A

You're listening to the Cyberwire Network powered by N2K. Do you know how the space and cybersecurity domains connect? T minus Space Cyber Briefing is your guide through the space based systems that expand the attack surface. I'm Maria Varmazis host here at N2K CyberWire and I'm excited to share that T Minus is back now as a weekly podcast, the T Minus Space Cyber Briefing. We have a new dedicated focus on two great things that are even better together, Space and cybersecurity. Because whether we realize it or not, we all depend on space based systems that are, by the way, increasingly Internet enabled. We're talking cybersecurity technologies, policies and organizations that are securing the critical space based infrastructure that powers, protects and connects our lives here on Earth. So join me for T Minus Space Cyber Briefing. New episodes every Sunday.

B

Most environments trust far more than they should, and attackers know it. ThreatLocker solves that by enforcing default deny at the point of execution. With Threat Locker allow listing, you stop unknown executables cold. With ring fencing, you control how trusted applications behave. And with threatlocker DAC defense against configurations, you get real assurance that your environment is free of misconfigurations and clear visibility into whether you meet compliance standards. ThreatLocker is the simplest way to enforce zero trust principles without the operational pain. It's powerful protection that gives CISOs real visibility, real control and real peace of mind. ThreatLocker makes zero trust attainable even for small security teams. See why thousands of organizations choose Threat Locker to minimize alert fatigue, stop ransomware at the source and regain control over their environments. Schedule your demo@threatlocker.com N2K today. Tuesday goes big. Congress looks to harden critical infrastructure. A new Windows zero day drops mobile AI creates security blind spots AI agents fall for phishing Browser extensions expose millions spammers hide behind Google cloud storage CISA crowns its cyber champions Our guest is Joe Sikora, CEO from Coro, discussing the MSP space and how to address it and relentless robocalls retreat. It's Wednesday, june 10th, 2026. I'm dave buettner and this is your cyberwire intel brief. Thanks for joining us here today. It's great to have you with us. Microsoft's June 2026 Patch Tuesday is the largest in the program's history, addressing 206 vulnerabilities across Microsoft products. The release includes 32 critical flaws and three publicly disclosed zero days, although Microsoft reports that none have been actively exploited. The milestone surpasses all previous Patch Tuesday updates. Since the program began in 2003 following the disruption caused by the Blaster worm. Among the most notable vulnerabilities is a flaw in Windows BitLocker that could allow an attacker with physical access to bypass disk encryption and access protected data. Another affects HTTP sys and could enable remote denial of service attacks. The third is an elevation of privilege flaw in the Windows Collaborative translation framework that could grant attackers system level access. Adobe also released updates fixing 123 vulnerabilities across 11 products, including critical flaws in Adobe Campaign Classic and ColdFusion that could allow arbitrary code execution. Meanwhile, industrial control system vendors Siemens, Schneider Electric and Phoenix Contact issued advisories addressing security weaknesses in various operational technology products. Overall, the June updates highlight the continued need for organizations to promptly apply security patches to reduce exposure to emerging threats. The security researcher, who goes by the name Nightmare Eclipse, has released Rogue Planet, a new Windows zero day proof of concept exploit that targets a race condition in Microsoft Defender to achieve local privilege escalation. The exploit has been validated on fully patched Windows 10 and 11 systems, allowing system level access, though it does not currently work on Windows Server. Rogue Planet follows several recent disclosures by the researcher, including flaws patched during this month's patch Tuesday. The release continues a public dispute between Nightmare Eclipse and Microsoft over vulnerability disclosure practices and alleged legal actions. Senator Mark Warner, vice chairman of the Senate Intelligence Committee, is introducing the Combat Emerging Threats to Critical Infrastructure act to strengthen cybersecurity planning across the nation's 16 critical infrastructure sectors. The bill would require CISA and federal sector risk management agencies to update sector specific security plans within one year and review them every two years thereafter. Warner said the legislation is needed to keep pace with rapidly evolving AI driven cyber threats. The updated plans would address risks such as AI enabled hacking data, deepfakes and, for the financial sector, potential future quantum computing threats to encryption. The proposal follows concerns that some sector cybersecurity plans have not been updated in over a decade, despite federal guidance calling for biennial reviews. Backed by the National Electric Manufacturers association, the measure aims to improve resilience across sectors including energy, communications, transportation and defense. It also aligns with broader federal efforts to prioritize the most urgent cyber risks facing government networks. A new survey from Lookout and ZK Research highlights a growing mobile AI blind spot in enterprise security. While 93% of security executives express confidence in their AI governance programs, the report found that mobile devices increasingly bypass traditional security controls. According to the study, 52% of generative AI usage now occurs on mobile endpoints, while 59% of mobile AI traffic remains invisible to conventional network monitoring tools. The report also found limited visibility into AI agents and embedded AI software components contributing to data leak investigations at 63% of surveyed organizations. Researchers argue that legacy desktop focused security approaches are struggling to address mobile native AI risks and compliance requirements. Maria Vermazes is host of the T Minus Space Cyber podcast. She joins us to file this report on the US Military quietly turning GPS into a global numbers station.

A

Thank you Dave. According to Inside GNSS and 404 Media, new research by Stephen Murdoch, head of the Information Security Research Group at University College London, found that for over a decade GPS satellites have been broadcasting hidden encryption keys in a little noticed part of the public GPS signal. And that part of the Signal is a 176 bit sequence known as subframe 4, page 17. And according to Murdoch's research, it appears to carry encrypted data used by the Pentagon's over the air distribution and rekeying systems, which remotely upgrade cryptographic keys for military GPS users worldwide. In his research, Murdoch looked at more than 12 million open archive GPS observations collected between 2007 and 2025 and he identified patterns that matched the rollout timeline of the US military's remote key distribution network in 2011. The system replaced manual cryptographic key updates, allowing military GPS receivers to be rekeyed via satellite broadcasts anywhere in the world. Now this discovery is a bit of food for thought about publicly available signals and how they can conceal operational infrastructure in plain sight, in this case, cryptographic keys unknown to the general public for over a decade. Murdoch notes that every GPS receiver in the world decodes subframe 4, page 17. So none of this data has been hidden. Just no one had thought to really take a closer look at it until now. For the Cyberwire Daily, I'm Maria Varmazes from T Minus Space Cyber Briefing. Back to you, Dave.

B

Be sure to check out the T Minus Space Cyber podcast wherever you get your favorite shows. Varonis Threat Labs tested whether AI email agents are vulnerable to phishing by evaluating an open claw agent named Pinchy in force simulated attack scenarios. The results showed that while the agent could identify some technical phishing indicators, it struggled with social engineering attacks. In two tests, Pinchy failed to verify sender identities and shared sensitive information, including AWS credentials and customer data with external accounts. Despite explicit security instructions, the agent performed better against traditional phishing websites and a malicious OAuth application, identifying suspicious infrastructure and blocking some attacks. Researchers concluded that AI agents may be stronger than humans at detecting technical phishing cues, but remain vulnerable to context based deception. The findings suggest that identity verification rather than phishing detection alone will be critical as organizations increasingly deploy AI agents to manage email and business workflows. Rebora Security Research disclosed two critical vulnerabilities dubbed MaxSS and Spider, affecting the AI powered browser extensions CIDAR AI and Max AI, which are installed on more than 10 million devices. The flaws stem from insecure communication between web pages and extension content scripts, allowing malicious websites to abuse extension privileges. Researchers demonstrated attacks that could access sensitive browser sessions, capture screenshots, steal data, manipulate accounts and potentially access files on the underlying operating system. In testing, attackers could interact with services such as gmail, Google Calendar, ChatGPT, Claude and Gemini without user awareness, Rebora said. Attempts to contact the vendors received no response, prompting public disclosure and notification to Google. The findings highlight the growing security risks posed by AI driven browser extensions with broad permissions and deep access to user activity. Researchers at Comparatech uncovered a large scale phishing and spam infrastructure consisting of over 12,000 Internet facing servers spread across 55 countries and 412 hosting providers. The operation uses Google Cloud storage links as an initial redirect layer, helping phishing emails appear more trustworthy while obscuring their final destinations. Visitors are often routed to benign looking landing pages containing scraped New York Times content likely to evade detection and serve different content to selected targets. The infrastructure appears highly coordinated, with nearly all servers running a small set of outdated Apache configurations and sharing identical assets and behavior. Researchers found that 89% of the servers had no prior abuse history, suggesting rapid provisioning and rotation to avoid reputation based defenses. The network supports phishing campaigns involving fake rewards, financial scams, health products and payment requests, highlighting a resilient and difficult to disrupt spam ecosystem engineered for scale, evasion and persistence. The US Cybersecurity and Infrastructure Security Agency has announced the winners of the seventh annual President's Cup Cybersecurity Competition, which drew more than 800 participants and 200 teams from across the federal government and military. The event challenges competitors with realistic cyber defense, offensive operations and team based scenarios. This year's champions were Sheriff Sparks of the US Navy in the defensive track, BW of the US army in the offensive track, and Eno Enthusiasm representing the US army and Marine Corps in the Teen Championship. CISA said the competition helps identify and develop top federal cybersecurity talent. Coming up after the break, my conversation with Joe Sikora from koro. We're discussing the MSP space and how to address it, plus relentless Robocop calls retreat. Stay with us. When it comes to mobile application security. Good enough is a risk. A recent Survey shows that 72% of organizations reported at least one mobile application security incident last year and 92% of responders reported threat levels have increased in the past two years. Guard Square delivers the highest level of security for your mobile apps without compromising performance, time to market or user experience. Discover how Guard Square provides industry leading security for your Android and iOS apps at www.guardsquare.com.

C

Study and play come together on a Windows 11 PC and for a limited time, college students get the best of both worlds. Get the unreal college deal everything you need to study and play with select Windows 11 PCs. Eligible students get a year of Microsoft 365 Premium and a year of Xbox Game Pass ultimate with a custom color Xbox wireless controller. Learn more@windows.com studentoffer while supplies last ends June 30th terms at aka mscollegepc.

B

Joe Sikora is CEO at Koro. In today's sponsored Industry Voices segment, we discuss the MSP space and how to address it.

D

Throughout my career I think I've been able to deal with all sizes of business and I'd say the small to medium business is one of my favorite, right? When I had my companies, that's who I was catering to. So I think there's definitely a need for support for the businesses that have potentially a lack of IT resources. I'd like to refer to it as lean it. One or two people that are doing it cybersecurity or less on some of the smaller businesses, I think some of the owners are wearing that hat or another individual so they don't have anyone dedicated and that's where the MSPs come in. And a solution like Coro comes in is helping those companies solve those problems. Because in the age of AI and cyber that we're in today, there's no distinguishing as far as company size, right? If you have a connection to the Internet that's high speed, most likely someone's trying to get in, right? I think everyone out there would agree with me that they're facing the same challenges as maybe an enterprise today. Now, some of the very, very targeted attacks on some large corporations for monetary purposes, you could argue, is there such a thing? I'd counter that argument with the bad guys aren't looking for a big payoff anymore, right? They're looking for consistent, smaller transactions, right? I think years ago I was at a presentation when they were talking about how we're automating everything from even mobile keys at the hotels we stay on and that's a target. Like if your key's disabled, how much are you willing to pay rather than going downstairs and getting another key? Maybe it's a dollar or $2 something, maybe it's nominal, but that all adds up. Right? And so, you know, when you look at that, I think the need is definitely there. I think the complexity because of, you know, using AI to attack businesses and Internet connections, I think that the complexity is there and it looks good. Right? Like I'm sure you know this, Dave, and all of us listening out there, you know, we used to get an email that you could definitely tell, hey, this is fishing, right? It's fake, right? The logo is off, the spelling was off, it just didn't look right. I don't know about you, but I get some pretty good looking things. If it does get through, it looks legit now and you really need to be cautious because of, you know, what the capabilities of that are out there nowadays. So yeah, I think it's, it's probably more relevant than ever that we need to protect those small to medium businesses. And you know, going with a managed service provider, I think it's the smartest way out there.

B

Help me understand what that collaboration looks like. You know, how does together, how do the business and the MSP work together to dial in what that relationship is going to look like, what works best for both parties.

D

Let's start with the MSP side because I can give you a firsthand look of what that looks like. If you're an MSP out there, I think you need to define your offer and it has to be a focused offer. I always like to simplify things. So I'd say good, better, best. Right? But you need to decide to standardize one, what you're going to offer and what you're using to provide those results to your customers. Because there's two things. One, everyone wants results and then if you're, I don't care what size company you are, of course they want to get it for the least amount of money possible. Right. So operationalizing the back end of your MSP to deliver these results is always key. Even when I was an msp, I made some mistakes because, you know, when I first started it was, you know, tell me what you have and I'll try to find a way to manage it. Right. Or tell me what you think you want and I'll try to. That doesn't work. Right. That's a model that is going to definitely without standardizing on your offer and what you're going to use on the technology stack is not going to work, right, because you'll spend a lot of time trying to develop expertise across all these different solutions. And it's complex, right? And complexity is not a friend of operationalizing things. And that's where I turned the corner on my MSP was when I really standardized on what I was going to use and what I was going to offer. Which today I think most MSPs out there understand that. But again, if you go back into the 90s when we were first trying to define all these things, one of the things we were doing is we said, hey, you can't afford all of these enterprise solutions, let alone have the expertise to manage and effectively use them. That was the pitch. That's probably not the pitch that most MSPs are using nowadays. Now, on the small to medium business side, the opposite side, you have a choice, right? You could buy a product or solution and try to self manage it. But I think the same thing, if you're trying to buy several different products, put them all together into a solution or a stack, just management of all of that technology is a challenge. Most likely if you don't have the ability or expertise to afford someone that really knows each individual product, guess what, you're probably going to misconfigure things, you're going to probably miss things. And then unfortunately the door is kind of open to the bad things that happen. So you could either a build it and try to manage it yourself or look to outsource it to experts that, that do it. And you know, I think it's a very, when it comes to a business decision, it is a business decision, but most businesses want, say, you know, some type of predictable outcome or guaranteed outcome and do it as low as cost as you can. And that's definitely a win for using an MSP to be your partner and help you with that.

B

You know, we find ourselves in this age of AI and I'm curious, from your experience, the interactions you're having day to day, what are the opportunities and what are the potential perils with all of this AI automation?

D

Listen, there probably isn't a conversation I have that doesn't involve AI, right? Either how we're using it or how we're protecting people from it. I'd like to think our solution has embraced AI for a long time. In fact, those of us in the industry, of course everyone's familiar with machine learning, which is the beginning, and we've always looked and designed our system to use all of the tools Available to automate and remediate as much as we can effectively, but automated. And that is the premise of coro. So it's a topic that I'd like to talk about because it's changing. And I would challenge anyone. If you think back six months ago, where you were with your, I don't care what part of the business, right, where you were with embracing AI and AI platforms, it has probably changed dramatically in the last six months. And I think you'll also. Hopefully everyone out there will agree that in the next three months we don't even know what we might be using. It is changing that fast, which just goes back to the ability to adapt and change and embrace changes. Because listen, I'm a pretty traditional cybersecurity type person and I'll even tell you the days of Best of Breed where you know, put in these, these, these very complex systems, they aren't bad, they're good solutions, right? If you want to go, hey, I've got the best product or solution in a Magic Quadrant or something equivalent to that, that's okay, right? It's still, there's still a market for it, but I think the everyday MSP and everyday business unit user is like, it's too complex, right? It's too in. Let's put expense aside because there's usually an expense to it. It's the ability to actually run it effectively, right? And if you can't run it effectively and get the results out of it, what are you paying for? Right? And that's where I see we've always talked about AI helping consolidate things. And we're here, right? I mean, we are here at this point where AI can help you, if you're an MSP, operationalize the back end, where instead of helping maybe 20 or 30 clients per analyst, now you're talking 100, 150, 200. That's a huge change, really. Embracing modern technology, modern tools such as AI platforms. I think a lot of people listening out there are going through that transformation as we speak. Hopefully you've started that journey. If not, there's always tomorrow, but you need to look at starting those sooner than later.

B

What's your outlook for the next year or so? As you're looking at the challenges that MSPs are seeing in relationship to small and medium businesses, what do you think the coming year holds?

D

Well, we all have a crystal ball, right? And I'm often asked, kind of what do I think is going to happen? And there's a couple different areas on the technical side, I can Almost guarantee. And I will get, you know, I can guarantee you that it's going to continue to accelerate. Right. We're not going to see a slowdown in the number of tax coming from things like AI. I think everyone out there would probably agree with that. The opportunity though with the number of small business. So now we get into a little bit of macroeconomics and kind of where do you think things are going to? I think the time in the market as far as overall either creating or growing a small business, it's a good time. Right. Because I think we're seeing more and more people, the large enterprises, you can see the cuts across the board. Right. And some of that is also AI related. Right. We're seeing jobs kind of switch. So you're going to see more new businesses being opened up on a daily basis. You know, I think the pipeline for potential clients is also going to be a good thing for all the MSPs out there as well. So we could talk and debate consolidation and consolidation of MSPs. We've seen a lot of roll ups through the last few years but you know, for the most part I think it's a very, very attractive market segment that's going to be growing. And I also think that, you know, the timing, whoever finds a way to do more with less, right. If you're an MSP and operational license things which it'll increase your bottom line or you could decide to get more aggressive with your pricing, those are the ones that are going to be winners. Right. And that's if you're asking me, the crystal ball. But you know, listen, like I tell all businesses, MSPs large, small, new, old, I think we all need to just be prepared to adapt to, you know, what things are going to do. Like you always have to be ready for adapting to what's next, right?

B

That's Joe Sikora, CEO at Koro. And finally, America's robocallers appear to be taking a rare step by backward though not quite packing up and going home. According to Umail, US consumers received just over 4.1 billion robocalls in May of this year, down 2.1% from April and nearly 15% from a year ago. That marks the lowest rolling 12 month total since late 2022. The decline comes with a twist. While telemarketing and scam calls dropped 24%, notification calls surged 48, partly because legitimate callers have adopted tactics once favored by spammers, including snowshoeing, which spreads calls across thousands of phone numbers. Insurance related robocalls remain especially persistent, with one health plan campaign generating more than 30 million calls from over 3,000 numbers. So while consumers may be hearing fewer robocalls overall, the phone is still ringing often enough to remind everyone that silence remains a premium feature. And that's the Cyberwire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's lead producer is Liz Stokes. We're mixed by Trey Hester with original music and sound design by Elliot and healthsman. Our contributing host is Maria Vermazes. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow.