Maria Varmazis

You're listening to the Cyberwire Network powered by N2K. Do you know how the space and cybersecurity domains connect? T Minus Space Cyber Briefing is your guide through the space based systems that expand the attack surface. I'm Maria Varmazis host here at N2K CyberWire and I'm excited to share that T Minus is back now as a weekly podcast, the T Minus Space Cyber Briefing. We have a new dedicated focus on two great things that are even better together. Space and cybersecurity. Because whether we realize it or not, we all depend on space based systems that are, by the way, increasingly Internet enabled. We're talking cybersecurity technologies, policies and organizations that are securing the critical space based infrastructure that powers, protects and connects our lives here on Earth. So join me for T Minus Space Cyber Briefing. New episodes every Sunday.

Dave Bittner

Quick question have you watched Project Hail Mary yet? Humanity is facing an existential threat and racing to solve it with the clock ticking for security teams that probably hits close to home with AI use rapidly spreading. Everyone's using AI marketing, sales, engineering, Chris the intern without security even knowing about it. That's where Nudge Security comes in. Nudge finds shadow AI apps, integrations and agents on day one and helps you enforce policy without blocking productivity. Try it free@nudgesecurity.com cyberwire. Trump hits pause on an AI executive order Lawmakers sound alarms over CISA cuts. A sophisticated scareware campaign traps users in fake tech support scams, ubiquity patches, critical unifi flaws. The US pours billions into quantum computing. Researchers uncover delayed Google API key revocation Canadian authorities arrest the alleged Kim Wolf botnet operator Two Americans plead guilty in a global tech support fraud scheme. Our guest is Ankit Kumar, senior engineering manager for Dependabot at GitHub, discussing closing the agentic gap between alert and patch at a global scale and AI generated reports still come up short. It's Friday, may 22, 2026. I'm dave buettner and this is your cyberwire intel brief. Thanks for joining us here today. It's great as always to have you with us. Happy Friday. President Trump delayed a planned executive order on AI and cybersecurity just hours before it was set to be signed after pushback from top advisor David Sachs and several tech leaders, according to Axios. Sources said Trump objected to the order because he viewed it as unnecessary regulation that could slow US AI companies as they compete with China. Meta CEO Mark Zuckerberg, Xai CEO Elon Musk and David Sachs reportedly spoke with Trump before the decision. The delay highlights growing divisions inside both the White House and the tech industry over how aggressively AI should be regulated. Some officials and industry sources also questioned why the Treasury Department would play a leading role in identifying AI security vulnerabilities, a task typically handled by agencies like CISA and nist. While many companies support voluntary AI testing and safeguards and disagreements remain on oversight, model sharing rules and government involvement for now, advocates of lighter AI regulation appear to have gained the upper hand, though additional White House AI security initiatives may still emerge. Bipartisan lawmakers are raising concerns over staffing cuts and operational strain at the Cybersecurity and Infrastructure Security Agency, warning the agency may be less prepared to defend federal and critical infrastructure networks. Representatives Don Bacon and James Walkinshaw said the Trump administration has weakened CISA through funding and workforce reductions despite growing cyber threats and increased use of artificial intelligence to uncover zero day vulnerabilities. Democratic lawmakers Benny Thompson and Delia Ramirez also requested a briefing from acting CISA Director Nick Anderson after reports that a contractor exposed privileged AWS GovCloud credentials in a public GitHub repository. They argued the incident may reflect declining security oversight following the loss of nearly 1,000 employees over the past 15 months. CISA said it is still investigating the exposure and currently has no indication mission data was compromised. Meanwhile, lawmakers continue pressing the agency about whether it has sufficient staffing and resources to fulfill its cybersecurity mission. Speaking of cisa, they have added two actively exploited flaws to the known exploited vulnerabilities catalog a critical Langflow origin validation flaw and a trend, micro apex1 directory traversal flaw. Researchers say the Langflow bug can enable full system compromise and expose sensitive API keys. While reports linked its exploitation to Iran Aligned Threat Group Muddy Water, Trend Micro confirmed active exploitation of the Apex One flaw in on premise deployments. CISA ordered federal agencies to patch both vulnerabilities by June 4. Researchers at Barracuda Networks detailed a sophisticated scareware kit called Cipher Lock that uses browser based tricks and psychological pressure to push victims into calling fraudulent tech support lines. Since early 2026, researchers observed roughly 2.8 million attacks using the framework. Cipher Lock begins with phishing emails that lead victims to malicious websites. The kit hides encrypted payloads that only activate under specific conditions, helping it evade scanners and sandboxes. Once triggers, it locks the browser in full screen mode, displays fake security alerts, plays warning audio, and even shows the victim's public IP address to increase panic. Attempts to inspect the page can intentionally slow or destabilize the browser. Barracuda said the campaign reflects a shift from traditional malware toward browser based social engineering attacks that rely on fear and deception rather than malicious file downloads. Ubiquiti released security updates for five vulnerabilities affecting UNIFI OS devices, including three maximum security flaws that remote unauthenticated attackers could exploit. The issues include improper access control, path traversal and command injection vulnerabilities. Ubiquiti also patched another critical command injection flaw and a high severity information disclosure bug. The company said the vulnerabilities were reported through its HackerOne bug bounty program and can be exploited with low complexity attacks. Threat intelligence firm Census tracks nearly 100,000 Internet exposed UniFi OS endpoints worldwide. The US Department of Commerce announced plans to provide more than $2 billion in Chips and Science act incentives to nine quantum technology companies aimed at strengthening US leadership in quantum computing. The funding includes support for quantum foundries led by IBM and GlobalFoundries, along with investments in seven quantum computing firms working across superconducting photonic, trapped ion, silicon spin and neutral atom technologies. Officials say the investments are intended to accelerate development of utility scale fault tolerant quantum computers and address engineering challenges such as error correction, photonic loss, cryogenic systems and qubit scalability. The administration framed the initiative as both an economic and national security priority, citing potential applications in defense, energy, finance, advanced materials and biopharmaceutical research. Researchers from Aikido found that deleted Google API keys can continue authenticating requests for up to 23 minutes after deletion because revocation propagates gradually across Google's infrastructure. In testing across 10 trials, deleted keys remained intermittently functional for between eight and 23 minutes, potentially allowing attackers to continue accessing enabled services, including Gemini, after a credential leak. The researchers say the delayed revocation stems from Google's eventually consistent infrastructure model and warned that users receive no indication a deleted key may still be active. They also observed regional inconsistencies in how quickly revocation took effect. Google reportedly closed the disclosure as won't fix, describing the delay as expected. System behavior researchers advised organizations to treat API key deletion as a roughly 30 minute process and closely monitor usage during that window for signs of abuse. Canadian Authorities arrested a 23 year old Ottawa resident, Jacob Butler, also known as Dort, on allegations he operated the Kim Wolf Internet of Things botnet linked to massive DDoS attacks. US prosecutors allege the botnet infected millions of devices, including webcams and digital photo frames, and generated attacks reaching nearly 30 terabits per second authorities said. Kim Wolf issued more than 25,000 attack commands and caused significant financial damage, including attacks affecting Department of Defense address ranges. Investigators tied Butler to the operation through IP addresses, transaction records and online messaging accounts. He also allegedly participated in harassment, doxing and swatting campaigns targeting security researchers. Canadian and U.S. authorities coordinated the investigation alongside broader efforts to seize infrastructures tied to several DDOs for hire services. Butler now faces criminal charges in both Canada and the United States. Two Americans pleaded guilty to charges tied to a long running India based tech support fraud scheme that targeted elderly and vulnerable victims across the United States, prosecutors said. Adam Young and Harrison Gewerts provided phone numbers, call routing and tracking services that helped scammers connect victims to fraudulent call centers in India between 2016 and 2022. Victims were tricked through fake malware warnings and pressured into paying for bogus technical support services. In some cases, scammers gained remote access to devices and stole financial information, investigators said. The pair continued supporting the operation even after learning customers were involved in fraud and allegedly advised scammers on ways to avoid detection by rotating phone numbers. The case comes amid broader government effort to combat robocalls and digital scams, which lawmakers say continue to cost Americans billions of dollars. Ann. Coming up after the break, my conversation with Ankit Kumar Honey, senior engineering manager for Dependabot at GitHub. We're discussing closing the agentic gap between Alert and Patch, and AI generated reports still come up short. Stay with us.

Microsoft Windows 11 Promo Voice

Study and play come together on a Windows 11 PC and for a limited time, college students get the best of both worlds. Get the unreal college deal, everything you need to study and play with select Windows 11 PCs. Eligible students get a year of Microsoft 365 Premium and a year of Xbox Game Pass ultimate with a custom color Xbox wireless controller. Learn more@windows.com studentoffer while supplies last ends June 30 terms@akamscollegepc Ray Ban meta lets

Ray-Ban Meta AI Promo Voice

you explore the world without a screen getting in the way so you can stay present in the moment.

Meta AI Assistant Voice

Hey Meta, tell me what kind of dessert this is. That's a Stroopwafel, a Dutch waffle with spiced syrup in the middle. Is it sweet?

Microsoft Windows 11 Promo Voice

Yes.

Meta AI Assistant Voice

Perfect for a snack or dessert. Mmm, delicious.

Ray-Ban Meta AI Promo Voice

Get answers on the go without interrupting your flow. Ray Ban Iconic Style meets Meta AI available at Walmart and other authorized retailers.

Dave Bittner

Ankit Kumar Honey is senior engineering manager for Dependabot at GitHub. We recently got together to discuss closing the agenta gap between Alert and Patch.

Ankit Kumarhani

Basically the team which I lead is a part of a supply chain security organization within GitHub. This team, what it does is basically builds and operates automated dependency security system that monitors around 20 plus million repository across 32 ecosystem and which is serving around 180 million or even more developers worldwide. So basically our team works around vulnerability detection through. I'll repeat that again. So basically our team works on vulnerability detection through GitHub advisory database, automated security updates and AI augmented vulnerability remediation at scale.

Dave Bittner

Well, take us through some of the changes and innovations that you and your team have been implementing here lately with the onset of all of this concern about AI.

Ankit Kumarhani

Yeah, so one thing is basically how AI agent is able to fix vulnerabilities. So we shipped something which is called security alerts remediation with a AI coding agent. That was last month. So what's emerging across the industry is the idea of assigning a security alert to a to an AI coding agent, not just to flag the problem. And this is something our team dependbot wanted to tackle. This is a first step. So what we try to do is we just not analyze the vulnerability. Basically we examine how the effective dependency is used in a specific code base and propose a fix. So exactly what happens, you have a security vulnerability in your code base, you assign that vulnerability to AI coding agent. The AI coding agent, what it does is it actually analyzes those vulnerabilities, examine how the effective dependency is used in your specific code base and it proposes a fix. Now what agent does is it opens a draft pull request that a human engineer reviews before merging. And this is a very important part because we always want to have humans in the loop. AI and generated fix are not always correct. They can miss edge cases, introduce new issues, or produce incomplete patches. Sorry, they can produce incomplete patches, but they dramatically reduce the time from alert to actionable fix. Especially for the complex cases that human engineers do not have bandwidth to tackle.

Dave Bittner

So it sounds to me like this system does just about everything but press the go button and relies on the human to look over what it's prepared before committing to it. Do I have that right?

Ankit Kumarhani

Yes, exactly. And the best part is, or I would say the beauty is once the draft pull request is ready, there is a section called View Session where a developer can go and see what exactly the AI coding agent has done and how they proposed a fix. So that gives the developer more confidence in terms of reviewing that particular pull request and shipping it to production.

Dave Bittner

Can you share with us how this tool was developed? How did you and your colleagues decide you were Going to approach this particular problem.

Ankit Kumarhani

Few things which made us make this decision. First, the AI generated code explosion is creating new dependency patterns which we haven't seen before. Now when the LLM write code it pulls in packages based on its training data which means it's recommending packages that were popular two years ago, not necessarily the most secure options. Today we are seeing huge number of security alerts and the time to remediation is between eight to 70 days. So in the industry right now we have a very good detection mechanism. Industries have good security scanners, they have good advisory database, they have good vulnerability reporting mechanism. But the average time to remediation is still between 8 days to 70 days which means detection without remediation is just noise. And that is what exactly we are trying to tackle. And the first step towards this is like why don't we assign a security alert to an AI coding agent which will solve a problem within couple of hours rather than having that problem set for days for the developers. This will also help developers to reduce the backlog and the more the backlog increases, the attack surface area for those particular packages or application increases.

Dave Bittner

How do you balance people's desire to save time with the need to be accurate here?

Ankit Kumarhani

So the first thing we are trying to tackle is the noise. Engineering teams get hundreds and thousands of alerts. The simple ones get fixed but the complex ones, for example breaking API changes or compromised packages, transitive dependency conflicts, those gets piled up and it creates a backlog which becomes a headache for any developer, any security folks. And this is exactly we want to tackle and to fill that gap. We are trying to make sure we provide a solution to the developers so that they can themselves analyze and figure out what needs to be done within a timeframe which is suitable for them as well as for the security folks in the organization.

Dave Bittner

Since you've launched this, what has the response been and what have you learned?

Ankit Kumarhani

So the initial response is promising. We are still in the early phase so I'll circle back again like after a couple of months. But the initial response was pretty good. We are seeing customers onboarding to it and we are getting some good results.

Dave Bittner

That's Ankit Kumarhani from GitHub.

Ray-Ban Meta AI Promo Voice

Zootopia 2 has come home to Disney Plus. Let's go get ready for a new case.

Meta AI Assistant Voice

We're gonna crack this case and prove we're victorious partners of all time.

Ray-Ban Meta AI Promo Voice

New friends.

Meta AI Assistant Voice

You are Gary the Snake and your last name Desnake Dream Team Hidden new

Dave Bittner

habitats Zootopia has a secret reptile population.

Ray-Ban Meta AI Promo Voice

You can watch the record breaking phenomenon

Microsoft Windows 11 Promo Voice

at home, you're clearly barking it.

Ray-Ban Meta AI Promo Voice

Zootopia 2 now available on Disney. Rated PG.

Meta AI Assistant Voice

Your next chapter in healthcare starts at Carrington College's School of Nursing in Portland. Join us for our open house on Tuesday, January 13th from 4 to 7pm you'll tour our campus, see live demos, meet instructors and learn about our associate Degree in Nursing program that prepares prepares you to become a registered nurse. Take the first step toward your nursing career. Save your spot now@carrington.edu events. For information on program outcomes, visit carrington.edu sci.

Dave Bittner

And finally, researchers at Cisco Talos spent months teaching large language models how to write cybersecurity reports without wandering off into confidently incorrect fiction, a task easier said than done when your co author occasionally invents facts with perfect grammar. The team found that AI generated reports often suffered from inconsistent conclusions, formatting drift, and the digital equivalent of losing the plot halfway through a meeting. To rein things in, Talos developed tightly controlled prompt engineering techniques, including task specific prompts, strict source constraints, rigid templates, and structured formatting rules. In testing, the approach cut report drafting time roughly in half while improving consistency and reducing typos, a rare moment when everyone involved in incident response briefly experienced joy. The researchers cautioned that human oversight remains essential. Models still hallucinated recommendations, mixed content between projects and occasionally missed obvious errors while confidently flagging imaginary ones. In other words, the AI intern still needs supervision. And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com just a quick program note. We will not be publishing our daily podcast this coming Monday in observance of Memorial Day. Be sure to check out this weekend's Research Saturday and my conversation with Sassy Levi, security research lead at NOMA Security. The research we're discussing is titled Grafana the Phantom Stealing your data. That's Research Saturday.

Maria Varmazis

Check it out and hello Maria Varmazas here on Sunday's T Minus Space Cyber Briefing. We're covering the future of modernizing and securing GPS operations with Dr. Sean Gorman, CEO at Zephyr. That's Sunday on T Minus. Don't miss it.

Dave Bittner

We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's lead producer is Liz Stokes were mixed by Trey Hester with original music and sound design by Elliott Peltzman. Our contributing host is Maria Vermazes. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you all back here next week.

Meta AI Assistant Voice

Foreign.

Dave Bittner

Previously attackers broke into systems. Now they're chaining identities together to move through your environment unnoticed. We recently spoke with Justin Kohler from Spectre Ops about how attackers are exploiting common identity configurations across today's hybrid environments. Attackers are compromising one account and moving on to the next until they reach the administrator access and high value targets thereafter. And with AI, these attacks are becoming cheaper to execute and easier to scale, putting more organizations at risk. If you want to understand what identity attack path management looks like and why it matters for defending modern environments, listen to our full conversation@explore.thecyberwire.com Spectrops that's explore.thecyberwire.com spectrops.