Podcasts
CyberWire Daily
Ep 2521
The CyberWire Daily Podcast 4.1.26
Ep 2521 | 4.1.26

A war of missiles and messages.

Show Notes
Transcript

Iran’s cyber campaign continues. North Korea targets the axios NPM package. Cisco suffers a Trivy-related breach. Claude’s code leak unveils broad capabilities. The DOD’s zero-trust efforts are slow-going. A proposed class action suit accuses Perplexity of oversharing. Google patches another Chrome zero-day. The FBI warns against using foreign-developed mobile apps. Christy Wyatt, CEO from Absolute Security, discussing why cyber risk is now a business continuity problem. A city circulates cameras to cultivate crime control.

Today is Wednesday April 1st 2026. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

Iran’s cyber campaign continues. 

Thousands of Israelis recently received fake emergency texts during missile alerts, including messages urging them to download a spoof shelter app that could steal personal data. Cybersecurity experts say these incidents reflect a broader online conflict among Iran, Israel, and the United States, where cyber operations support military strategy and psychological warfare. 

Iran’s cyber campaign involves official intelligence units, contractors, and volunteer hacktivists conducting activities ranging from phishing and data theft to disruptive “wiper” attacks that erase systems. Groups linked to Tehran have targeted companies, politicians, research centers, and defense-related networks, and reportedly disrupted operations at a major U.S. medical technology firm. Meanwhile, Israel and the U.S. have carried out their own cyber operations, including intelligence gathering and infrastructure disruption.

Analysts say Iran often focuses on softer targets and morale effects, while quietly probing critical networks for long-term access. Despite visible activity, experts warn more consequential attacks could still emerge if Iran’s cyber operators regroup. 

North Korea targets the axios NPM package. 

A North Korea–linked threat actor targeted the widely used axios NPM package in a supply chain attack that deployed the WAVESHAPER.V2 remote access trojan (RAT), according to the Google Threat Intelligence Group and Mandiant. The malware enables system reconnaissance, command execution, and file system enumeration, while maintaining persistence through Windows registry changes. Researchers attribute the campaign to UNC1069, a financially motivated group active since 2018. Because axios is broadly embedded across software projects, the compromise could expose large volumes of credentials and enable downstream attacks, including SaaS breaches and extortion. Analysts warn the incident reflects a broader surge in open-source supply chain compromises. Defenders are urged to audit dependencies, avoid affected versions, rotate exposed secrets, block known command-and-control infrastructure, and strengthen long-term supply chain monitoring.

Cisco suffers a Trivy-related breach. 

Cisco experienced a cyberattack after threat actors used stolen credentials from the recent Trivy vulnerability scanner supply chain compromise to access its internal development environment. Attackers leveraged a malicious GitHub Action plugin to harvest credentials and data, affecting dozens of developer and lab systems. Reportedly compromised assets included multiple AWS access keys, more than 300 GitHub repositories, source code for AI-related and unreleased products, customer repositories tied to banks, business process outsourcing firms, and U.S. government agencies, as well as CI/CD credentials and build environment data. Cisco has contained the initial intrusion, isolated affected systems, and begun credential rotation and reimaging. Multiple threat actors were reportedly involved, and additional fallout from related LiteLLM and Checkmarx supply chain attacks is expected. The scope of exposure, affected individuals, and any ransom demands remain undisclosed, and Cisco has not issued a public statement on the Trivy-linked breach.

Claude’s code leak unveils broad capabilities. 

A leak of Anthropic’s Claude Code client source code suggests the AI coding agent may have far broader access to user systems and data than previously understood. Analysis by security researchers indicates the software can collect prompts, file contents, telemetry, and session transcripts, and includes features enabling desktop control, background automation, remote policy updates, and automated memory extraction. Anthropic maintains that in classified government deployments it cannot remotely alter or disable models, citing controls that route traffic through restricted cloud environments and block external communications. Outside those conditions, however, the source indicates the agent may transmit system metadata and synchronize stored “memories” across users and services. The code also includes instructions to conceal AI authorship in open-source contributions. Researchers say the scope of certain experimental capabilities and long-term data exposure risks remains unclear.

The DOD’s zero-trust efforts are slow-going. 

The U.S. Department of Defense’s effort to implement a zero trust cybersecurity architecture by September 2027 is under pressure as the Pentagon simultaneously integrates artificial intelligence, cloud systems, and connected battlefield technologies. Officials say the shift from perimeter-based defenses to continuous verification is central to modernizing security across a fragmented environment that includes legacy IT, operational technology, and contractor networks. Congress has allocated about $15 billion for cyber modernization, but analysts warn structural challenges, including governance fragmentation and limited asset visibility, could slow progress. As of early 2025, only 14% of target-level zero trust activities had been completed across DoD components. Experts caution the deadline may reflect compliance milestones rather than meaningful risk reduction, especially given persistent gaps in identity systems, data classification, and network enforcement across mission-critical environments.

A proposed class action suit accuses Perplexity of oversharing. 

Perplexity AI faces a proposed class-action lawsuit alleging it secretly shared users’ chatbot conversations with Meta Platforms and Google through embedded trackers, potentially violating California privacy laws. The complaint claims data was transmitted even in “Incognito” mode and could be used for advertising or resale to third parties. Filed on behalf of a Utah user who shared sensitive financial information, the suit also accuses Meta and Google of related privacy violations. Perplexity said it has not been served the lawsuit, and Google did not comment.

Google patches another Chrome zero-day. 

Google has released emergency updates to patch a Chrome zero-day vulnerability, tracked as CVE-2026-5281, that was actively exploited in the wild. The flaw stems from a use-after-free issue in Dawn, Chromium’s implementation of the WebGPU standard, and could allow crashes, data corruption, or abnormal browser behavior. This marks the fourth Chrome zero-day fixed in 2026 so far. Google issued updated Stable Desktop versions for Windows, macOS, and Linux, though details about observed attacks remain limited.

The FBI warns against using foreign-developed mobile apps. 

The Federal Bureau of Investigation (FBI) warned Americans against using some foreign-developed mobile apps, particularly those linked to China, citing privacy and national security risks. In a public advisory issued through the Internet Crime Complaint Center (IC3), the bureau said Chinese law could allow government access to user data collected by apps operating digital infrastructure in China. Officials warned that some apps may gather contacts, emails, addresses, and other personal information, sometimes even with limited user permissions, and may store that data on servers in China. The FBI urged users to limit data sharing, update devices, and download apps only from trusted stores.

And no fooling - tonight, April 1st, at 6:24pm eastern time, NASA is launching the Artemis 2 mission, which will send a crew of four around the moon. This is humanity's return to the moon after more than 50 years, and will see the first woman, the first a person of color, and the first Canadian going to lunar orbit. Godspeed and go Artemis!

 

A city circulates cameras to cultivate crime control. 

The city of Milpitas, a Silicon Valley suburb north of San Jose, has decided that safer neighborhoods may begin with a free doorbell. The city council approved $60,000 to distribute camera-equipped wireless doorbells, one per household, on a first-come, first-served basis, with the hope that residents will voluntarily share footage with police when needed. Officials say the program is meant to strengthen community ties and deter crime, though participation is optional and police cannot access video without permission. The cameras will not be Amazon Ring devices, partly to avoid subscription costs, even if that choice may slow investigations. Critics note that doorbell cameras increasingly resemble neighborhood-scale surveillance tools, especially as similar programs spread nationwide, quietly turning front porches into auxiliary observation posts.

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re proud that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K helps cybersecurity professionals and organizations grow, learn, and stay ahead. We’re the nexus for discovering the people, tech, and ideas shaping the industry.  Learn how at n2k.com.

 

N2K’s lead producer is Liz Stokes. We’re mixed by  Tré Hester, with original music by and sound design Elliott Peltzman. Our contributing host is Maria Varmazis. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher. And I’m Dave Bittner. Thanks for listening.

CyberWire Daily
Podcast Info
HOST(S):
Dave Bittner
Dave Bittner is a security podcast host and one of the founders at CyberWire. He's a creator, producer, videographer, actor, experimenter, and entrepreneur. He's had a long career in the worlds of television, journalism and media production, and is one of the pioneers of non-linear editing and digital storytelling.
Schedule: Monday-Friday
Creator: N2K Networks, Inc.
ADVERTISEMENT
Sponsored by Absolute Security
Sponsored by Absolute Security

Absolute Security is the cyber resilience platform trusted by enterprise and government organizations worldwide to stop downtime, self-heal endpoints, and recover from cyber incidents in minutes through patented firmware-embedded persistence technology across 600 million devices. Learn more.