Podcasts
CyberWire Daily
Ep 2578
The CyberWire Daily Podcast 6.23.26
Ep 2578 | 6.23.26

All eyes on AI.

Show Notes
Transcript

Five Eyes warns AI could supercharge cyberattacks within months. Tata Electronics confirms breach as stolen data allegedly includes Apple and Tesla documents. Researchers publish new analysis of FortiBleed. Gizmodo breach exposes readers to ClickFix malware campaign. BootROM exploit can bypass Apple's SecureROM. Scattered Spider members plead guilty in the UK. Attackers exploit Gravity SMTP flaw to harvest secrets From WordPress sites. Executive Order accelerates federal shift to post-quantum cryptography. Dave Bittner sits down with Ellen Boehm, the Senior Vice President of IoT Strategy & Operations at Keyfactor, to discuss NIST's progress in its PQC efforts. Keeping tabs on the tab-keepers.

Today is June 23rd, 2026. I’m Maria Varmazis in for Dave Bittner. And this is your CyberWire Intel Briefing.

We start with a correction: Yesterday's Podcast incorrectly stated that ReliaQuest was a victim of the Klue supply-chain attack campaign. ReliaQuest discovered the attack and reported it to Klue, but the company itself does not use Klue and was not affected.

Five Eyes warns AI could supercharge cyberattacks within months.

The Five Eyes intelligence alliance—made up of the United States, United Kingdom, Canada, Australia, and New Zealand—is warning that the next generation of AI models could dramatically reshape the cyber threat landscape in a matter of months, not years. In a rare joint statement, officials said so-called frontier AI models are expected to accelerate both offensive and defensive cyber capabilities, enabling attackers to identify vulnerabilities, develop exploits, and conduct sophisticated operations at unprecedented speed. The alliance urged organizations to focus on cybersecurity fundamentals, including rapid patching, reducing unnecessary internet exposure, and strengthening resilience before AI-driven attacks become more common. At the same time, the agencies encouraged defenders to adopt AI tools of their own to improve threat detection and incident response.

In related news, a new report is fueling debate over the cybersecurity capabilities of advanced AI systems. According to remarks attributed to Senator Mark Warner, NSA officials described a red-team exercise in which Anthropic's experimental Mythos model was able to compromise "almost all" targeted classified systems in hours rather than weeks. The claim has circulated widely, though outside experts caution that the statement lacks public technical details and may oversimplify what occurred in a controlled testing environment. 

Tata Electronics confirms breach as stolen data allegedly includes Apple and Tesla documents.

Tata Electronics, a major supplier to Apple and Tesla, has confirmed a cybersecurity incident affecting some of its systems after threat actors claimed to have stolen more than 630 gigabytes of data. Researchers who reviewed the leak say it contains over 200,000 files, including what appear to be Apple manufacturing specifications, Tesla engineering documents, employee records, emails, and operational data. Tata says the breach has not disrupted business operations, while Apple is reportedly investigating.

Researchers publish new analysis of FortiBleed.

SOCRadar yesterday published an updated analysis of the FortiBleed campaign that's targeted more than 430,000 Fortinet FortiGate devices since February 2026. SOCRadar attributes the operation to a financially motivated Initial Access Broker (IAB), likely based in Russia. 

The threat actor first gains administrative access to the FortiGate firewalls via credential stuffing and brute-force attacks, then deploys a tool dubbed "FortigateSniffer" that's designed to collect cleartext and hashed credentials from traffic passing through compromised devices. SOCRadar says this tool "abuses the FortiOS diagnose sniffer packet command across 24 protocols, distributed GPU cracking through Hashtopolis and Hashcat, and session-cookie replay for persistent access." 

SOCRadar found that the Fortibleed campaign used FortigateSniffer and other tools to harvest more than 110 million credentials.

Gizmodo breach exposes readers to ClickFix malware campaign.

Visitors to the technology news site Gizmodo were briefly exposed to a ClickFix malware campaign after attackers compromised the publication's content management system. The malicious code displayed fake verification prompts that attempted to trick readers into copying and running commands on their own computers, a hallmark of the increasingly popular ClickFix social-engineering technique. Gizmodo removed the malicious content after discovering the compromise. 

BootROM exploit can bypass Apple's SecureROM.

Researchers at Paradigm Shift have disclosed a new exploit affecting Apple's SecureROM, the foundational code of Apple's secure boot chain on iPhones, SecurityWeek reports. The exploit, dubbed "usbliter8," chains a hardware bug in the USB controller and a configuration flaw in the device firmware. The exploit is effective against iPhones with A12 and A13 chips, including iPhone XS, XR, and 11. 

An attacker would need physical access to a device in order to run the code, and the exploit itself does not grant access to user data due to Apple's SEP (Secure Enclave Processor) offering an additional layer of protection. The researcher say the exploit "doesn't affect SEP itself, [but] it opens up wider attack vectors to compromise the Secure Enclave." SecurityWeek notes that such an exploit could be useful for forensic vendors. 

Scattered Spider members plead guilty in the UK.

Two British men, 20-year-old Thalha Jubair from East London and eighteen-year-old Owen Flowers from the West Midlands, pleaded guilty yesterday to their involvement in the Scattered Spider criminal gang, the Record reports. The two were arrested in 2024 following a notable cyberattack against Transport for London (TfL). 

The UK's National Crime Agency said in a statement, "The pair compromised TfL’s network, forcing all 28,000 employees to attend a TfL office for a password reset. The organisation suffered a reported £29 million in loss and recovery costs. Data from TfL’s Oyster refunds system was accessed and the incident also affected TfL’s customer refund system, leaving some out of pocket for much longer than usual. It also closed down the application system for Oyster photocards for children and young people."

Attackers exploit Gravity SMTP flaw to harvest secrets From WordPress sites.

Wordfence is warning that attackers are actively exploiting a vulnerability in the Gravity SMTP WordPress plugin, which is installed on roughly 100,000 websites. The flaw, tracked as CVE-2026-4020, allows unauthenticated attackers to access detailed system reports containing server information, plugin inventories, and potentially sensitive credentials, including API keys and authentication tokens. Researchers have observed millions of exploitation attempts in recent weeks. Site administrators are being urged to update to Gravity SMTP version 2.1.5 or later, rotate any exposed credentials, and review logs for signs of compromise.

Executive Order accelerates federal shift to post-quantum cryptography.

President Trump has signed an executive order aimed at speeding the U.S. government's transition to post-quantum cryptography, recognizing the growing threat that future quantum computers could pose to today's encryption standards. The order moves up federal migration timelines, with key government systems expected to adopt quantum-resistant cryptography by 2030 and 2031. It is part of a broader push that also includes investments in quantum computing and quantum sensing technologies. 

 

After the break, Dave Bittner welcomes Ellen Boehm (‘baym’), Senior Vice President of IoT Strategy and Operations at Keyfactor, for a discussion on NIST's post-quantum cryptography efforts. And keeping tabs on the tab-keepers, stay with us. 

Recently Dave Bitter sat down with Ellen Boehm, Senior Vice President of IoT Strategy and Operations at Keyfactor, for a discussion on NIST's post-quantum cryptography efforts and the path to quantum readiness. Here is their conversation. 

That was Dave Bittner and Ellen Boehm, Senior Vice President of IoT Strategy and Operations at Keyfactor discussing NIST's post-quantum cryptography efforts and the path to quantum readiness. 

Keeping tabs on the tab-keepers.

And finally, a story that asks an uncomfortable question: if facial recognition can identify your critics, what else can it do? 

According to documents exposed in a recent data breach, Madison Square Garden maintained a file called "Facial Recognition Activists.docx" that tracked several prominent critics of the venue's facial recognition program. The document reportedly included background information, social media handles, quotes from media interviews, and screenshots of posts criticizing MSG's use of the technology.

MSG has used facial recognition technology since 2018, and the system has previously been used to identify people entering the venue and deny entry to certain individuals, including lawyers connected to firms involved in litigation with the company. The leaked document suggests the venue was also keeping tabs on some of the people most vocal about opposing the practice.

For privacy advocates, it's the kind of revelation that reinforces a longstanding concern: once surveillance technology is in place, questions inevitably follow about how that information is being used—and who ends up on the list.

Because it's one thing for facial recognition to recognize your face. It's another thing entirely when it appears to recognize your Twitter account, your media quotes, and apparently your position on biometric surveillance.

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

 

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re proud that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K helps cybersecurity professionals and organizations grow, learn, and stay ahead. We’re the nexus for discovering the people, tech, and ideas shaping the industry.  Learn how at n2k.com.

 

N2K’s lead producer is Liz Stokes. We’re mixed by  Tré Hester, with original music by and sound design Elliott Peltzman. Our contributing host is Maria Varmazis. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher. And I’m Dave Bittner. Thanks for listening.

CyberWire Daily
Podcast Info
HOST(S):
Dave Bittner
Dave Bittner is a security podcast host and one of the founders at CyberWire. He's a creator, producer, videographer, actor, experimenter, and entrepreneur. He's had a long career in the worlds of television, journalism and media production, and is one of the pioneers of non-linear editing and digital storytelling.
Schedule: Monday-Friday
Creator: N2K Networks, Inc.