A

You're listening to the Cyberwire Network, powered by N2K.

B

The world moves fast. Your workday even faster Pitching products, drafting reports, analyzing data Microsoft 365 copilot is your AI assistant for work built into Word, Excel, PowerPoint, and other Microsoft 365 apps you use, helping you quickly write, analyze, create and summarize so you can cut through clutter and clear a path to your best work. Learn more@Microsoft.com M365 copilot.

C

SolarWinds patches 4 Critical Remote Code execution vulnerabilities A ransomware attack on Conduit puts the data of over 25 million Americans at risk. Rogue pilot enables GitHub repository takeovers Zero Day Rat targets Android and iOS devices North Korea's Lazarus Group deploys Medusa ransomware attackers breakout times drop to under half an hour. CISA maintains its mission despite staffing challenges. Russian satellites draw fresh scrutiny. Two South Korean teenagers are charged with breaching Seoul's public bike service. Krishna Tsai, CTO at SolarWinds, discusses why leaders should focus less on speculating about the AI bubble and more about how to quantify AI's tangible contributions. And the Pope pushes prayerful priests past predictable programs. It's Tuesday, february 24th, 2026. I'm dave buettner and this is your cyberwire intel brief. Thanks for joining us here today. It's great to have you with us. SolarWinds has released updates to address four critical remote code execution vulnerabilities in its Serv U file transfer software, which runs on Windows and Linux systems. The most severe flaw is a broken access control issue that allows attackers with high privilege to create a system administrator account and execute arbitrary code with root or administrative permissions. SolarWinds also patch 2 type confusion vulnerabilities and an insecure direct object reference or IDOR flaw, each of which could also enable root level code execution. Importantly, all four vulnerabilities require attackers to already have elevated access, limiting exploitation to scenarios involving stolen credentials or chained privilege escalation. Serv U remains an attractive target due to its role in transferring sensitive Data. More than 12,000 Internet exposed instances are indexed by Shodan, while Shadow Server estimates fewer than 1200. A major data breach at Conduent has exposed the sensitive personal information of at least 25.9 million Americans following a ransomware attack attributed to the SafePay group. According to reporting by CSN, attackers maintained unauthorized access to Conduent's network from October 21, 2024 through January 13, 2025. During that time, they exfiltrated approximately eight terabytes of data, including names, Social Security numbers, dates of birth, medical records and health insurance information. The breach primarily affects government service recipients in Texas and Oregon, where conduent processes Medicaid, SNAP and Child Support services. Texas alone accounts for 15.4 million impacted residents, while Oregon reports 10.5 million records exposed victims are now being notified and urged to place fraud alerts on their credit files. The combination of Social Security and medical data creates long term identity theft risk. Orca Security has disclosed a GitHub Codespaces vulnerability dubbed Rogue Pilot that could have enabled repository takeovers through malicious Copilot instructions embedded in GitHub issues. According to Orca, attackers could inject hidden prompts into an issue description, causing the in environment copilot assistant to exfiltrate a privileged GitHub token. The attack chain combines symbolic links, automatic JSON schema downloads and CoPilot's deep integration in code spaces to leak tokens without user approval. Because the token provides read and write repository access, compromise could lead to full takeover. GitHub patched the issue after responsible disclosure, Orca reports. Zero Day Rat, a new mobile spyware platform is being marketed on Telegram as a subscription based malware malware as a service offering that targets Android and iOS devices, according to research from Cyberthint. Researchers say the platform uses SMS phishing, fake app stores and links shared via WhatsApp and Telegram to infect victims. Promotional materials show multi stage redirection chains including abuse of GitHub pages to mask malicious links. Once installed, the malware connects to a web based control panel that enables GPS tracking, screen recording, keystroke logging and remote camera and microphone access. It also includes financial theft features such as cryptocurrency, wallet scanning, clipboard injection and attempts to capture credentials for digital payment services. Cyberthint noted inconsistencies in the seller's materials, raising questions about the platform's authenticity. Hackers linked to North Korea's Lazarus group have deployed Medusa ransomware in financially motivated attacks against organizations in the US and the Middle east, according to Symantec. Researchers attributed the activity to Lazarus, likely its Andariel subgroup, based on the use of custom backdoors malware and a Chrome password extractor previously tied to the group. Medusa operates as a ransomware as a service platform allowing affiliates to share ransom proceeds, Symantec notes. This marks the first observed use of Medusa by Lazarus, which previously used strains such as Maui. US Authorities have tied earlier Maui attacks to North Korean operators, including Rim Jong Hyeok, who was indicted in 2024. The shift underscores growing overlap between nation state actors and criminal ransomware Ecosyste. CrowdStrike's latest global threat report finds attackers moving faster and operating across more groups, with breakout times dropping to an average of 29 minutes in 2025, according to CrowdStrike. The fastest observed breakout time fell to 27 seconds, down from 51 seconds a year earlier. The company tracked 281 threat groups by the end of 2025, including 24 newly named actors. Cloud focused attacks rose 37% year over year, with a 266% surge tied to nation state groups. 82% of detected intrusions were malware free, relying instead on valid credentials and legitimate tools. Zero day exploitation increased 42%, particularly targeting Edge devices such as firewalls and virtual private networks. An analysis from the New York Times says President Trump, who established the Cybersecurity and Infrastructure Security agency during his first term, has scaled back key parts of the agency in his second, including dismantling its election security work. Staffing has fallen from about 3,400 employees in January 2025 to fewer than 2,400, and a department of Homeland Security funding lapse has furloughed roughly 60% of the remaining workforce, leaving under 1,000 on duty. The agency is operating without a Senate confirmed director, as nominee Sean Plenke's confirmation has stalled. Lawmakers including Representative Bennie Thompson have warned that deep staffing cuts and lost institutional knowledge threaten CISA's mission. Acting Director Madhu Ghatamukala has said essential operations will continue but acknowledged increased strain. Officials and former employees say morale has declined amid departures, reassignments and uncertainty, raising concerns about readiness in the event of a major cyber attack. Russian inspector satellites are drawing fresh scrutiny after a new report found they've spent years maneuvering alongside Western commercial spacecraft in geostationary orbit. European officials now worry the mission may extend beyond signals intelligence, raising concerns about potential interference with critical communications infrastructure. For more on what these satellites are doing and why it matters, here's our own Maria Vermazes.

D

Thanks, Dave. Two Russian satellites have spent years sidling up to Western communications spacecraft in geostationary orbit, and now European officials worry that their mission goes beyond simply eavesdropping. A new investigation by the Financial Times reports that the Russian satellites that are known publicly as LUCH and LUCH 5X have now maneuvered within roughly 0.1 degrees of commercial operators such as Intelsat and Eutelsat, lingering for weeks or months. The tracking data cited by independent researchers show a pattern of close approaches dating back to 2014. One satellite was moved to a graveyard orbit in 2025 and then later fragmented. Its successor, which was launched in 2023, has repeated similar maneuvers, including near satellites supporting government and military communications. Experts say that intercepted signals could provide intelligence that's useful for future interference or cyber operations, particularly amid the war in Ukraine.

C

Two South Korean teenagers have been charged with breaching Seoul's public bike service in a June 2024 attack that exposed data on 4.6 million users, roughly 90% of the platform's 5 million registrants. Police say the pair, identified only as persons A and B, accessed and downloaded user data, including IDs, phone numbers, addresses and dates of birth while still in middle school. The suspects met on Telegram and allegedly aimed to test their skills and profit. Authorities report no evidence the data was leaked or sold. Coming up after the break, Krishna Sai, CTO at SolarWinds, discusses why leaders should focus less on speculating about an AI bubble and more on how to quantify AI's tangible contributions. And the Pope pushes prayerful priests past predictable programs. Stay with us. No, it's not your imagination. Risk and regulation really are ramping up, and customers expect proof of security before they'll sign that deal. That's where Vanta comes in. Vanta automates your compliance process and brings compliance, risk and customer trust together on one AI powered platform. Whether you're preparing for SOC 2 or managing an enterprise governance risk and compliance program, Vanta helps keep you secure and keeps your deals moving. Companies like Ramp and RYTR spend 82% less time on audits with Vanta. That's not just faster compliance, that's more time for growth. Take it from me, if you're thinking about compliance, take the time to check out Vanta. Get started@vanta.com cyber.

A

Close your eyes, exhale, feel your body relax and let go of whatever you're carrying today. Well, I'm letting go of the worry that I wouldn't get my new contacts in time for this class. I got them delivered free from 1-800-contacts. Oh my gosh, they're so fast.

D

And breathe.

A

Oh, sorry. I almost couldn't breathe when I saw the discount they gave me on my first order. Oh, sorry. Namaste.

D

Visit 1-800-contacts.com today to save on your first order.

E

1-800-contacts.

C

Krishna Sai is chief technology officer at SolarWinds. I recently got together with him to discuss why leaders should focus less on speculating about an AI bubble and more on how to quantify AI's tangible contributions.

E

When I think of bubbles, there's the economic bubble that folks refer to a lot of time. But I actually have a slightly different view of this in terms of the value or the technology or the possibility. I mean, we talk about AI as an ex industrial revolution. It's been compared to steam engine, electricity and so on and so forth. How real is that is the one lens with which I look at this conversation when we talk about the bubble. And you know, sometimes when you take a step back and look at what it's actually already doing. So if you think about folks who are actively engaging with consumer AI tools, right, like ChatGPT and others, you know, the numbers are pretty staggering. I think there's like 250 to close to 500 million, maybe even more if you include China and others who are actively daily consuming AI tools. And what I think about it is if those tools went away today, you know, folks, a lot of folks are going to be very disappointed because I think they're actively using them for specific reasons. Now this is very, very different from, let's call it the previous so back in the times of the Internet and so on. If I don't know, e pets or pets.com or something went away, probably nobody would have noticed. Right now it's different from an economic and the speculative perspective, but in terms of the daily usage, I think that's a very, very different dimension or lens to look at how AI is penetrated, making a difference. Now that's true in the consumer space, in the enterprise space, arguably you can say that number is a lot lower. But even in terms of new enterprise technologies take a much longer penetration time as well. But even here, if you look through it, the number of folks who are actually starting to use AI pretty significantly across the daily use cases when it comes to enterprise, it's still pretty high compared to any other technology. Which is why I think that there's a slight difference when it comes to AI in terms of, if you take the enterprise as an example, it's already getting built into core workflows, which is very, very different. And we're starting to see AI making a difference in reducing toil, accelerating decisions, improving reliability, for example, in the business that we're in. So it's not a side experiment anymore. I think it's starting to sit into these core workflows. And that's why I think it's less about hype per se, but it's more about execution, maturity and what are the things that you need to for us to Fully realize the value.

C

Do you understand the skepticism that folks have and the concerns that this may all blow up in our faces?

E

Yes, I think a lot of the investment, the discussions are around the level of capital investment that's going into building chips and data centers and to allow the training models and so on and so forth. And there's always, and that's very, very hard to tell exactly what is the level of investment that is needed to unleash the future potential of a technology. But if you wear a different lens and say, hey, what is like even the capabilities that are available today in terms of AI, how much are those being used or realized in the day to day heartbeat of both consumer use cases as well as enterprise use cases? And that's what I tend to be a little bit more bullish on this and I think a lot of that is related to the ROI discussion. Hey, we're not seeing the ROI just yet, and so on and so forth. Which is why I go back to. This is less about the potential of the technology, more about the execution, maturity and understanding and the natural, I would say, life cycle of how these types of technologies penetrate the day to day heartbeat in the enterprise.

C

When you look at the potential for roi, are there any particular use cases that you think could play out favorably here?

E

100% right. I think when we think about enterprise use cases as an example for the business that we are in, we like, we talk a lot with IT and operational teams and so on. Things like, you know, a lot of those teams are buried in ROIs that are already defined for them. Things like the meantime to detect an issue when something goes wrong, the meantime to recover or meantime to respond in terms of customer issues, how many issues get escalated, what is your first contact resolution, what is your operational cost per incident or when there's an outage? These types of things are in case of security and operations. Right. How many incidents can you avoid? What is a reduced blast radius like? A lot of these ROIs are pretty well defined. And I think what we're starting to see is as an example, when you have a well designed or well thought out AI use case that we offer, we see both acceleration in terms of the time to value, meaning how quickly is the adoption of this particular capability in a natural workflow that already exists and how quickly are things like the meantime to resolution of a ticket, as an example, getting accelerated. Those numbers are starting to be a lot more clear in terms of the actual ROI that's being realized.

C

Do you feel like we are on the downward slope of the hype cycle, that it's not so much that people are adopting AI because their competitors are, but that, as you say, they're starting to see the real places where it's actually going to be useful.

E

I think so. I think so. And I think there's a collective. If you think about a tool that you have to buy today, like any new tool purchase that you can think of, if it does not have an AI capability, you perhaps won't even consider it. Right. So a lot of the questions now, even from a end user or buying decision or an end user adoption decision, everybody is looking at it from the lens of how is this tool or this capability going to leverage AI to accelerate what I want to get out of the store? Right. So that lens is super clear across every value stream in the enterprise. Right. So which is why I'm a lot more bullish in terms of the, as you say, the other end of the hype cycle, where folks are actually thinking about operationalizing a lot of this.

C

What are your recommendations then for folks who are looking to set their priorities? You know, they want to balance the things that they clearly see are good outcomes, good potential outcomes from AI, but they also want to be secure, they want to be responsible. How do you go about weighing those needs?

E

One of the kind of the core things I try to highlight is make sure that you are separating what AI is good at from what other things need to do. As an example, if you think about separating the responsibilities, AI is good at reasoning, he's good at exploring, he's good at looking at lots of data, he's great at looking at routine tasks and reducing the toil. But it's not great at authority. So which is why you need to be able to. The way I quote it is you want AI to reason broadly but act narrowly, which means that innovation moves really fast when you have AI in the reasoning layer, things like exploring, correlating, recommending. Whereas execution is what needs to be gated behind the routine things that are absolutely important in enterprise policy, identity, auditability, making sure that there's a clear separation. What you don't want is to give AI the authority to go act unfettered as an example, which is why I think a lot of those types of base understanding and say, how are you going to insert, how are you going to let AI explore? But how are you going to make sure that responsible AI comes in the form of designing platforms where speed and safety are able to scale together? Like that's the lens with which I look at it now in terms of what that means and how you adopt. And this is where I think having a good understanding of anchoring AI initiatives to specific ROIs, whether it's time, cost, risk, reliability, and then designing back from that is super important.

C

That's Krishna Sai from SolarWinds. No, it's not your imagination. Risk and regulation really are ramping up and customers expect proof of security before they'll sign that deal. That's where Vanta comes in. Vanta automates your compliance process and brings compliance, risk and customer trust together on one AI powered platform. Whether you're preparing for SOC 2 or managing an enterprise governance risk and compliance program, Banta helps keep you secure and keeps your deals moving. Companies like Ramp and RYTR spend 82% less time on audits with Vanta. That's not just faster compliance, that's more time for growth. Take it from me. If you're thinking about compliance, take the time to check out Vanta. Get started@vanta.com cyber.

A

This episode is brought to you by indeed. Stop waiting around for the perfect candidate. Instead, use Indeed sponsored jobs to find the right people with the right skills fast. It's a simple way to make sure your listing is the first candidate C According to indeed data, sponsored jobs have four times more applicants than non sponsored jobs. So go build your dream team today with Indeed. Get a $75 sponsored job credit at Indeed.com podcast terms and conditions Appreciate and

C

finally, in a private exchange with Rome's priests, Pope Leo XIV offered encouragement, practical counsel, and one gently barbed warning that likely landed with particular clarity. When asked how to reach young people, he pointed first to personal witness, then widening the circle through genuine communion. On parish life, he advised priests to truly know their communities because loving them requires more than a passing familiarity with the parish calendar. But it was his aside on homily preparation that drew knowing smiles. The pope urged priests to use their own minds, not artificial intelligence, to craft their sermons. He has, he noted, seen and heard what happens otherwise. Prayer, he added, cannot be outsourced either. It requires time with the Lord, not just efficient recitation. On rivalry and the loneliness of older clergy, Leo returned to fraternity, gratitude and humility. In other words, no shortcuts there either. And that's the Cyberwire. For links to all of today's stories, check out our daily briefing@thecyberwire.com as we celebrate 10 years of bringing you this daily Cyberwire podcast, we would love to know what you think are some of the most impactful breaches of the last 10 years. We'd love to hear from you. You can email us@cyberwire2k.com N2K's lead producer is Liz Stokes. We're mixed by Trey Hester with original music by Elliot Peltzman. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. If you only attend one cybersecurity conference this year, make it RSAC 2026. It's happening March 23rd through the 26th in San Francisco, bringing together the global security community for four days of expert insights, hands on learning, and real innovation. I'll say this plainly, I never miss this conference. The ideas and conversations stay with me all year. Join thousands of practitioners and leaders tackling today's toughest challenges and shaping what comes next. Register today@rsaconference.com cyberwire26 I'll see you in San Francisco.