Summary7 min read

CyberWire Daily – "Not every headhunter is hiring."

Date: June 4, 2026
Host: Dave Bittner (N2K Networks)
Featured Guest: Jason Kikta, CTO at Automox

Episode Overview

Today’s episode centers on growing cybersecurity risks driven by adversarial use of generative AI, supply chain attacks, and the rapid, sometimes overwhelming pace of change in cyber threat landscapes. The feature interview with Jason Kikta explores the changing fundamentals in security operations due to AI-accelerated risk ("the speed problem"), while news updates span everything from the Five Eyes’ joint warning about Chinese espionage on LinkedIn, to cutting-edge malware targeting software developers, and law enforcement operations disrupting global cybercrime.

Key News Segments

Five Eyes Issue Joint Warning on China’s Intelligence Tactics

[02:15-04:18]

Summary: The intelligence alliance comprising the US, UK, Canada, Australia, and New Zealand issued a rare joint advisory warning of Chinese use of LinkedIn and other platforms to recruit insiders with access to sensitive government/military material.
Methods: Operatives use fake recruiter/consultant profiles and AI-enabled lures to entice targets, then press them for nonpublic information, sometimes offering payments disguised as research or consulting fees.
Risks: Individuals caught up risk criminal charges, job loss, and clearance revocation.
Significance: First public, all-member Five Eyes warning about these tactics, underscoring escalated concern about Chinese espionage.

Jenn Easterly on the US AI Executive Order

[04:19-05:43]

Summary: Jenn Easterly, former CISA Director, supports President Trump’s new executive order on AI, which lays groundwork for pre-release AI model reviews and centralizes AI cyber vulnerability management.
Quote:

“AI is rapidly transforming cybersecurity by enabling the discovery of previously unknown software vulnerabilities at unprecedented scale”
—Narrating Easterly’s analysis ([04:55])
Easterly’s View: While voluntary frameworks are welcome, only durable congressional standards will ensure advanced AI models are adequately tested and governed for security before widespread release.

Exploit and Malware Trends

Google Gemini ‘Fake Context Alignment’ Prompt Injection Flaw
[06:01-07:02]

Discovered by: SafeBreach.
Vector: Maliciously crafted notifications from apps like WhatsApp and Slack could trigger Gemini to act without user knowledge.
Impacts: Attackers could hijack home devices, poison AI memories, or send deceptive messages.
Resolution: Google patched the flaw with improved classifiers in November 2025.
Significance: Prompt injection attacks against AI assistants are a fast-rising concern.

Iron Worm: Rust-based Info-Stealer Targeting Developers
[07:03-08:37]

Discovered by: JFrog Security.
Method: Malware hidden in npm packages steals credentials, crypto wallet data, and modifies code repositories, creating self-propagating supply chain attacks.
Technical Features:
- Per-string encryption, Tor C2, EBPF rootkit for hiding activity (Linux).
- Mistakes left debugging artifacts and cleartext wallet recovery phrases, aiding defender analysis.

Cisco Patches Critical Vulnerability in Unified Communications Manager
[08:38-09:10]

Flaw: Server-side request forgery (SSRF) leading to root privileges via crafted HTTP request.
Status: Noted public proof-of-concept code, no active exploitation detected; only affects systems with non-default "Web dialer" enabled.

AI in Cyber Operations: Anthropic’s Framework Mapping

[09:12-10:45]

Anthropic Analysis:
- Mapped activity of over 800 banned “malicious” Claude users.
- AI is being leveraged across all MITRE ATT&CK tactics; highest risk in post-compromise lateral movement & credential dumping.
- Traditional measurement of sophistication is outdated:
  
  “The greatest risk comes from agentic systems that autonomously chain together attack stages.”
  —Summary of Anthropic’s findings ([10:26])
- Efforts are underway to update cyber defense frameworks for this new threat profile.

Law Enforcement and Disruption Stories

[10:46-12:00]

Joint French-Spanish operation shuts down a counterfeit documents marketplace in Europe.
"Disruption Week" sweeps up over 1.4 million scam-linked accounts in Southeast Asia, with tech sector coordination and major cryptocurrency seizures:

“The operation demonstrates the impact of collaboration between governments and the private sector in combating large scale online fraud.” ([11:48])

Industry Voices: Interview with Jason Kikta, CTO at Automox

Topic: AI Vulnerabilities, Real Risk, and the Speed Problem
[15:25-27:22]

Main Insights

1. The Orientation Problem: Identifying the Real Challenge

[15:57-17:02]

Organizations are struggling to determine whether their main issue is speed of patching, shifting from patching to mitigations, detection, or governance.
Quote:

“The speed of certain things changes the focus. But the overall fundamentals are still consistent. It’s just where you’re putting your effort.”
—Jason Kikta ([16:46])

2. Separating Reality from Hype

[17:03-18:00]

New models (like Mythos) catalyze risk but don’t invent new classes of vulnerabilities; real concern is the speed from vulnerability discovery to adversary exploitation, which is accelerating.
Quote:

“Mythos is the catalyst, it’s not the threat…The gap that really matters is between the bug being found and the posture being updated.”
—Jason Kikta ([17:24])

3. Governance for AI-enabled Threats: Frontier Pace Governance

[18:05-19:31]

Recommends shifting to "frontier pace governance" to match AI-accelerated risk.
Key Point: You must rebalance risk: sometimes accepting more operational risk (outages, adjustments) to close the gap on cyber exploitability.
“That 10x speed – that is not small. That is a very significant lift and change of how we’ve done business for decades.”
—Jason Kikta ([19:17])

4. “Machine Speed” – What It Really Means

[19:46-21:58]

“Machine speed” is about automating policy-driven actions—aligning what humans do well (judgment, experience) with what machines do well (scale, speed, repetition).
Don’t just connect an AI to your environment and let it drive; you must codify human reasoning into policy templates.
“It’s speed without breaking things...patching via policy, aligning your execution with that policy with no manual review.”
—Jason Kikta ([21:22])

5. Avoiding Paralysis by Focusing on Controllables

[22:02-23:53]

Don’t get stuck debating hypothetical attack acceleration—measure and control what you can (time to patch, time to remediate, configuration drift, governance friction).
“Focus on those things, measure them and then drive to improve those numbers...There is no permutation of reality where improving your time to patch or controlling configuration drift won’t help you in the future.”
—Jason Kikta ([22:38])

6. Traits of Organizations Successfully Managing the Transition

[24:08-27:22]

Risk-aware, not risk-averse: Willing to balance disruption risk vs. compromise risk.
High automation: Processes codified and tested for repeatability (“will it function the way you intend?”)
Ongoing tuning and validation:

“Nothing is sufficient if it’s not tuned right…Just implementing the thing out of the box is not at all gonna work for you. In no reality is it gonna work right out of the box. I wish it were so, I think we all do.”
—Jason Kikta ([26:20])
Continuous optimization: Regular check-ins/testing, vendor solution optimizations, ensure tools/processes stay aligned with evolving best practices.

Memorable Quotes

“Mythos is the catalyst, it’s not the threat... The gap that really matters is between the bug being found and the posture being updated.”
—Jason Kikta, [17:24]
“Moving at machine speed...is not about picking out every individual patch, it’s about patching via policy...It’s speed without breaking things.”
—Jason Kikta, [21:22]
“Nothing is sufficient if it’s not tuned right. Just implementing the thing out of the box is not at all gonna work for you. Our entire profession exists because it’s not just the setup — it’s the tuning and the maintenance.”
—Jason Kikta, [26:20]

Notable Closing Story

[28:40-end]

Ransomware Fail:
- Nova ransomware affiliate hits an Uzbek oil company—against “unwritten" rules of Russian-speaking gangs not targeting CIS countries.
- Result: Public apology, affiliate banned, promise of free recovery assistance. Example of how cybercriminals sometimes "defeat themselves."

Episode Structure & Timestamps

| Segment | Timestamp | |-----------------------------------------------------|---------------------| | Show introduction & headlines | 00:00 – 01:13 | | Five Eyes joint warning: China & LinkedIn | 02:15 – 04:18 | | Jenn Easterly on AI Executive Order | 04:19 – 05:43 | | AI/infostealer/Cisco/Anthropic news | 06:01 – 10:45 | | Crime suppression/joint law enforcement operations | 10:46 – 12:00 | | Jason Kikta interview (feature) | 15:25 – 27:22 | | Ransomware affiliate “banned” story | 28:40 – end |

Summary and Takeaways

The cyber landscape is being rapidly reshaped by AI, making detection, response, and governance more urgent and challenging.
Top advice: Focus relentlessly on actionable security fundamentals, especially in time-to-response metrics. Automate and test at every opportunity, but never “set and forget.”
Success correlates with disciplined risk management, high automation, and a culture of relentless improvement—not with buying the latest AI security tool.
In the threat world, both attacker and defender mistakes are multiplying—sometimes with surprising results.

For those managing security in a time of AI, this episode offers practical, first-principles wisdom amid accelerating hype and confusion.

Loading summary

Transcript34 lines

[00:02]
A
You're listening to the Cyberwire Network powered by N2K. Do you know how the space and cybersecurity domains connect? T minus Space Cyber Briefing is your guide through the space based systems that expand the attack surface. I'm Maria Varmazis host here at N2K CyberWire and I'm excited to share that T Minus is back now as a weekly podcast, the T Minus Space Cyber Briefing. We have a new dedicated focus on two great things that are even better together. Space and cybersecurity. Because whether we realize it or not, we all depend on space based systems that are, by the way, increasingly Internet enabled. We're talking cybersecurity technologies, policies and organizations that are securing the critical space based infrastructure that powers, protects and connects our lives here on Earth.
[00:59]
B
Earth.
[01:00]
A
So join me for T Minus Space Cyber Briefing. New episodes every Sunday.
[01:14]
C
Maybe that's an urgent message from your CEO. Or maybe it's a deep fake trying to target your business. Doppel is the AI native social engineering defense platform fighting back against impersonation and manipulation. As attackers use AI to make their tactics more sophisticated. Doppel uses it to fight back from automatically dismantling cross channel attacks to building team resilience and more. Doppel outpacing what's next in social engineering? Learn more@doppel.com that's D O P E L dot com. The Five Eyes issue a rare joint Warning on China Jenny Sterling weighs in on Trump's AIEO Researchers warn everyday notifications can become AI attack vectors. Iron Worm is a sophisticated rust based info stealer targeting software developers Cisco patches a critical vulnerability in its Unified Communications Manager platform. Anthropic maps AI enabled cyber activity to the mitre, ATT and CK framework. Authorities dismantle an online counterfeit identity marketplace. Our guest is Jason Kichta, CTO from Automox, discussing AI vulnerabilities, real risk and the speed problem and an extortion crew is forced to open a customer support ticket. Foreign June 4, 2026 I'm Dave Bittner and this is your Cyberwire Intel Briefing. Thanks for joining us here today. It's great as always to have you with us. The United States and its five Eyes intelligence partners, including the United Kingdom, Canada, Australia and New Zealand, have issued a rare joint warning that China is using LinkedIn and other professional networking platforms to recruit individuals with access to sensitive government and military information, officials say. Chinese intelligence services increasingly rely on fake profiles, fraudulent job postings and potentially AI enabled tactics to target military personnel, intelligence officers and security professionals, according to the advisory operatives often pose as recruiters, consultants or think tank employees to attract candidates who may have access to classified information. Individuals who engage with these offers can face growing pressure to provide non public information, often in exchange for payment disguised as compensation for research or consulting work. The warning marks the first time all five EYES members have jointly addressed this threat publicly. Officials say those caught in such schemes have faced criminal investigations, job loss and revoked security clearances. The alert comes amid ongoing concerns about Chinese espionage activities targeting Western governments and institutions. In a New York Times opinion piece, former CISA director and current RSAC CEO Jenn Easterly argues that President Trump's new Executive order on Artificial intelligence is an important first step toward addressing the growing national security risks posed by advanced AI systems. The order creates a voluntary framework that gives the government early access to review powerful AI models before public release and establishes a federal clearinghouse to coordinate cybersecurity vulnerability, discovery and remediation. Easterly contends that AI is rapidly transforming cybersecurity by enabling the discovery of previously unknown software vulnerabilities at unprecedented scale. While these capabilities could help defenders improve software security, they could also provide adversaries with powerful offensive tools if released without safeguards. She points to recent decisions by leading AI companies to limit access to advanced cyber focused models as evidence that the risks are being taken seriously. While supporting the executive order, Easterly argues that voluntary measures are insufficient and calls on Congress to establish durable requirements for testing security and deployment controls on the most advanced AI systems. CISA Acting Director Nick Anderson said Wednesday that the agency expects to issue guidance by the end of the week outlining the steps federal agencies must take to implement the president's artificial intelligence executive order. Researchers at Safe Breach disclosed a now patched vulnerability in Google's Gemini voice assistant that could have allowed attackers to manipulate the AI through malicious instructions and hidden in messaging notifications from apps like WhatsApp, Slack and SMS. The attack, dubbed Fake context Alignment, used indirect prompt injection techniques that Gemini could process without the user's awareness. Researchers demonstrated potential impacts, including controlling smart home devices, launching zoom calls, sending deceptive messages and poisoning the assistant's long term memory. Google patched the flaw in November of last year with improved content classifiers, Safebreach says The research highlights the growing risk of prompt injection attacks as AI assistants become more deeply integrated into everyday devices and services. Researchers at JFrog Security report a malicious NPM package uncovered Iron Worm, a sophisticated rust based infostealer that targets software developers, particularly those in crypto and web3 ecosystems. The malware spreads through compromised NPM packages that execute a hidden binary during installation, then steals credentials, cloud tokens, AI API keys, cryptocurrency wallet data and GitHub access using stolen credentials. It modifies repositories, inserts malicious code into software packages and republishes infected versions to npm, creating a self propagating supply chain attack. The malware includes advanced features such as per string encryption, Tor based command and control, and an EBPF rootkit that hides processes and network activity on Linux systems. Researchers link the campaign to compromised GitHub accounts across multiple organizations and identified dozens of backdated malicious commits designed to appear legitimate despite its sophistication. Operational mistakes including embedded debugging artifacts and the hard coded cryptocurrency wallet recovery phrase provided valuable insight into the malware's capabilities and operator Cisco has patched a critical vulnerability in its Unified Communications Manager platform that could allow remote attackers to gain root privileges. The flaw stems from a server side request forgery vulnerability that can be exploited through crafted HTTP requests, enabling attackers to write files to the underlying operating system and potentially escalate privileges. Cisco is aware of public proof of concept exploit code but has not observed active exploitation. The issue only affects systems with the Web dialer service enabled, which is disabled by default. Administrators are urged to apply the latest security updates or disable Web dialer until patching can be completed. Anthropic has published a new analysis mapping AI enabled cyber activity to the MITRE, ATT and CK framework based on 832 malicious accounts banned from Claude between March 2025 and March of this year. The study found attackers used AI across all 14 attack tactics and 482 techniques, with medium and high risk actors increasing from 33% to 56% over the year. Most threat actors used AI for malware development, defense evasion and data collection, but the highest risk actors leveraged AI for post compromise activities such as credential dumping, lateral movement and web shell deployment. Researchers argue that traditional measures of attacker sophistication are becoming less useful as AI lowers technical barriers. Instead, the greatest risk comes from agentic systems that autonomously chain together attack stages. Anthropic says existing threat frameworks do not adequately capture these AI driven behaviors and is working with industry partners to develop new methods for tracking and defending against increasingly autonomous cyber operations. French and Spanish authorities have dismantled an online marketplace that allegedly supplied counterfeit identity documents to migrant smuggling networks across Europe. The operation led to the arrest of a suspect in Alicante, Spain and the seizure of equipment used to produce fake documents along with roughly 800 forged European identity cards and permits. Investigators say the platform sold both physical and digital fraudulent documents that helped migrants evade border controls and obtain residence rights. Europol noted that document fraud remains a key enabler of migrant smuggling and other criminal activities supporting illicit networks operating throughout the European Union and the Schengen area. Elsewhere, a coordinated operation involving law enforcement agencies and major technology companies disrupted more than 1.4 million accounts and infrastructure linked to scam networks operating across Southeast Asia. The effort, known as Disruption Week, targeted fraud compounds in Cambodia, Laos and Burma that allegedly used trafficked workers to conduct online scams. Authorities arrested 63 individuals, dismantled servers and network infrastructure, disrupted social media, Microsoft and Starlink accounts, and froze more than $3.8 million in cryptocurrency tied to criminal operations. Officials said the operation demonstrates the impact of collaboration between governments and the private sector in combating large scale online Frau. Coming up after the break, my conversation with Jason Kikta, CTO from Automox. We're discussing AI vulnerabilities, real risk and the speed problem, and an extortion crew is forced to open a customer support ticket. Stay with us. What's the one thing in business that's spreading as fast as AI? AI risk. Every new tool your team signs up for. Every vendor that turns on AI features, every new integration, each one creates another opportunity for something to go wrong. And most security programs just weren't built for AI's pace of growth. Enter Vanta. Vanta is the number one agentic trust platform used by more than 16,000 fast moving companies like Ramp, Cursor and Harvey to help ensure they're always audit ready. And now Vanta is helping companies watch for the risks that show up between audits across vendors, AI tools and their entire environment. The Vanta agent works like a 24.7grc engineer in the background finding issues, drafting fixes and cutting vendor assessment time by up to 50%. Whether you're a fast growing startup or a global enterprise, Vanta is here to help you automate your security and compliance and earn and prove trust. Get started today@vanta.com cyber that's V A N T A dot com cyber.
[14:50]
D
This Father's Day do more with dad and spend less with low prices guaranteed at the Home Depot. Get him fired up with a new grill and accessories like the next Grill 5 burner for just $299 so you can spend more time together while he becomes the grill master he was always meant to be. Or build memories with savings on top brand power tools. So you can tackle projects side by side, gift more and do more together this Father's Day with help from the Home Depot. Exclusions apply. Seehomedeaper.com Pricematch for details.
[15:25]
C
Jason Kikta is CTO at Automox. And in today's sponsored Industry Voices segment, we discuss AI vulnerabilities, real risk, and the speed problem. Well, how do you assess this moment that we find ourselves in right now? This, you know, we've got AI coming at us, it seems like from every direction. And my sense is that a lot of folks are just trying to keep their head above water. What are the people that you're talking to, what are they saying that their main challenges are these days?
[15:57]
E
I think the biggest thing on their minds at the moment that's really been a consistent theme, Dave, is they have challenges orienting on the problem. And what I mean by that is, you know, they're trying to decide, is this a patching speed problem, is this a shift from patching to mitigations, is this a detection issue, is this a governance issue? And the answer is a little bit of all of the above. You know, it's, it's the same thing. When I talk to people about, you know, positive uses of AI, about how it changes maybe the software development life cycle, my point is always that it's, it's not a new cycle, it's just rebalancing of what's existing. And in much the same way, from a security perspective, the speed of certain things changes the focus. But the, you know, overall fundamentals are still consistent. It's just where you're putting your effort in your balance.
[17:03]
C
Well, you mentioned overall fundamentals. And to what degree do you find people being able to successfully separate the reality from all of this hype?
[17:17]
E
That, that's the one that comes up a lot as well, is, you know, and my point to them is Mythos. No Mythos. The, the trend is directionally true and it doesn't much matter whether it's, you know, chat GPT 5.5 with a really good harness or some self trained model or, you know, somebody somehow gets access to Mythos ahead of time. You know, Mythos is the catalyst, it's not the threat. Right. And so these models are accelerating discovery. They're not inventing new classes of exploitation. But, but the gap that really matters is between the bug being found and the posture being updated. That's what's gotten a lot faster. And that's the thing we need to focus on.
[18:01]
C
So what are you recommending? How, how Are you suggesting that people come at this?
[18:06]
E
You know, I am a first principles kind of person and so I always go back to we need to think about, you know, these frontier models and how they change the way that we balance risk. So for me it's, it starts with frontier pace governance. That's the response. You know, it's, it's not a tool, it's a mindset shift, right? You want to align the governance of your processes with the execution around this rebalanced risk appetite, right? You, you're going to take a little more risk in some areas to potential outages the business, to adjusting your network's posture than you would have in the past. And that's because you know that risk of disruption is far cheaper than the risk of exploitation. So that's where you need to get focus on how quickly can you identify mitigations, develop your own implementation of it and apply it. How quickly does the patch come out? How quickly can you apply that patch? The thing that I'm hearing from some of my peers is that their mindset is we need to be prepared for 10x the patching. Well, that's a tall order, right? And that's an estimation. But you know, that 10x speed, that is not small. That is a very significant lift and change of how we've done business for decades.
[19:32]
C
Well, you hear folks talking about having to operate at machine speed, and I'm putting air quotes around that again, you know, trying to separate the hype from reality. To what degree is that the reality today?
[19:46]
F
I think it's the reality to a degree. You know, I, I teach a class down at a grad school class at Johns Hopkins sais and I always like to tell my students, you have to separate what computers are good at from what humans are good at and make sure that your solution always aligns to our respective strengths and not our weaknesses.
[20:10]
E
Right.
[20:10]
F
So humans are good at experience, judgment, intuition.
[20:15]
C
Right?
[20:16]
F
Computers are good at scale, speed, repetition, things that, that humans just are naturally poor at. So when you think about moving at machine speed, it's about the human applying that experience and judgment ahead of time and giving the machine, the software, the whatever, the guidance and tools it can apply at machine speed to respond to an emerging situation. Right. So it's not about picking out every individual patch, it's about patching via policy and, you know, aligning your execution with that policy with no manual review. Right. It's speed without breaking things. And so, you know, as an example, at Automox we've put a lot of work into our blueprint questionnaires and our turnkey process to give people this, you know, get those definitive answers and that judgment and experience applied against, you know, notional questions and targeted questions about how they want their network to perform. Like, you know, explain this categorically rather than in the specific. And then taking that and being able to turn that into an automated process that'll just run again and again and again without fail, without ever slowing down or getting tired. And that's how you do the shift. That's how you do it in a way that's reasonable and not taking some AI model, hooking it up to all your systems and saying, claude, take the wheel. That is a way to do it.
[21:58]
E
Machine speed.
[21:58]
F
But I'm pretty sure even anthropic would say please don't do that.
[22:02]
E
That.
[22:03]
C
Right, right. Do you find that there are folks out there who find themselves kind of, you know, paralyzed by, by indecision. They're, this is such a big shift that they're afraid they're going to make the wrong choice.
[22:16]
E
I, I do, I do. And you know, what I tell them is like don't, don't spend time debating about whether AI is going to accelerate attackers. Don't debate about, well, is this attack going to get faster that you know, focus on what you can control and what you can measure rather than a lot of unknowns. Right. So what's your time to patch? What's your time to remediate? How are you controlling your configuration drift? Where's your governance friction? Right. Can you measure your governance friction? Those are the numbers that are going to decide whether you effectively reduce your exposure or just talk about it. So focus on those things, measure them and then drive to improve those numbers and they're going to help you out really, no matter how this unfolds. Like there is no permutation of reality where improving your time to patch or controlling configuration drift won't help you in the future. It even helps with it. Like that's the thing is that, you know, if you have patched and up to date machines and they're all configured the same way. Well, you know, golly, that's really, really helpful when you're on an IT help desk, right? It's helpful if you're on an IT help desk and you're trying to troubleshoot something. It's really helpful when you're on the security team and you're trying to search for anomalies in the network, you know, looking for the malicious, you know, looking for the thing that doesn't fit is really hard when you know things are in an inconsistent state. Right. So those fundamentals, that's what's going to drive you forward.
[23:53]
C
Yeah. Are there common elements that you find among the people who are seeing success here, the people who are making this transition with the least amount of drama and chaos possible?
[24:09]
F
They all have a few things in
[24:10]
E
common, and I think one of the biggest is they have a risk aware, not risk, adverse mindset risk. So they are aware of the risks. They are aware that making any change
[24:22]
F
to a functioning network is always a
[24:25]
E
little bit fraught and has the potential to cause an inadvertent outage or degradation of services. But there's also that risk of getting compromised, having significant business impact, loss of reputation, so on. So you want to be aware and balance those two rather than try to avoid one risk or the other. Another characteristic is, you know, a heavy degree of automation. And again, I go back to moving at machine speed, whether it's through automated systems, autonomous systems that are using agentic AI. It all really boils down to the same thing of I'm going to apply, you know, my human thought process to a template and then tell the machine what to do.
[25:21]
F
Right.
[25:21]
E
And so can you automate those responses? You know, is that captured, Will it function the way you intend? Have you tested it? Right. And that's the thing is, you know, it's like I do with my security team is, you know, they'll show me some new detection that they've written up or some, you know, new tool that we've implemented. And I'll say, that's neat. Like, let's throw malware in front of it and let's, let's see what it does, you know, like, like throw in the thing that you're expecting it to catch and make sure it really catches it. Right? And then throw in some things that are maybe benign but similar and see if you accidentally catch those too. And, you know, because, you know, well, I mean, that brings me to the third point, which is nothing is sufficient if it's not tuned right. I don't care if it's IT software, I don't care if it's security software. You know, just implementing the thing out of the box is not at all, that's not at all gonna. Gonna work for you. And just no reality is it gonna work right out of the box. I wish it were so. I think we all do. But, you know, our entire profession exists because, you know, it's not just the setup, it's the tuning and the maintenance. And you know, there's another thing is that, you know, did you just set it up initially and move on? Or is it, you know, do you have a plan to go back and check on it every once in a while? Have you done something like a solutions optimization call with your vendor to sit down and go through and make sure that it's running the way that it ought to be? Is it aligned to best practices? Was it aligned to best practices when you, you know, brought the thing in three years ago and it's no longer aligned to best practices today? Right? Those are the critical questions that you need ask yourself. Because, you know, it's, it's that sort of fundamental. There are those fundamental discipline things, those first principles that really carry you through and it makes the path very, very clear. And those are the folks I see with the most success right now.
[27:23]
C
That's Jason Kikta from Automobile.
[27:37]
B
So good, so good, so good.
[27:39]
G
Everything you want for summer is at Nordstrom Rack stores now and up to 60% off. Stock up and save on the brands you love like Vince Sam, Edelman Frame and Free people. Join the Nordic Club to unlock exclusive discounts. Shop new arrivals first and more. Plus buy online and pick up at your favorite Rack store for free. Great brands, great prices. That's why you wreck
[28:04]
B
Study and play Come together on a Windows 11 PC and for a limited time, college students get the best of both worlds. Get the unreal college deal everything you need to study and play with select Windows 11 PCs. Eligible students get a year of Microsoft 365 Premium and a year of Xbox game. Pass ultimate with a custom color Xbox wireless controller. Learn more@windows.com studentoffer while supplies last ends June 30, terms at aka Ms. College PC.
[28:40]
C
And finally, a ransomware affiliate recently learned one of cybercrime's unwritten rules the hard way. Don't target organizations in the Commonwealth of Independent States after an affiliate tied to the Ra Lord linked Nova ransomware operation reportedly compromised the Ariel Group, an oil field services company headquartered in Uzbekistan. The victim contacted the gang to point out the mistake. Nova responded with an unusual public apology, banned the affiliate and promised free recovery assistant and pledge not to leak any stolen data. The incident highlights a long standing reality of the ransomware ecosystem, where many Russian speaking groups avoid targeting organizations in Russia and neighboring CIS countries. Threat researchers say local authorities often tolerate financially motivated cybercrime provided domestic organizations are left alone. The episode also serves as a reminder that cybercriminals are not always criminal masterminds. Recent blunders have included hackers falling into honeypots, ransomware developers hard coding encryption keys into malware, and coding mistakes that rendered victims files unrecoverable even after paying. Sometimes the villains defeat themselves, saving defenders the trouble. And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberpunk wire@n2k.com N2K's lead producer is Liz Stokes. We're mixed by Trey Hester with original music and sound design by Elliot Peltzman. Our contributing host is Maria Vermazes. Our executive producer is Jennifer Ibin. Peter Kilby is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. Sam.