Summary7 min read

CyberWire Daily – "Wind and Solar Take a Cyber Hit" (Feb 2, 2026)

Host: Dave Bittner (N2K Networks)
Guest Segment: Ann Johnson (Microsoft) & Dr. Lori Cranor (Carnegie Mellon)

Overview

This episode focuses on recent cyber threats impacting critical infrastructure—especially wind and solar energy sites—as well as key cyber incidents targeting Denmark, Ukraine, the software supply chain, privacy, and trade secrets. The show also features an insightful segment on the persistent challenges in cybersecurity usability, passwordless authentication, privacy expectations, and a cautionary tale about insecure AI-powered toys.

Key Discussion Points & Insights

1. Major Incidents Affecting Wind and Solar Power in Poland

[03:00–04:10]

Russian state-linked hackers breached Poland’s energy infrastructure via basic security lapses like default credentials and lack of multi-factor authentication.
The attacks targeted wind, solar farms, and a heat/power plant. While destructive malware was thwarted at the heat/power plant, control systems at wind/solar facilities were rendered inoperable.
Crucially, no outages occurred and the grid wasn’t destabilized.
The attack was attributed by Poland’s CERT to Russian group Berserk Bear ("Dragonfly").

“The attackers attempted to deploy destructive wiper malware designed to erase systems and potentially disrupt operations.” — [03:29]

2. Russian Hacker Alliance Threatens Denmark

[04:10–05:11]

The "Russian Legion," a new hacker alliance, threatened a large-scale cyberattack on Denmark, demanding the withdrawal of military aid to Ukraine.
Initial Distributed Denial of Service (DDoS) attacks targeted public service and energy sector sites.
Group is seen as state-aligned but not state-funded; their efforts rely on intimidation and disruption, not severe damage.

“DDoS attacks were only the beginning. … Such campaigns often rely on intimidation and disruption rather than escalating to severe cyber damage.” — [04:41]

3. Fancy Bear Exploits Microsoft Office Flaw Against Ukraine & EU

[05:11–06:20]

APT28 (Fancy Bear) exploited a newly disclosed, unpatched Microsoft Office vulnerability through phishing emails and malicious Word documents.
Targeted Ukrainian and EU orgs; attacks predated widespread patching.
Exploited via command and control (using Covenant C2) and comm hijacking.

“The attack chain involved phishing emails with weaponized documents that triggered external connections, downloaded malicious files and ultimately deployed the Covenant Command and Control framework using comm hijacking techniques.” — [05:58]

4. Notepad Supply Chain Compromise

[06:20–07:30]

Notepad’s security incident traced to a compromise at its former hosting provider, not app code.
Attacker redirected update traffic via stolen credentials; campaign likely started in June.
Targeted nature suggests Chinese state sponsorship.
Notepad has since migrated to a new host, strengthened update checks, and urges manual updates.

5. Supply Chain Attacks in the Claudebot (Multbot) AI Ecosystem

[07:30–08:40]

Over 230 malicious “skills” published to the official AI registry and GitHub—posing as crypto or automation tools.
Skills targeted both Windows and MacOS, stealing sensitive info via social engineering.
Skills mostly remain online despite reports, exposing the fragility of security review in AI skills ecosystems.

“All malicious skills shared the same command and control infrastructure and showed no evidence of security review before publication.” — [07:58]

6. Threats Against Journalists and Security Researchers

[08:40–09:47]

Survey (by Decent Doe & Zach Whitaker) found 77% of security researchers/journalists experienced threats.
Legal threats were common (e.g., demand letters), as were criminal threats (esp. against journalists).
Many feel powerless, with their work shaped by fear yet most do not retract or change work.

“They don’t like it. They still would like to protect their privacy, but they feel powerless to do anything about it.” (See [20:29] for a similar sentiment from Dr. Cranor)

7. Advanced Windows Malware: Pulsar RAT + Stealer V37

[09:47–10:34]

New malware combines credential theft, crypto-theft, and gaming account hacks; fully memory-resident and evasive.
Attackers can interact live with victims via chat windows; data exfiltrated to Discord and Telegram.

“Unusually, attackers can interact with victims through a live chat window while stealing data.” — [10:10]

8. Economic Espionage: Former Google Engineer Convicted

[10:34–11:40]

Linway Ding, former Google engineer, convicted of stealing AI/supercomputing trade secrets for China.
Over 2,000 pages exfiltrated while maintaining ties to Chinese tech firms and even founding a startup there.
Evidence showed participation in Chinese government talent programs and attempts to conceal activities.

9. Cybersecurity Funding & M&A Trends

[11:40–13:02]

Strong investment and deal activity: $250M Series B for Upwind (cloud security), $150M funding for Clarity (cyber-physical systems), and multiple rounds for AI/code security, SOC automation, and more.
M&A highlights: acquisitions in AI governance, GRC, API security testing, managed services—driven by a push for integrated platforms.

10. Usability & Privacy: Ann Johnson & Dr. Lori Cranor Interview

[16:33–22:14]

[Security Design and Human Factors]

Security design often overlooks user experience; security pros rarely collaborate closely with usability experts.

“We often forget to consider the human and the user…We haven’t really found a great solution that is better than passwords that meets all the criteria that we have.” — Dr. Lori Cranor [16:55]

[Passwordless Authentication (Passkeys)]

Passkeys are promising but currently too confusing, even for experts.

“They’re confusing. … If I accept the passkey here and then I want to access this account from another device, what do I do?” — Dr. Cranor [18:41]

[Privacy Attitudes in the Digital Age]

People aren’t less concerned about privacy, just more resigned and feel powerless.

“They don’t like it. They still would like to protect their privacy, but they feel powerless to do anything about it. … I like the convenience of using all these privacy invasive services and since there’s nothing I can do about it, I’ve just given in and I use them.” — Dr. Cranor [19:31]

[Hope for Usable Security]

Progress is visible: 25 years ago, almost no usable security research. Now, hundreds of papers, industry interest, and concrete advances like encrypted browsers.

“We’re seeing that companies are increasingly trying to make some efforts to find more usable security solutions. … There’s still a lot of work to be done, but I feel that we actually have made progress.” — Dr. Cranor [21:08]

11. Security Fail: The “AI Dinosaur” Toy Leak

[23:07–24:21]

Researchers found that Bondu’s AI dinosaur toy exposed over 50,000 chat logs (with children’s names, birthdays, family secrets) to anyone with a Gmail account.
No hacking required—just login.
Company focused on content safety, not back-end; responded after discovery, but the data exposure was significant.

“An AI toy that remembers everything also exposes everything, and toddlers shouldn’t need operational security training to play with a plush dinosaur.” — [24:21]

Notable Quotes (By Speaker & Timestamp)

Dave Bittner:
“The attackers attempted to deploy destructive wiper malware designed to erase systems and potentially disrupt operations.” [03:29]
Dr. Lori Cranor:
“We haven’t really found a great solution that is better than passwords that meets all the criteria that we have.” [16:55]
“They’re confusing. … I also am confused by them. … when my less technically sophisticated friends say, should I use passkeys? I don’t really know what to tell them.” [18:41]
“They don’t like it. They still would like to protect their privacy, but they feel powerless to do anything about it. … I’ve really just given up. I like the convenience of using all these privacy invasive services and since there’s nothing I can do about it, I’ve just given in.” [19:31]
“We’re seeing that companies are increasingly trying to make some efforts to find more usable security solutions. … There’s still a lot of work to be done, but I feel that we actually have made progress.” [21:08]
Ann Johnson:
“If this is complex for me, who ostensibly has been doing this a long time, what’s it like for the average person?” [18:25]
CyberWire Host:
“An AI toy that remembers everything also exposes everything, and toddlers shouldn’t need operational security training to play with a plush dinosaur.” [24:21]

Timestamps for Key Segments

Wind/Solar Cyberattack in Poland: [03:00–04:10]
Danish DDoS Threats: [04:10–05:11]
Fancy Bear/Microsoft Office Attack: [05:11–06:20]
Notepad Supply Chain Incident: [06:20–07:30]
Claudebot AI Ecosystem Attack: [07:30–08:40]
Journalists/Researchers Threat Report: [08:40–09:47]
Pulsar RAT & Stealer V37 Malware: [09:47–10:34]
Google Espionage Trial: [10:34–11:40]
Cyber Deal Activity: [11:40–13:02]
Ann Johnson x Dr. Lori Cranor Segment: [16:33–22:14]
AI Dinosaur Toy Data Exposure: [23:07–24:21]

Memorable Moments

The shock and resignation found in public attitudes toward privacy invasions even as people continue using convenience-driven tech ([19:31]).
The insecurity of supply chains in both AI and open source, as shown by the Claudebot/Notepad incidents.
Dr. Cranor’s honest assessment of the lack of clear, usable, universal alternatives to passwords ([16:55], [18:41]).
The “AI dinosaur” as a metaphor for both innovation and risk in consumer AI technology ([24:21]).

Conclusion

This episode captures the evolving (and increasingly complex) landscape of cyber threats targeting critical infrastructure, supply chains, and individual privacy. Notably, human factors and usability remain both a challenge and area for progress in effective and widely adopted security. The show closes with a powerful reminder: technology—especially when entrusted with the privacy of the most vulnerable—can fall short in surprising and troublesome ways.

Loading summary

Transcript107 lines

[00:02]
Dr. Lori Cranor
You're listening to the Cyberwire Network, powered by N2K.
[00:15]
N2K Host
Most security conferences talk about Zero Trust Zero Trust World puts you inside this is a hands on cybersecurity event designed for practitioners who want real skills, not just theory. You'll take part in live hacking labs where you'll attack real environments, see how modern threats actually work and learn how to stop them before they turn into incidents. But Zero Trust World is more than labs. You'll also experience expert led sessions, practical case studies and technical deep dives focused on real world implementation. Whether you're blue team, red team, or responsible for securing an entire organization, the content is built to be immediately useful. You'll earn CPE credits, connect with peers across the industry and leave with strategies you can put into action right away. Join us March 4th through the 6th in Orlando, Florida. Register now@ZTW.com and take your Zero Trust strategy from theory to execution.
[01:31]
Dave Bittner
Poland says weak security left parts of its power grid exposed A Russian linked hacker alliance threatens Denmark with a promised cyber offensive. Fancy Bear moves fast on a new Microsoft Office flaw hitting Ukrainian and EU targets. Researchers find a sprawling supply chain attack buried in the claudebot AI ecosystem. A new report looks at how threats are shaping the work of journalists and security researchers. A stealthy Windows malware campaign blends Pulsar rat with Steeler v37 a former Google engineer is convicted of stealing AI trade secrets for China. We've got the latest cybersecurity funding and deal news on our afternoon CyberTea segment. Microsoft's Ann Johnson chats with Dr. Lori Cranor from Carnegie Mellon about security design and the AI dinosaur that knew too much.
[02:35]
Cyberwire Intel Briefing Host
Foreign.
[02:39]
Dave Bittner
February 2, 2026 I'm Dave Bittner.
[02:42]
Cyberwire Intel Briefing Host
And this is your Cyberwire Intel Briefing.
[02:59]
Dave Bittner
Thanks for joining us here today.
[03:00]
Cyberwire Intel Briefing Host
It's great as always to have you with us. A Polish government report says Russian state linked hackers breached parts of Poland's energy infrastructure by exploiting basic security failures, including default usernames, passwords and the absence of multi factor authentication. Poland's Computer Emergency Response Team, part of the Ministry of Digital affairs, detailed intrusions.
[03:26]
Dave Bittner
Late last year affecting wind farms, solar.
[03:29]
Cyberwire Intel Briefing Host
Farms and heat and power Plant. The attackers attempted to deploy destructive wiper malware designed to erase systems and potentially disrupt operations.
[03:39]
Dave Bittner
While the malware was stopped at the.
[03:42]
Cyberwire Intel Briefing Host
Heat and power plant, monitoring and control systems at the wind and solar sites were rendered inoperable. Despite the damage, no power outages occurred and officials said grid stability was never at risk. Earlier reporting by cybersecurity firms linked the incident to Sandworm A But Poland's CERT attributed the attack to the Russian group Berserk Bear, also known as Dragonfly.
[04:10]
Dave Bittner
Security firm Trusek reports that a newly formed Russian hacker alliance calling itself the.
[04:16]
Cyberwire Intel Briefing Host
Russian Legion has threatened Denmark with a large scale cyber attack.
[04:21]
Dave Bittner
Dubbed Op Denmark, the group announced on January 27, is led by an assortment of hackers who recently carried out a distributed denial of service attack against a.
[04:32]
Cyberwire Intel Briefing Host
Danish public service site. The hackers issued an ultimatum on Telegram.
[04:37]
Dave Bittner
Demanding Denmark withdraw a planned 1.5 billion.
[04:41]
Cyberwire Intel Briefing Host
DKK military aid package to Ukraine, warning that DDoS attacks were only the beginning. Since then, they've claimed responsibility for multiple DDoS attacks, including against energy sector organizations. Trusec assesses the group as likely state aligned but not state funded by and notes that such campaigns often rely on intimidation and disruption rather than escalating to severe cyber damage.
[05:11]
Dave Bittner
Ukrainian cyber authorities warn that the Russian linked hacking group Fancy Bear, also known.
[05:17]
Cyberwire Intel Briefing Host
As APT28, is exploiting a recently disclosed Microsoft Office vulnerability to target Ukrainian and European Union organizations. Ukraine's national computer emergency response team CERT UAE reported finding malicious Word documents abusing a high severity flaw disclosed by Microsoft on January 26. According to CERT UA, the vulnerability was exploited in the wild before many users had applied updates. The attack chain involved phishing emails with weaponized documents that triggered external connections, downloaded malicious files and ultimately deployed the Covenant Command and Control framework using comm hijacking techniques. Microsoft confirmed active exploitation and urged users to apply updates or restart Office applications. CERT UA warned that attacks are likely to increase due to patching delays and identified additional EU focused documents using the same exploit.
[06:20]
Dave Bittner
The maintainer of Notepad says a months long security incident stemmed from a compromise.
[06:27]
Cyberwire Intel Briefing Host
At its former shared hosting provider, not.
[06:30]
Dave Bittner
From vulnerabilities in Notepad code itself.
[06:34]
Cyberwire Intel Briefing Host
According to investigators, attackers intercepted and selectively redirected update traffic for certain users to malicious servers by abusing compromised hostile infrastructure and stolen internal credentials. The activity likely began in June of last year and continued in limited form until early December. Multiple researchers assessed the attacker as likely a Chinese state sponsored group, citing the highly targeted nature of the campaign. The hosting provider says access to the server ended in September, but leaked credentials allowed traffic manipulation until December. In response, Notepad migrated to a new host and strengthened update verification, adding certificate signature and XML signing checks. Users are urged to update manually to the latest version.
[07:30]
Dave Bittner
Researchers have uncovered a large scale supply chain attack abusing the Claudebot AI assistant.
[07:37]
Cyberwire Intel Briefing Host
Ecosystem, recently renamed Multbot, where more than 230 malicious skills were published to the official Clawhub registry and GitHub between late January and early February of this year. The skills masqueraded as cryptocurrency trading and automation tools, but relied on social engineering to trick users into running malicious commands or downloading fake authentication tools. Once executed, the malware targeted both macOS and Windows systems, stealing cryptocurrency wallet, data exchange, API keys, browser passwords, SSH credentials and cloud secrets. All malicious skills shared the same command and control infrastructure and showed no evidence of security review before publication. Despite reports to maintainers, most skills reportedly remain online, highlighting serious security gaps in emerging AI skills marketplaces and the growing risk of trust based supply chain attacks.
[08:41]
Dave Bittner
A newly published report by a researcher who goes by the name Decent Doe.
[08:46]
Cyberwire Intel Briefing Host
And journalist Zach Whitaker examines how legal.
[08:50]
Dave Bittner
And criminal threats affect security, researchers and journalists.
[08:54]
Cyberwire Intel Briefing Host
In a Pilot survey of 112 respondents, 77% said they have been threatened due to their work, while 23% reported no threats. About half reported at least one legal threat and 69% they or their employer faced legal action or legal process, often via emails or demand letters. Most consulted a lawyer and 63% did not retract or change their work. Criminal threats were reported by 39 of 86 respondents, with journalists more likely than researchers to face them. Many threats included violence, but few were deemed credible and only 41% contacted law enforcement. Still, 44% said fear of threats shaped their choices and showing a chilling effect even when work continued.
[09:47]
Dave Bittner
Researchers at Point Wild warn of a new Windows malware campaign combining the Pulsar rat with stealer V37.
[09:57]
Cyberwire Intel Briefing Host
Designed to steal credentials, cryptocurrency and gaming accounts, the malware runs entirely in memory, using built in Windows tools to evade detection and injecting itself into trusted processes.
[10:11]
Dave Bittner
Unusually, attackers can interact with victims through a live chat window while stealing data.
[10:17]
Cyberwire Intel Briefing Host
The tools enable webcam and microphone access, password theft, clipboard hacking and broad data harvesting. Stolen information is exfiltrated via discord and telegram, highlighting a highly interactive and evasive threat.
[10:34]
Dave Bittner
A US Federal jury has convicted Linway.
[10:37]
Cyberwire Intel Briefing Host
Ding, a former Google software engineer a.
[10:41]
Dave Bittner
Of stealing sensitive AI, supercomputing trade secrets.
[10:44]
Cyberwire Intel Briefing Host
And sharing them with Chinese technology firms. Prosecutors said Ding exfiltrated more than 2,000 pages of confidential data between 2022 and 2023, including details on Google's AI infrastructure, custom chips and large scale orchestration systems. While employed at Google, Ding allegedly maintained undisclosed ties to China based companies, negotiated a CTO role and later founded his own AI firm in China. Evidence showed he sought to support China's technological ambitions and applied to a government backed talent program. Ding also concealed his activities from Google, including his travel to China. After an 11 day trial, he was convicted on multiple counts of economic espionage and trade secret theft, with sentencing pending.
[11:40]
Dave Bittner
Looking back at last week for our business breakdown, cybersecurity funding and deal activity.
[11:46]
Cyberwire Intel Briefing Host
Remained strong with a mix of large late stage rounds, early stage raises and consolidation across multiple regions. Upwind led the week with a $250.
[11:58]
Dave Bittner
Million Series B to expand its cloud.
[12:01]
Cyberwire Intel Briefing Host
Security platform across data, AI and code. Clarity followed with $150 million in new funding plus $50 million in secondary financing to accelerate global growth in cyber physical systems security.
[12:17]
Dave Bittner
Mid stage and seed rounds supported firms tackling fraud prevention, AI code security, SOC.
[12:24]
Cyberwire Intel Briefing Host
Automation, remote access, remediation and application security, reflecting continued investor interest in operational security and developer focused tools. Funding ranged from $37 million Series A rounds to sub $1 million pre seed investments.
[12:43]
Dave Bittner
M and A Activity also remained active with acquisitions spanning AI governance, grc, API.
[12:50]
Cyberwire Intel Briefing Host
Security testing and managed services, underscoring ongoing platform expansion and market consolidation as vendors seek broader integrated security offerings.
[13:02]
Dave Bittner
We have all the details in our weekly business brief part of Cyberwire Pro.
[13:07]
Cyberwire Intel Briefing Host
You can learn more about that on our website.
[13:19]
Dave Bittner
Coming up after the break, Microsoft's Ann Johnson and Carnegie Mellon's Dr. Lori Cranor discuss security design and the AI dinosaur.
[13:28]
Cyberwire Intel Briefing Host
That knew too much. Stay with us.
[13:45]
N2K Host
Ever wished you could rebuild your network from scratch to make it more secure, scalable and simple? Meet Meter, the company reimagining enterprise networking from the ground up. Meter builds full stack zero trust networks including hardware, firmware and software. All all designed to work seamlessly together.
[14:04]
Cyberwire Intel Briefing Host
The result?
[14:05]
N2K Host
Fast, reliable and secure connectivity without the constant patching, vendor juggling or hidden costs. From wired and wireless to routing, switching, firewalls, DNS security and vpn, every layer is integrated and continuously protected in one unified platform. And since it's delivered as one predictable monthly service, you skip the heavy capital costs and endless upgrade cycles. Meter even buys back your old infrastructure to make switching effortless, transform complexity into simplicity and give your team time to focus on what really matters, helping your business and customers thrive. Learn more and book your demo@meter.com cyberwire that's M E T E R.com cyberwire.
[14:57]
Cyberwire Intel Briefing Host
Foreign.
[15:05]
N2K Host
If securing your network feels harder than.
[15:07]
Cyberwire Intel Briefing Host
It should be, you're not imagining it. Modern businesses need strong protection, but they.
[15:13]
Dave Bittner
Don'T always have the time, staff or.
[15:15]
Cyberwire Intel Briefing Host
Patience for complex setups.
[15:17]
N2K Host
That's where NORD Layer comes in.
[15:19]
Dave Bittner
NORD Layer is a toggle ready network.
[15:22]
Cyberwire Intel Briefing Host
Security platform built for businesses.
[15:24]
N2K Host
It brings VPN access control and threat.
[15:27]
Cyberwire Intel Briefing Host
Protection together in one place. No hardware, no complicated configuration. You can deploy it in minutes and be up and running in less than 10.
[15:36]
Dave Bittner
It's built on zero trust principles so.
[15:39]
Cyberwire Intel Briefing Host
Only the right people can get access to the right resources. It works across all major platforms, scales.
[15:45]
Dave Bittner
Easily as your teams grow and integrates.
[15:48]
Cyberwire Intel Briefing Host
With what you already use.
[15:50]
N2K Host
And now Nordlayer goes even further through its partnership with CrowdStrike, combining Nordlayer's network security with Falcon Endpoint protection for small.
[15:59]
Cyberwire Intel Briefing Host
And mid sized businesses.
[16:01]
N2K Host
Enterprise grade security made manageable.
[16:04]
Cyberwire Intel Briefing Host
Try Nordlayer risk free and get up.
[16:06]
N2K Host
To 22% off yearly plans plus an extra 10% with the code CYBERWIRE10.
[16:12]
Dave Bittner
Visit nordlayer.com cyberwire daily to learn more.
[16:21]
N2K Host
Foreign.
[16:31]
Dave Bittner
On today's segment from the afternoon CyberTea.
[16:34]
Cyberwire Intel Briefing Host
Podcast, Microsoft's Ann Johnson is joined by Dr. Lori Cranor, Director of the Cylab Security and Privacy Institute at Carnegie Mellon University.
[16:44]
Dave Bittner
They're discussing ongoing challenges with passwords and.
[16:48]
Cyberwire Intel Briefing Host
Passwordless authentication and how privacy expectations have evolved in an era of constant data collection.
[16:56]
Dr. Lori Cranor
I think in practice, when people are designing security tools, they're focused on security and they often don't take the time to think about the users and how the tool would fit into their workflow. And often the security experts behind the tools are not actually usability or human factors experts. And so without the security people working in partnership with usability people, we often forget to consider the human and the user. We haven't really found a great solution that is better than passwords that meets all the criteria that we have. I think we want something that is going to be more secure than passwords, easier to use, compatible with a wide range of different devices, and also by the way, compatible with all sorts of legacy software. And it's really hard to find something that meets all of that criteria. I think in some specific domains we've been successful. So I think in the context of mobile phones, the biometrics that are used on a lot of mobile phones, either face recognition or a fingerprint are effective in that context, but it's not effective in contexts that don't have a camera or a fingerprint reader. And it may not be secure enough for a lot of contexts.
[18:25]
Ann Johnson
As a cyber professional and also a consumer, I often think about what the user experience is because I look at it and say, okay, if this is complex for me, who ostensibly has been doing this a long time, what's it like for the average person? So do you really think passkeys are the things that are going to remove.
[18:41]
Dr. Lori Cranor
The friction not anytime Soon. I think the concept behind passkeys is good, but they're confusing. And yeah, I also am confused by them. If I accept the passkey here and then I want to access this account from another device, what do I do? And I often in the passkey process get confused about where I am and don't know whether it succeeded or what's going on. And so when my less technically sophisticated friends say, should I use passkeys? I don't really know what to tell them. Yes, in theory they're more secure and it will eventually be easier, but if you run into problems, I'm not going to be able to help you.
[19:21]
Ann Johnson
Now that we are in an era where we have pervasive data collection, we have AI driven systems, we have people voluntarily putting all of their out on social media for the world to see, how do you think about privacy?
[19:32]
Dr. Lori Cranor
Yeah, so I've been doing privacy research for about 25 years and I think people's attitudes have shifted some, but not in the way that it's often characterized. Like I often hear the media say things like, you know, young people don't care about privacy anymore. Actually, nobody cares about privacy. Look at all the data they give away. And I don't really think that's true. So when I started doing research in this area, when you talk to people about various technologies that were invading their privacy, they actually were quite surprised. Sometimes they didn't believe that these things were real. I remember talking to people about third party advertising on the web and people said, really? They can do that? That sounds like science fiction. And you know, they definitely didn't like it. Once they heard about it, they said, it sounds like they're following me behind my back. This is terrible. Are you sure this is happening today? You talk to people about these sorts of things and even new things that are just barely happening and people are not surprised. They're like, yeah, I know everybody, everybody can spy on you all the time and there's nothing you can do about it. They don't like it. They still would like to protect their privacy, but they feel powerless to do anything about it. And many of them will say, well, I've really just given up. I like the convenience of using all these privacy invasive services and since there's nothing I can do about it, I've just given in and I use them.
[21:04]
Ann Johnson
What gives you hope that we can finally bridge the usability gap in cybersecurity?
[21:09]
Dr. Lori Cranor
Well, we have actually seen progress. When I started working in this area about 25 years ago, first of all, was very little research. I started looking for usable security papers and there were like two or three out there. And I started looking for usable security researchers, and I found a dozen or so people and I looked at, well, what companies were actually thinking about this, and there were very few. And I think today, well, there are thousands of usable security research papers and at least hundreds if not thousands of usable security researchers. And we're seeing that companies are increasingly trying to make some efforts to find more usable security solutions. There's still a lot of work to be done, but I feel that we actually have made progress. And, you know, things like the encrypted web browsers is a good example of how far we've come.
[22:15]
Dave Bittner
Be sure to check out the complete afternoon CyberTea podcast.
[22:18]
Cyberwire Intel Briefing Host
Wherever you get your favorite podcast.
[22:33]
Microsoft 365 Copilot Announcer
The world moves fast, your workday even faster. Pitching products, drafting reports, analyzing data. Microsoft 365 Copilot is your AI assistant for work built into Word, Excel, PowerPoint, and other Microsoft 365 apps you use, helping you quickly write, analyze, create and summarize so you can cut through clutter and clear a path to your best work. Learn more@Microsoft.com M365 copilot.
[23:07]
Dave Bittner
And finally, picture a brightly colored, Internet.
[23:11]
Cyberwire Intel Briefing Host
Connected dinosaur plush marketed as a friendly AI companion that chats with toddlers, learns their preferences, and promises safe, wholesome conversations. Now picture that dinosaur quietly dumping its entire memory onto the open Web. Security researchers Joseph Thacker and Joel Margolis found that Bondu's AI dinosaur toys exposed.
[23:36]
Dave Bittner
More than 50,000 private chat logs to.
[23:39]
Cyberwire Intel Briefing Host
Anyone with a Gmail account. No hacking required. Just log in and read children's names, birthdays, family details, and every whispered fear or favorite snack shared with a stuffed animal. Thacker stumbled on the flaw within minutes after a neighbor asked if the toy was safe, Bondu took the console offline quickly and said, there's no evidence. Others accessed the data, but but the damage was already clear. The company worked hard to stop the dinosaur from saying anything inappropriate, even offering a bounty for bad responses, while leaving the entire conversation database wide open.
[24:19]
Dave Bittner
The takeaway is uncomfortable.
[24:22]
Cyberwire Intel Briefing Host
An AI toy that remembers everything also exposes everything, and toddlers shouldn't need operational security training to play with a plush Dinosau.
[24:46]
Dave Bittner
And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com don't forget to check out the Grumpy Old Geeks podcast, where I contribute to a regular segment on Jason and Brian's show every.
[24:59]
Cyberwire Intel Briefing Host
Week you can find Grumpy Old geeks where all the fine podcasts are listed.
[25:04]
Dave Bittner
We'd love to know what you think of this podcast.
[25:06]
Cyberwire Intel Briefing Host
Your feedback ensures we deliver the insights.
[25:08]
Dave Bittner
That keep you a step ahead in.
[25:10]
Cyberwire Intel Briefing Host
The rapidly changing world of cybersecurity.
[25:12]
N2K Host
If you like our show, please share.
[25:14]
Cyberwire Intel Briefing Host
A rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email.
[25:20]
Dave Bittner
To cyberwire2k.com N2K senior producer is Alice Carruth.
[25:26]
Cyberwire Intel Briefing Host
Our Cyberwire producer is Liz Stokes were mixed by Trey Hester with original music by Elliot Peltzman. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher and I'm Dave Piffner. Thanks for listening. We'll see you back here tomorrow.
[26:14]
Dave Bittner
If you only attend one cybersecurity conference.
[26:17]
Cyberwire Intel Briefing Host
This year, make it RSAC 2026. It's happening March 23rd through the 26th.
[26:23]
N2K Host
In San Francisco, bringing together the global security community for four days of expert insights, hands on learning and real innovation. I'll say this plainly, I never miss this conference. The ideas and conversations stay with me all year. Join thousands of practitioners and leaders tackling today's toughest challenges and shaping what comes next. Register today@rsaconference.com cyberwire26 I'll see you in San Francisco.