The cost of trusting the extension ecosystem.

CyberWire Daily

N2K Networks, Inc.

Technology, Tech News, Daily News, News

4.8 • 1.1K Ratings

🗓️ 20 May 2026

⏱️ 27 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

GitHub confirms a breach tied to a malicious VS Code extension. Anthropic fights a Pentagon blacklist as the White House weighs new AI security rules. Drupal scrambles to patch a critical flaw. Cisco Talos tracks the evolution of BadIIS malware-for-hire. Signal adds anti-phishing safeguards, Microsoft cracks down on malware-signing services, and China says foreign spies hijacked domestic routers for phishing operations. Wireless carriers collaborate to kill dead zones. Our guest is Rob T. Lee, Chief AI Officer, Chief of Research, SANS Institute, discussing The Cloud Security Alliance’s “AI Vulnerability Storm” report. A book about misinformation contains helpful examples. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Rob T. Lee, Chief AI Officer, Chief of Research, SANS Institute, sharing Cloud Security Alliance’s The “AI Vulnerability Storm”: Building a “Mythos-ready” Security Program. Selected Reading GitHub confirms breach of 3,800 repos via malicious VSCode extension (Bleeping Computer) Trump AI executive order seeks early government access to frontier models (Axios) DC Circuit slams Pentagon blacklisting of Anthropic as overreach (Courthouse News Service) Drupal Issues Urgent Warning for Highly Critical Core Vulnerability (Beyond Machines) From PDB strings to MaaS: Tracking a commodity BadIIS ecosystem used by Chinese-speaking threat (Cisco Talos) Signal adds security warnings for social engineering, phishing attacks (Bleeping Computer) Disrupting Fox Tempest: A cybercrime service that turned “verified” software into a pathway for ransomware (Microsoft) China’s state security authorities uncover foreign agency using domestic routers as cyberattack proxies; users notice only slower speeds (Global Times) ‘The Future of Truth’ Contains Quotes Made Up by A.I. (The New York Times) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Transcript

Click on a timestamp to play from that location

0:00.0	You're listening to the Cyberwire Network, powered by N2K.
0:08.7	Do you know how the space and cybersecurity domains connect?
0:13.7	T-minus space-cyber briefing is your guide through the space-based systems that expand the attack surface.
0:20.2	I'm Maria Varmazis, host here at N2K Cyberwire,
0:23.9	and I'm excited to share that T-minus is back.
0:27.3	Now as a weekly podcast, the T-minus Space Cyber Briefing.
0:31.8	We have a new dedicated focus on two great things that are even better together,
0:36.9	space and cybersecurity.
0:39.3	Because whether we realize it or not, we all depend on space-based systems that are, by the way, increasingly Internet-enabled.
0:48.3	We're talking cybersecurity technologies, policies, and organizations that are securing the critical space-based infrastructure
0:55.2	that powers, protects, and connects our lives here on Earth. So join me for T-minus Space Cyber
1:01.9	Reefing, new episodes every Sunday.
1:15.9	Quick question. Have you watched Project Hail Mary yet?
1:21.7	Humanity is facing an existential threat and racing to solve it with the clock ticking.
1:45.7	For security teams, that probably hits close to home with AI use, rapidly spreading. Everyone's using AI, marketing, sales, engineering. Chris the intern without security even knowing about it. That's where Nudge security comes in. Nudge finds shadow AI apps, integrations, and agents on day one and helps you enforce policy without blocking productivity.
1:50.8	Try it free at nudgesecurity.com slash cyberwire. GitHub confirms a breach tied to a malicious VS code extension,
2:08.0	Anthropic fights, a Pentagon blacklist, as the White House weighs new AI security rules.
2:13.3	Drupal scrambles to patch a critical flaw.
2:16.0	Cisco Talos tracks the evolution of bad eyes malware for hire.
2:20.9	Signal adds anti-fishing safeguards and Microsoft cracks down on malware signing services.
2:26.7	China says foreign spies hijacked domestic routers for fishing operations.
2:31.4	Wireless carriers collaborate to kill dead zones.
	...

Transcript will be available on the free plan in 13 days. Upgrade to see the full transcript now.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from N2K Networks, Inc., and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of N2K Networks, Inc. and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.