Podcasts
CyberWire Daily
Ep 2479
The CyberWire Daily Podcast 1.30.26
Ep 2479 | 1.30.26

Leaky chats collide with shifting security standards.

Show Notes
Transcript

A popular chatbot exposes millions of private user messages. The White House rescinds Biden-era federal software security guidance. A senior Secret Service official urges more scrutiny of domain registration. The President’s NSA pick champions section 702. France looks to reduce reliance on U.S. digital infrastructure. CISA shares guidance on insider threats. Hugging Face infrastructure was abused to distribute an Android RAT. Ivanti discloses a pair of critical zero-days. Popular dating sites suffer a data breach. Our guest is Tim Starks from CyberScoop, discussing how the US looks to push its view of AI cybersecurity standards to the rest of the world. The Nobel Committee blames hackers for a spoiler alert.

Today is Friday January 30th 2026. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

A popular chatbot exposes millions of private user messages. 

An independent security researcher found that Chat & Ask AI, a popular chatbot app claiming over 50 million users, exposed hundreds of millions of private user messages due to a misconfigured Google Firebase database, according to reporting by 404 Media. The exposed data included highly sensitive chats, such as questions about suicide, drug manufacturing, and hacking, along with full conversation histories, timestamps, and model settings. The researcher accessed roughly 300 million messages tied to more than 25 million users. Chat & Ask AI, developed by Turkish firm Codeway, uses large language models from multiple providers. Codeway fixed the issue within hours of disclosure. Researchers note that Firebase misconfigurations are a long-standing, widespread problem affecting many mobile apps, and continue to expose user data at scale.

The White House rescinds Biden-era federal software security guidance. 

The White House has rescinded Biden-era federal software security guidance, calling it unproven and overly burdensome. In a new memo, Office of Management and Budget revoked prior requirements for standardized secure software development practices and shifted responsibility to individual agency heads. Agencies must now tailor software and hardware security policies to their missions and risk profiles. While no longer mandatory, tools like Software Bills of Materials (SBOMs) may still be used, and the guidance expands focus to hardware supply chain risks through Hardware Bills of Materials (HBOMs).

A senior Secret Service official urges more scrutiny of domain registration. 

A senior United States Secret Service official warned that weaknesses in the internet’s domain registration system are being widely exploited by criminals but receive too little attention. Speaking at a policy forum, Matt Noyes said registrars routinely allow bulk registration of deceptive domain names used in phishing and fraud. He argued the problem stems from internet governance, particularly how Internet Assigned Numbers Authority operates, noting that domain registrations lack meaningful identity or trademark validation. As a result, companies like Microsoft and Google are forced into reactive court-ordered takedowns. Noyes said major internet firms could act more proactively by limiting ads, search results, or infrastructure tied to concentrated abuse. He also highlighted business email compromise as another systemic trust failure, noting that email identity is routinely assumed but rarely verified.

The President’s NSA pick champions section 702. 

President Donald Trump’s nominee to lead the National Security Agency, Army Lt. Gen. Joshua Rudd, strongly defended Section 702 of the Foreign Intelligence Surveillance Act during a Senate hearing, calling it indispensable to national security and lifesaving operations. Section 702 allows U.S. agencies to collect foreign intelligence from U.S. tech companies but can also sweep up Americans’ communications without warrants. The authority expires April 19, with no renewal bill yet introduced. Rudd’s stance could conflict with Trump and Tulsi Gabbard, both past critics of the program. Senators questioned warrant requirements and civil liberties protections, while committees moved Rudd’s nomination forward, positioning him for confirmation before the NSA’s acting chief retires.

France looks to reduce reliance on U.S. digital infrastructure. 

France is moving to reduce reliance on U.S. digital infrastructure by replacing American video conferencing tools with a government-built alternative. French Defense Minister Sébastien Lecornu announced that officials will transition from platforms like Zoom and Microsoft Teams to a new French application called Visio by year’s end. The government said non-European tools pose cybersecurity and data control risks and framed the shift as a step toward digital sovereignty. Visio is hosted by French cloud provider Outscale and uses AI features from domestic firms. The move follows similar efforts across Europe to localize messaging, productivity, and AI tools amid growing concerns about strategic dependence on U.S. technology, especially after renewed tensions in transatlantic relations.

CISA shares guidance on insider threats. 

The Cybersecurity and Infrastructure Security Agency is urging critical infrastructure organizations and state, local, tribal, and territorial governments to take stronger action against insider threats. To support that effort, CISA released a new infographic, Assembling a Multi-Disciplinary Insider Threat Management Team, offering practical guidance to help organizations prevent, detect, and mitigate insider risks. CISA emphasized that insider threats include both malicious actions and unintentional mistakes, each capable of causing serious operational and reputational harm. Acting Director Madhu Gottumukkala said insider threats remain among the most serious security challenges because they erode trust and disrupt critical operations. Infrastructure Security executive Steve Casapulla added that mature insider threat programs improve resilience and called on organizations to build cross-functional teams and foster a culture where employees feel empowered to report concerns.

Hugging Face infrastructure was abused to distribute an Android RAT. 

Researchers at Bitdefender report that Hugging Face infrastructure was abused to distribute an Android remote access trojan. The campaign used a fake security app, TrustBastion, delivered via ads, which acted as a dropper and downloaded malicious payloads from Hugging Face repositories. The malware requested extensive permissions, enabling full device control, screen capture, and credential theft while impersonating financial services. Although the original repository was removed, the operation resurfaced under a different app name before Hugging Face took down the datasets.

Ivanti discloses a pair of critical zero-days. 

Ivanti disclosed two critical zero-day vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), CVE-2026-1281 and CVE-2026-1340, both rated CVSS 9.8 and already exploited in the wild. The flaws allow unauthenticated remote code execution, potentially exposing sensitive administrator, user, and mobile device data, including credentials and location information. Ivanti released temporary RPM hotfixes for affected versions and urged customers to apply them immediately, noting the fixes must be reapplied after upgrades. Permanent fixes are expected in EPMM 12.8.0.0 later in Q1 2026. The Cybersecurity and Infrastructure Security Agency added CVE-2026-1281 to its Known Exploited Vulnerabilities catalog, requiring U.S. federal agencies to remediate or stop using affected systems by February 1, 2026.

Popular dating sites suffer a data breach. 

Match Group, owner of dating platforms including Tinder, Hinge, Match.com, and OkCupid, confirmed a cybersecurity incident after the ShinyHunters gang leaked data allegedly tied to 10 million users. Match Group said attackers accessed a limited amount of user data and that there is no evidence login credentials, financial information, or private messages were compromised. According to reporting by BleepingComputer, the breach stemmed from a social engineering attack that compromised an Okta single sign-on account, granting access to marketing analytics and cloud storage systems. Match Group said it contained the intrusion quickly, is notifying affected users, and continues to investigate with external experts.

 

 

 

The Nobel Committee blames hackers for a spoiler alert.

The Norwegian Nobel Institute says a cyber intrusion is the most likely culprit behind last year’s premature leak of Peace Prize winner María Corina Machado. Investigators, assisted by Norwegian security authorities, concluded someone likely hacked their systems, conveniently just hours before betting markets lit up on Polymarket. An internal leak, the Institute insists, was thoroughly examined and politely ruled out.

The episode drew extra attention to an already politicized prize, thanks in part to Donald Trump, who publicly argued he deserved the honor and later accepted Machado’s medal anyway, a plot twist few had on their bingo card. The Institute declined to pursue a police case, citing a lack of a clear theory, while delicately noting its cybersecurity routines could, like many laureates’ speeches, use some tightening.

 

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

 

 

On Research Saturday, I speak with University of New Mexico lead author and cybersecurity researcher Muhammad Danish about how the push for frictionless user experiences has led many services to rely on SMS-delivered, single-click URLs. Tune in tomorrow to hear about it. 

And that’s the CyberWire Daily, brought to you by N2K CyberWire.

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re proud that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K helps cybersecurity professionals and organizations grow, learn, and stay ahead. We’re the nexus for discovering the people, tech, and ideas shaping the industry.  Learn how at n2k.com.

N2K’s senior producer is Alice Carruth. Our producer is Liz Stokes. We’re mixed by Elliott Peltzman and Tré Hester, with original music by Elliott Peltzman. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.

CyberWire Daily
Podcast Info
HOST(S):
Dave Bittner
Dave Bittner is a security podcast host and one of the founders at CyberWire. He's a creator, producer, videographer, actor, experimenter, and entrepreneur. He's had a long career in the worlds of television, journalism and media production, and is one of the pioneers of non-linear editing and digital storytelling.
Schedule: Monday-Friday
Creator: N2K Networks, Inc.