Summary7 min read

CyberWire Daily — March 4, 2026

Episode Title: When Zero-Days Escape the Lab
Host: Dave Bittner (N2K Networks)
Main Theme:
A look at how leaked zero-day exploit kits are impacting iOS security at a global scale, emerging threats in social engineering fueled by AI, and the pressing issue of managing digital identities after death. The episode delivers a round-up of critical news, expert interviews from Zero Trust World 2026, and a thought-provoking industry segment on the future of AI-driven social engineering.

1. Episode Overview

Dave Bittner anchors a packed episode focused on the unprecedented leak and proliferation of powerful iOS exploit kits, major cyber events affecting critical services, and a deep-dive interview with Brian Long, CEO of Adaptive Security, about AI’s role in reshaping social engineering attacks and the new challenges of posthumous profiles. The episode connects these issues under the broad theme of evolving cyber threats and response strategies in a rapidly changing digital world.

2. Key News Segments & Insights

Sophisticated iOS Exploit Kit — The “Karuna Kit” Leak

[03:13–05:04]
- A sophisticated exploit kit, possibly originating from a leaked U.S. government framework, is behind what may be the first mass-scale Apple iOS attack.
- Reported by Google’s Threat Intelligence Group and Iverify, the “Karuna Exploit Kit” uses multiple zero-day vulnerabilities and has been observed in both espionage and cybercrime campaigns.
- The kit was used in:
  - Attacks tied to a surveillance vendor’s customers.
  - Espionage operations targeting Ukrainians (linked to Russian groups).
  - Campaigns by financially motivated cybercriminals in China.
- Iverify estimates at least 42,000 iOS devices compromised, unprecedented for Apple’s ecosystem.
- Compared to “an EternalBlue moment” for iOS referencing the 2017 NSA-wannacry leaks.
- Apple has released relevant patches, particularly linked to “Operation Triangulation.”
- Quote:
  “The spread of the toolkit resembles an eternal blue moment, referring to the leaked NSA exploit that fueled the global WannaCry NotPetya outbreaks in 2017.” (Dave Bittner, 04:24)

Facebook/Meta Outage

[05:05–05:45]
- Facebook worldwide outage occurred around 4:15 pm ET; lasted until 6:21 pm ET.
- Affected Facebook, Instagram, WhatsApp Business API.
- Cause not detailed by Meta.

Critical Vulnerabilities and Exploits

FreeScout Help Desk RCE Vulnerability
- [05:46–06:42]
  - CVSS 10.0; allows unauthenticated attackers to execute remote code.
  - Exploited using an invisible zero-width space character to bypass file validation.
Juniper PTX Routers Flaw
- [06:43–07:24]
  - CVSS 9.3; root-level access possible via the Onbox Anomaly Detection Framework.
  - No authentication needed if misconfigured.

LastPass Phishing Campaign

[07:25–08:18]
- New phishing campaign mimics LastPass warnings, tries to trick users into entering master passwords on spoofed sites.
- LastPass published indicators of compromise.

Telegram as a Cybercrime Marketplace

[08:19–09:25]
- Researchers note Telegram has supplanted traditional dark web forums, offering rapid marketplace features, ransomware group publicity, and DDoS organization.

Healthcare IT Rule Changes Criticized

[09:26–10:28]
- Industry groups warn that loosening U.S. Healthcare IT certification could shift cyber risk to providers and weaken privacy.

Stolen Google Gemini API Key Incident

[10:29–11:44]
- A Mexican startup incurred $82,000 in fraudulent Google cloud charges after API key theft.
- Shared responsibility model highlighted; 2,800 more exposed api keys found by researchers.

CISA CIO Departure

[11:45–12:25]
- Robert Costello steps down after nearly 5 years as CISA CIO, credited with modernizing critical cyber infrastructure.

3. In-Depth Interview: Brian Long, Adaptive Security

“AI and the New Age of Social Engineering”

[15:11–23:34]

The AI-Driven Shift in Social Engineering

Sophistication & Accessibility
- Attackers use AI tools—large language models (LLMs), deepfakes—for highly targeted, realistic attacks (voice, likeness, context-specific).
- AI models now available at low or no cost; over 2 million models on Hugging Face.
- Quote:
  "With new AI tools, attackers are able to attack with significantly more sophistication and unfortunately also success." (Brian Long, 15:13)
Explosion in Attack Volume
- Social engineering/phishing has increased 4.4x since ChatGPT’s release.
- Deepfake attacks grew 17x year-over-year from 2023 to 2024 (over 100,000 reported), with further exponential growth into 2025.
- Quote:
  "We've seen over a 4.4x increase in social engineering phishing attacks since ChatGPT came out... deepfakes grew 17x from 2023 to 2024." (Brian Long, 16:34)

Evolving Attack Patterns

Attackers impersonate trusted but less visible employees, not just executives—e.g., a fake CFO instructing a controller.
- Quote:
  "What's changing is you see more attacks now where they might be impersonating someone in the middle of the organization... knowing context on the business." (Brian Long, 17:22)

Defender Challenges

Security teams are overwhelmed with tools, alerts, lack of time and resources.
Detection is inadequate:
- Existing tools often don't cover personal email, phone, or third-party video chat environments.
Quote:
"It's hard to find the time to keep up with the newest threats and feel like you're even just keeping your head above water..." (Brian Long, 18:02)

Rethinking Security Awareness & Controls

Importance of “spreading awareness,” since average employees lack understanding of AI attack capabilities.
Security awareness training should include:
- Education on AI-enabled threats.
- Controls for remote work; verification for new hires.
Noted rise in job applicant impersonation:
- Gartner predicts 1 in 4 applicants could be fakes by 2029.
- Quote:
  "One of the biggest growing attacks is impersonation to get the job and then inside a risk... Gartner said that by the year 2029, one in four job applicants will be fake." (Brian Long, 20:19)

Recommendations

Immediate focus: Company-wide AI threat awareness.
Education for families and children, e.g., AI/deepfake abuse is a growing problem in schools.
Suggested protocols:
- Personal codewords for identity confirmation (for vulnerable populations, e.g. seniors).
- Quote:
  "You need to have a code word, you need to have steps you take in order to authenticate them before doing anything." (Brian Long, 22:16) "If we just train ourselves and our people to take a minute when something seems a little off, take a step back... There are few times when urgent action is really required." (Brian Long, 22:50)

Closing Advice

Take time to assess situations, avoid responding hastily especially where urgency is stressed—this is a hallmark of social engineering.
Apply the same caution at home and in organizational controls.

4. Emerging Issue: Digital Identity & Posthumous Profiles

[26:02–28:20]

OpenID Foundation warns there is no global standard for managing digital lives after death.
Current lack of coordination leads to risks: fraud, identity abuse, scams (including deepfake use of deceased identities).
Privacy laws like GDPR/CCPA rarely cover posthumous data.
Quote:
"The lack of coordination could invite fraud, identity abuse and even scams powered by deepfake technology that impersonates the deceased to manipulate friends or relatives." (Dave Bittner, 26:43)
Urges new rules for digital inheritance and standardized account management after death.

5. Notable Quotes

On zero-days leaking into the wild:
"The spread of the toolkit resembles an eternal blue moment, referring to the leaked NSA exploit that fueled the global WannaCry NotPetya outbreaks in 2017."
— Dave Bittner, 04:24
On the power AI is giving attackers:
"With new AI tools, attackers are able to attack with significantly more sophistication and, unfortunately, also success... They can use OSINT data...and then...deepfakes over voice and likeness..."
— Brian Long, 15:13
On the challenge for defenders:
"It's hard to find the time to keep up with the newest threats and feel like you're even just keeping your head above water... let alone dealing with what the new stuff is."
— Brian Long, 18:02
On the urgency exploit in social engineering:
"Urgency is the opportunity for people to take a second, think logically and then look at the controls of the organization or, you know, if it's in your own household."
— Brian Long, 22:57
On posthumous digital identity risk:
"Platforms treat death like a rare corner case, even though it eventually applies to every Internet user."
— Dave Bittner, 26:24

6. Timeline of Important Segments

| Timestamp | Segment/Topic | |------------|-------------------------------------------------------------| | 03:13–05:04| Karuna iOS exploit kit leak & implications | | 05:05–05:45| Facebook/Meta global outage | | 05:46–06:42| FreeScout help desk RCE | | 06:43–07:24| Juniper PTX router vulnerability | | 07:25–08:18| LastPass phishing campaign | | 08:19–09:25| Telegram cybercrime marketplace expansion | | 09:26–10:28| Healthcare IT rule change controversy | | 10:29–11:44| Stolen Google Gemini API key incident | | 11:45–12:25| CISA CIO resignation | | 15:11–23:34| Interview: Brian Long on AI, deepfakes, and social engineering| | 26:02–28:20| OpenID report: posthumous profiles and digital estates |

7. Conclusion

This episode highlights a turning point in both offensive and defensive cyber operations: from the widespread use of extremely potent exploit kits in the wild—potentially originating from leaked government tools—to a dramatic rise in AI-powered social engineering that threatens every layer of organizations and families alike. The discussion with Brian Long leaves a strong call to action: move quickly on awareness and verification, because the nature of identity and trust in the digital realm is shifting faster than ever. The episode closes by urging policy changes to address the largely overlooked but inevitable problem of managing digital identities after death.

For full stories, links, and further coverage, visit thecyberwire.com.

Loading summary

Transcript48 lines

[00:02]
A
You're listening to the Cyberwire Network powered by N2K.
[00:13]
B
These days, attackers rarely start with a bang.
[00:16]
C
They start quietly.
[00:17]
B
A leaked credential, Stolen session cookie, A lookalike domain that shouldn't exist. That's where Nord Stellar comes in. Nord Stellar is a threat exposure management platform that helps organizations see what attackers already know about them. Turns into an incident. It brings together data breach monitoring, dark web monitoring, attack surface management and cyber squatting detection in a single platform. That means visibility into leaked credentials and malware logs, insight into brand impersonation attempts, and a clear picture of exposed Internet facing assets. And shadow it for CISOs. It's a way to reduce response costs, prioritize real risk and communicate clearly with the board. For security teams, it's real time alerts, contextual intelligence and faster investigations without the noise. Most companies only react after the damage is done. Don't wait until your data is already for sale. Protect your business today with Nord Stellar. Learn more@nordstellar.com CyberWire Daily don't forget to mention CyberWire 10 for an exclusive offer. A suspected US exploit kit shows up in global iOS attacks Facebook goes down briefly worldwide A critical help desk flaw enables remote code execution Juniper PTX routers face A major bug LastPass warns of phishing Telegram becomes a cybercrime marketplace Healthcare Healthcare groups fight relaxed it rules A
[02:01]
C
stolen Gemini API kit runs up massive
[02:04]
B
bills CISA's CIO departs our guest is
[02:08]
C
Brian Long, CEO and co founder of Adaptive Security, discussing how AI is reshaping social engineering and the problem of posthumous profiles. Its Wednesday, March 4, 2026 I'm Dave Bittner and this is your Cyberwire Intel Briefing. Thanks for joining us here today. This week we are coming to you from Zero Trust World in Orlando, Florida. We're where we're joining security leaders and practitioners from across the industry. Our coverage here is made possible by our sponsors at Threatlocker, who brought the community together to talk all things zero trust, resilience and the future of cybersecurity. Thanks for listening. And thanks to ThreatLocker for helping make it possible. Researchers say a sophisticated exploit kit, possibly originating from a leaked US Government framework, is behind what may be the first mass scale attack against Apple's iOS. Google's Threat Intelligence Group and mobile security firm Iverify reported Tuesday that the tool, known as the Karuna Exploit Kit, uses zero day vulnerabilities and has already appeared in multiple campaigns across the cybercrime and espionage landscape. Google observed the kit being used over the past year in operations tied to a surveillance vendor's customer and in attacks against Ukrainian targets attributed to a suspected Russian espionage group. Investigators later recovered the full toolkit from a financially motivated cybercriminal group operating in China. Iverify estimates the campaign may have compromised at least 42,000 iOS devices, a significant figure for Apple's tightly controlled ecosystem. The spread of the toolkit resembles an eternal blue moment, referring to the leaked NSA exploit that fueled the global WannaCry NotPetya outbreaks in 2017. While evidence suggests possible US government origins, the exact path of the leak remains unclear. Apple previously issued patches related to the attacks, which researchers linked to the earlier Operation Triangulation campaign. Facebook experienced a global outage that prevented users from accessing their accounts and displaying a message that accounts were temporarily unavailable due to a site issue, according to Down Detector. The disruption began yesterday around 4:15pm Eastern Time and affected users worldwide. Meta's status page reported high disruptions affecting Facebook Ad Manager, Instagram Boost and the WhatsApp Business API. The outage was later resolved by 6:21pm Eastern Time, restoring access for users. Facebook has not yet provided details about the cause of the disruption. A critical vulnerability in the open source help desk platform freescout could allow attackers to execute remote code without user interaction. With a CVSS score of 10.0, the flaw bypasses a recent patch for another remote code execution bug, researchers at OX Security found. The bypass uses a zero width space character in a file name to evade validation checks designed to block malicious uploads. Because the invisible character passes the initial check and is later removed during sanitization, the file is ultimately saved as a valid dot file on the server. Attackers can exploit the issue by sending a malicious email to a free Scout mailbox requiring no authentication or user interaction. Successful attacks could allow full server compromise, data theft, and lateral movement. The flaw was patched in a recent version. A critical vulnerability in Juniper Network's Junos OS evolved could allow attackers to gain root level access to PTX series routers with a CVSS score of 9.3. The flaw stems from improper permission settings in the Onbox Anomaly Detection Framework, which runs as root and is enabled by default. Researchers at Watchtower discovered the issue. If exposed through certain configurations, attackers could exploit it without authentication and gain full control of affected routers. Juniper has advised restricting access via firewalls or access lists and plans to release a patch. LastPass is warning users about a new phishing campaign designed to steal master passwords. The emails impersonate LastPass by spoofing the display name, a tactic that can hide the real sender address. In many email clients, especially on mobile devices, messages claim there's been suspicious activity, such as unauthorized access or a master password change, and urge recipients to act quickly. Links in the emails lead to a fake LastPass login page that harvests credentials. LastPass has published indicators of compromise, including malicious URLs, IP addresses and sender details, and is working with partners and hosting providers to take down the phishing sites. Researchers at Cipherma say Telegram has increasingly become a central hub for cybercriminal activity, replacing many traditional dark Web forums. Unlike Tor based marketplaces that could disappear when law enforcement shut them down, Telegram channels can quickly reappear if banned, allowing criminal communities to maintain operations with minimal disruption, according to the analysis. Hackers use Telegram as a fast, automated marketplace where bots help sell stolen credentials, malware subscriptions and initial access to corporate networks. Channels also host large databases of stolen login data and serve as platforms for ransomware groups to pressure victims by posting leak previews and countdowns. The platform is also used by hacktivist groups to coordinate distributed denial of service attacks and promote campaigns. Although Telegram has increased cooperation with law enforcement, including sharing user data in hundreds of investigations, researchers say cyber criminal activity on the platform continues to grow. Healthcare industry groups are warning that proposed changes to US Healthcare IT certification rules could weaken privacy and security protections. The Office of the National Coordinator for Health it, part of the Department of Health and Human Services, has proposed reducing certification criteria to ease regulatory burdens on software developers and encourage innovation. However, organizations including the College of Healthcare Information Management Executives and the American Hospital association argue that removing requirements such as authentication, access controls and authorization would shift responsibility for cybersecurity and HIPAA compliance from vendors to healthcare providers, they warn. This change could increase costs and expose hospitals to greater cyber risk, particularly as the healthcare sector remains a frequent ransomware target. Industry groups also raised concerns about removing patient matching requirements tied to care transitions, saying it could increase patient misidentification risks and undermine data security. A startup developer says their company was hit with over $82,000 in unauthorized charges after a stolen Google Gemini API key was abused within 48 hours. The small Mexico based firm normally spends about 180 bucks a month on cloud services, but attackers used the compromised key to generate heavy usage of Gemini 3 Pro image and text models. After revoking the key and contacting support, the developer said, Google cited its shared responsibility model, meaning customers must secure their own credentials. Researchers at Truffle security also found 2,800 publicly exposed Google API keys that could be used to access Gemini services, potentially allowing attackers to access stored data and generate costly AI requests. The issue stems partly from older API keys that were originally meant as public project identifiers but now also function as Gemini credentials. Google says it's working on fixes and mitigation measures. Robert Costello, chief information officer at the Cybersecurity and Infrastructure Security Agency, announced Tuesday that he's stepping down after nearly five years in the role and 18 years with the Department of Homeland Security. In a LinkedIn post, Costello describes serving as CISA's CIO as one of the greatest privileges of his career, highlighting the agency's progress in strengthening cybersecurity defenses, modernizing critical systems, and building lasting capabilities. During his tenure, Costello championed improved technology to help recruit talent, supported responses to emerging vulnerabilities, and promoted the use of artificial intelligence to enhance CISA's mission. He also frequently represented the agency at industry events and in public discussions about cybersecurity. Costello expressed deep gratitude for the public servants he worked alongside across dhs, CISA and in the US Air Force. His departure comes amid broader leadership changes at the agency. We wish him well. Coming up after the break, Brian Long, CEO and co founder of Adaptive Security Security, discusses how AI is reshaping social engineering and the problem of posthumous profiles. Stay with us.
[13:16]
B
Maybe that's an urgent message from your CEO, or maybe it's a deep fake trying to target your business. Doppel is the AI native social engineering defense platform fighting back against impersonation and manipulation. As attackers use AI to make their tactics more sophisticated, Doppel uses it to fight back from automatically dismantling cross channel attacks to building team resilience and more Doppel outpacing what's next in social engineering? Learn more@doppl.com that'S-O-P p e l.com. No, it's not your imagination. Risk and regulation really are ramping up and customers expect proof of security before they'll sign that deal. That's where Vanta comes in. Vanta automates your compliance process and brings compliance, risk and customer trust together on one AI powered platform. Whether you're preparing for SOC 2 or managing an enterprise governance risk and compliance program, Vanta helps keep you secure and keeps your deals moving. Companies like Ramp and RYTR spend 82% less time on audits with Vanta. That's not just faster compliance, that's more time for growth.
[14:39]
C
Take it from me, if you're thinking
[14:40]
B
about compliance, take the time to check out Vanta. Get started@vanta.com cyber foreign.
[14:59]
C
Long is CEO and co founder of Adaptive Security. And in today's sponsored Industry Voices segment we discuss how AI is reshaping social engineering.
[15:11]
A
So I think the current state is shifting dramatically and not surprisingly, that shift is being driven by the adoption of new AI tools. So with new AI tools, attackers are able to attack with significantly more sophistication and unfortunately also success. They can use OSINT data that's collected across large language models and then they can use things like deep fakes over voice and likeness and pair those with real time models in order to run very sophisticated attacks to get into organizations and get whatever data they need in order to disrupt operations or steal money.
[15:59]
B
Is it just the sophistication that's changed here or are you also tracking a difference in velocity?
[16:07]
A
Yeah, I mean, so what's changed a lot even more recently, just in the last year, because it's been about three years since I think we kind of saw the dawn of the AI revolution when ChatGPT came out. But more recently the models have become very cheap and you can get a really good large language model and run it at basically no cost locally on your own device. There's over 2 million models available on sites like Hugging Face. So that's really changed not only the quality but also the volume. And as a result, we've seen over a 4.4x increase in social engineering phishing attacks since ChatGPT came out. And if you look at sophisticated attacks like deepfakes, you know, they grew 17x from 2023 to 2024 with over 100,000 deepfake attacks in just 2024, and that those numbers, you know, further grew exponentially in 2025.
[17:08]
B
What are some of the things that you see behind these successful incidents? Are there patterns that you all track?
[17:15]
A
Yeah, I mean, look, we, we, we track a number of different patterns. I, I think that the biggest pattern I, I've seen though is that, you know, traditionally when, when you heard impersonation attacks, you'd think it's, they're going to be the CEO asking for the gift cards type of thing, right? I, I, I think what's changing is you see more attacks now where they might be impersonating something, someone who's in the middle of the organization, right? They're gonna, they're gonna pretend to be the controller. You know, I, I just heard someone where they pretended to be, you know, the CFO telling the controller to do something right in their voice, their likeness, knowing everyone's names, knowing context on the business. And I think that's where you see it going.
[17:54]
C
From a defender's point of view, what
[17:56]
B
are the, some of the specific challenges
[17:58]
C
that we face here?
[17:59]
A
Man, where to begin? I mean, there's a lot of challenges. You know, I think number one is if you are a defender at an organization, you know, you're probably managing over 50 tools. You've probably got a, you know, every day you feel like you've got thousands of different alerts telling you things that are, that are wrong, things you need to deal with, and you're, you're, you know, you're being attacked every single day. So it's hard to find the time to keep up with the newest threats and feel like you're even just keeping your head above water, you know, let alone dealing with what the new stuff is. So I think time and, and, and, and resourcing is, is something that we hear is a consummate issue for security teams first and foremost.
[18:46]
B
I know you and your colleagues talk
[18:48]
C
about how detection is not enough. That, that, that's not really a reliable plan these days.
[18:54]
A
Yeah, look, I mean, I think that, you know, number one, it's, it's hard to implement detection so that it actually is covering all your surface areas at a company first. Maybe you've got something for corporate email, but does it cover personal emails? You probably don't have anything for phone calls or text messages. And then on video, maybe you have something for your own video chat, but it doesn't work if they just drive the person to a video chat outside of your instance. So it's pretty hard to really feel buttoned up.
[19:28]
B
What's your take on security awareness training? What part does that have to play?
[19:32]
A
Yeah, so look, we operate the world of security awareness training, and I think in what's happening now with the AI revolution, it really plays two important parts. One is spreading awareness of what these AI attacks are capable of. Because I think that as much as the modern CISO may have a pretty good idea of what's possible and they're staying on top of these things and playing around with these tools, the average employee definitely has no idea. So I think a awareness and education of their employees is a big, big piece of it. And then I think that the second piece to me is controls. Right. A lot of organizations, they're still adjusting to a remote workforce. Maybe they never meet people on their team. And one of the biggest growing attacks is impersonation to get the job and then inside a risk. You know, Gartner estimated that I think by the year 2029, Gartner said that one in four job applicants will be an impersonation, will be fake. So, you know, I think that there's many different areas of the org where you know, oh no, we've got identity lockdown. People can't do anything. It's like, well, what if we hire someone and then all of a sudden they seem like they're normal and then they're not. Right. And I also think, look, usage is changing a lot with AI agents and people using these tools on their own computers. And you know, the tool can do all sorts of thing. It's going to mess up all the sensors because, you know, stuff that looks like it would have been bad bot traffic is now just going to be an agent doing something for a person as normal. And that's going to make it a lot harder for us to tell fish from foul.
[21:10]
B
Well, I mean, given all these realities, what are your recommendations?
[21:14]
C
How do you suggest folks should come at this?
[21:16]
A
Yeah, look, number one, I think awareness is what you need to do now. You know, you need to make sure that everyone in your company is aware of what AI's capabilities are and what they need to do to just the basics to protect themselves and be aware for them. But you know, I think it's, it's beyond just a company thing, you know, it's a personal thing too. What do they need to know for their own children, for their own, you know, parents? You know, we also have a lot of free training courses that we offer for say children's in schools to help educate children around, you know, the take it down act and non consensual deepfake abuse in schools. And that's, you know, something that unfortunately is a huge problem in schools all the way up to senior citizens who unfortunately are some of the biggest targets of these, these types of social engineering attacks.
[22:05]
C
What do you suppose the future looks like here? How are we going to get control of this situation?
[22:11]
A
Yeah, look, I think the future is that people need to become accustomed to a different sense of identity. Right? They need to be aware that, you know, someone is, it's very easy for someone to impersonate a loved one, to know a lot of information about you and your family. And you know, if they're asking you to do something that seems wrong, seems hokey, you know, they're calling you from some number you've never heard before. You know, you need to have a code word, you need to have steps you take in order to authenticate them before doing anything.
[22:44]
B
Any closing words of wisdom for folks out there best looking to come at this problem.
[22:51]
A
Yeah, look, my word of wisdom would be it all seems a little scary and a little overwhelming. But if we just train ourselves and our people to take a minute when something seems a little off, take a step back and really when in doubt, you can take a minute and not do anything. You know, there are a few times where, you know, urgent action is really required. And I think especially with something that seems like a, you know, impersonation attack where they really, really push on. Urgency is the opportunity for people that to take a second, think logically and then look at the controls of the organization or, you know, if it's in your own household.
[23:34]
C
The code words that's Brian Long, CEO and co founder of Adaptive Security.
[23:54]
B
When it comes to mobile application security, good enough is a risk. A recent Survey shows that 72% of organizations reported at least one mobile application security incident last year, and 92% of responders reported threat levels have increased in the past two years. Guard Square delivers the highest level of security for your mobile apps without compromising performance, time to market or user experience. Discover how Guard Square provides industry leading security for your Android and iOS apps at www.guardsquare.com.
[24:39]
C
Ever wished you could rebuild your network
[24:41]
B
from scratch to make it more secure, scalable and simple? Meet Meter, the company reimagining enterprise networking from the ground up. Meter builds full stack zero trust networks including hardware, firmware and software, all designed to work seamlessly together.
[24:59]
C
The result?
[25:00]
B
Fast, reliable and secure connectivity without the constant patching, vendor juggling or hidden costs.
[25:07]
C
From wired and wireless to routing, switching,
[25:10]
B
firewalls, DNS security and vpn, every layer is integrated and continuously protected in one unified platform. And since it's delivered as one predictable monthly service, you skip the heavy capital costs and endless upgrade cycles. Meter even buys back your old infrastructure to make switching effortless, transform complexity into simplicity, and give your team time to focus on what really matters, helping your business and customers thrive. Learn more and book your demo@meter.com cyberwire that's M E T E R.com cyberwire.
[26:02]
C
And finally, the OpenID foundation is warning that the Internet has a serious blind spot. What happens to our digital lives after we die? In a new report, the Unfinished Digital Estate, the group says there's no consistent global standard for handling the accounts of deceased users, leaving everything from email and social media to cryptocurrency in a legal and technical gray area. Right now, platforms treat death like a rare corner case, even though it eventually applies to every Internet user. According to the report, the lack of coordination could invite fraud, identity abuse and even scams powered by deepfake technology that impersonates the deceased to manipulate friends or relatives. The problem is compounded by privacy laws like GDPR and ccpa, which largely stop protecting personal data after death. The foundation is urging policymakers and tech companies to establish clearer digital inheritance rules, stronger identity protections, and standardized systems that allow trusted individuals to manage accounts without relying on shared passwords. Because while the Internet never forgets, it also hasn't figured out when it should let go. And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2n2k's lead producer is Liz Stokes. We're mixed by Trey Hester with original music and sound design by Elliot Peltzman. Our contributing host is Maria Vermazes, our executive producer is Jennifer Ibin. Peter Kilpe is our publisher and I, Dave Bittner.
[28:21]
B
Thanks for listening.
[28:22]
C
We'll see you back here tomorrow.
[28:29]
B
Foreign. If you only attend one cybersecurity conference this year, make it RSAC 2026.
[28:52]
C
It's happening March 23rd through the 26th
[28:54]
B
in San Francisco, bringing together the global security community for four days of expert insights, hands on learning and real innovation. I'll say this plainly, I never miss this conference. The ideas and conversations stay with me all year. Join thousands of practitioners and leaders tackling today's toughest challenges and shaping what comes next. Register today@rsaconference.com cyberwire26.
[29:22]
C
I'll see you in San Francisco.
[29:35]
B
Most security conferences talk about Zero Trust. Zero Trust World puts you inside. This is a hands on cybersecurity event designed for practitioners who want real skills, not just theory. You'll take part in Live Hacking Labs where you'll attack real environments, see how modern threats actually work, and learn how to stop them before they turn into incidents. But Zero Trust World is more than labs. You'll also experience expert led sessions, practical case studies and technical deep dives focused on real world implementation. Whether your Blue Team, Red Team or responsible for securing an entire organization, the content is built to be immediately useful. You'll earn CPE credits, connect with peers across the industry and leave with strategies you can put into action right away. Join us March 4th through the 6th in Orlando, Florida. Register now at ztw.com and take your zero trust strategy from theory to execution.