Cyberwire Network Announcer

You're listening to the Cyberwire Network, powered by N2K.

Indeed Sponsor Announcer

This episode is brought to you by Indeed. Stop waiting around for the perfect candidate. Instead, use Indeed sponsored Jobs to find the right people with the right skills fast. It's a simple way to make sure your listing is the first candidate. C According to Indeed data, sponsored jobs have four times more applicants than non sponsored jobs. So go build your dream team today with Indeed. Get a $75 sponsor job credit@ Indeed.com podcast. Terms and conditions apply.

Dave Bittner

The Feds take down major IoT botnets, the FBI seizes hacktivist infrastructure A data breach hits Kaplan while a hacker claims to access millions of law enforcement tips. Fake zoom calls deliver malware, A crypto security tool turns out to be spyW critical AI framework flaw gets exploited in hours, an insider extortion case ends in conviction, and a streaming scam pulls in over 10 million bucks. A look back at 10 years of CyberWire podcasts Intern Kevin gets ready for RSAC and a cyber attack leaves breathalyzers offline.

Focus Features Sponsor Announcer

Foreign

Dave Bittner

March 20, 2026 I'm Dave Bittner, and this is your Cyberwire Intel Briefing. Thanks for joining us here today. It's great as always to have you with us. The US Government has disrupted four major Internet of Things botnets tied to some of the largest distributed denial of service attacks ever recorded, including traffic exceeding 30 terabits per second. In coordination with Germany and Canada, the Department of Justice targeted the command and control infrastructure of the Isuru, Kimwolf, Jackschid, and Mossad botnets. These networks compromised more than 3 million devices, including routers and cameras. Officials link them to hundreds of thousands of attacks, some targeting Department of Defense systems and decriminal services like ddos for hire and extortion. The operation removes active control of powerful botnets but leaves millions of vulnerable devices still infected. That persistent exposure continues to fuel the cybercrime economy and enables rapid rebuilding of similar attack networks. The FBI has seized two websites used by the Handela hacktivist group after a destructive cyber attack on Stryker wiped roughly 80,000 devices. The domains were taken under a warrant from the U.S. district Court in Maryland, with authorities stating they supported malicious cyber activity tied to a foreign state. Actor Handela, described as an Iranian linked group, reportedly compromised administrative accounts and used Microsoft Intune to issue device wipe commands across Windows and mobile systems. The attack impacted both corporate and employee managed devices. The action disrupts part of the group's public infrastructure, but the scale of the attack highlights how enterprise device management tools can be abused for widespread damage. It also underscores ongoing risks from state linked hacktivist activity targeting critical sectors. Kaplan North America, a provider of educational and professional training services, has disclosed a data breach affecting nearly 195,000 individuals involving the theft of sensitive personal information from internal systems. The intrusion occurred over three weeks between October and November 2025, with attackers accessing and exfiltrating files containing names, Social Security numbers and driver's license data. The company completed its investigation in February 2026 and began notifying affected individuals in March, offering credit monitoring and identity protection services. The exposure of high value identity data increases the risk of fraud and long term identity theft. It also highlights the impact of prolonged unauthorized access before detection. A hacker claims to have breached a US Law enforcement tip platform, stealing data tied to more than 8 million confidential reports. The actor, calling themselves Internet Yif Machine, alleges they accessed P3 Global intel, part of Navigate360, and exfiltrated 93 gigabytes of data. The company says it's investigating a potential incident with third party support. According to the hacker, access came through social engineering and a vulnerability. Reuters could not independently verify the claims, though another outlet reported limited corroboration of leaked data. Tip platforms handle sensitive submissions tied to law enforcement and public safety. A breach could expose informants and undermine trust in reporting systems if confirmed. Attackers are using a fake interactive zoom call to trick users into installing malicious software disguised as a routine update. According to Sublime, the campaign uses AI generated JavaScript to simulate a glitchy zoom meeting, complete with clickable controls and audio issues. Victims arrive via phishing emails and are guided through a fake security check before being prompted to install a zoom update. The downloaded file installs legitimate Screen Connect remote monitoring and management software, giving attackers device access. Researchers say the attack can be easily customized for specific targets. Realistic interactive phishing lures lower user suspicion and increase compromise rates. It also highlights how legitimate administrative tools can be abused for unauthorized access. Researchers have dismantled ShieldGuard, a malicious browser extension that posed as a crypto security tool but was designed to steal sensitive user data, Okta Threat Intelligence reports. The extension used social media promotion and token airdrop incentives to lure users. Once installed, it targeted platforms like Binance, Coinbase and Metamask, collecting account data, transaction histories and browsing activity. The malware used obfuscation and a custom JavaScript interpreter to evade Chrome protections and dynamically execute code. Researchers also identified links to a broader campaign known as Radex. Attackers are increasingly disguising malware as security tools, exploiting trust in the crypto ecosystem. This also highlights the risks of browser extensions as a vector for large scale data theft. Threat actors exploited a critical langflow vulnerability within 20 hours of disclosure, building working attacks directly from the advisory description. The flaw is an unauthenticated remote code execution vulnerability with a CVSS score of 9.3. It allows arbitrary Python execution on exposed systems with a single request. Sysdig observed attackers scanning for targets, deploying custom scripts, and harvesting credentials including API keys and database access. No public proof of concept code was available at the time. Exploitation timelines are shrinking faster than patch cycles. Organizations often take weeks to remediate, leaving a wide exposure window as attackers rapidly weaponize newly disclosed flaws. A North Carolina contractor has been found guilty of extorting a technology company using sensitive data he accessed during his employment. According to the Justice Department, Cameron Curry exploited his role as a data analyst to steal payroll and employee information from Brightly software. After his contract ended in December 2023. He sent more than 60 extortion emails demanding $2.5 million, threatening to leak personal and compensation data. The company ultimately paid a smaller amount in Bitcoin before reporting the incident. Authorities later seized evidence from Curry's residents. It's a reminder that insider threats remain a significant risk, especially when employees retain access to sensitive systems. It also highlights how stolen corporate data can be weaponized for extortion. A different North Carolina man has pleaded guilty to orchestrating a large scale streaming fraud that generated over $10 million in illicit music royalties. According to court documents, Michael Smith used AI generated music and automated bot accounts to inflate streaming numbers across platforms including Spotify, Apple Music, Amazon Music and YouTube Music. Prosecutors say the scheme ran from 2017 to 2024, using VPNs and hundreds of thousands of tracks to evade detection. At its peak, over 1,000 bots streamed billions of plays, diverting royalties from legitimate artists. Smith has agreed to forfeit more than $8 million. AI and automation are lowering barriers for fraud at scale, challenging detection systems, and undermining trust in digital revenue models. Coming up after the break, a look back at 10 years of CyberWire podcasts Intern Kevin gets ready for RSAC and a cyber attack leaves breathalyzers offline. Stay with us. No, it's not your imagination. Risk and regulation really are ramping up, and these days customers expect proof of security before they'll even do business. That's where Vanta comes in. Vanta automates your compliance process and brings compliance, risk and customer trust together on one AI powered platform. So whether you're getting ready for a SoC2 or managing an enterprise Governance, risk and compliance program. Vanta helps keep you secure and keeps your deals moving. Companies like Ramp and RYTR spend 82% less time on audits with Vanta. That means less time chasing paperwork and more time focused on growth. For me, it comes down to this. Over 10,000 companies, from startups to large enterprises, trust Vanta to help prove their security. Get started@vanta.com cyber.

Home Depot Sponsor Announcer

Spring starts at the Home Depot and we are bringing the heat to your backyard this season. Fire up the flavor with our wide variety of grills for under $300. Like the next grill 4 burner gas grill that's perfect for hosting your spring cook. Then set the scene and turn your outdoor space into the go to spot the patio sets for every budget. Bring it this season with grills that deliver flavor and patios that set the vibe from the Home Depot. Start your spring with low prices guaranteed at the Home Depot Exclusion supply. See home depot.com pricematch for details.

Dave Bittner

It has been my distinct privilege to be your Cyberwire Daily host here for the past 10 years. In celebration of that milestone, I sat down with Marie Vermazes and our CEO Peter Kilpe to take a look back.

Peter Kilpe

I would say that basically my path working, doing the creative work, user experience, design work in the intelligence community as a contractor, that was my first exposure to cybersecurity more broadly and that was actually in a more in depth kind of way. And I ended up working for a stream of companies doing these kinds of things. For one of the companies security company in Baltimore, we ended up creating a newsletter for ourselves, all about cyber security, helping educate our own employees on what's going on inside the security world. Number of people kept telling us how great our little internal intelligence newsletter was and we should share it with the world. So we did and we ultimately built a newsletter cybersecurity newsletter product that was read in almost every country. Probably only two readers in Madagascar, but

Maria Vermazes

really that island with the penguins.

Interviewer/Host

Yeah, they were evading the pandemic. Every board game place me in time. When, when about was this what year roughly?

Peter Kilpe

This would have been 2012, 2013. Time frame. It was probably just before Dave joined us. You know our newsletter BEC became very popular. It was still again not an internal product but it wasn't a profit making venture. Dave came to join us, you know to 2015. Yeah, bringing his immense talents to our our creative team, especially in the video world. He got to know the products, particularly the newsletter that we were doing. He had met our first editor John Petrick and came by my office and said, hey, Peter, you know, this newsletter you have might make a great podcast. And David had a lot of experience working on podcasts in the past, doing broadcast kind of work. And I said, that sounds interesting. Why don't you show me what that would look like? So he worked with the editor, came back, showed a little prototype of what the first podcast could look like, which, by the way, was just like five minutes long, the first iteration.

Interviewer/Host

Well, Dave, how did you have that idea? I mean, obviously you had the expertise there. What, was there a lightning strike moment for you or was it a slow realization or what?

Kevin McGee

How did that.

Interviewer/Host

How did you get to that point?

Dave Bittner

Well, I. In my previous career, I had produced

Maria Vermazes

podcasts for a number of other people, so I was familiar with the medium, but I'd been more behind the scenes. And so when I joined the team at the cybersecurity company, they had this, Peter said they had this pre existing newsletter called the Cyberwire. And I thought, why don't I just

Dave Bittner

read it every day?

Maria Vermazes

I had also, as Peter mentioned, I had a background in theater. I'd been doing voiceover professionally since I was like eight.

Dave Bittner

So it was something I was very comfortable with.

Maria Vermazes

And the idea was just that every day I would just read the newsletter as it existed, just read it verbatim, and we'd put that out in audio form. We originally, I think we held ourselves to something like a 10 minute limit for show length,

Interviewer/Host

check the runtime post,

Peter Kilpe

and then we're like, should we extend this to six? You know?

Dave Bittner

Yeah.

Maria Vermazes

And then it became like, seems so quaint now. Yeah. And you know, Peter's management style is very much, you know, pushing you to stretch your boundaries and find what other things you can do, and constant improvement. So we, you know, at first it was like, well, what if we did an interview every now and then? And I thought we could do that.

Dave Bittner

What if we did an interview every day?

Maria Vermazes

So it just kind of snowballed and eventually took the form that it is today. It really was just as simple as thinking that we were gonna read the daily news briefing every day and just send it out into the world. And didn't take us too long to figure out we were onto something.

Interviewer/Host

I was gonna say, there must have been some very good audience signals that you not only had anticipated at the start, but that you were getting as you started going. Because not every podcast has legs. I mean, certainly 10 years is incredible. But earlier all must have been seeing things like, oh, this is getting traction. What were you hearing at that time?

Peter Kilpe

It was actually really surprising to me. I wasn't sure what to expect. You know, we thought this might be kind of a side project. Within six months, we had Fortune 10 companies, like, reaching out and saying, how do I get on this show?

Maria Vermazes

Wow.

Peter Kilpe

You know, and the audience became really enamored with what we were doing. We'd mentioned it in our newsletter, of course. Also some of our customers, who are still our customers 10 years later, reached out to us and said, we're in. You know, we're happy to sponsor what you guys are doing. And they weren't even particularly interested in the roi. They just wanted to be connected with the trust that we were building in the. In the community. And not long after that, we realized that this had real legs and could be a business. So five of us split off to go make it. Make it a company. And that was Dave Bittner, Jen Ibin, John Petrick, Chris Russell, and myself. And we went off. We all had our function. I needed to help turn what we were doing into a business so that it could survive. John Petrick would write the stories of the day. Dave Bittner would tell the stories, help people, engage with our audience, talk to people. Jen Iban would help create the infrastructure and process we needed to be able to talk to the world and, you know, shape the stories that we were doing. And Chris helped build the technical infrastructure that helped us deliver what we did day in, day out. We were a small and mighty team, and we still are a little bigger, though.

Dave Bittner

Those early days were, as anyone who's

Maria Vermazes

been in that sort of a startup knows, everybody's just kind of taking care

Dave Bittner

of everybody or everything and everybody and

Maria Vermazes

just doing what needs to be done

Dave Bittner

just to see you to the next week. And we were definitely in that mode,

Maria Vermazes

I think, just getting back to the startup. You know, one of the things I think that set us apart at the outset, and you have to remember, 10 years ago, podcasting was different than it is today.

Dave Bittner

We just sounded like a real radio program.

Maria Vermazes

We were able to sound like a news show. And part of that was just the technical experience we had. The experience we had writing, just. We had this group of people who could together make that happen. I think at the outset, it set us apart.

Interviewer/Host

Yeah. I'm also very curious. In addition to that high standard of production excellence, which speaks for itself, truly, also the guiding star, like the North Star for the show, in terms of standards, editorial responsibility, that sort of thing. Can you talk a little bit about that? Because that's one of the things that the show is Also really well known for, like, that level of integrity.

Peter Kilpe

Well, I mean, the, you know, vision of the cyber wire when it first, you know, came out. And we didn't really, like, fully articulate this, you know, into words as we were going forward, but really what we were doing is making the world a safer place, you know, by help keeping people educated, informed about what was going on in security. And we did it diligently. We did it without fluff. We did it with. Without, you know, creating fud, you know, in the community. We just told it like it was. And we were there every day. We were reliable even in major snowstorms, you know, the. I don't. I'm not even sure there is one day that is off air, but we were there and we started building trust with leaders in the public sector, the private sector, intelligence community, law enforcement, not just in the US but abroad, started using the content that we create. Again, not just as fluff, but people use what we made to help bring context to their own intelligence operations, their own disaster recovery kinds of things, and even major companies.

Maria Vermazes

I remember a couple of moments that

Dave Bittner

struck me as being noteworthy, maybe milestones.

Maria Vermazes

First was not long after we started publishing.

Dave Bittner

Of course, we were tracking our numbers

Maria Vermazes

every day, which was very exciting because they were going up and up, slowly but surely.

Dave Bittner

And I remember I was at a

Maria Vermazes

women in cybersecurity conference, I believe, in Texas, and I was doing the publishing and the things that needed to be done in my hotel room. And I think it was the first time that we had crossed 3,000 downloads for a day. Somebody mentioned us somewhere, and we got a big boost. And I remember how exciting that was. And I think I said to Peter, hey, we crossed 3,000. And Peter said, that's great. I think we'll really have something when we cross 10,000. And I thought to myself, oh, come on, that's impossible.

Dave Bittner

Of course it wasn't impossible.

Maria Vermazes

Probably six months later, we crossed the 10,000 a day threshold, and it's just grown ever since. Another moment that was special for me was one day in the mail. I got a little padded envelope with no return address, and it was full of challenge coins from NSA Fort Meade, and just a handwritten, unsigned note that said, thanks for all you do. Dang. That was it.

Peter Kilpe

Pretty special moment. Dave also gets all the goodies, you know, from.

Maria Vermazes

That's True.

Dave Bittner

Yeah,

Peter Kilpe

cookies and other delights.

Interviewer/Host

You're not jealous at all, Peter?

Maria Vermazes

No, that's just to this day, you know, I'll go to events, and as I've said, you Know, I'm just the most public facing person in this team that makes this happen. So people come up to me and thank me on behalf of the team and it just never gets old. People in very important positions, both in government and the private sector, whose job is to help keep all of us safe, are sincerely thankful that we help them do their job.

Dave Bittner

And that feels great.

Peter Kilpe

It does. It reminds me too that like, you know, we oftentimes are talking about the impact that we have with, you know, the intelligence community or some, you know, you know, big leader who listens to us. But our team is really excited to hear from individuals who reach out to us fairly regularly and they say, oh, you helped me get a job. You know, I, I learned about you and you helped me transition into this, into this career or security was part of my beside to me as part of my portfolio. You helped me get there or get where I needed to go. That means a lot to us. You know, we touch a lot of lives. We're in people's ears. You know, we have their, we have their trust. And the idea that we can actually help people move forward in their careers, help them grow in their knowledge, help their organizations stay safe, it just, it means a lot to us.

Interviewer/Host

Well, Peter and Dave, thank you for a wonderful 10 years of the Cyber Wire. I think as someone who has been a listener well before I worked with you, I'm going to be the voice of the listener in this case. Genuinely thank you and congratulations genuinely on a wonderful 10 years onward and upward.

Maria Vermazes

Here's to the next 10.

Interviewer/Host

Here's to the next 10. So Peter Kilpe, CEO of N2K. Dave Bittner, the host, the voice of the Cyberwire Daily. Gentlemen, it's been an absolute joy. Thank you for speaking with me today.

Peter Kilpe

My pleasure, Maria. Thank you.

Interviewer/Host

Thank you, thank you.

Dave Bittner

Kevin McGee is the global director of cybersecurity startups at Microsoft. But during one week a year at the RSA conference, he is my intern.

Maria Vermazes

Kevin, welcome back to the show.

Kevin McGee

Thanks for having me, Dave. And thanks for accepting my application again this year.

Dave Bittner

Well, you did such a great job last year. And by great job, I mean you did nothing to embarrass either yourself or me that we decided to let you back this year and see how it goes. Now, what were some of the highlights of your RSAC conference last year as my intern?

Kevin McGee

Well, certainly, Mr. Bittner, you thank. If I can call you Mr. Bittner, please.

Dave Bittner

Yeah.

Maria Vermazes

Yes.

Kevin McGee

Ironing your hoodies was a major part of the week.

Dave Bittner

Of course I have to look Good, Sure.

Kevin McGee

Making sure you were well caffeinated with your appropriate beverages and whatnot, but also just sort of getting to cover all of the unique stories, the behind the scenes parts of RSA that only the interns are allowed to access. Because we don't have all access passes.

Dave Bittner

That is true. We have not been able to spring for an all access pass for you, so you actually do end up spending a lot of time out on the sidewalk in front of the building. But good conversations out there.

Kevin McGee

I think one of the great things about RSA is there's so many different types of people, practitioners, vendors, startups, just a wide range of people to talk to and to be able to cover some of the stories that maybe don't get the coverage of the mainstream media or aren't getting the big press releases is kind of fun to have those conversations on the floor and see what's happening. And everyone responds pretty well to the Kevin the intern approach to interviewee as well too.

Dave Bittner

Well, as a global director of cybersecurity startups at Microsoft, you certainly have your eye out for those folks who may not have grabbed the mainstream attention yet.

Maria Vermazes

Is that part of your mission at the show?

Dave Bittner

To skulk around the corners of the show floor finding that next startup who's

Maria Vermazes

going to really take their place?

Kevin McGee

Absolutely. I kind of think we're at the end of a cycle. So we've secured the cloud now. The Wiz acquisition is probably that high watermark for that phase and we're moving to a new phase where all these AI companies that have come up with something new and exciting, there's going to be a rush of security companies to come and secure this new era of the AI era. So I'm going to be on the lookout for what's new, what is exciting, what's coming, and probably securing technologies that didn't exist three months ago or I'd never heard of. That's the great thing about having these conversations, is a chance to really sometimes see into the future when you're speaking to some of the folks that are actually there inventing it.

Dave Bittner

Any advice for first timers to the conference?

Kevin McGee

Good shoes is number one. Stay hydrated, get your calendar ready and it will always take you longer to get to where you're going than you can possibly imagine. At rsa, my other big goal is to try one of those self driving taxi cars. Oh yes, that'll be my way.

Dave Bittner

Is that what they are?

Kevin McGee

One of those. That'll be my. I always wanted to try one of those. So maybe if I get time off from my internship. I'll give one of those a try as well.

Dave Bittner

What better place to drive an unmanned vehicle than a place with extraordinarily difficult traffic and ungodly steep hills, right?

Peter Kilpe

Absolutely, yes.

Dave Bittner

You're gonna end up at the bottom of the bay or out on Alcatraz Island. Well, no matter what, Kevin, as long as you don't mess up my lunch order.

Kevin McGee

That's my only request and only speak when spoken to. Don't make direct eye contact with Mr. Bittner. I remember the rules from last year.

Dave Bittner

Very good, very Good. Well, Kevin McGee is global director of cybersecurity startups at Microsoft, but during the week of rsac he is my intern.

Peter Kilpe

Kevin, I look forward to seeing you there.

Kevin McGee

Thanks, Dave.

Cyberwire Network Announcer

Get in the game with the college branded Venmo debit card. Rep your team with every tap and earn up to 5% cash back with Venmo Stash, a new rewards program from Venmo. No monthly fee, no minimum balance, just school pride and spending power. Get in the game and sign up for the Venmo debit card@venmo.com collegecard the Venmo MasterCard is issued by the Bancorp Bank NA Select Schools available Venmo stash terms and exclusions apply at venmo.me stash terms max 100 cash back per month.

Focus Features Sponsor Announcer

This episode is brought to you by Focus Features. Would you let AI pilot your plane? Raise your child? Decide your future? On March 27, Focus Features presents the AI Doc or How I Became an Apocalyptimist Critics and audience at the Sundance and Southwest Film Festivals call it the most urgent movie of our time. The AI doc or How I Became an Apocalyptimist rated PG13 only in theaters March 27.

Dave Bittner

A cyber attack on Intoxalock has left thousands of court mandated drivers unable to start their cars, turning a safety device into an unexpected immobilizer. The company says attackers flooded its servers, disrupting systems that support breathalyzer equipped ignition interlock devices across Maine and 45 other states. These devices require drivers to pass a breath test before starting their vehicles. Since the outage began, some users have remained locked out entirely, with installations, calibrations and account access also affected. Intoxalock says data remains secure and services are being restored with temporary extensions offered to customers. A single point of failure can sideline critical compliance systems at scale. It also shows how cyber incidents can ripple into everyday life, sometimes with inconvenient consequences. And that's the cyber wire for links to all of today's stories, check out our daily briefing@thecyberwire.com be sure to check us out at RSA

Kevin McGee

next week.

Dave Bittner

I will be attending the Innovations Sandbox on Monday along with the Cyber Tacos panel with fellow N2K CyberWire hosts David Moulton from Palo Alto Networks and Caleb Tolan from Rubrik. And on Tuesday, I'll be at Palo Alto Network's Unit 42. Drown out the Noise Reception. Hope to see you there. Be sure to check out this weekend's Research Saturday. In my conversation with Yuval Avrahami from Wiz, we're sharing their work code breach, infiltrating the AWS console supply chain and hijacking AWS GitHub repositories via CodeBuild. That's Research Saturday. Check it out. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you liked our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's lead producers, Liz Stokes, were mixed by Trey Hester with original music and sound design by Elliot Peltzman. Our contributing host is Maria Vermazes. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher, and I'm David Bittner. Thanks for listening. We'll see you back here next week.