W3LL runs dry.

The CyberWire Daily episode for April 13, 2026, delivers a comprehensive breakdown of global cyber threats and strategic responses. The show opens with a major takedown of W3LL, a North Korea-linked phishing operation responsible for over $20 million in fraud, dismantled by U.S. and Indonesian authorities. The episode highlights a surge in sophisticated attacks, including a supply chain breach at OpenAI tied to North Korean hackers, a critical vulnerability in the Marimo Python notebook platform exploited within hours of disclosure, and a claimed cyberattack on UAE infrastructure by the Handela Hacking Group. Meanwhile, cybersecurity funding cuts in the proposed 2027 U.S. budget raise alarm, particularly for CISA and the SEC, while developers face targeted Slack phishing campaigns. The core of the episode centers on a deep-dive interview with Justin Kohler, Chief Product Officer at SpecterOps, who discusses identity attack path management—a strategic shift from reactive detection to proactive prevention. Kohler emphasizes that modern attackers exploit cascading identity permissions across hybrid environments (Active Directory, AWS, GitHub), and that tools like Bloodhound Enterprise provide the visibility needed to shut down millions of potential attack paths by focusing on critical assets. He warns that AI is democratizing nation-state-level tradecraft, making it easier for attackers to launch both advanced and distracting low-effort attacks, underscoring the need to eliminate attack opportunities rather than just respond to alerts. The episode closes with a reflection on the global scam economy, where crackdowns in one region simply displace operations to others, illustrating the persistent challenge of international cybercrime coordination.