Podcasts
CyberWire Daily
Ep 2533
The CyberWire Daily Podcast 4.17.26
Ep 2533 | 4.17.26

Temporary fix for Section 702.

Show Notes
Transcript

The House extends Section 702, for now. Mythos raises fresh cyber risk concerns. CISA warns of reduced capacity. ZionSiphon targets Israeli water systems. Operation PowerOFF hits DDoS-for-hire networks. CISA flags an actively exploited ActiveMQ flaw. WordPress plugin supply chain attacks spread. China tests deep-sea cable-cutting tech. Our guest is Arvind (Nitro) Nithrakashyap, CTO and Co-Founder of Rubrik, discussing AI as the next frontier. Tim Starks from CyberScoop takes us Inside the FBI’s recent router takedown. A DraftKings data dealer meets his downfall.

Today is Friday April 17th 2026. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

The House gives section 702 a short term extension. 

The House voted Friday by unanimous consent to extend Section 702 of the Foreign Intelligence Surveillance Act until April 30 - ten whole days - avoiding its scheduled expiration Monday. Earlier attempts by GOP leaders to secure longer renewals, including a five-year extension and an 18-month plan requested by President Trump, failed. Section 702 allows U.S. intelligence agencies to collect electronic communications from foreign nationals abroad, though some collected data includes exchanges with Americans. Lawmakers from both parties have long pushed reforms requiring court approval before reviewing Americans’ information, while intelligence officials argue such limits would weaken national security capabilities. Recent compromise changes did not satisfy privacy advocates. If the authority lapses, intelligence collection could continue but may face legal challenges from telecommunications and technology companies required to assist the government.

Mythos proves irresistible. 

The U.S. government is preparing safeguards that could allow federal agencies to access a modified version of Anthropic’s advanced AI model, Mythos, amid concerns it could significantly increase cybersecurity risks. In an email to Cabinet-level technology and cybersecurity officials, the White House Office of Management and Budget said agencies should expect more details in the coming weeks, though no timeline or access decisions were confirmed. Anthropic has limited Mythos distribution due to fears it could help hackers identify critical vulnerabilities, even as officials have encouraged select organizations to use it defensively. Some agencies, including Treasury, have sought access for internal security testing. The move reflects growing government interest despite legal disputes with Anthropic and internal warnings that the model could transform attackers’ capabilities and complicate national defense risk assessments.

Yesterday, a House Oversight subcommittee roundtable on artificial intelligence highlighted bipartisan concern about the technology’s rapid development and potential risks. Lawmakers raised issues including federal workers using AI with sensitive data, deepfake pornography, military decision constraints, climate impacts, and cybersecurity threats from advanced models like Anthropic’s Mythos. Members also noted AI’s economic and medical potential but warned Congress may struggle to keep pace with its effects. Experts urged stronger policy engagement and federal investment in AI safety research to maintain national competitiveness and manage emerging risks.

Bloomberg reports on the revelations surrounding the latest AI model. AI researcher Nicholas Carlini discovered Anthropic’s Mythos model could autonomously identify and exploit critical software vulnerabilities within hours of testing, raising major cybersecurity concerns. Internal red-team researchers concluded the model posed national security risks because it could generate advanced intrusion tools and uncover flaws typically found only by elite hackers. Anthropic limited Mythos’ release and instead positioned it as a defensive cybersecurity tool for select organizations. Officials and industry leaders warned the model could significantly shift the balance between attackers and defenders.

CISA’s chief warns lawmakers of reduced capacity. 

CISA’s acting director Nick Andersen warned lawmakers that a prolonged government shutdown and staffing shortages have reduced the agency to about 40% operational capacity, straining its ability to defend federal networks and critical infrastructure. The administration’s proposed $2.5 billion budget prioritizes core cybersecurity missions, but lawmakers questioned whether reduced resources can support expanding threat demands. Officials said vacancies, including 329 critical roles, have already had “detrimental capacity impacts” on operations. While CISA continues issuing emergency directives and vulnerability guidance, leaders said funding constraints are forcing the agency to focus on the highest-risk sectors tied to national security, public health, and economic continuity, raising concerns about sustained resilience across the broader critical infrastructure landscape.

ZionSiphon targets Israeli water treatment facilities. 

Researchers at Darktrace identified ZionSiphon, a new malware designed to target operational technology systems at Israeli water treatment and desalination facilities. The unfinished malware searches for industrial control system protocols such as Modbus and S7comm and configuration files tied to chlorine levels and water pressure, indicating intent to cause physical disruption rather than steal data. It spreads via USB drives, disguises itself as a legitimate Windows process, and maintains persistence through registry changes. Despite coding flaws that limit reliability, researchers warned the tool highlights ongoing risks to critical infrastructure systems.

Operation PowerOFF disrupts global DDoS-for-hire services. 

Law enforcement agencies from more than 20 countries coordinated under Operation PowerOFF to disrupt DDoS-for-hire, or “booter,” services by seizing infrastructure and analyzing databases tied to over 3 million criminal user accounts. Authorities removed more than 100 related URLs, issued blockchain warning messages to offenders, and ran prevention campaigns targeting potential users. Officials said the effort aims to curb accessible cyberattack tools that enable low-skill actors to disrupt websites and services, while continuing international actions to dismantle remaining infrastructure and deter future attacks.

CISA flags a high-severity Apache ActiveMQ vulnerability under active exploitation. 

CISA warned that a high-severity Apache ActiveMQ vulnerability, tracked as CVE-2026-34197, is being actively exploited and requires urgent patching. The flaw, undetected for 13 years, allows authenticated attackers to execute arbitrary code through input validation weaknesses. Horizon3 researchers identified the issue, and Apache patched it March 30. CISA added the bug to its Known Exploited Vulnerabilities catalog and ordered federal agencies to remediate by April 30. More than 7,500 exposed servers remain online, increasing risk to organizations running ActiveMQ.

WordPress sites fall victim to plugin supply chain gaps. 

An attacker purchased more than 30 WordPress plugins from the Essential Plugin portfolio and inserted a hidden backdoor that remained dormant for eight months before activating in April 2026 to deliver cloaked SEO spam to Googlebot. WordPress.org closed 31 affected plugins on April 7, but compromised sites required manual cleanup. In a separate incident the same week, attackers breached Smart Slider 3 Pro’s update infrastructure, distributing a backdoored version to sites using automatic updates. Both cases exposed a structural weakness in the WordPress ecosystem: there is no review of plugin ownership transfers and no code-signing requirement for updates. Researchers warned these gaps allow attackers to purchase trusted plugins, weaponize updates, and compromise large numbers of sites through the software supply chain.

The Chinese demonstrate new deep sea cable cutting technology. 

A Chinese research vessel tested a device capable of cutting submarine communications cables at depths of about 3,500 meters, highlighting potential risks to global undersea infrastructure. According to Chinese state-linked reporting, the tool uses a diamond-coated grinding wheel powered by an electro-hydrostatic actuator and may operate as deep as 4,000 meters. Researchers described the technology as supporting marine resource development, but analysts warned it has clear dual-use implications. The demonstration follows multiple incidents involving Chinese-registered ships damaging subsea cables and pipelines, though Beijing has called those events accidental. Experts said the capability underscores growing concern over the vulnerability of the world’s 1.5 million kilometers of submarine cables, which carry critical internet and communications traffic and are increasingly viewed as potential strategic targets.

A DraftKings data dealer meets his downfall. 

Kamerin Stokes, a 23-year-old from Memphis, has been sentenced to 30 months in prison for reselling access to tens of thousands of hacked DraftKings accounts, apparently treating credential-stuffing fallout as a retail opportunity. The accounts were originally compromised in a 2022 attack by co-conspirators using breach-sourced passwords, enabling theft of roughly $635,000 from about 1,600 users. Stokes bought account access in bulk and flipped it through his own online “shop,” then, after pleading guilty, briefly reopened the operation under the memorable slogan “fraud is fun,” explaining he needed to pay his lawyer. Authorities disagreed with the business plan. He was returned to custody, ordered to pay more than $1.3 million in restitution, and given three years of supervised release, closing what prosecutors described as a remarkably persistent side hustle.

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

 

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re proud that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K helps cybersecurity professionals and organizations grow, learn, and stay ahead. We’re the nexus for discovering the people, tech, and ideas shaping the industry.  Learn how at n2k.com.

 

N2K’s lead producer is Liz Stokes. We’re mixed by  Tré Hester, with original music by and sound design Elliott Peltzman. Our contributing host is Maria Varmazis. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher. And I’m Dave Bittner. Thanks for listening.

CyberWire Daily
Podcast Info
HOST(S):
Dave Bittner
Dave Bittner is a security podcast host and one of the founders at CyberWire. He's a creator, producer, videographer, actor, experimenter, and entrepreneur. He's had a long career in the worlds of television, journalism and media production, and is one of the pioneers of non-linear editing and digital storytelling.
Schedule: Monday-Friday
Creator: N2K Networks, Inc.