Cybersecurity Headlines

InstallFix attacks spread fake Claude code sites
UNC4899 breaches crypto firm via trojanized file
UK launches cyber-fraud crackdown unit
Get links to all the stories in our show notes: https://cisoseries.com/cybersecurity-news-installfix-spreads-fake-claude-sites-unc4899-breaches-crypto-uk-cyber-fraud-crackdown/
Huge thanks to our sponsor, Dropzone AI

It is 3 AM. New threat intelligence drops. An attack pattern targeting your industry. Your threat hunting team is four people, all on day shift, and already behind on last week's hunts.
 
By the time someone gets to it, the window for early detection has closed. The attacker is already inside.
Tomorrow, I will tell you what Dropzone AI is bringing to RSAC to solve exactly this problem. If you cannot wait, head to dropzone.ai/rsa-2026-ai-diner.

Link to episode page
This week's Department of Know is hosted by Sarah Lane with guests John Barrow, CISO, JB Poindexter & Co., and Derek Fisher, Director of the Cyber Defense and Information Assurance Program, Temple University
Thanks to our show sponsor, Dropzone AI

Here is a number worth knowing before RSAC. The average enterprise SOC sees tens of thousands of alerts a day. Most get triaged. A fraction get thoroughly investigated. The rest sit in the queue or get auto-closed.
 
Dropzone AI puts AI SOC agents on every one of those alerts. Every alert investigated, end to end, across your full tool stack, around the clock. Over 300 deployments in production today.
 
They are at RSAC this year. Booth 455. dropzone.ai/rsa-2026-ai-diner
All links and the video of this episode can be found on CISO Series.com

FBI investigates suspicious activities on agency network
Over 100 GitHub repositories distributing BoryptGrab stealer
Hackers abuse .arpa DNS and ipv6 to evade phishing defenses
Get links to all the stories in our show notes: https://cisoseries.com/cybersecurity-news-fbi-network-breach-github-distributes-stealer-hackers-abuse-arpa/
Huge thanks to our sponsor, Dropzone AI

Here is a number worth knowing before RSAC. The average enterprise SOC sees tens of thousands of alerts a day. Most get triaged. A fraction get thoroughly investigated. The rest sit in the queue or get auto-closed.
 
Dropzone AI puts AI SOC agents on every one of those alerts. Every alert investigated, end to end, across your full tool stack, around the clock. Over 300 deployments in production today.
 
They are at RSAC this year. Booth 455. dropzone.ai/rsa-2026-ai-diner

Apple blocks ByteDance Chinese apps
Google says 90 zero-days were exploited in attacks last year
Iran intelligence backdoored U.S. bank, airport, software outfit networks 
Get the show notes here: https://cisoseries.com/cybersecurity-news-apple-blocks-bytedance-googles-90-zero-days-iran-backdoors-u-s-organizations/
Huge thanks to our sponsor, Adaptive Security

This episode is brought to you by Adaptive Security, the first security awareness platform built to stop AI-powered social engineering. Security training fails when it's generic. Adaptive's platform personalizes training and runs deepfake simulations across email, SMS, voice, and video. And with Adaptive's AI Content Creator, you can drop in a breaking threat or compliance doc and instantly turn it into interactive, multilingual training – no designers, no delays. Learn more at adaptivesecurity.com.

Possible iPhone-hacking toolkit used by spies
Hacker mass-mails HungerRush extortion emails
Tycoon 2FA phishing platform dismantled
Get the show notes here: https://cisoseries.com/cybersecurity-news-iphone-hacking-toolkit-used-by-spies-hungerrush-extortion-emails-tycoon-phishing-platform-dismantled/
Huge thanks to our sponsor, Adaptive Security

This episode is brought to you by Adaptive Security, the first security awareness platform built to stop AI-powered social engineering. Picture a "new hire" who interviews well… except they're synthetic: AI video, AI voice, AI backstory. Once they're in, they go after payroll, internal docs, and access. That's the new reality: the attack surface is trust itself. Adaptive fights back with realistic deepfake simulations and training that actually sticks. adaptivesecurity.com.