AI behind the velvet rope.

The White House keeps frontier AI models on a short leash. Russian threat actors increasingly target secure messaging platforms. DirtyClone is a high-severity Linux kernel privilege escalation flaw. An investigation claims federal websites are violating privacy rules. Microsoft dismantles a sophisticated malicious browser extension campaign. Setting up a GitHub repository could trick AI coding agents into executing malicious payloads. The DOJ shuts down illegal World Cup streamers. An Anonymous-linked hacker gets 18 months for website defacement. Monday business briefing. Dylan Sandlin, Program Manager for Digital and Cybersecurity Content at the National Association of Corporate Directors (NACD), discusses cyber risk as a board concern. In healthcare AI, patient privacy needs a second opinion.

Today is Monday June 29th 2026. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

The White House keeps frontier AI models on a short leash. 

The Trump administration is taking a more interventionist approach to frontier artificial intelligence, treating advanced AI less like commercial software and more like strategically important, dual-use technology. Over the weekend, officials approved limited access to Anthropic’s Mythos 5 for a small group of vetted US organizations while overseeing a tightly controlled preview of OpenAI’s GPT-5.6 family. The moves come as Chinese firms rapidly advance AI-powered cybersecurity capabilities, with reports suggesting competitors are approaching Mythos’s performance in vulnerability discovery. Notably, OpenAI argues GPT-5.6 remains below the cyber-risk threshold that prompted tighter controls on Mythos. The broader trend suggests governments may increasingly regulate frontier AI like export-controlled technology, even as foreign competitors continue developing comparable systems that could outpace regulatory efforts.

Russian threat actors increasingly target secure messaging platforms. 

U.S. cybersecurity officials are warning that Russian intelligence-linked threat actors are increasingly targeting secure messaging platforms, particularly Signal, through sophisticated phishing campaigns that steal verification codes and account PINs. In a joint advisory, CISA and the FBI said attackers impersonate trusted contacts, service providers, or security teams to trick users into surrendering authentication credentials, allowing them to hijack accounts despite Signal’s end-to-end encryption remaining secure. The campaign primarily targets government personnel, military members, journalists, and activists, but officials warn the tactics could affect any user. The agencies recommend enabling Signal’s registration lock, never sharing verification codes or PINs, verifying unexpected requests through secondary channels, and staying alert to malicious links and spoofed websites. The advisory underscores that nation-state actors increasingly exploit user trust rather than encryption flaws.

DirtyClone is a high-severity Linux kernel privilege escalation flaw. 

JFrog has released technical details and a proof of concept for DirtyClone, a high-severity Linux kernel privilege escalation flaw tracked as CVE-2026-43503. The vulnerability is part of the DirtyFrag family and exploits flaws in how the kernel handles shared memory between the page cache and networking buffers, allowing local users to gain root privileges. Systems missing the full chain of related patches remain vulnerable, particularly Debian, Fedora, and Ubuntu. JFrog warns the flaw poses significant risk to multi-tenant cloud environments, Kubernetes clusters, and containerized workloads.

An investigation claims federal websites are violating privacy rules. 

A Guardian investigation alleges that the White House’s National Design Studio, created in 2025 and staffed largely by former Department of Government Efficiency personnel, has quietly rebuilt several federal websites handling passports, voter registration, prescription drug pricing, and children’s savings accounts. The report claims the sites used commercial tracking software without required federal privacy disclosures and operated outside normal government oversight, with no publicly documented funding or contracting records. Privacy advocates argue the arrangement could violate federal law and concentrate sensitive citizen data under White House control. The White House said National Design Studio personnel comply with all legal requirements and are improving public access to government services. Following the Guardian’s inquiries, the reported tracking software was reportedly removed from some sites. Questions about the office’s oversight, funding, and data handling remain unresolved.

Microsoft dismantles a sophisticated malicious browser extension campaign. 

Microsoft has dismantled StegoAd, a sophisticated malicious browser extension campaign that operated on the Edge Add-ons store for at least two years, infecting roughly 2.6 million users through 119 seemingly legitimate extensions. The malware remained dormant for days after installation and concealed its payload using steganography, hiding malicious JavaScript inside image and font files to evade detection. Once activated, the extensions performed ad fraud, hijacked affiliate commissions, stole Google and WordPress credentials, and provided attackers with a remote code execution backdoor. Microsoft observed the campaign continually evolving its evasion techniques as defenses improved. While Microsoft has not attributed the operation, Koi Security has linked related infrastructure to the Chinese threat group DarkSpectre. Users are advised to remove affected extensions immediately and reset potentially compromised credentials.

Setting up a GitHub repository could trick AI coding agents into executing malicious payloads. 

Researchers at Mozilla’s Zero Day Investigative Network (0DIN) have demonstrated a proof-of-concept attack showing how AI coding agents such as Claude Code could be tricked into executing a hidden malicious payload while setting up an otherwise benign GitHub repository. The technique requires no malicious code in the repository itself. Instead, the AI follows standard setup instructions, automatically runs an initialization command to resolve an error, then executes a shell script that retrieves a command from an attacker-controlled DNS record. The result is an interactive shell running with the developer’s privileges, potentially exposing API keys, configuration files, and other sensitive data. While currently theoretical, researchers warn the method could be distributed through fake job postings or tutorials and recommend AI agents disclose the complete execution chain for all setup commands, including dynamically fetched code.

The DOJ shuts down illegal World Cup streamers. 

The U.S. Justice Department has seized nearly 400 domains used to illegally stream 2026 FIFA World Cup matches as part of Operation Offsides, a coordinated international enforcement effort. Working with law enforcement agencies in multiple countries and partners including FIFA and the Alliance for Creativity and Entertainment, authorities targeted piracy infrastructure across Europe and Latin America. Officials said the illegal streaming sites not only violated copyright laws but also exposed users to malware and other cybersecurity risks. The seized domains now display law enforcement notices.

An Anonymous-linked hacker gets 18 months for website defacement. 

Anonymous-linked hacker Aubrey Cottle has been sentenced in Canada to 18 months in prison after pleading guilty to charges related to the 2021 defacement of the Texas Republican Party website. The attack, carried out after compromising web hosting provider Epik, replaced the site’s homepage with protest content opposing a Texas abortion law and involved the theft of 180 gigabytes of sensitive data, which Cottle later shared online. Cottle, a former security researcher, has already served much of his sentence in pretrial custody but still faces possible extradition to the United States, where separate federal charges could carry an additional five-year prison term. In court, Cottle expressed remorse and said he plans to complete his education and start a cybersecurity company.

Monday business briefing. 

Cybersecurity companies attracted significant investment and deal activity last week, led by Israeli operational technology security firm Dream, which raised $260 million at a $3 billion valuation to expand its sovereign AI and national cyber defense platforms globally. Spanish AI security startup NeuralTrust secured $20 million in seed funding to advance its agentic AI security platform and expand across Europe, while India’s Mitigata raised $15 million to grow its cybersecurity compliance and resilience platform. Mergers and acquisitions were equally active. Accenture acquired a majority stake in Dragos and fully acquired runZero and NetRise in deals valued at roughly $4.2 billion, integrating the companies into Dragos’ industrial security platform. Elsewhere, Francisco Partners acquired EfficientIP, Cisco announced plans to buy identity security startup WideField Security, France’s iDAKTO acquired Stelau, and workforce training firm mthree purchased cybersecurity education provider CAPSLOCK.

 

In healthcare AI, patient privacy needs a second opinion. 

Medical AI may be good at spotting disease, but it also appears surprisingly good at remembering who taught it. Researchers in Germany found that so-called membership inference attacks can identify, with near-perfect accuracy, whether an individual’s medical data was used to train diagnostic AI models. That could expose sensitive information about a patient’s medical history, even when training datasets are anonymized. The risk is especially high for underrepresented groups, whose data stands out more in training sets. Attackers need only partial patient data, such as blood test results, to probe a model’s confidence and infer membership. Given the frequency of healthcare data breaches, researchers argue the threat is far from theoretical. They recommend stronger privacy protections, including differential privacy techniques, broader representation in training datasets, and privacy audits that measure risks to individual patients, not just overall datasets.

It turns out AI isn’t just learning from patients. It’s remembering them. In healthcare, that’s one diagnosis nobody wants.

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

 

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re proud that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K helps cybersecurity professionals and organizations grow, learn, and stay ahead. We’re the nexus for discovering the people, tech, and ideas shaping the industry.  Learn how at n2k.com.

 

N2K’s lead producer is Liz Stokes. We’re mixed by  Tré Hester, with original music by and sound design Elliott Peltzman. Our contributing host is Maria Varmazis. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher. And I’m Dave Bittner. Thanks for listening.