Summary8 min read

CyberWire Daily — May 20, 2026 — “The Cost of Trusting the Extension Ecosystem”

Overview

This episode of CyberWire Daily centers on the infrastructural and security risks inherent in today’s extension and software supply chain ecosystems. Key stories include an analysis of the recent GitHub breach caused by a malicious Visual Studio Code extension, the ongoing tension between AI safety and military access to commercial AI models, urgent vulnerabilities in popular software platforms, and a deep dive interview with Rob T. Lee regarding the new AI Vulnerability Storm report. The episode also covers notable advancements in satellite-to-phone connectivity, fresh cybersecurity protections rolled out by Signal, and the unsettling discovery of AI-generated citations in a book about misinformation.

Key Discussion Points and Insights

1. GitHub Compromised by Malicious Extension

[01:12–03:40]

Summary:
GitHub confirmed that an attacker gained access to ~3,800 internal repositories after an employee installed a poisoned Visual Studio Code (VS Code) extension.
Containment:
The breach was identified and contained after the malicious extension was removed and the employee’s device was isolated.
Impact:
No evidence that customer data outside those repositories was affected.
Attribution:
The hack was claimed by the group Team PCP, which allegedly offered the data for sale on a cybercrime forum for at least $50,000.
Broader Implications:
The incident highlights how developer tools and marketplaces are persistent supply chain attack targets. Malicious VS Code extensions are repeatedly used to steal credentials, deploy malware, and compromise developer environments at scale.

“Developer tools and software marketplaces remain attractive supply chain attack targets. Malicious VS Code extensions have repeatedly been used to steal credentials, deploy malware, and compromise developer environments at scale.”
— Dave Bittner [02:40]

2. AI, Government, and Security: Anthropic Faces Pentagon Blacklist

[03:40–05:04]

Context:
The Pentagon blacklisted AI company Anthropic, sparking skepticism from a federal appeals court.
Reason for Blacklist:
Anthropic refused to remove contractual restrictions preventing its Claude AI model from being used for “lethal autonomous warfare or mass surveillance of Americans.”
Debate:
The court questioned whether the Pentagon overstepped by using laws targeting sabotage and foreign threats for domestic contract disputes.
Quote:

“One judge called the move a spectacular overreach.”
— Dave Bittner [04:30]
Broader Context:
This case spotlights the push and pull between AI safety guardrails and government desires for unrestricted use of commercial AI, signaling “growing tension” in the field.

3. Executive Order on AI and Cybersecurity in Progress

[05:04–06:15]

Description:
The White House is working on an executive order for advanced AI safety and cybersecurity.
Key elements:
- Would strengthen cyber protections for government and critical infrastructure.
- Proposes a “voluntary framework” for AI developers to share frontier models with the government before public release.
Insight:
- Response to the emergence of highly capable AI systems like Anthropic’s Mythos and OpenAI’s GPT 5.5 Cyber.
- Both have reportedly demonstrated advanced vulnerability discovery capabilities.
Status:
“Discussions around the order remain speculative.”

4. Drupal Critical Flaw Announcement

[06:15–07:21]

Warning:
Drupal developers urge administrators to prepare for a patch to a highly critical core vulnerability—potentially affecting multiple supported versions.
Risk:
The flaw could allow for “complete website compromise.”
Urgency:
Working exploits may appear “within hours” after patch release; immediate deployment of fixes is advised.

5. Bad IIS Malware Proliferates as a Service

[07:21–08:40]

Key Finding:
Cisco Talos researchers track the Bad IIS malware—now a commodity malware-as-a-service.
Attribution:
Attributed to multiple Chinese-speaking cybercrime groups and an individual developer “lwxat”.
Functionality:
Supports SEO fraud, traffic redirection, reverse proxying, content hijacking, and built-in antivirus evasion.
Insight:
Demonstrates professionalization and increasing commercialization of the cybercrime malware supply chain.

6. Satellite Providers and the Future of Connectivity

[08:40–10:18]

News:
AT&T, T-Mobile, and Verizon jointly plan to expand direct-to-device satellite coverage in the US.
Market Impact:
Places them in direct competition with SpaceX Starlink.
Unified Platform:
The joint venture proposes a platform where any satellite provider could participate—aiming to reduce dead zones and improve emergency communications.
Quote:

“The three providers say they'll pool spectrum resources and create a unified platform that multiple satellite providers could use rather than relying on exclusive carrier partnerships.”
— Maria Varmazis [09:30]

7. Signal’s New Anti-Phishing Safeguards

[10:18–11:23]

Update:
Signal introduces in-app warnings and verification prompts to counter social engineering attacks.
Context:
Recent phishing campaigns tricked users into linking rogue devices via QR codes and SMS codes. These attacks have been linked to Russian state-sponsored actors.
Features:
- Labels for unknown contacts.
- Warnings about accounts with no shared groups.
- Clear reminders Signal will never ask for one-time codes or recovery keys.
Purpose:
Address attacks “that bypass technical defenses by manipulating user trust.”

8. Microsoft Cracks Down on Malware Signing Service

[11:23–12:30]

Action:
Seized infrastructure tied to the “Fox Tempest” malware signing as a service operation.
Threat:
Fox Tempest enabled ransomware groups to bypass Windows security warnings by signing malware with valid certificates.
Adversaries Identified:
Linked to ransomware gangs “Vanilla Tempest” and malware families like Oyster, Lumasteeler, Vidar, Raisida.
Method:
Used fake identities and automation to rapidly obtain signing credentials.

9. China Exposes Phishing via Hijacked Domestic Routers

[12:30–13:30]

Incident:
China’s Ministry of State Security claims foreign intelligence hijacked vulnerable Chinese routers for phishing campaigns targeting local institutions.
Execution:
Phishing emails masquerading as reviews or traffic violations led to credential theft.
Technical Note:
Compromised routers often had outdated hardware, weak passwords, or exposed remote management.
Quote:

“The incident highlights how poorly secured edge devices continue to provide attackers with covert infrastructure for espionage and credential theft campaigns.”
— Dave Bittner [13:23]

10. Deep Dive: AI Vulnerability Storm Report and Proactive Defense

Interview with Rob T. Lee, SANS Institute
[15:04–23:47]

- The Explosion of AI-Driven Vulnerability Discovery

“A significant rise in vulnerabilities discovered through the latest AI models has skyrocketed … almost 3,000 vulnerabilities that have not been patched yet.”
— Rob T. Lee [15:18]
The pace and capability of AIs like Mythos to find vulnerabilities is rapidly outstripping organizations' ability to patch.

- The Debate Over the Impact of New AI Models

Some suggest Mythos is more marketing than reality — but Lee notes what matters is the attention and resource allocation at the executive level that comes with national headlines.
“What is new is that it’s finally gotten attention.”
— Rob T. Lee [17:10]

- Organizational Readiness and Governance

Many organizations lack up-to-date governance and haven’t built agent-driven AI into their workflows.
Analogy:
“It’s almost like you’re trying to get to a workout. You need proper sleep and a proper diet before you even decide to say ‘I’m going to go on a short run.’”
— Rob T. Lee [18:30]

- CISO Priorities: Education, Vendor Accountability, and Proactive Ops

Immediate step: Start a discussion—educate teams, assess risk, hold vendors accountable for secure use of AI in their codebases.
The accelerating speed of AI-augmented attacks means defenders must also adopt AI-accelerated detection and response.
“Hope is not a strategy, as we know … you need to potentially reprioritize your team and see if they have the skills to start being more proactive.”
— Rob T. Lee [21:23]
Zero day cataclysm is a term jokingly used to describe the deluge of new vulnerabilities being discovered by AI.

- Industry Collaboration

The Cloud Security Alliance brings together thought leaders and heavyweight contributors from SANS and other organizations to create actionable guidance.

11. AI-Generated Misinformation Undermines Trust in Publishing

[25:08–26:35]

Incident:
Stephen Rosenbaum’s book, The Future of Truth, about AI and misinformation, was found to include AI-invented or altered quotes.
Discovery:
The New York Times identified fabrications attributed to real individuals.
Author’s Response:
Rosenbaum said ChatGPT and Claude were used for drafting and attributed the issue to “improperly attributed or synthetic quotes.”
Industry Takeaway:
Even books about misinformation can fall victim to the very problem they warn about.

“Even a book about misinformation can apparently hallucinate its own footnotes.”
— Dave Bittner [26:30]

Notable Quotes & Memorable Moments

On software supply chain attacks:
“Malicious VS Code extensions have repeatedly been used to steal credentials, deploy malware, and compromise developer environments at scale.” — Dave Bittner [02:40]
On the AI vulnerability deluge:
“We call joke behind the scenes the zero day cataclysm.” — Rob T. Lee [21:36]
On organizational governance and AI workflows:
“If you don’t have a good governance policy set, none of this is going to matter whatsoever about how you’re using AI and agents to do any of this work.” — Rob T. Lee [18:22]
On the significance of ‘marketing-driven’ AI advancements:
“What is new is that it’s finally gotten attention.” — Rob T. Lee [17:10]
On defending against accelerating attacks:
“You need to start moving faster. Otherwise the entire organization is at risk. Hope is not a strategy.” — Rob T. Lee [21:23]
On the irony of AI-generated fake quotes:
“Even a book about misinformation can apparently hallucinate its own footnotes.” — Dave Bittner [26:30]

Timestamps for Key Segments

GitHub VS Code Extension Breach: [01:12–03:40]
Anthropic Blacklist & AI Executive Order: [03:40–06:15]
Drupal Critical Vulnerability: [06:15–07:21]
Bad IIS Malware as a Service: [07:21–08:40]
Satellite Connectivity Market Moves: [08:40–10:18]
Signal’s New Anti-Phishing Updates: [10:18–11:23]
Microsoft Disrupts Malware Signing Service: [11:23–12:30]
China, Router Hijacking, and Phishing: [12:30–13:30]
Rob T. Lee Interview: AI Vulnerabilities and Defense: [15:04–23:47]
AI-Generated Book Misinformation Scandal: [25:08–26:35]

Conclusion

This jam-packed episode illustrates both the breadth and interconnectedness of today’s cyber risk—from poisoned developer extensions and the overflowing vulnerability queue enabled by AI, to the ways AI is altering legal, military, and even publishing domains. The message is clear: Speed, attention, and robust governance are required from defenders, executives, and developers alike. Even the defenders of truth are not immune to the pitfalls of rapidly evolving AI technologies.

Loading summary

Transcript23 lines

[00:02]
A
You're listening to the Cyberwire Network powered by N2K. Do you know how the space and cybersecurity domains connect? T Minus Space Cyber Briefing is your guide through the space based systems that expand the attack surface. I'm Maria Varmazis host here at N2K CyberWire and I'm excited to share that T Minus is back now as a weekly podcast, the T Minus Space Cyber Briefing. We have a new dedicated focus on two great things that are even better together. Space and cybersecurity. Because whether we realize it or not, we all depend on space based systems that are, by the way, increasingly Internet enabled. We're talking cybersecurity technologies, policies and organizations that are securing the critical space based infrastructure that powers, protects and connects our lives here on Earth. So join me for T Minus Space Cyber Briefing. New episodes every Sunday.
[01:13]
B
Quick question have you watched Project Hail Mary yet? Humanity is facing an existential threat and racing to solve it with the clock ticking for security teams, that probably hits close to home with AI use rapidly spreading. Everyone's using AI marketing, sales, engineering, Chris the intern without security even knowing about it. That's where Nudge Security comes in. Nudge finds shadow AI apps, integrations and agents on day one and helps you enforce policy without blocking productivity. Try it free@nudgesecurity.com cyberwire. GitHub confirms a breach tied to a malicious VS code extension Anthropic fights a Pentagon blacklist as the White House weighs new AI security rules. Drupal scrambles to patch a critical flaw Cisco Talos tracks the evolution of bad Eyes malware for hire signal adds anti phishing safeguards and Microsoft cracks down on malware signing services. China says foreign spies hijack domestic routers for phishing operations. Wireless carriers collaborate to kill dead zones. Our guest is Rob T. Lee, chief AI Officer at the SANS Institute, discussing the Cloud Security Alliance's AI Vulnerability Storm Report and a book about misinformation contains helpful examples. It's Wednesday, may 20, 2026. I'm dave bittner and this is your cyberwire intel briefing. Thanks for joining us here today. It's great as always to have you with us. GitHub says roughly 3,800 internal repositories were exposed and after an employee installed a poisoned Visual Studio code, or VS code extension, the company says it detected and contained the compromise after isolating the affected employee device and removing the malicious extension from the VS code Marketplace. According to GitHub, the attacker accessed GitHub internal repositories only with no current evidence that customer data outside those repositories was affected. The Team PCP hacker group claimed responsibility on the breached cybercrime forum and allegedly offered the stolen data for sale for at least $50,000. Additional technical details about the extension and affected repositories remain unclear. From current reporting, developer tools and software marketplaces remain attractive supply chain attack targets. Malicious Vs. Code extensions have repeatedly been used to steal credentials, deploy malware and Comprom developer environments at scale A federal appeals court panel signaled skepticism Tuesday over the Pentagon's decision to blacklist AI company Anthropic as a national security supply chain risk. The dispute centers on Anthropic's refusal to remove contractual restrictions preventing its Claude AI model from being used for lethal autonomous warfare or mass surveillance of Americans. Defense Secretary Pete Hegseth barred the company from working with military contractors in March, arguing Anthropic could impose undisclosed operational restrictions on military use. During arguments, multiple judges questioned whether the Pentagon stretched a law designed to address sabotage and foreign threats beyond its intended scope. One judge called the move a spectacular overreach. The case highlights growing tension between AI safety guardrails and government demands for unrestricted military access to commercial AI systems. Meanwhile, the White House is reportedly preparing an executive order focused on cybersecurity and advanced artificial intelligence safety measures. According to Axios, the draft order would strengthen cybersecurity protections across government and critical infrastructure sectors while creating a voluntary framework for AI developers to share certain frontier models with the government before public release. The proposal follows growing concern around highly capable AI systems, including anthropics, mythos and OpenAI's GPT 5.5 cyber, which reportedly demonstrated advanced vulnerability discovery capabilities. A White House official cautioned that discussions around the order remain speculative. The move signals growing government concern over AI systems with offensive cyber potential. Even as debate continues over how aggressively Washington should regulate emerging AI technologies. Drupal developers are warning administrators to prepare immediately for patches addressing a highly critical core vulnerability expected Wednesday. The flaw affects multiple supported Drupal versions and could potentially allow complete website compromise. The Drupal security team says attackers may develop working exploits within hours of patch release. Emergency fixes are planned even for some unsupported branches, though Drupal 7 is reportedly unaffected. Administrators are being urged to update to the latest bug fix release before the scheduled patch window and reserve time for immediate deployment. The warning underscores the ongoing risk posed by widely deployed content management systems in government and enterprise environments, where rapid exploitation often follows public disclosure. Cisco Talos says a widely used bad IIS malware variant appears to operate as a commodity malware as a service platform used by multiple Chinese speaking cybercrime groups. Researchers trace the malware through embedded demo PDB development strings and linked its ongoing evolution to a developer using the alias lwxat. Talos says the malware has been actively maintained since at least 2021 and includes builder tools that let threat actors customize payloads for SEO fraud, malicious traffic redirection, reverse proxying and content hijacking on compromised IIS web servers. Investigators also uncovered supporting installer tools, persistence mechanisms and antivirus evasion features, including builds designed to bypass Norton protections. The findings highlight how commercialized cybercrime ecosystems continue to professionalize malware development, customization and long term maintenance for financially motivated operations. Satellite providers and wireless carriers are betting that dead zones may finally become a thing of the past. A new joint venture aims to expand direct to device connectivity, using satellites to fill coverage gaps in remot underserved areas. Maria Vermazes takes a closer look at what that could mean for connectivity, competition and the growing push to blend terrestrial and space based networks.
[09:10]
A
Thank you Dave. The three biggest US Wireless carriers are teaming up and will potentially reshape the growing satellite to phone market in the process. AT&T T Mobile and Verizon this week announced an agreement to form a joint venture with focused on expanding satellite based direct to device coverage across the United States. This move puts the three carriers in direct competition with satellite connectivity efforts led by SpaceX and its Starlink service, which interestingly enough already partners with T Mobile on direct to cell capabilities. In any case, the three providers say they'll pool spectrum resources and create a unified platform that multiple satellite providers could use rather than relying on exclusive carrier partnerships. The companies say that the effort, once it completes regulatory approvals and final agreements, of course, will reduce coverage gaps or dead zones, improve emergency connectivity during disasters when terrestrial options fail, and allow for more new satellite enabled services directly on customer phones. For the Cyberwire Daily, I'm Maria Varmazis from T Space Cyber Briefing. Back to you Dave.
[10:19]
B
Maria Vermazes is host of the T Minus Space Cyber podcast. Do check that out. Signal has rolled out new in app warnings and verification prompts designed to slow down phishing and social engineering attacks targeting its users. The changes follow recent campaigns in which attackers posing as Signal Support tricked victims into linking rogue devices to their accounts through QR codes or one time verification codes, according to public warnings from the FBI and European authorities. The activity has been linked to Russian state sponsored actors targeting high profile individuals. Signal's new Safeguards include name not verified labels for unknown contacts, warnings about accounts with no shared groups, and reminders that signal will never request registration codes, pins or recovery keys. The update reflects growing concern over social engineering attacks that bypass technical defenses by manipulating user trust rather than exploiting software vulnerabilities. Microsoft says it's disrupted a cybercrime service called Fox Tempest that helped attackers disguise malware as legitimate software using fraudulently obtained code signing credentials. According to Microsoft, the malware signing as a service operation enabled ransomware groups and other threat actors to bypass security warnings by making malicious files appear trusted. The company says it seized infrastructure tied to the operation, disabled fraudulent accounts and disrupted hundreds of virtual machines supporting the service. Microsoft linked the platform to ransomware operators including Vanilla Tempest and malware families such as Oyster, Lumasteeler, Vidar and Raisida. Investigators say the operation used fake identities and automated infrastructure to obtain signing credentials at scale China's Ministry of State Security says a foreign intelligence agency compromised domestic routers and used them to conduct phishing attacks against personnel at key institutions. According to the mss, attackers hijacked vulnerable routers inside China and used them as proxy infrastructure to send phishing emails disguised as review invitations or traffic violation notices. Victims were redirected to fake login pages designed to harvest credentials before being forwarded to legitimate looking sites. Authorities say attackers then accessed compromised email accounts to steal sensitive information. Many affected users reportedly noticed only degraded Internet performance, unexpected reboots or connection instability. The MSS says compromised devices often relied on outdated hardware, weak passwords or enabled remote management features. The incident highlights how poorly secured edge devices continue to provide attackers with COVID infrastructure for espionage and credential theft campaigns. Coming up after the break, my conversation with Rob T. Lee discussing the Cloud Security Alliance's AI Vulnerability Storm Report and a book about misinformation contains helpful examples. Stay with us.
[14:03]
C
So good, so good, so good. Everything you want for summer is at Nordstrom Rack stores now and up to 60% off. Stock up and save on the brands you love like Vince Sam, Edelman, Frame and Free people. Join the NordicLub to unlock exclusive discounts, shop new arrivals first and more. Plus, buy online and pick up at your favorite Rack store for free. Great brands, great prices. That's why you wreck. Study and play. Come together on a Windows 11 PC and for a limited time, College students get the best of both worlds. Get the unreal college deal. Everything you need to study and play with select Windows 11 PCs. Eligible students get a year of Microsoft 365 Premium and a year of Xbox game Pass ultimate with a custom color Xbox wireless controller. Learn more@windows.com studentoffer while supplies last ends June 30th terms at aka mscollegepc.
[15:05]
B
Rob T. Lee is Chief AI Officer and Chief of Research at the SANS Institute. I caught up with him to discuss the Cloud Security Alliance's recently published AI Vulnerability Storm report.
[15:18]
C
The significant rise in vulnerabilities discovered through the latest AI models has skyrocketed to the point where the Zero Day initiative led by Surge app has queued. And this is again data that he shared at Unprompted back in early March had queued almost 3,000 vulnerabilities that have not been patched yet because it's just really hard for folks to wrap their head around those and also get them deployed inside organizations. With Mythos, it is a measurable increase in the capability and speed that allows these vulnerabilities to be found, and this results in an even larger wave of potential vulnerabilities being discovered. That is one of the reasons why a lot of organizations are saying what do we do? How do we approach this? Not just say hey, you know, it's really hard for us to know what to respond to. It feels overwhelming. And here's a step by step guide of a how to look at it. What is your priority actions and what are those risks that are mapping to those priority actions going to be?
[16:37]
B
Before we dig into the details of the report, I've seen commentary from some experts saying that Mythos is just marketing driven, that it's really not a big game changer. Other models are capable of doing the same thing that Mythos is. Does that really matter?
[16:56]
C
It matters, but also is a opportunity. Folks that are looking at it through the lens of obviously anthropic DID press releases around it, they're trying to look at this from the lens of look at the good we're doing. We're pumping the brakes. It did get noticed by a lot of teams and organizations that have not had their security teams get a lot of questions toward it over the past few years. Hiring has been flat, new skill development has been flat. So when you have something that elevates to executive or board level, that's the opportunity. And we're not saying that this is ambulance chasing because it's not. And I think some folks out there are pointing out to say hey this is now call Tuesday, same Tuesday that we had last week. It just may be quicker. They're also not wrong but where I nudged them a little bit, look at them from across the Table. I said, but are we having a conversation about it today that's made the national news? Then they take a step back and say, okay, fair point. I said, that could help get the needed resources to help handle this. We're saying it's not new. Cool. But what is new is that it's finally gotten attention.
[18:16]
B
Well, let's dig into some of the details of the report here. What are some of the things that really caught your eye?
[18:23]
C
Well, when we were writing it, the things that we debated heavily were, you know, how much are we leaning into, you know, how fast do organizations spin up, you know, the vulnerability analysis and you know, code analysis to be able to find these zero days? It was debated there, you know, some of the other priority actions, you know, in terms of this, the first priority or second priority, those type of things ended up being heavily debated as to when you're, what do you mean by organizations that are not agent first in doing this type of workflows? And if you don't have a good governance policy set, none of this is going to matter whatsoever about how you're using AI and agents to do any of this work. So there's some prerequisites. It's almost like you're trying to get to a workout. You need to have proper sleep and a proper diet before you even decide to say, I'm going to go on a short run. And it's when people sometimes just want to know, how do I train for the marathon? They want to go directly into running, but you still need to really emphasize the basics, which are in many cases organizations haven't kept their policies up to date and aren't leading with agent driven AI capabilities first.
[19:40]
B
That's a really interesting perspective. I mean, you're using the, the analogy of prepping for a race. It seems like there's probably a lot of organizations out there who have been procrastinating in their preparation. And so I could see this being a bit of a wake up call for them.
[19:59]
C
Oh, very much so.
[20:00]
B
What do you think CISO should be doing? Faced with this reality, what are the immediate things that need their attention to
[20:08]
C
have discussions with their teams? And I think that's the first step is education and understanding. Where does the trying to look at it through several different lenses, which is a, it starts the discussion, what is our current risks that we are trying to identify and what do we do about those? And it really is a, every organization out there is utilizing not only potentially their own code base, they're relying on others code bases with the Vercel Attack or Compromise this past week and others, it shows that you still need to get your vendors accountable for them following through on Mythos and other AI vulnerability analysis as a whole. So two things occur from this Number one is a highlight that the speed and acceleration of AI augmented vulnerability discovery and autonomous AI attacker behavior is starting to put additional pressure on teams to be able to respond quicker, detect faster, and be able to mitigate with current patches. And with that, the only way that you could increase speed is by using your own AI augmentation at the same time. So if you're looking for that lens in particular, there are risks by not moving faster or waiting for others to move. You can't be waiting for the first movers and then adopt. You need to start start thinking about it from the lens of we need to start moving faster. Otherwise the entire organization is a risk or code base. And it's not overarching to say that these things are going to be found in droves. That's why we call joke behind the scenes the zero day cataclysm. What some people point toward. The second thing that organizations need to take a look at is your current team prioritizations and segmentations. Correct. And a lot of teams are dedicated to security operations and some response. They may not have enough folks that are focusing in on vulnerability operations. Fullnops is what a lot of folks are calling it now to discover and find these vulnerabilities before the attackers do. And then you're dealing with an incident versus trying to be proactive. Both of these things are equally true. So you have the they're speeding up and you can't just wait and hope. Hope is not a strategy, as we know. And then two, you need to potentially reprioritize your team and see if they have the skills to start being more proactive using this code analysis on your code pipelines.
[22:50]
B
Tell me about the Cloud Security Alliance. Looking through both the authors and the contributing authors to this report, it is quite a who's who of heavy hitters when it comes to the cybersecurity community.
[23:05]
C
Well, the organizations I'm not with the Cloud Security alliance. That's another. We're all partners. I'm with Sans and a lot of the folks that we had review this, you know, so it was led by a lot of these organizations because it was, you know, Gotti, Rich Mogul and myself. And then we essentially started passing it around to our friends and saying, hey, would you do a core review or would you like to be a contributor? So it's through these organizations that have a clear mission stake in trying to further cybersecurity as a whole. And then we're bringing in those in the community that have the strongest voices to also get their input and align behind these recommendations.
[23:47]
B
That's Rob T. Lee from the SANS Institute and the Cloud Security Alliance.
[24:04]
C
Your summer starts now with Memorial Day deals at the Home Depot. It's time to fire up summer cookouts with the next Grill 4 burner gas grill on special. Buy for only $199 and entertain all season with the Hampton bay West Grove 7 piece outdoor dining set for only $499. This Memorial Day, get low prices guaranteed at the Home Depot while supplies Last priced invalid May 14 through May 27 US only exclusions apply. See homedepot.com Pricematch for details.
[24:34]
A
When you need to build up your team to handle the growing chaos at work, use Indeed Sponsored Jobs. It gives your job post the boost it needs to be seen and helps reach people with the right skills, certifications and more. Spend less time searching and more time actually interviewing candidates who check all your boxes. Listeners of this show will get a $75 sponsored job credit@ Indeed.com podcast. That's Indeed.com podcast. Terms and conditions apply. Need a hiring hero? This is a job for Indeed Sponsored Jobs.
[25:09]
B
And finally, a nonfiction book warning about artificial intelligence and the erosion of truth has run into an awkward problem. Several of its quotes appear to have been invented by AI. Author Stephen Rosenbaum acknowledged that the future of Truth included what he called improperly attributed or synthetic quotes after reporting by the New York Times identified multiple fabricated or altered citations. Among them were quotes falsely attributed to tech journalist Kara Swisher and psychology professor Lisa Feldman. Barrett Rosenbaum said he used ChatGPT and Claude during the research and editing process and is now reviewing the book with editors for corrections. Some quotes were entirely fabricated, while others blended authentic ideas with wording sources said they never used. The episode lands squarely in the publishing industry's growing anxiety over AI assisted writing, where even a book about misinformation can apparently hallucinate its own footnotes. And that's the cyberwire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's lead producers Liz Stokes. We're mixed by Trey Hester with original music and sound design by Elliot Peltzman. Our contributing host is Maria Vermazes. Our executive producer is Jennifer Ivan. Peter Kilpe is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow.
[27:24]
C
Foreign.
[27:39]
B
Attackers broke into systems. Now they're chaining identities together to move through your environment unnoticed. We recently spoke with Justin Kohler from Spectrops about how attackers are exploiting common identity configurations across today's hybrid environments. Attackers are compromising one account and moving on to the next until they reach the administrator access and high value targets thereafter. And with AI, these attacks are becoming cheaper to execute and easier to scale, putting more organizations at risk. If you want to understand what identity attack path management looks like and why it matters for defending modern environments, listen to our full conversation at Explore thecyberwire.com spectrops that's Explore TheCyberWire. Com Spectrops.