You're listening to the Cyber Wire Network, powered by N2K. It was a whopper of a patch Tuesday. SonicWall urges immediate patching of actively exploited vulnerabilities. The White House launches an AI-backed vulnerability clearinghouse. The Air Force contends with widespread cybersecurity quarantines. The UK and EU blame Russia for last year's cyber attack on Poland's power grid. Meta faces accusations of AI-assisted layoffs. NATO allies collaborate in space. The Pentagon offers paid cyber apprenticeships. Spanish police dismantle a cybercrime and money laundering network. Our guest is Clark Frogley, global head of fraud at Quantexa and former FBI agent, discussing the fraud-as-a-service economy and what banks are missing. And GrokBuild users' data is cloudy with a chance of uploads. It's Wednesday, July 15th, 2026. I'm Dave Bittner, and this is your CyberWire Intel Briefing. Thanks for joining us. It is great, as always, to have you with us. Yesterday was Patch Tuesday, and it was a doozy. Microsoft's July Patch Tuesday delivered fixes for more than 570 vulnerabilities, nearly triple the record-breaking total from the previous month. The company attributed the surge to artificial intelligence accelerating vulnerability discovery, a trend Microsoft expects to continue. Among the fixes were nearly 60 critical flaws and three zero-day vulnerabilities, including two already exploited in the wild. Researchers also highlighted a critical remote code execution flaw in Microsoft Copilot. Security experts warned that while AI is helping vendors identify and patch vulnerabilities faster, it's also enabling attackers to develop exploits more quickly, challenging traditional methods for assessing exploitability. Beyond Microsoft, Adobe released updates addressing 88 vulnerabilities across 12 products, while Siemens, Schneider Electric, and Rockwell Automation issued critical industrial control system patches. Google and Mozilla also updated Chrome and Firefox to fix critical browser flaws Given the unusual large volume of updates, experts recommend backing up systems before patching and monitoring for any stability issues after deployment SonicWall is urging customers to immediately patch two actively exploited SMA-1000 vulnerabilities after confirming zero-day attacks The flaws include a critical server-side request forgery vulnerability and a code injection bug that could enable arbitrary command execution. Affected SMA-1000 appliances should be upgraded to the latest hotfixes, as no alternative mitigations are available. SonicWall has also published indicators of compromise, while CISA added both flaws to its known exploited vulnerabilities catalog, requiring U.S. federal agencies to remediate by July 17th. The White House has launched Gold Eagle, an AI-backed vulnerability clearinghouse designed to improve coordination between government and industry on identifying, prioritizing, and remediating software vulnerabilities across critical infrastructure. Created under a June executive order, the initiative brings together the White House, CISA, the Departments of Treasury and Defense, and private sector partners. While Gold Eagle is already processing vulnerability reports, officials have not disclosed participating companies how many findings have been handled or which agency will oversee daily operations. The administration also has not detailed how the program will interact with existing federal vulnerability efforts. The initiative reflects a broader push to use AI to accelerate vulnerability management as advanced cyber-focused AI models become more widely available and agencies face tighter deadlines for remediating high-risk security flaws. The U.S. Air Force is working to restore access for personnel after widespread cybersecurity quarantines locked many users out of their computers, in some cases for days. The quarantines are triggered when devices miss required software updates, part of an effort to strengthen defenses against evolving cyber threats. As patching frequency increases, employees are expected to install updates promptly or risk their devices being isolated from the network. Although quarantines are a long-standing security measure, the current disruption appears unusually large, with reports suggesting tens of thousands of devices may have been affected. The Air Force has not confirmed the scope of the issue, but says the enforcement is part of routine network security maintenance. Affected users must often visit local IT support to restore access, causing operational delays across the service. NATO is making a major push into space, new multinational partnerships, new satellite initiatives, and a growing focus on military resilience beyond Earth atmosphere Maria Vermazes joins us with what these announcements could mean for the alliance and why space is becoming an increasingly important domain for collective defense Thank you, Dave. At the NATO Summit Defense Industry Forum held in Ankara, Turkey last week, eight NATO allies announced that they are launching a new multinational satellite constellation. It is called HALO, or the Hybrid Alliance Layered Operations in Space, and the purpose of this new constellation is to strengthen secure and sovereign high-speed communications, intelligence, and missile tracking for the participating nations. And those eight founding nations of HALO are Denmark, Canada, Finland, Germany, Norway, the Netherlands, Sweden, and Turkey, with more countries expected to join. The announcement of the HALO project speaks to the urgency behind greater space sovereignty for the participating countries. And by pooling their resources for a shared constellation, the eight countries hope to gain greater in-space responsiveness and more secure access to space assets at a lower cost. As this initiative has just launched, NATO says work now begins on mapping out requirements and planning the physical and software architecture of the constellation. For the Cyber Wire Daily, I'm Maria Varmozes from T-Space Cyber Briefing. Back to you, Dave. Be sure to check out the T-Space Cyber podcast, wherever you get your favorite shows. The UK and EU have formally attributed the December 2025 cyber attack on Poland's power grid to Russia's Federal Security Service, the FSB, warning critical infrastructure operators to strengthen defenses against similar threats. The attempted attack, which sought to disrupt communications between renewable energy systems and grid operators, was unsuccessful, but could have left hundreds of thousands without power. A joint advisory from the UK's National Cybersecurity Center recommends disabling legacy SNMP version 1 and SNMP version 2 protocols, enabling SNVP version 3, and disabling Cisco Smart Install to reduce exposure. The guidance highlights sectors at greatest risk, including energy, communications, healthcare, and government. Alongside the advisory, the UK and EU announced new sanctions targeting Russian intelligence officials, cybercriminals, and individuals linked to cyber operations supporting Russia's broader campaign against Europe. 26 current and former Meta employees have filed a federal lawsuit alleging the company used AI assisted tools that disproportionately targeted workers with disabilities, those on medical leave, and caregivers during its recent layoffs. The plaintiffs claim Meta relied on metrics such as productivity scores and AI usage to rank employees for termination, disadvantaging workers who had taken protected leave. They're seeking a court order to temporarily halt the layoffs while pursuing their claims through arbitration. Meta denies the allegations, stating that workforce decisions were made by people, not AI. The lawsuit is believed to be the first major U.S. legal challenge alleging AI-driven discrimination in mass layoffs. It also claims Meta failed to test its AI systems for bias, potentially violating California and New York City regulations. The Pentagon has opened applications for its new Cyber Apprenticeship Program, a 12-month paid initiative aimed at recruiting aspiring cybersecurity professionals without requiring college degrees or prior cyber experience. Led by the Department of Defense's Office of the Chief Information Officer, the program emphasizes aptitude, practical skills, and hands-on training over traditional credentials as the department seeks to expand its civilian cyber workforce. Apprentices will receive online instruction, lab exercises, mentorship, and industry-recognized certifications while preparing for roles such as cyber defense analysts and incident responders. Open to U.S. citizens eligible for security clearances, the positions offer an annual salary of just over $22,000. Applications close July 17th, and participants who do not complete the program may be required to repay training costs under certain circumstances. Spanish police have dismantled a cybercrime and money laundering network that allegedly generated $160 million through investment fraud and business email compromise scams. Four suspects were arrested in Spain, Portugal, and Panama during a multinational operation supported by Europol and Interpol. Investigators say the group used more than 800 bank accounts and dozens of money mules to launder stolen funds. Authorities seized computers and smartphones, froze 3 million euros in criminal proceeds for potential victim restitution, and believe they've dismantled the organization by arresting its key operators. Coming up after the break, my conversation with Clark Frogley, Global Head of Fraud at Quantexa. We're discussing the fraud-as-a-service economy. And Grok Build Users data is cloudy with a chance of uploads. Stay with us. Clark Frogley is global head of fraud at Quantexa and a former FBI agent. We got together to discuss the fraud as a service economy and what banks are missing I think as everybody knows right the number of fraud incidents that are finding their way to the media, to unfortunately our own bank accounts and our own experiences has grown just dramatically. So as we look across the landscape with regards to fraud, the amount of fraud that's being driven by cyber-enabled events has just grown incredibly. The ability for us to look at fraud and not consider the impact from a cyber perspective has really come to a point where we just can't even think of them separately anymore. It is beyond what we may have anticipated a number of years ago when we were doing this in previous roles that I had. Cyber has always been an issue, but I think the way that it's grown, the way that it's changed through synthetic IDs, through agente AI, through fraud as a service, through all the different aspects of fraud today, it has just resulted in, I think, a phenomenal growth. And you'll see that in a lot of the reports that come out, whether it's the FBI's IC3 reports or some of the other reports that come out really validate, right, the growth in which fraud has really begun to impact financial institutions and individuals' pocketbooks. Well, in your estimation, what is it that's driving this huge growth that we've tracked? I think clearly one of the big drivers is the growth in AI. It's not the only reason, but certainly is a huge contributing factor and I think is probably one of the biggest issues behind the rate and the speed of growth. And the reason that is, is because today, if you think about the different kinds of fraud, right, whether they are business email compromise or the use of synthetic ID and resulting in all kinds of application fraud, mortgage fraud, credit card fraud, other things that are a result of that. All of those things now today, for me to create a persona and submit applications has gone from what used to take months to hours. And so the ability now to commit fraud at scale has just become a huge growth factor. And I think that in addition to the fact that we see this desire for financial institutions to go faster, right, faster payments. And so with speed comes higher risk. And so we are seeing a lot of attackers trying to take advantage of that, right, really exploit the challenges that financial institutions always are faced with. How do I service my customer? How do I reduce the friction? And how do I detect and reduce the fraud? And that's become a real challenge for institutions today. Where do you come down on cryptocurrency? What part has that played in all of this? I love the concept of cryptocurrency, and I love the ability to see alternative ways for individuals to interact and move the value around. I think the challenge, as was probably known early on, right, is how do you regulate it? Initially, all of those that were really deep into crypto didn't want the regulation. But I think we understand that without regulation, without controls, without oversight, it becomes, unfortunately, exploited by those that are using it for nefarious purposes. So almost every major organized fraud ring that is operating today, whether they're holding companies for ransom or they are involved in large networks that are using mule accounts to transfer money around, almost every one of those are using cryptocurrency to either demand payment or to pay others. And so, unfortunately, that means that law enforcement, regulators and others, if they don't get deeper into and begin to put more controls over the way that we use crypto, it unfortunately is going to continue to be a way for nefarious actors to be successful. It's great that we can see into the blockchain and you can track it. But unfortunately, with all of the tools that are available, knowing who's really behind that account is still very difficult. You know, Clark, I have a friend who's a local commercial banker. and I was chatting with him recently and he was telling me that just a huge amount of his time now is taken up helping his clients with fraud, with scams, with all those kinds of things. He said things he never had to deal with just years ago are just chewing up an incredible amount of time for him. How is the industry meeting this challenge? Yeah, that's the whole fraud, scam, or what we more accurately refer to as these authorized push payment scams are really, I think, distressing a number of institutions. When you see people that have become victims, either through romance scams or investment scams and other things, losing their life savings, it pulls at your heartstrings for sure. And then businesses that are trying to provide reassurance and comfort and try to trace funds and make people whole again. As you're right, it has become extremely difficult. I think what you're seeing in a number of different ways, and it's slightly different around the world. In Europe, you've actually seen regulatory pressure to make institutions more responsible, and they have to actually then reimburse when there is a scam involved. If the institution didn't do everything it could to help the customer, I guess question a transfer and really ensure that this wasn a scam they actually know the recipient then the bank becomes liable So there a lot of effort going there In the US that isn the case We still don have that liability issue But however institutions still want to do the best thing for their customers. And so they're putting tremendous effort into education. They're using new tools and techniques to help customers better detect. But we're also using on the detection side, the fraud teams, right? We are looking at everything from biometrics, how you use your keyboard, how you move your mouse, how long you pause during your session, what's your typical spending patterns. All of those behavioral biometrics become key in really understanding when potentially there is a fraudulent transaction that's about to occur. So we're trying to move away from host transaction and following and trying to track the money to recognizing the patterns before the money moves and stop it before it actually happens. So a lot of effort, probably one of the bigger areas that I think institutions are focused on right now. For the folks in our audience who are defenders looking to keep their organization safe, what are your recommendations? What sort of things should be on their radar when it comes to cybercrime and financial fraud? Absolutely. Education, enablement, communication across the organization, I think, is one of the most important things. We can't just ignore that this is happening out there and hope that it doesn't happen to us. We do need to be very focused. We need to educate our customers. We do need to put processes in place that allow better detection. And I think that what we're seeing across the institution is that fraud, detection of fraud, understanding of fraud today, while it is getting more complicated, it is moving faster. It still is fundamentally a data problem. So I would encourage your listeners to really give some thought to their data. Do you have the ability to use your data holistically? Can you see your customers holistically across all of the products and accounts that you have with them so that when something does happen, you're able to recognize that that actually is my customer or there's something nefarious or someone is transacting in multiple locations at the same time? can you detect things like that? That's an ability through things like entity resolution, through things like graph-based analytics that allows you to connect your data and see that I've got, you know, a hundred applications for credit or, you know, a thousand credit card applications that have all been submitted from the same IP address. If you can't detect things like that, you are more vulnerable to fraud than you need to be. There are ways for us to leverage technology, to improve our data foundation, to really take advantage of some of the new AI-driven solutions that are available out there in the market. So I would encourage a mix of enablement, communication, and then enhance your technology. It is critical. That's Clark Frogley, Global Head of Fraud at Quantexa. And finally, an AI safety researcher has prompted a swift course correction after discovering that GrokBuild, SpaceX AI's command line coding tool, was quietly uploading entire code repositories, complete with Git history to cloud storage, even when asked to do virtually nothing more than reply OK. That is one way to interpret working behind the scenes. After the findings gained widespread attention, SpaceX AI flipped a server-side setting that stopped the full repository uploads, and Elon Musk pledged that all previously collected user data would be completely and utterly deleted, though that claim has not been independently verified. While the company points users to a privacy command to manage data retention, the researcher argues the real fix was the backend configuration change and says developers should not have to opt out repeatedly. The episode underscores growing scrutiny of how AI coding tools handle sensitive source code by default. Musk says the data will be deleted. As always, users will have to decide for themselves how much weight to give that assurance. And that's The Cyber Wire. For links to all of today's stories, check out our daily briefing at thecyberwire.com. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire at n2k.com. N2K's lead producer is Liz Stokes. We're mixed by Trey Hester with original music and sound design by Elliot Peltzman. Our contributing host is Maria Barmazis. Our executive producer is Jennifer Iben. Peter Kilpie is our publisher, and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow.