Podcasts
CyberWire Daily
Ep 2526
The CyberWire Daily Podcast 4.8.26
Ep 2526 | 4.8.26

CyberAv3ngers unleashed.

Show Notes
Transcript

Federal agencies warn Iranian-linked hackers are probing U.S. critical infrastructure, while the DOJ disrupts a Russian router hijacking campaign. Cyberattacks hit Minnesota government systems and force a Massachusetts hospital to divert ambulances. Anthropic limits access to its new AI bug-hunting model, hackers leak terabytes of LAPD data, and researchers warn of a rise in AI recommendation poisoning. Our guest is Benny Czarny, Founder and CEO of OPSWAT, discussing his book "Cybersecurity Upside Down: Rethink Your Cybersecurity Strategy." Japan trades red tape for training data.

Today is Wednesday April 8th 2026. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

Federal agencies warn Iranian-linked hackers are targeting U.S. critical infrastructure. 

Federal cybersecurity and law enforcement agencies are warning that Iranian-linked hackers are targeting U.S. energy, water, and government services by exploiting internet-connected programmable logic controllers, or PLCs, which control critical infrastructure systems. A joint advisory from CISA, the NSA, FBI, U.S. Cyber Command, the Department of Energy, EPA, and the Cyber National Mission Force says attackers are actively exploiting Rockwell Automation Allen-Bradley PLCs and may be probing devices from other vendors as well. Agencies recommend removing control software from direct internet exposure and reviewing logs for suspicious activity.

Officials attribute the activity to Iranian-affiliated advanced persistent threat actors seeking disruptive effects, though no specific group was named. The campaign resembles earlier operations by CyberAv3ngers, which defaced control panels at Pennsylvania water facilities in 2023. Authorities say Iranian targeting has recently escalated, likely in response to regional hostilities. Exact victims remain unclear, but industry partners have been alerted and monitoring efforts are underway.

Separately, a pro-Iranian cybercrime group claimed responsibility for distributed denial-of-service attacks that briefly knocked the websites of Chime Financial and Pinterest offline. Chime reported an April 1 disruption with no impact to customer funds or data, while Pinterest said less than 2% of traffic was affected and the attack was mitigated within minutes. The group also claimed additional U.S. attacks that Bloomberg could not verify. 

The DOJ disrupts a Russian DNS hijacking network. 

The U.S. Justice Department announced a court-authorized operation to disrupt a DNS hijacking network run by Russia’s GRU Military Unit 26165, which targeted routers worldwide for espionage. According to officials, the hackers compromised thousands of routers, allowing them to filter traffic, identify targets, and capture unencrypted data including passwords, authentication tokens, and emails from military, government, and critical infrastructure organizations. The FBI identified affected routers in the U.S., collected evidence, cut off GRU access, and restored normal functionality as part of “Operation Masquerade,” coordinated with partners in 15 countries. Microsoft reported more than 200 organizations and 5,000 consumer devices were impacted. Researchers at Lumen Technologies said targets included government agencies and email providers across the U.S., Europe, Afghanistan, North Africa, Central America, and Southeast Asia.

Minnesota’s Governor Tim Walz issues an emergency order after a cyberattack disrupts critical government systems. 

Minnesota Governor Tim Walz issued an emergency order deploying the Minnesota National Guard to assist Winona County after a cyberattack disrupted critical government systems and municipal services. Officials said the incident significantly impaired operations, including communications at the local police department, and exceeded the county’s internal and commercial response capacity. The county is coordinating with the Federal Bureau of Investigation, state IT officials, and other partners to restore services. The Guard is authorized to provide personnel and resources until conditions stabilize. The attack follows a separate January incident that disabled systems supporting real-estate transactions and police records. State officials emphasized that coordinated response efforts are essential as cyber threats increasingly affect local governments and public services.

A cyber attack forces a Massachusetts hospital system to divert ambulances. 

In Massachusetts, a cyberattack on Signature Healthcare and Signature Healthcare Brockton Hospital disrupted multiple IT systems, forcing the facility to divert ambulances and activate downtime procedures to maintain patient care. Emergency services and surgeries continued, but chemotherapy infusions were canceled and delays were expected. Officials said outside experts are investigating, and no threat actor has claimed responsibility. The incident reflects broader pressure on healthcare providers, as recent attacks have also disrupted hospitals in other states. Health ISAC reports sustained malicious activity across the sector, including ransomware, data theft, and nation-state campaigns. The group warned attackers increasingly target hospitals, insurers, and medical device vendors, raising risks to patient safety if disruptions escalate. Coordination continues with Cybersecurity and Infrastructure Security Agency and Department of Health and Human Services.

Anthropic grants limited access to Project Glasswing for bug hunting. 

Anthropic has launched Project Glasswing, a cybersecurity initiative built around its Claude Mythos Preview model, which the company says can autonomously identify software vulnerabilities at large scale. Access is limited to a consortium of more than 40 organizations, including Amazon, Microsoft, Google, Apple, the Linux Foundation, and several security vendors, to support controlled defensive testing. Anthropic reports early results showing thousands of high-severity flaws discovered across widely used software, including a decades-old OpenBSD vulnerability, though these findings are only partly externally verified. Experts say large-scale AI bug discovery could disrupt traditional vulnerability management by reducing reliance on human-driven bug hunting and shifting focus from prioritizing fixes to minimizing exposure time. Security leaders also warn organizations must adapt to faster, machine-scale defense operations. Anthropic restricted access due to dual-use risks and committed $100 million in usage credits plus funding for open-source security projects supporting maintainers.

Hackers steal over seven terabytes of data from the LAPD. 

Hackers accessed a digital storage system tied to the Los Angeles Police Department and the Los Angeles City Attorney’s Office, exposing sensitive records including personnel files and Internal Affairs investigation materials from prior civil litigation. Officials said unauthorized individuals obtained discovery documents containing witness names, health information, and investigative files. Some data appeared briefly on social media. Authorities are assessing the breach’s scope, and it remains unclear whether a ransom was demanded or paid. Reports indicate about 7.7 terabytes of data, spanning more than 337,000 files, may have been affected.

Researchers highlight the rise of AI Recommendation Poisoning. 

Microsoft researchers have identified a growing technique called AI Recommendation Poisoning, in which companies embed hidden prompts in “Summarize with AI” buttons to manipulate AI assistants into remembering and favoring specific brands in future responses. The study found more than 50 such prompts from 31 companies across 14 industries, often delivered through specially crafted URLs that inject persistent instructions into assistant memory. These tactics aim to bias recommendations on topics including health, finance, and security without users’ awareness. Researchers say the approach reflects a shift from traditional search engine optimization toward influencing AI systems directly. Publicly available tools now make the technique easy to deploy, accelerating its spread. Microsoft reports mitigations in Copilot, though effectiveness varies across platforms. The company warns memory poisoning creates a new attack surface, enabling persistent influence over AI outputs and potentially undermining trust in automated recommendations if left unchecked.

Japan trades red tape for training data. 

Our “when all else fails lower your standards” desk reports that Japan’s Digital Transformation Minister Hisashi Matsumoto says the country plans to become the world’s easiest place to build AI apps, partly by relaxing rules around personal data use. Amendments to the Personal Information Protection Act will allow organizations to share certain low-risk personal data without opt-in consent when compiling research statistics, including some health data. Facial images can also be used, provided organizations explain how they handle them, though opt-out rights will not be required. Protections remain for minors, and misuse or fraudulently obtained data can trigger fines tied to profits. Notably, organizations may not need to notify individuals about low-risk data leaks. Matsumoto argues existing privacy rules slowed AI progress, and these changes aim to help Japan catch the AI wave. If data is the fuel for AI, Japan just approved a bigger gas tank.

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

 

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re proud that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K helps cybersecurity professionals and organizations grow, learn, and stay ahead. We’re the nexus for discovering the people, tech, and ideas shaping the industry.  Learn how at n2k.com.

 

N2K’s lead producer is Liz Stokes. We’re mixed by  Tré Hester, with original music by and sound design Elliott Peltzman. Our contributing host is Maria Varmazis. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher. And I’m Dave Bittner. Thanks for listening.

CyberWire Daily
Podcast Info
HOST(S):
Dave Bittner
Dave Bittner is a security podcast host and one of the founders at CyberWire. He's a creator, producer, videographer, actor, experimenter, and entrepreneur. He's had a long career in the worlds of television, journalism and media production, and is one of the pioneers of non-linear editing and digital storytelling.
Schedule: Monday-Friday
Creator: N2K Networks, Inc.
ADVERTISEMENT
Sponsored by OPSWAT
Sponsored by OPSWAT

For more than 20 years, OPSWAT has protected the world’s most critical infrastructure across IT, OT, ICS, cloud, and cross-domain environments. with an integrated, prevention-first cybersecurity platform purpose-built for environments where availability, safety, and compliance are non-negotiable. Learn more.