A

You're listening to the Cyberwire Network powered by N2K. When cyber threats strike, minutes matter. Booz Allen brings the same battle tested expertise trusted to protect national security to defend today's leading global organizations. They safeguard their data, strengthen enterprise resilience and mobilize in minutes across energy, healthcare, financial services and medicine manufacturing. Their teams don't just respond, they anticipate, outthink and stay ahead of evolving threats. This is powerful protection for commercial leaders only. From Booz Allen. See how your organization can prepare today@booz allen.com Commercial. Rudd takes the helm at NSA and Cyber Command A watchdog probes alleged Social Security data mishandling Patch Tuesday lands government's brace for cyber fallout from Iran beat bankers spreads via fake Starlink apps install Fix targets developers ZombieZip hides malware in archives DHS reassigns CBP officials in a FOIA secrecy dispute Ben Yellen unpacks Anthropic's lawsuit against the Pentagon and AI Eye wear leads to awkward exposures. It's Wednesday, march 11, 2026. I'm dave bittner and this is your cyberwire intel brief. Foreign. Thanks for joining us here today. It's great to have you with us. The Senate has confirmed general Joshua Rudd to lead both the national security agency and U.S. cyber command, filling a critical national security role vacant since April. Lawmakers approved Rudd in a 71 to 29 vote yesterday. He becomes the first Senate confirmed leader since President Donald Trump fired general Timothy Hogg last April. Lieutenant general William Hartman has served as acting chief since then and plans to retire after Rudd is sworn in. Trump nominated Rudd in December. Rudd previously served as deputy director of US Indo Pacific Command. He has decades of military experience, though none in cybersecurity leadership roles. The confirmation drew criticism from Senator Ron Wyden, who cited concerns about Rudd's cyber experience and his understanding of National Security Agency surveillance authorities. Rudd told lawmakers he will continue evaluating the long debated dual hat structure and defended section 702 of the Foreign Intelligence Surveillance act, which expires in April. The Social Security Administration's inspector general is investigating a whistleblower complaint alleging a former U.S. doge service engineer claimed access to highly sensitive citizen databases and intended to share the data with a private employer, according to the complaint. The former employee allegedly told colleagues he possessed copies of two restricted Social Security databases, Numident and the Master Death File, which together contain records on more than 500 million living and deceased Americans. The records include Social Security numbers and other identifying information the complaint alleges he stored at least one data set on a thumb drive and sought help transferring it to a personal computer to sanitize before use at a contractor. The allegations do not claim the data was successfully transferred. The Inspector general has notified Congress and shared the disclosure with the Government Accountability Office. The claims raise concerns about potential mishandling of highly sensitive federal data. Agency officials and the former employee deny wrongdoing, and investigations are ongoing. Yesterday was Patch Tuesday and Microsoft has released security updates addressing 83 vulnerabilities across its products. None of the flaws are currently known to be exploited in the wild, though two vulnerabilities were publicly disclosed before patches were released. The update includes one critical bug, a remote code execution issue in the device's pricing program that Microsoft says has already been mitigated. Other notable issues include privilege escalation flaws in Windows components and an Azure MCP Server Tools vulnerability that could allow attackers to capture a managed identity token by submitting crafted input. Additional Azure flaws affect Linux virtual machines and Azure IoT Explorer. Privilege escalation bugs are often used after attackers gain initial access, making timely patching important even in quieter update cycles. Adobe has released security updates addressing 80 vulnerabilities across eight products, including Adobe Commerce, Illustrator, Acrobat Reader, and Premiere Pro. The largest set of fixes targets 19 flaws in Adobe Commerce and Magento open source, including several high severity privilege escalation bugs and a security feature bypass. Adobe urged users to apply these patches within 30 days because the platforms are frequent targets for attackers. Additional updates address vulnerabilities that could lead to arbitrary code execution in Illustrator, Acrobat Reader, Premiere Pro, and other tools. Adobe says none of the flaws are currently known to be exploited. Fortinet, Ivanti and Intel have released security updates addressing dozens of vulnerabilities across enterprise and firmware products. Fortinet Patch 22 flaws affecting products including FortaWeb, FortaSwitch, AX Fixed, Forta Manager, and Forta Client Linux. Several high severity issues could allow remote attackers to bypass authentication limits or execute unauthorized commands, while a FORTA Client Linux flaw could enable local privilege escalation to root. Ivante fixed a high severity privilege escalation bug in desktop and server management. Intel also disclosed nine vulnerabilities in the UEFI firmware for certain reference platforms and issued updates affecting more than 45 processor models. Major industrial technology vendors including Siemens, Schneider Electric, Mitsubishi Electric, and Moxa have released Patch Tuesday advisories addressing newly discovered vulnerabilities in industrial control system products. Schneider Electric disclosed six issues, including high severity flaws affecting EcoStruxure platforms that could enable command execution, arbitrary code execution or system compromise. Siemens also published six advisories, including a critical stored cross site scripting vulnerability in Simatic S7 1500 devices. Mitsubishi Electric reported a remotely exploitable denial of service flaw in several numerical control systems. Moxa issued four advisories largely tied to vulnerabilities in intel components. State and local government officials are being urged to prepare for potential cyber and physical threats following US And Israeli military strikes on Iran. During a briefing hosted by the center for Internet Security's Multistate Information Sharing and Analysis center, officials warned that governments could face increased low level Cyber activity, including DDoS attacks and website defacements. Threat intelligence leaders said politically motivated hacktivist groups aligned with Iran or Russia are forming coalitions that could expand targeting capabilities. Officials also warned that damage to regional infrastructure, including cloud data centers and shipping routes, could disrupt global technology supply chains and online services. Researchers have identified a new Android malware strain called Beat Banker that spreads through fake websites, impersonating the Google Play Store and posing as a Starlink app. According to Kaspersky, the malware combines banking Trojan capabilities with cryptocurrency mining. It can steal credentials, manipulate cryptocurrency transactions, and mine Monero on infected devices. Recent variants also deploy the Bitmob Remote Access Trojan, giving attackers full control of the device, including key logging, screen recording, camera access and GPS tracking. Beat Banker uses several evasion techniques, including delayed execution and a persistence method that continuously plays a near silent audio file to keep the malware running. Researchers are warning about a new social engineering tactic called Install Fix that tricks users into installing malware by posing as legitimate command line tool installers. According to Push Security, attackers create cloned installation pages for popular developer tools and replace legitimate setup commands with malicious ones. The technique targets users who copy and run curl to bash commands commonly used to install command line interfaces. One observed command cloned the installation page for Anthropic's Claude code tool and promoted it through Google Search ads. The malicious commands delivered Amatera stealer malware designed to steal credentials, browser data and cryptocurrency wallet information. The attack exploits common developer workflows and trusted installation practices, making malicious commands harder for users to detect. Researchers have disclosed a new evasion technique called Zombie Zip that can conceal malicious payloads inside compressed archives while bypassing many security scanners. The method manipulates zip file headers so security tools treat compressed data as uncompressed. According to Bombadil Systems researcher Chris Aziz, many antivirus engines trust the zip header's compression method field and scan the archive incorrectly seeing only compressed noise rather than the actual payload. Standard extraction tools such as WinRAR and 7zip typically fail to unpack the files, showing errors or corrupted data. A custom loader that ignores the header, however, can correctly decompress the hidden payload. Cert Coordination center has issued a warning and assigned the issue a cve. The Department of Homeland Security reassigned several career Customs and Border Protection officials after they objected to orders to restrict the release of surveillance records under the Freedom of Information Act. According to reporting reviewed by Wired, DHS directed staff to label privacy Threshold analyses compliance forms describing how government technologies collect personal data as drafts and legally privileged documents. Sources say the move followed the public release of a redacted assessment describing Mobile Fortify, a facial recognition application used by cbp. The reassigned officials include the agency's top privacy officer, a Privacy branch chief, and the director of the FOIA office. Critics argue the policy could allow the departments to withhold records detailing surveillance tools and privacy impacts. Restricting access to these documents could limit public oversight of government surveillance technologies. Coming up after the break, Ben Yellen unpacks Anthropic's lawsuit against the Pentagon and AI Eyewear leads to awkward exposures Stay with us. AI is changing how enterprises operate and how they stay protected. It's time to eliminate risk and protect innovation. From March 23rd through the 26th, join Trend AI for actionable AI security insights. Catch impactful sessions at RSAC, then unwind and grab a bite at their lounge in Trapa. Sueno. Experience industry leading AI security in person. Engage with the experts and get your chance to win $500,000. San Francisco lets AI fearlessly. Learn more@trendmicro.com RSA. If you're defending a network today, there's a simple question worth asking. What does the attacker see when they look at your organization? Nord Stellar helps answer that. Nord Stellar is a threat exposure management platform that gives security teams visibility into external risks, including leaked credentials, active session tokens, impersonation attempts and exposed assets across the Surface Web and the Dark Web. It's built to help organizations detect the consequences of breaches early, before attackers turn access into action. From monitoring for infosteeler malware logs to identifying cybersquatting and brand abuse, Nord Stellar helps teams focus on the threats that actually matter. Executives get clear, actionable insights tied to business risk. Security teams get real time alerts and one of the largest deep and dark Web intelligence pools in the Cybercriminals may already be looking for your weak spots. Don't make it easy for them. Be the one that's prepared. Defend your business with Nordstellar. Use the code CYBERWIRE10 to unlock your exclusive discount. Go to nordsteller.com cyberwire daily and learn. And joining me once again is Ben Yellen. He is from the University of Maryland center for Cyber Health and Hazard Strategies. But more important than that, he is my co host on the Caveat podcast where we discuss privacy, surveillance law and policy. Ben, welcome back.

B

Good to be with you again, Dave.

A

So let's jump in here with the latest on this kerfuffle between Anthropic and the Pentagon. Can you bring us up to date here? Ben?

B

Sure. So just to catch everybody up, Anthropic had a deal with the Pentagon. They were going to be involved in a bunch of different Department of War, I guess I should call it activities. But they tried to put up some guardrails saying that they weren't going to be fully compliant when it came to fully autonomous weapons systems and mass domestic surveillance. And that disagreement came out into public view at the end of February. And then the Pentagon not only decided to terminate the contract with Anthropic, but the administration issued this executive order saying that because Anthropic now represents a risk to the supply chain, any federal agency and any federal contractor is prohibited from doing business with Anthropic. And the particular contract with the Pentagon was replaced with a contract with OpenAI. So a different company, Anthropic, is filing a lawsuit in federal court in the Northern District of California challenging this executive order. I think they are mildly upset about the fact they lost this Pentagon contract, but they're far more upset, and I think reasonably so, with this designation of them as a supply chain risk. They think that this designation is pretextual, that it is punishing them for their position on AI ethics and the use of their AI tools for such serious things as autonomous weapons systems and mass surveillance. So their lawsuit is on a couple of grounds. First, that this is arbitrary and capricious under the Administrative Procedure Act. The argument here is that this is an administrative action that's so far afield of the administration's authority and is arbitrary in a sense that it doesn't actually further any meaningful government interests in a compelling way. So that's one part of their argument. The other part, which I think is more interesting for our purposes, is that this is a violation of the First Amendment right to free speech and free association. What they are alleging in the suit is that they're being punished for their speech. And by speech, it's public pronouncements by the CEO about the risks of unregulated AI. And it's their very public refusal to give the Pentagon carte blanche when it comes to these particular issues. The Constitution obviously protects First Amendment rights. And the way the Supreme Court has interpreted that is if the government is trying to take away constitutional rights as it relates to the content of speech, the government has to have a very good reason to do so. And that's called strict scrutiny. And under strict scrutiny, the government has to have a compelling interest. And I think you could make an argument, and the government will make the argument, that national security is a compelling interest. But the means of achieving that interest have to be narrowly tailored. And I think that's where the government is going to run into problems. If the government actually thought that Anthropic represented some type of national security threat, then I think it would have been appropriate for them to terminate the Pentagon contract. But not to prohibit any other federal agency or contractor from coming up with an agreement with Anthropic for the use of their AI tools for even banal occurrences.

A

Right.

B

Like summarizing data in the Department of Treasury for the Bureau of Labor Statistics

A

we mentioned on caveat, you know, coming up with nutritional menus for kids in schools or something. You know, something having nothing to do with national security.

B

Right. So it goes so far afield of what the government's purported interest is here, compelling interest for the purposes of strict scrutiny, that I think there's a very good chance that the federal court in the Northern District of California issued some type of preliminary injunction or temporary restraining order preventing the federal government from enforcing this administration's action on the supply chain risk issue.

A

And so suppose they rule in Anthropic's favor, what does that mean? And they still don't get the Pentagon contract, but they don't have this poison pill for excluding them from the entire federal government.

B

Exactly. So the remedy is a little bit complicated here, but I think the most likely scenario is, yes, they would not renew that Pentagon contract that had previously been in place. I think the new contract with OpenAI, which was agreed to on the same day that Anthropic was put on this naughty list for supply chain purposes, that's going to stay in place. But I think they would now be at least temporarily able to contract with federal agencies and contractors for business purposes to sell the whatever Claude service is most valuable to a particular federal agency or contractor. There are questions about whether a Anthropic would want to do that or given the chance of this being some type of injunction, being reversed on appeal at a federal appeals court, whether agencies or federal contractors are going to want to take that risk. And I think there could be a chilling effect where even if there's a favorable court ruling that removes the supply chain risk designation from Anthropic, you get contractors and federal agencies saying like, yeah, let's see what happens. First, we don't want to be in a situation where we've developed the system and then Anthropic's contracts with the federal government are summarily terminated once again because of an appeals court holding. So certainly those are considerations. But I do think, and this is me prognosticating, which is never safe if you look at my record of bets on FanDuel, you don't want to take my predictions at face value necessarily. But I do think that Anthropic has a very good case here.

A

All right, well, we will have a link to that story in the show. Notes Ben Yellen is from the University of Maryland center for Cyber Health and Hazard Strategies and also my co host on the Caveat podcast. Ben, thanks so much for joining us.

B

Great to be with you, Dave.

A

No, it's not your imagination. Risk and regulation really are ramping up and customers expect proof of security before they'll sign that deal. That's where Vanta comes in. Vanta automates your compliance process and brings compliance, risk and customer trust together on one AI powered platform. Whether you're preparing for SoC2 or managing an enterprise governance risk and compliance program, Vanta helps keep you secure and keeps your deals moving. Companies like Ramp and RYTR spend 82% less time on audits with Vanta. That's not just faster compliance, that's more time for growth. Take it from me, if you're thinking about compliance, take the time to check out Vanta. Get started@vanta.com cyber.

C

It's not just something you made, it's the privilege that you get to work with your hands. It's building something that serves a purpose, proof that you have the grit to keep going. At Timberland, we understand you take your craft seriously, and we do too. Which is why our products are built to the highest quality. We put in the work so you can perfect yours with purpose, in every detail and crafted with intention. Timberland built on craft visit timberland.com to shop.

A

And finally, Meta's AI smart glasses promised hands free insight into the world around you. Some users now suspect the world, unfortunately was looking back. A new class action lawsuit alleges Meta misled customers about privacy protections after reporting found contractors at a Kenya based subcontractor reviewing footage captured by the glasses. According to the complaint, that footage sometimes included extremely private moments, including nudity and other intimate situations. The plaintiffs argue Meta's marketing, which described the glasses as built for your privacy and controlled by you, did not make it clear that shared content could be reviewed by human moderators. Meta says human review may occur when users choose to share media with Meta AI, which the company says helps improve the service. The case underscores a growing reality of AI products. Sometimes smart devices still rely on very human eyes, And that's the Cyberwire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's lead producers, Liz Stokes, were mixed by Trey Hester with original music and sound design by Elliott Peltzman. Our contributing host is Maria Vermazes, our executive producer is Jennifer Ibin, Peter Kilpe is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. If you only attend one cybersecurity conference this year, make it RSAC 2026. It's happening March 23rd through the 26th in San Francisco, bringing together the global security community for four days of expert insights, hands on learning and real innovation. I'll say this plainly, I never miss this conference. The ideas and conversations stay with me all year. Join thousands of practitioners and leaders tackling today's toughest challenges and shaping what comes next. Register today@rsaconference.com cyberwire26. I'll see you in San Francisco.