of targeting or compromise success.
- Raises broader concerns about the enforceability of legal restrictions against spyware sellers.
- “Meta argues that continued activity would represent a direct violation of a court order issued after its earlier legal victory against NSO over Pegasus.” — Dave Bittner [05:43]

3. Major Cyber Vulnerabilities & Exploits

a) SolarWinds Serv-U Denial of Service Vulnerability

[06:02 - 06:59]
- CISA warns agencies to remediate an exploited DoS bug in SolarWinds’ Serv-U file transfer servers by June 19.
- The flaw enables unauthenticated remote attackers to crash services via crafted HTTP POST requests.
- SolarWinds has issued patches and recommends immediate updates or WAF mitigations.
- “While the flaw enables service disruption rather than system takeover, denial of service attacks can interrupt operations and potentially divert defenders’ attention from other malicious activity.” — Dave Bittner [06:54]

b) Everest Forms Pro WordPress Plugin Exploit

[06:59 - 07:56]
- A critical bug in a popular WordPress plugin lets attackers gain complete control of affected sites.
- Attackers have injected PHP code, created admin accounts, and deployed web shells.
- Over 100,000 sites may be vulnerable; users are urged to update and check admin logs.
- “Defenders should update immediately and review administrator accounts for signs of unauthorized access.” — Dave Bittner [07:54]

4. Evolving Threat Actors and Techniques

a) Coxmo: Sophisticated IoT Botnet Variant

[07:56 - 09:01]
- Fortinet researchers identified "Coxmo," a new Gafgit variant targeting DD-WRT routers and a broad range of devices.
- Features modular design, multiple CPU architecture support, and DDoS attack capabilities.
- Designed for persistence and wiping out competing malware.

b) "Pink": Identity-based Cloud Extortion Group

[09:01 - 10:12]
- Palo Alto’s Unit 42 tracks a new cybercrime group, Pink, known for voice phishing (vishing) and cloud data theft/extortion using legitimate tools.
- Exploits Microsoft 365 accounts, Microsoft Teams, and internal emails for extortion.
- Uses fileless techniques to avoid detection and leverages trusted cloud infrastructure for malicious activity.
- “The group's reliance on legitimate accounts and cloud services highlights the growing challenge of detecting identity based attacks that avoid traditional malware.” — Dave Bittner [09:55]

5. Legal and Criminal Cases in Focus

[10:12 - 11:29]
IBM and AT&T Lawsuit:
- Whistleblower suit alleges both companies failed basic cybersecurity duties and hid evidence of APT10 intrusions (attributed to China).
- Lapses in logging, segmentation, and monitoring obscured the investigation.
- IBM disputes claims; DOJ chose not to intervene.
- “The case highlights how missing visibility and monitoring can undermine incident response and leave organizations unable to determine the scope of a compromise.” — Dave Bittner [11:20]
Dark Web Drug Dealer Sentenced:
- [11:29 - 12:36]
- California man gets 26+ years for trafficking fentanyl/meth via Nemesis Market.
- Used cryptocurrencies, shipped drugs, and was caught via undercover purchases.

6. Business Brief: Cybersecurity Market Trends

[12:36 - 13:54]
Summary:
The AI and cybersecurity sectors see major investment and consolidation.
Highlights:
- Coralogix lands $200M in Series F for AI observability.
- AI security startup Gray Swan raises $40M.
- Dragos acquires Phosphorus for broader OT security.
- More mergers and funding (Jordi AI, Machn, Voxmind, etc.).
“The activity reflects continued demand for technologies that help organizations secure, govern and operationalize AI at scale.” — Dave Bittner [13:54]

Deep Dive: CISA’s Staffing and Budget Crisis

Interview: Tim Starks, Senior Reporter at CyberScoop
[15:51 - 24:55]

Key Discussion Points

The Department of Homeland Security (DHS) and CISA face deep staffing and funding cuts.
Before the current (second Trump) administration, CISA had about 3,400 staff—now down to 2,200, with plans to aim for about 2,800.
- "You might recall that before the second Trump administration, there were 3,400 people at CISA, ... that's been cut pretty dramatically. Uh, it's down to 2200..." — Tim Starks [16:57]
The Trump-proposed budget includes a $250 million cut for CISA.
Congressional Democrats object, citing increased cyber threats as the wrong time to cut capacity, but Republican-led appropriations prevail for now.
- "They said this is the wrong time to be doing this when we have all the threats we do and, and CISA being the, the important agency it is in cyber." — Tim Starks [18:11]
Some Republicans, including chairs of key committees, express concern at the depth of cuts and argue it’s about limiting what they view as “mission creep.”
- "...they also have the message when they are cutting CISA that Trump has used, which is this agency has been weaponized and was doing a bunch of work that it didn't need to be doing." — Tim Starks [20:18]
CISA lacks a confirmed director, which may reflect internal uncertainty or lack of administration support.
- "...the agency still doesn't have a director. ...it doesn't seem like an agency that's getting a lot of attention now, you know, on that, on the director front..." — Tim Starks [22:30]
Appropriations and leadership may remain unsettled until after the next election cycle.

Notable Quotes

"If you say it's still not on mission, then you've got to... make the changes already." — Tim Starks [21:10]
"I don't know that that's a relief that is ever going to happen while Trump is president. Frankly, I think everybody's going to be unsettled in all of their jobs in the federal government basically until Trump is no longer president." — Tim Starks [23:21]

NATO Cyber Exercise: Ukraine Runs Disinformation Simulation

[26:22 - 27:42]
Summary:
In a major NATO exercise in Poland, Ukrainian officials played the “bad guys” in a multi-sector crisis simulation, crafting AI-driven disinformation campaigns and testing allied defenses against both technical and informational attacks.
Ukrainians demonstrated speed, creativity, and technical prowess, especially with AI, but were critiqued on “narrative consistency.”
The exercise aims to adapt NATO readiness to modern propaganda and cyber tactics—skills learned through Ukraine’s ongoing experience with Russian hybrid warfare.
“...the collaboration improves alliance readiness and helps Ukraine build closer interoperability with NATO even as membership remains distant.” — Dave Bittner [27:42]
Realism of such exercises is questioned given the intensity of actual conflict environments.

Timestamps to Critical Segments

Meta Instagram Flaw: [03:45–04:57]
Meta vs. NSO Group: [04:57–06:02]
SolarWinds & WordPress Exploits: [06:02–07:56]
Coxmo IoT Botnet: [07:56–09:01]
Pink Cloud Attack Group: [09:01–10:12]
IBM/AT&T Lawsuit: [10:12–11:29]
Dark Web Drug Case: [11:29–12:36]
Business Brief: [12:36–13:54]
Tim Starks on CISA: [15:51–24:55]
NATO/Ukraine Simulation: [26:22–27:42]

Memorable Moments & Quotes

On CISA Budget Cuts:
"You might recall that before the second Trump administration, there were 3,400 people at CISA, ... that's been cut pretty dramatically. Uh, it's down to 2200..." — Tim Starks [16:57]
On Agency Leadership:
"The agency still doesn't have a director... it doesn't seem like an agency that's getting a lot of attention." — Tim Starks [22:30]
On Political Uncertainty:
"I don't know that that's a relief that is ever going to happen while Trump is president. Frankly, I think everybody's going to be unsettled in all of their jobs..." — Tim Starks [23:21]
On NATO Exercise:
"...the collaboration improves alliance readiness and helps Ukraine build closer interoperability with NATO even as membership remains distant." — Dave Bittner [27:42]

Episode Tone

The episode maintains a brisk, informative, and professional tone, with concise analysis peppered by the friendly rapport between Dave Bittner and Tim Starks.
Quotes and discussion reflect both urgency and weariness in the face of recurring government funding struggles and evolving cyber risks.
The segment on NATO’s exercise injects a sense of innovation, resilience, and the sobering reality of hybrid threats.

This rich summary captures all key topics and expert perspectives discussed in the CyberWire Daily episode, providing convenient reference and context for listeners and non-listeners alike.

Loading summary

Transcript96 lines

[00:02]
N2K CyberWire Network Announcer
You're listening to the Cyberwire Network powered by N2K.
[00:09]
Maria Varmazis
Do you know how the space and cybersecurity domains connect? T minus Space Cyber Briefing is your guide through the space based systems that expand the attack surface. I'm Maria Varmazis host here at N2K CyberWire and I'm excited to share that T minus is back now as a weekly podcast, the T Minus Space Cyber Briefing. We have a new dedicated focus on two great things that are even better together. Space and cybersecurity. Because whether we realize it or not, we all depend on space based systems that are, by the way, increasingly Internet enabled. We're talking cybersecurity technologies, policies and organizations that are securing the critical space based infrastructure that powers, protects and connects our lives here on Earth. So join me for T Minus Space Cyber Briefing. New episodes every Sunday.
[01:13]
Dave Bittner
Most environments trust far more than they should, and attackers know it. ThreatLocker solves that by enforcing default deny at the point of execution. With threat locker allow listing, you stop unknown executables cold. With ring fencing, you control how trusted applications behave. And with threatlocker DAC defense against configurations, you get real assurance that your environment is free of misconfigurations and clear visibility into whether you meet compliance standards. ThreatLocker is the simplest way to enforce zero trust principles without the operational pain. It's powerful protection that gives CISOs real visibility, real control and real peace of mind. ThreatLocker makes zero trust attainable even for small security teams.
[01:59]
CyberWire Host/Reporter
See why thousands of organizations choose ThreatLocker to minimize alert fatigue, stop ransomware at
[02:04]
Dave Bittner
the source and regain control over their environments. Schedule your demo@threatlocker.com N2K today.
[02:29]
CyberWire Host/Reporter
Exposes 20,000 Instagram accounts through a support tool bug. CISA warns of active exploitation of SolarWinds Serv U. WordPress sites face takeover through a widely used plugin. A new Gafget variant broadens its reach. Pink extortionists steal cloud data with vishing and legitimate tools. Plus allegations against IBM and AT&T a dark web drug dealer gets 26 years and our Monday business brief. Tim Starks from CyberScoop has the latest of the ongoing debate over staffing and budget cuts at CISA and NATO lets Ukraine play the bad guy. It's Monday, june 8, 2026.
[03:23]
Dave Bittner
I'm dave buettner and this is your cyberwire intel briefing.
[03:40]
CyberWire Host/Reporter
Thanks for joining us here today.
[03:42]
Dave Bittner
It's great as always to have you with us. Happy Monday.
[03:45]
CyberWire Host/Reporter
Meta says a flaw tied to its
[03:48]
Dave Bittner
AI powered account recovery system allowed unauthorized attackers to take over thousands of Instagram accounts. The issue involved Meta's high touch support tool, which helps locked out users regain access. According to Meta, the tool functioned as intended, but a separate bug failed to verify that a password reset request matched the account's registered email address. As a result, password reset links were sent to unassociated email addresses. Meta reported that 20,225 Instagram users were affected. Exposed information may have included contact details, profile data, messages, photos, videos, stories and account activity.
[04:36]
CyberWire Host/Reporter
Account recovery systems can become attractive attack
[04:39]
Dave Bittner
targets when verification controls fail. Users without two factor authentication were especially vulnerable. Meta has disabled the affected tool, invalidated reset links, and is reviewing similar recovery processes across its platforms.
[04:58]
CyberWire Host/Reporter
Separately, Meta is asking a federal judge
[05:01]
Dave Bittner
to hold NSO Group in contempt of court, alleging the spyware vendor continued targeting WhatsApp users despite a permanent injunction prohibiting it from doing so. According to Meta, investigators disrupted NSO linked social engineering activity that attempted to lure users to malicious websites outside WhatsApp through phishing style links. The company also reported the creation of test accounts and groups on the platform and released indicators of compromise tied to the campaign. Meta did not disclose when the activity occurred, how many users were targeted, or whether any compromises were successful. The allegations raise questions about the effectiveness of legal restrictions against commercial spyware vendors. Meta argues that continued activity would represent a direct violation of a court order issued after its earlier legal victory against NSO over Pegasus. Related attacks.
[06:03]
CyberWire Host/Reporter
CISA has confirmed that attackers are actively
[06:06]
Dave Bittner
exploiting a denial of service Vulnerability in the SolarWinds Serv U file transfer servers and has directed federal civilian agencies to remediate it by June 19th. The flaw allows remote unauthenticated attackers to crash Serv U services by sending specially crafted HTTP POST requests containing a deflate header. SolarWinds has released a fix and recommends patching immediately or blocking affected requests through a Web application firewall. Serv U is widely used in regulated sectors where file transfer ability is critical. While the flaw enables service disruption rather than system takeover, denial of service attacks can interrupt operations and potentially divert defenders attention from other malicious activity.
[07:00]
CyberWire Host/Reporter
A critical vulnerability in the everest Forms
[07:03]
Dave Bittner
Pro WordPress Plugin has been actively exploited for months on allowing attackers to seize control of vulnerable websites. The flaw affects the plugin's complex calculation feature and allows remote unauthenticated attackers to inject and execute PHP code on a server. According to Defiant, attackers have used the bug to create administrator accounts and deploy web shells. The issue was patched in March, but exploitation began in April. Defiant says it has blocked more than 29,000 attack attempts with more than 100,000 sites using Everest forms. Unpatched systems remain exposed to full site compromise. Defenders should update immediately and review administrator accounts for signs of unauthorized access.
[07:56]
CyberWire Host/Reporter
Researchers at Fortinet have identified Coxmo, a new variant of the GAF GIT botnet
[08:03]
Dave Bittner
that targets DD WRT routers and can spread across a wide range of Internet connected devices. The malware supports multiple CPU architectures and is delivered by exploiting an unauthenticated remote code execution flaw, Fortinet says. Coxmo uses a modular design that allows operators to update exploits, expand targeting and and enhance lateral movement independently of the core payload. Once installed, it scans for vulnerable systems, brute forces weak SSH and telnet credentials, establishes persistence, and removes competing malware and tools. The botnet is built primarily for DDoS attacks and supports 19 attack methods. Fortinet notes that its architecture and feature set demonstrate a higher level of sophistication than earlier GAF git based malware. Highlighting the continued evolution of IoT botnet
[09:02]
CyberWire Host/Reporter
threats, researchers have identified a new financially motivated cybercrime group called Pink, which is
[09:10]
Dave Bittner
using voice phishing and stolen cloud credentials to conduct data theft and extortion campaigns. According to Palo Alto Network's Unit 42, the group launched a data leak site in late May and is believed to be connected to the broader comm network. Pink impersonates IT staff in phone calls and directs employees to credential harvesting websites. Once access is obtained, the attackers use compromised Microsoft 365 accounts and built in Microsoft tools to rapidly collect data from OneDrive and SharePoint. Victims then receive extortion demands through internal email and Microsoft Teams messages.
[09:52]
CyberWire Host/Reporter
Gorakul reports that Pink also uses fileless
[09:56]
Dave Bittner
techniques designed to evade detection and hide from security analysis tools. The group's reliance on legitimate accounts and cloud services highlights the growing challenge of detecting identity based attacks that avoid traditional malware.
[10:12]
CyberWire Host/Reporter
A newly unsealed lawsuit accuses IBM and
[10:16]
Dave Bittner
AT&T of failing to implement basic security controls and concealing evidence of nation state intrusions into IBM cloud environments. The allegations come from former IBM vice president of threat Intelligence William Barlow, who filed a False Claims act lawsuit in 2020. According to the complaint, AT&T managed VPN connections lacked logging, network segmentation was inadequate, and security monitoring gaps prevented investigators from fully assessing suspected intrusions linked to the Chinese threat group APT10. The lawsuit cites an internal report that identified more than 56,000 indicators of potential APT10 activity between 2013 and 2016, but said the activity could not be fully investigated because logs were unavailable. The case highlights how missing visibility and monitoring can undermine incident response and leave organizations unable to determine the scope of a compromise. IBM disputes the allegations and noted that the U.S. department of justice declined to intervene in the case.
[11:30]
CyberWire Host/Reporter
A California man has been sentenced to more than 26 years in federal prison for trafficking fentanyl and methamphetamine through Nemesis
[11:39]
Dave Bittner
Market, one of the world's largest dark web marketplaces. According to documents, 39 year old Darren Hughes operated a vendor account on Nemesis Market and used free methamphetamine samples to attract customers. Prosecutors said Hughes sold meth and fentanyl pills to an undercover law enforcement agent on multiple occasions in 2023 in exchange for cryptocurrency. When he was arrested in June 2023, authorities found approximately 672 grams of method and a loaded ghost gun in his vehicle. The case underscores law enforcement's continued focus on dark web marketplaces and cryptocurrency enabled drug trafficking. It also highlights the lasting impact of international operations that dismantled major criminal platforms such as Nemesis market back in 2024.
[12:36]
CyberWire Host/Reporter
Turning to our Monday business briefing, investors
[12:40]
Dave Bittner
continue pouring money into AI and cybersecurity, with several companies announcing new funding rounds and strategic acquisitions aimed at accelerating growth. Observability platform Coralogix led the pack with a $200 million Series F round to expand its AI capabilities and enterprise reach. AI security startup Gray Swan raised $40 million to scale security for organizations deploying AI, while AI governance company Jordi AI secured $30 million to support enterprise adoption of AI agents. Attack surface management provider Machn raised $15 million and security compliance startup Krake and biometrics firm Voxmind also announced new funding.
[13:32]
CyberWire Host/Reporter
Meanwhile, consolidation in the sector continued.
[13:35]
Dave Bittner
Industrial cybersecurity company Dragos acquired embedded device security specialist Phosphorus to expand protection across operational technology environments. Engineering firm Scient also agreed to acquire AI focused data engineering company Tao Digital Solutions.
[13:55]
CyberWire Host/Reporter
The activity reflects continued demand for technologies that help organizations secure, govern and operationalize AI at scale. Coming up after the break, Tim Starks from cyberscoop discusses the ongoing debate over staffing and budget cuts at CISA and NATO. Lets Ukraine play the bad guy. Stay with us.
[14:30]
Commercial Advertiser
Foreign.
[14:37]
CyberWire Host/Reporter
When it comes to mobile application security, good enough is a risk. A recent Survey shows that 72% of organizations reported at least one mobile application
[14:48]
Dave Bittner
security incident last year and 92% of responders reported threat levels have increased in the past two years. Guard Square delivers the highest level of security for your mobile apps without compromising performance, time to market or user experience. Discover how Guard Square provides industry leading security for your Android and iOS apps at www.guardsquare.com.
[15:22]
Commercial Advertiser
New markdowns up to 70% off are at Nordstrom Rack stores. Now stock up and sa save big on shoes, tops, dresses, accessories and more must haves for summer. Join the nordiclub to unlock exclusive discounts. Shop new arrivals first and more. Plus, buy online and pick up at your favorite Rack store for free. Great brands, great prices. That's why you rack.
[15:52]
CyberWire Host/Reporter
It is always my pleasure to welcome back to the show Tim Starks.
[15:55]
Dave Bittner
He is a senior reporter at cyberscoop.
[15:57]
CyberWire Host/Reporter
Tim, welcome back.
[15:58]
Tim Starks
Hi, Dave.
[16:00]
CyberWire Host/Reporter
So a couple of stories that you
[16:02]
Dave Bittner
have published here in rapid fire order,
[16:05]
CyberWire Host/Reporter
and both of them have to do with CISA and some of the challenges
[16:10]
Dave Bittner
they're facing and I guess fair to
[16:13]
CyberWire Host/Reporter
say, some support that they're getting from
[16:15]
Dave Bittner
some of the Democrats on the Hill. What's going on here, Tim?
[16:19]
Tim Starks
Yeah, so Mark Wayne Mullen was on the Hill, the DHS secretary, new in the job, testifying about DHS's budget. And the very next day, that was in House Homeland Security Committee. The very next day, the House Appropriations Committee released its planned fiscal 2027 appropriations bill for DHS, which both of these cases, we learned a little bit about plans for CISA and what the administration and Mullen intend to do with it.
[16:53]
Dave Bittner
And the news is, well, some interesting
[16:58]
Tim Starks
news in both cases. Right. One is that Mullen talked about exactly how he wants CISA to be staffed. You might recall that before the second Trump administration, there were 3,400 people at CISA, which would be a decent number that's been cut pretty dramatically. Uh, it's down to 2200, which is even down from the last time we heard from DHS about how, how, how deeply they'd cut into it. But, you know, there'd been a little bit of talk about them wanting to rehire some people because some of the people were people they pushed out. Some of the people left on their own. And so I guess they've decided they want to get it back to more like 2800 people. Okay, so that's, that's interesting information. It's, it's, it's a little out of line with the actual, what the actual Trump budget itself calls for. But that, that was produced before Mullen was really, had, had really taken over the helm of dhs. And on the appropriation side, going back to, to what the Trump administration has said they want to do with DH with, with CISA, this would be a $250 million cut for CISA under the bill that Then the appropriators approved on Friday. So a little bit of some, some shifting numbers here in the sense of what is the target, what are we going to end up with? It, it's, it's a little confusing. And when you talk about the Democrats getting that support, they, they, they were very critical of this. They said this is the wrong time to be doing this when we have all the threats we do and, and CISA being the, the important agency it is in cyber. So, you know, they, they have the support from Democrats, but, you know, with the House numbers being the way they are, it's almost certainly going to go through the way the Republicans wanted to see it go through.
[18:40]
CyberWire Host/Reporter
So there's little chance of any sort
[18:42]
Dave Bittner
of meeting in the middle here when
[18:44]
CyberWire Host/Reporter
it comes to both the funding and the staffing.
[18:48]
Tim Starks
I suspect that there is not a lot of room for meeting in the middle. I mean, it's entirely possible that Mullen could go to the appropriators and say, hey, I know what we said we wanted, but can you up that a little bit? I mean, they'll have, this is a long process that's getting, that's getting underway with just the very first bill being just released and approved at the subcommittee level. They've got approve of the committee level, they've got to approve it in the House, they got approved in the Senate, then they got to meet in the middle on that, whatever House and Senate do. I think the Senate will probably be more inclined to give CISA a little bit more money than the House if we're going by recent years. So there will be room for the potential to meet a little bit in the middle, but maybe not in the middle between what Democrats want and what Republicans want, but more between what the Senate wants and the House wants and what Mullen might say or not say to appropriators about this is what he wants for ciso.
[19:37]
CyberWire Host/Reporter
Has there been any specific information from
[19:40]
Dave Bittner
Republicans over why they want to execute these cuts? Or is it just broader, vaguer cutting of government in general?
[19:51]
Tim Starks
It's a little bit of both. I think the message from House Republicans has been that they don't actually really want to cut CISA that much. Andrew Garbarino, the House online security chairman, has said he's concerned about this. We've seen lawmakers on both sides of the aisle say CISA is being cut too deeply. I think partly this is Republicans doing some of what Trump wants. The numbers are difficult to get into sometimes because of apples to apples comparisons between what Trump says the budget is or will be. But this is a less steep cut under any measurement than what Trump wants. So it feels like they're doing a little bit of, like, you know, we don't want to cut the agency that badly. We're still going to cut it for you, Trump. But they also have the message when they are cutting CISA that Trump has used, which is this agency has been weaponized and was doing a bunch of work that it didn't need to be doing. And, you know, you and I have talked about this before. At a certain point, you have control of that agency. So if you're still cutting it because it's still somehow not, quote, unquote, on mission, then I don't know who's responsible for that. Right. At a certain point, it's your agency. If you say it's still not on mission, then you've got to. You think you need to make some changes to get it on mission. Make the changes already.
[21:14]
CyberWire Host/Reporter
Yeah, I guess. Is my perception of CISA being kind
[21:19]
Dave Bittner
of stuck in the middle as a political football?
[21:22]
CyberWire Host/Reporter
Is that still accurate, or have we gotten past that?
[21:27]
Dave Bittner
Trump's animus towards the organization, of course, is well documented.
[21:31]
Tim Starks
I don't see any sign, other than perhaps that Mullen talked about higher staffing levels than what the original Trump budget proposed and where they are now. I don't see any sign that that agency isn't still hated essentially by Trump. You know, maybe Mullen can shift things the way he wants them to go with the president if he has the presidency. Air. I don't think we have a strong sense yet of the degree to which he is an extremely trusted advisor. You know, with Trump, the people he loves, he gives them what they want, basically. He gives them more responsibilities. Mullen's just too new in the job for us to get a sense of that. You know, he's talked, he has talked about, you know, having these unique authorities at CISA and how he believes that they're not being used. Correct. They need to be used better. So it sounds like he's a guy who would like to see CISA be a little bit more muscular than it is now, but he's got an uphill climb there. I think, for one, you know, the agency still doesn't have a director. You know, we hear names every now and then, but then they turn out to not be accurate. It doesn't seem like an agency that's getting a lot of attention now, you know, on that, on the director front, I've, you know, I've heard different things about what's going on there, that there have been some names bandied about legitimately from, from the White House and from the agency, but they just haven't quite met on those names yet. But, you know, I don't know if that, the fact that they don't have a director means that this is definitively a sign that the agency is still in the doghouse, but it's not a good sign that it's not in the doghouse.
[23:01]
CyberWire Host/Reporter
Right. I would push back a little on your statement and say maybe it's not so much that they're not getting attention, that they're not getting love.
[23:08]
Tim Starks
Aw, you had to go and make it sentimental.
[23:12]
CyberWire Host/Reporter
Well, so what kind of timeline are we on here for things being settled
[23:19]
Dave Bittner
and the folks, cisa, knowing where they
[23:22]
Tim Starks
stand with the way this administration has handled agencies? I don't know if that will come. I don't know that that's a relief that is ever going to happen while Trump is president. Frankly, I think everybody's going to be unsettled in all of their jobs in the federal government basically until Trump is no longer president. But in terms of getting things more settled than they are now, I think the, if the administration wants to put its person in the CISA rule, if they want to get their pick, they're probably going to need to do it before November. That's something some of the talk that people I've been talking to about because, you know, they might not get who they want if Democrats take over. You know, it's entirely possible they could pick somebody who's nonpartisan and non controversial. But that's not exactly the history of this administration. And then in terms of the budget, that's, you know, that's been a mess too. You know, DHS has gone, has had funding lapses repeatedly in the last year and a half. I don't see any sign that that's probably going to abate anytime soon either. But if we're talking about normal appropriations process, they would, you know, they'd be in line to get this all settled by October and know what their agency was going to have for a budget? I don't, I'm not confident that that's going to happen on the time frame. It hasn't happened that way in Congress in a long time in general. But, but typically DHS has been an agency that's toward the front of the line. Right. Like it's the, it's a bill that typically moves a little faster than the other bills. But with everything going on with ICE and all the other things that the administration is doing on immigration. It's much more at the end of the line these days.
[24:55]
Dave Bittner
Yeah.
[24:56]
CyberWire Host/Reporter
All right.
[24:56]
Dave Bittner
Interesting times, interesting times. Yeah.
[25:00]
CyberWire Host/Reporter
Tim Starks is senior reporter at cyberscoop. Tim, thanks so much for taking the time for us.
[25:04]
Tim Starks
Thanks, Dave.
[25:17]
Microsoft Advertiser
Study and play come together on a Windows 11 PC and for a limited time, college students get the best of both worlds. Get the unreal college deal, everything you need to study and play with select Windows 11 PCs. Eligible students get a year of Microsoft 365 Premium and a year of Xbox game Pass ultimate with a custom color Xbox wireless controller. Learn more@windows.com studentoffer while supplies last ends June 30th terms at aka mscollegepc this
[25:47]
Home Depot Advertiser
Father's Day do more with dad and spend less with low prices guaranteed at the Home Depot. Get him fired up with a new grill and accessories like the next Grill 5 burner for just $299 so you can spend more time together while he becomes the grill master he was always meant to be. Or build memories with savings on top brand power tools so you can tackle projects side by side, gift more and do more together this Father's Day with help from the Home Depot. Exclusions apply seehomedepot.com Pricematch for details.
[26:23]
CyberWire Host/Reporter
And finally In a NATO exercise in
[26:25]
Dave Bittner
Poland, the fictional nation of Parantza suffered a very bad week. First came a cyber attack that knocked out the power grid, then a flood, then a banking crisis.
[26:40]
CyberWire Host/Reporter
Behind it all was the equally fictional
[26:43]
Dave Bittner
state of Car T, which flooded social media with AI, generated messages blaming government incompetence and conveniently offering help. The twist? Ukrainian officials played the role of the disinformation operators.
[26:59]
CyberWire Host/Reporter
The three day simulation, held at NATO's
[27:01]
Dave Bittner
Joint Analysis, Training and Education Centers, held
[27:05]
CyberWire Host/Reporter
at NATO's Joint Analysis, Training and Education
[27:09]
Dave Bittner
center in Bidjosk, tested how governments respond to the kind of information warfare Ukraine faces daily. Ukrainian participants launched coordinated influence campaigns, while allied teams worked to maintain public trust and communicate during the crisis.
[27:27]
CyberWire Host/Reporter
By most accounts, the Ukrainians were faster,
[27:30]
Dave Bittner
more creative and more adept with AI, though judges said their fictional propaganda effort lost points for narrative consistency.
[27:39]
CyberWire Host/Reporter
The exercise reflects NATO's growing effort to
[27:42]
Dave Bittner
learn from Ukraine's wartime experience. Officials say the collaboration improves alliance readiness and helps Ukraine build closer interoperability with NATO even as membership remains distant. Participants also acknowledged a familiar reality. Simulations can teach valuable lessons, but they struggle to capture the pressure, uncertainty and emotional intensity of a real conflict.
[28:22]
CyberWire Host/Reporter
And that's the Cyber Wire. For links to all of today's stories,
[28:25]
Dave Bittner
check out our daily briefing@thecyberwire.com we'd love
[28:29]
CyberWire Host/Reporter
to know what you think of this podcast.
[28:31]
Dave Bittner
Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app.
[28:43]
CyberWire Host/Reporter
Please also fill out the survey in the show notes or send an email
[28:46]
Dave Bittner
to cyberwire2n2k's lead producers, Liz Stokes, were mixed by Trey Hester with original music and sound design by Elliot Peltzman. Our contributing host is Maria Vermazes.
[29:00]
CyberWire Host/Reporter
Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher and I'm Dave Bittner.
[29:06]
Dave Bittner
Thanks for listening. We'll see you back here tomorrow.
[29:25]
N2K CyberWire Network Announcer
Your next chapter in healthcare starts at Carrington College's School of Nursing in Portland. Join us for our open house on Tuesday, January 13th from 4 to 7pm you'll tour our campus, see live demos, meet instructors and learn about our assistance Associate Degree in Nursing program that prepares you to become a registered nurse. Take the first step toward your nursing career. Save your spot now@carrington.edu events. For information on program outcomes, visit carrington.edu sci fi.