Podcasts
CyberWire Daily
Ep 2531
The CyberWire Daily Podcast 4.15.26
Ep 2531 | 4.15.26

A heavy patch Tuesday lands.

Show Notes
Transcript

Patch Tuesday. CISA directs furloughed employees back to work. Experts warn Anthropic’s Glasswing signals a new era of AI-driven vulnerability discovery. Federal prosecutors crack down on chip smuggling. Sweden says a pro-Russian cyber group attempted to disrupt power plant operations. A fake app in Apple’s App Store drains crypto wallets. Virginia bans the sale of precise geolocation data. Our guest is Johnny Hand, VP for AI Excellence at TrendAI, discussing AI operational discipline. Do you need to buy a separate seat for your AI agent? 

Today is Wednesday April 15th 2026. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

Patch Tuesday. 

Microsoft’s April Patch Tuesday addresses 165 vulnerabilities, including an actively exploited SharePoint Server spoofing flaw tracked as CVE-2026-32201.

Eight vulnerabilities are rated Critical, most others Important. The SharePoint issue stems from improper input validation and may allow attackers to view or modify sensitive information. Other notable fixes include remote code execution risks in Windows TCP/IP and Internet Key Exchange services, plus a Microsoft Defender privilege escalation flaw. Researchers note the TCP/IP issue could enable unauthenticated code execution under certain configurations.

Multiple industrial control system vendors released new security advisories following Patch Tuesday.

Siemens issued nine advisories, including critical Wi-Fi flaws in Scalance W-700 devices and high-severity issues in Sinec NMS, Ruggedcom Crossbow, and Industrial Edge Management. Aveva disclosed a critical authorization flaw in Pipeline Simulation. Rockwell warned customers to disconnect internet-exposed PLCs after reported threat activity.

Adobe’s latest Patch Tuesday resolves 55 vulnerabilities across 11 products, with five critical ColdFusion flaws receiving the company’s highest patch priority rating.

The ColdFusion issues could allow attackers to bypass security controls, read system files, and execute arbitrary code. Additional critical code execution bugs affect Acrobat Reader, Photoshop, Illustrator, and others. Adobe reports no in-the-wild exploitation for these flaws, though a separate Acrobat zero day disclosed earlier appears to have been exploited for months.

CISA directs furloughed employees back to work.  

The Cybersecurity and Infrastructure Security Agency has directed furloughed employees to return to work despite an ongoing federal funding lapse that reduced operations for weeks.

Department of Homeland Security officials ordered all employees, excepted and non-excepted, back to paid duty status after nearly eight weeks of furloughs affecting tens of thousands. During the lapse, only mission-essential staff remained active, while proactive threat hunting, vulnerability management, and resilience programs slowed or stopped. Officials said back pay is being processed, though future compensation still depends on congressional action.

Prolonged staffing reductions placed federal cyber defenses into a reactive posture and may leave lingering gaps across critical infrastructure support activities.

CISA has canceled its summer CyberCorps: Scholarship for Service internships, citing ongoing funding issues at the Department of Homeland Security.

Emails to applicants confirmed no interns will be onboarded this year, marking a second consecutive disruption for some participants. The National Science Foundation runs the program with the Office of Personnel Management and DHS, and officials say they expect most eligible students to be placed elsewhere within months.

The cancellations disrupt a key federal cybersecurity talent pipeline during broader hiring uncertainty and workforce reductions.

Experts warn Anthropic’s Glasswing signals a new era of AI-driven vulnerability discovery. 

A Cloud Security Alliance briefing warns Anthropic’s Project Glasswing signals the start of a sustained wave of AI-driven vulnerability discovery that security teams must prepare for now.

Contributors including former CISA Director Jen Easterly, Bruce Schneier, and former National Cyber Director Chris Inglis concluded Glasswing is an early example of capabilities expected to scale rapidly. The report says Anthropic’s Claude Mythos Preview autonomously identified thousands of vulnerabilities and generated working exploits across major platforms. Testing by the UK AI Security Institute found the model completed a 32-step corporate network attack simulation faster than humans typically require.

Researchers say the window between discovery and weaponization is shrinking to hours, creating patching pressure and shifting cyber risk planning toward board-level concern.

Federal prosecutors crack down on chip smuggling. 

Federal prosecutors have charged six individuals with smuggling billions of dollars’ worth of advanced artificial intelligence chips to China, underscoring gaps in U.S. export control enforcement.

Recent cases include three people linked to Super Micro Computer accused of routing about $2.5 billion in chips through Taiwan and other locations using falsified warehouses, and three others charged with shipping chips via contacts in Thailand. Officials say the activity reflects persistent demand inside China despite U.S. restrictions, while enforcement funding totaled $122 million in 2025, far below the scale of suspected trafficking.

Ongoing smuggling weakens export controls intended to limit China’s access to advanced computing power tied to national security concerns.

Sweden says a pro-Russian cyber group attempted to disrupt power plant operations. 

Sweden says a pro-Russian cyber group attempted to disrupt operations at a thermal power plant in spring 2025, but built-in protections prevented damage.

Civil Defence Minister Carl-Oskar Bohlin said Sweden’s Security Police linked the actor to Russian intelligence and security services. Officials report hybrid attacks tied to Russia have become more frequent and more dangerous since the invasion of Ukraine, including attempts to move beyond denial-of-service activity toward destructive operations targeting European infrastructure.

Attempted intrusions against energy infrastructure signal continued pressure on critical systems across Europe.

Elsewhere, Russia-linked hackers compromised more than 170 email accounts belonging to Ukrainian prosecutors and investigators, part of a broader campaign affecting at least 284 inboxes across Europe.

Data reviewed by Reuters and discovered by researchers at Ctrl-Alt-Intel shows the activity occurred between September 2024 and March 2026. Targets included Ukraine’s Specialized Prosecutor’s Office in the Field of Defense, Asset Recovery and Management Agency, and Prosecutor’s Training Center, along with military and government accounts in Romania, Greece, Bulgaria, and Serbia. Researchers attributed the campaign to a Moscow-linked group, though attribution to Fancy Bear remains disputed by some analysts.

The operation suggests sustained intelligence collection against officials investigating corruption, espionage, and collaboration tied to Russia.

A fake app in Apple’s App Store drains crypto wallets. 

A fake version of the Ledger Live cryptocurrency wallet app distributed through Apple’s App Store has been linked to at least $9.5 million in theft affecting more than 50 victims.

The phishing campaign ran from April 7 through April 13 and targeted users across Bitcoin, Ethereum-compatible networks, Tron, Solana, and XRP. Victims were prompted to enter recovery phrases, giving attackers control of their wallets. Blockchain investigator ZachXBT traced stolen funds through more than 150 KuCoin deposit addresses and a mixing service known as AudiA6. Apple later removed the app from the App Store.

Trusted software marketplaces remain effective delivery channels for credential theft targeting high-value crypto assets.

Virginia bans the sale of precise geolocation data. 

Virginia has enacted a new law banning the sale of precise geolocation data, signaling growing momentum among states to restrict data broker access to sensitive location information.

The measure prohibits sales of location data within a 1,750-foot radius, limiting the ability to identify where individuals live, work, worship, or seek services. The amendment to Virginia’s existing privacy law passed with unanimous bipartisan support and takes effect July 1. Similar restrictions already exist in Maryland and Oregon, while California, Connecticut, Massachusetts, and Vermont are considering related legislation. Policymakers and regulators have raised concerns that location data has been used to track national security officials and people visiting reproductive health clinics.

Tighter controls on geolocation data could reshape data broker practices and reduce risks tied to stalking, targeted scams, and sensitive location tracking. 

 

Do AI agents need their own software seats? 

Microsoft says a future workforce of AI agents may each need their own software logins, inboxes, and paid licenses, effectively turning automation into a new category of enterprise “seat.”

Microsoft executive Rajesh Jha suggested companies could deploy more agents than employees, yet still purchase more licenses because each agent would count as a user. Some analysts disagree, arguing fewer humans overseeing automated systems could instead reduce seat demand and pressure vendors to rethink pricing. The debate hinges on whether agents are independent workers or simply tools acting on behalf of people.

Treating software bots as billable coworkers could reshape enterprise pricing models, and perhaps redefine “headcount” in ways finance teams did not previously anticipate.

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

 

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re proud that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K helps cybersecurity professionals and organizations grow, learn, and stay ahead. We’re the nexus for discovering the people, tech, and ideas shaping the industry.  Learn how at n2k.com.

 

N2K’s lead producer is Liz Stokes. We’re mixed by  Tré Hester, with original music by and sound design Elliott Peltzman. Our contributing host is Maria Varmazis. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher. And I’m Dave Bittner. Thanks for listening.

CyberWire Daily
Podcast Info
HOST(S):
Dave Bittner
Dave Bittner is a security podcast host and one of the founders at CyberWire. He's a creator, producer, videographer, actor, experimenter, and entrepreneur. He's had a long career in the worlds of television, journalism and media production, and is one of the pioneers of non-linear editing and digital storytelling.
Schedule: Monday-Friday
Creator: N2K Networks, Inc.