Summary6 min read

CyberWire Daily — “The exploit that writes its own story.”

Date: May 6, 2026
Host: Dave Bittner (N2K Networks)
Guest: Dov Yoran, CEO of Command Zero

Episode Overview

In today's episode, CyberWire Daily brings an incisive update on the latest cybersecurity threats and incidents, including the rapid exploitation of major Linux vulnerabilities, high-profile supply chain attacks, and a notable interview on the role of AI—both as a new attack vector and a powerful defensive tool. The episode also spotlights regulatory actions, the impact of data breaches, and a legal case illustrating the dark potential of geotargeted ad campaigns.

Key News and Discussion Points

1. Copy Fail: Linux Kernel Flaw Under Attack

[02:44 - 03:52]
- Newly disclosed Linux kernel vulnerability dubbed “Copy Fail” is being actively exploited just days after a working exploit was released.
- Allows low-privileged users to gain full root access on systems running affected kernels (Ubuntu, Amazon Linux, Red Hat Enterprise, SUSE).
- The attack is simple to execute and requires only minimal access, no user interaction.
- CISA urges federal agencies to patch by May 15, as Microsoft has observed early exploitation activity.
- Quote:
  “The attack requires minimal access and no user interaction, making it useful for attackers who already have an initial foothold.”
  — Maria Vermazes (03:22)

2. Daemon Tools Supply Chain Attack

[03:52 - 04:57]
- Kaspersky researchers found that Daemon Tools installers were compromised to distribute malware via the official website.
- Thousands of infection attempts spotted across over 100 countries, with high-value targets receiving advanced backdoors.
- Trusted software distribution channels remain a major target, able to elude traditional security measures.
- Disksoft, the developer, is investigating the breach.

3. Muddy Water: Espionage Masquerading as Ransomware

[04:57 - 05:53]
- Iran-linked group Muddy Water used Microsoft Teams social engineering for access and exfiltrated data under a ransomware guise.
- No encryption; extortion emails and ransomware branding served as false flags.
- This blurring between espionage and cybercrime complicates response and attribution.
- Quote:
  “The operation blurred the line between espionage and financially motivated cybercrime, potentially delaying incident response and attribution efforts.”
  — Dave Bittner (05:50)

4. Fake Open Claw Plugin Spreads Malware Among Developers

[06:17 - 07:09]
- Fake “DeepSeek Claw” plugin distributed via the Open Claw AI automation framework is targeting developers and autonomous AI agents.
- Remcos RAT deployed using DLL sideloading; malware capable of credential, wallet, and token theft.
- Highlights growing risks associated with high-privilege AI tools and unvetted third-party plugins.

5. Qlnx: Sophisticated Linux RAT Targeting Developer Credentials

[07:31 - 08:52]
- Trend Micro discovered Qlnx RAT, aimed at harvesting AWS credentials, Kubernetes tokens, NPM/PYPI keys, and more.
- Employs stealth, multiple persistence methods, and even rootkit functionality.
- Major threat to software supply chains—could enable widespread downstream compromise.

6. Vimeo Breach via 3rd Party Analytics

[08:52 - 09:33]
- Over 119,000 Vimeo users affected after analytics provider Anodot was compromised.
- Data exposed included email addresses, names, video titles, and metadata (no passwords or payment data).
- Demonstrates risk of ecosystem/vendor vulnerabilities fueling phishing campaigns for years.

7. Palo Alto Networks: Zero-Day in Captive Portal

[09:45 - 10:29]
- Critical zero-day buffer overflow in Pan OS user ID authentication portal (VM/PA series firewalls) allows unauthenticated root code execution.
- Palo Alto urges immediate lockdown, as patch is pending and >5,800 firewalls remain exposed.
- Quote:
  “Palo Alto says limited exploitation has already been observed against Internet facing systems.”
  — Maria Vermazes (09:53)

8. FTC Vs. Kochava: Location Data Broker Settlement

[10:34 - 11:42]
- FTC settlement will bar Kochava from selling/sharing location data without explicit consumer consent, in response to collection/sale of sensitive geolocation and app data.
- Emphasizes mounting regulatory pressure on the location data industry.

9. Former Conti Ransomware Gang Member Sentenced

[11:42 - 12:34]
- Denis Zola Tarzhov (Latvia) sentenced to over 8 years for wire fraud and laundering as part of Conti, Akira, Royal, and Karakurt operations—affecting 54+ organizations and causing hundreds of millions in damages.
- Quote:
  “The case underscores continued international cooperation against ransomware operators and highlights how former Conti affiliates continue to appear across multiple ransomware as a service operations years after the group's original disruption.”
  — Maria Vermazes (12:30)

Featured Interview: Fighting AI with AI (Dov Yoran, Command Zero)

Background & Threat Landscape

[14:45 - 17:35]
AI is accelerating both attack and defense. Adversaries rapidly exploit AI for autonomous tool chaining (recon, lateral movement, exfiltration), and for scaling sophisticated phishing/social engineering.
“AI is lowering that barrier of attack... You don’t need nation state teams and technologies... to run advanced operations anymore.”
— Dov Yoran (16:28)

Defensive AI: Capabilities for SOC Teams

[17:35 - 19:33]
AI speeds up investigations tremendously; what took a day now takes minutes.
Context and evidence are pulled from endpoints, identity, email, cloud, etc.
AI brings consistency, thoroughness; it levels the skills gap among SOC staff.
- “Analysts have good days and bad days, but AI agents don’t.”
  — Dov Yoran (18:31)
- Senior analysts can ‘replicate’ their skills and methodologies via AI-driven workflows, supporting and elevating less experienced staff.

Adoption & Trust Building

[19:33 - 21:27]
Onboarding is rapid—days, sometimes just a week.
Transparency and detailed audit trails build trust in AI conclusions and workflows.
- “Trust in AI is built on this transparency and the auditability and the reproducibility of these investigations.”
  — Dov Yoran (21:10)

Guardrails & Governance

[21:27 - 22:52]
Strictly limited, transparent agent permissions.
Full logs of agent activity; AI works alongside humans, not autonomously.
Emphasis on reproducible, governable agent behavior.

The Road Ahead for AI in Security

[22:52 - 24:14]
AI will automate more tedious and error-prone tasks, freeing humans for creative, complex work.
The scope will broaden beyond just the SOC, impacting wider security and IT domains.

Memorable Moments & Quotes

On the changing threat landscape:
“AI lets adversaries chain tools together autonomously... with speed and precision that wasn’t really possible before.”
— Dov Yoran (16:10)
On the benefits of AI for defenders:
“The deeper value is the consistency and thoroughness... every investigation follows similar methodologies... the same consistencies that manual processes can really have a tough time delivering at scale.”
— Dov Yoran (18:52)
On agent guardrails:
“In my opinion, that trust in AI is built on this transparency and the auditability and the reproducibility of these investigations.”
— Dov Yoran (21:10)

Notable Story: Geotargeting Goes Too Far

[25:34 - 26:37]
A University of Tennessee student is suing the “Meet” dating app after her TikTok graduation video was co-opted for a targeted ad implying she was seeking “friends with benefits.”
The app reportedly used location-based targeting to push the ad to men near her dorm, causing reputational and safety concerns.
- “The complaint alleges Meet edited her video, added graphics and a voiceover and used location based targeting to serve the ads to nearby men without her consent.”
  — Dave Bittner (26:00)
Case demonstrates how simple editing and ad targeting tools—without even requiring advanced AI—can weaponize personal data and likeness.
- “The case highlights how simple editing tools and ad targeting systems can weaponize someone’s likeness without sophisticated AI.”
  — Maria Vermazes (26:35)

Timestamps for Key Segments

| Segment | Start | End | |----------------------------------------------|--------|--------| | News Rundown & Major Threats | 01:21 | 12:56 | | Dov Yoran Interview: AI vs. AI in Security | 14:45 | 24:14 | | Lawsuit: Geotargeted Dating App Ad | 25:34 | 26:35 |

Takeaway

This episode highlights the breakneck speed of AI adoption on both sides of the cybersecurity arms race. With critical vulnerabilities and supply chain attacks on the rise, defenders are urged to leverage AI for rapid, consistent, and comprehensive investigations while remaining vigilant about vendor risk, regulatory change, and the unintended consequences of technologically enabled geotargeting. Dov Yoran’s interview offers a pragmatic, optimistic view: AI is not just an accelerant for adversaries, but a transformative asset for defenders—if wielded with transparency and care.

Loading summary

Transcript111 lines

[00:02]
Narrator/Announcer
You're listening to the Cyberwire Network powered by N2K.
[00:13]
Dave Bittner
No, it's not your imagination. Risk and regulation are ramping up and
[00:17]
Maria Vermazes
customers expect proof of security just to do business. That's where Vanta comes in.
[00:23]
Dave Bittner
Vanta automates your compliance process and brings compliance, risk and customer trust together along
[00:29]
Maria Vermazes
with on one AI powered platform. Whether you're preparing for a SoC2 or
[00:34]
Dave Bittner
managing an enterprise GRC program, Vanta helps
[00:38]
Maria Vermazes
keep you secure and your deals moving.
[00:41]
Dave Bittner
Companies like Ramp and RYTR report spending 82% less time on audits.
[00:46]
Maria Vermazes
That's not just faster compliance, that's more time to focus on growth. When I look around the industry, I see over 10,000 companies, from startups to big enterprises trusting Vanta. Get started at Vanta.com, cyber.
[01:22]
Dave Bittner
CISA warns Copy Fail is under active exploitation Attackers compromise installers for a widely used disk imaging utility. Muddy water masks cyber espionage as ransomw attackers spread malware through a fake Open Claw plugin. Researchers ID a new Linux rat. Vimeo blames a third party provider for a recent breach. Palo Alto's captive portal is under attack. The FTC settles with a data broker over location sharing.
[01:50]
Maria Vermazes
A former Conti gang member gets jail time.
[01:53]
Dave Bittner
Our guest is Dov Yoran, CEO of Command Zero, discussing how cybersecurity teams are fighting AI with AI and geotargeting turns creepy. It's Wednesday, may 6, 2026. I'm dave buettner and this is your cyberwire intel briefing. Thanks for joining us here today.
[02:41]
Maria Vermazes
It's great as always to have you with us.
[02:45]
Dave Bittner
CISA is warning that a newly disclosed
[02:47]
Maria Vermazes
Linux kernel flaw called Copy Fail is already being exploited, days after researchers released a working root level exploit. The bug allows low privileged users to gain full root access on vulnerable Linux systems. Cybersecurity consultancy Fiori says its AI powered testing platform Xint discovered the flaw and reported it in March. The company later released a proof of concept exploit that works against Ubuntu, Amazon
[03:18]
Dave Bittner
Linux, Red Hat, Enterprise Linux and SUSE Systems.
[03:22]
Maria Vermazes
Researchers warned most mainstream Linux kernels released since 2017 may be vulnerable. The attack requires minimal access and no user interaction, making it useful for attackers who already have an initial foothold. CISA has added the flaw to its known Exploited Vulnerabilities catalog and ordered federal agencies to patch by May 15. Microsoft says it is already observing early exploitation activity following the exploit's release.
[03:53]
Dave Bittner
Researchers at Kaspersky say attackers compromised installers
[03:57]
Maria Vermazes
for Daemon Tools, a widely used disk imaging utility, and distributed malware through the software's official website In a global supply chain attack. The malicious installers affected multiple versions and were first observed in early April. Kaspersky says thousands of infection attempts have been recorded across more than 100 countries. Most victims received a basic information stealing payload, while a smaller number of targets in government, science, manufacturing and retail sectors received more advanced malware, including a Backdoor linked to QuickRat.
[04:35]
Dave Bittner
Trusted software distribution channels remain a high
[04:38]
Maria Vermazes
value target for attackers Supply chain compromises can bypass traditional trust controls and quickly scale across organizations using legitimate software updates, disksoft, the Latvia based developer behind Demon Tools, says it is investigating.
[04:57]
Dave Bittner
Researchers at Rapid7 say the Iran linked threat group Muddy Water conducted an intrusion that appeared to be ransomware but operated
[05:06]
Maria Vermazes
more like a cyber espionage campaign. The attackers reportedly used Microsoft Teams social engineering to gain access through screen sharing sessions, then harvested credentials, manipulated multi factor authentication protections and deployed remote access tools including anydesk and DW agent. Rapid7 says the group conducted reconnaissance, moved laterally and exfiltrated data, but never deployed file encrypting ransomware. Instead, the attackers used chaos ransomware branding and extortion emails as apparent false flags while maintaining persistence in the victim environment.
[05:50]
Dave Bittner
The operation blurred the line between espionage
[05:53]
Maria Vermazes
and financially motivated cybercrime, potentially delaying incident response and attribution efforts. Rapid7 linked the activity to muddy water with moderate confidence based on infrastructure malware and operational patterns associated with previous campaigns tied to Iran's Ministry of Intelligence and Security.
[06:18]
Dave Bittner
Researchers at Zscaler Threat Labs say attackers are abusing the Open Claw AI automation
[06:24]
Maria Vermazes
framework to distribute malware through a fake plugin called DeepSeek Claw. The campaign targeted developers and autonomous AI agents by embedding malicious instructions into plugin files downloaded from public repositories on Windows systems. The malware chain deployed the Remcos remote access Trojan using DLL sideloading with a legitimate GoToMeeting executable on macOS and Linux. Attackers used obfuscated Node JS scripts and fake pass prompts to steal credentials, SSH keys, cryptocurrency wallets and cloud API tokens. Zscaler says the campaign also delivered the Ghost Loader information Stealer.
[07:10]
Dave Bittner
The operation highlights growing risks tied to
[07:13]
Maria Vermazes
high privileged AI tools and third party AI plugins. Researchers warn that autonomous AI agents introduce new attack services with broad system access, making supply chain vetting and behavioral monitoring increasingly important for enterprise defenders.
[07:32]
Dave Bittner
Researchers at Trend Micro have identified a Linux remote access Trojan called Qlnx that
[07:39]
Maria Vermazes
appears designed to steal developer credentials and compromise software supply chains. The malware targets Amazon Web Services credentials, Kubernetes tokens, Docker Hub logins get access tokens, NPM authentication tokens and PYPI API keys. Trend Micro says attackers could use the stolen credentials to publish malicious software updates or pivot into cloud environments. QLNX includes multiple stealth features including memory only execution, rootkit functionality, log clearing and six separate persistence mechanisms. The malware also deploys pluggable authentication module backdoors to harvest credentials and supports dozens of commands for remote control, file manipulation and data theft. Researchers warn the malware's danger comes from how its capabilities work together to establish long term stealth and persistent access inside developer environments. A successful compromise of a software maintainer could expose downstream users through poisoned packages and altered build pipelines,
[08:52]
Dave Bittner
Vimeo says A breach affecting more than 119,000 users originated through third party analytics provider Anodot, not Vimeo's own systems.
[09:04]
Maria Vermazes
According to have I Been Pwned? Attackers accessed customer email addresses and some associated names. Vimeo says the stolen data also included video titles and metadata, but not video content, login credentials or payment card information. The company linked the incident to compromised Anodot integrations and says it has since disabled the connection, revoked credentials and launched an investigation with outside security support.
[09:34]
Dave Bittner
Researchers and breach analysts warn that exposed
[09:37]
Maria Vermazes
email lists tied to contextual account data can fuel targeted phishing campaigns for years after a breach.
[09:45]
Dave Bittner
Palo Alto Networks is warning customers that attackers are exploiting a critical zero day flaw in the Pan OS user ID
[09:53]
Maria Vermazes
authentication portal, also known as the captive portal. The buffer overflow vulnerability allows unauthenticated attackers to execute arbitrary code with root privileges on exposed PA series and VM series firewalls. Palo Alto says limited exploitation has already been observed against Internet facing systems. The company has not yet released a patch and is urging customers to restrict portal access to trusted internal networks or disable the feature entirely.
[10:26]
Dave Bittner
Shadow Server says more than 5,800 vulnerable
[10:29]
Maria Vermazes
VM series firewalls remain exposed online.
[10:35]
Dave Bittner
The Federal Trade Commission and data broker Kochava have reached a proposed settlement that would bar the company from selling or
[10:43]
Maria Vermazes
sharing sensitive location data without explicit consumer consent. The FTC accused Kochava in a 2023 complaint of collecting and selling detailed geolocation data, mobile device identifiers, app usage information and income data. Regulators said the company's data could reveal visits to places like health clinics and houses of worship without users knowledge. Under the agreement, Kochava must implement programs to track sensitive locations, verify consent from data suppliers, limit data retention and allow consumers to withdraw consent or request information about data sales.
[11:25]
Dave Bittner
The case highlights growing regulatory pressure on
[11:28]
Maria Vermazes
the location data industry and the risks tied to large scale collection of precise consumer movement data. Kochava says the settlement reflects its commitment to privacy and responsible data practices.
[11:43]
Dave Bittner
A Latvian national accused of working with former members of the Conti ransomware group has been sentenced to 102 months in
[11:51]
Maria Vermazes
prison for conspiracy involving wire fraud and money laundering.
[11:56]
Dave Bittner
US Authorities say Denis Zola Tarzhov participated
[12:00]
Maria Vermazes
in ransomware operations between 2021 and 2023 that targeted more than 54 organizations using malware families, including Conti, Akira, Royal and Karakurt. Investigators say the attacks caused hundreds of millions of dollars in losses and involved the theft of sensitive personal and health information. Zolotarjoff was arrested in Georgia in 2023, extradited to the US in 2024, and pleaded guilty last year.
[12:31]
Dave Bittner
The case underscores continued international cooperation against
[12:35]
Maria Vermazes
ransomware operators and highlights how former Conti affiliates continue to appear across multiple ransomware as a service operations years after the group's original disruption.
[12:56]
Dave Bittner
Coming up after the break, my conversation with Dov Yaron, CEO of Command Zero, discussing how cybersecurity teams are fighting AI with AI and geotargeting turns creepy.
[13:09]
Maria Vermazes
Stay with us. And now a word from our sponsor, the center for Cyber Health and Hazard Strategies, also known as chhs. Looking for a graduate degree that will give you an edge on your professional career? Earn a Master of Science in Law
[13:36]
Dave Bittner
at University of Maryland, Cary School of Law.
[13:39]
Maria Vermazes
This part time, two year online graduate
[13:42]
Dave Bittner
degree program is designed for experienced professionals
[13:45]
Maria Vermazes
to understand laws and policies that impact your industry. Learn from CHHS faculty who are experts in their field, no GRE required. Learn how you can master the law
[13:57]
Dave Bittner
without a JD at law Umariland.
[14:01]
Maria Vermazes
Edu.
[14:06]
Sponsor Voice
Study and Play Come together on a Windows 11 PC and for a limited time, college students get the best of both worlds. Get the Unreal College Deal everything you need to study and play with select Windows 11 PCs. Eligible students get a year of Microsoft 365 Premium and a year of Xbox Game Pass ultimate with a custom color Xbox wireless controller. Learn more@windows.com studentoffer while supplies last ends June 30th terms at aka mscollegepc.
[14:40]
Maria Vermazes
Dov Yoran is CEO of Command Zero. I recently got together with him to
[14:46]
Dave Bittner
learn how cybersecurity teams are fighting AI with AI. So today we're talking about AI and
[14:54]
Maria Vermazes
how folks are kind of fighting fire with fire when it comes to AI.
[14:59]
Dave Bittner
Can we start off with some high level stuff?
[15:01]
Maria Vermazes
Can you give us a little bit of the history and background of what led us to this particular place where we find ourselves when it comes to AI and how People are using it in their socks.
[15:13]
Dov Yaron
Yeah, it's been a gradual process, always refining and helping SOC analysts move forward and continue to increase their productivity given technology gains, cloud SaaS and other things. And AI is really the next revolution in that series. So that's something that's been a gradual step up, if you will. And now with the advent of AI, it's been an incredible catapult moving forward to really level the playing game amongst analysts of different experience levels and different sized organizations and so on and so forth.
[16:01]
Dave Bittner
So where do we stand right now when it comes to the threat actors
[16:05]
Maria Vermazes
adopting these AI tools?
[16:07]
Dov Yaron
Attackers move pretty fast and they're unencumbered by procurement and the legal process. Right. So the clearest examples are in automation and skill. Right. AI lets adversaries chain tools together autonomously. Reconnaissance, lateral movement, exfiltration with the speed and precision that wasn't really possible before. So they're effectively leveraging and operating with LLM speed. So while we're also seeing AI used to craft more convincing phishing and social engineering attacks at volume and at scale. So we used to require skilled human, now takes just a few moments to generalize or to generate and personalize at scale. And that's obviously a big concern. Right. AI is lowering that barrier of attack, that sophistication. You don't need nation state teams and technologies and resources to run advanced operations anymore. That's asymmetrical. Defenders are still largely doing manual parts and trying to increase their, their SOC efficiencies, but that's a pretty core problem that we're trying to solve right now in the industry.
[17:35]
Maria Vermazes
And so on the defender's side, what sorts of tools are available to them
[17:41]
Dave Bittner
to help ward off these AI threats?
[17:44]
Dov Yaron
Yeah, the most immediate impact is investigation speed. What we hope platforms such as Command Zero. Right. The being able to have a thorough, alert investigation that used to consume analysts entire day. With AI agents, that same investigation can be completed in minutes. So you're pulling context from various platforms in the environment, from your endpoints, from your identity, from your email, from your cloud threat intel, so on and so forth. Right. And you're delivering really a more comprehensive report with a verdict. And speed is certainly a high mark, but that's really only part of it. The deeper value is the consistency and thoroughness, not human. Analysts have good days and bad days, but AI agents don't. And so every investigation follows similar methodologies, asks the same levels of questions, the same standards, the same consistencies that manual processes can really have a tough time delivering at scale. So at command zero, we're seeing AI compress that skills gap that I mentioned earlier between your junior or your lesser experienced folks and your more experienced teams. And so those tasks that once required just senior analysts because they needed that experience, that knowledge of different applications across different platforms can now be done in a much simpler way and in a much more consistent way across that entire team. That we think is that big sea change in structurally changing how SOCs operate today and leveraging AI as part of that solution.
[19:34]
Dave Bittner
Can you share with us what the
[19:36]
Maria Vermazes
onboarding process is like as people adjust to the new reality of these tools?
[19:43]
Dave Bittner
Is there a period of time where they're kind of gaining trust with them, they're getting used to them, seeing how the changes are going to be implemented in their world?
[19:54]
Dov Yaron
Our experience is incredibly short. It's a matter of days, sometimes a week or two. It's understanding the environment, is deploying. It's a cloud only solution set. So having access to some of the data elements, enabling that takes minutes and auto generating content, you know, usually within a few hours. And the team honestly can rock and roll. So they're looking at the events they're being guided through and shown investigations, they're looking at conclusions and all the varying underlying data that comprises those conclusions and even subordinate conclusions that weren't finalized. All those things really make for a rich experience and it really up levels all those analysts in our client base.
[20:45]
Dave Bittner
Right.
[20:45]
Dov Yaron
The More experienced Tier 3 folks have the ability to leverage and replicate their investigations to more junior folks and showing that ability, not only Billy, but that comprehensive outlook on what was discovered and what remediation and conclusions are driven from that as opposed to. Or in addition to the more junior team members now being able to ask questions and follow an auto prompt and auto generate investigations on data sources that they wouldn't normally be able to master without more experience.
[21:27]
Maria Vermazes
How are we ensuring that appropriate guardrails are put on these systems to make sure that they don't stray beyond what we want them to do?
[21:37]
Dov Yaron
Yeah, that's a great point and that's I think a major concern. Enterprises should be mindful of what we do to keep tapped on. That is we have very specific and very limited use of agents and how they're being deployed, the types of things that they have access to, the types of questions that they have in their arsenal and the types of information that they're collecting. From our standpoint, all of that is completely transparent. So you can see a full rap sheet on what was asked, how it was asked, the types of information that was drawn back. In my opinion, that trust in AI is built on this transparency and the auditability and the reproducibility of these investigations. So having these agents as part of a human investigation, collaborating deeply with the human, all these things are reproducible and more deterministic. I think all of those are helpful in the checks and balances of keeping a proper governance model on your agents as opposed to letting them just run wild in the environment.
[22:53]
Maria Vermazes
What is your sense for where we're headed with these things?
[22:56]
Dave Bittner
I mean, I think it seems like certainly AI is our future here, but do you have any sense for where
[23:04]
Maria Vermazes
this might grow into?
[23:06]
Dave Bittner
What are some of the things that
[23:08]
Maria Vermazes
people can look forward to?
[23:10]
Dov Yaron
Yeah, I mean, listen, it is great. And even the short term and even now, right? The mundane tasks and the tedious tasks that are even prone to error and user error because they're so repetitive, a lot of those things can be automatically pulled out and addressed by agents. So it is really up leveling that human talent and providing enabling more creativity and more superhuman capabilities of leveraging better automation and agentic workflows into their environment. Honestly, I see it expanding to beyond just the pure security operations center, into other adjacencies, into cyber and into other domains of the CISO's charter and domain of control, span of control. Similarly, how that reflects AI in general, how we're seeing that transform and broaden its reach in and across society at large. So it's super exciting.
[24:15]
Maria Vermazes
That's Dov Yaran from Command zero.
[24:30]
Narrator/Announcer
When you need to build up your team to handle the growing chaos at work, use Indeed sponsor jobs. It gives your job post the boost it needs to be seen and and helps reach people with the right skills, certifications and more. Spend less time searching and more time actually interviewing candidates who check all your boxes. Listeners of this show will get a $75 sponsored job credit@ Indeed.com podcast. That's Indeed.com podcast terms and conditions apply. Need a hiring hero? This is a job for Indeed.
[24:58]
Home Depot Sponsor
Sponsored Jobs it's time to refresh your yard during Spring Backyard Days at the Home Depot. Get low prices guaranteed on propane grills starting at $179 like the next grill 3 burner gas grill. Or get $50 off the select Weber Spirit Grill and bring big flavor to your backyard. Then set the scene with Hampton Bay String lights that bring it all together. Shop Spring backyard days for seven days at the Home Depot now through May 6th. Exclusions apply to homedepot.com pricematch for details.
[25:35]
Dave Bittner
And finally a 19 year old university of Tennessee student is suing the makers
[25:40]
Maria Vermazes
of the dating app Meat that's M E e T e, alleging the company
[25:47]
Dave Bittner
turned a harmless TikTok graduation video into
[25:51]
Maria Vermazes
an ad suggesting she was looking for
[25:54]
Dave Bittner
friends with benefits, then Geo targeted the
[25:57]
Maria Vermazes
promotion to people near her dorm.
[26:00]
Dave Bittner
College introductions can be awkward enough to begin with, but according to the lawsuit, she discovered it by people introducing themselves saying, hey, I keep seeing your dating
[26:11]
Maria Vermazes
app ad on Snapchat. The complaint alleges Meet edited her video, added graphics and a voiceover and used location based targeting to serve the ads
[26:22]
Dave Bittner
to nearby men without her consent.
[26:25]
Maria Vermazes
Her attorney says the campaign damaged her reputation and created real safety concerns by falsely implying she endorsed the app and was soliciting hookups.
[26:35]
Dave Bittner
The case highlights how simple editing tools
[26:38]
Maria Vermazes
and ad targeting systems can weaponize someone's likeness without sophisticated AI. Snap says it's investigating while Meet's listed publisher, which advertises safety and respect first, has not publicly responded.
[27:07]
Dave Bittner
And that's the Cyber Wire.
[27:09]
Maria Vermazes
For links to all of today's stories,
[27:11]
Dave Bittner
check out our daily briefing@thecyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in
[27:21]
Maria Vermazes
the rapidly changing world of cybersecurity.
[27:24]
Dave Bittner
If you like our show, please share
[27:25]
Maria Vermazes
a rating and review in your favorite podcast app.
[27:28]
Dave Bittner
Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's lead producers, Liz Stokes,
[27:37]
Maria Vermazes
were mixed by Trey Hester with original music and sound design by Elliot Peltzman. Our contributing host is Maria Vermazes.
[27:45]
Dave Bittner
Our executive producer is Jennifer Ibin.
[27:47]
Maria Vermazes
Peter Kilpy is our publisher and I'm Dave Bittner.
[27:50]
Dave Bittner
Thanks for listening. We'll see you back here tomorrow.
[28:10]
Narrator/Announcer
Some Follow the noise Bloomberg follows the money Whether it's the funds fueling AI or crypto's trillion dollar swing, there's a money side to every story. Get the money side of the story. Subscribe now@bloomberg.com.