CyberWire Daily – Episode Summary

Episode Title: New command amid mounting cyber risks
Date: March 11, 2026
Host: Dave Bittner (N2K Networks)
Guests: Ben Yellen (University of Maryland Center for Cyber Health and Hazard Strategies; Caveat podcast co-host)

Overview

This episode of CyberWire Daily focuses on the latest developments in cybersecurity at the intersection of national policy, technology, and threat intelligence. Major topics include the Senate confirmation of General Joshua Rudd as head of the NSA and U.S. Cyber Command, mounting cyber threats related to Middle East tensions, significant security updates and patch advisories, new malware and social engineering tactics targeting both individuals and organizations, and legal and ethical challenges surrounding AI integration within government agencies. The episode also features an in-depth interview with legal analyst Ben Yellen about Anthropic's lawsuit against the Pentagon following its designation as a "supply chain risk".

Key Discussion Points & Insights

1. Leadership Changes in U.S. Cybersecurity Oversight

Joshua Rudd confirmed as dual leader of NSA and U.S. Cyber Command:
- Senate approved Rudd in a 71-29 vote, marking the first confirmed leader since Trump fired Gen. Timothy Hogg (00:45–02:10).
- Rudd’s background is in military command, not cybersecurity leadership.
- Confirmation was contentious due to skepticism about Rudd’s cyber experience, particularly from Senator Ron Wyden.
- Rudd commits to reevaluating the long-debated "dual hat" structure and defends surveillance authorities under FISA Section 702, expiring in April.

2. Social Security Data Mishandling Investigation

Watchdog investigating whistleblower complaint (02:11–03:12):
- Former U.S. Doge Service engineer allegedly accessed highly sensitive databases (Numident & Master Death File) and intended to share with a private contractor.
- Over 500 million records could be involved; data included SSNs and other identifiers.
- The Inspector General notified Congress; both the agency and accused employee deny wrongdoing.

3. Patch Tuesday & Security Update Highlights

Microsoft:
- 83 vulnerabilities patched; includes one critical remote code execution bug and notable privilege escalation flaws (03:13–04:12).
Adobe:
- 80 vulnerabilities across eight products, focusing on Commerce/Magento and code execution risk (04:12–04:43).
- Users encouraged to patch within 30 days.
Other Vendors:
- Fortinet, Ivanti, Intel, Siemens, Schneider Electric, Mitsubishi Electric, and Moxa issue updates for high-severity vulnerabilities, particularly in industrial control and IoT systems (04:44–06:10).

4. Heightened Cyberthreat Environment Post-Iran Strikes

State and Local Governments on Alert (06:11–06:57):
- Threat intelligence reports increased risk of DDoS attacks, website defacements, and more sophisticated coalition threats from groups aligned with Iran or Russia.
- Potential disruptions to infrastructure and supply chains due to regional instability.

5. New Malware & Social Engineering Campaigns

Beat Banker Android Malware (06:58–07:47):
- Spreads via fake Starlink app sites, combining banking trojan and crypto mining.
- Includes device takeover (keylogging, screen/camera access, GPS tracking).
- Uses evasion methods, such as silent audio playback for persistence.
Install Fix Social Engineering Tactic (07:48–08:40):
- Attackers clone legitimate CLI installation pages (e.g., Anthropic's Claude) and trick users via Google ads into running malicious curl-to-bash commands.
- Delivers Amatera Stealer malware targeting developers’ credentials and wallets.
Zombie Zip Archival Evasion (08:41–09:35):
- New zip file header manipulation enables malware to evade detection by making security tools misinterpret compressed data.
- Extraction tools fail, but custom loaders can access the hidden payload.
- CERT warns and issues CVE.

6. Government Privacy and Transparency Tensions

DHS Reassigns CBP Officials Over FOIA Disputes (09:36–10:22):
- Internal opposition to labeling certain data collection records as legally privileged "drafts."
- Critics argue policy undermines public oversight of surveillance technologies.

In-Depth Segment: Anthropic v. Pentagon Lawsuit

Guest: Ben Yellen, legal analyst
Segment Start: 15:51

Background

Anthropic (AI company) had a contract with the Pentagon but refused carte blanche use of its AI for autonomous weapons and mass surveillance. Pentagon canceled the contract, labeled Anthropic a supply chain risk, and barred federal contractors from doing business with them, switching instead to a contract with OpenAI.

Legal Claims & Arguments

Administrative Procedure Act (16:40–17:24):
- Anthropic alleges government action is “arbitrary and capricious”—no compelling reason for full supply chain risk designation outside the Pentagon contract.
First Amendment Violation (17:25–19:25):
- Anthropic claims they're being punished for public statements and refusal to support certain military AI applications.
- Yellen: “If the government is trying to take away constitutional rights as it relates to the content of speech, the government has to have a very good reason… under strict scrutiny… the means have to be narrowly tailored.” (18:10)
- Government’s broad ban on all contracting with Anthropic seen as exceeding necessary scope.
Impact & Remedies (20:07–22:06):
- If Anthropic wins, they'll remain excluded from the Pentagon contract (already given to OpenAI) but could return to other federal agency business.
- Risk of a "chilling effect" remains for agencies/contractors wary of reversals or controversy.
- Ben Yellen: “I do think that Anthropic has a very good case here.” (22:03)

Notable Quotes

“It goes so far afield of what the government's purported interest is here… that I think there’s a very good chance that the federal court… issues some type of preliminary injunction.” – Ben Yellen (19:40)
“You get contractors and agencies saying, like, yeah, let's see what happens first; we don't want to be in a situation where we've developed a system and then Anthropic’s contracts… are summarily terminated.” – Ben Yellen (21:18–21:33)

Notable Moment: Meta AI Eyewear Privacy Lawsuit

Segment: 24:03–24:45

Meta faces class action lawsuit:
- Plaintiffs allege Meta misled about privacy after it was revealed Kenya-based contractors reviewed footage from AI smart glasses, including private moments (nudity/intimate settings).
- Marketing said glasses were "built for your privacy and controlled by you" but failed to clarify human moderation risk.
- “Sometimes smart devices still rely on very human eyes.” – Dave Bittner (24:45)

Timestamps for Key Segments

| Segment | Start-End | |----------------------------------------------|-------------| | Rudd’s Confirmation & NSA/Cyber Command | 00:45–02:10 | | SSA Data Mishandling Investigation | 02:11–03:12 | | Patch Tuesday/Major Vendor Security Updates | 03:13–06:10 | | Iran Strike Fallout/Cyberthreats | 06:11–06:57 | | Beat Banker Android Malware | 06:58–07:47 | | Install Fix Social Engineering | 07:48–08:40 | | Zombie Zip Evasion Technique | 08:41–09:35 | | DHS/CBP FOIA Dispute & Privacy Oversight | 09:36–10:22 | | Ben Yellen on Anthropic v. Pentagon | 15:51–22:19 | | Meta AI Glasses Privacy Lawsuit | 24:03–24:45 |

Memorable Quotes

On Rudd's appointment:
- “He has decades of military experience, though none in cybersecurity leadership roles.” (01:10)
On software installation attacks:
- “The attack exploits common developer workflows and trusted installation practices, making malicious commands harder for users to detect.” (08:15)
On the chilling effect of the government ban:
- “You get contractors and federal agencies saying, like, yeah, let’s see what happens first...” – Ben Yellen (21:18)

Tone

The episode balances accessible, journalistic reporting with technical detail, engaging expert legal analysis, and a matter-of-fact yet inquisitive style from host Dave Bittner.

Additional Resources

For links to all discussed stories, check the daily briefing at thecyberwire.com.
The full legal context, court documents, and continued coverage of the Anthropic lawsuit are linked in show notes.

This summary provides a thorough guide to the episode’s content and commentary, ensuring listeners and non-listeners alike stay up to date on major cybersecurity developments and their wider implications.

Transcript

A (0:02)

You're listening to the Cyberwire Network powered by N2K. When cyber threats strike, minutes matter. Booz Allen brings the same battle tested expertise trusted to protect national security to defend today's leading global organizations. They safeguard their data, strengthen enterprise resilience and mobilize in minutes across energy, healthcare, financial services and medicine manufacturing. Their teams don't just respond, they anticipate, outthink and stay ahead of evolving threats. This is powerful protection for commercial leaders only. From Booz Allen. See how your organization can prepare today@booz allen.com Commercial. Rudd takes the helm at NSA and Cyber Command A watchdog probes alleged Social Security data mishandling Patch Tuesday lands government's brace for cyber fallout from Iran beat bankers spreads via fake Starlink apps install Fix targets developers ZombieZip hides malware in archives DHS reassigns CBP officials in a FOIA secrecy dispute Ben Yellen unpacks Anthropic's lawsuit against the Pentagon and AI Eye wear leads to awkward exposures. It's Wednesday, march 11, 2026. I'm dave bittner and this is your cyberwire intel brief. Foreign. Thanks for joining us here today. It's great to have you with us. The Senate has confirmed general Joshua Rudd to lead both the national security agency and U.S. cyber command, filling a critical national security role vacant since April. Lawmakers approved Rudd in a 71 to 29 vote yesterday. He becomes the first Senate confirmed leader since President Donald Trump fired general Timothy Hogg last April. Lieutenant general William Hartman has served as acting chief since then and plans to retire after Rudd is sworn in. Trump nominated Rudd in December. Rudd previously served as deputy director of US Indo Pacific Command. He has decades of military experience, though none in cybersecurity leadership roles. The confirmation drew criticism from Senator Ron Wyden, who cited concerns about Rudd's cyber experience and his understanding of National Security Agency surveillance authorities. Rudd told lawmakers he will continue evaluating the long debated dual hat structure and defended section 702 of the Foreign Intelligence Surveillance act, which expires in April. The Social Security Administration's inspector general is investigating a whistleblower complaint alleging a former U.S. doge service engineer claimed access to highly sensitive citizen databases and intended to share the data with a private employer, according to the complaint. The former employee allegedly told colleagues he possessed copies of two restricted Social Security databases, Numident and the Master Death File, which together contain records on more than 500 million living and deceased Americans. The records include Social Security numbers and other identifying information the complaint alleges he stored at least one data set on a thumb drive and sought help transferring it to a personal computer to sanitize before use at a contractor. The allegations do not claim the data was successfully transferred. The Inspector general has notified Congress and shared the disclosure with the Government Accountability Office. The claims raise concerns about potential mishandling of highly sensitive federal data. Agency officials and the former employee deny wrongdoing, and investigations are ongoing. Yesterday was Patch Tuesday and Microsoft has released security updates addressing 83 vulnerabilities across its products. None of the flaws are currently known to be exploited in the wild, though two vulnerabilities were publicly disclosed before patches were released. The update includes one critical bug, a remote code execution issue in the device's pricing program that Microsoft says has already been mitigated. Other notable issues include privilege escalation flaws in Windows components and an Azure MCP Server Tools vulnerability that could allow attackers to capture a managed identity token by submitting crafted input. Additional Azure flaws affect Linux virtual machines and Azure IoT Explorer. Privilege escalation bugs are often used after attackers gain initial access, making timely patching important even in quieter update cycles. Adobe has released security updates addressing 80 vulnerabilities across eight products, including Adobe Commerce, Illustrator, Acrobat Reader, and Premiere Pro. The largest set of fixes targets 19 flaws in Adobe Commerce and Magento open source, including several high severity privilege escalation bugs and a security feature bypass. Adobe urged users to apply these patches within 30 days because the platforms are frequent targets for attackers. Additional updates address vulnerabilities that could lead to arbitrary code execution in Illustrator, Acrobat Reader, Premiere Pro, and other tools. Adobe says none of the flaws are currently known to be exploited. Fortinet, Ivanti and Intel have released security updates addressing dozens of vulnerabilities across enterprise and firmware products. Fortinet Patch 22 flaws affecting products including FortaWeb, FortaSwitch, AX Fixed, Forta Manager, and Forta Client Linux. Several high severity issues could allow remote attackers to bypass authentication limits or execute unauthorized commands, while a FORTA Client Linux flaw could enable local privilege escalation to root. Ivante fixed a high severity privilege escalation bug in desktop and server management. Intel also disclosed nine vulnerabilities in the UEFI firmware for certain reference platforms and issued updates affecting more than 45 processor models. Major industrial technology vendors including Siemens, Schneider Electric, Mitsubishi Electric, and Moxa have released Patch Tuesday advisories addressing newly discovered vulnerabilities in industrial control system products. Schneider Electric disclosed six issues, including high severity flaws affecting EcoStruxure platforms that could enable command execution, arbitrary code execution or system compromise. Siemens also published six advisories, including a critical stored cross site scripting vulnerability in Simatic S7 1500 devices. Mitsubishi Electric reported a remotely exploitable denial of service flaw in several numerical control systems. Moxa issued four advisories largely tied to vulnerabilities in intel components. State and local government officials are being urged to prepare for potential cyber and physical threats following US And Israeli military strikes on Iran. During a briefing hosted by the center for Internet Security's Multistate Information Sharing and Analysis center, officials warned that governments could face increased low level Cyber activity, including DDoS attacks and website defacements. Threat intelligence leaders said politically motivated hacktivist groups aligned with Iran or Russia are forming coalitions that could expand targeting capabilities. Officials also warned that damage to regional infrastructure, including cloud data centers and shipping routes, could disrupt global technology supply chains and online services. Researchers have identified a new Android malware strain called Beat Banker that spreads through fake websites, impersonating the Google Play Store and posing as a Starlink app. According to Kaspersky, the malware combines banking Trojan capabilities with cryptocurrency mining. It can steal credentials, manipulate cryptocurrency transactions, and mine Monero on infected devices. Recent variants also deploy the Bitmob Remote Access Trojan, giving attackers full control of the device, including key logging, screen recording, camera access and GPS tracking. Beat Banker uses several evasion techniques, including delayed execution and a persistence method that continuously plays a near silent audio file to keep the malware running. Researchers are warning about a new social engineering tactic called Install Fix that tricks users into installing malware by posing as legitimate command line tool installers. According to Push Security, attackers create cloned installation pages for popular developer tools and replace legitimate setup commands with malicious ones. The technique targets users who copy and run curl to bash commands commonly used to install command line interfaces. One observed command cloned the installation page for Anthropic's Claude code tool and promoted it through Google Search ads. The malicious commands delivered Amatera stealer malware designed to steal credentials, browser data and cryptocurrency wallet information. The attack exploits common developer workflows and trusted installation practices, making malicious commands harder for users to detect. Researchers have disclosed a new evasion technique called Zombie Zip that can conceal malicious payloads inside compressed archives while bypassing many security scanners. The method manipulates zip file headers so security tools treat compressed data as uncompressed. According to Bombadil Systems researcher Chris Aziz, many antivirus engines trust the zip header's compression method field and scan the archive incorrectly seeing only compressed noise rather than the actual payload. Standard extraction tools such as WinRAR and 7zip typically fail to unpack the files, showing errors or corrupted data. A custom loader that ignores the header, however, can correctly decompress the hidden payload. Cert Coordination center has issued a warning and assigned the issue a cve. The Department of Homeland Security reassigned several career Customs and Border Protection officials after they objected to orders to restrict the release of surveillance records under the Freedom of Information Act. According to reporting reviewed by Wired, DHS directed staff to label privacy Threshold analyses compliance forms describing how government technologies collect personal data as drafts and legally privileged documents. Sources say the move followed the public release of a redacted assessment describing Mobile Fortify, a facial recognition application used by cbp. The reassigned officials include the agency's top privacy officer, a Privacy branch chief, and the director of the FOIA office. Critics argue the policy could allow the departments to withhold records detailing surveillance tools and privacy impacts. Restricting access to these documents could limit public oversight of government surveillance technologies. Coming up after the break, Ben Yellen unpacks Anthropic's lawsuit against the Pentagon and AI Eyewear leads to awkward exposures Stay with us. AI is changing how enterprises operate and how they stay protected. It's time to eliminate risk and protect innovation. From March 23rd through the 26th, join Trend AI for actionable AI security insights. Catch impactful sessions at RSAC, then unwind and grab a bite at their lounge in Trapa. Sueno. Experience industry leading AI security in person. Engage with the experts and get your chance to win $500,000. San Francisco lets AI fearlessly. Learn more@trendmicro.com RSA. If you're defending a network today, there's a simple question worth asking. What does the attacker see when they look at your organization? Nord Stellar helps answer that. Nord Stellar is a threat exposure management platform that gives security teams visibility into external risks, including leaked credentials, active session tokens, impersonation attempts and exposed assets across the Surface Web and the Dark Web. It's built to help organizations detect the consequences of breaches early, before attackers turn access into action. From monitoring for infosteeler malware logs to identifying cybersquatting and brand abuse, Nord Stellar helps teams focus on the threats that actually matter. Executives get clear, actionable insights tied to business risk. Security teams get real time alerts and one of the largest deep and dark Web intelligence pools in the Cybercriminals may already be looking for your weak spots. Don't make it easy for them. Be the one that's prepared. Defend your business with Nordstellar. Use the code CYBERWIRE10 to unlock your exclusive discount. Go to nordsteller.com cyberwire daily and learn. And joining me once again is Ben Yellen. He is from the University of Maryland center for Cyber Health and Hazard Strategies. But more important than that, he is my co host on the Caveat podcast where we discuss privacy, surveillance law and policy. Ben, welcome back.

CyberWire Daily – Episode Summary

Overview

Key Discussion Points & Insights

1. Leadership Changes in U.S. Cybersecurity Oversight

Joshua Rudd confirmed as dual leader of NSA and U.S. Cyber Command:
- Senate approved Rudd in a 71-29 vote, marking the first confirmed leader since Trump fired Gen. Timothy Hogg (00:45–02:10).
- Rudd’s background is in military command, not cybersecurity leadership.
- Confirmation was contentious due to skepticism about Rudd’s cyber experience, particularly from Senator Ron Wyden.
- Rudd commits to reevaluating the long-debated "dual hat" structure and defends surveillance authorities under FISA Section 702, expiring in April.

2. Social Security Data Mishandling Investigation

Watchdog investigating whistleblower complaint (02:11–03:12):
- Former U.S. Doge Service engineer allegedly accessed highly sensitive databases (Numident & Master Death File) and intended to share with a private contractor.
- Over 500 million records could be involved; data included SSNs and other identifiers.
- The Inspector General notified Congress; both the agency and accused employee deny wrongdoing.

3. Patch Tuesday & Security Update Highlights

Microsoft:
- 83 vulnerabilities patched; includes one critical remote code execution bug and notable privilege escalation flaws (03:13–04:12).
Adobe:
- 80 vulnerabilities across eight products, focusing on Commerce/Magento and code execution risk (04:12–04:43).
- Users encouraged to patch within 30 days.
Other Vendors:
- Fortinet, Ivanti, Intel, Siemens, Schneider Electric, Mitsubishi Electric, and Moxa issue updates for high-severity vulnerabilities, particularly in industrial control and IoT systems (04:44–06:10).

4. Heightened Cyberthreat Environment Post-Iran Strikes

State and Local Governments on Alert (06:11–06:57):
- Threat intelligence reports increased risk of DDoS attacks, website defacements, and more sophisticated coalition threats from groups aligned with Iran or Russia.
- Potential disruptions to infrastructure and supply chains due to regional instability.

5. New Malware & Social Engineering Campaigns

Beat Banker Android Malware (06:58–07:47):
- Spreads via fake Starlink app sites, combining banking trojan and crypto mining.
- Includes device takeover (keylogging, screen/camera access, GPS tracking).
- Uses evasion methods, such as silent audio playback for persistence.
Install Fix Social Engineering Tactic (07:48–08:40):
- Attackers clone legitimate CLI installation pages (e.g., Anthropic's Claude) and trick users via Google ads into running malicious curl-to-bash commands.
- Delivers Amatera Stealer malware targeting developers’ credentials and wallets.
Zombie Zip Archival Evasion (08:41–09:35):
- New zip file header manipulation enables malware to evade detection by making security tools misinterpret compressed data.
- Extraction tools fail, but custom loaders can access the hidden payload.
- CERT warns and issues CVE.

6. Government Privacy and Transparency Tensions

DHS Reassigns CBP Officials Over FOIA Disputes (09:36–10:22):
- Internal opposition to labeling certain data collection records as legally privileged "drafts."
- Critics argue policy undermines public oversight of surveillance technologies.

In-Depth Segment: Anthropic v. Pentagon Lawsuit

Guest: Ben Yellen, legal analyst
Segment Start: 15:51

Background

Anthropic (AI company) had a contract with the Pentagon but refused carte blanche use of its AI for autonomous weapons and mass surveillance. Pentagon canceled the contract, labeled Anthropic a supply chain risk, and barred federal contractors from doing business with them, switching instead to a contract with OpenAI.

Legal Claims & Arguments

Administrative Procedure Act (16:40–17:24):
- Anthropic alleges government action is “arbitrary and capricious”—no compelling reason for full supply chain risk designation outside the Pentagon contract.
First Amendment Violation (17:25–19:25):
- Anthropic claims they're being punished for public statements and refusal to support certain military AI applications.
- Yellen: “If the government is trying to take away constitutional rights as it relates to the content of speech, the government has to have a very good reason… under strict scrutiny… the means have to be narrowly tailored.” (18:10)
- Government’s broad ban on all contracting with Anthropic seen as exceeding necessary scope.
Impact & Remedies (20:07–22:06):
- If Anthropic wins, they'll remain excluded from the Pentagon contract (already given to OpenAI) but could return to other federal agency business.
- Risk of a "chilling effect" remains for agencies/contractors wary of reversals or controversy.
- Ben Yellen: “I do think that Anthropic has a very good case here.” (22:03)

Notable Quotes

“It goes so far afield of what the government's purported interest is here… that I think there’s a very good chance that the federal court… issues some type of preliminary injunction.” – Ben Yellen (19:40)
“You get contractors and agencies saying, like, yeah, let's see what happens first; we don't want to be in a situation where we've developed a system and then Anthropic’s contracts… are summarily terminated.” – Ben Yellen (21:18–21:33)

Notable Moment: Meta AI Eyewear Privacy Lawsuit

Segment: 24:03–24:45

Meta faces class action lawsuit:
- Plaintiffs allege Meta misled about privacy after it was revealed Kenya-based contractors reviewed footage from AI smart glasses, including private moments (nudity/intimate settings).
- Marketing said glasses were "built for your privacy and controlled by you" but failed to clarify human moderation risk.
- “Sometimes smart devices still rely on very human eyes.” – Dave Bittner (24:45)

Timestamps for Key Segments

Memorable Quotes

On Rudd's appointment:
- “He has decades of military experience, though none in cybersecurity leadership roles.” (01:10)
On software installation attacks:
- “The attack exploits common developer workflows and trusted installation practices, making malicious commands harder for users to detect.” (08:15)
On the chilling effect of the government ban:
- “You get contractors and federal agencies saying, like, yeah, let’s see what happens first...” – Ben Yellen (21:18)

Tone

The episode balances accessible, journalistic reporting with technical detail, engaging expert legal analysis, and a matter-of-fact yet inquisitive style from host Dave Bittner.

Additional Resources

For links to all discussed stories, check the daily briefing at thecyberwire.com.
The full legal context, court documents, and continued coverage of the Anthropic lawsuit are linked in show notes.

New command amid mounting cyber risks.

Summary

CyberWire Daily – Episode Summary

Overview

Key Discussion Points & Insights

1. Leadership Changes in U.S. Cybersecurity Oversight

2. Social Security Data Mishandling Investigation

3. Patch Tuesday & Security Update Highlights

4. Heightened Cyberthreat Environment Post-Iran Strikes

5. New Malware & Social Engineering Campaigns

6. Government Privacy and Transparency Tensions

In-Depth Segment: Anthropic v. Pentagon Lawsuit

Background

Legal Claims & Arguments

Notable Quotes

Notable Moment: Meta AI Eyewear Privacy Lawsuit

Timestamps for Key Segments

Memorable Quotes

Tone

Additional Resources

Transcript

Summary

CyberWire Daily – Episode Summary

Overview

Key Discussion Points & Insights

1. Leadership Changes in U.S. Cybersecurity Oversight

2. Social Security Data Mishandling Investigation

3. Patch Tuesday & Security Update Highlights

4. Heightened Cyberthreat Environment Post-Iran Strikes

5. New Malware & Social Engineering Campaigns

6. Government Privacy and Transparency Tensions

In-Depth Segment: Anthropic v. Pentagon Lawsuit

Background

Legal Claims & Arguments

Notable Quotes

Notable Moment: Meta AI Eyewear Privacy Lawsuit

Timestamps for Key Segments

Memorable Quotes

Tone

Additional Resources