Loading summary
A
You're listening to the Cyberwire Network powered by N2K.
B
This episode is supported by Black Hat usa. If you follow the research, you know a lot of it breaks on. Black Hat stages hundreds of peer reviewed briefings, more than 100 hands on trainings and the largest business hall in Black Hat's history. Six days to learn the skills you'll need tomorrow, August 1st through the 6th use code CYBERWIRE for $200 off your briefings pass@blackhat.com we'll see you in Vegas. The US restores exports of Anthropic's most advanced AI models Adobe Citrix rush out critical patches Rust Duck emerges as a fast evolving DDoS threat the gentlemen raise the stakes with a new EDR killing exploit Rocket Lab bets big on Iridium Researchers unveil browser only ransomware New Zealand faces questions about its cyber readiness Iran's long running cyber espionage campaign is back in the spotlight. Our guest is Donald Kodling discussing the importance of tying security by design to psychological safety and digital trust. Backstage Access Courtesy of Claude. It's Wednesday, july 1, 2026. I'm dave bittner and this is your cyberwire intel brief. Thanks for joining us here today. It is great as always to have you with us. The US Government has lifted export restrictions on Anthropic's most advanced AI models, Claude
C
Fable 5 and Mythos 5, allowing the
B
company to restore access beginning Wednesday. The models were suspended on June 12, just days after their release, over national
C
security concerns that they could be used
B
to identify and exploit software vulnerabilities. In a letter, Commerce Secretary Howard Lutnick said the restrictions were removed after Anthropic agreed to proactively detect and address security risks, collaborate with the government on future
C
AI releases and report malicious activity. The Commerce Department said it could reimpose restrictions if necessary. Anthropic had previously argued officials had not identified specific concerns, saying the government's decision appeared to stem from a potential method of jailbreaking Fable 5 rather than broader security flaws.
B
Adobe has released security updates addressing seven
C
maximum severity vulnerabilities affecting its Cold Fusion Web application platform and and Campaign Classic marketing software. The flaws, all rated high priority because they're considered at elevated risk of exploitation, can be abused in low complexity attacks without user interaction. Six Vulnerabilities in Cold Fusion could allow attackers to execute remote code on unpatched systems, while a separate flaw in On Premises Campaign Classic deployments could could enable arbitrary code execution. Adobe says it is not aware of any active exploitation, but urges customers to apply the updates within 72 hours. The company also announced it will move from monthly to twice monthly security bulletins starting July 14, while continuing to issue emergency patches for actively exploited zero day vulnerabilities when needed.
B
Researchers at Qian Jin's XLAB are tracking Rust Duck, an emerging distributed denial of service botnet that is rapidly evolving from C to Rust, making it more resistant to analysis and detection. Since February, the malware has targeted routers, cameras, Android devices and exposed servers by exploiting weak credentials and numerous known vulnerabilities. RustDuc uses sophisticated anti analysis techniques including sandbox and debugger detection and encrypts communications with modern cryptographic protocols to evade monitoring. Although still smaller than major botnets, researchers say its rapid technical evolution makes it a growing threat. Once installed, RustDuc can launch DDoS attacks, update itself and rotate command and control infrastructure. XLAB recommends securing Internet facing devices, disabling
C
unnecessary remote access, replacing unsupported hardware and monitoring for known indicators of compromise.
B
Citrix has released security updates for NetScaler, ADC and NetScaler Gateway, addressing six vulnerabilities including the HTTP 2 bomb denial of service flaw and four high severity memory related bugs. Researchers at Watchtower warn that the latest in the Citrix Bleed family is particularly concerning because it could leak sensitive memory and potentially enable full device compromise under specific conditions. Citrix advises organizations using affected self managed netscaler deployments to apply the updates promptly and review whether vulnerable features are enabled. Researchers at Expel have detailed how the relatively new ransomware group the Gentlemen is using a previously unknown vulnerable driver in a bring your own vulnerable driver attack to disable endpoint detection and response tools before deploying ransomware. During an April incident, the group exploited a zero day flaw in Contron's Catapi sys driver to gain kernel level access, bypass Windows security protections and terminate protected security processes from vendors including Microsoft, Sentinel, One, Palo Alto Networks and eset. Researchers say the group's exploit chains together advanced techniques to evade modern defenses, highlighting an increasingly sophisticated approach to ransomware operations. Expel recommends enabling Windows Defender application control virtualization based security, vulnerable driver block lists and Microsoft's newer cross signing protections to reduce BYOVD risks while continuing to monitor for vulnerable drivers that may be abused in future attacks. Rocket Lab is making one of the biggest bets in the commercial space industry yet with plans to acquire satellite communication provider iridium in an $8 billion deal with if it goes through, the combined company would build, launch and operate its own satellite networks, a move that could reshape competition in space based communications. Our own Maria Vermazes joins us with what the deal means and why security and resilience are part of the story.
A
Thank you, Dave. Rocket Lab, which is widely viewed as the leading challenger to SpaceX in the global launch market, says that it plans to acquire satellite communications provider Iridium Communications in a transaction valued at approximately US$8 billion. The deal would combine Rocket Lab's launch services and satellite manufacturing business with Iridium's low Earth orbit communications network, globally coordinated L band spectrum and customer base that spans government, defense, aviation, maritime and industrial sectors. The acquisition also would move Rocket lab closer to SpaceX's vertically integrated model where a company can build satellites, launch them and operate communications services on orbit. Now Iridium's network supports connectivity in remote and contested environments and provides an alternative positioning, navigation and timing capability for situations where GPS signals may be degraded, jammed or unavailable. The two companies say that should the deal be finalized in 2027, the acquisition would accelerate development of next generation services, including direct to device communications and expanded government and national security applications. As governments and critical industries become more dependent on space based networks, these systems are increasingly being viewed as essential infrastructure for the Cyberwire Daily, I'm Maria Varmazes from T Minus Space Cyber Briefing. Back to you Dave.
B
That is our own Maria Vermazis Check point Researchers have demonstrated a proof of concept browser only ransomware attack that encrypts files entirely within a Chromium browser using the legitimate File System Access API without malware exploits or downloaded executables. The technique relies on users granting a website permission to access local folders, allowing malicious code running in a browser tab to overwrite files while evading traditional endpoint
C
detection that focuses on files and processes.
B
Researchers noted the initial concept was inspired by AI generated code, though they developed
C
the working proof of concept themselves.
B
The attack has not been observed in real world campaigns and affects Chromium based browsers such as Chrome, Edge and Brave, but not Firefox or Safari. Check Point recommends restricting browser file system permissions through enterprise policies, monitoring for mass
C
file modifications, educating users about folder access prompts and maintaining offline or versioned backups.
B
A New Zealand cybersecurity expert is warning the country is not prepared for a national cyber emergency following a series of significant breaches affecting the healthcare sector. Recent incidents involving Health New Zealand, Manage My Health Metamap and Intracare mark the first cluster of highly significant cyber events in more than four years, according to the National Cybersecurity Center. Aura Information Security's Patrick Sharp said he is particularly concerned about the potential for a highest level C1 cyber emergency that could severely disrupt essential services or compromise sensitive national data. He urged organizations to strengthen governance, implement multi factor authentication, eliminate weak passwords and regularly rehearse incident response plans. Sharp also noted that many business boards rarely discuss cybersecurity, leaving organizations ill prepared to respond effectively to a major cyber attack. The recent arrest in Montenegro of an Iranian Turkish national wanted by the FBI is drawing renewed attention to Iran's long running cyber enabled intellectual property theft campaigns. According to the latest reporting from Kim Zetter. Authorities allege the suspect conducted attacks beginning in 2013 against more than 150 US universities and and other organizations on behalf of Iran's Islamic Revolutionary Guard Corps, causing an estimated $3.4 billion in damages. The case echoes a 2018 U.S. indictment against members of the Iran based Mabna
C
Institute, accused of hacking hundreds of universities, government agencies, companies and the United nations to steal academic research and trade secrets.
B
Prosecutors say the group compromised thousands of
C
academic accounts through spear phishing, ultimately stealing more than 31 terabytes of data. Researchers note Iran's sustained focus on academic and technological espionage resembles China's economic espionage campaigns, though Iran's operations are generally considered less mature and sophisticated.
B
Coming up after the break, my conversation with Donald Codling, CISO and Senior Advisor Tarigo. We're discussing the importance of tying security by design to psychological safety and digital trust and VIP backstage access courtesy of Claude.
D
Heat up your fourth of July at the Home Depot with our wide variety of grills under $300 and make every gathering one to remember. Give your outdoor space a glow up, whatever your budget is, with savings on seasonal plants starting at $5. With the grill fired up and your backyard set to perfection, you'll be able to invite friends and family over to kick off the party. Start celebrating with low prices guaranteed at the Home Depot, prices may vary by store. Exclusions apply. Seehomedepot.com Pricematch for details.
E
Hey babes, it's Paris Hilton. So I was checking my points balance in the Hilton Honors app the other day and yeah, I've got about a billion, which feels excessive even for me. Just kidding. You can never have too many Hilton Honors points and I want to do something iconic this summer so I'm giving away all my Paris points. Just find somewhere you've always wanted to see. Stay, then go to my socials or Hilton's and tell me about it. Just make sure you're a Hilton Honors member and I might be sending you Paris points. Because when you want points that make your summer even hotter, it matters where you stay.
B
Donald Codling is CISO and senior advisor to REGO on cybersecurity and data privacy matters. We recently sat down to discuss the importance of tying security by design to psychological safety and digital trust.
F
The Internet really has an identity problem. It's become a trust problem because you can no longer really verify and AI is doing nothing except accelerating this through the roof to be able to, quite frankly, trust what you're hearing, what you're looking at. And that is going to be a crisis. Quite frankly, AI is accelerating a trust crisis. So it's no longer just enough to authenticate the content of something. You really want to authenticate the trust layer. So many cybersecurity issues, if you will, and certainly how the zero trust architecture and all these other cybersecurity things have done is you really want to know who you are? Are you allowed to have access to this asset? Are you allowed to look at that data? Are you allowed to manipulate systems and consume the data and utilize the data? Well, it's gotten to the point where identity alone is really not sufficient anymore, as so many systems are discovering. They're getting workarounds or they're getting beaten or social engineering is out there, has been for a long time. So now the future really is going to require that you have a relationship verification, and the authority to do certain things is tied directly to that verification.
B
Well, let's dig into that. What do you mean when you say a relationship verification?
F
You really want to figure out, is this person, first of all, are they who they say they are? Do they have access permissions to do certain things on that network or in that application or utilizing that service? And then once you have verified that, you also want to now look at permissions if you are a child, which is one of the places that Rego really concentrates on is trying to maintain the safety and privacy of children under the Children's Online Privacy Protection act, in particular, you really want to find out, is that individual at the other end of that computer screen or monitor or now smartphone, are they who they say they are? Are they of the proper age or age range even? And in many cases, do they have the parents permission to be doing this? So that's where I'm talking about that entire relationship verification.
B
How do we go about balancing those legitimate needs versus what folks who follow civil liberties say are legitimate needs for priv or occasional anonymity?
F
Well, that's an excellent, excellent question. So I think, first of all, you have to have this security and the verification built in by design and in today's world, I think you also got to consider that there's a whole lot of psychological factors that, quite frankly, when you and I were starting out on this cybersecurity journey, Dave, I'm guessing 10, 20 years ago or something, that was less of an issue. So there are certainly very, very valid and very strong points to have anonymity in certain situations. If I am looking up certain sensitive health things, if I am accessing certain pieces of data, you want to make darn sure that the privacy, not just rights, but the privacy privileges and responsibilities, if you will, of the individual accessing that is protected and maintained. The company wants to do that from their due diligence and their fiduciary responsibility, who's providing that information. And then the consumer would like to know that that stuff has been protected. That's incredibly important. But I would venture to say that that's maybe 1, 2, 3% of the situations that are out there where somebody is going to be looking at something super, super sensitive and you have to be able to have some anonymity. I think, unfortunately, the criminals, the criminal element, people that I certainly dealt with for decades have exploited that and they have hidden in the cracks and sometimes not even hidden very well because they didn't necessarily have to, that they could exploit this anonymity and lack of end user. When you look at some cybersecurity basics of identity and access management, when you are a company and you're trying to figure out who's going on to your machines, that's a very, very foundational core of cybersecurity. And I would say in today's world, child safety and the elderly, or at the opposite end of the age spectrum, but they're having the exact same kind of security problems where you've got people who are being exploited. The exploitation of trust is hitting both of those segments of our population very, very severely. I really don't want, if I am a company, to allow bad actors to be hiding behind anonymity if they're coming onto my service to use it for, for something like a financial transaction, which is what RICO is all about. It's a financial transaction. But more importantly, in a broader sense, I think there's been this terrible exploitation of anonymity has eroded trust in so many, many ways. So I think one of the reasons you're seeing so many issues in front of the US Congress right now and certainly within the European Union, our neighbors to the north, Canada, is having similar kind of discussions now about age appropriateness and age verification and all those sorts of things. I think it really gets all the way back to trust. Are you the individual at the other end of that keyboard or smartphone? Are you able to be looking at this stuff? Are you allowed to look at this stuff? If you're a 12 year old, I think the allowed is pretty important because you'd like to have some parental control. Elderly aunt who just passed away recently kept thinking, I'm so glad she didn't have a computer, Dave, because there would have been just hordes of people. It was bad enough with the telephones, people trying to convince her to send them money.
B
Yeah. I'm curious, you know, given that we're in this moment where I think it's safe to say that, well, as you pointed out, trust is eroding thanks to things like deepfakes. How do you propose that we come at this? What, what do you imagine is a workable solution?
F
I think a whole lot of it. Like, like if you had to look in the future, I think you've got to have a system, a platform that's going to look at relationship verification. The authority verification authority in this case is are you the individual who should be accessing it? Consent verification, depending on what end of the spectrum you're at. If you're the elderly parent, and let's say you, Dave, have power of attorney because your parents are elderly and maybe they've been already victim of financial fraud or something, you'd like to be able to monitor that, for lack of a better term, to try to prevent some of those frauds from occurring. That really super comes down to trust verification.
B
And how is that achievable online?
F
That is a fabulous, fabulous question. Again, without going into the history of the Internet, which I'm sure you're probably more capable of talking about, trust was never imagined when the Internet was built. The folks who started the Internet basically said we couldn't imagine anyone at one end of the node attacking somebody at the other end of the node node. We just never envisioned that. So the architecture of the Internet was never built to be secure. Now what we have, we society has done is put all kinds of information and sensitive sorts of things online onto a platform that was really never built to do all of that. So I think this is where we people like you and I, Dave, may look towards financial institutions because are they going to become the trusted infrastructure layer. They already have to operate with know your customer frameworks, they already have a lot of regulatory compliance. They are very good at identity verification. Even they are having to bump their game up for their fraud prevention systems. But they could be, this is just as a, as a thought, they could be the kind of folks who could provide trust within some sort of an architecture, within some sort of a network.
B
Yeah, I mean, that's really the, that's the million dollar question, right, Is who do you trust these days in your day to day comings goings, what organizations already have your trust?
F
Yes, that's an excellent point, Dave. And who already has your trust? And some of them, I mean, let's be brutally honest, some of them are not doing this the financial institutions because they're wonderful humanitarians. They are doing it because they have a regulatory, a fiduciary responsibility. They're handling people's money and they want to keep their customers whole and they don't want to have problems. I think one of the things the financial industry is doing that's brilliant is training bank tellers today, Dave, that when again, I don't even know how old your folks are, but let's pretend they're 80 years old. If your mom or your aunt walks up to the teller and says, I need to withdraw $7,000 and she's got somebody on the cell phone with her, the teller says, who's not on the phone with you? Why are they telling you exactly what to do? So some of the banks have actually, and I congratulate them for this, have started to train tellers who are the front line to say, this person's never wired money, this person's asking for big cash withdrawal. Let's pull them aside, that customer for a few moments and say, hey, what's going on? You know, has your son been kidnapped? That sort of thing. And I certainly dealt with that during my FBI days. Yeah, Fear, uncertainty and doubt get injected by fraudsters immediately.
B
That's Donald Codling, CISO and senior advisor to Rigo.
G
Foreign.
B
What happens when AI agents gain access to the same systems, applications and credentials as your employees? According to Arvind Nithra Kashayap, CTO and co founder of Rubrik, that reality is already here. As AI agents proliferate across enterprise environments, organizations face a growing how do you govern systems that operate at machine speed? To learn more about AI sprawl, the risk it creates, and how organizations can prepare, visit explore.thecyberwire.com rubric to hear the full conversation.
G
This episode is brought to you by Google Chrome. You think you know a browser, but Gemini and Chrome, that's new. It can help you with practically anything on the web, like restoring a vintage motorcycle from a 50 page restoration block or finally break down that long article you've had open for weeks. Gemini and Chrome is here for it, ready to make anything online make sense. There's no place like Chrome. Check responses, setup required, compatibility and availability various 18 are all batteries the same? That's like asking if all soccer players are the same. Take Messi, the most decorated player ever. Is there any other player who has achieved that? No, just him. Now take Duracell. Is there any other battery with power boost ingredients inside? No, just Duracell. Remember, goats only trust goats because they're built differently and Messi only trusts Duracell.
B
And finally, security researcher Ian Carroll set out looking for music festival tickets and instead stumbled into what amounted to an all access backstage pass to front gate tickets back end with help from Anthropic's Claude Opus 4.7, Carol bypassed a web application firewall, exploited a SQL injection flaw, and gained super admin privileges, giving him the ability to view customer and staff records and in theory, issue unlimited VIP tickets to events like Bonnaroo, Lollapalooza, and South by Southwest. He resisted the temptation to become the world's most popular festival guest and instead reported the flaw, which Frontgate says it patched within 24 hours, adding, There is no evidence of exploitation or customer impact. Carroll says the episode highlights how AI can dramatically accelerate vulnerability, discovery, even generating novel exploitation techniques on its own. The bigger lesson, he argues, is that some critical systems remain surprisingly fragile, held together with less engineering than optimism. And that's the Cyberwire.
C
For links to all of today's stories,
B
check out our daily briefing@thecyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's lead producer is Liz Stokes. We're mixed by Trey Hester with original music and sound design by Elliot Peltzman. Our contributing host is Maria Vermazes. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher. I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. Sam.
Episode Title: The AI Lock Comes Off
Host: Dave Bittner (N2K Networks)
Main Theme:
This episode spotlights the rapid evolution and increased stakes of cybersecurity in the age of advanced AI. Key topics include the US restoring exports of cutting-edge AI models, new software vulnerabilities and exploits, browser-only ransomware, large-scale space industry acquisitions, and an in-depth interview on “security by design,” digital trust, and psychological safety. The episode concludes with a story illustrating how AI accelerates both ethical hacking and risk.
[00:12 – 03:17]
“The government's decision appeared to stem from a potential method of jailbreaking Fable 5 rather than broader security flaws.” — [02:53, C]
Adobe
[03:17 – 04:19]
Citrix
[05:28 – 05:56]
Rust Duck Botnet
[04:19 – 05:28]
Bring Your Own Vulnerable Driver (BYOVD) Attack
[05:56 – 07:04]
[07:56 – 09:26]
“As governments and critical industries become more dependent on space-based networks, these systems are increasingly being viewed as essential infrastructure.” — Maria Varmazes, [09:13, A]
[09:26 – 10:40]
“The technique relies on users granting a website permission to access local folders, allowing malicious code running in a browser tab to overwrite files while evading traditional endpoint detection...” — [09:59, C]
[10:40 – 13:08]
“The exploitation of trust is hitting both [children and elderly] segments of our population very, very severely.” — Donald Codling, [20:28, F]
[14:40 – 25:59]
The internet’s “identity problem” has evolved into a full-blown trust issue, made worse by AI and deepfakes.
Relationship verification—authenticating not just “who” but “whether access is appropriate on multiple layers”—becomes central.
“AI is accelerating a trust crisis. So it's no longer just enough to authenticate the content... you really want to authenticate the trust layer.” — Donald Codling, [14:54, F]
The internet wasn’t built with security/trust in mind.
Financial institutions may become the new “trust infrastructure” thanks to their regulatory frameworks and leadership in identity verification.
Training front-line staff (like bank tellers) to recognize fraud indicators is cited as a positive step.
“Trust was never imagined when the Internet was built… [Now] we're putting sensitive things online onto a platform that was really never built to do all of that.” — [22:52, F]
[28:05 – 29:38]
“Some critical systems remain surprisingly fragile, held together with less engineering than optimism.” — [29:23, B]
On AI and the trust crisis:
“AI is accelerating a trust crisis... you want to authenticate the trust layer.” (Donald Codling, [14:54, F])
On system fragility and AI-enabled exploits:
“Some critical systems remain surprisingly fragile, held together with less engineering than optimism.” (On Front Gate Tickets breach, [29:23, B])
On exploitation of anonymity:
“There's been this terrible exploitation of anonymity [that] has eroded trust in so many, many ways.” (Donald Codling, [18:11, F])
This summary provides a comprehensive guide to the July 1, 2026 episode of CyberWire Daily, capturing its cybersecurity news, detailed expert insights, and the urgent, evolving challenges faced in the digital landscape.