Loading summary
A
You're listening to the Cyberwire Network powered by N2K.
B
This episode is supported by Black Hat usa. If you follow the research, you know a lot of it breaks on Black Hat stages hundreds of peer reviewed briefings, more than 100 hands on trainings and the largest business hall in Black Hat's history. Six days to learn the skills you'll need tomorrow, August 1st through the 6th use code CYBERWIRE for $200 off your briefings pass@blackhat.com we'll see you in Vegas. The Supreme Court limits geofence warrants DHS moves to expand CIS the State Department offers $10 million for Russian hackers a legal theory could reshape EU US data sharing plus cyber attacks hit DC housing, Oracle and simple help flaws face active exploitation, Malware lingers on Japanese military networks and stolen Apple supplier data surfaces online. Our guest is John Canova, CIO at Ping Identity, discussing how identity threats don't go on holiday and the Secret Service dial down the risk on byod. It's Tuesday, june 30, 2026. I'm dave bittner and this is your cyberwire intel brief. Thanks for joining us here today. It's great to have you with us. In a landmark 6:3 decision, the US Supreme Court ruled that police generally must obtain a warrant before accessing a person's detailed Google location history, strengthening constitutional protections for digital privacy. Writing for the majority, Justice Kagan said people have a reasonable expectation of privacy in the location data generated by their smartphones, even when that information is stored by a third party company like Google. The court stopped short of deciding whether geofence warrants are themselves constitutional, sending that question back to a lower court. The case stemmed from a 2019 Virginia bank robbery investigation in which police used a geofence warrant to identify suspect Okela Chatri. Technology companies and privacy advocates praised the ruling, arguing that broad location requests can sweep up innocent people, while law enforcement maintained the data is an essential investigative tool. Homeland Security Secretary Mark Wayne Mullen told Congress that the cybersecurity and infrastructure Security Agency's biggest challenge is not funding but staffing. He said CISA is operating at roughly half strength and needs to hire about 600 experienced cybersecurity professionals to restore its role as the nation's primary cyber defense agency. Mullen said President Trump has already met with a candidate to lead CISA and estimated it will take about a year to rebuild the agency once new leadership is in place. The agency has experienced significant turnover, with roughly one third of its workforce departing during Trump's second term and its election security efforts largely dismantled. Mullen warned that growing cyber threats from China, North Korea, Russia and Iran require stronger public private partnerships, arguing that CISA is essential to coordinating national cyber defense and cannot rely on private industry alone. The U.S. state Department is offering up to $10 million for information leading to members of two Russia linked hacking groups accused of targeting signal and WhatsApp accounts belonging to government officials, journalists and other high profile individuals. According to the FBI, the groups use social engineering to steal verification codes, pins and backup recovery keys, allowing them to access encrypted message histories and even regain account access after victims create new accounts. The campaign is tied to Russian intelligence services and has targeted victims across Ukraine, Europe and the United States states. A recent U.S. supreme Court ruling embracing the unitary executive theory could upend the legal foundation of EU US data transfers in Trump vs Wilcox, referred to by privacy advocates as the Slaughter decision, the court held that the president generally has the authority to remove leaders of independent executive agencies, calling into question the independence of the Federal Trade Commission. Privacy group NOIB argues that this undermines the EU US Data privacy framework, which relies heavily on the FTC as an independent privacy regulator. The group says the ruling also weakens other transfer mechanisms, such as standard contractual clauses that depend on independent US Oversight while the current framework remains in force unless the European Commission repeals it or European courts invalidate it. NOIB has urged the commission to withdraw the agreement and plans to challenge it before the EU's highest court. The D.C. housing Authority has confirmed it was hit by a cyber attack that compromised its systems, leaving staff unable to access files and knocking its website offline. The incident has also disrupted constituent services, with officials unable to process requests. While recovery efforts continue, it's not yet known whether any personal information was exposed. The District's Office of the Chief Technology Officer said it is providing technical guidance to dcha, which operates its own technology infrastructure. As the agency and its incident response team investigate the breach, threat actors have begun actively exploiting a critical Oracle E business suite vulnerability just weeks after Oracle released a patch. The flaw, which carries a CVSS score of 9.8, allows unauthenticated attackers to remotely take over Oracle payments. Threat intelligence firm defused detected the first exploitation attempts against its EBS honeypots over the weekend. Despite no public proof of concept exploit being available. Organizations are urged to apply Oracle's May security update immediately as Oracle Enterprise products remain frequent targets for cybercriminals and ransomware groups. Leaked documents reveal that Japan's Ground Self Defense Force unknowingly used counterfeit malware infected USB drives on sensitive military networks for nearly a year. The drives, reportedly introduced during 2024 earthquake relief efforts outside normal procurement channels, were connected to more than 50 computers, including systems handling classified troop movement data. Investigators linked the malware to a previously identified Chinese hacking operation, although Japan's Defense Ministry said the malware only self replicated and showed no signs of data theft. The incident raises concerns about supply chain security and the risks of bypassing standard procurement procedures during emergencies, particularly as similar counterfeit USB drives remain widely available through online retailers. A critical authentication ByPass flaw in SimpleHelp Remote support software is being actively exploited to compromise managed service providers and their customers. The vulnerability, with a maximum CVSS score of 10, allows attackers to impersonate privileged technicians without authentication by exploiting improper validation of OpenID Connect login tokens. Researchers observed attackers using the flaw to deploy a new cross platform malware called Ginstealer, which targets cloud credentials, developer secrets, GitHub and SSH keys, cryptocurrency wallets and AI coding assistant tokens. CISA has added the bug to its known Exploited Vulnerabilities catalog, urging organizations to immediately patch affected simple, help servers investigate for signs of compromise, and rotate any potentially exposed credentials. Following up on a story from last week, sensitive files stolen from Apple's Indian supplier Tata Electronics have reportedly been published by a ransomware group, exposing supplier lists, component information and photos of unreleased iPhone 18 Pro models. The leak could reveal closely guarded details about Apple's global manufacturing network, potentially benefiting competitors, counterfeiters and other suppliers. Tata has become one of Apple's most important manufacturing partners outside China as the company expands production in India. The incident comes as Apple faces rising hardware costs and is expected to increase iPhone prices. Separately, Apple announced it will release security updates more quickly rather than waiting for major iOS releases, saying advances in AI assisted hacking have shortened the window between vulnerability, disclosure and active exploitation. Coming up after the break, my conversation with John Canovas from Ping Identity. We're discussing how identity threats don't go on holiday and the Secret Service dialed down the risk of byod. Stay with us.
C
No one goes to Hank's for spreadsheets. They go for a darn good pizza. Lately, though, the shop's been quiet, so Hank decides to bring bring back the $1 slice. He asks copilot in Microsoft Excel to look at his sales and costs and help him see if he can afford it. Copilot shows Hank where the money's going and which little extras make the dollar slice work. Now Hanks has a line out the door. Hank makes the pizza. Copilot handles the spreadsheets. Learn more@m365copilot.com work when you need to
A
build up your team to handle the growing chaos at work, use Indeed Sponsor jobs. It gives your job post the boost it needs to be seen and helps people with the right skills, certifications and more. Spend less time searching and more time actually interviewing candidates who check all your boxes. Listeners of this show will get a $75 sponsored job credit at indeed.com podcast that's indeed.com podcast terms and conditions apply. Need a hiring hero? This is a job for Indeed Sponsored Jobs.
B
John Canova is CIO at Ping Identity we recently got together to discuss how identity threats don't go on holiday.
D
Yes, certainly it creates challenges for cybersecurity programs in that it's really a perfect storm in that user behavior changes rather significantly. You see everything from surges in volumes of activity that seem abnormal to changes in the geolocation of your user base. And so what were signals that you could really rely on now become patterns of standard behavior for the same non malicious users.
B
Are there specific things that you see around an event like the World Cup?
D
Yeah, we see a lot of opportunism with attackers, quite honestly, unfortunately, in that they understand the dynamics that have changed in terms of user volumes and changes in geography and so they like to hide within the crowd. And so we see a lot of activity around credential stuffing, fraudulent registrations, et cetera that make it really difficult for organizations that are trying to host these large scale events.
B
What about the folks themselves who are attending an event? I'm thinking they're in a different mindset. They're away from home, they may be a place they haven't been before. They're excited, they're in a heightened emotional state. All of those things can contribute to perhaps being a little more vulnerable.
D
Absolutely. And I think moreover, they're interacting with websites that they're not generally used to. I think consumers need to be on alert in these cases and ensure that they're double checking the websites and the emails that they're interacting with as they purchase tickets or they look for travel and accommodations, certainly attackers are out there looking take advantage of these opportunities.
B
If I'm a security professional looking after the folks in my organization and I have people I know are traveling to a big event like this, is there anything I need to be careful of or put in place to account for that?
D
Yeah, I think, you know, first off, understanding behavior at an identity level within your cybersecurity program is super important. And being able to understand that there are going to be patterns that maybe you relied on previously that you can't rely on going forward. And so making sure that your cybersecurity team and your product team, to the extent you have a website or an app, are really thinking about maybe there are different types of signals we want to key on for this event. So doing some pattern mapping around maybe current state versus to be state and understanding what those gaps are going to be in addition to that is really thinking about, you know, when it comes to identity, they are not only focused on the login experience that you're thinking through, the continuous adaptive sort of solutions that give you more insight throughout the session with your, with your customers.
B
Can we dig into that? What sort of things are you talking about here?
D
Yeah, sure. So traditional identity access management solutions really are focused on that login experience, that entry point. What they don't necessarily give you control over is throughout that session, what are different behaviors, everything from the device posture to the way the user is interacting with your website. Bot detection along those sorts of lines really helps put you in a position where you can take action throughout that session, rather than assuming that once they're in the front door they must be a good actor and not a bad actor.
B
How much has AI changed this equation here? It strikes me that I think this is the first World cup that we've had since the LLMs came online.
D
Significantly, I think there's an unprecedented increase in scale, speed and the adaptability of the attacks that we're seeing. So historically, the time it took to move an attack from say a reconnaissance stage to an exploitation stage, that might be days or hours or days, and we're seeing it in seconds and minutes now. So the level of speed is certainly an issue. And so you absolutely can't have rules based approach that isn't adaptive to those changes. I think on top of it, we're seeing just much higher volumes. I think the, you know, attacks being agentic, make it cheaper and more accessible for a broader audience to participate in, unfortunately. And then the last thing I'd say is the bot behavior is getting harder to identify. Attackers are getting better and better at having bots simulate what ordinarily would look like general user behavior.
B
You know, John, I think any of us who have traveled for work have had that experience where you get where you're going, you get settled into your hotel room, you decide you're going to knock out a few work things before you maybe go Grab a bite to eat and you go to log in and the system says, hold on there. You're not where we expect you to be. Slow down. Right. And we catch ourselves and say, okay, this is good for security. I understand I needed to jump through these hoops, but. But the point of my question is how do you make sure that you put these things in place without becoming such a speed bump for your users that they come to resent it?
D
Yeah, it is a challenge. I mean it's something that we think about daily, even internally here at Ping is what is the best balance between security and user friction. And so what we try to do is we try to find the third way, which is what is the step up authentication challenge that we put in front of users that doesn't create a significant hurdle for them as a legitimate user to complete that transaction. So examples would be, you know, things we're accustomed to, an MFA with maybe a number matching capability, potentially, you know, internal systems, you might look at a facial recognition, step up authentication. So, you know, really trying to ensure that when you present those types of challenges that they aren't an undue amount of challenge for that end user. So it's something they can easily complete and that you're not going to create a number of exceptions that is out of line with the security it provides.
B
How much of this is a cultural issue as well, dealing with people making sure that they're educated and informed. So again, when someone's traveling, they know what to expect.
D
Yeah, that's a big challenge and it's an ongoing challenge that you have, I think ensuring whether you're talking about your customers or you're talking about your employees, that people understand that this is something that protects them and that the hurdles you're putting in front of them are really to their benefit is something that should be incorporated into the comms plans for your organizations. When you're changing these requirements. For an example example, you know, we require multi factor authentication for administrators of Ping's products. And when we rolled that out, we wanted to make it really clear that this was something we were doing to protect them and that we wanted feedback around how do we struck the right balance between security and friction.
B
That's John Canova from Ping Identity.
D
Foreign.
B
What happens when AI agents gain access to the same systems, applications and credentials as your employees? According to Arvind Nithra Kashayap, CTO and co founder of Rubrik, that reality is already here. As AI agents proliferate across enterprise environments, organizations face a growing how do you govern systems that operate at machine speed. To learn more about AI sprawl, the risk it creates, and how organizations can prepare, visit explore.thecyberwire.com Rubrik to hear the full conversation.
E
Heat up your Fourth of July at the Home Depot with our wide variety of grills under $300 and make gathering one to remember. Give your outdoor space a glow up whatever your budget is, with savings on seasonal plants starting at $5. With the grill fired up and your backyard set to perfection, you'll be able to invite friends and family over to kick off the party. Start celebrating with low prices guaranteed at the Home Depot. Prices may vary by store exclusion supply. Seehomedebo.com Pricematch for details so good, so good, so good.
F
New summer arrivals are at Nordstrom Rack stores now. Get ready to save big up to 60% off brands like Rag and Bone, Levi's, Adidas and Free people. Join the NordicLub to unlock exclusive discounts. Shop new arrivals first and more. Plus, buy online and pick up at your favorite Rack store for free. Great brands, great prices. That's why you rack.
B
And finally, the US Secret Service has discovered a truth familiar to office workers everywhere Nobody wants to carry two phones. Unfortunately, according to a Department of Homeland Security Inspector General report, that convenience came at a steep security cost. Agents routinely relied on personal smartphones during protective missions because government issued devices lacked the tools they needed, even though agency policy prohibited it. Investigators found more than 15,000 work related calls involving personal phones during protective operations and identified employees who regularly used personal devices on overseas assignments, sometimes even as hotspots for government laptops. The report also found government issued phones lacked modern mobile threat protections until 2025 and were not consistently wiped after foreign travel, leaving opportunities for foreign adversaries to intercept communications or track sensitive movements. The watchdog recommended five improvements, including better equipped government devices, stronger security controls, mandatory training and stricter enforcement. The Secret Service agreed with all of the recommendations, proof that sometimes the easiest call is admitting your phones need an upgrade. And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's lead producers, Liz Stokes were mixed by Trey Hester with original music and sound design by Elliot Peltzman. Our contributing host is Maria Vermazes. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow.
G
This episode is brought to you by Google Chrome. You think you know a browser, but Gemini and Chrome? That's new. It can help you with practically anything on the web, like restoring a vintage motorcycle from a 50 page restoration blog. Or finally break down that long article you've had open for weeks. Gemini and Chrome is here for it, ready to make anything online make sense. There's no place like Chrome. Check responses Setup required compatibility and availability various 18.
Date: June 30, 2026
Host: Dave Bittner (N2K Networks)
Guest: John Canova, CIO at Ping Identity
This episode of CyberWire Daily offers essential updates on U.S. Supreme Court privacy rulings, major cyber incidents affecting both public and private sectors, and a focused conversation on the persistent—and evolving—identity threats faced during large global events. The episode balances high-level policy analysis, reporting on current cyber threats, and practical insights with an expert guest segment.
[00:42]
[02:30]
[03:50]
[04:35]
[05:58]
[07:05]
[08:15]
[09:20]
[10:10]
Interview Segment Start: [12:03]
[12:12]
[12:47]
[13:35]
[14:19]
[15:20]
[16:08]
[17:53]
[19:04]
[21:56]
This episode draws firm lines on privacy, highlights the staffing imperative for CISA, and scrutinizes both persistent and evolving cyber threats. The expert segment underscores that organizations—especially during global events—must adapt to shifting user behaviors and increasingly AI-driven attacks, while never losing sight of user experience and clear communication. The Secret Service’s struggles with secure mobility serve as a cautionary tale for public and private sectors alike.
For more, visit the daily briefing at thecyberwire.com.