The CyberWire Daily Podcast 7.14.26
Ep 2592 | 7.14.26

The ransomware toll road.

Transcript

Treasury sanctions a VPN provider tied to ransomware. The Pentagon hits pause on CMMC audits. Critical flaws surface in Google Cloud’s Dialogflow CX. Estée Lauder discloses a data breach. Mobile networks become a battlefield for tracking U.S. personnel. Australia calls out Big Tech over child safety. SAP patches critical bugs. CISA flags an actively exploited Cisco flaw. And the federal government accelerates AI investments. Our guest is Bogdan Botezatu, Senior Director, Threat Research and Reporting at Bitdefender, talking about Cyberthreats to Journalists and Influencers. AI costs savings come at a price.

Today is Tuesday July 14th 2026. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

Treasury sanctions a VPN provider. 

The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has sanctioned VPN provider First VPN Service (1VPNS), its administrator Dmytro Rashevskyi, and Belarusian cryptor seller Yegeniy Vladimirovich Silayev for supporting ransomware operations targeting U.S. organizations. According to Treasury, 1VPNS marketed itself to cybercriminals by promising no user logs and no cooperation with law enforcement, while Rashevskyi allegedly used false identities to obtain hosting infrastructure. The sanctions follow the May takedown of 1VPNS during the multinational Operation Saffron, which resulted in server seizures, Rashevskyi’s arrest, and the exposure of thousands of suspected cybercriminal users. Treasury said ransomware campaigns using 1VPNS and Silayev’s cryptors caused billions in losses. Officials say the action targets the broader ecosystem of services that enable ransomware, not just the operators themselves.

The Pentagon suspends CMMC requirements. 

The Pentagon has suspended Cybersecurity Maturity Model Certification (CMMC) Phase II requirements, delaying mandatory third-party cybersecurity assessments that were set to take effect in November 2026. Defense officials said the move is intended to reduce administrative burdens, particularly for small and non-traditional contractors, while maintaining existing cybersecurity standards. Companies will still be required to comply with NIST SP 800-171 through self-assessments, but the department is eliminating third-party audits during a 60-day review of the program. Officials cited a shortage of certified assessors, noting that more than 100,000 defense contractors would have needed audits from only about 100 available assessors. The Pentagon says the review will seek a more practical approach that strengthens cybersecurity without slowing defense production or limiting participation by smaller companies.

Researchers uncover critical vulnerabilities in Google Cloud’s Dialogflow CX. 

Researchers at Varonis uncovered critical vulnerabilities in Google Cloud’s Dialogflow CX that could have allowed attackers to hijack AI agents, steal credentials, and access chat logs. The flaws stemmed from custom Python Code Blocks running in a shared Cloud Run environment with excessive privileges, potentially allowing a compromise of one agent to affect all others in the same project. Google patched the issues between April and June 2026. Organizations are advised to review audit logs and inspect Code Blocks for unauthorized changes.

Estée Lauder suffers a data breach. 

The Estée Lauder Companies has disclosed a data breach that exposed sensitive personal and health information, according to a filing with the Vermont Attorney General. The compromised data may include Social Security numbers, health records, financial account information, and government-issued identification numbers. The company has not disclosed how the breach occurred or how many individuals were affected. Estée Lauder said it is investigating the incident, working with law enforcement, and notifying potentially impacted individuals. Recipients are encouraged to verify any breach notifications through the company’s official channels.

Middle Eastern telecom networks were hacked to track U.S. military personnel and contractors. 

Middle Eastern telecom networks experienced a wave of cyberattacks during the conflict with Iran that appeared aimed at tracking the locations of U.S. military personnel and contractors, The Financial Times reports. According to telecom data reviewed by security researchers, attackers used SS7 location requests, a longstanding vulnerability in mobile networks, to target phones roaming outside their home networks. U.S. and regional officials suspect Iran or affiliated actors, though attribution has not been confirmed. Separate reports also suggest Iranian-linked actors may have abused commercial smartphone advertising data to identify U.S. personnel in Iraqi Kurdistan. Lawmakers have renewed concerns that mobile network vulnerabilities and the commercial sale of location data expose military personnel to surveillance. U.S. Central Command acknowledged receiving reports of adversaries exploiting commercial location data and said it implemented additional force protection measures, while emphasizing that data tracking did not play a significant role in attacks on U.S. forces.

Australia says big tech companies fail to protect kids. 

Australia’s eSafety regulator says major technology companies, including Apple, Meta, and Google, continue to have significant shortcomings in preventing child sexual abuse and online sexual extortion. A new transparency report found that many platforms are not fully using available technologies, such as language analysis tools, to detect common coercion tactics used by offenders. The regulator also identified weaknesses in user reporting tools across services including WhatsApp, iMessage, Discord, and Google Messages. Between July and December 2025, eSafety received more than 2,000 reports of sexual extortion, with young adults most affected. While the report highlights progress by companies including Google, Meta, Microsoft, Snap, and Discord in detecting abuse and grooming, it concludes that broader adoption of existing safety technologies remains insufficient to address the growing threat.

SAP patches multiple critical vulnerabilities. 

SAP has released security updates addressing 16 vulnerabilities across multiple products, including three critical flaws affecting NetWeaver, Commerce Cloud, and AppRouter. The most severe, tracked as CVE-2026-44747, is a memory corruption vulnerability in SAP NetWeaver Application Server ABAP that could allow an authenticated attacker to exploit memory management flaws, potentially leading to unauthorized data access, data modification, or system outages. SAP said the vulnerability poses a high risk to the confidentiality, integrity, and availability of affected systems.

CISA orders patching of a critical Cisco IOS vulnerability. 

CISA has added the critical Cisco IOS vulnerability CVE-2008-4128 to its Known Exploited Vulnerabilities (KEV) catalog, requiring U.S. federal agencies to remediate it under Binding Operational Directive 22-01. The flaw affects Cisco IOS 12.4 on Cisco 871 Integrated Services Routers and involves cross-site request forgery (CSRF) vulnerabilities that could allow attackers to trick authenticated administrators into executing arbitrary commands. CISA also urges private organizations to review the KEV catalog and address affected systems to reduce cybersecurity risk.

The federal Technology Modernization Fund calls for AI investment proposals. 

The federal Technology Modernization Fund is moving quickly to invest in generative AI before its current funding authority expires on September 30. Federal agencies have until July 24 to submit proposals for AI and permitting technology projects, with awards expected before the deadline. Acting Executive Director Jessie Posilkin says the effort is intended to help agencies adopt AI responsibly while building on previous investments in cloud modernization, cybersecurity, and automation. Developed with the General Services Administration’s USAi team, the initiative will fund projects that improve AI-ready infrastructure, prepare data, test emerging applications, and deploy secure enterprise AI capabilities. The accelerated timeline reflects uncertainty over the fund’s long-term future. Since launching in 2017, the Technology Modernization Fund has invested more than $1 billion in roughly 70 projects across the federal government.

 

AI costs savings come at a price. 

The AI honeymoon may be ending as enterprises discover that unlimited curiosity comes with a very real price tag. According to leaked internal communications obtained by 404 Media, companies including Atlassian, Adobe, Amazon, and Citi are reining in employee access to advanced AI models after usage costs ballooned. Some organizations are steering workers toward less powerful models, while others have temporarily disabled premium offerings or introduced dashboards to track AI spending. Atlassian’s reported monthly AI bill climbed from roughly $5 million to more than $15 million, and some employees say token limits are now forcing them to rethink AI-heavy workflows. Even Amazon reportedly replaced AI usage leaderboards with spending limits. The shift reflects a broader reality as enterprise AI pricing moves to usage-based billing. Companies eager to embrace AI are now discovering that every prompt has a price, and “token economics” is becoming almost as important as the technology itself.

There’s a certain irony here. Many companies embraced AI as a way to reduce labor costs and do more with fewer people. Now they’re discovering that replacing payroll with prompt bills isn’t quite the bargain they imagined. It turns out AI may not be asking for vacation time, but it’s proving remarkably good at running up the tab.

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

 

And that’s the CyberWire Daily, brought to you by N2K CyberWire.

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re proud that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K helps cybersecurity professionals and organizations grow, learn, and stay ahead. We’re the nexus for discovering the people, tech, and ideas shaping the industry.  Learn how at n2k.com.

 

N2K’s lead producer is Liz Stokes. We’re mixed by  Tré Hester, with original music by and sound design Elliott Peltzman. Our contributing host is Maria Varmazis. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher. And I’m Dave Bittner. Thanks for listening.