Podcasts
CyberWire Daily
Ep 2498
The CyberWire Daily Podcast 2.27.26
Ep 2498 | 2.27.26

Leadership shakeup at CISA.

Show Notes
Transcript

CISA’s acting director exits. Trump’s pick to lead the NSA hits Senate headwinds. The Pentagon pressures Anthropic over AI guardrails. A new WiFi attack sidesteps encryption. CISA flags flaws in EV chargers. Juniper patches a critical router bug. ManoMano discloses a massive breach. Europol cracks down on The Com. Greece delivers verdicts in Predatorgate. An alleged carding kingpin lands in U.S. custody. Jeff Williams, Founder of OWASP and Co-Founder/CTO of Contrast Security, shares how NIST is rethinking its role in analyzing software vulnerabilities as EU launches GCVE. Meta’s mischievous monocles meet their match.

Today is Friday February 27th 2026. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

CISA’s acting director steps down. 

Madhu Gottumukkala is stepping down as acting director of the Cybersecurity and Infrastructure Security Agency, with current executive director for cybersecurity Nick Andersen taking over as interim leader. The change comes one day after CyberScoop reported bipartisan criticism of the agency’s performance during the first year of the Trump administration, including scrutiny of Gottumukkala’s leadership.

A Department of Homeland Security official told CyberScoop that Gottumukkala helped refocus CISA on its statutory mission and reduced contracts to save taxpayer dollars. He will now serve as DHS director of strategic implementation. Sean Plankey’s nomination to lead CISA full time remains stalled.

Andersen, who has held cybersecurity roles at the Coast Guard, Navy, and Department of Energy, has received more favorable reviews from industry and cyber professionals. The leadership shift coincides with reports that CISA Chief Information Officer Robert Costello is also departing.

Trump’s NSA pick faces Democratic resistance in the Senate. 

Sen. Ron Wyden, a senior Democrat on the Senate Intelligence Committee, is seeking to block Lt. Gen. Joshua Rudd’s nomination to lead the National Security Agency and U.S. Cyber Command, citing concerns about his qualifications and understanding of constitutional safeguards. Wyden wrote in the Congressional Record that Rudd is not qualified and warned that national cybersecurity leaves no room for on-the-job learning.

The Pentagon praised Rudd’s qualifications and urged swift confirmation. A congressional aide said the Republican-controlled Senate could override Wyden’s hold with a majority vote. The leadership dispute follows President Donald Trump’s April firing of former NSA Director Gen. Timothy Haugh.

During his confirmation hearing, Rudd pledged to follow the law but declined to explicitly oppose warrantless surveillance of U.S. citizens, drawing sharp criticism from Wyden.

The Trump administration pressures Anthropic to loosen ethical limits on Claude. 

The Trump administration is pressuring Anthropic to loosen ethical limits on its AI model Claude or risk losing Pentagon business and being labeled a supply chain risk. Defense Secretary Pete Hegseth has given the company a Friday deadline. CEO Dario Amodei says Anthropic cannot agree to contract terms that could allow mass surveillance of Americans or fully autonomous weapons.

Pentagon officials say they want to use the model for all lawful purposes and deny plans for illegal surveillance or autonomous weapons. They have warned they could cancel the contract, designate Anthropic a supply chain risk, or invoke the Defense Production Act.

Lawmakers, tech workers, and former defense AI lead Jack Shanahan have voiced concern. This dispute highlights growing tension between military AI ambitions and industry guardrails.

AirSnitch bypasses WiFi security. 

New research reveals that a technique dubbed AirSnitch can bypass client isolation protections across a wide range of Wi-Fi routers, potentially enabling powerful machine-in-the-middle attacks. The researchers say the flaw stems from weaknesses in the lowest layers of the network stack, allowing attackers with network access to intercept and modify traffic even when encryption such as WPA2 or WPA3 is in place.

Tested devices from vendors including Netgear, D-Link, Ubiquiti, and Cisco were all vulnerable to at least one variant. While the attack does not break Wi-Fi encryption itself, it sidesteps safeguards designed to prevent devices on the same network from communicating directly.

Experts caution that AirSnitch requires prior network access, limiting its scope. Still, it reopens risks similar to early Wi-Fi attacks and underscores the fragility of long-standing wireless trust assumptions.

CISA warns of vulnerable EV charging platforms. 

The Cybersecurity and Infrastructure Security Agency reports four critical vulnerabilities in the SWITCH EV charging platform, affecting all versions of swtchenergy.com. The flaws, tracked as CVE-2026-27767, CVE-2026-25113, CVE-2026-25778, and CVE-2026-27773, could allow attackers to impersonate chargers, hijack sessions, conduct brute-force attacks, and disrupt services. No patches are available, and SWITCH EV has not responded to coordination efforts. CISA warns the issues could disrupt energy and transportation operations and urges network isolation, firewalls, and secure virtual private networks for remote access.

Juniper Networks patches a critical flaw affecting PTX series routers. 

Juniper Networks has issued an out-of-band update for Junos OS Evolved to patch CVE-2026-21902, a critical flaw affecting PTX series routers. The vulnerability allows an unauthenticated attacker with network access to exploit the On-Box Anomaly detection framework and execute arbitrary code with root privileges. The service is enabled by default. Juniper released fixes in versions 25.4R1-S1-EVO and 25.4R2-EVO and says there is no evidence of active exploitation. Experts warn a compromised PTX router could enable traffic interception and lateral network movement.

DIY marketplace ManoMano suffers a data breach. 

Approximately 38 million customers of ManoMano, a France-based online marketplace for DIY, gardening, and home improvement products, were likely impacted by a January data breach. The company, which attracts more than 50 million monthly visitors across five European countries, disclosed that attackers accessed a customer support portal through a compromised subcontractor.

Stolen data includes names, email addresses, phone numbers, and customer service exchanges. A threat actor known as “Indra” claimed on BreachForums to have taken 43GB of data tied to 37.8 million accounts, allegedly via the company’s Zendesk platform.

Europol disrupts The Com. 

A global law enforcement effort led by Europol has disrupted “The Com,” a loose online collective tied to ransomware, extortion, and violent activity. The operation, known as Project Compass, targeted a network largely made up of teenage boys and young men linked to attacks on retailers including Marks and Spencer, The Co-op, and Harrods in 2025, as well as Las Vegas casinos in 2023.

Authorities say the group used phishing, voice phishing, and SIM swapping to hijack accounts and breach networks. Officials also warn The Com engaged in blackmail and child exploitation, with growing ties to extremist and Russian cybercriminal groups.

Over the past year, Project Compass led to 30 arrests and identified 179 suspects, according to Europol’s European Counter Terrorism Centre.

A Greek court sentences four people over the “Predatorgate” spyware scandal.  

A Greek court has sentenced four people, including two Israelis, over the “Predatorgate” spyware scandal that targeted politicians, journalists, and business leaders. The case began in 2022 after opposition leader Nikos Androulakis (andrew-LAH-kiss) discovered Predator spyware on his phone.

Those convicted include Tal Dilian, founder of Intellexa, and three associates. They received combined sentences totaling more than 126 years, with eight years to be served.

The Greek government has denied using the spyware, and in 2024 the Supreme Court cleared state officials. Androulakis has appealed to the European Court of Human Rights.

An alleged notorious carder gets extradited to the U.S. 

A 24-year-old Chilean national, Alex Rodrigo Valenzuela Monje, has been extradited to the United States over allegations he operated an online marketplace selling stolen payment card data. Known online as VAL4K, he was arraigned in federal court in Utah on charges related to trafficking unauthorized access devices and transferring identification information for criminal purposes.

Prosecutors allege he ran Telegram channels from 2021 to 2023 that sold thousands of compromised card records, including account numbers and security codes. Indicted in 2023, he was extradited in February 2026 and has pleaded not guilty.

Meta’s mischievous monocles meet their match. 

In the escalating arms race between wearable tech and personal privacy, a hobbyist sociologist has entered the chat. Yves Jeanrenaud built an Android app called Nearby Glasses that scans for the Bluetooth signatures of smart glasses, including those made by Meta in partnership with Luxottica Group S.p.A., and sends a polite but pointed alert: smart glasses are probably nearby.

The app listens for Bluetooth Low Energy advertising signals and flags devices tied to Meta or Snap. It may produce false positives, as one test confused a Meta Quest headset for eyewear, but it reflects growing unease as companies add artificial intelligence features. The New York Times recently reported Meta is exploring facial recognition for its glasses.

Jeanrenaud calls his project “a tiny part of resistance.” It will not stop surveillance culture. But it might at least let you know when it is looking back at you.

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com. 

And that’s the CyberWire Daily, brought to you by N2K CyberWire.

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re proud that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K helps cybersecurity professionals and organizations grow, learn, and stay ahead. We’re the nexus for discovering the people, tech, and ideas shaping the industry.  Learn how at n2k.com.

N2K’s lead producer is Liz Stokes. We’re mixed by  Tré Hester, with original music by and sound design Elliott Peltzman. Our contributing host is Maria Varmazis. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher. And I’m Dave Bittner. Thanks for listening.

CyberWire Daily
Podcast Info
HOST(S):
Dave Bittner
Dave Bittner is a security podcast host and one of the founders at CyberWire. He's a creator, producer, videographer, actor, experimenter, and entrepreneur. He's had a long career in the worlds of television, journalism and media production, and is one of the pioneers of non-linear editing and digital storytelling.
Schedule: Monday-Friday
Creator: N2K Networks, Inc.