The parallel war online.

A

You're listening to the Cyberwire Network powered by N2K.

B

These days, attackers rarely start with a bang. They start quietly. A leaked credential, A stolen session cookie, A lookalike domain that shouldn't exist. That's where Nord Stellar comes in. Nord Stellar is a threat exposure management platform that helps organizations see what attackers already know about them. Turns into an incident. It brings together data breach monitoring, dark web monitoring, attack surface management and cyber squatting detection in a single platform. That means visibility into leaked credentials and malware logs, insight into brand impersonation attempts, and a clear picture of exposed Internet facing assets. And shadow it for CISOs. It's a way to reduce response costs, prioritize real risk and communicate clearly with the board. For security teams, it's real time alerts, contextual intelligence and faster investigations without the noise. Most companies only react after the damage is done. Don't wait until your data is already for sale. Protect your business today with Nord Stellar. Learn more@nordstellar.com CyberWire Daily don't forget to mention CyberWire 10 for an exclusive offer. Cyber war shadows the U S Israel attack on Iran Hackers hijack Pakistani news broadcasts President Trump orders all federal agencies to stop using AI technology from Anthropic the Health Care Cybersecurity and Resiliency act clears a hurdle. A new RAT streamlines double extortion attacks against Windows systems. CISA updates warnings on a zero day targeting Ivanti Connect Secure Devices. A North Korea linked group targets air gapped systems. We've got our Monday business breakdown on our afternoon Cyber Tea segment from Microsoft. Ann Johnson speaks with Rob Suarez, Vice President and Chief Information security officer at CareFirst Blue Cross Blue Shield about cybersecurity in healthcare. Tim Starks from cyberscoop has the latest goings on at cisa and Microsoft says the slop stops here. It's Monday, march 2, 2026. I'm dave buettner and this is your cyberwire intel brief. Thanks for joining us here today. Welcome to March. It's great to have you with us. The escalating conflict between the United States, Israel and Iran has unfolded alongside a parallel cyber campaign marked by widespread disruptions, infrastructure targeting and mounting warnings of retaliation after coordinated US and Israeli airstrikes on February 28 killed Iranian Supreme Leader Ali Khamenei and other senior officials. Iran responded with missile and drone attacks on US Bases and Israel, causing limited casualties and damage in cyberspace. Reported U S Israeli operations disrupted Iranian news outlets, government service services and Islamic Revolutionary Guard Corps communications and allegedly included distributed denial of service attacks and deeper intrusions into energy and aviation systems. A prolonged nationwide Internet blackout followed, though it remains unclear whether that outage stemmed from external cyber activity or internal government controls. Iranian and pro Iranian groups have since escalated activity targeting Israeli industrial control systems, regional fuel infrastructure and US And Israeli logistics providers. Security firms warn that reconnaissance and denial of service attacks may precede more destructive operations, including data wiping malware and ransomware. While impact claims on all sides may be exaggerated, experts caution that cyber operations are now tightly integrated with kinetic conflict, raising risks for critical infrastructure across the region and in Western nations. Several major Pakistani news channels were disrupted on March 1 after hackers hijacked satellite broadcasts during peak evening programming. The breach occurred shortly after Iftar and continued into the widely watched 9pm Bulletins displaying unauthorized anti military messages earlier urging citizens to oppose the armed forces. Geo News said it had been battling hacking attempts for nearly 24 hours before the intrusion. While authorities have not issued a formal statement, reports suggest retaliatory cyber attacks followed, allegedly targeting Indian media outlets. Investigations are ongoing. President Trump ordered all federal agencies to stop using artificial intelligence technology from Anthropic, escalating a dispute over how its systems can support military operations. Defense Secretary Pete Hegseth designated Anthropic a supply chain risk to national security, a rare label typically applied to foreign adversaries, effectively barring military contractors from working with the company. Anthropic said it would challenge the decision in court, calling it unprecedented and legally unsound. The clash centers on the Pentagon's demand for broad, unrestricted access to Anthropic's AI models. The company refused to allow uses involving fully autonomous weapons or mass domestic surveillance. The directive could disrupt intelligence analysis at agencies such as the NSA and the CIA, which rely on Anthropic's CLAUDE system, and force a transition to alternative AI providers. Speaking of claude, there are reports of a significant outage with elevated error rates affecting users across Web, mobile and API platforms this morning. The incident appears to be widespread rather than confined to a specific region or service. Users may see failed requests, timeouts or inconsistent responses elsewhere. OpenAI said it has reached an agreement with the U.S. department of Defense to deploy its large language models on classified military networks. CEO Sam Altman announced the deal shortly after President Trump ordered agencies to stop using rival Anthropics technology. Altman said the agreement includes prohibitions on domestic mass surveillance and requires human responsibility in the use of force, including autonomous weapons. It remains Unclear how quickly OpenAI's models can be integrated into classified defense systems. A bipartisan group of senators has advanced the Healthcare Cybersecurity and Resiliency act, with the Senate Health, Education, labor and pensions committee voting 22. 1 to send the bill to the full Senate. The legislation aims to strengthen healthcare cybersecurity by requiring updated federal guidance, including support tailored to rural medical practices, and improve coordination among agencies. The bill would codify key elements of a proposed overhaul of the HIPAA security rule, mandating measures such as multi factor authentication, encryption and regular audits, including penetration testing. It also directs the Department of Health and Human Services to establish additional minimum standards based on emerging threats. The measure includes grants and training for under resourced providers. Lawmakers say the bill could improve sector resilience, though its prospects in Congress remain uncertain. Researchers have identified a new remote access trojan called Steelite that streamlines double extortion attacks against Windows 10 and 11 systems marketed on cybercrime forums as fully undetectable. The malware combines ransomware, data theft, credential and cryptocurrency stealers and and live surveillance tools into a single browser based control panel, according to researchers at Black Fog. Steel Light begins harvesting browser stored passwords, session cookies and tokens as soon as a victim connects, even before an operator issues commands. Its dashboard includes remote code execution, webcam and microphone access, key logging, hidden remote desktop protocol access and ransomware deployment. A built in cryptocurrency clipper can swap wallet addresses during copy paste operations. By integrating data exfiltration and encryption in one platform, Steel Light lowers the barrier for criminals to conduct double extortion attacks. CISA has released updated technical details on Resurge, a malicious implant used in zero day attacks to compromise Ivanti Connect secure devices. The vulnerability was reportedly exploited since mid December 2024 by a China linked threat actor tracked by Mandiant as UNC5221. Resurge is a 32 bit Linux shared object file that acts as a passive command and control implant. Instead of beaconing out, it waits for specially crafted inbound TLS connections using fingerprinting and a forged Ivanti certificate for authentication to evade detection. Once validated, it establishes encrypted mutual TLS sessions for covert access. The malware also includes log tampering capabilities and boot level persistence, allowing it to survive reboots. CISA warns the implant may remain dormant and urges administrators to use updated indicators of compromise to detect and remove infections. Zscaler reports that North Korea linked APT37, also known as Scarcruft and Ruby. Sleet has deployed five new tools in a campaign targeting air gapped systems. The operation discovered in December 2025, uses malicious LNK files to launch PowerShell scripts and in memory payloads. A loader called Restleaf retrieves shellcode from Zoho WorkDrive, ultimately deploying Snake Dropper, which installs a backdoored Ruby runtime for persistence. Snake Dropper drops Thumbs bd, a backdoor that uses USB drives as bi directional relays to exfiltrate data and receive commands, and Virus Task, which spreads via malicious shortcut files on removable media. Zscaler also observed an Android surveillance tool called Footwine. Researchers warn the toolkit is designed to bypass network isolation and and recommend close monitoring of endpoints and physical access points. Turning to our Monday business breakdown, Cybersecurity investment and consolidation continue across global markets with multiple funding rounds and acquisitions announced this past week. Israeli exposure management Firm Astellia raised $35 million in seed and Series A funding to expand its AI driven analysis partnerships and global teams. Lithuania based compliance Startup Copla secured 6 million euros to support product expansion and growth across the EU and beyond. Saudi GRC automation platform SolidRange raised $2.4 million to advance its AI powered governance and compliance roadmap. In the US, Virginia based AI assurance startup Hardshell closed $1.1 million in pre seed funding to to grow in regulated sectors such as healthcare and defense. MA Activity was also active. Arctic Wolf acquired Sevco Security to strengthen exposure assessment capabilities, Booz Allen Hamilton agreed to acquire MSSP Defi Security, Valiant Solutions acquired Abile Group, quickstart bought training platform Iron Circle and UK based Littlefish Group acquired MSSP Stripe Olt. Be sure to check out our weekly Pro Business Briefing that is on our website and is part of Cyberwire Pro. Coming up after the break, Microsoft's Ann Johnson speaks with Rob Suarez from CareFirst Blue Cross Blue Shield about cybersecurity and healthcare. Tim Starks from cyberscoop has the latest goings on at CISA and Microsoft says the slop stops here. Stay with us. Maybe that's an urgent message from your CEO, or maybe it's a deep fake trying to target your business. Doppel is the AI native social engineering defense platform fighting back against impersonation and manipulation. As attackers use AI to make their tactics more sophisticated, Doppel uses it to fight back from automatically dismantling cross channel attacks to building team resilience and more Doppel outpacing what's next in social engineering? Learn more@dopl.com that'S-O-P p e l.com. No, it's not your imagination risk and regulation really are ramping up and customers expect proof of security before they'll sign that deal. That's where Vanta comes in. Vanta automates your compliance process and brings compliance, risk and customer trust together on one AI powered platform. Whether you're preparing for SOC 2 or managing an enterprise governance risk and compliance program, Vanta helps keep you secure and keeps your deals moving. Companies like Ramp and RYTR spend 82% less time on audits with Vanta. That's not just faster compliance, that's more time for growth. Take it from me, if you're thinking about compliance, take the time to check out Vanta. Get started@vanta.com cyber foreign. Johnson is host of the Microsoft Security Afternoon Cyber Tea podcast. In a segment from this week's show, she sits down with Rob Suarez, Vice President and Chief Information security officer at CareFirst Blue Cross Blue Shield, to talk about cybersecurity in healthcare.

A

Today I am thrilled to welcome Rob Suarez, Vice President and Chief Information security officer at CareFirst Blue Cross Blue Shield. Rob, welcome to Afternoon Cybertea. One of the things that stands out in your approach is you and I met with you. I've heard you talk about the human element, both patients and also your team and the team within the organization and culture. Can you talk a little about your people behind the mission? You've led global cybersecurity teams across multiple industries. What have you learned about building teams that not only defend but also believe in the mission behind the work?

C

It goes back to what we were talking about when it comes to how rapid change takes place in cybersecurity and all of the different types of cybersecurity threats that we need to focus on and protect against. It can be overwhelming and in fact healthcare, it's even more daunting because there is a patient at the end of everything that we do. And I believe that a purpose driven team always outperforms and it allows us to focus on where we need to pay attention and apply more pressure, apply more rigor in security. Care first emphasizes a human impact of cybersecurity and connecting technical tasks to patient safety and community health. As leaders, we cultivate this by sharing real world stories, investing in professional development and creating a culture around a mission at careforce that's making healthcare affordable and accessible to everyone. And we've seen cyber attacks in the past have incredible impact on the financial performance of organizations. Those dollars in healthcare when there is a ransomware attack, those dollars that are spent on recovering systems can go towards achieving better healthcare outcomes for patients. And we can look at the cost of services in your local community. For example, whether it's non medical emergency transportation or transportation to the hospital, or it's a preventative colorectal cancer screening, or if it's diabetic testing strips and getting a 30 day supply, there's a cost tied to each of those healthcare services. And when cyber attacks happen, it detracts from being able to afford those different types of services. And so I feel that is where you start to cultivate a sense of purpose. In my world of healthcare cybersecurity, it's a conversation around how our work impacts patients and their wellbeing.

A

I love that, I love that you just tie it back to patients and their well being. And one of the things that you also have responsibility for beyond patients and the day to day operations of the program and the team is the board. You have to influence the board. CISOs are more and more frequently having to influence their board in healthcare. You're also influencing your clinicians, you know, doctors and nurses and medical professionals that just want to deliver care and don't want to be inconvenienced. You're having to influence policymakers and of course you're having to convince patients to trust you. When you think about all of that context to cyber risk, how do you translate cyber risk into language that inspires action and confidence rather than making people fearful?

C

Well, in healthcare I believe we need to reframe risk as a shared opportunity for resilience using plain language and relatable analogies instead of fear based messaging communications need to highlight empowerment. Your action protects health. The metrics and dashboards are designed to show progress, not just exposure. And so there is a sense of confidence that we need to have when we're practicing cybersecurity and that allows us to be even more transparent around cybersecurity risks and the vulnerabilities. Because you can't protect what you don't know.

A

I think that's a great phrase that everyone has to actually keep remembering you can't protect what you don't know. When I talk to CISOs and I'll say to them, what is your number one issue or what is your number one problem? And they all say visibility. It doesn't matter where in the world I am, doesn't matter the size of company, doesn't matter the industry, they are concerned about what they can't see. They are concerned about network devices, they are concerned about the rogue tenants that now they're concerned about rogue AI. Right. The agentic world shadow agents. So thinking about that and thinking to the future, because we are going to see a proliferation of agents, we are going to see a proliferation of agentic to drive productivity, to drive research in your field, to drive better medical outcomes. If you could redesign the CISO role for the next decade, not the past decade, what would you change about how the role is measured, how the role is structured, and how the role is empowered?

C

And I believe the future of the CISO should be measured on trust, outcomes and resilience, not just compliance. The role must expand beyond technology to influence culture, ethics and innovation, even as part of the overall strategy of an organization, even in the title. This job is no longer just about information security. And certainly empowerment comes from board level visibility and authority to shape enterprise risk postures holistically. I think that reporting structure to the board is incredibly powerful. I think the other part is the ability to peer into our lines of businesses and influence, have a seat at the table when it comes to decisions of how the company will change and provide different services into the future. Enabling technology, but also factoring in all these other forms of risk that may impact the value that we're providing to people, to patients.

B

Be sure to check out the complete afternoon cybertea podcast wherever you get your favorite shows. It is always my pleasure to welcome back to the show Tim Starks. He is a senior reporter at cyberscoop. Tim, welcome back.

D

Good to be back.

B

So Tim, I feel as though these past few days, past week or so, you have been really putting the scoop into the cyberscoop name with some of the stories you've been publishing here. By my account, certainly you were the first that I saw in my review of the news who had this story on Mr. Ghatamukala out as the director or acting director of CISA.

D

Yeah, I think there was another outlet that got there first. But in terms of Cyber World. Yeah, maybe we're the first people to write about it. It's a big deal. Obviously. You know, Dr. Gautamikawa has been leading the agency for quite a time now and you know, the reviews were not stellar. Yeah, I would say maybe that's an understatement.

B

Well, it just struck me as maybe not being a good fit. Do you think that's a good way to frame it?

D

Yeah, I think, you know, he went from the chief information officer of a small state to running a multi billion dollar agency. And you know, the people who have said nice things about him will say that he's got a good technical background, but suddenly he was doing A lot of policy stuff and doing a lot of kind of big level things that maybe he wasn't equipped to do. You know, there were the stories in Politico that were pretty damning about his use of ChatGPT and him not passing a polygraph. You know, one phrase that somebody used to describe his leadership to me was amateur hour. You know, it feels strange to. To talk about someone else in those kinds of stark terms, but those are the terms people use to me. Well, yeah, he. He wasn't. He didn't have the experience. He didn't have the background. You know, he's leaving to go take a DHS role. That sounds more like the kind of role he'll be good at. So we'll see how that works out.

B

So stepping in for him is Nick Anderson, who was executive Director for Cybersecurity at cisa. Do I have that right?

D

You do, yeah. And he is someone who I think people are enthused about. He's someone who has been doing a lot of work, I mean, a lot of the public facing work that CISA has been doing, he's been the one doing it. He's been the one leading the background calls. I don't mean on background. I mean the calls with reporters to talk about binding operational directives. He's got both a tech and policy savvy. He has a good reputation. Beyond that, I don't think people think of him as, you know, one of the things that people dinged Dr. Gautamakola for was that they, you know, on the Hill, people thought he was kind of hiding a reorganization plan from them. Whether that was justified or not, that's. But that was the perception. I don't think anybody thinks of Nick Anderson as a dishonest broker right now. Certainly he's had to deliver some news about the future of the agency that wasn't well received because it was involving cutting back on missions. But I don't think anybody thinks, oh, this guy is a problem. Right. I think they think he's a sharp operator.

B

That's the impression I've gotten. I haven't had the opportunity to speak with him, but pretty unanimously, the folks I know who have worked with him have been impressed. And as you say, they're looking at him as being a sharp operator and I think looking forward to his leadership.

D

Yeah. I think if, you know, it would have been interesting maybe to see what the CISA leadership would look like if it was as intended. Where Shawn Plenky was there as director and Dr. Gatta McCullough was there as deputy director, maybe that would have been a better situation than we've ended up with. I don't know. But when I think of the kind of person who probably should be the acting director based on their abilities and everything, I think that Nick Anderson makes perfect sense.

B

Well, let's wind the clock back an extra day or so to the report that you put out that was categorizing SISA as being in real trouble here.

D

Yeah. So I, you know, I heard from a couple people this, you know, may have played a role in what? In the decision making. I don't know if I don't know for sure, but I've heard from a couple different people that it did. It was a pretty comprehensive look at where CISA is as an agency. And normally with stories like this, when I'm calling people who I think are going to be maybe want to cheerlead the administration.

B

Right.

D

Like a Republican in Congress or people in industry who like the idea of a less regulatory approach to cyber, normally I would expect them to lead with this is what CISA is doing. Well, we wish they would do these things better also. Instead, it was pretty much, CISA's not doing this well, CISA's not doing this well. CISA is not doing this well. And I literally got to the point in a call with one industry person, I'm like, what is CISA bringing to the table right now? And that person just said it. It's hard to think of anything good to say right now. It's an agency that has lost a third of its personnel. It's lost a lot of its expertise. You know, not just losing volumes of people, but losing people who have been at the agency for a very long time. And that's led to a loss of capabilities. I mean, from things like international relations, things like providing services to state and local government, election security, coordination with industry. A lot of people in industry say they can't get meetings with CISA because there just aren't the bodies in place. It's a pretty dire circumstance to pretty much everybody I spoke to, except for one who was, I think, being a little bit more optimistic than others. But I talked to lots and lots of people and almost everybody 201 was like, it's in bad shape. And maybe even in harsher terms than that, obviously.

B

Yeah. It strikes me as really being a tough time to be a good faith public servant these days at places like cisa.

C

Yeah.

D

And, you know, I think you and I talked about this briefly before, but you know, there might come A point where. And people have talked about hoping this will be the case, that when CISA has its full leadership, they will staff back up. Maybe they will, maybe they won't. I don't know. But there are legitimate worries about who would want to go work there. You know, the way they push people out, you know, some of the stuff didn't even make the story about them doing management directed reassignments. MDRs, I believe is the acronym. Sending people to parts of the country they don't want to work for. Working and short notice, giving them basically ulterior motives. Not ulterior motives, but like, ultimatums to say, you got to do this or you can't work at cisa. And so a lot of people said bye, and a lot of people didn't like being treated that way. There was a sort of a grim note toward the end of my story. I was talking about what is the cause for optimism for CISA right now. And Jim Lewis said, you know, on the plus side, for cisa, it's a bad labor market.

B

Wow.

D

That's kind of a rough situation to be in when that's good news.

B

Right?

D

People might be desperate.

B

Yeah.

D

You know, I consider myself something of a patriot. I want America to succeed. I write these stories because I want to call attention to things that could be better and need to be better.

B

Right.

D

So I'm hopeful that that is not the case. I'm hopeful that they won't just get desperate people. I hope that they'll get qualified people. And again, that's if they build back up. You know, the other big problem, of course, is that, is that the Trump administration and his allies have hated this agency for a very long time now.

B

Well, I want to call attention to that because as you point out in your article, you write that Trump has harbored animosity to Issa since 2020. And I feel like that shadow just looms over the agency almost like an albatross around their neck that they just can't get out of the way. Maybe a better way to say it is that shadow hangs over their mission.

D

It definitely does. The leadership in the first Trump administration, for the most part, until the very end, they steered clear of anything. I think that could have ticked off Donald Trump. And then in 2020, during the elections, they did the fact checking, and then the administration was about to end. So maybe that was a carefully chosen timing to do that, to keep their heads down and not do things that would draw his ire. Because a lot of their work that they do, it could run afoul of him if they just do their jobs. Right, Right. So I think there were things they avoided doing. It's hard to talk about this president sometimes, but he's not someone who necessarily keeps grudges for rational reasons. I guess I should say there's no obvious logic sometimes to why he's mad about something. And because of that, maybe you could say, oh, Sean Planky's at the table. If they have a full time leader who was picked for this job, maybe he can earn that trust. It's hard to see Trump suddenly deciding he likes this agency. He's been mad at them for five years.

B

Right.

D

He's going on six years. He's mad at them. So how is he going to stop being mad at them? I don't know. I guess he stopped being mad out of nowhere at people sometimes. Think about how he talked about Mamdani before the election and how he talks about him now. Maybe, but it seems like it's a, I think a shadow that you, the phrase you used is a really good term for this. It's maybe not completely in dark forever, but it's certainly in that shadow now and it's hard to see how it gets out.

B

Well, I mean, to go towards the positive here, to wrap things up, do you suppose that having Nick Anderson at the controls here might provide a little boost in people's attitudes at the agency?

D

Yeah, I think so. And one of the reasons is kind of dividing up a story like I did. How do I divide it up? Right. How do I write about what parts? And there was a lot of blame for Congress about this, by the way. The Trump administration has done a lot of things to cisa, but the Congress has done a lot of things to not help cisa. And then another big portion of it was that the current leadership has not been doing a good job. It was a consensus view. So I think, yes, if you have someone in the job that people think highly of, it stands to reason that they'll fare better. And the reasons that Dr. Gandmakala's leadership were frowned upon weren't just because they didn't like him. Although some people, I think that was the case. It was the job that he was doing. People didn't like the job he was doing and that made them not like his leadership. So if you bring someone in who has shown some capabilities to do the kind of things that I think people think CISA needs to do, then maybe, you know, different decisions are made. Maybe there are fewer distractions. Maybe you can focus, you can really focus on the mission and try to do the things you can still do well. And there was a portion of the story where we talked about the things that CISA is still doing and doing well. So, you know, I think it stands, it does stand to reason that things will be better off probably under Nick Anderson, I'm going to go ahead and steal it from you before you say it. Time will tell,

B

it always does.

D

But I think. I think that's a reasonable projection about how things might go.

B

Yeah. Tim Starks is senior reporter at cyberscoop. Tim, thanks so much for taking the time for us.

D

Thank you, Dave.

B

When it comes to mobile application security, good enough is a risk. A recent Survey shows that 72% of organizations reported at least one mobile application security incident last year, and 92% of responders reported threat levels have increased in the past two years. Guard Square delivers the highest level of security for your mobile apps without compromising performance, time to market or user experience. Discover how Guard Square provides industry leading security for your Android and iOS apps at www.guardsquare.com. Ever wished you could rebuild your network from scratch to make it more secure, scalable and simple? Meet Meter, the company reimagining enterprise networking from the ground up. Meter builds full stack zero trust networks, including hardware, firmware and software, all designed to work seamlessly together. The result? Fast, reliable and secure connectivity without the constant patching, vendor juggling or hidden costs. From wired and wireless to routing, switching, firewalls, DNS security and vpn, every layer is integrated and continuously protected in one unified platform. And since it's delivered as one predictable monthly service, you skip the heavy capital costs and endless upgrade cycles. Meter even buys back your old infrastructure to make switching effortless, transform complexity into simplicity, and give your team time to focus on what really matters, helping your business and customers thrive. Learn more and book your demo@meter.com cyberwire that's M E T E R.com cyberwire. And finally, Microsoft's grand AI makeover of Windows 11 has earned it a nickname it probably didn't workshop in Redmond Microslop, the label born of frustration over what many users see as AI ambition. Outpacing operating system polish has spread briskly across social media. Microsoft cannot stop the meme everywhere, but it can try on its own turf. Users discovered that the official Copilot Discord server automatically blocks messages containing Microslop, replacing them with a polite moderation warning. Predictably, this only inspired creativity. Variations like Microslop with a zero instead of an O slipped past the filter in a classic Internet game of cat and mouse. As users pushed the joke further, some accounts were restricted and parts of the server were locked down. The episode underscores a broader tension. Copilot does offer genuinely useful features, but Microsoft's AI first strategy has left it juggling innovation, optics and an increasingly mischievous audience. And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com don't forget to check out the Grumpy Old Geeks podcast, where I contribute to a regular segment on Jason and Brian's show. Every week you can find Grumpy Old Geeks, where all the fine podcasts are listed. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's lead producer is Liz Stokes were mixed by Trey Hester with original music and sound design by Elliot Heltzman. Our contributing host is Maria Vermazes, our executive producer is Jennifer Ibin, Peter Kilpe is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. Foreign. If you only attend one cybersecurity conference this year, make it RSAC 2026. It's happening March 23rd through the 26th in San Francisco, bringing together the Global Security Conference community for four days of expert insights, hands on learning and real innovation. I'll say this plainly, I never miss this conference. The ideas and conversations stay with me all year. Join thousands of practitioners and leaders tackling today's toughest challenges and shaping what comes next. Register today@rsaconference.com cyberwire26. I'll see you in San Francisco. Most security conferences talk about Zero Trust. Zero Trust World puts you inside this is a hands on cybersecurity event designed for practitioners who want real skills, not just theory. You'll take part in live Hacking labs where you'll attack real environments, see how modern threats actually work, and learn how to stop them before they turn into incidents. But Zero Trust World is more than labs. You'll also experience expert led sessions, practical case studies, and technical deep dives focused on real world implementation. Whether you're blue team, Red team, or responsible for securing an entire organization, the content is built to be immediately useful. You'll earn CPE credits, connect with peers across the industry and leave with strategies you can put into action right away. Join us March 4th through the 6th in Orlando, Florida. Register now at ztw.com and take your zero trust strategy from theory to execution.