Sign up to save your podcasts
Or
Share Cleartext โ April 29, 2026
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Cleartext โ April 29, 2026
Cleartext โ April 29, 2026
Daily cybersecurity briefing for CISOs and security leaders.
๐ง Listen to this episode
Episode Summary
Today's episode covers 9 stories across 4 topic areas, including: Risky Bulletin: Ukrainians hacked Russian satellite comms platform; Chinese National Extradited Over Silk Typhoon Cyber Campaign; Germany Caught Up in Likely Russian Signal Phishing.
Stories Covered
๐ Geopolitical
Risky Bulletin: Ukrainians hacked Russian satellite comms platform
Risky Business News ยท Apr 29 ยท Relevance: โโโโโโโโโโ 9/10
Why it matters to CISOs: A successful Ukrainian offensive cyber operation against Russian satellite communications demonstrates the escalating sophistication of state-level attacks on critical infrastructure, reinforcing the need to assess satellite and comms dependencies in enterprise resilience planning.
๐ Read full article
Chinese National Extradited Over Silk Typhoon Cyber Campaign
Infosecurity Magazine ยท Apr 28 ยท Relevance: โโโโโโโโโโ 8/10
Why it matters to CISOs: The extradition of an alleged MSS-directed Silk Typhoon operator signals escalating law enforcement action against Chinese state-sponsored espionage and validates the persistent threat that APT campaigns pose to enterprise intellectual property and sensitive data.
๐ Read full article
Germany Caught Up in Likely Russian Signal Phishing
BankInfoSecurity ยท Apr 29 ยท Relevance: โโโโโโโโโโ 8/10
Why it matters to CISOs: Russian phishing attacks compromising senior German government officials via Signal highlight that encrypted messaging platforms are not immune to social engineering, and CISOs should ensure executive communications security includes phishing-resistant authentication for messaging apps.
๐ Read full article
Cyber Command, NSA chief warns foreign adversaries likely to target midterms
The Record (Recorded Future) ยท Apr 28 ยท Relevance: โโโโโโโโโโ 7/10
Why it matters to CISOs: Foreign adversary election targeting campaigns often spill over into corporate environments through disinformation, spear-phishing, and infrastructure hijacking; CISOs should heighten awareness during election cycles.
๐ Read full article
๐ Data Breach
Medtronic Confirms Data Breach After ShinyHunters Claims
Infosecurity Magazine ยท Apr 28 ยท Relevance: โโโโโโโโโโ 8/10
Why it matters to CISOs: A major medical device manufacturer confirming a breach claimed by ShinyHunters underscores ongoing supply chain and third-party risk in healthcare, and signals board-level scrutiny around health data protection and notification obligations.
๐ Read full article
US reportedly charges Scattered Spider hacker arrested in Finland
BleepingComputer ยท Apr 28 ยท Relevance: โโโโโโโโโโ 7/10
Why it matters to CISOs: Continued law enforcement action against Scattered Spider members is relevant to CISOs whose organizations have faced social engineering and SIM-swapping attacks from this group; the arrest demonstrates the threat group is still actively targeted by authorities.
๐ Read full article
Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden
Ars Technica Security ยท Apr 29 ยท Relevance: โโโโโโโโโโ 7/10
Why it matters to CISOs: Security vendors themselves becoming targeted in supply chain attacks highlights the recursive trust problem in enterprise security toolchains; CISOs must evaluate vendor security posture as rigorously as their own.
๐ Read full article
๐ Startup Ecosystem
Why Cisco Is Eyeing Buy of Non-Human Identity Startup Astrix
BankInfoSecurity ยท Apr 29 ยท Relevance: โโโโโโโโโโ 8/10
Why it matters to CISOs: A potential $250M-$350M Cisco acquisition of Astrix validates non-human identity as a critical security category and could reshape the identity security vendor landscape CISOs rely on for service accounts, API keys, and machine identity management.
๐ Read full article
๐จ Critical Vulnerability
LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure
The Hacker News ยท Apr 29 ยท Relevance: โโโโโโโโโโ 7/10
Why it matters to CISOs: LiteLLM is widely used as an LLM gateway/proxy in enterprise AI deployments; a critical pre-auth SQLi flaw exploited within 36 hours of disclosure means any organization using LiteLLM in production must patch immediately or risk full database compromise.
๐ Read full article
Further Reading
Full Transcript
Click to expand full episode transcript
Jordan: Ukrainian hackers just took down a Russian satellite communications platform. State-level offensive cyber is no longer a spectator sport, and today we're going to talk about what that means for the rest of us.
Alex: Welcome to Cleartext. It's Wednesday, April 29th, 2026. I'm Alex Chen.
Jordan: And I'm Jordan Reeves. Today we've got a dense one. State-sponsored threat actors are having a busy week โ Russia, China, the Ukraine conflict going fully cyber. We've got a Medtronic breach confirmed by ShinyHunters, a supply chain attack targeting your security vendors directly, a critical flaw in enterprise AI infrastructure being exploited within 36 hours, and Cisco making a move that could reshape how you think about machine identity. A lot to get through. Let's go.
Alex: Start with Ukraine, because that satellite story is genuinely significant and not just for the obvious reasons.
Jordan: So Ukrainian hackers compromised a Russian satellite communications platform. No small thing. Satellite comms are strategic infrastructure โ military coordination, logistics, command and control. This isn't a defacement or a data leak. This is Ukraine demonstrating that it can reach into and disrupt Russian strategic communications infrastructure. From a threat intelligence standpoint, this matters for enterprise security leaders because it marks another milestone in the normalization of offensive cyber as a legitimate wartime tool at scale. We are watching the doctrine being written in real time.
Alex: And the business implication here isn't abstract. If you are any organization with satellite communications dependencies โ and more companies have them than realize it, especially in manufacturing, energy, maritime, aviation โ you need to be asking your resilience team right now: if a satellite comms provider goes dark, what's our fallback? This is the kind of scenario that used to live only in government continuity planning. It belongs in your enterprise BCP today.
Jordan: The ripple effect is the thing. Sophisticated offensive cyber capabilities developed and refined in conflict zones have a history of migrating. NotPetya started as a Ukrainian operation and took down half the global shipping industry. That's not hypothetical. That's recent history.
Alex: Speaking of state-sponsored campaigns with long tails โ the Silk Typhoon extradition. A Chinese national has been extradited to the US for alleged involvement in the MSS-directed Silk Typhoon campaign. This is significant on multiple levels.
Jordan: First, the operational signal: the US government is willing to pursue extradition for MSS-connected hackers, which means the intelligence community has enough confidence in attribution to put it in a courtroom. That's a high bar. Second, the campaign itself โ Silk Typhoon was targeting COVID-19 research, pharmaceutical IP, biotech. If your organization plays anywhere near life sciences, this is a reminder that the Chinese intelligence apparatus views your R&D as a legitimate collection target, and has for years.
Alex: The extradition also functions as deterrence signaling, even if the operational impact on MSS activities is minimal in the short term. For CISOs, the board-level framing here is straightforward: nation-state actors are targeting intellectual property with the explicit backing of foreign governments. That is a material risk that belongs in your threat model and your D&O conversations.
Jordan: Staying in the state-sponsored lane โ Germany, Signal, and Russian phishing. This one deserves more attention than it's getting.
Alex: Walk us through it.
Jordan: Russian actors ran a phishing campaign against senior German government officials โ including the president of the Bundestag โ through Signal. Signal came out and said, correctly, that this isn't a platform vulnerability. Signal's encryption held. This was social engineering. Linked devices, QR code abuse, convincing pretexts. The platform didn't fail. The humans did.
Alex: And that is exactly the wrong lesson to take if you walk away thinking "Signal is fine, no problem here." The lesson is that encrypted messaging gives you confidentiality in transit. It does not protect you from an adversary who tricks your executive into linking a malicious device to their account. If you have pushed Signal or any encrypted messaging app to your executive team as your secure comms solution โ which many of us have โ you need to pair that with training on device linking, session management, and phishing-resistant authentication for the account itself.
Jordan: The Kremlin has been running social engineering operations against European governments for years. This isn't new tradecraft. What's notable is the target profile โ parliament-level officials โ and the success rate. If it's working at that level, assume it's being attempted against your C-suite.
Alex: Let's move to breaches. Medtronic is a big one. ShinyHunters claimed access. Medtronic confirmed it. Millions of records allegedly accessed from one of the largest medical device companies in the world.
Jordan: ShinyHunters has a track record. They don't usually bluff. And Medtronic confirming the breach removes any ambiguity. The healthcare sector continues to be a target-rich environment โ regulated data, complex supply chains, legacy infrastructure, and notification obligations that create significant legal and reputational exposure the moment something goes wrong.
Alex: For CISOs in healthcare and for anyone with healthcare clients or partners, the immediate concern is HIPAA notification timelines, but the strategic concern is third-party and supply chain exposure. Medtronic's ecosystem includes hospitals, device integrators, software platforms. If you're downstream of a breach like this, you need to understand your contractual obligations and your own exposure. Don't wait for Medtronic's notification letter to start that analysis.
Jordan: Scattered Spider โ a 19-year-old dual US-Estonian citizen arrested in Finland, now facing federal charges in the US. This group brought down MGM and Caesars. This kid was allegedly a prolific member.
Alex: The arrest matters less for what it does to Scattered Spider's operational capacity โ these groups are resilient โ and more for what it confirms: law enforcement is actively pursuing members across jurisdictions. Finland, the US, coordinated. The group is not operating with impunity. But the social engineering playbook they developed is now widely copied. Assume the TTPs outlast the arrests.
Jordan: Now the supply chain story that should make every CISO uncomfortable. A recent attack specifically targeted Checkmarx and Bitwarden. Two security vendors. One does code security scanning with privileged access to your source code repositories. The other manages your passwords.
Alex: This is the recursive trust problem stated plainly: when your security vendors get compromised, attackers get the keys to everything those vendors touch. And these aren't generic vendors โ Checkmarx sits inside your SDLC pipeline with access to proprietary code, and Bitwarden manages credential vaults. If you are a customer of either, you need to be reviewing what access those platforms have to your environment and what your incident response plan looks like if a tier-one security vendor is breached.
Jordan: Vendor security assessments need to be treated with the same rigor as your own internal security reviews. This story is a data point in an argument we've been making for years. The perimeter is your vendor ecosystem now.
Alex: Quick but important โ Cisco is reportedly in talks to acquire Astrix Security, a non-human identity startup, for somewhere between 250 and 350 million dollars. That's a 25% premium on a 200 million dollar valuation.
Jordan: Non-human identity is the category. Service accounts, API keys, OAuth tokens, machine-to-machine credentials. Most organizations have an order of magnitude more non-human identities than human ones and a fraction of the governance around them. The market is validating this. Cisco buying into it tells you where the puck is going.
Alex: If you haven't done a non-human identity audit, this is your signal. The acqui-hire market moves before the breach headlines do. Budget conversations around NHI governance just got easier to have.
Jordan: And fast โ LiteLLM. CVE-2026-42208. CVSS 9.3. Pre-authentication SQL injection. Exploitation started within 36 hours of disclosure. LiteLLM is a widely used open-source LLM gateway in enterprise AI deployments.
Alex: If you have LiteLLM in production, patch it today. Not this week. Today. Pre-auth means no credentials required to exploit. Full database compromise is the exposure. This is the kind of vulnerability that makes a great breach disclosure paragraph six months from now if you don't act immediately.
Jordan: The 36-hour exploitation window is also a data point for your vulnerability management program broadly. Mean time to patch needs to be measured in hours for critical pre-auth remote vulnerabilities, not the two-week patch cycles most organizations still run.
Alex: So what's the theme this week, Jordan?
Jordan: State actors are operating with more sophistication, more coordination, and more ambition than ever โ satellite infrastructure, encrypted messaging platforms, parliament-level targets. And at the same time, the criminal ecosystem is keeping pace. ShinyHunters, Scattered Spider โ these groups have nation-state-level operational discipline without the diplomatic constraints.
Alex: What I'd watch: the election threat warning from Gen. Rudd at Cyber Command is the thing that could define the next six months. He told Congress midterms are in the crosshairs. Foreign adversary election campaigns generate spear-phishing infrastructure, disinformation operations, and domain spoofing that bleeds into corporate environments. Heighten your executive awareness programs now, before the noise ramps up.
Jordan: And watch the Cisco-Astrix deal. If that closes, expect consolidation in the NHI space to accelerate. Your current vendor landscape for machine identity could look very different by Q4.
Alex: That's Cleartext for Wednesday, April 29th. If this was useful, share it with a peer who needs the signal without the noise. We're back tomorrow.
Jordan: Stay sharp.
Cleartext is an automated daily podcast for CISOs and security leaders. Generated 2026-04-29.
Sources are pulled from: CyberScoop, The Record, SecurityWeek, Krebs on Security, Dark Reading, Cybersecurity Dive, BleepingComputer, Wired, Ars Technica, TechCrunch, Help Net Security, VentureBeat, Risky Business News, The Hacker News, CISA, and BankInfoSecurity.
View all episodes
By CleartextCleartext โ April 29, 2026
Daily cybersecurity briefing for CISOs and security leaders.
๐ง Listen to this episode
Episode Summary
Today's episode covers 9 stories across 4 topic areas, including: Risky Bulletin: Ukrainians hacked Russian satellite comms platform; Chinese National Extradited Over Silk Typhoon Cyber Campaign; Germany Caught Up in Likely Russian Signal Phishing.
Stories Covered
๐ Geopolitical
Risky Bulletin: Ukrainians hacked Russian satellite comms platform
Risky Business News ยท Apr 29 ยท Relevance: โโโโโโโโโโ 9/10
Why it matters to CISOs: A successful Ukrainian offensive cyber operation against Russian satellite communications demonstrates the escalating sophistication of state-level attacks on critical infrastructure, reinforcing the need to assess satellite and comms dependencies in enterprise resilience planning.
๐ Read full article
Chinese National Extradited Over Silk Typhoon Cyber Campaign
Infosecurity Magazine ยท Apr 28 ยท Relevance: โโโโโโโโโโ 8/10
Why it matters to CISOs: The extradition of an alleged MSS-directed Silk Typhoon operator signals escalating law enforcement action against Chinese state-sponsored espionage and validates the persistent threat that APT campaigns pose to enterprise intellectual property and sensitive data.
๐ Read full article
Germany Caught Up in Likely Russian Signal Phishing
BankInfoSecurity ยท Apr 29 ยท Relevance: โโโโโโโโโโ 8/10
Why it matters to CISOs: Russian phishing attacks compromising senior German government officials via Signal highlight that encrypted messaging platforms are not immune to social engineering, and CISOs should ensure executive communications security includes phishing-resistant authentication for messaging apps.
๐ Read full article
Cyber Command, NSA chief warns foreign adversaries likely to target midterms
The Record (Recorded Future) ยท Apr 28 ยท Relevance: โโโโโโโโโโ 7/10
Why it matters to CISOs: Foreign adversary election targeting campaigns often spill over into corporate environments through disinformation, spear-phishing, and infrastructure hijacking; CISOs should heighten awareness during election cycles.
๐ Read full article
๐ Data Breach
Medtronic Confirms Data Breach After ShinyHunters Claims
Infosecurity Magazine ยท Apr 28 ยท Relevance: โโโโโโโโโโ 8/10
Why it matters to CISOs: A major medical device manufacturer confirming a breach claimed by ShinyHunters underscores ongoing supply chain and third-party risk in healthcare, and signals board-level scrutiny around health data protection and notification obligations.
๐ Read full article
US reportedly charges Scattered Spider hacker arrested in Finland
BleepingComputer ยท Apr 28 ยท Relevance: โโโโโโโโโโ 7/10
Why it matters to CISOs: Continued law enforcement action against Scattered Spider members is relevant to CISOs whose organizations have faced social engineering and SIM-swapping attacks from this group; the arrest demonstrates the threat group is still actively targeted by authorities.
๐ Read full article
Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden
Ars Technica Security ยท Apr 29 ยท Relevance: โโโโโโโโโโ 7/10
Why it matters to CISOs: Security vendors themselves becoming targeted in supply chain attacks highlights the recursive trust problem in enterprise security toolchains; CISOs must evaluate vendor security posture as rigorously as their own.
๐ Read full article
๐ Startup Ecosystem
Why Cisco Is Eyeing Buy of Non-Human Identity Startup Astrix
BankInfoSecurity ยท Apr 29 ยท Relevance: โโโโโโโโโโ 8/10
Why it matters to CISOs: A potential $250M-$350M Cisco acquisition of Astrix validates non-human identity as a critical security category and could reshape the identity security vendor landscape CISOs rely on for service accounts, API keys, and machine identity management.
๐ Read full article
๐จ Critical Vulnerability
LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure
The Hacker News ยท Apr 29 ยท Relevance: โโโโโโโโโโ 7/10
Why it matters to CISOs: LiteLLM is widely used as an LLM gateway/proxy in enterprise AI deployments; a critical pre-auth SQLi flaw exploited within 36 hours of disclosure means any organization using LiteLLM in production must patch immediately or risk full database compromise.
๐ Read full article
Further Reading
Full Transcript
Click to expand full episode transcript
Jordan: Ukrainian hackers just took down a Russian satellite communications platform. State-level offensive cyber is no longer a spectator sport, and today we're going to talk about what that means for the rest of us.
Alex: Welcome to Cleartext. It's Wednesday, April 29th, 2026. I'm Alex Chen.
Jordan: And I'm Jordan Reeves. Today we've got a dense one. State-sponsored threat actors are having a busy week โ Russia, China, the Ukraine conflict going fully cyber. We've got a Medtronic breach confirmed by ShinyHunters, a supply chain attack targeting your security vendors directly, a critical flaw in enterprise AI infrastructure being exploited within 36 hours, and Cisco making a move that could reshape how you think about machine identity. A lot to get through. Let's go.
Alex: Start with Ukraine, because that satellite story is genuinely significant and not just for the obvious reasons.
Jordan: So Ukrainian hackers compromised a Russian satellite communications platform. No small thing. Satellite comms are strategic infrastructure โ military coordination, logistics, command and control. This isn't a defacement or a data leak. This is Ukraine demonstrating that it can reach into and disrupt Russian strategic communications infrastructure. From a threat intelligence standpoint, this matters for enterprise security leaders because it marks another milestone in the normalization of offensive cyber as a legitimate wartime tool at scale. We are watching the doctrine being written in real time.
Alex: And the business implication here isn't abstract. If you are any organization with satellite communications dependencies โ and more companies have them than realize it, especially in manufacturing, energy, maritime, aviation โ you need to be asking your resilience team right now: if a satellite comms provider goes dark, what's our fallback? This is the kind of scenario that used to live only in government continuity planning. It belongs in your enterprise BCP today.
Jordan: The ripple effect is the thing. Sophisticated offensive cyber capabilities developed and refined in conflict zones have a history of migrating. NotPetya started as a Ukrainian operation and took down half the global shipping industry. That's not hypothetical. That's recent history.
Alex: Speaking of state-sponsored campaigns with long tails โ the Silk Typhoon extradition. A Chinese national has been extradited to the US for alleged involvement in the MSS-directed Silk Typhoon campaign. This is significant on multiple levels.
Jordan: First, the operational signal: the US government is willing to pursue extradition for MSS-connected hackers, which means the intelligence community has enough confidence in attribution to put it in a courtroom. That's a high bar. Second, the campaign itself โ Silk Typhoon was targeting COVID-19 research, pharmaceutical IP, biotech. If your organization plays anywhere near life sciences, this is a reminder that the Chinese intelligence apparatus views your R&D as a legitimate collection target, and has for years.
Alex: The extradition also functions as deterrence signaling, even if the operational impact on MSS activities is minimal in the short term. For CISOs, the board-level framing here is straightforward: nation-state actors are targeting intellectual property with the explicit backing of foreign governments. That is a material risk that belongs in your threat model and your D&O conversations.
Jordan: Staying in the state-sponsored lane โ Germany, Signal, and Russian phishing. This one deserves more attention than it's getting.
Alex: Walk us through it.
Jordan: Russian actors ran a phishing campaign against senior German government officials โ including the president of the Bundestag โ through Signal. Signal came out and said, correctly, that this isn't a platform vulnerability. Signal's encryption held. This was social engineering. Linked devices, QR code abuse, convincing pretexts. The platform didn't fail. The humans did.
Alex: And that is exactly the wrong lesson to take if you walk away thinking "Signal is fine, no problem here." The lesson is that encrypted messaging gives you confidentiality in transit. It does not protect you from an adversary who tricks your executive into linking a malicious device to their account. If you have pushed Signal or any encrypted messaging app to your executive team as your secure comms solution โ which many of us have โ you need to pair that with training on device linking, session management, and phishing-resistant authentication for the account itself.
Jordan: The Kremlin has been running social engineering operations against European governments for years. This isn't new tradecraft. What's notable is the target profile โ parliament-level officials โ and the success rate. If it's working at that level, assume it's being attempted against your C-suite.
Alex: Let's move to breaches. Medtronic is a big one. ShinyHunters claimed access. Medtronic confirmed it. Millions of records allegedly accessed from one of the largest medical device companies in the world.
Jordan: ShinyHunters has a track record. They don't usually bluff. And Medtronic confirming the breach removes any ambiguity. The healthcare sector continues to be a target-rich environment โ regulated data, complex supply chains, legacy infrastructure, and notification obligations that create significant legal and reputational exposure the moment something goes wrong.
Alex: For CISOs in healthcare and for anyone with healthcare clients or partners, the immediate concern is HIPAA notification timelines, but the strategic concern is third-party and supply chain exposure. Medtronic's ecosystem includes hospitals, device integrators, software platforms. If you're downstream of a breach like this, you need to understand your contractual obligations and your own exposure. Don't wait for Medtronic's notification letter to start that analysis.
Jordan: Scattered Spider โ a 19-year-old dual US-Estonian citizen arrested in Finland, now facing federal charges in the US. This group brought down MGM and Caesars. This kid was allegedly a prolific member.
Alex: The arrest matters less for what it does to Scattered Spider's operational capacity โ these groups are resilient โ and more for what it confirms: law enforcement is actively pursuing members across jurisdictions. Finland, the US, coordinated. The group is not operating with impunity. But the social engineering playbook they developed is now widely copied. Assume the TTPs outlast the arrests.
Jordan: Now the supply chain story that should make every CISO uncomfortable. A recent attack specifically targeted Checkmarx and Bitwarden. Two security vendors. One does code security scanning with privileged access to your source code repositories. The other manages your passwords.
Alex: This is the recursive trust problem stated plainly: when your security vendors get compromised, attackers get the keys to everything those vendors touch. And these aren't generic vendors โ Checkmarx sits inside your SDLC pipeline with access to proprietary code, and Bitwarden manages credential vaults. If you are a customer of either, you need to be reviewing what access those platforms have to your environment and what your incident response plan looks like if a tier-one security vendor is breached.
Jordan: Vendor security assessments need to be treated with the same rigor as your own internal security reviews. This story is a data point in an argument we've been making for years. The perimeter is your vendor ecosystem now.
Alex: Quick but important โ Cisco is reportedly in talks to acquire Astrix Security, a non-human identity startup, for somewhere between 250 and 350 million dollars. That's a 25% premium on a 200 million dollar valuation.
Jordan: Non-human identity is the category. Service accounts, API keys, OAuth tokens, machine-to-machine credentials. Most organizations have an order of magnitude more non-human identities than human ones and a fraction of the governance around them. The market is validating this. Cisco buying into it tells you where the puck is going.
Alex: If you haven't done a non-human identity audit, this is your signal. The acqui-hire market moves before the breach headlines do. Budget conversations around NHI governance just got easier to have.
Jordan: And fast โ LiteLLM. CVE-2026-42208. CVSS 9.3. Pre-authentication SQL injection. Exploitation started within 36 hours of disclosure. LiteLLM is a widely used open-source LLM gateway in enterprise AI deployments.
Alex: If you have LiteLLM in production, patch it today. Not this week. Today. Pre-auth means no credentials required to exploit. Full database compromise is the exposure. This is the kind of vulnerability that makes a great breach disclosure paragraph six months from now if you don't act immediately.
Jordan: The 36-hour exploitation window is also a data point for your vulnerability management program broadly. Mean time to patch needs to be measured in hours for critical pre-auth remote vulnerabilities, not the two-week patch cycles most organizations still run.
Alex: So what's the theme this week, Jordan?
Jordan: State actors are operating with more sophistication, more coordination, and more ambition than ever โ satellite infrastructure, encrypted messaging platforms, parliament-level targets. And at the same time, the criminal ecosystem is keeping pace. ShinyHunters, Scattered Spider โ these groups have nation-state-level operational discipline without the diplomatic constraints.
Alex: What I'd watch: the election threat warning from Gen. Rudd at Cyber Command is the thing that could define the next six months. He told Congress midterms are in the crosshairs. Foreign adversary election campaigns generate spear-phishing infrastructure, disinformation operations, and domain spoofing that bleeds into corporate environments. Heighten your executive awareness programs now, before the noise ramps up.
Jordan: And watch the Cisco-Astrix deal. If that closes, expect consolidation in the NHI space to accelerate. Your current vendor landscape for machine identity could look very different by Q4.
Alex: That's Cleartext for Wednesday, April 29th. If this was useful, share it with a peer who needs the signal without the noise. We're back tomorrow.
Jordan: Stay sharp.
Cleartext is an automated daily podcast for CISOs and security leaders. Generated 2026-04-29.
Sources are pulled from: CyberScoop, The Record, SecurityWeek, Krebs on Security, Dark Reading, Cybersecurity Dive, BleepingComputer, Wired, Ars Technica, TechCrunch, Help Net Security, VentureBeat, Risky Business News, The Hacker News, CISA, and BankInfoSecurity.