Podcasts
CyberWire Daily
Ep 2482
The CyberWire Daily Podcast 2.4.26
Ep 2482 | 2.4.26

A softer touch on cyber.

Show Notes
Transcript

The White House preps a major overhaul of U.S. cybersecurity policy. A key Commerce security office loses staff as regulatory guardrails weaken. Lawmakers Press AT&T and Verizon after months of silence on Salt Typhoon. A vulnerability in the React Native Metro development server is under active exploitation. Amaranth Dragon leverages a WinRAR flaw. A coordinated reconnaissance campaign targets Citrix NetScaler infrastructure. CISA warns a SolarWinds Web Help Desk flaw is under active exploitation. Zach Edwards, Senior Threat Researcher at Silent Push, is discussing a hole in the kill chain leaving law enforcement empty-handed. Cops in Northern Ireland get an unwanted data breach encore.

Today is Wednesday February 4th 2026. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

The White House preps a major overhaul of U.S. cybersecurity policy.

The Trump administration is preparing a major overhaul of U.S. cybersecurity policy, led by National Cyber Director Harry Coker Jr., with a strong emphasis on private sector collaboration and regulatory reform. The forthcoming national cybersecurity strategy aims to reduce overlapping and contradictory federal requirements that industry leaders say divert resources from real security improvements. Coker has signaled a shift away from top-down mandates toward a more bottom-up approach, actively soliciting industry input on which rules create friction without improving outcomes.

The strategy is also expected to modernize threat intelligence sharing by strengthening legal protections for companies that disclose cyber incidents, addressing long-standing fears of liability and regulatory retaliation. Cross-sector coordination will be prioritized to reflect how modern cyberattacks cascade across industries, while longer-term goals include expanding the cybersecurity workforce and investing in emerging technologies like artificial intelligence.

Despite the ambitious vision, success will hinge on sustained funding, cultural change within government, and rebuilding trust with a private sector wary of past, unfulfilled promises.

A key Commerce security office loses staff as regulatory guardrails weaken. 

The Wall Street Journal reports that the Trump administration has removed two senior officials from the Commerce Department’s Bureau of Industry and Security (BIS), specifically within its Office of Information and Communications Technology and Services (ICTS). While little known publicly, ICTS plays a critical role in protecting U.S. technology supply chains from foreign adversary influence. Its sidelining is portrayed as part of a broader rollback since January 2025 that has weakened federal technology and national security oversight through staffing cuts and reduced regulatory enforcement.

Created under Donald Trump’s 2019 executive order, ICTS was designed to block or restrict high-risk technologies tied to countries like China and Russia. It has acted only twice, including bans on Kaspersky software and certain connected vehicles. Critics argue that recent personnel moves, combined with cuts across agencies like CISA and regulatory reversals, collectively undermine U.S. efforts to counter escalating cyber and supply chain threats, with damage that may be difficult to reverse.

Lawmakers Press AT&T and Verizon after months of silence on Salt Typhoon. 

Sen. Maria Cantwell, the top Democrat on the Senate committee overseeing telecommunications, is calling for public hearings with the CEOs of AT&T and Verizon following revelations that the Chinese-linked hacking group Salt Typhoon infiltrated U.S. telecom networks. In a letter to committee chair Ted Cruz, Cantwell said both companies have refused to provide documentation supporting claims their networks are now secure, raising concerns about ongoing risks to Americans’ communications.

The intrusions exposed sensitive data tied to U.S. officials, yet congressional action and regulatory oversight have largely stalled. An investigation by the Department of Homeland Security’s Cyber Safety Review Board was terminated, and emergency FCC rules issued late in the Biden administration to hold telecoms accountable were rescinded by the Trump administration. Cantwell argues telecoms have taken minimal action due to cost concerns and says executives must testify to restore public confidence.

A vulnerability in the React Native Metro development server is under active exploitation. 

Researchers warn that attackers are actively exploiting CVE-2025-11953, dubbed Metro4Shell, in the React Native Metro development server to compromise developer systems. Discovered by JFrog, the flaw allows remote code execution via an exposed /open-url endpoint. VulnCheck observed real-world exploitation delivering Windows and Linux payloads that disable defenses and fetch malware. Roughly 3,500 exposed Metro servers remain online, despite available fixes and ongoing attacks.

Amaranth Dragon leverages a WinRAR flaw. 

Researchers at Check Point report that a newly identified threat actor, Amaranth Dragon, linked to state-sponsored Chinese operations associated with APT41, is exploiting CVE-2025-8088 in espionage campaigns. The attacks targeted government and law enforcement organizations across Southeast Asia, including Singapore, Thailand, and the Philippines.

Amaranth Dragon leveraged the WinRAR flaw to achieve persistence by planting malicious files in Windows Startup folders, later deploying a custom Amaranth Loader to fetch encrypted payloads from Cloudflare-protected command-and-control servers. Campaigns were tightly geofenced and used region-specific lures. More recent attacks delivered a new Telegram-based remote access tool, TGAmaranth RAT. Researchers warn the activity shows high technical maturity and urge organizations to upgrade WinRAR to patched versions.

A coordinated reconnaissance campaign targets Citrix NetScaler infrastructure. 

Researchers at GreyNoise report a coordinated reconnaissance campaign targeting Citrix NetScaler infrastructure between January 28 and February 2. The activity used more than 63,000 IP addresses, largely residential proxies, to identify exposed login panels and enumerate product versions. GreyNoise says the behavior indicates pre-exploitation mapping rather than random scanning, potentially tied to exploit development. The campaign follows recent critical Citrix flaws, including CVE-2025-5777 and CVE-2025-5775, raising concerns of imminent follow-on attacks.

CISA warns a SolarWinds Web Help Desk flaw is under active exploitation. 

The Cybersecurity and Infrastructure Security Agency warns that attackers are actively exploiting CVE-2025-40551, a critical remote code execution flaw in SolarWinds Web Help Desk. The unauthenticated deserialization bug was patched last week, but CISA has now added it to its Known Exploited Vulnerabilities catalog, ordering federal agencies to remediate within three days. The move confirms in-the-wild exploitation and highlights continued risk to unpatched SolarWinds deployments.

Cops in Northern Ireland get an unwanted data breach encore. 

For some Police Service of Northern Ireland officers, the 2023 data breach is starting to look less like a one-off disaster and more like an unwanted subscription service. After their names were mistakenly exposed last year, dozens of those same officers briefly reappeared this week on the NI Courts website. The Department of Justice says the listings were promptly removed and emphasized that court information is usually public unless lawyers ask otherwise, a policy that works best when nobody is already living through a privacy nightmare.

Police Federation chair Liam Kelly called the episode avoidable and embarrassing, while politicians warned of renewed anxiety for officers and families. The timing, however, has not gone unnoticed. These same officers are still pursuing compensation over the original breach, and some are now openly wondering whether this latest slip-up might qualify as a sequel.

That possibility lands just as the Police Federation for Northern Ireland welcomed a £7,500 compensation offer for thousands affected in 2023. In Northern Ireland’s data-handling saga, even mistakes appear to be compounding, and possibly accruing interest.

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

 

 

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re proud that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K helps cybersecurity professionals and organizations grow, learn, and stay ahead. We’re the nexus for discovering the people, tech, and ideas shaping the industry.  Learn how at n2k.com.

 

N2K’s senior producer is Alice Carruth. Our producer is Liz Stokes. We’re mixed by Elliott Peltzman and Tré Hester, with original music by Elliott Peltzman. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.

CyberWire Daily
Podcast Info
HOST(S):
Dave Bittner
Dave Bittner is a security podcast host and one of the founders at CyberWire. He's a creator, producer, videographer, actor, experimenter, and entrepreneur. He's had a long career in the worlds of television, journalism and media production, and is one of the pioneers of non-linear editing and digital storytelling.
Schedule: Monday-Friday
Creator: N2K Networks, Inc.