A

You're listening to the cyberwire network. Powered by n2k. This episode is brought to you by Indeed. Stop waiting around for the perfect candidate. Instead, use Indeed sponsored Jobs to find the right people with the right skills fast. It's a simple way to make sure your listing is the first candidate. C According to Indeed data, Sponsored jobs have four times more applicants than non sponsored jobs. So go build your dream team today with Indeed. Get a $75 sponsor job credit@ Indeed.com podcast. Terms and conditions apply.

B

The Five Eyes Flag Active exploitation of Cisco SD WAN flaws Ransomware incidents surge, but fewer victims are paying the FTC eases its stance on COPPA to encourage age verification. Authorities in Poland and Germany charge 11 in a credential harvesting scheme. Top UK news outlets unite on AI licensing standards as the UK touts gains in cyber resilience. Researchers say a hacker abused Anthropic's Claude to breach Mexican government networks. Gamers revolt over AI and game development on our Industry Voices segment, our guests Linda Gray Martin and Britta Glade from RSAC have a preview of this year's RSAC conference in Moscow. A man is accused of impersonating an FSB officer to shit down the Conte ransomware gang. And Professor Falcon was right. It's Thursday, February 26, 2026. I'm Dave Bittner and this is your Cyberwire Intel Brief. Foreign. Thanks for joining us here today. It's great as always to have you with us. Intelligence agencies from the Five Eyes alliance are warning that advanced threat actors are actively exploiting vulnerabilities in Cisco Catalyst software defined Wide Area Network or SD WAN systems. The alert focuses on a pair of vulnerabilities which attackers tracked as UAT8616 and they're using to bypass authentication, execute arbitrary commands and escalate privileges to root on SD WAN controllers. According to Cisco Talos. The group has introduced rogue peers into the network management plane, downgraded software to enable further exploitation, and then restored devices to their original versions to reduce detection. The Australian Signals Directorate, Australian Cybersecurity Centre, says activity dates back to at least 2020 and targets critical infrastructure and government networks. CISA and allied agencies are urging organizations to immediately investigate potential compromise and apply Cisco's mitigation guidance to reduce the risk of long term persistence. Ransomware attacks are rising sharply, but fewer victims are paying Chainalysis reports that claimed incidents increased 50% in 2025 or while payment rates fell to a record low of 28%. The firm tracked about $820 million in ransomware payments last year, a figure expected to climb as more cases are attributed despite fewer payouts. Overall, the median payment jumped to nearly $60,000, suggesting gangs are targeting larger organizations. Researchers credit stronger incident response, regulatory pressure and law enforcement disruptions for the decline in payments. At the same time, ransomware groups have splintered into smaller operations and expanded ransomware as a service models. Initial access brokers remain active with $14 million in tracked payments, while access prices have dropped amid an oversupply of stolen credentials. Chainalysis says the ecosystem is adapting, not retreating. The Federal Trade Commission has signaled a softer stance on enforcing parts of the Children's Online Privacy Protection act, or coppa, in an effort to encourage stronger online age verification. While no law has changed, the FTC said it will not prioritize enforcement against companies that collect limited data strictly for age verification, provided it's not retained unnecessarily, shared improperly or used beyond that purpose. COPPA, enacted in 1998, restricts data collection from children under 13 without parental consent and has historically discouraged robust age checks, leading many sites to rely on simple self reported birth dates. Following a recent age verification workshop, FTC officials indicated a possible future rule update. For now, the agency's policy statement creates more flexibility for companies to deploy age gating technologies without triggering immediate regulatory action. A two year investigation spanning Poland and Germany has led to charges against 11 people accused of running a large scale credential harvesting operation that collected more than 100,000 stolen login details. Authorities said the group operated between May 2022 and May 2024 using fake news websites and fraudulent Facebook login pages to trick victims into entering usernames and passwords. Investigators allege the suspects formed an organized criminal group responsible for more than 400 offenses, including unlawful account takeovers, Internet fraud and money laundering. Stolen credentials were reportedly used in further crimes, including fraud involving Poland's Blick payment system. Six suspects are in pretrial detention and assets have been seized. Authorities are urging potential victims to check whether their data was compromised and to change affected passwords. Five major UK news organizations the Financial Times, the Guardian, the Telegraph, BBC and Sky News have formed a coalition called Standards for Publisher Usage Rights, or spur, to develop shared artificial intelligence licensing standards. The move follows concerns that AI companies have scraped journalism without permission or payment, undermining publishers business models and weakening transparency around how AI generated answers are created. SPUR aims to create technical standards and licensing frameworks that allow AI developers to access news content in legitimate rights cleared ways while ensuring publishers retain control and receive fair value. The group will not set prices, but will explore potential models such as Pay per Crawl or Pay per Inference. The coalition hopes to attract global members and influence emerging AI content marketplaces while allowing publishers to continue negotiating individual licensing deals. Staying on the other side of the pond, UK public services, including the NHS and Legal Aid Agency are becoming more resilient following major government upgrades to cyber vulnerability monitoring. A new vulnerability monitoring service launched under the January 2025 blueprint for modern Digital Government has cut the average time to fix DNS weaknesses from nearly 50 days to just 8 days. DNS flaws can allow attackers to redirect users to fake websites, steal sensitive data or disrupt essential services. The Service continuously scans 6,000 public sector bodies, detects about 1,000 vulnerability types and helps resolve roughly 400 confirmed issues each month. The government has also reduced its backlog of critical DNS vulnerabilities by 75%. Alongside this, officials announced a new Cyber Profession program to recruit and train specialists to strengthen long term public sector cyber resilience, researchers say. A hacker abused Anthropic's Claude chatbot to help breach multiple Mexican government agencies and steal 150 gigabytes of sensitive data, according to Gambit Security. The attacker used Spanish language prompts to jailbreak Claude, directing it to find vulnerabilities, write exploit scripts and automate data theft, researchers say. The stolen data included records tied to 195 million taxpayers, as well as voter data, employee credentials and civil registry files. The activity reportedly ran for about a month starting in December and exploited at least 20 vulnerabilities. Anthropic said it investigated, banned the accounts and updated safeguards. OpenAI said its tools refused similar requests and also banned related accounts. Several Mexican agencies denied evidence of breaches. Gambit says the incident highlights how AI tools can accelerate and scale cyber attacks. A growing backlash against artificial intelligence in video games has turned sensational, according to Embark Studios CEO Patrick Soderland after his hit game Arc Raiders faced criticism for using autogenerated voices. Despite selling 12 million copies in three months and topping Steam's paid charts, the game drew online backlash from players hostile to AI in creative roles. The $200 billion industry is divided over AI's role. Some see it as a way to cut rising development costs, while others fear job losses and declining quality. Surveys show nearly half of developers expect generative AI to reduce game quality, and 85% of gamers in one poll express negative views. While some studios adopt AI first strategies, others publicly reject its use in core creative areas, reflecting deep tension over the technology's future in gaming. A Moscow resident has been accused of attempting to extort the Conti ransomware group by posing as an officer of Russia's Federal Security Service, or fsb. According to Russian outlet rbc, Ruslan Satuchin allegedly demanded payment in exchange for shielding Conti members from prosecution. He denies wrongdoing and is in pretrial detention. If convicted, he faces up to 10 years in prison. Conti wants a major ransomware operation disbanded in 2022 after internal leaks, but former members reported resurfaced in other cybercriminal groups. Coming up after the break, Linda Gray Martin and Britta Glade from RSAC have a preview of this year's conference, and Professor Falcon was right. Stay with us. No, it's not your imagination. Risk and regulation really are ramping up and customers expect proof of security before they'll sign that deal. That's where Vanta comes in. Vanta automates your compliance process and brings compliance, risk and customer trust together on one AI powered platform. Whether you're preparing for SoC2 or managing an enterprise governance risk and compliance program, Banta helps keep you secure and keeps your deals moving. Companies like Ramp and RYTR spend 82% less time on audits with Vanta. That's not just faster compliance, that's more time for growth. Take it from me, if you're thinking about compliance, take the time to check out Vanta. Get started@vanta.com cyber foreign.

C

This episode is brought to you by State Farm. Listening to this podcast Smart move Being financially savvy Smart Move. Another smart move having State Farm help you create a competitive price when you choose to bundle home and auto bundling. Just another way to save with a personal price plan. Like a good neighbor, State Farm is there. Prices are based on rating plans that vary by state. Coverage options are selected by the customer. Availability, amount of discounts and savings and eligibility vary by state.

B

Here at N2K CyberWire, we are proud to be media sponsors with the RSAC conference and in today's Industry Voices segment, we're speaking with Linda Gray Martin, Chief of Staff and Senior Vice President, and Britta Glade, Senior Vice President of Content and Communities at rsac. We've got a preview of what to expect from this year's RSAC 2026 conference. Well ladies, it is always a treat every year to welcome you back to the show to get this exclusive preview of the upcoming RSAC conference. And this year is no different. I know you'll have a lot of things planned, but let's start with the big picture here. What is this Year's overarching theme.

D

Yes. Well, I can jump into this one if that's okay with you. So similar, similar theme to previous years. This year it is the power of community. And you know, community is at the heart of everything we do, so it's always relevant. But this year's theme really focuses on people and how by uniting as a community, we can really affect change. And, you know, ideas become breakthroughs when they're shared. Challenges become opportunities when they're tackled together. And that's the ethos of our theme this year. We have each year a quote that we include in the write up of our theme. I'm particularly fond of this year's one and I think it's so true, whatever walk of life you're in, it's an African proverb. If you want to go quickly, go alone. If you want to go far, go together. That just really resonates with me personally and with our team and I think it will resonate with our community too.

B

Britta, anything to add?

E

Linda captured it so well. The other thing, in my capacity of looking after all of the content that happens at conference, both what appears in the public tracks as well as the meetings that we facilitate in a closed door capacity for certain communities and such. I love when I look back across that, we have over 700 speakers. Dave. So you think you know this community that's made up of individuals, but then you look at that, that body of the whole with people coming from 35 countries. You know, how exciting is this because we are a global community right in cyber. So it's exciting when we get here and we get this opportunity to learn from all of these different community members and you know, both those speaking as well as those sitting next to you in sessions, those standing in line with you, there are, there's something to be lear from everyone that you know is part of this, this great community.

B

How do you ensure that that slogan becomes more than just a slogan that the people who are out there at the conference can look around and see that turned into real world action.

E

And I love that word action because that is what we are all about. In fact, you know, in our slides for our speakers, we act ask for an apply slide at the end with what are you going to do with what you learned here? There are identifiers. As you look at people's name badges, you see some of these folks, it's their first time there. Some are people who are identified as loyalty plus that is people who've been there. This is at least their fifth conference they've attended. So there's things you can see from those who are walking the halls of Moscone with you. But even more so, and what I appreciate with this question is, you know, RSAC happens once a year in San Francisco. But this platform that we support, this community goes year round. And we now have this great community platform where people can discuss things, they can reference sessions, they can, you know, look up information that they might have. So we really are digging in to try to support and grow a community year round.

B

For those first timers who are feeling a little overwhelmed looking at the catalog, as you said, more than 700 presentations and a lot of ground to cover. Literally wear comfortable shoes. Right. What are your recommendations for people to make sense of all this? To be able to have a rational plan if they haven't been before?

D

Yeah, it's a great question. And I think the advice I would give first time attendees, as I do every year, but I think it still stands, is if you can just spend a little bit of time before you come to San Francisco thinking about what you want to do, what you want to learn, what sessions you want to go to, what vendors you want to meet and then. And just make a plan before you come. You know, if you have an all access pass, attendees who have that pass can reserve seats in the sessions of their choice. Definitely do that if you can, because it will mean that you will get in. We do have a few sessions that are super, super popular and get close to selling out. And there is still a chance that you can get in in that scenario. But you know, nobody wants to miss out. So I would definitely encourage that. And then the other thing is that on the Sunday evening, if you're a first timer, we have a reception for first timers and also loyalty plus so people that have been. This will be their up to their fifth conference and attending. It's a great group of people to bring together and there's a lot of learning and a lot of knowledge passed. It's also a great opportunity to get to know people. Especially if you're there on your own. Like you said, it's big and overwhelming. It's the perfect time before the week starts to really make those connections. And then just one other thing I wanted to shout out. New this year we have what we're calling our connection hub. It's on the second floor of Moscone west, which is where a lot of our track sessions are. It's open to all access pass holders. It's with kind of offering a fun Entertaining way for people to meet each other, to exchange ideas, to have meaningful conversations. You know, just some of the fun activities. People can take part in our interactive bingo challenges. Who doesn't love a bit of Lego building? We've got some Lego building. We've got a content room for small group discussions. We've got affinity networking meetups, rotating villages. Villages used to be named Sandbox. We've now got some rotating villages that are in that room. And very excitingly, one other thing I wanted to let you know if you didn't already, is that it is our 35th anniversary this year and we will be celebrating during the week and we can talk about that again in a minute. But in that connection hub, we are going to have a 35 year exhibit. So some of our team has been going through our archives pulling stuff, you know, program guides from 1995 and stuff like that that we will be displaying at the conference. So very exciting stuff.

B

It's a really good point of how important it is to explore beyond the main show floor because I think it'd be easy for folks to. There's so much to do on the main show floor. You could spend the whole week there, but you'd be missing out on all sorts of things that are happening, as you say, at other places within the convention center. But even around the periphery, the vendors, they've set up special events and it really is this big bubble of community that comes down on San Francisco year after year.

D

Yeah, absolutely. There's a vast ecosystem around the conference and yeah, it's great. And I think, Britta, one of your bits of advice is especially to first timers, it's like take advantage of the community that is yours because the connections and the people you meet at RSAC could stay with you for your professional life. It's definitely, you see it when people come back year on year, it's the energy people get from each other is so important.

E

Absolutely. And Dave, you're right with a, you know, have a plan, spend some time. Right now the agenda is live. You can reserve seats, as Linda mentioned, you can see the exhibitors that will be there, you can see some of the activities that are going on, you know, both on and off campus. And I always, you know, encourage people. You'll spend some time with that agenda. Mark up your favorites, think about what you want to do and also choose something that maybe is a little bit out of your wheelhouse. Choose something that, oh, I'm interested in this. Not necessarily a specialist in this. Want to learn something more because I guarantee you every single one of these sessions and we've got over 500 of them. Every single one of them has been peer reviewed by our, you know, our body of program committee, 150 experts from across the industry. So I am quite certain every single session that hits the stage is going to be high quality, high caliber and will teach you something. You will go away from it, learning something that you can apply immediately.

B

Well, there's a reason so many people, myself included, consider RSAC conference to be a highlight of the year and this is no exception this year. I look forward to seeing you all there. Ladies, thank you so much for joining us.

D

Thank you. It's always a pleasure.

E

See you in March.

B

That's Linda Gray Martin and Britta Glade from RSAC and I hope to see all of you at this year's conference. See you in San Francisco.

E

Foreign.

B

No, it's not your imagination. Risk and regulation really are ramping up and customers expect proof of security before they'll sign that deal. That's where Vanta comes in. Vanta automates your compliance process and brings compliance, risk and customer trust together on one AI powered platform. Whether you're preparing for SoC2 or managing an enterprise governance risk and compliance program, Banta helps keep you secure and keeps your deals moving. Companies like Ramp and writer spend 82% less time on audits with Vanta. That's not just faster compliance, that's more time for growth. Take it from me, if you're thinking about compliance, take the time to check out Vanta. Get started@vanta.com cyber.

F

Atblinds.com it's not just about window treatments. It's about you. Your style, your space, your way. Whether you DIY or want the pros to handle it all, you'll have the confidence of knowing it's done right. From free expert design help to our 100% satisfaction guarantee, everything we do is made to fit your life and your windows. Because@blinds.com, the only thing we treat better than Windows is you. Visit blinds.com now for upload to 45% off with minimum purchase plus a professional measure at no cost. Rules and restrictions apply.

B

And finally, in a series of simulated geopolitical crises, three advanced AI models were asked to play nuclear brinksmanship. They did not blink. Kenneth Payne at King's College London pitted GPT 5.2, Claude Sonnet 4 and Gemini 3 flash against one another in 21 war games, complete with escalation ladders ranging from diplomatic protest to full strategic nuclear war across 329 turns and nearly 800,000 words of reasoning. At least one tactical nuclear weapon was launched in 95% of the games. Surrender was never an option. Even when losing badly, the models preferred to press on. In 86% of conflicts, accidents pushed escalation beyond what the AI intended. Researchers say the findings are unsettling. While experts doubt governments would hand nuclear launch authority to machines, AI is already used in war gaming. Under tight timelines, decision support tools could shape perceptions and compress choices, even if humans still hold the keys.

C

Shall we play a game?

B

How about Global Thermonuclear War? Morton Teal is a good game. Chance to. And that's the Cyber Wire for links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's lead producer is Liz Stokes. We're mixed by Trey Hester with original music and sound design by Elliot Peltzman. Our contributing host is Maria Vermazis. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. Foreign. If you only attend one cybersecurity conference this year, make it RSAC 2026. It's happening March 23rd through the 26th in San Francisco, bringing together the global security community for four days of expert insights, hands on learning and real innovation. I'll say this plainly, I never miss this conference. The ideas and conversations stay with me all year. Join thousands of practitioners and leaders tackling today's toughest challenges and shaping what comes next. Register today@rsaconference.com cyberwire26 I'll see you in San Francisco.