Daily Cyber Threat Brief – Episode 1106

Podcast: Daily Cyber Threat Brief
Host: Dr. Gerald Auger, Simply Cyber Media Group
Date: April 8, 2026
Duration Covered: ~60 minutes (Topics begin at 12:19)

Overview

In this episode, Dr. Gerald Auger ("Jerry") brings his trademark blend of expertise, irreverence, and community energy to dissect eight of the day's hottest cybersecurity stories. From cutting-edge AI risks to nation-state hacking, critical infrastructure threats, and career tips, this episode targets cybersecurity pros and newcomers alike. As always, Jerry delivers real-world insights, actionable takeaways, and peppers in moments of humor and nostalgia.
Theme: Staying ahead in a rapidly-changing cyber landscape, understanding the real impact behind headlines, and supporting community-driven cyber career growth.

Key Discussion Points & Insights

1. Anthropic’s Project Glasswing – Supercharged AI for Bug Discovery

[13:22]

Story: Anthropic is restricting access to its Claude Mythos Preview AI model, which has autonomously found thousands of vulnerabilities—including some long hidden. Access will be limited via Project Glasswing, with 40+ vetted partners.
Risks: The model's ability to find and weaponize vulnerabilities is a double-edged sword. Highly beneficial for defenders—but equally dangerous if acquired by threat actors.
Jerry’s Insight:
- It’s NOT a silver bullet for defense: even instant bug discovery doesn’t equal instant fixes; unpatched or abandoned software will inevitably be left open.
- The US government is “so sweaty, thirst trap style” for zero-day weapons via this tech.
- Quote: “This goes from like a cute LLM that can do fun things and help you write LinkedIn posts, to making weapons.” (13:52)
Ethics and Regulation: Commends Anthropic for being “the adult in the room” and not just racing ahead with AI. AI regulation is lagging globally, so industry self-governance is crucial.
Book Recommendation: "This Is How They Tell Me the World Ends" by Nicole Perlroth — explores the black market for zero-days.

2. US Administration Proposes Major CISA Budget Cuts

[22:02]

Story: Proposal to cut $707 million from CISA’s FY27 budget; focus shifts to securing federal systems and critical infrastructure, eliminating side initiatives.
Jerry’s Insight:
- In practice, many of the relevant programs are already shuttered; the cut is largely an accounting cleanup.
- Swipes at accusations that CISA is more about censorship or self-promotion, defending Jen Easterly’s proactive, accessible leadership:
  Quote: “You have to be the face of information security ... when bad does happen, you get alerted quicker.” (24:16)
Election Security: CISA’s role will be under the microscope as elections approach, with ongoing policy and political tensions.

3. Russian APT28 Compromising Routers & Harvesting Credentials

[26:08]

Story: NCSC UK and US agencies warn that Russian GRU-linked APT28 is compromising routers, modifying DNS settings to siphon Microsoft Office authentication tokens (over 18,000 networks impacted).
Attack Flow:
- Compromise router → Change DNS settings → Victim redirected to lookalike login page → Credentials stolen.
Best Practices:
- Home and business users should consider alternate DNS services (e.g., Cloudflare, NextDNS) for added security.
- Importance of monitoring for changed DNS and router config integrity.
Quote: “Spoiler alert: they’re changing DNS.” (30:25)

4. Iranian APTs Attacking Critical Industrial Controllers

[32:24]

Story: US FBI, CISA, and NSA warn that Iranian actors are targeting Rockwell Allen-Bradley PLCs and other industrial controllers exposed online. The focus is on energy, water, and similar critical infrastructure, escalating amid geopolitical flare-ups.
Insight:
- Iran is “spending all their resources… let it fly,” targeting US infrastructure in a context of heightened conflict.
- Emphasizes the broad legal definition of critical infrastructure: 16 sectors, including healthcare and manufacturing, both already primary ransomware targets.
Actionable Advice: Organizations in any critical sector should increase monitoring, threat hunting, and patching.
Quote: “Move from DEFCON 4 to DEFCON 3.” (36:40)

5. Way-back Wednesday: Nostalgia & Community Building

[38:44]

Segment: Jerry celebrates ‘Way Back Wednesday’ by reminiscing about 1980s camcorders—connecting the past to the present ease of content creation.
- Community engagement, recognizing new chat members, and first-timers.

6. Cyberattack Disrupts Northern Ireland’s School Network (C2K)

[42:59]

Story: Centralized school network outage affects 300,000+ students and 20,000 staff. Systems being restored; no evidence of data theft, but all credentials reset as a precaution.
Lessons Learned:
- Incident response is more complex than it appears—resetting all credentials includes understanding dependencies, not just in Active Directory, but across apps, networking devices, and service accounts.
- Restoration order matters: “You need to understand the order in which things get restored for the most optimal path to get back to a known-good state.” (45:41)

7. Critical Flowise RCE Vulnerability under Active Attack

[50:11]

Story: Attackers exploiting a critical RCE by injecting JavaScript in open-source Flowise (AI/LLM platform) instances; thousands exposed online. Patch to v3.0.6+ ASAP.
General Point:
- This specific app may seem niche, but the lesson applies: widespread use of open-source/AI tools multiplies shadow IT and untracked exposures.
- Use Shodan to survey your IP space for exposed instances.
- Quote: “Instead of focusing on ‘hey, developers, update Flowise,’ just remind everyone—keep your AI tools up to date… There are a lot of threat actors doing a lot of crap out there.” (53:56)

8. FBI: Cybercrime Losses Top $20 Billion for the First Time

[55:57]

Story: Over $20 billion lost in cybercrime in 2025, with more than 1 million complaints. AI-enabled scams (voice cloning, deepfakes) rising, contributing to nearly $900m in losses, though 85% still from “traditional fraud.”
Perspective:
- Tech innovations amplify existing scam techniques, but defenders’ tools and user education efforts remain largely the same—stay vigilant.
- Patch management anecdotes (e.g., Axios npm incident): Staying updated is always best, even when supply chain attacks can create short-term risk windows.

9. FISA Section 702 Surveillance – Calls for Swift Reauthorization

[59:21]

Story: 50 national security leaders urge Congress to renew FISA 702 (foreign surveillance via US tech), warning a lapse would impact intelligence capabilities.
Analysis:
- FISA is “cyber-adjacent”—ties into US power projection via information dominance.
- Realistically, expects reauthorization, as information intelligence is central to national security (DIME: Diplomacy, Information, Military, Economic).

Notable Quotes & Memorable Moments

On AI Bugs:
“If you want a CVE associated with you, you better get cooking, man, because Claude is going to be sweeping up… this is the equivalent of like raking leaves in New England… you better get your rake and get some leaves quick!” (16:45)
On CISA Cuts:
“By being out front, being engaging, being the face, you break down those barriers. So when bad does happen, you get alerted quicker.” (24:16)
On Incident Response Complexity:
“Sometimes IT people say: ‘I’ll just reset the creds, what else you got, Jerry?’ Hey, my friend, it’s very cute that you say that—but in practice, how do you do that? What’s the scope? Are you resetting service accounts? Domain admins?” (45:23)
On Community and Learning:
“This show’s as real as it’s gonna get, including production issues… We take time to dig down, elicit additional insights and value you won’t get from any other podcast.” (05:01)
Humor:
“This was a gift from my sister in law. She was in the Air Force here in Charleston. This thing is like a weapon, dude—it holds two cups of coffee. Winning, winning, winning, winning.” (38:53)

Timestamps for Important Segments

| Segment | Topic | Timestamp | |-------------------------------------------|------------------------------------------------------------|-------------| | Episode introduction & community shout-outs| Show philosophy, first-timers, sponsor thanks | 00:02–12:04 | | News segment starts | Top stories intro (hand-off to headlines) | 12:04 | | Anthropic Project Glasswing discussion | AI for bug discovery, dual use, regulation | 13:22 | | CISA Funding Cuts | Impact of proposed reductions, role in elections | 22:02 | | Russian APT router attacks | DNS redirection, router hygiene, threat details | 26:08 | | Iranian APT targets industrial control | Motives, critical infrastructure at risk | 32:24 | | Way Back Wednesday | 1980s camcorder nostalgia, community bonding | 38:44 | | Ireland school network attack | Incident response, restoration advice, cyber hygiene | 42:59 | | Flowwise RCE exploitation | AI shadow IT, open source risk, patching advice | 50:11 | | FBI cybercrime report | Record losses, AI-old fraud fusion, patching points | 55:57 | | FISA 702 surveillance authorization | National security, DIME model, policy inevitability | 59:21 | | Career hotline (post-main content) | Career Q&A, industry pathways, certifications advice | 61:15+ |

Community, Education & Career Insights

Daily CPE Opportunity: Each episode earns half a CPE (Continuing Professional Education) credit for listeners.
Career Hotline: Q&A segment addressing breaking into cyber, certifications (ISC2 CC, etc.), remote work prospects, health informatics, and more.
Best Practices Recap:
- Emphasize regular software updates, especially with the explosion of open-source and AI-powered tools.
- Understand that security is as much a people/soft skills game as a technical one—be approachable and visible as a defender.
- Tabletop exercises for incident response, including not just ad hoc fixes, but testing sequence and dependencies.

Final Takeaways

Stay Vigilant, Stay Updated: The tech and threat landscape move fast—patching, awareness, and humility about tools in your environment are critical.
AI Is a Risk Multiplier—For Both Sides: Both defenders and attackers are turbocharged by new LLM capabilities, raising the stakes.
Community & Learning Matter: Participate, ask questions, and help others—the “Simply Cyber” spirit is about collaborative growth.

Next Up:
Q&A career hotline, and “Two Cyber Chicks” (Season 8, Episode 4) featuring GRC-focused conversation.

Host’s signature closing:
“Until next time, stay secure!”

Daily Cyber Threat Brief – Episode 1106

Podcast: Daily Cyber Threat Brief
Host: Dr. Gerald Auger, Simply Cyber Media Group
Date: April 8, 2026
Duration Covered: ~60 minutes (Topics begin at 12:19)

Overview

Key Discussion Points & Insights

1. Anthropic’s Project Glasswing – Supercharged AI for Bug Discovery

[13:22]

Story: Anthropic is restricting access to its Claude Mythos Preview AI model, which has autonomously found thousands of vulnerabilities—including some long hidden. Access will be limited via Project Glasswing, with 40+ vetted partners.
Risks: The model's ability to find and weaponize vulnerabilities is a double-edged sword. Highly beneficial for defenders—but equally dangerous if acquired by threat actors.
Jerry’s Insight:
- It’s NOT a silver bullet for defense: even instant bug discovery doesn’t equal instant fixes; unpatched or abandoned software will inevitably be left open.
- The US government is “so sweaty, thirst trap style” for zero-day weapons via this tech.
- Quote: “This goes from like a cute LLM that can do fun things and help you write LinkedIn posts, to making weapons.” (13:52)
Ethics and Regulation: Commends Anthropic for being “the adult in the room” and not just racing ahead with AI. AI regulation is lagging globally, so industry self-governance is crucial.
Book Recommendation: "This Is How They Tell Me the World Ends" by Nicole Perlroth — explores the black market for zero-days.

2. US Administration Proposes Major CISA Budget Cuts

[22:02]

Story: Proposal to cut $707 million from CISA’s FY27 budget; focus shifts to securing federal systems and critical infrastructure, eliminating side initiatives.
Jerry’s Insight:
- In practice, many of the relevant programs are already shuttered; the cut is largely an accounting cleanup.
- Swipes at accusations that CISA is more about censorship or self-promotion, defending Jen Easterly’s proactive, accessible leadership:
  Quote: “You have to be the face of information security ... when bad does happen, you get alerted quicker.” (24:16)
Election Security: CISA’s role will be under the microscope as elections approach, with ongoing policy and political tensions.

3. Russian APT28 Compromising Routers & Harvesting Credentials

[26:08]

Story: NCSC UK and US agencies warn that Russian GRU-linked APT28 is compromising routers, modifying DNS settings to siphon Microsoft Office authentication tokens (over 18,000 networks impacted).
Attack Flow:
- Compromise router → Change DNS settings → Victim redirected to lookalike login page → Credentials stolen.
Best Practices:
- Home and business users should consider alternate DNS services (e.g., Cloudflare, NextDNS) for added security.
- Importance of monitoring for changed DNS and router config integrity.
Quote: “Spoiler alert: they’re changing DNS.” (30:25)

4. Iranian APTs Attacking Critical Industrial Controllers

[32:24]

Story: US FBI, CISA, and NSA warn that Iranian actors are targeting Rockwell Allen-Bradley PLCs and other industrial controllers exposed online. The focus is on energy, water, and similar critical infrastructure, escalating amid geopolitical flare-ups.
Insight:
- Iran is “spending all their resources… let it fly,” targeting US infrastructure in a context of heightened conflict.
- Emphasizes the broad legal definition of critical infrastructure: 16 sectors, including healthcare and manufacturing, both already primary ransomware targets.
Actionable Advice: Organizations in any critical sector should increase monitoring, threat hunting, and patching.
Quote: “Move from DEFCON 4 to DEFCON 3.” (36:40)

5. Way-back Wednesday: Nostalgia & Community Building

[38:44]

Segment: Jerry celebrates ‘Way Back Wednesday’ by reminiscing about 1980s camcorders—connecting the past to the present ease of content creation.
- Community engagement, recognizing new chat members, and first-timers.

6. Cyberattack Disrupts Northern Ireland’s School Network (C2K)

[42:59]

Story: Centralized school network outage affects 300,000+ students and 20,000 staff. Systems being restored; no evidence of data theft, but all credentials reset as a precaution.
Lessons Learned:
- Incident response is more complex than it appears—resetting all credentials includes understanding dependencies, not just in Active Directory, but across apps, networking devices, and service accounts.
- Restoration order matters: “You need to understand the order in which things get restored for the most optimal path to get back to a known-good state.” (45:41)

7. Critical Flowise RCE Vulnerability under Active Attack

[50:11]

Story: Attackers exploiting a critical RCE by injecting JavaScript in open-source Flowise (AI/LLM platform) instances; thousands exposed online. Patch to v3.0.6+ ASAP.
General Point:
- This specific app may seem niche, but the lesson applies: widespread use of open-source/AI tools multiplies shadow IT and untracked exposures.
- Use Shodan to survey your IP space for exposed instances.
- Quote: “Instead of focusing on ‘hey, developers, update Flowise,’ just remind everyone—keep your AI tools up to date… There are a lot of threat actors doing a lot of crap out there.” (53:56)

8. FBI: Cybercrime Losses Top $20 Billion for the First Time

[55:57]

Story: Over $20 billion lost in cybercrime in 2025, with more than 1 million complaints. AI-enabled scams (voice cloning, deepfakes) rising, contributing to nearly $900m in losses, though 85% still from “traditional fraud.”
Perspective:
- Tech innovations amplify existing scam techniques, but defenders’ tools and user education efforts remain largely the same—stay vigilant.
- Patch management anecdotes (e.g., Axios npm incident): Staying updated is always best, even when supply chain attacks can create short-term risk windows.

9. FISA Section 702 Surveillance – Calls for Swift Reauthorization

[59:21]

Story: 50 national security leaders urge Congress to renew FISA 702 (foreign surveillance via US tech), warning a lapse would impact intelligence capabilities.
Analysis:
- FISA is “cyber-adjacent”—ties into US power projection via information dominance.
- Realistically, expects reauthorization, as information intelligence is central to national security (DIME: Diplomacy, Information, Military, Economic).

Notable Quotes & Memorable Moments

On AI Bugs:
“If you want a CVE associated with you, you better get cooking, man, because Claude is going to be sweeping up… this is the equivalent of like raking leaves in New England… you better get your rake and get some leaves quick!” (16:45)
On CISA Cuts:
“By being out front, being engaging, being the face, you break down those barriers. So when bad does happen, you get alerted quicker.” (24:16)
On Incident Response Complexity:
“Sometimes IT people say: ‘I’ll just reset the creds, what else you got, Jerry?’ Hey, my friend, it’s very cute that you say that—but in practice, how do you do that? What’s the scope? Are you resetting service accounts? Domain admins?” (45:23)
On Community and Learning:
“This show’s as real as it’s gonna get, including production issues… We take time to dig down, elicit additional insights and value you won’t get from any other podcast.” (05:01)
Humor:
“This was a gift from my sister in law. She was in the Air Force here in Charleston. This thing is like a weapon, dude—it holds two cups of coffee. Winning, winning, winning, winning.” (38:53)

Timestamps for Important Segments

Community, Education & Career Insights

Daily CPE Opportunity: Each episode earns half a CPE (Continuing Professional Education) credit for listeners.
Career Hotline: Q&A segment addressing breaking into cyber, certifications (ISC2 CC, etc.), remote work prospects, health informatics, and more.
Best Practices Recap:
- Emphasize regular software updates, especially with the explosion of open-source and AI-powered tools.
- Understand that security is as much a people/soft skills game as a technical one—be approachable and visible as a defender.
- Tabletop exercises for incident response, including not just ad hoc fixes, but testing sequence and dependencies.

Final Takeaways

Stay Vigilant, Stay Updated: The tech and threat landscape move fast—patching, awareness, and humility about tools in your environment are critical.
AI Is a Risk Multiplier—For Both Sides: Both defenders and attackers are turbocharged by new LLM capabilities, raising the stakes.
Community & Learning Matter: Participate, ask questions, and help others—the “Simply Cyber” spirit is about collaborative growth.

Next Up:
Q&A career hotline, and “Two Cyber Chicks” (Season 8, Episode 4) featuring GRC-focused conversation.

Host’s signature closing:
“Until next time, stay secure!”

wavePod

🔴 Apr 8’s Top Cyber News NOW! - Ep 1106

Summary

Daily Cyber Threat Brief – Episode 1106

Overview

Key Discussion Points & Insights

1. Anthropic’s Project Glasswing – Supercharged AI for Bug Discovery

2. US Administration Proposes Major CISA Budget Cuts

3. Russian APT28 Compromising Routers & Harvesting Credentials

4. Iranian APTs Attacking Critical Industrial Controllers

5. Way-back Wednesday: Nostalgia & Community Building

6. Cyberattack Disrupts Northern Ireland’s School Network (C2K)

7. Critical Flowise RCE Vulnerability under Active Attack

8. FBI: Cybercrime Losses Top $20 Billion for the First Time

9. FISA Section 702 Surveillance – Calls for Swift Reauthorization

Notable Quotes & Memorable Moments

Timestamps for Important Segments

Community, Education & Career Insights

Final Takeaways

Summary

Daily Cyber Threat Brief – Episode 1106

Overview

Key Discussion Points & Insights

1. Anthropic’s Project Glasswing – Supercharged AI for Bug Discovery

2. US Administration Proposes Major CISA Budget Cuts

3. Russian APT28 Compromising Routers & Harvesting Credentials

4. Iranian APTs Attacking Critical Industrial Controllers

5. Way-back Wednesday: Nostalgia & Community Building

6. Cyberattack Disrupts Northern Ireland’s School Network (C2K)

7. Critical Flowise RCE Vulnerability under Active Attack

8. FBI: Cybercrime Losses Top $20 Billion for the First Time

9. FISA Section 702 Surveillance – Calls for Swift Reauthorization

Notable Quotes & Memorable Moments

Timestamps for Important Segments

Community, Education & Career Insights

Final Takeaways