Summary5 min read

Risky Bulletin: New White House EO Prioritizes Fight Against Scams and Cybercrime

Podcast: Risky Bulletin
Host: Risky Business Media
Episode Date: March 9, 2026

Episode Overview

In this information-packed edition, the Risky Bulletin team delivers fast-paced cybersecurity news headlines and analysis. The main focus is the new US White House executive order (EO) and cyber strategy, both aiming to escalate the federal government’s fight against scams and cybercrime. The episode also covers major breaches, legislative updates, international incident reports, AI security developments, and notable legal actions in the cybersecurity world.

Key Discussion Points & Insights

1. White House Executive Order on Cybercrime and Cyber Strategy

Crackdown on Scams and Cybercrime (00:04 – 01:10):
- President Trump signed a new EO instructing US agencies to prioritize cyber fraud and scam investigations, including ransomware, phishing, and sextortion schemes.
- The State Department is to pressure other nations hosting scam operations.
- The White House released a seven-page US Cyber Strategy focused on deregulation, modernizing networks, securing infrastructure, recruiting cybersecurity talent, and enabling private sector help in offensive operations.
- Commentator critique: The strategy’s “vague language covers almost everything without any specific details.”

2. FBI Wiretap Network Breach

[01:11 – 01:46]:
- The FBI is probing a breach of its wiretap and surveillance network that stores sensitive call records and data.
- Congress has been notified; reports blame Chinese state-sponsored hackers.
- It’s unclear if this links to previous 2024 Salt Typhoon telecom breaches.

3. US Federal Cybersecurity Staffing Shakeup

[01:47 – 02:15]:
- DHS CISO Hamit Beidouan leaving; Deputy Amanda Day already departed for private sector.
- Part of broader DHS IT and cybersecurity leadership reorganization.
- Recent leadership changes at CISA as well.

4. Congressional Update: Rural & Municipal Utility Cybersecurity

[02:16 – 02:43]:
- The House Energy and Commerce Committee passed the Rural and Municipal Utility Cybersecurity Act.
- Would reauthorize and expand federal support, grants, and technical assistance to rural/municipal utilities for cyber defense.

5. Anthropic AI Deemed National Security Risk

[02:44 – 03:15]:
- DoD labels AI company Anthropic a national security risk after company refuses to remove usage safeguards for military deployment.
- Anthropic to challenge the designation in court.

6. US Soldiers Killed in Kuwait Missile Strike

[03:16 – 03:48]:
- Major Jeffrey O’Brien (Iowa cybersecurity expert) and Declan Cody (Drake University cybersecurity student) were among six Americans killed in a missile strike.
- Highlighting the real-world risks and loss in the cyber professional community.

7. Youth Online Safety Regulations: Indonesia’s Ban

[03:49 – 04:10]:
- Indonesia issues an under-16 ban from "high risk" platforms, including social apps, YouTube, and Roblox (effective March 28).
- Responds to rise in illegal/harmful online content.
- Australia and some European countries are considering similar bans.

8. AI in Vulnerability Detection: Mozilla & Anthropic

[04:11 – 04:24]:
- Anthropic’s Claude AI detected 90 bugs and 22 security flaws in Firefox; all patched in latest browser release.

9. APT Activity: Pakistani Group “Transparent Tribe” Evolves

[04:25 – 04:54]:
- Transitions from commodity malware to AI-generated, “Vibe Coded” implants written in niche languages.
- Used against Indian government and embassies to evade detection.

10. Ransomware Fallout: Romania’s Largest Meat Exporter Insolvent

[04:55 – 05:16]:
- Coco Rico (Alex1) begins insolvency after a ransomware attack halted operations and caused financial losses.

11. Crypto Heist: $2.7M Stolen from Solve Protocol

[05:17 – 05:38]:
- Attackers found a double minting smart contract flaw, exploited it 22 times before being stopped.

12. Wikipedia JavaScript Worm Attack

[05:39 – 06:04]:
- Worm vandalized nearly 4,000 Wikipedia pages by compromising 85 user accounts; originated from Russian Wikipedia.
- Inactive after 23 minutes; triggered accidentally by Wikimedia staff.

13. Major Scam & Criminal Cases

[06:05 – 06:47]:
- Ghanaian national Derek Vanyaboa pleads guilty to $100M online scam; faces up to 20 years (ordered to return $10M).
- Vietnamese police arrest seven accused of impersonating Japanese law enforcement to run scams; similar past operations targeting South Koreans.

14. Leakbase Hacking Forum Bust

[06:48 – 07:14]:
- Forum’s admin identified as Russian (aliases “Chucky,” “Beakdaz”).
- FBI & Europol seized Leakbase.

15. Malicious Chrome Extension: “Shotbird”

[07:15 – 07:33]:
- Extension turned malicious after being sold; began disabling browser security, prompting malicious updates, and credential theft.
- Second major Chrome extension gone bad in 2026.

16. GitHub Supply Chain Malware

[07:34 – 07:47]:
- 50+ GitHub accounts running malware-laced fake tools disguised as SaaS products, game cheats, and developer utilities.
- Attributed to Vietnamese threat actor.

17. Meta Ray-Ban Glasses Privacy Lawsuit

[07:48 – 08:05]:
- Meta faces a class action after Swedish media reports Kenyan contractors reviewed sensitive footage (including bathrooms, finances, explicit content) from smart glasses.
- Plaintiffs allege false privacy advertising.

Notable Quotes & Memorable Moments

On Policy Vagueness:
- “Cybersecurity commentators say the document's vague language covers almost everything without any specific details.” (00:37)
On FBI breach:
- “The hacked network stores call records, IP history, website addresses and routing information.” (01:18)
On Anthropic’s stance:
- “The company refused to remove safeguards from its tools for military use. The restraints aim to prevent its use in autonomous weapons and mass surveillance of American citizens.” (02:47)
On Indonesia’s youth online ban:
- “The government cited the rise in illegal and harmful content online.” (03:57)
On AI bug hunting:
- “Anthropic's Claude AI agent found 90 bugs and 22 security flaws in the Firefox web browser.” (04:12)
On real-world ransomware impact:
- “Romania's largest meat exporter has begun insolvency procedures following a ransomware attack.” (04:55)
On privacy violation:
- “The footage included financial information, explicit content and people using bathrooms.” (07:55)

Timestamps for Important Segments

| Time | Segment | |-----------|-----------------------------------------------------------------| | 00:04 | White House cyber EO and new strategy | | 01:10 | FBI wiretap network breach by suspected Chinese hackers | | 01:47 | DHS CISO, CISA leadership shuffle | | 02:16 | Rural and municipal utility cybersecurity funding bill | | 02:44 | DoD declares Anthropic AI a security risk | | 03:16 | Cyber experts killed in Kuwaiti missile strike | | 03:49 | Indonesia bans under-16s from high risk platforms | | 04:11 | AI finds bugs in Firefox | | 04:25 | New “Vibe Coded” malware by Pakistani APT | | 04:55 | Ransomware puts Romanian meat exporter into insolvency | | 05:17 | $2.7 million in crypto stolen from Solve Protocol | | 05:39 | Wikipedia JavaScript worm attack | | 06:05 | Major scam convictions and international law enforcement news | | 06:48 | FBI/Europol busts Leakbase hacking forum | | 07:15 | Malicious “Shotbird” Chrome extension | | 07:34 | Malware-infected GitHub repositories | | 07:48 | Meta Ray-Ban smart glasses privacy scandal |

Tone & Language

The episode maintains an urgent, fast-moving, and matter-of-fact tone, mirroring the concise, pragmatic delivery of a cybersecurity news briefing, with brief moments of critical commentary and occasional emphasis on the real-life impact of breaches and scams.

Loading summary

Transcript1 lines

[00:04]
A
US federal agencies told to crack down on scams and cybercrime the White House releases its new cyber strategy Suspected Chinese hackers breached the FBI's wiretap network and Romania's largest meat exporter is insolvent after a ransomware attack. This is the risky bulletin prepared by Catalyn Kim Panu and read by me Claire aired today is the 9th of March and this podcast episode is brought to you by Thinkst, the makers of the much loved Thinxt Canary. In today's top story, US federal agencies have been ordered to crack down on scam centres and predatory cybercrime. President Donald Trump signed an executive order on Friday directing the Attorney General to focus on cyber fraud and scam investigations. It also orders the State Department to pressure foreign governments that shelter scam operations. Investigations will also target ransomware, phishing campaigns and sextortion schemes. Meantime, the White House has released a new US Cyber strategy. The seven page document, published on Friday, focuses on deregulation, modernising federal networks, securing critical infrastructure and building cyber security talent. The strategy also gives the formal go ahead to recruit private sector companies for offensive operations against cybercrime actors. Cybersecurity commentators say the document's vague language covers almost everything without any specific details. The FBI is investigating a breach of an internal network that stores wiretaps and surveillance warrants. The hacked network stores call records, IP history, website addresses and routing information. The agency notified Congress last week and is still investigating the breach. The Wall Street Journal has reported that Chinese state sponsored hackers are behind the intrusion. It's unclear if the hack is related to the 2024 Salt Typhoon breaches of telco wiretap systems. The US Department of Homeland Security is replacing its cyber leadership. Chief Information Security Officer Hamit Beidouan will leave the agency at the end of the month. Deputy CISO Amanda Day has already moved to the private sector. According to Fed Scoop. The moves are part of a broader reorganisation of IT and cyber leadership within the DHS. Last week, CISA's acting director was replaced and and the agency's CISO also departed. A US bill has been introduced to fund a cybersecurity program for rural and municipal electric utilities. The Rural and Municipal Utility Cybersecurity act was introduced in February and unanimously passed the House Energy and Commerce Committee last week. If voted into law, it would reauthorise a 2022 Biden era program that helped electric utilities defend against cyber attacks. Those utilities would have access to federal grants and technical assist. The Department of Defence has formally declared AI company Anthropic a national security risk. The company refused to remove safeguards from its tools for military use. The restraints aim to prevent its use in autonomous weapons and mass surveillance of American citizens. Anthropic said it will challenge the designation in court. An Iowa cybersecurity expert was one of six American soldiers killed by an Iranian missile strike in Kuwait last week. Major Jeffrey o' Brien was served, serving as a signal officer and information systems engineer in the Army Reserve. He was stationed in Port Schwaiber, Kuwait. He worked in defensive cyber operations at an Iowa based cyber security company. A second soldier killed in the strike, Declan Cody, was studying cyber security at Iowa's Drake University. Indonesian youths under the age of 16 will be banned from high risk online platforms. The ban will take effect on March 28 and apply to most social media apps as well as YouTube and Roblox. The government cited the rise in illegal and harmful content online. Australia enacted a similar ban this year, and several European countries are considering doing the same. Anthropic's Claude AI agent found 90 bugs and 22 security flaws in the Firefox web browser. The review was part of a joint experiment with engineers from Mozilla. All reported bugs were patched in Firefox 148, released in late February. A suspected Pakistani APT group has transitioned from off the shelf malware tools to Vibe Coded alternatives, according to Bitdefender. The Transparent Tribe group is now using AI agents to produce a higher volume of mediocre implants. The Vibe Coded malware uses niche programming languages to complicate detection and trusted cloud platforms for command and control. The malware was used in campaigns targeting the Indian government and its foreign embassies. Romania's largest meat exporter has begun insolvency procedures following a ransomware attack. Alex1, which operates the Coco Rico brand, said it struggled with the financial impact of last year's attack that halted its automated production lines. Prior to the attack, the company was producing 10 kg of chicken per second. The company is now working with a local bank to restructure its business, and hackers have stolen $2.7 million worth of crypto assets from the Solve Protocol platform. The attackers exploited a double minting vulnerability in one of the platform's smart contracts to generate excess tokens. The hackers exploited the bug 22 times before they were caught and blocked. A JavaScript worm has vandalized almost 4,000 Wikipedia pages. Last week, the worm spread to 85 user accounts before the site's engineers disabled the editing function. The malic code was originally uploaded to Russian Wikipedia in 2024. It was inadvertently triggered by Wikimedia staff and was active for 23 minutes. A Ghanaian national has pleaded guilty in the US to carrying out online scams. He was part of a group that stole more than $100 million from its victims. The group used romance scams and business email compromise. Derek Vanyaboa faces up to 20 years in prison. He's also been ordered to return $10 million in stolen funds. Vietnamese authorities have arrested seven foreign nationals accused of running a cyber scam operation. Their scam involved contacting Japanese citizens, impersonating law enforcement and stealing victims savings. The operation was led by a Chinese national. The group is suspected of having stolen almost $420,000. In January, Vietnamese police dismantled another Chinese scam operation that targeted South Koreans in the same way. The administrator of the Leakbase hacking forum has been identified as a man living in Russia. Threat intel firm Keller said the individual used the handles Chucky and Beakdaz and lives in the city of Taganrog. His real identity is likely known to investigators as he had a verified account on the Web Money payments platform. The FBI seized the leak based forum last week in a joint investigation with Europol. A featured Google Chrome extension became malicious after being sold to a new owner. The Shotbird extension was observed disabling Chrome security headers and prompting users to install a malware laced update. It also captured form entries and stole user credentials. It's the second Chrome extension to turn malicious this year. Hundreds of GitHub repositories have malware disguised as SAS tools, gaming sheets and developer utilities. The repositories involved close to 50 GitHub accounts and has been attributed to a Vietnamese threat actor. The repositories contain functional tools laced with a Luijit based malware loader that deploys an info stealer. And finally, Meta is facing a class action lawsuit over the privacy of its Ray Ban smart glasses. An investigation by two Swedish newspapers found that sensitive footage recorded by Meta users was being reviewed by Kenyan contractors. The footage included financial information, explicit content and people using bathrooms. Plaintiffs claim Meta promoted the product as bio built for privacy and that is all for this podcast edition. Today's show was brought to you by our sponsor thinxt. Find them at Canary Tools Thanksg company.