Summary5 min read

Risky Bulletin: Gen. Joshua Rudd Confirmed as Next CyberCom and NSA Head

Podcast: Risky Bulletin
Date: March 11, 2026
Host/Reader: Claire Aird
Prepared by: Catalyn Kim Panu

Episode Overview

This episode of the Risky Bulletin delivers a whirlwind round-up of major recent developments in the world of cybersecurity. The standout story is the confirmation of Lt. Gen. Joshua M. Rudd as the new chief of both US Cyber Command and NSA. The episode also covers significant policy moves in the US and UK, high-profile breach disclosures, a notable attribution of the Karuna iOS exploit kit, and recent advances in attack and defense tactics across several technologies and geographies.

Key Discussion Points & Insights

1. Leadership Shifts in US Cyber Agencies

Senate Confirmation of Gen. Joshua Rudd
- Army Lt. Gen. Joshua M. Rudd confirmed as the new head of Cyber Command and NSA.
- Vote outcome: 71-29.
- Replaces interim chief Lt. Gen. William Hartman.
- Agencies have lacked a congressionally approved leader since last year following the firing of Gen. Timothy Hawke by President Donald Trump in April.
- Quote:
  
  "Both Cybercom and the NSA have been without a congressionally approved leader since last year. President Donald Trump fired Air Force General Timothy Hawke in April." [00:18]

2. US Cyber Policy & New Offensive Unit

Establishment of a new interagency body to counter foreign cyber threats.
- Will focus on offensive operations with representatives from the Pentagon, FBI, and Justice Department.
- Follows the newly published US Cyber Strategy, which endorses using private sector firms for offensive cyber ops.
- Quote:
  
  "The document greenlights the use of private security firms for offensive cyber operations." [00:44]

3. UK’s Online Crime Centre Goes Live

UK launching an Online Crime Centre (OCC) in April, focusing on online fraud and large-scale cybercrime.
- Led by the Home Office and National Crime Agency.
- Budget: £31 million.
- Direct cooperation with telecom and tech companies to monitor and block fraudulent operations.
- Quote:
  
  "From April, the online crime centre will focus on fraud and high volume cybercrime." [01:00]

4. Delays in Canadian Breach Reporting

Canadian agencies averaging 8 months to report privacy breaches, despite a 7-day requirement introduced in 2022.
- Some agencies took over four years for disclosure.
- Quote:
  
  "Some took more than four years to report incidents to the Canadian Privacy Commissioner." [01:28]

5. Modernizing Alberta’s Legacy Government Systems

Alberta earmarks $40 million to update 66 legacy apps following a surge in cyber attacks.

6. Microsoft 365 Breach in Western Australia

Breach in government’s Microsoft 365 traced to outdated practices: legacy authentication, weak MFA, and lack of data loss prevention (DLP).
Resulted in data theft and financial loss due to a BEC (Business Email Compromise) attack.
- Quote:
  
  "Government agencies used legacy authentication methods, weak MFA and have failed to enable DLP. This led to the data of residents being stolen and leaked in 2024." [01:49]

7. Colombia Election Agency Cyber Attacks

Colombian election agency targeted during parliamentary elections.
Also affected by websites impersonating the agency and publishing fake results.

8. Karuna iOS Exploit Kit Attributed to L3Harris

Google’s documentation of Karuna leads to TechCrunch revelations: the kit linked to L3Harris subsidiary Trenchant.
Ex-Trenchant exec Peter Williams jailed for selling company exploits to a Russian broker; unclear if Karuna was in that set.
- Quote:
  
  "Two former employees told TechCrunch that that Karuna was created, at least in part, by L3Harris subsidiary Trenchant." [02:21]

9. Cloud Security Trends (Google)

Software vulnerabilities have replaced weak credentials as top entry point for Google Cloud intrusions.
- Nearly half of latter-2020 incidents exploited vulnerabilities in third-party software on cloud servers.

10. Salesforce Data Theft via Aura Inspector Tool

Modified version of legitimate security tool (Aura Inspector) used to automate data theft from misconfigured Salesforce Experience Cloud servers.
Originally developed by Google’s Mandiant team.

11. Ivanti Platform Vulnerability

Active exploitation of a new authentication bypass flaw in Ivanti's Endpoint Manager platform; patched in February, now added to CISA KEV.

12. Google Looker Studio Patch

Nine vulnerabilities patched—issues in database connectors, could have led to cross-business data leaks.

13. Russian Campaign Against Secure Messaging Apps

Russian campaign targets diplomats’ Signal and WhatsApp accounts by tricking victims into sharing pairing codes, allowing account takeover and espionage.
- Dutch intelligence confirms attacks against Dutch officials.
- Quote:
  
  "The attacks attempt to trick victims into sharing device pairing codes. Those codes are later used to grant access to victims' accounts to spy on their communications." [03:35]

14. CADNET Botnet Sells Compromised Devices

Over 14,000 devices infected since August; primarily ASUS routers.
Infected endpoints are sold as proxies via ‘Doppelganger’ residential proxy service.

15. First Linux-Focused Cryptocurrency Clipboard Hijacker

clipx daemon targets Linux, intercepting clipboard operations to steal cryptocurrency.

16. Seamless Security Updates for Windows Users

Microsoft to activate Hot Patching for all eligible devices in May—security updates apply without reboot.
- Quote:
  
  "Microsoft will turn on Windows Hot Patching for all eligible devices in May. The feature installs security updates without requiring a reboot." [04:20]

Notable Quotes & Memorable Moments

"[Karuna] was created, at least in part, by L3Harris subsidiary Trenchant." (Claire Aird, [02:21])
"Software vulnerabilities have overtaken weak credentials as the leading entry point into Google Cloud environments for the first time." (Claire Aird, [02:36])
"The attacks attempt to trick victims into sharing device pairing codes." (Claire Aird, [03:35])
"Microsoft will turn on Windows Hot Patching for all eligible devices in May." (Claire Aird, [04:20])

Timestamps for Major Segments

US Senate Confirms Gen. Rudd – [00:04]-[00:30]
New US Interagency Cyber Unit – [00:31]-[00:50]
UK Online Crime Centre Launch – [00:51]-[01:10]
Canada Breach Reporting Delays – [01:11]-[01:32]
Alberta IT Modernization – [01:33]-[01:42]
WA Microsoft 365 Breach – [01:43]-[01:57]
Colombia Election Attacks – [01:58]-[02:08]
Karuna iOS Kit / L3Harris Story – [02:09]-[02:30]
Google Cloud Intrusion Trends – [02:31]-[02:40]
Salesforce Data Theft Attack – [02:41]-[02:56]
Ivanti Platform Exploit – [02:57]-[03:03]
Google Looker Vulnerabilities – [03:04]-[03:12]
Russian Messaging Campaign – [03:13]-[03:42]
CADNET Botnet / Doppelganger – [03:43]-[03:54]
Linux Clipboard Hijacker – [03:55]-[04:03]
Windows Hot Patching Rollout – [04:04]-[04:24]

Summary

This episode delivers a concise, authoritative review of critical cybersecurity stories from North America, Europe, and beyond. The focus is on leadership and policy moves, new attack methods and breach responses, and the steady evolution of defenses—serving as a prime update for professionals needing an up-to-date snapshot on both headline and technical cyber news.

Loading summary

Transcript1 lines

[00:04]
A
The Senate confirms a new Cybercom and NSA chief the US will establish an Interagency Cyber Unit, the UK's online crime centre will launch in April and the Karuna iOS hacking kit was the work of L3Harris. This is the Risky bulletin prepared by Catalyn Kim Panu and read by me, Claire Aird. Today is the 11th of March and this podcast episode is brought to you by Thinxt, the makers of the much loved Canary. In today's top story, the U.S. senate has confirmed Army Lt. Gen. Joshua M. Rudd as the next head of Cyber Command and the National Security Agency. He was confirmed in a 7129 vote on Tuesday. He'll replace Army Lt. Gen. William Hartman, who's been serving as interim chief for both agencies. Both Cybercom and the NSA have been without a congressionally approved leader since last year. President Donald Trump fired Air Force General Timothy Hawke in April. In other news, the Trump administration says it will establish an interagency body to combat foreign hackers targeting the us. The group will focus on offensive cyber operations. It'll include representatives from the Pentagon, the FBI and the Justice Department. It'll follow principles set out in the US Cyber Strategy released last week. The document greenlights the use of private security firms for offensive cyber operations. Meanwhile, the UK is also launching an interagency body, this one dedicated to fighting online fraud. From April, the online crime centre will focus on fraud and high volume cybercrime. It'll be led by the Home Office and the National Crime Agency and will have a budget of £31 million. The OCC will work with telecoms and tech platforms to detect and block fraud operations. Canadian federal agencies take an average of eight months to report privacy breaches despite the country's state seven day reporting requirement. Some took more than four years to report incidents to the Canadian Privacy Commissioner. Canada introduced the seven day reporting requirement in 2022. The province of Alberta, Canada has allocated $40 million to update the software used to provide government services. Officials say as many as 66 legacy applications need security updates. The funding follows a recent spike in cyber attacks. A breach of the Western Australian government's Microsoft 365 environment has been traced back to poor security controls. A report from the state's auditor found that government agencies used legacy authentication methods, weak MFA and have failed to enable dlp. This led to the data of residents being stolen and leaked in 2024. Hackers also stole 71,000 Australian dollars from a state account following a BEC attack. Colombia's election agency was hit by cyber attacks during Sunday's parliamentary elections. Officials did not provide specifics about the attacks. Government officials also reported websites impersonating the agency and publishing fake election Results. The Karuna iOS exploit kit documented by Google last week has been linked to American company L3Harris. Two former employees told TechCrunch that that Karuna was created, at least in part, by L3Harris subsidiary Trenchant. In February, former Trenchant executive Peter Williams was sentenced to seven years in prison for selling his employer's exploits to a Russian zero day broker. TechCrunch did not confirm that Karuna was the specific set of exploits that Williams sold. Software vulnerabilities have overtaken weak credentials as the leading entry point into Google Cloud environments for the first time, the company says almost half of intrusions in the Latter Part of 2020 were attacks against third party software running on customer cloud servers. Since Google began tracking these stats two years ago, compromised customer instances have largely been attributed to weak or missing passwords. Threat actors are using a modified security tool to steal sensitive data from Salesforce customers. The attacks leverage a version of Aura Inspector, a Salesforce scanner that was developed by Google Mandiant. Salesforce says hackers are using the tool to scan the Internet for misconfigured experience cloud servers. The attackers also modified the tool with new features to automate the theft of customer data. Hackers are exploiting a new authentication bypass vulnerability in Ivanti's endpoint Manager platform. The flaw was patched in early February. On Monday, CISA added the vulnerability to its database of actively exploited bugs after receiving reports of ongoing attacks. It was one of three bugs added to the Kev list this Google has patched nine vulnerabilities in the Looker Studio business intelligence tool. The vulnerabilities could have allowed attackers to steal data from other businesses. The flaws were in database connectors that feed data into the service. Russia has launched a campaign to Compromise Signal and WhatsApp accounts of foreign diplomats and military personnel. Dutch intelligence agencies have confirmed attacks against its country's officials. The attacks attempt to trick victims into sharing device pairing codes. Those codes are later used to grant access to victims accounts to spy on their communications. A new botnet has infected more than 14,000 devices since August. Devices infected with the CADNET botnet are sold via an anonymous residential proxy service named Doppelganger. According to Lumen's security team, most of the infected devices are ASUS routers. HivePro researchers have discovered what appears to be the first cryptocurrency clipboard hijacker that targets Linux users. The malware named clipx daemon works in a similar way to Windows alternatives. It intercepts the operating system copy paste clipboard and replaces cryptocurrency addresses with ones controlled by an attacker. And finally, Microsoft will turn on Windows Hot Patching for all eligible devices in May. The feature installs security updates without requiring a reboot. The company launched Hot patching for Windows 11 last year, and that is all for this podcast edition. Today's show was brought to you by our sponsor, thinxt. Find them at Canary Tools. Thanks for your company.