Transcript
A (0:02)
You're listening to the cyberwire network. Powered by n2k. This episode is brought to you by Indeed. Stop waiting around for the perfect candidate. Instead, use Indeed sponsored Jobs to find the right people with the right skills fast. It's a simple way to make sure your listing is the first candidate. C According to Indeed data, Sponsored jobs have four times more applicants than non sponsored jobs. So go build your dream team today with Indeed. Get a $75 sponsor job credit@ Indeed.com podcast. Terms and conditions apply.
B (0:46)
The Five Eyes Flag Active exploitation of Cisco SD WAN flaws Ransomware incidents surge, but fewer victims are paying the FTC eases its stance on COPPA to encourage age verification. Authorities in Poland and Germany charge 11 in a credential harvesting scheme. Top UK news outlets unite on AI licensing standards as the UK touts gains in cyber resilience. Researchers say a hacker abused Anthropic's Claude to breach Mexican government networks. Gamers revolt over AI and game development on our Industry Voices segment, our guests Linda Gray Martin and Britta Glade from RSAC have a preview of this year's RSAC conference in Moscow. A man is accused of impersonating an FSB officer to shit down the Conte ransomware gang. And Professor Falcon was right. It's Thursday, February 26, 2026. I'm Dave Bittner and this is your Cyberwire Intel Brief. Foreign. Thanks for joining us here today. It's great as always to have you with us. Intelligence agencies from the Five Eyes alliance are warning that advanced threat actors are actively exploiting vulnerabilities in Cisco Catalyst software defined Wide Area Network or SD WAN systems. The alert focuses on a pair of vulnerabilities which attackers tracked as UAT8616 and they're using to bypass authentication, execute arbitrary commands and escalate privileges to root on SD WAN controllers. According to Cisco Talos. The group has introduced rogue peers into the network management plane, downgraded software to enable further exploitation, and then restored devices to their original versions to reduce detection. The Australian Signals Directorate, Australian Cybersecurity Centre, says activity dates back to at least 2020 and targets critical infrastructure and government networks. CISA and allied agencies are urging organizations to immediately investigate potential compromise and apply Cisco's mitigation guidance to reduce the risk of long term persistence. Ransomware attacks are rising sharply, but fewer victims are paying Chainalysis reports that claimed incidents increased 50% in 2025 or while payment rates fell to a record low of 28%. The firm tracked about $820 million in ransomware payments last year, a figure expected to climb as more cases are attributed despite fewer payouts. Overall, the median payment jumped to nearly $60,000, suggesting gangs are targeting larger organizations. Researchers credit stronger incident response, regulatory pressure and law enforcement disruptions for the decline in payments. At the same time, ransomware groups have splintered into smaller operations and expanded ransomware as a service models. Initial access brokers remain active with $14 million in tracked payments, while access prices have dropped amid an oversupply of stolen credentials. Chainalysis says the ecosystem is adapting, not retreating. The Federal Trade Commission has signaled a softer stance on enforcing parts of the Children's Online Privacy Protection act, or coppa, in an effort to encourage stronger online age verification. While no law has changed, the FTC said it will not prioritize enforcement against companies that collect limited data strictly for age verification, provided it's not retained unnecessarily, shared improperly or used beyond that purpose. COPPA, enacted in 1998, restricts data collection from children under 13 without parental consent and has historically discouraged robust age checks, leading many sites to rely on simple self reported birth dates. Following a recent age verification workshop, FTC officials indicated a possible future rule update. For now, the agency's policy statement creates more flexibility for companies to deploy age gating technologies without triggering immediate regulatory action. A two year investigation spanning Poland and Germany has led to charges against 11 people accused of running a large scale credential harvesting operation that collected more than 100,000 stolen login details. Authorities said the group operated between May 2022 and May 2024 using fake news websites and fraudulent Facebook login pages to trick victims into entering usernames and passwords. Investigators allege the suspects formed an organized criminal group responsible for more than 400 offenses, including unlawful account takeovers, Internet fraud and money laundering. Stolen credentials were reportedly used in further crimes, including fraud involving Poland's Blick payment system. Six suspects are in pretrial detention and assets have been seized. Authorities are urging potential victims to check whether their data was compromised and to change affected passwords. Five major UK news organizations the Financial Times, the Guardian, the Telegraph, BBC and Sky News have formed a coalition called Standards for Publisher Usage Rights, or spur, to develop shared artificial intelligence licensing standards. The move follows concerns that AI companies have scraped journalism without permission or payment, undermining publishers business models and weakening transparency around how AI generated answers are created. SPUR aims to create technical standards and licensing frameworks that allow AI developers to access news content in legitimate rights cleared ways while ensuring publishers retain control and receive fair value. The group will not set prices, but will explore potential models such as Pay per Crawl or Pay per Inference. The coalition hopes to attract global members and influence emerging AI content marketplaces while allowing publishers to continue negotiating individual licensing deals. Staying on the other side of the pond, UK public services, including the NHS and Legal Aid Agency are becoming more resilient following major government upgrades to cyber vulnerability monitoring. A new vulnerability monitoring service launched under the January 2025 blueprint for modern Digital Government has cut the average time to fix DNS weaknesses from nearly 50 days to just 8 days. DNS flaws can allow attackers to redirect users to fake websites, steal sensitive data or disrupt essential services. The Service continuously scans 6,000 public sector bodies, detects about 1,000 vulnerability types and helps resolve roughly 400 confirmed issues each month. The government has also reduced its backlog of critical DNS vulnerabilities by 75%. Alongside this, officials announced a new Cyber Profession program to recruit and train specialists to strengthen long term public sector cyber resilience, researchers say. A hacker abused Anthropic's Claude chatbot to help breach multiple Mexican government agencies and steal 150 gigabytes of sensitive data, according to Gambit Security. The attacker used Spanish language prompts to jailbreak Claude, directing it to find vulnerabilities, write exploit scripts and automate data theft, researchers say. The stolen data included records tied to 195 million taxpayers, as well as voter data, employee credentials and civil registry files. The activity reportedly ran for about a month starting in December and exploited at least 20 vulnerabilities. Anthropic said it investigated, banned the accounts and updated safeguards. OpenAI said its tools refused similar requests and also banned related accounts. Several Mexican agencies denied evidence of breaches. Gambit says the incident highlights how AI tools can accelerate and scale cyber attacks. A growing backlash against artificial intelligence in video games has turned sensational, according to Embark Studios CEO Patrick Soderland after his hit game Arc Raiders faced criticism for using autogenerated voices. Despite selling 12 million copies in three months and topping Steam's paid charts, the game drew online backlash from players hostile to AI in creative roles. The $200 billion industry is divided over AI's role. Some see it as a way to cut rising development costs, while others fear job losses and declining quality. Surveys show nearly half of developers expect generative AI to reduce game quality, and 85% of gamers in one poll express negative views. While some studios adopt AI first strategies, others publicly reject its use in core creative areas, reflecting deep tension over the technology's future in gaming. A Moscow resident has been accused of attempting to extort the Conti ransomware group by posing as an officer of Russia's Federal Security Service, or fsb. According to Russian outlet rbc, Ruslan Satuchin allegedly demanded payment in exchange for shielding Conti members from prosecution. He denies wrongdoing and is in pretrial detention. If convicted, he faces up to 10 years in prison. Conti wants a major ransomware operation disbanded in 2022 after internal leaks, but former members reported resurfaced in other cybercriminal groups. Coming up after the break, Linda Gray Martin and Britta Glade from RSAC have a preview of this year's conference, and Professor Falcon was right. Stay with us. No, it's not your imagination. Risk and regulation really are ramping up and customers expect proof of security before they'll sign that deal. That's where Vanta comes in. Vanta automates your compliance process and brings compliance, risk and customer trust together on one AI powered platform. Whether you're preparing for SoC2 or managing an enterprise governance risk and compliance program, Banta helps keep you secure and keeps your deals moving. Companies like Ramp and RYTR spend 82% less time on audits with Vanta. That's not just faster compliance, that's more time for growth. Take it from me, if you're thinking about compliance, take the time to check out Vanta. Get started@vanta.com cyber foreign.