CyberWire Daily – "When the Director uses the wrong chat window"

Date: January 28, 2026
Host: Dave Bittner (N2K Networks)
Featured Guest: Ben Yellen, University of Maryland Center for Cyber Health and Hazard Strategies

Episode Overview

This episode explores major recent cybersecurity incidents and trends from across the globe, with a close look at the risk of exposing sensitive data to public AI services, a high-profile cyberattack on Poland's power grid, ongoing threats like WinRAR vulnerabilities and LLM endpoint attacks, and high-stakes litigation in California challenging social media giants over alleged harm to children. The tone is urgent, insightful, and at times laced with dry wit.

Key Stories and Insights

1. Sensitive Government Data Uploaded to ChatGPT

• [03:00]: Politico reports CISA’s interim director, Madhu Garamukkala, triggered an internal security review after uploading sensitive government material into the public version of ChatGPT.
  • Detection and Response: CISA monitoring flagged the incident in early August, escalating it to a Department of Homeland Security (DHS) review. Outcome remains undisclosed.
  • Details and Disputes: DHS says Garamukkala’s access was authorized and limited, but public ChatGPT use raises serious data exposure concerns versus vetted internal AI solutions.
  • Implications: Potential administrative consequences for mishandling government documents and increased scrutiny of CISA leadership.
  • Quote: “The incident led to meetings with senior DHS legal and IT leadership and could carry administrative consequences under federal document handling rules.” [03:58] (Bittner)

2. Poland’s Power Grid Cyberattack

• [05:04]: Late December attack breached ~30 energy facilities, targeting distributed energy resources like wind, solar, and combined heat and power plants.
  • Scope: Some equipment permanently disabled, operators' ability to monitor/control was hampered, but central grid and power supply were intact.
  • Attribution: Incident attributed by Dragos to Russian-linked Sandworm group with “moderate confidence.”
  • Implication: Signals distributed and less-defended energy infrastructures are now ripe targets for state-backed and sophisticated cyber adversaries.
  • Quote: “Loss of communications limited operators’ ability to remotely monitor and control equipment… reinforcing concerns that distributed energy systems... are now a serious target.” [06:08] (Bittner)

3. EU–India Cybersecurity Partnership

• [07:02]: Newly signed partnership entails deeper cyber cooperation and dialogue.
  • Behind the scenes: European cyber diplomats voice concerns over India’s “Hackers for Hire” ecosystem; India denies any such (state-involved) ecosystem.
  • Quote: “Indian officials rejected those claims, denying such an ecosystem exists and arguing that if it did, it would be a private sector matter. Beyond government control.” [07:27] (Bittner)

4. WhatsApp Rolls Out Strict Security for High-Risk Users

• [07:52]: Meta increases security for journalists, public figures, and high-risk individuals.
  • Features: Mandatory 2FA, blocking unknown senders, limited profile visibility, disables exploitable features.
  • Targeted Response: Reaction to zero-click spyware campaigns targeting WhatsApp users.

5. LLM Service Endpoint Attacks – “Bizar Bazaar”

• [08:38]: Pilar Security documents over 35,000 attack sessions targeting large language model (LLM) endpoints over 40 days.
  • Activities: Attackers exploited misconfigured/self-hosted LLMs to steal compute resources, API access, prompt data, attempt lateral movement.
  • Notable Insight: One of the first documented "LLM jacking" campaigns by specific threat actors.
  • Quote: “The campaign targets self-hosted LLMs, exposed AI APIs, and publicly accessible model context protocol servers, often within hours of appearing in Internet scans.” [09:14] (Bittner)

6. Fortinet and OpenSSL Patch Critical Vulnerabilities

• [10:12]: Fortinet patched a critical FortiCloud SSO authentication bypass exploited as a zero-day, allowing cross-customer device access.
• [10:34]: OpenSSL released 12 vulnerability updates, including a high-severity RCE.
  • Urgency: Organizations are urged to patch immediately.

7. Persistent Exploitation of WinRAR Vulnerability

• [11:06]: Google reports an old WinRAR vulnerability (patched 6 months ago) continues to be used in espionage and malware campaigns, including by Russian and Chinese actors.
  • Techniques: “Malicious RAR archives that silently drop payloads without user interaction, making detection difficult.” [11:57] (Bittner)
  • Call to Action: Update WinRAR and hunt for IoCs.

8. SoundCloud Data Breach

• [12:35]: Confirmed: nearly 30M user accounts breached, with email addresses linked to public profiles. No passwords or financials exposed.
  • Response: SoundCloud detected, contained, and remediated; afterwards, suffered DDoS follow-up and extortion.
  • Impact: Data widely redistributed after failed extortion.

Deep Dive: California Lawsuit v. Social Media Giants

9. Interview: Ben Yellen on the Social Media Liability Lawsuit

[13:57–21:32]

• Background:

  • Plaintiffs (underage, anonymous) are suing Meta, TikTok, and YouTube/Google in CA Superior Court. For the first time, these companies will face a jury trial on claims that their platforms' design is harming young people's mental health.

• Allegations:

  • Features such as infinite scroll, autoplay, persistent notifications are allegedly addictive and led to/deepened mental health issues, eating disorders, self-harm, and even suicide.
  • Suit argues companies knew/should have known and failed to act.

• Legal Hurdles:

  • Difficult case for plaintiffs: Product liability framework requires a clear design defect—hard to analogize digital harms to, say, “a Coke bottle that explodes in your face.” [15:22] (Yellen)
  • Quote:
    • “They're trying to analogize this to the Coke bottle that explodes in your face. And if that doesn't make sense to you, that shows you why using this sort of products liability theory is going to be problematic.” [15:22] (Yellen)

• Potential Impact of Trial:

  • Eye-opening public discovery into tech firms' internal documents, similar to the 1990s tobacco litigation's revelations about youth targeting.
  • High-profile execs (e.g., Mark Zuckerberg) may have to testify under oath.
    • “I've seen him [Zuckerberg] testify in front of Congress and it has not gone well … it seems to me that is not his strength.” [16:23] (Yellen/Bittner)

• Defense Perspective:

  • Companies argue the suit misrepresents their work and that they have improved youth safety with parental controls and safety features.

• Legal Limitations: Section 230

  • Judge already struck some plaintiff claims as covered by CDA Section 230, shielding platforms from liability for user-generated content.
  • Only design-related claims (algorithms/features, not content) stand a chance.
  • Quote:
    • "Section 230 says that the platforms themselves are not liable for content posted on their platforms ... really, you can only be liable in terms of the products that they themselves have created ... it is the algorithms, it is the scrolling features, that sort of thing." [17:58] (Yellen)

• Could Social Media Become Age-Restricted Like Porn?

  • Possible long-term direction, though not certain from this case—raises challenging First Amendment issues.
  • Quote:
    • “They're asserting a First Amendment interest … but I think the law understands things differently when we're talking about nonconsenting or young people who are just not capable of consenting.” [19:12] (Yellen)

• Timeline:

  • Extended process: Trial could last a month, with appeals possibly dragging for years.
  • Quote:
    • “This is going to be a long trial … the litigation itself could take a long time, potentially up to a month and then several more months after that for a decision from this judge … the appeals process … could take a long time.” [20:29] (Yellen)

Other Noteworthy Incident

10. Low-Rent Ransomware Hits Spanish Coastal Town

• [22:49]: Attackers encrypted the town hall's files, asking a laughably low $5,000 bitcoin ransom.
  • City refused to pay, restored from backups; citizen portal and key services were unaffected.
  • Quote: “A ransom so small it raised questions about whether this was cybercrime or a clearance sale, or maybe a practical joke.” [22:54] (Bittner)
  • Part of a wider surge of ransomware against Spanish municipalities, but this one’s minimal demand highlighted the nuisance value more than financial harm.

Memorable Quotes & Moments

• On public AI use by government officials:
  “Unlike DHS-approved internal AI tools, the public ChatGPT platform share[s] uploaded data with OpenAI, raising concerns about exposure beyond federal networks.” [04:26] (Bittner)
• On the LLM endpoint campaign:
  “Bizar Bazaar, one of the first documented cases of LLM jacking attributed to a specific threat actor.” [08:58] (Bittner)
• On Meta’s CEO:
  “I've seen [Zuckerberg] testify in front of Congress and it has not gone well … it seems to me that is not his strength.” [16:23] (Yellen/Bittner)
• On ransomware demands:
  “A ransom so small it raised questions about whether this was cybercrime or a clearance sale, or maybe a practical joke.” [22:54] (Bittner)

Timestamps for Key Segments

• 03:00 – CISA director and ChatGPT incident
• 05:04 – Cyberattack on Poland's power grid
• 07:02 – EU–India cyber partnership; India’s Hackers for Hire
• 07:52 – WhatsApp security for high-risk users
• 08:38 – LLM endpoint attacks (“Bizar Bazaar”)
• 10:12 – Fortinet FortiCloud SSO emergency patch
• 10:34 – OpenSSL multi-vulnerability fixes
• 11:06 – WinRAR vulnerability exploitation
• 12:35 – SoundCloud data breach
• 13:57–21:32 – Interview: Ben Yellen on social media lawsuit
• 22:49 – Ransomware in Spanish coastal town

Tone and Language

• Analytical and incisive with moments of humor (“a clearance sale, or maybe a practical joke”).
• Transfer some of the urgency and deep concern from the security sector—balances technical explanation with broader social implications.

Summary

This episode delivers a fast-moving, high-stakes snapshot of today’s cybersecurity landscape: from government security lapses in the AI age, to hostile state-backed grid hacks, ongoing software risk, and the nascent legal battles pushing tech industry accountability on youth mental health. Listeners come away with a holistic view of digital threats, regulatory anxieties, and the messy intersection of law, policy, and human behavior in cyberspace.