CyberWire Daily·May 20, 2026·27m·Episode #2556

The cost of trusting the extension ecosystem.

Download audio Show notes Apple Podcasts

Show notes

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today we are joined by Rob T. Lee, Chief AI Officer, Chief of Research, SANS Institute, sharing Cloud Security Alliance’s The “AI Vulnerability Storm”: Building a “Mythos-ready” Security Program.

Selected Reading

GitHub confirms breach of 3,800 repos via malicious VSCode extension (Bleeping Computer)

Trump AI executive order seeks early government access to frontier models (Axios)

DC Circuit slams Pentagon blacklisting of Anthropic as overreach (Courthouse News Service)

Drupal Issues Urgent Warning for Highly Critical Core Vulnerability (Beyond Machines)

From PDB strings to MaaS: Tracking a commodity BadIIS ecosystem used by Chinese-speaking threat (Cisco Talos)

Signal adds security warnings for social engineering, phishing attacks (Bleeping Computer)

Disrupting Fox Tempest: A cybercrime service that turned “verified” software into a pathway for ransomware (Microsoft)

China’s state security authorities uncover foreign agency using domestic routers as cyberattack proxies; users notice only slower speeds (Global Times)

‘The Future of Truth’ Contains Quotes Made Up by A.I. (The New York Times)

Share your feedback.

What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.

Want to hear your company in the show?

N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com.

Learn more about your ad choices. Visit megaphone.fm/adchoices

← Previous

CISA secrets left sitting on GitHub.

GitHub confirms a breach tied to a malicious VS Code extension. Anthropic fights a Pentagon blacklist as the White House weighs new AI security rules. Drupal scrambles to patch a critical flaw. Cisco Talos tracks the evolution of BadIIS malware-for-hire. Signal adds anti-phishing safeguards, Microsoft cracks down on malware-signing services, and China says foreign spies hijacked domestic routers for phishing operations. Wireless carriers collaborate to kill dead zones. Our guest is Rob T. Lee, Chief AI Officer, Chief of Research, SANS Institute, discussing The Cloud Security Alliance’s “AI Vulnerability Storm” report. A book about misinformation contains helpful examples. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Today we are joined by Rob T. Lee , Chief AI Officer, Chief of Research, SANS Institute , sharing Cloud Security Alliance ’s The “AI Vulnerability Storm”: Building a “Mythos-ready” Security Program . Selected Reading GitHub confirms breach of 3,800 repos via malicious VSCode extension (Bleeping Computer) Trump AI executive order seeks early government access to frontier models (Axios) DC Circuit slams Pentagon blacklisting of Anthropic as overreach (Courthouse News Service) Drupal Issues Urgent Warning for Highly Critical Core Vulnerability (Beyond Machines) From PDB strings to MaaS: Tracking a commodity BadIIS ecosystem used by Chinese-speaking threat (Cisco Talos) Signal adds security warnings for social engineering, phishing attacks (Bleeping Computer) Disrupting Fox Tempest: A cybercrime service that turned “verified” software into a pathway for ransomware (Microsoft) China’s state security authorities uncover foreign agency using domestic routers as cyberattack proxies; users notice only slower speeds (Global Times) ‘The Future of Truth’ Contains Quotes Made Up by A.I. (The New York Times) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey . Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com . The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices