[00:00] Announcer: From Neural Newscast, this is Prime Cyber Insights,
[00:03] Announcer: Intelligence for Defenders, Leaders, and Decision Makers.
[00:06] Aaron Cole: Today is February 25th, 2026, and the digital landscape is seeing a shift toward these structurally invisible threats that target the actual tools developers use every single day.
[00:20] Aaron Cole: Lauren, the sheer volume of supply chain hits we're seeing this morning is just staggering.
[00:25] Chad Thompson: It really is, Aaron.
[00:27] Chad Thompson: From malicious developer packages to a completely new scale for measuring industrial impacts, we have quite a bit to unpack.
[00:34] Chad Thompson: Joining us today is Chad Thompson, a director-level AI and security leader with a deep systems-level
[00:42] Chad Thompson: perspective on automation, enterprise risk, and operational resilience.
[00:47] Chad Thompson: Chad, it's great to have you on the show.
[00:49] Aaron Cole: Chad, let's jump right into today's report from Socket and Tenable.
[00:53] Aaron Cole: We're seeing four malicious Nuget packages, including Encrypt Yo, stealing ASPnet identity
[01:00] Aaron Cole: data, and an NPM package called Ombar SRC that's dropped malware on over 50,000 systems.
[01:07] Aaron Cole: Okay.
[01:07] Aaron Cole: How do we defend against something that looks like a legitimate library?
[01:11] Lauren Mitchell: It's a massive challenge, Aaron.
[01:13] Lauren Mitchell: These actors are using Encrypt Yo as a stage one dropper to install JIT compiler hooks and local host proxies.
[01:21] Lauren Mitchell: They aren't just hitting the developer's machine.
[01:25] Lauren Mitchell: They're actually backdoring the production applications those developers build.
[01:30] Lauren Mitchell: We have to move toward more rigorous automated verification of third-party dependencies
[01:36] Lauren Mitchell: before they ever touch a dev environment.
[01:40] Chad Thompson: Yeah, and while the supply chain is being poisoned, the front door is being bypassed by simplicity.
[01:46] Chad Thompson: Aaron, today's analysis from Strongest Layers shows that telephone-oriented attack delivery,
[01:52] Chad Thompson: or TOAD, now accounts for 28% of gateway bypasses.
[01:57] Chad Thompson: These emails contain nothing but a phone number, making them nearly impossible for standard rules to flag.
[02:04] Aaron Cole: It's the ultimate low-tech, high-impact move, Lauren.
[02:07] Aaron Cole: If the payload is just a phone number, the Gateway sees it as a business contact.
[02:12] Aaron Cole: Chad, shifting to enterprise risk, we're seeing a report today that over half of national security organizations still rely on manual processes for sensitive data transfers.
[02:24] Aaron Cole: Isn't that a massive systemic vulnerability?
[02:28] Lauren Mitchell: Absolutely. Manual handling introduces variance, fatigue, and exploitable seams.
[02:34] Lauren Mitchell: In my view, the only way forward is the cybersecurity trinity, zero trust, data-centric security, and cross-domain solutions.
[02:43] Lauren Mitchell: We need to automate release authorities and content sanitization to maintain operational tempo without sacrificing security.
[02:51] Chad Thompson: Right. And speaking of measuring risk, Aaron, the S4 by 26 conference in Miami just unveiled the OT impact score.
[03:01] Chad Thompson: Think of that as a Richter scale for OT incidents.
[03:04] Chad Thompson: It uses severity, reach, and duration to give a definitive score, like the 3.9 they gave to the colonial pipeline attack back in 2021.
[03:15] Aaron Cole: Lauren, that clarity is long overdue for business leaders and insurers.
[03:20] Aaron Cole: On the accountability front, we also saw a former trenchant executive sentenced to seven years yesterday for selling zero days to Russian brokers.
[03:29] Aaron Cole: CISA is also active today, adding a FileZen command injection flaw to the KEV catalog.
[03:36] Aaron Cole: The pressure is mounting on all sides.
[03:38] Lauren Mitchell: It's about resilience, Aaron.
[03:41] Lauren Mitchell: Whether it's NASA's successful Artemis 1i fueling test we saw last week, or fixing the vulnerabilities in FileZen,
[03:50] Lauren Mitchell: the goal is consistent performance under pressure.
[03:54] Lauren Mitchell: Automation and clear impact metrics like the OTI score
[03:58] Lauren Mitchell: are what will allow us to scale our defenses against these increasingly invisible threats.
[04:04] Aaron Cole: That's a perfect note to end on.
[04:06] Aaron Cole: Thanks for being here, Chad.
[04:08] Chad Thompson: And thank you for listening to Prime Cyber Insights.
[04:11] Chad Thompson: For the full briefing and deeper analysis,
[04:13] Chad Thompson: visit pci.neurlnewscast.com.
[04:17] Chad Thompson: We'll be back tomorrow with more on the risks that matter most.
[04:20] Chad Thompson: Stay secure.
[04:21] Chad Thompson: Neurl Newscast is AI-assisted, human-reviewed.
[04:25] Chad Thompson: View our AI transparency policy at neuralnewscast.com.
[04:29] Announcer: This has been Prime Cyber Insights on Neurl Newscast.
[04:33] Announcer: Intelligence for Defenders, Leaders, and Decision Makers.
[04:36] Announcer: Neural Newscast uses artificial intelligence in content creation,
[04:40] Announcer: with human editorial review prior to publication.
[04:43] Announcer: While we strive for factual, unbiased reporting,
[04:46] Announcer: AI-assisted content may occasionally contain errors.
[04:49] Announcer: Verify critical information with trusted sources.
[04:52] Announcer: Learn more at neuralnewscast.com.