CyberWire Daily - The basics broke telecom.
Episode Date: February 23, 2026A senior FBI cyber official warns Salt Typhoon remains an ongoing threat. Data protection authorities issue a joint statement raising serious concerns about AI image creation. A Japanese semiconductor... equipment maker confirms a ransomware attack. New number formats seek to reduce AI overhead. A low-skilled Russian-speaking threat actor compromised more than 600 Fortinet FortiGate firewalls. Spanish authorities have arrested four alleged members of Anonymous. CISA tags a pair of Roundcube Webmail flaws. Cybersecurity stocks fell sharply on news of a new security feature in Claude AI. Monday business breakdown. Brandon Karpf, friend of the show discussing sovereignty in space and cyber. Digital disruption drains drumsticks. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today Dave sits down with Brandon Karpf, friend of the show, and Maria Varmazis, host of T-Minus, as they are discussing sovereignty in space and cyber. Selected Reading FBI: Threats from Salt Typhoon are ‘still very much ongoing’ (CyberScoop) Joint Statement on AI-Generated Imagery and the Protection of Privacy (International Enforcement Cooperation Working Group (IEWG)) Japanese chip-testing toolmaker Advantest suffers ransomware attack (Help Net Security) AI's Math Tricks Don't Work for Scientific Computing (IEEE) Russian Cyber Threat Actor Uses GenAI to Compromise Fortinet Firewalls (Infosecurity Magazine) Suspected Anonymous members cuffed in Spain over DDoS attack (The Register) CISA: Recently patched RoundCube flaws now exploited in attacks (Bleeping Computer) Anthropic Unveils 'Claude Code Security,' Sending Cyber Stocks Lower (Bloomberg) RSAC Innovation Sandbox finalists secure $5 million each. (N2K Pro Business Briefing) Cyber attack takes major chicken processor Hazeldenes offline leaving businesses without meat (ABC News) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyberwire Network, powered by N2K.
Where are my gloves?
Come on, heat.
Winter is hard, but your groceries don't have to be.
This winter, stay warm.
Tap the banner to order your groceries online at voila.ca.
Enjoy in-store prices without leaving your home.
You'll find the same regular prices online as in-store.
Many promotions are available both in-store and online, though some may vary.
A senior FBI cyber official warns Salt Typhoon remains an ongoing threat.
Data protection authorities issue a joint statement raising serious concerns about AI image creation.
A Japanese semiconductor equipment maker confirms a ransomware attack.
New number formats seek to reduce AI overhead.
A low-skilled Russian-speaking threat actor compromised more than 600 Fortinette Fortigate firewalls.
Spanish authorities have arrested four alleged members of anonymous.
Sisa tags a pair of RoundCube webmail flaws.
Cybersecurity stocks fell sharply on news of a new security feature in Clawed AI.
We got your Monday business breakdown.
Brandon Karpf and Maria Vermazas join me to discuss sovereignty in space and cyber.
And digital disruption drains drumsticks.
It's Monday, February 23, 26.
I'm Dave Bittner, and this is your Cyberwire Intel Briefing.
Thanks for joining us here today on a snowy day here in the DMV.
It's great to have you with us.
A senior FBI cyber official warns that Salt Typhoon,
the Chinese espionage group behind the 2024 compromise of U.S. telecommunications infrastructure,
remains an ongoing threat to both public and private sectors.
Speaking at cyber talks in Washington, D.C., Michael Mocktinger said,
organizations that engaged early with the FBI and SISA were most successful in limiting damage.
Reporting previously found the telecom sector struggled with basic cybersecurity weaknesses and fragmented
networks, which Salt Typhoon exploited for persistent access.
Mocktinger emphasized that simple vulnerabilities, not advance zero-day exploits, were the primary
entry points, with fishing and legacy systems still common attack vectors.
He urged organizations to adopt fundamental practices such as zero trust and least privilege access.
Salt Typhoon's campaign has reportedly affected more than 80 countries and continues to pose a significant threat.
Data Protection authorities from around the world, coordinated by the International Enforcement Cooperation Working Group,
have issued a joint statement raising serious concerns about artificial intelligence systems that generate
realistic images and videos of identifiable people without their consent. The signatories highlight that
while AI image and video tools can offer benefits, they've also enabled non-consensual intimate imagery,
defamatory depictions, and other harmful content, with particular risks for children and vulnerable
groups. Organizations developing or deploying such technology are reminded to comply with applicable
privacy and data protection laws, and to implement strong safeguards to prevent misuse.
The statement calls for meaningful transparency about system capabilities and risks,
effective mechanisms for individuals to request removal of harmful AI-generated content,
and enhanced protections where children are depicted.
It emphasizes that technological advancement should not come at the expense of privacy,
dignity, and safety.
Japanese semiconductor equipment maker Adventist confirmed it suffered a ransomware attack after detecting unusual activity in its IT environment on February 15th.
The company said a third party may have accessed parts of its network and deployed ransomware.
Adventist activated incident response protocols, isolated affected systems, and engaged external cybersecurity experts.
The investigation remains ongoing, and it's unclear whether or,
customer or employee data was impacted. The company has not reported significant operational
disruptions and says it will provide updates as it assesses the full scope of the incident.
Artificial intelligence has fueled a surge in new digital number formats as engineers
seek to reduce computation time and energy use by shrinking bit counts. While AI systems can
operate effectively with 16, 8, or even fewer bits,
scientific computing fields such as physics and engineering require far greater dynamic range and precision.
In an interview in the ICCLEE newsletter, Laszlo Hunhold, an AI engineer at Open Chip,
argues that traditional 64-bit standards are excessive for most tasks,
but still better suited for scientific workloads than many AI optimized formats.
AI data tends to follow predictable distributions and tolerates low,
precision, whereas scientific applications must accurately represent extremely large and small values.
Hunhold developed a new format called Tuckum, inspired by posits, but redesigned to preserve dynamic range even when bits are reduced.
He says Tuckums are specifically tailored to scientific computing, addressing limitations in existing low-bit formats.
A low-skilled Russian-speaking threat actor used commercial.
generative AI tools to compromise more than 600 Fortinette Fortigate Firewalls across 55 countries,
according to an AWS security blog. The financially motivated campaign ran from January 11th through
February 18th and relied on scanning internet-exposed management interfaces and credential reuse
rather than exploiting new vulnerabilities. The actor used AI to generate attack plans, write Python,
and Go tooling and automate reconnaissance, lateral movement, and credential theft using well-known
open-source tools.
AWS assessed the activity as opportunistic, noting the attacker often failed against patched systems
or closed ports.
No AWS infrastructure was involved.
Amazon threat intelligence expects continued AI adoption by lower skilled actors and recommends
strong patching, credential hygiene, network segmentation, and improved post-exploitation detection
as primary defenses.
Spanish authorities have arrested four alleged members of anonymous Phenix for launching
distributed denial of service attacks against government ministries, political parties, and
public institutions following the 2024 Dana floods.
Guardia Civil detained two suspects last week,
adding to two earlier arrests in May of last year.
The group claimed the targeted entities were responsible for the flood tragedy.
A court ordered the seizure of its X and YouTube accounts
and the closure of its telegram channel.
Police said several attacks were successful,
those specific targets were not disclosed.
Sisa has added two RoundCube webmail flaws
to its known exploited vulnerabilities catalog,
citing active exploitation,
and ordered federal agencies to patch within three weeks.
The first is a critical remote code execution bug flagged as exploited shortly after its June 2025 patch.
The second, patched in December of last year, allows unauthenticated cross-site scripting via SVG animate tags.
Cicill warned the vulnerabilities pose significant risks to federal networks
and set a March 13th remediation deadline.
cybersecurity stocks fell sharply after Anthropic introduced a new security feature in its Claude AI model that scans code bases for vulnerabilities and suggests patches.
CrowdStrike dropped 8%, cloud flare fell 8.1%, sale point slid 9.4% and Octa declined 9.2% while the Global X-C cybersecurity ETF sank 4.9% to its lowest level since November 2023.
Investors worry that AI-native tools could reduce demand for traditional security software
by enabling users to generate and secure code themselves.
Broader software shares have also struggled with the iShare's expanded tech software sector
ETF down more than 23% this year.
Analysts say AI may ultimately benefit cybersecurity,
but near-term volatility is likely as AI providers expand into
security-focused offerings and compete for budget dollars. Many of these stocks seem to have rebounded
in early pre-market trading today. Turning to our Monday business breakdown, RSA conference named
10 finalists for its Innovation Sandbox contest, awarding each $5 million to accelerate growth. The cohort
spans fraud prevention, AI code security, identity, governance, and application security startups
across the U.S., Israel, Canada, and the U.K. Funding momentum continues across the sector,
with major raises including cogent security at $42 million, Venice at $33 million,
Segura and Volnchek at $25 million each, Lima AI and opaque at $24 million, and compliance at $20 million.
Smaller rounds went to Aliro, Varyalabs, and Seidelphi.
Mergers and acquisitions also surged with Palo Alto networks planning a $400 million acquisition of Israeli AI security startup Koi.
Checkpoint acquired three AI-focused firms for over $150 million, while ProofPoint, key card, Endor Labs, and Quantum Leap each announced strategic buys.
The deals signal strong investor appetite for AI-driven security, governance, and agent-focused protection platforms.
Coming up after the break, my conversation with Brandon Karp and Maria Vermazas about sovereignty in space and cyber.
And digital disruption drains drumsticks.
Stay with us.
No, it's not your imagination.
Risk and regulation really are ramping up.
And customers expect proof of security before they'll sign that deal.
That's where Vanta comes in.
Vanta automates your compliance process and brings compliance risk.
risk and customer trust together on one AI-powered platform.
Whether you're preparing for SOC2 or managing an enterprise governance, risk, and compliance
program, Banta helps keep you secure and keeps your deals moving.
Companies like Ramp and Writers spend 82% less time on audits with Vanta.
That's not just faster compliance, that's more time for growth.
Take it for me.
If you're thinking about compliance, take the time to check out Vanta.
Get started at vanta.com slash cyber.
It is always a treat for me when I welcome into the studio, Brandon Karp.
He is the leader of international public-private partnerships at NTT.
Brandon, welcome.
Thank you, Dave.
You look just as good as you sound today, sir.
Oh, thank you.
And that laugh, our listeners surely recognize, is my colleague, Maria Vermazas,
giving me the amount of respect that I truly deserve.
She is the host of the T-Minis Space Daily podcast.
Maria, welcome.
Thank you, Dave.
It's always a pleasure, and hello, Brandon.
Hi, Maria.
So I want to talk about digital sovereignty today,
both in space and cyber, a hot topic
and one I think is pretty darn important.
Maria, let's start off with space.
It was actually a space story that caught my eye when it comes to this.
Is it fair to say that nations around the world are looking to decrease their dependence on the U.S.?
We're seeing a lot of money going into this, especially from Europe, to the amounts of billions of euros being invested in sovereign space communication systems, sovereign space, you name it, type of space systems, basically.
There has been talk of sovereign space access for a long time from especially European sectors, but I think 2025 was the first year we saw some very serious money.
from a number of European countries going towards this effort.
So I think Europe is really taking this seriously.
Of course, it takes many years for something like this to get up and running,
so it's not like the satellites are going to be up on orbit tomorrow.
But it is a huge driver of a lot of space activity in Europe.
So we're seeing a lot of money going to European contracts.
And a lot of the rhetoric is also, instead of being sort of an implied thing,
it's very explicit now.
there was a big space conference that was in Europe
just right before we recorded this episode
and that was all of the rhetoric was explicitly
our space traffic data, our space infrastructure
all needs to be made by Europeans, governed by Europeans,
for Europeans.
There's no bones about it, basically.
Well, Brandon, how about in cyber?
What are you seeing in your travels?
Yeah, we're encountering the same drive towards digital
and supply chain sovereignty and cyber for sure.
I travel to Japan for work quite often,
and I was also recently in Taiwan.
And the conversations around cloud infrastructure,
sovereign cloud, not even just public cloud,
which is what we're mostly used to in the U.S.,
but actually sovereign cloud,
where data does not leave the national boundaries of Japan
or Taiwan.
Japan's implementing this right now as we speak.
Taiwan is, I was in conversations with,
senior government representatives just in December,
and they're talking about acquiring services that are totally sovereign.
So the data never leaves the geographic boundaries of those regions.
And the challenge there is there's a lot of U.S. cloud providers
that just can't architecturally do that right now.
There's, in fact, very few who can.
And so this has broadly been a challenge for those types of organizations.
Yeah, I mean, let's talk about the practicality of this,
and the degree to which it is actually possible.
You know, I think in regular conversation,
you hear folks talk about how,
if we wanted to build an iPhone, for example,
here in the U.S.,
that we simply don't have the capability
to do that right now.
Yep.
What is the rest of the world face
when it comes to untethering themselves from the U.S.?
Let's stay with cyber for the moment, Brandon?
Yeah, so, I mean, they're facing, first foremost, cost.
You know, broadly speaking,
there are benefits of the push towards sovereign cloud and data sovereignty,
and then there are challenges for U.S. companies, of course.
You know, I think the primary challenge we could see is shifting away from U.S. standardization
and how U.S. decides to move data and the architectures we tend to use and the technologies we use.
And as more countries, again, these are large countries with massive, you know,
multi-billion dollar markets as they start pushing towards sovereignty,
the U.S. companies will lose a little bit of control over where that goes.
Now, some of those U.S. companies will play in that space, but that means that those organizations,
whether it's Microsoft or Google or Oracle or what have you, need to invest in those new technologies.
So it's a big new capital expenditure, right?
You know, that requires building data centers.
And it's one of the things that my company is focused on, right?
NTT builds data centers, one of the things we do.
And so it's why we're having these conversations.
But it means those companies need to invest in that infrastructure.
So that, I mean, massive capital expenditure for those organizations.
But at the same time, you know, it's beneficial to the people in those countries, in those
organizations.
You know, anecdotally, you know, people talk about Somerton.
It's a, you know, highfalutin term.
But, you know, this comes down to like in high school, right, or in college, you know,
you've got a bunch of friends.
You know, I went to the Naval Academy and a bunch of rowing buddies.
You know, we were taking crazy pictures going out on the weekends.
And, you know, they all have these pictures of me.
You know, and probably the not, not.
You sure you want to put this on a podcast?
It's highly specific, Brandon.
Exactly.
And you know where I'm going with this.
And, you know, they have data about me that I don't really want out there in the world.
You know, and you think about a young, you know.
My email is Maria.orgia.com.
Okay.
Exactly.
And so, you know, and how many of us have had those experiences personally of, okay, someone else has information about us that we don't necessarily want them to have control over.
They get to my buddy Louise.
He gets to decide who sends that picture of me in a specific tank top.
And he knows if he listens to this, which one I'm talking about.
And that's this principle of sovereignty of like when the data is sovereign, when it is, the architecture is localized, the laws, the regulations, the controls are also localized.
And so if you're in Japan and you're leveraging a sovereign cloud architecture, if you're leveraging a sovereign AI tool and,
a model that is localized, the laws of Japan, which, by the way, are incredibly strict on privacy
protection, apply to you as opposed to just relying on the U.S. kind of laissez-faire, open, you know,
what you get what you get.
You know, we've got a social safety net, but it's located on the ground and it's covered in spikes,
right?
So it's just a little bit different.
Right.
So, but let me use space as an example here, Marie.
I mean, to what degree do you think that we're talking about true sovereignty versus shifting alliances and allegiances?
In other words, has the experience that folks are going through right now put them off of partnerships altogether, or are there still practical considerate?
I think about space, and if your nation's closer to the equator, you've got an easier time chucking stuff up into orbit, right?
That is the scientific term is chucking up. Thank you very much. Yes. Yeah, I mean, the practicalities of space. I mean, the very easy one is how do you get there? In a lot of things in global space, a lot of other countries and international organizations follow the United States's lead on policy and how regulations, for lack of better term, because the U.S. has been the big dog on that front for a long time. But I'm thinking about ISA and India specifically right now. That meant.
mentality is changing. More partnerships are happening without the United States to try and secure access to space without going through the United States. But the reality is, for example, going back to Europe, them trying to put more of their own sovereign satellite constellations onto orbit. They do have a sovereign rocket, the Aryan 6, they have their own spaceport, but they do not have the launch capacity anywhere close to what the United States can do. They can't get things into space nearly as quickly as we,
can. So in a lot of cases, they're still having to launch their sovereign satellite constellations
through the United States on American launch vehicles. The hope is that that will change,
but that also takes a long time to use the massive cliche space is hard. Getting rockets to launch
is a lot harder than people think, because it literally is rocket science. So there are going to be a lot
of practical constraints for some time. And same thing for as other nations and international organizations
create their own regulations and policies and norms.
A lot of them are still cribbing the United States,
but I do think that is going to change.
When you have these off-the-record conversations with people,
I just had some last week, actually,
before we recorded this episode.
There is an element of, while we're going and driving hard
towards sovereign space,
we still have to work with the United States
in a lot of things, if only for components.
And if, you know, there's a lot of restrictions on what the nations are,
wanting to do versus what they actually can do,
simply because we've had a large head start in the United States.
But that's not going to last forever.
A lot of other nations are quickly catching up.
So the idea that this is going to be a U.S. exclusive thing,
to say nothing of China, that's definitely not going to last.
So I think it would be who folks in the United States who are in this world
to really think hard about how they can maintain these relationships
because I know Issa and India are,
especially in Australia, for that matter,
they're working hard on creating their own pathways
that kind of circumvent the United States.
Brandon, what opportunities does this bring
for a nation like China?
Yeah, that's exactly kind of the direction
I wanted this to go in,
because listening to Maria, I thought of a couple things.
First, I thought of Mark Carney's speech
at the World Economic Forum.
Oh, yeah.
And if a listener, if someone on this,
you know, is listening to this show
hasn't listened to that speech or Reddit, please go do so.
There's a transcript posted online for the World Economic Forum, but he really outlines what is the
kind of shifting economic and geopolitical and industrial perspective of the world, which is moving
away from the United States and how that is opening up opportunities for other countries.
But all three of us here are located in the U.S.
We're very interested in the success of the U.S., in the success of our economy and in the citizens
of the U.S., and, you know, that is a challenge that we have to confront, which is what Maria
just outlined is going to drive increased investment in other nations in their domestic capacity,
in their sovereign technologies, sovereign businesses, and the growth of their localized economies.
So if, you know, if at any level of analysis, whether it's a, you know, microeconomic analysis
or market analysis or what have you, you know, those markets are growing, U.S. market
maybe not shrinking, but not growing as quickly.
Now, that's good for those other markets, not as good for the U.S. market.
As an individual, you're going to want to get, you know, invested if you can somehow,
get exposure to those international markets.
But what it does for China, and we've seen this, again, bringing it back to Mark Carney,
Canada signed a big trade relationship in agreement with China now.
And now they're importing Chinese electric cars.
And so, I mean, that's a huge deal.
It's a huge deal.
I mean, I mean, I mean, I.
I don't know if anyone's been to Detroit, but Canada's right next door.
You could get dinner in Detroit and then go see an after-dinner show in Canada right there, right?
So, you know, they're no longer going to be importing U.S. electric vehicles.
And so imagine the exact same type of thing happening in the space technology industry
or, you know, these other types of manufacturing heavy industries of China's going to take advantage of this.
They typically do.
They're very forward thinking.
So not only will the localized markets in Ecuador,
or other, you know, launch nations be growing around these spaceports,
but, you know, also in cloud technologies as well.
But also China is going to be getting, you know, deeper and deeper entrenched.
Again, both of those situations hurting the American market.
Before I let you go, Brandon, you have a session at the upcoming RASC conference in San Francisco.
Can you give us a sneak peek of that?
Yeah, so, I mean, everything we talked about today really has to do with risk analysis,
risk forecasting.
And so I'm hosting a workshop, a learning lab, at RSA at the end of March.
So RSA is coming up soon.
Everyone who's attending, I just encourage you to sign up and register.
There's only 56 available seats in my learning lab.
The title of it is First Principles Risk Forecasting from Theory to Practice.
The number is Lab 2-T-09.
And again, 56 seats, you've got to reserve it ahead of time.
So look that up.
My session will be on Tuesday at 1.15 in the afternoon.
Two-hour session, hands-on practical risk analysis, risk forecasting for your organizations.
And I'll actually be co-hosting that with Rick Howard, previously of the Cyberwire.
That's awesome.
All right.
Well, Brandon Carf is leader of international public-private partnerships at NTT,
and Maria Vermazas is host of the T-Minis Space Daily podcast.
Thank you both for joining us.
Thanks, Dave.
Pleasure as always.
No, it's not your imagination.
Risk and regulation really are ramping up.
And customers expect proof of security before they'll sign that deal.
That's where Vanta comes in.
Vanta automates your compliance process and brings compliance, risk, and customer trust together
on one AI-powered platform.
Whether you're preparing for SOC2 or managing an enterprise governance, risk, and compliance program,
Banta helps keep you secure and keeps your deals moving.
Companies like Ramp and writers spend 82% less time on audits with Vanta.
That's not just faster compliance, that's more time for growth.
Take it for me.
If you're thinking about compliance, take the time to check out Vanta.
Get started at vanta.com slash cyber.
At Desjardin Insurance, we know that when you're a building contractor,
your company's foundation needs to be strong.
That's why our agents go the extra mile to understand your business
and provide tailored solutions for all its unique needs.
You put your heart into your company,
so we put our heart into making sure it's protected.
Get insurance that's really big on care.
Find an agent today at dejerdin.com slash business coverage.
And finally, a cyber attack at Hazeldine's,
a major chicken processor in central Victoria, Australia, has done what few things can.
It has left pubs and butchers staring into empty fridges.
After computer issues escalated last week, the company shut down on-site Wi-Fi,
disrupting packaging operations and halting deliveries.
Hazel Dean says it's working with cybersecurity investigators and authorities to restore systems
and determine what happened.
The ripple effects were immediate.
Wholesalers scrambled for alternate suppliers when the usual 2 a.m. deliveries failed to arrive.
One local butcher found not a single box of chicken waiting for the town's pubs or supermarkets.
The local hotel confirmed the grim reality, no chicken.
With limited communication and uncertain timelines, businesses are left improvising,
and Victoria has learned that when Wi-Fi goes down, sometimes dinner does too.
All bad news unless, of course, you're one of the chickens.
And that's The Cyberwire for links to all of today's stories.
Check out our daily briefing at thecyberwire.com.
We'd love to know what you think of this podcast.
Your feedback ensures we deliver the insights that keep you a step ahead
in the rapidly changing world of cybersecurity.
If you like our show, please share a rating and review in your favorite podcast app.
Please also fill out the survey in the show notes or send an email to
Cyberwire at N2K.com.
Our Cyberwire lead producer is Liz Stokes.
We're mixed by Trey Hester with original music by Elliot Peltzman.
Our executive producer is Jennifer Ibin, Peter Kilby as our publisher, and I'm Dave Bittner.
Thanks for listening.
We'll see you back here tomorrow.
If you only attend one cybersecurity conference this year, make it RASAC 2026.
It's happening March 23rd through the 26th in San Francisco.
bringing together the global security community for four days of expert insights,
hands-on learning, and real innovation.
I'll say this plainly, I never miss this conference.
The ideas and conversations stay with me all year.
Join thousands of practitioners and leaders tackling today's toughest challenges
and shaping what comes next.
Register today at rsacconference.com slash cyberwire 26.
I'll see you in San Francisco.