Loading summary
A
You're listening to the Cyberwire Network powered by N2K.
B
Heading to this year's Black Hat USA. The N2K CyberWire team will be on site recording from our podcast studio in the Spectre Ops Kennel Club. If you're interested in joining us for a conversation or learning more about what we're recording throughout the week, visit sponsor.thecyberwire.com for more information. And make sure you stop by the studio and meet the N2K CyberWire team. We'll see you there. This episode is supported by Black Hat usa. If you follow the research, you know a lot of it breaks on. Black Hat stages hundreds of peer reviewed briefings, more than 100 hands on trainings, and the largest business hall in Black Hat's history. Six days to learn the skills you'll need tomorrow, August 1st through the 6th, use code CYBERWIRE for $200 off your briefings pass@blackhat.com we'll see you in Vegas. OpenAI considers an equity plan to share AI wealth with the public Cisco confirms active exploitation of its unified CM platform Researchers discover autonomous ransomware the VECT ransomware operation partners with Team pcp. The fortableed Credential harvesting campaign is linked to ransomware attacks. Veil Drop stealthily deploys the Pure Scammers target small businesses with fake law enforcement emails. Apple's Hide My Email feature doesn't an alleged Scattered Spider member is extradited to the United States. Our guest is Ben Yellen. My caveat co host on the Supreme Court's Geofence warrants ruling and Microsoft's Quantum claims leave physicists in two states at once. It's Thursday, july 2, 2026. I'm dave bittner and this is your cyberwire intel briefing. Thanks for joining us here today. It's great as always to have you with us. OpenAI is reportedly considering a proposal that would give the Trump administration a 5% stake in the company, according to the Financial Times. The idea is part of early discussions that could see Other leading US artificial intelligence companies offer similar stakes to the government. OpenAI CEO Sam Altman has argued that the arrangement would let the public share in the financial gains from AI as the technology reshapes the economy. The talks come as the White House increases oversight of advanced AI models and weighs closer partnerships with the industry. Any agreement would likely require congressional approval. The proposal also comes as OpenAI and rival Anthropic prepare for potential public stock offerings and as the administration continues to prioritize U.S. leadership in artificial intelligence. Cisco has confirmed that attackers are actively exploiting a recently patched vulnerability in its Unified Communications Manager or Unified CM platform that manages Cisco IP telephony systems. The flaw is a server side request forgery vulnerability that can be exploited remotely without authentication by sending a crafted HTTP request. Cisco initially said it had seen proof of concept exploit code but no evidence of attacks. That changed after security researchers documented active exploitation and published technical details. Cisco now urges customers to upgrade to fixed software releases immediately or disable the vulnerable Web dialer service until patches can be applied. More than 200 Internet facing unified CM systems remain exposed, according to Shadow's server, increasing the risk of compromise. Security researchers at Sysdig say they have documented what they believe is the first known ransomware attack carried out autonomously by an AI agent. The operation, dubbed Jade Puffer, exposed a critical vulnerability in an exposed langflow server to gain initial access, harvest credentials and move laterally to a production database. Researchers say the AI agent adapted to a failed attempt to create an administrator account, corrected its own mistake within 31 seconds and continued the attack without human intervention. It then encrypted more than 1300 NACOS configuration records, deleted key database tables and left a ransom demand. Sysdig says the case highlights how AI agents could dramatically accelerate attacks by by exploiting known vulnerabilities, reinforcing the need for prompt patching, credential protection and continuous monitoring. Researchers at Sophos Counter Threat Unit have detailed a partnership between the VECT ransomware as a service operation and Team pcp, a threat group known for large scale credential theft and software supply chain attacks. Announced in March 2026, the alliance combines Team PCP's ability to compromise trusted software and steal credentials with VECT's ransomware deployment infrastructure. TeamPCP has been linked to attacks targeting widely used developer tools including Trivi Checkmarks, lightllm and the Telnix Python SDK, allowing attackers to harvest credentials and spread malware through legitimate software updates. Researchers say the partnership creates a direct pipeline from supply chain compromise to ransomware deployment, lowering barriers for affiliates. They recommend organizations inventory open source dependencies, verify software updates before deployment, and avoid assuming ransomware payments will guarantee successful data recovery because of flaws in VEX encryption. Researchers at Socradar say the fortableed credential harvesting campaign is now directly linked to ransomware attacks involving the Inc. Ransom and Lynx groups. Since at least February, attackers have targeted hundreds of thousands of fortigate firewalls, stealing an estimated 110 million credentials. Investigators observed attackers gaining administrative access to hundreds of organizations, compromising VPNs and domain controllers before deploying ransomware in at least 12 confirmed cases, Socradar says evidence from the attacker's own infrastructure indicates the same operators behind fortableed are also involved in ransomware operations, demonstrating how stolen credentials are being rapidly monetized through extortion. Researchers at Securonix have identified Veil Drop, a sophisticated multi stage malware delivery framework designed to deploy the PureLog stealer while leaving minimal forensic evidence. The campaign begins with a JavaScript file disguised as a document, which launches PowerShell to retrieve additional payloads from attacker controlled blogspot pages, leveraging Google's trusted infrastructure to evade detection. The framework uses multiple layers of obfuscation in memory execution, reflective Net loading and trusted Microsoft utilities known as living off the Land binaries to avoid writing malware to disk and bypass security controls. Once deployed, Pure Log Stealer harvests browser credentials, cookies, autofill data, cryptocurrency, wallet information and system details. Researchers say the campaign's combination of fileless execution, cloud hosted infrastructure and trusted tools makes it particularly difficult for traditional security products to detect. Researchers at bitdefender have identified a phishing campaign targeting small businesses with fake law enforcement emails designed to deliver malware. The messages, which impersonate Interpol, claim to contain evidence of suspicious company activity and direct recipients to a password protected archive hosted on Proton Drive. The supposed evidence is actually a ransomware payload disguised as a video file. Researchers say the malware is relatively simple and does not appear to be linked to a major ransomware as a service operation, instead relying on convincing social engineering to trick victims into infecting themselves. Organizations across Europe, Asia, the Middle east and the United States have been targeted. The campaign highlights that even unsophisticated ransomware can be highly effective when combined with fear, urgency and trusted branding. A security researcher says a flaw in Apple's Hide My Email feature can reveal users real email addresses, undermining a privacy tool designed to keep them anonymous. Tyler Murphy, co founder of Easy Opt Outs, reported the issue to Apple more than a year ago and says it remains exploitable despite repeated assurances that a fix was in Progress. Tests by 404 Media confirmed the vulnerability could expose the email address tied to an Apple account. Murphy warns the flaw could put users at risk because exposed email addresses can often be linked to personal information through public records. Apple has acknowledged the issue and says it plans to address it in a future security update, but but has not publicly explained the delay. An alleged member of the Scattered Spider cybercrime group has been extradited from Finland to the United States to face federal charges related to hacking, fraud and computer intrusion. Prosecutors allege that 19 year old Peter Stokes, a dual US and Estonian citizen, was part of a group behind more than 100 network intrusions that generated over $100 million in ransom payments and caused millions more in damages. According to the criminal complaint, Stokes helped target a luxury jewelry retailer in 2025, stealing data and demanding roughly $8 million in cryptocurrency. Although no ransom was paid, U.S. officials say the case demonstrates ongoing international cooperation to identify, arrest and prosecute cybercriminals operating across national bo. Coming up after the break, my conversation with my Caveat co host Ben Yellen on the Supreme Court's geofence warrants ruling and Microsoft's quantum claims leave physicists in two states at once. Stay with us.
A
Hear that? That's the sound of busy. To a restaurant, all that shouting and banging might as well be a symphony. It means the long days and longer nights are paying off. Sure, it's noisy, but there's a worse sound. This not busy. Busy means business, which is why Toast gives restaurants the tools and tech they need to help them perform under pressure. Sounds pretty good, right? Toast built for busy.
B
It is always my pleasure to welcome back to the show Ben Yellen. He is from the University of Maryland center for Cyber Health and Hazard Strategies. But more importantly than that, he is my co host on the Caveat podcast. Hey, Ben, welcome back.
C
Good to be with you again, Dave.
B
We got a big one, Ben.
C
Oh, this is a huge one.
B
The Supreme Court ruling, privacy geofence warrants. Unpack it for us. What's going on here?
C
This is a major groundbreaking case. Chatri versus the United States. It's a geofence warrant case. Just a brief background. Chatry was accused of robbing a bank in Virginia. The government went to Google and tried to get data about who was in the area when this crime was committed. It's a three step process. They obtained this warrant from a magistrate judge, first to get all of the anonymized devices that were in the area. As a second step to take a subset of those and figure out where those devices were within an hour or two of the robbery taking place. And then the third step was de anonymizing the data. Chatri was identified as the suspect. He was prosecuted and convicted and he appeals saying that this was an unconstitutional Fourth Amendment search. The appeals court at the Fourth Circuit Court of Appeals had a really hard time settling on a decision in this case. They all agreed basically that Chatri himself was screwed. He wasn't getting out of prison. Because no matter what we think about geofence warrants, law enforcement was acting with good faith when they made this application to the magistrate judge to get this data from Google. Okay? But there was a disagreement about whether these geofence warrants are an unconstitutional search under the Fourth Amendment to the United States and on whether, if it was a search, the warrant passed constitutional muster. So the Supreme Court weighed in on one of those questions in a groundbreaking decision yesterday. They said that this is a Fourth Amendment search and therefore a warrant based on probable cause and a particularized warrant is required in these types of cases. It was a decision authored by Justice Kagan. She was joined with the two other liberals on the court, Justice Jackson and Justice Sotomayor, as well as the Chief justice and Justice Kavanaugh. The crux of the opinion is that a person has a reasonable expectation of privacy in their location data that they share with Google. Every time we use a Google application for the first time, we get that little pop up saying, do you affirmatively agree to use location services? It's really gonna improve your in app experience, et cetera. We agree to that. But despite that kind of voluntary action that we take, Justice Kagan's opinion says that we should still have an expectation that that information should be private. The reason is because that information, just like historical cell site location information, which was at issue in Carpenter, is revealing. It's broad, it's deep, and it' of the modern technological landscape that we all rely on to conduct the normal affairs of our lives, that we need just to enjoy the basic functionality of smartphones, we need to enable these location services. We'd be leaving ourselves out of a lot of important interaction in our daily lives if we had to forfeit the ability to use these services. Therefore, people should have an expectation that when for the limited purpose of improving the scope and functionality of their applications, we give our location to Google, that when we do that, we have an expectation that information is going to remain private. And because the Supreme Court's test for whether there has or has not been a Fourth Amendment search bears on this question of a person's expectation of privacy, the Supreme Court here has decided that, yes, this is a Fourth Amendment search, they did not weigh in on a separate question about whether the warrant here was proper. A couple of the liberal justices, Justices Jackson and Sotomayor, in a concurring opinion, opined that they thought that this warrant was defective because it was not properly particularized, nor was it properly based on probable cause. But that wasn't Controlling here, the majority did not weigh in on that question.
B
So what happens now? We have this decision. How does this affect everyday folks as well as the technology companies and, and law enforcement as well?
C
I think this is going to have a huge impact. Just like Carpenter changed the landscape in terms of digital privacy law, I think this is taking the Carpenter decision, doubling down on it and extending it in some important aspects. I think from the user's perspective, they have an expectation of privacy and a lot of information that they turn over to third party technology companies because of the nature of that data, because it is so personal, because it could reveal private information, private details about a person's life, and because it's not really, in any proper parlance, voluntary. Just because it's turned over to a third party doesn't mean we are forfeiting our expectation of privacy. So people should feel a greater degree of privacy and constitutional protection in that type of revealing information. And that really changes the balance between law enforcement's interest in going to these companies and demanding this data versus our concept of privacy. And so I think people enjoy a degree of privacy in this data. We'll see what the full implications are as we get more cases related to Chatri and that are decided under the rubric of Chatry. But just from a broader sense, I think we enjoy a greater degree of protection in a certain kind of revealing data than we did yesterday. Prior to this decision being handed down. From the tech company perspective, Google had already discontinued complying with geofence warrants. They previously held the data needed to comply with those warrants in the cloud. That data is now held on the device. So from Google's perspective, at least at this point, it's kind of a moot question. They've already changed their practices, but I think for other companies, they have to recognize that there's been a cultural shift here, that they're not going to instinctively respond to law enforcement inquiries by handing over batches of information. I think they're going to express more concern that the information they retain is so revealing that it might require a judicial process, a warrant based on probable cause that's particularized and that might inspire these companies to be more exacting about which data they choose to hand over to law enforcement. So I think those are the biggest immediate potential impacts. Like I said, a lot of it is going to depend on how lower courts interpret this decision, starting with the fourth Circuit, who's been tasked with trying to figure out in the Chatri case itself, was this warrant defective, was it properly particularized? To Chatri. Was it vague and over broad? And did they actually have probable cause to issue the warrant in the first place? So those are unanswered questions. We'll have to get those questions answered first. But certainly I think this signals a sea change from the Supreme Court. I think it means they take digital privacy very seriously. It builds on Carpenter, which is significant not just because Carpenter itself is a groundbreaking decision, but because one of the five justices who was part of the majority on Carpenter is no longer on the court. That's Ruth Bader Ginsburg. So it was unclear whether the reasoning in Carpenter was held by a current majority on the Supreme Court, and now we know that it is.
B
Well, there's much more to this, and Ben and I dig into many of the details over on the Caveat podcast. So please do check that out. You can find that on our website or wherever you get your podcasts. Ben Yellen from the University of Maryland center for Cyber Health and Hazard Strategies, thanks so much for being with us.
C
Thank you, Dave.
A
This episode is brought to you by Google Chrome. You think you know a browser, but Gemini and Chrome? That's new. It can help you with practically anything on the web, like restoring a vintage motorcycle from a 50 page restoration block, or finally break down that long article you've had open for weeks. Gemini and Chrome is here for it, ready to make anything online make sense. There's no place like Chrome. Check responses. Setup required. Compatibility and availability varies. 18 are all batteries the same? That's like asking if all soccer players are the same. Take Messi, the most decorated player ever. Is there any other player who has achieved that? No, just him. Now take Duracell. Is there any other battery with power boost ingredients inside? No, just Duracell. Remember, goats only trust goats because they're built different and Messi only trusts Duracell.
B
And finally, Microsoft's latest quantum computing announcement has sparked as much skepticism as excitement. The company claims its new Majorana based quantum processor is a thousand times more reliable than its predecess processor, despite the fact that the elusive Majorana particle remains theoretical and has never been conclusively observed. Microsoft argues its topological approach could produce more stable qubits, a long standing challenge in quantum computing. Critics, however, say the company's evidence falls well short. Several physicists have questioned the underlying research, pointing to a retracted 2018 paper disputing testing methods and a lack of publicly available data. Some have gone so far as to accuse Microsoft of overstating or even misrepresenting its progress. For now, the debate resembles Schrodinger's breakthrough either a revolutionary advance in quantum computing or an extraordinarily expensive exercise in wishful thinking with independent verification still pending. And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com our team will be observing the Independence Day holiday and the 250th anniversary of the United States on Friday and Saturday in place of our regular programming. On Friday we're sharing the next installment on our 10th anniversary conversations. Maria Vermazes and I talk about the vulnerabilities, zero days and hardware for flaws over the past decade on Saturday in place of our usual research, Saturday we're sharing an episode of a newer show on our network AI Security Brief by our partners at Trend AI, with hosts Dustin Childs and Johnny Hand. We hope you enjoy the programming and have a happy and safe holiday weekend. And Happy Birthday usa. And of course, don't forget to check out the T Minus Space Cyber Podcast. Host Maria Vermazes has this preview and
C
hi Maria Vermazes here on Sunday's T Minus Space Cyber Briefing. It's my interview with Oria Space CEO Damian Dipipa where we discuss the evolution of space programs from exquisite one off missions to an increasingly commercialized and fragmented ecosystem needing interoperability and cyber resilience. That's Sunday on T Minus. Don't miss it.
B
You can find the T Minus Space Cyber Podcast where every you get your favorite podcasts. Check it out. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's lead producers, Liz Stokes were mixed by Trey Hester with original music and sound design by Elliot Peltzman. Our contributing host is Maria Vermazes. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here next week.
A
Hey there. It's Wayfair here, where delivery and setup are as easy as a few taps on your phone. You're relaxing in an old hammock scrolling Wayfair's app when you spot it. A brand new patio set. Next thing you know, Wayfair delivers it right to your patio and sets it up. Oh, you need a new grill, too. All right. Wayfair's got you covered. With Wayfair's room of choice delivery and fast expert setup on qualifying orders, life gets a little easier. Visit Wayfair. Com or the Wayfair app.
B
Wayfair. Every style, every home.
Date: July 2, 2026
Host: Dave Bittner (N2K Networks)
Guest: Ben Yellen (University of Maryland, Caveat Podcast co-host)
This episode delivers the latest cybersecurity news along with expert analysis and a legal deep dive. The main theme centers on OpenAI exploring an equity-sharing model with the U.S. government, signaling potential changes in how society at large benefits from AI innovation. The episode also breaks down several major cybersecurity threats, fresh legal precedents on digital privacy, and controversial scientific claims from Microsoft in the quantum computing sector. A significant portion features an in-depth discussion with Ben Yellen about the Supreme Court’s landmark ruling on geofence warrants and its implications for privacy rights in the digital age.
[00:57 – 02:14]
“OpenAI CEO Sam Altman has argued that the arrangement would let the public share in the financial gains from AI as the technology reshapes the economy.” – Dave Bittner [01:21]
[02:15 – 12:16]
[02:22 – 03:28]
[03:29 – 04:39]
“[The AI agent] corrected its own mistake within 31 seconds and continued the attack without human intervention.” – Dave Bittner [04:19]
[04:40 – 05:45]
[05:46 – 06:49]
[06:50 – 07:39]
[07:40 – 08:20]
“Even unsophisticated ransomware can be highly effective when combined with fear, urgency, and trusted branding.” – Dave Bittner [08:18]
[08:21 – 09:18]
[09:19 – 10:26]
[12:51 – 21:23]
Host: Dave Bittner
Guest: Ben Yellen (University of Maryland, Caveat Podcast co-host)
[13:03 – 15:54]
“The crux of the opinion is that a person has a reasonable expectation of privacy in their location data that they share with Google.” – Ben Yellen [15:54]
[17:24 – 21:05]
“Just because it’s turned over to a third party doesn’t mean we are forfeiting our expectation of privacy.” – Ben Yellen [17:38]
[22:38 – 24:53]
“For now, the debate resembles Schrödinger’s breakthrough: either a revolutionary advance in quantum computing, or an extraordinarily expensive exercise in wishful thinking.” – Dave Bittner [24:28]
This episode breaks fresh ground on the interplay of AI’s societal impact, escalating cyber threats powered by both human and autonomous agents, and privacy rights in an increasingly surveilled world. The Supreme Court’s new stance on location privacy, in particular, could reshape the boundary between individuals and the state. For anyone tracking cybersecurity, policy, or the social consequences of emerging technology, this is essential listening.