A

You're listening to the Cyberwire Network, powered by N2K. Most security conferences talk about Zero Trust Zero Trust World puts you inside this is a hands on cybersecurity event designed for practitioners who want real skills, not just theory. You'll take part in live hacking labs where you'll attack real environments, see how modern threats actually work, and learn how to stop them before they turn into incidents. But Zero Trust World is more than labs. You'll also experience expert led sessions, practical case studies, and technical deep dives focused on real world implementation. Whether you're Blue team, red team, or responsible for securing an entire organization, the content is built to be immediately useful. You'll earn CPE credits, connect with peers across the industry and leave with strategies you can put into action right away. Join us March 4th through the 6th in Orlando, Florida. Register now@ZTW.com and take your Zero Trust strategy from theory to execution. Cyberweapons knock out Iranian air defenses during strikes on nuclear sites. Shiny hunters dump more than a million stolen records from Harvard and Penn. Betterment confirms a breach exposing data from roughly 1.4 million accounts. Researchers uncover a sprawling scam network impersonating law firms. Italy blocks cyber attacks aimed at Olympics. Infrastructure critical bugs put N8N and Google looker servers at risk of full takeover. A state backed shadow campaign hits governments worldwide. OpenClaw shows how AI powered attacks are becoming f cheaper and harder to stop. Our guest is Tony Scott, CEO of Intrusion, sharing his perspective on evolving regulations and the realities behind critical policy shifts. And your smartphone may testify against you. It's Thursday, february 5th, 2026. I'm dave buettner and this is your cyberw intel briefing. Thanks for joining us here today. It's great as always to have you with us. In an exclusive report recorded, Future says US Officials say the military used cyber weapons to disrupt Iranian air missile defense systems during June 2025 Strikes on nuclear facilities, marking a significant step in integrating cyber operations into conventional warfare. According to multiple officials, U.S. cyber operators targeted a connected military system, not the hardened sites at Fordo, Natanz and Isfahan themselves, to prevent Iran from firing surface to air missiles at incoming American aircraft. By striking an upstream aim point on the network, enabled by intelligence support from the National Security Agency, operators avoided the more difficult task of penetrating fortified systems directly. The previously unreported cyber component of Operation Midnight Hammer is described as among the most sophisticated actions taken by US Cyber Command against Iran. Senior military leaders later praised Cyber's role in supporting the strike package. Lawmakers have received classified briefings but are pressing for more public detail as officials emphasize that cyber capabilities are now treated alongside kinetic weapons as routine tools of military operations. Hackers operating under the name Shiny Hunters have leaked more than 1 million personal records stolen from Harvard University and and the University of Pennsylvania after ransom negotiations failed. The data, now posted on the group's DARC website, includes names, contact details, dates of birth, donation histories, estimated net worth and sensitive demographic information tied to students, staff, alumni and donors, according to reporting later verified in part by TechCrunch. The breaches stemmed from stolen single sign on credentials and voice phishing attacks giving attackers access to internal systems including VPN services and development databases. Neither incident involved ransomware encryption. Instead, the hackers opted to publish the stolen files after talks collapsed, exposing affected individuals to potential fraud and identity abuse. Automated investment platform Betterment disclosed a January breach that exposed personal data from roughly 1.4 million accounts. Analysis by have I Been Pwned? Found stolen data included names, email addresses, locations and in some cases birth dates, phone numbers and physical addresses. Attackers also sent fraudulent promotional emails after a social engineering attack following a forensic investigation with CrowdStrike, Betterment said no customer accounts, passwords or login credentials were compromised. Intermittent outages were later linked to a DDoS attack. According to Bleeping computer Researchers at Signia have uncovered a coordinated network of more than 150 cloned scam websites impersonating legitimate law firms. The campaign was identified after one firm reported brand impersonation, which investigators traced to a large persistent infrastructure designed to evade detection. The sites use multiple registrars, distinct SSL certificates and services like Cloudflare to obscure links between domains and complicate takedowns. The cloned sites appear aimed at repeat fraud victims offering fake legal services to recover previously lost funds, often claiming no upfront payment. Signia found reused phone numbers tied to earlier scams. Though attribution remains uncertain. Researchers warn that AI driven tools are making such large scale, convincing impersonation campaigns easier, faster and more common, increasing fraud risks for both businesses and individuals. Italy says it has blocked a wave of cyber attacks targeting Foreign Ministry offices and Winter Olympics related infrastructure just days before the Games open. Foreign Minister Antonio Tajani said the attempted intrusions, including one aimed at an office in Washington, were of Russian origin, although he offered no technical details. The attacks also targeted Olympics, websites and hotels as events began. Interior Minister matteo Piantadosi confirmed 6,000 security personnel are deployed across Games venues from Milan to the Dolomites, including counterterrorism units. Researchers have disclosed multiple high severity flaws in N8N that could let attackers hijack servers, steal credentials and silently manipulate automated and AI driven workflows. Rated at 9.4 on the CVSS scale. The bugs stem from improper sanitization of workflow expressions and and bypass protections added after a critical 2025 flaw. N8N confirmed that authenticated users with workflow permissions could trigger unintended command execution on the host system. Security firm Pillar Security warned that compromised servers could expose API keys and cloud or AI credentials, while Secure Layer 7 demonstrated low effort. Exploitation patches are now available and users are urged to update audit workflows and rotate sensitive credentials promptly. Researchers at Tenable disclosed two critical vulnerabilities in Google Looker that could allow attackers to fully compromise a Looker instance dubbed Lookout. The flaws include a remote code execution chain that could bypass isolation controls and cloud deployments and enable cross tenant access, and an authorization bypass that exposed Looker's internal MySQL database. Google patched the issues quickly in its managed Looker service, but organizations running customer hosted or on PREM versions remain at risk until they apply updates. Because Looker often handles highly sensitive business data, successful exploitation could expose secrets, credentials and internal configurations. Tenable urges affected organizations to verify patch levels immediately and review Google's security bulletin. Researchers at Palo Alto Networks say a state sponsored cyber espionage group has breached government and critical infrastructure organizations across dozens of countries. The firm tracks the actor as TGR STA 1030 and calls the activity the shadow campaign. Palo Alto reports high confidence the group operates out of Asia, citing regional infrastructure, language preferences and activity aligned with the GMT 8 time zone, though it stopped short of naming a country. According to Investigators, at least 70 organizations in 37 countries were compromised with reconnaissance spanning 155 countries. Targets included parliaments, senior officials, law enforcement, telecom providers and ministries tied to finance, trade and diplomacy. The attackers relied on phishing for initial access, exploited known vulnerabilities and deployed a previously unseen Linux kernel rootkit dubbed Shadowguard to maintain stealthy long term access. Security strategist Paul Miller examines the rapid evolution of the Open Claw system and highlights a troubling shift in cyber warfare toward fully automated AI driven attack ecosystems. Once a localized large language model with modular skills, OpenClaw has become a globally distributable and self replicating platform that effectively commoditizes advanced cyberattack capabilities. Its skills Autonomous modules for reconnaissance, exploitation, lateral movement and evasion are now spreading beyond the original platform through open source releases and underground marketplaces. This dissemination lowers the barrier to entry for cybercrime, enabling less skilled actors to deploy sophisticated attacks previously limited to elite or state sponsored groups. Researchers report hundreds of malicious skills masquerading as legitimate tools, stealing credentials and crypto assets. As these components are reused across unrelated infrastructures, attribution becomes harder and threats mutate more quickly. The trend underscores a broader move toward attack as a service, forcing defenders to prioritize speed, behavioral detection and unified automated security architectures to counter modular AI enabled threats at scale. Coming up after the break, my conversation with Tony Scott From Intrusion we're discussing evolving regulations and the realities behind critical policy shifts, and your smartphone may testify against you. Stick around. Ever wished you could rebuild your network from scratch to make it more secure, scalable and simple? Meet Meter, the company reimagining enterprise networking from the ground up. Meter builds full stack zero trust networks including hardware, firmware and software, all designed to work seamlessly together. The result? Fast, reliable and secure connectivity without the constant patching, vendor juggling or hidden costs. From wired and wireless to routing, switching, firewalls, DNS security and vpn, every layer is integrated and continuously protected in one unified platform. And since it's delivered as one predictable monthly service, you skip the heavy capital costs and endless upgrade cycles. Meter even buys back your old infrastructure to make switching effortless, transform complexity into simplicity, and give your team time to focus on what really matters, helping your business and customers thrive. Learn more and book your demo@meter.com cyberwire that's M E T E R.com cyberwire.

B

Foreign.

A

If securing your network feels harder than it should be, you're not imagining it. Modern businesses need strong protection, but they don't always have the time, staff or patience for complex setups. That's where NORD Layer comes in. Nordlayer is a toggle ready network security platform built for businesses. It brings VPN access control and threat protection together in one place. No hardware, no complicated configuration. You can deploy it in minutes and be up and running in less than 10. It's built on zero trust principles so only the right people can get access to the right resources. It works across all major platforms scales easily as your teams grow and integrates with what you already use. And now Nordlayer goes even further through its partnership with CrowdStrike. Combining NordLayer's network security with Falcon Endpoint protection for small and mid sized businesses. Enterprise grade security made manageable Try Nordlayer risk free and get up to 22% off yearly plans plus an extra 10% with the code CYBERWIRE10. Visit nordlayer.com cyberwire daily to learn more. Tony Scott is CEO of A company called Intrusion and also a former federal cio. On the most recent episode of Caveat, my co host Ben Yellen sat down with Tony Scott to discuss evolving regulation and the realities behind critical policy shifts.

C

So before we get into some of the content, we're going to be talking about the double edged sword of regulation. I just wanted to learn a little more about your background. You've been in some incredibly influential organizations. You worked in the federal government under President Obama. Can you just talk about if there are common threads that have guided your approach to security technology across these kind of different spheres?

B

Yeah, well, as you mentioned, I've had some pretty fun and cool roles. I was the federal CIO for the last two years of the Obama administration, and before that I held CIO roles at VMware and Microsoft, at the Walt Disney Company, I was CTO at General Motors, ran infrastructure for Bristol Myers Squibb, and before that a bunch of jobs in various, you know, large corporations. I did two startups, started my career at Sun Microsystems. And the common thread among all of those roles is I noticed even early on that cybersecurity was playing a larger and larger role in everything I was doing. There were more and more incidents occurring, and it just has been sort of the common thread in Throughline for all of the roles that I've ever had. Two or three weeks after I started the federal CIO job and I was still kind of learning where the bathroom was, we had the breach of the OPM systems, which was the Office of Personnel Management, and 21 million identities were compromised. And, you know, that was probably the, the worst of the things that occurred, you know, while I was in a role. But the roots of that stemmed back several years. So while I got, you know, a lot of credit for sort of, you know, the actions we took after the incident had happened, the real preventative things could have and should have been done years and years earlier.

C

Do you see a difference in the private and public sectors in terms of the pace of your ability to create change? Is that something that has frustrated you only in the, in the public sector, or do you think that that's something that exists in the private sector as well?

B

Well, I think it exists across the board. And it's true. Whether it's cybersecurity or any other initiative that is important, if it has strong leadership and the commitment of leadership and the right amount of resourcing, you can get it done. If it's just, you know, sort of hand waving that, you know, oh yeah, we're, we're doing this, but there's no real leadership or, you know, resourcing, then it's not going to get done. In the case of the federal government, the law and regulation that was requiring two factor authentication had been passed 10 years earlier.

C

Wow.

B

And by the time the OPM breach occurred, there's only around 50% adoption across the federal government. And it was clearly a case where good idea, solid idea, but in most cases, the leadership, the funding and the resources to really get it done hadn't been prioritized. And then after the OPM breach, everybody got religion real quick. We launched the cyber security sprint and within, you know, six to eight weeks, we went from 50% adoption to mid 90% adoption of two factors. So, you know, it tells you that it can be done, but clearly there hadn't been the focus on it that there needed to be.

C

And that gets at something. I mean, people focus on cybersecurity after the high profile breaches. I've never heard more discussion of the need to protect local governments, for example, than when I was living in Baltimore and they suffered a terrible ransomware attack. So is there something that policymakers can do in the interim between these high profile breaches to kind of raise the salience so that you can institute these policy reforms before the storm hits?

B

I think there's a couple of things that you can do. One is continuous monitoring and testing of your core infrastructure. That is the bedrock of all cybersecurity. People who just do an occasional pen test are kind of missing the boat. I think it's like taking a picture of your house on a sunny day. You know, that doesn't tell you much about, you know, whether the roof is good during a heavy rainstorm or, you know, other things that might be wrong with the house. And so I'm a firm believer in sort of continuous testing. The second recommendation is, and this is a question all boards and leaders should ask of their IT organization is, you know, how modern is our core infrastructure? You know, and are we replacing and upgrading regularly? A lot of the issues that I've encountered in, in my career are due to just old aging infrastructure that wasn't suitable for the, the mission that the organization was now undertaking. And to me that's just a cardinal sin. So to me that's number two on my list for sure.

C

Just looking at the federal landscape now, does what's happened in the last year, the difficulty in renewing CISA 2015, some of the staff reductions at CISA, the agency, are those concerning? And have you started to see Real world impacts of that in the work that you're doing, or is that not something that's really shown up yet?

B

I don't think it's shown up yet, but I guarantee you it will. And I lament a lot of those cutbacks and drain on resources. There's a view, and I've seen this over and over and over again, that, you know, we want smaller government, we want fewer government employees, you know, all of that sort of thinking. And it's admirable in its intent. Right. Which is to save money and, you know, reduce costs and reduce taxes and all of that. But the alternative is to do those functions. We then outsource to, you know, a commercial business or a private sector business and so on, which, again, could be fine. But over time, what that does is erode the expertise that we have in the actual federal government and we turn government employees into just procurement specialists, you know, contract administrators and so on. I saw this when I was at gm. We had outsourced to eds, turned all of it over to eds, and so the internal IT organization at GM was a handful of people at one point that lacked the technical expertise to sort of lay out a strategy for the. For the Future. And in 1996, GM abandoned that approach, made EDS an independent company, and then started bringing back into the organization, you know, a real cio, people with the right technical expertise and so on. And I joined in, like, 99 after this repatriation, if you will. So by bringing these capabilities back in house, saved a ton of money, but probably more importantly, developed a much better strategy for it, for the company.

C

And I know that political winds can shift, but is this something in 2029, for example, that you can try to recreate and rebuild that institutional expertise, the people who actually know the technology? Or is. Is that something that can't really be rebuilt once it's been?

B

No, I think it can be. And I think GM is a classic example of that. Where there's a will, there's a way. I think the good news about my experience in it, and this was true in the Obama administration, and it was true in the first Trump administration and also in the Biden administration, that it was not looked at as a political football, generally speaking, you know, good. It doesn't wear a D or an R or any of those other, you.

C

Know, symbols, those vaunted letters. Yep.

B

Yeah. And it can be practiced well by people of. Of either party. So I hope that continues.

A

Yeah.

C

So to close out, I just kind of wanted to take advantage of the fact that you offer a lot of wisdom based on your experience going back decades and the kind of breadth of your experience. So a couple of questions along those ends. You've worked in pretty intense scenarios. Obviously, OPM is kind of the one that's top of mind for me. What did that teach you about your own style of leadership and how leaders in the cyber field can and should react in those situations?

B

You don't have the three weeks. I could tell you about all the lessons learned there, but a couple of them stick out to me, which is don't waste a good crisis. Number one, OPM was big. It was huge. It, you know, was terrible that it happened and so on. But we could have just said, oh well, that was opm. Everything else is fine. You know, we should just try to fix OPM and stop there. But I realized once we did the survey of all the federal agencies and discovered that there had only been 50% adoption, I went this is a big, terrible problem that we've got to go figure out how to address and which ultimately we did. So and I've used that in other roles. Whenever there's a crisis of some kind, you know, recognize it, get after it, and don't let it fester. Those are, you know, sort of the top level learnings that I've had over and over and over again. It's not a one and done sort of thing. When we turned over the administration, my successor was really good about following up and making sure that we didn't slip back to, you know, a bad, a bad state. And it became, you know, a continuous focus of the Federal CIO office to make sure that we were maintaining at least where we had, where we had gotten to. And there were a number of other ongoing improvements that were undertaken. So to me, those are the big takeaways from, from that experience.

A

Our thanks to Tony Scott from Intrusion for joining us. You can check out the complete version of our conversation on the Caveat podcast. Wherever you get your favorite shows, The world moves fast. Your workday even faster. Pitching products, drafting reports, analyzing data. Microsoft 365 Code Copilot is your AI assistant for work built into Word, Excel, PowerPoint, and other Microsoft 365 apps you use, helping you quickly write, analyze, create, and summarize so you can cut through clutter and clear a path to your best work. Learn more@Microsoft.com M365 Copilot this episode is brought to you by Indeed.

C

Stop waiting around for the perfect candidate. Instead, use Indeed sponsored jobs to find the right people with the right skills fast.

A

It's a simple way to make sure.

C

Your listing is the first candidate. C According to Indeed data, sponsored jobs have four times more applicants than non sponsored jobs. So go build your dream team today with Indeed. Get a $75 sponsored job credit@ Indeed.com podcast. Terms and conditions apply.

A

And finally, according to a new report from cellebrite, smartphones have become the star witness in modern policing talkative, portable and almost impossible to ignore. Based on interviews with 1200 officers in 63 countries, Cellebrite's 2026 Industry Trends Report finds that 95% now see digital evidence as essential to solving cases, and 97% say the public expects it. Nearly every respondent pointed to smartphones as the top source of evidence, though the devices often arrive locked, uncooperative and fond of complicating investigators. Weekends officers report juggling multiple devices per case, growing data volumes, and the joy of explaining technical findings to non technical audiences. While many see artificial intelligence as a potential time saver, policy barriers and trust issues loom large. As UK Police Commissioner Matt Scott notes, public consent matters, especially after high profile data mishaps by police forces have left confidence in law enforcement technology on rather thin I. And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music by Elliot Peltzman. Our executive producer is Jennifer Ivan. Peter Kilpe is our publisher and I'm Dave Bittman. Thanks for listening. We'll see you back here tomorrow. If you only attend one cybersecurity conference this year, make it RSAC 2026. It's happening March 23rd through the 26th in San Francisco, bringing together the global security community for four days of expert insights, hands on learning, and real innovation. I'll say this plainly. I never miss this conference. The ideas and conversations stay with me all year. Join thousands of practitioners and leaders tackling today's toughest challenges and shaping what comes next. Register today@rsaconference.com cyberwire26 I'll see you in San Francisco.