[00:00] Announcer: From Neural Newscast, this is Prime Cyber Insights,
[00:03] Announcer: Intelligence for Defenders, Leaders, and Decision Makers.
[00:11] Aaron Cole: I'm Aaron Cole. Today is April 2, 2026.
[00:15] Aaron Cole: On this briefing, Apple's urgent patch expansion and AI hardware side channels.
[00:21] Lauren Mitchell: I'm Lauren Mitchell.
[00:23] Lauren Mitchell: Apple made a significant move yesterday, expanding the availability of iOS 18.7.7
[00:31] Lauren Mitchell: to a much broader range of devices.
[00:33] Lauren Mitchell: This is specifically to block the Darksword exploit kit, which has been used in watering
[00:39] Lauren Mitchell: hole attacks targeting users in Saudi Arabia, Turkey, and Ukraine since July 2025.
[00:45] Aaron Cole: What's notable here, Lauren, is the backporting.
[00:48] Aaron Cole: Apple usually pushes users to the latest major OS, but here they're allowing iOS 18 users
[00:54] Aaron Cole: to patch without moving to newer versions.
[00:57] Aaron Cole: This suggests they are taking the 20% of users still on older versions very seriously,
[01:02] Aaron Cole: especially with threat actors like Russia-linked Coal Driver using Darksword to deliver data
[01:07] Aaron Cole: stealers.
[01:08] Lauren Mitchell: It is a direct response to the security community's assessment of a clear and present threat.
[01:14] Lauren Mitchell: Speaking of threats, at RSA C-2026 in San Francisco, Joseph Izzo of San Joaquin General
[01:21] Lauren Mitchell: Hospital shared a sobering perspective on ransomware.
[01:25] Lauren Mitchell: He argued that we are training for total outages when we should be rehearsing for gray zone failures.
[01:31] Aaron Cole: Exactly.
[01:33] Aaron Cole: Izzo's point is that a system that's lagging, missing data, or providing intermittent access
[01:38] Aaron Cole: is actually more dangerous than a system that is simply off.
[01:41] Aaron Cole: It forces clinicians into impossible choices about whether to trigger downtime protocols while dealing with fragmented patient records.
[01:49] Aaron Cole: Lauren, the recommendation there was clear.
[01:51] Aaron Cole: We need analog redundancies like pre-validated paper medication administration records.
[01:57] Lauren Mitchell: It shifts the focus from purely digital recovery to operational continuity.
[02:03] Lauren Mitchell: Now let's look at the physical layer of AI.
[02:06] Lauren Mitchell: New research from KIAST into model spy shows that AI architectures can be reverse-engineered
[02:13] Lauren Mitchell: using electromagnetic traces from GPUs.
[02:16] Lauren Mitchell: Researchers achieved 97.6% accuracy in identifying layer setups from six meters away, even through walls.
[02:25] Aaron Cole: That's a nightmare for intellectual property.
[02:28] Aaron Cole: We've focused so much on software exploits, but Model Spy proves that computation itself is a side channel.
[02:34] Aaron Cole: If you can rebuild a proprietary model just by listening to the hardware emissions with an antenna hidden in a bag, the black box of AI is effectively gone.
[02:43] Aaron Cole: Lauren, this forces a conversation about hardware-level masking and adding EM noise.
[02:48] Lauren Mitchell: It certainly does.
[02:49] Lauren Mitchell: And while we deal with advanced side channels, the commodization of social engineering is accelerating.
[02:55] Lauren Mitchell: Researchers at BlackFog have identified Venom Stealer, a malware-as-a-service platform selling for $250 a month.
[03:02] Lauren Mitchell: It automates the click-fix technique, using fake CAPTCHAs and OS updates to trick users
[03:08] Lauren Mitchell: into executing malicious commands.
[03:09] Aaron Cole: The persistence is what caught my eye.
[03:12] Aaron Cole: Unlike standard Steelers, Venom continuously monitors browser login data to capture new
[03:17] Aaron Cole: credentials in real time, effectively undermining password rotation as a fix.
[03:22] Aaron Cole: It even includes a GPU-powered engine to crack crypto wallets locally on the attacker's side.
[03:28] Lauren Mitchell: To defend against this, practitioners should restrict PowerShell execution and disable the run dialogue for standard users.
[03:35] Lauren Mitchell: Today's briefing highlights a recurring theme.
[03:38] Lauren Mitchell: Whether it's Apple's backported patches or hospital tabletop exercises,
[03:42] Lauren Mitchell: preparation must move beyond the perfect scenario to the messy reality of active exploitation.
[03:48] Aaron Cole: I'm Aaron Cole. We'll be back tomorrow with more direct insights into the evolving threat landscape.
[03:53] Lauren Mitchell: I'm Lauren Mitchell. For more details on these stories, visit our briefing notes at pci.neuralnewscast.com.
[03:59] Lauren Mitchell: This program is for informational purposes only and does not constitute professional security advice.
[04:05] Lauren Mitchell: Neural Newscast is AI-assisted, human-reviewed.
[04:08] Lauren Mitchell: View our AI Transparency Policy at neuralnewscast.com.
[04:11] Lauren Mitchell: Thank you for joining us at Prime Cyber Insights.
[04:13] Announcer: This has been Prime Cyber Insights on Neural Newscast.
[04:18] Announcer: Intelligence for Defenders, Leaders, and Decision Makers.