CyberWire Daily - When Windows breaks and chips crack.
Episode Date: February 11, 2026Patch Tuesday. Preliminary findings from the European Commission come down on TikTok. Switzerland’s military cancels its contract with Palantir. Social engineering leads to payroll fraud. Google han...ds over extensive personal data on a British student activist. Researchers unearth a global espionage operation called “The Shadow Campaigns.” Notepad’s newest features could lead to remote code execution. Our guest is Hazel Cerra, Resident Agent in Charge of the Atlantic City Office for the United States Secret Service. Ring says it’s all about dogs, but critics hear the whistle. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, we’re joined by Hazel Cerra, Resident Agent in Charge of the Atlantic City Office for the United States Secret Service, as she discusses the evolution of the Secret Service’s investigative mission—from its early focus on financial crimes such as counterfeit currency and credit card fraud to the growing challenges posed by cryptocurrency-related crime. Selected Reading Microsoft February 2026 Patch Tuesday Fixes 58 Vulnerabilities, Six actively Exploited Flaws (Beyond Machines) Adobe Releases February 2026 Patches for Multiple Products (Beyond Machines) ICS Patch Tuesday: Vulnerabilities Addressed by Siemens, Schneider, Aveva, Phoenix Contact (SecurityWeek) Chipmaker Patch Tuesday: Over 80 Vulnerabilities Addressed by Intel and AMD (SecurityWeek) Commission preliminarily finds TikTok's addictive design in breach of the Digital Services Act (European Commission) Palantir's Swiss Exit Highlights Global Data Sovereignty Challenge (NewsCase) Payroll pirates conned the help desk, stole employee’s pay (The Register) Google Fulfilled ICE Subpoena Demanding Student Journalist’s Bank and Credit Card Numbers (The Intercept) The Shadow Campaigns: Uncovering Global Espionage (Palo Alto Networks Unit 42) Notepad's new Markdown powers served with a side of RCE (The Register) With Ring, American Consumers Built a Surveillance Dragnet (404 Media) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyberwire Network, powered by N2K.
Identity is a top attack vector.
In our interview with Kvitha Maria Pan from Rubrik,
she breaks down why 90% of security leaders believe
that identity-based attacks are their biggest threat.
Throughout this conversation, we explore why recovery times are getting longer,
not shorter, and what resiliency will look like in this AI-driven world.
If you're struggling to get a handle on identity risk,
this is something you should tune into.
Check out the full interview at
thecyberwire.com slash rubric.
Maybe that's an urgent message from your CEO,
or maybe it's a deep fake trying to target your business.
Dopple is the AI-native social engineering defense platform
fighting back against impersonation and manipulation.
As attackers use AI to make their tactics more sophisticated,
Dopple uses it to fight back.
from automatically dismantling cross-channel attacks to building team resilience and more.
Doppel. Outpacing what's next in social engineering.
Learn more at doppel.com.
That's D-O-P-P-E-L.com.
We got your patch Tuesday updates.
Preliminary findings from the European Commission come down on TikTok.
Switzerland's military cancels its contract with Palantir.
Social engineering leads to payroll fraud.
Google hands over extensive.
personal data on a British student activist, researchers unearth a global espionage operation
called the Shadow Campaigns. Notepad's newest features could lead to remote code execution.
Our guest is Hazel Sarah, resident agent in charge of the Atlantic City Office for the United
States Secret Service. And Ring says it's all about dogs, but critics hear the whistle.
It's Wednesday, February 11, 2026. I'm Dave Bittner and this is your
your Cyberwire Intel Briefing.
Thanks for joining us here today.
It's great to have you with us.
This month's Patch Tuesday brought a wide range of security updates
from major software and hardware vendors,
urging organizations and users to apply patches promptly
to mitigate active threats and emerging risks.
Microsoft's February security update fixes around 60 vulnerabilities
across Windows, Office, Azure,
across Windows, Office, Azure, and related components, including six actively exploited zero days.
These flaws span security feature bypasses, elevation of privilege, remote code execution, denial of service, and information disclosure bugs.
Several of the zero days affecting Windows Shell, MSHtml, and Office were publicly disclosed or exploited prior to the update.
administrators are strongly advised to apply these patches immediately.
Adobe released updates covering multiple products including audition, after effects,
in-design, bridge, lightroom classic, substance 3D apps, and the DNG SDK.
The patches address over 44 vulnerabilities with several rated critical
that could lead to arbitrary code execution if a user opens a malicious file.
To date, Adobe,
has not reported active exploitation of these flaws in the wild.
Several industrial automation vendors, including Siemens, Schneider Electric, Phoenix
Contact, and Aviva have published security advisories for their ICS and OT products as part of
this Patch Tuesday cycle.
These advisories cover a dozen vulnerabilities impacting control software, PLCs, and related devices,
and provide fixes, mitigations, or configuration guidance.
to reduce risk in industrial environments.
Both Intel and AMD released multiple advisories
for vulnerabilities in their hardware and firmware,
with over 80 flaws addressed across CPUs, chipsets, and related technologies.
These updates include a range of severity levels
and underline ongoing efforts by chip vendors
to harden platforms against both software and hardware-assisted attacks.
This patch Tuesday underscores that attackers are targeted,
targeting both software and hardware layers, from exploited Microsoft Zero Days to critical Adobe
flaws and a broad set of chip vulnerabilities. Organizations should prioritize patch deployment
across endpoints, servers, industrial systems, and firmware to reduce exposure.
The European Commission has preliminarily found that TikTok's design may breach the Digital Services
Act by promoting addictive use through features.
features like infinite scroll, auto play, push notifications, and personalized recommendations.
Regulators say TikTok failed to properly assess risks to users' mental and physical well-being,
especially minors, and ignored indicators of compulsive use.
Existing screen time and parental controls were deemed ineffective.
The Commission suggests TikTok may need fundamental design changes and could face fines of up to 6 percent,
of global turnover if violations are confirmed.
Switzerland's military has ended its contract with Palantir after a security audit found a
significant risk that U.S. intelligence agencies could access sensitive Swiss defense data.
While auditors praised Palantir's technical capabilities, the potential exposure was unacceptable
for Switzerland's neutrality. The decision raises broader questions about data sovereignty and may
prompt other non-NATO states, including Ukraine, to reassess similar partnerships.
Despite this reputational setback in Europe, Palantir's U.S. business remained strong,
highlighted by a recent $448 million Navy contract.
Financially, the Swiss exit is minor, but it underscores growing international unease over
jurisdictional control of defense data.
Researchers at Binary Defense investigated a payroll fraud incident in which attackers redirected a physician's salary using social engineering rather than malware.
The scheme began with compromised credentials for a shared mailbox likely obtained in a prior breach.
After studying internal emails, the attacker impersonated a locked-out physician in a help desk call,
pressuring staff to reset the password and MFA.
Using the organization's own virtual desktop infrastructure,
the attacker then accessed workday and changed direct deposit details,
evading detection because the activity appeared legitimate.
The breach was only discovered when the physician missed a paycheck.
Researchers warn this highlights identity as the new perimeter
and urge stronger verification and controls around payrolls,
role changes.
Google has complied with an ICE subpoena, seeking extensive personal data on British student
activist and journalist Amanda Thomas Johnson, including banking and credit card details linked
to his Gmail account, according to documents obtained by The Intercept.
The request followed Thomas Johnson's brief participation in a 2024 protest at Cornell University
and cited only a generic immigration enforcement rationale.
Google disclosed the data without prior notice, denying him the chance to challenge the subpoena.
Civil liberties groups, including the EFF and ACLU,
warn the case reflects a broader pattern of tech companies quietly cooperating with DHS surveillance requests,
often under gag orders.
Privacy experts say the episode raises serious concerns about data sovereignty,
transparency and user rights and highlights the need for stronger legal protections governing government
access to digital data. Palo Alto Network's Unit 42 has published a major analysis of a global
espionage operation. It calls the Shadow campaigns tracking a state-aligned cyber espionage group
designated TGRSTA 1030, also known as UNC 6619.
The group, assessed with high confidence to operate out of Asia, has been active since at least
2024, using fishing and exploitation of known vulnerabilities to compromise government ministries,
law enforcement, border control, and other critical infrastructure entities in at least 37
countries, and has conducted reconnaissance against infrastructure in 155 countries.
The campaigns appear focused on long-term intelligence collection tied to geopolitical and economic interests.
Unit 42's report details the group's techniques, tooling, and targets,
and has shared defensive indicators to help organizations better detect and mitigate this widespread espionage threat.
Researchers have identified a high-severity flaw in notepads,
recently added markdown support that could enable remote-coverage.
execution. The bug allows attackers to trick users into opening a malicious markdown file and clicking
an embedded link, triggering execution via unverified protocols with the user's permissions.
Microsoft has patched the issue and says there's no evidence of active exploitation. The finding
renews criticism of expanding Notepad's feature set, which ships enabled by default.
Coming up after the break, my conversation with Hayes,
Hazel Serra, resident agent in charge of the Atlantic City Office for the United States Secret Service.
And Ring says it's all about dogs, but critics hear the whistle. Stay with us.
What's your 2 a.m. security worry? Is it, do I have the right controls in place? Maybe are my vendors secure?
Or the one that really keeps you up at night, how do I get out from under these old tools and manual processes?
That's where Vanta comes in.
Vanta automates the manual work so you can stop sweating over spreadsheets,
chasing audit evidence, and filling out endless questionnaires.
Their trust management platform continuously monitors your systems,
centralizes your data, and simplifies your security at scale.
And it fits right into your workflows,
using AI to streamline evidence collection, flag risks,
and keep your program audit ready all the time.
With Vanta, you get everything you need to move faster,
scale confidently, and finally, get back to sleep.
Get started at vanta.com slash cyber.
That's v-a-n-ta.com slash cyber.
Hazel Sarah is resident agent in charge of the Atlantic City Office for the United States Secret Service.
I recently sat down with her to discuss the evolution of the Secret Services' investigative mission.
So before we get going here, I would love to get a quick description of the
origin story for the U.S. Secret Service.
Oh, absolutely.
This is kind of interesting.
So the organization started in 1865, and the reason that it got started was because there was a very large problem with counterfeit.
Over one third of the money being circulated was counterfeit.
So after the Civil War, they said, well, you know, something needs to be done and they created the Secret Service.
So we were doing a great job investigating counterfeit currency.
And then after the assassination of President McKinley in 1901 was when they designated our agency to protect the presidents.
And that's why we have what we call the dual mission.
So I want to start out with a little bit of level setting because I think probably like a lot of folks in our audience, when I think Secret Service, the first thing I think,
is you all protect the president.
And that is correct.
We do.
But that's not all we do.
So educate me here.
What else does the Secret Service provide our great nation?
So we have what's called a dual mission.
So not only do we protect the president and also their families and foreign heads of state,
but we also investigate financial crimes.
So where we started investigating counterfeit currency that moved to credit card fraud,
I did any theft and now most recently cryptocurrency investigations.
Yeah, I guess I was familiar that the Secret Service has dealt with counterfeiting.
So I guess that does tie into things like crypto these days.
Correct, yes.
And so what has your part been in that, in your office in New Jersey?
As far as the investigation goes?
The investigations and trying to track down people who are up to no good when it comes to these things.
Well, I am responsible for four districts in my office.
So anything that happens in any of those districts that any of those investigations, we have to respond to.
So in my district, I have all the casinos in Atlantic City.
So that requires a lot of relationships and having to be able to talk to my partners and have my agents responsible and to respond to those incidents.
But not only that, we do get a lot of investigations that involved protective intelligence.
So anytime that someone makes a threat against one of our protectees,
we have to go out there and talk to that person
and make sure that they're not going to carry that out.
So, I mean, talking about the casinos in particular,
I would suspect that's a place where a lot of people are trying to do various things with money.
Yes, yes, no, they are.
And, you know, I am very friendly with most of the security directors
in all the casinos, we meet on a regular basis, and we do discuss any types of trending fraud
attempts that go on in the casinos. And we also provide them with training. So they're up to
date with some of the latest and greatest trends in the financial crimes business.
I know you've shared some parallels between the mission of protecting the president
and this whole notion of zero trust in cybersecurity. Can you flesh that?
out for us? Yes. So I actually had been privy to a presentation by John Kinderbag. I'm not sure if you know
who he is, but he's the godfather of the zero trust model. And when I heard him speak, I immediately
made that connection of our zero fail mission because it's very similar. We don't trust to anybody.
And just because you get into one layer of security in our perimeter, doesn't mean that we're going
allow you into the next one. We don't trust anyone, anything. We have to verify continuously.
And that's very similar to what the zero trust model is. Ours, you know, we have a zero fail
mission. There's very little room for error. There's really no room for error. So we have to really
stop and analyze and put layers upon layers of protection everywhere that the president goes.
We don't just protect the White House. We protect him everywhere.
That is done intentionally.
So we have to protect him wherever he goes in the country.
And when we do that, we basically apply the same standard that we have at the White House with multiple, multiple teams, multiple people, lots of talents, lots of resources.
It's a very large footprint.
So you all are the OG Defense and Depth Organization?
Yes, absolutely.
We have over 120 years of protection experience.
And I dare to say that nobody does it better than we do.
Tell me about digital reconnaissance and what part that plays these days in this digital world,
being able to keep track of folks who may be out there trying to do someone harm.
Well, that's a layered approach as well and a very challenging approach
because of some of the anonymity that people can do online and basically hide behind the computer.
So it is a very challenging crime, but we have had lots of success with it.
We have some of the best tracers in the country.
We have many analysts that will take a little bit of information
and be able to build out of case from it.
And a lot of it really works on working in a partnership
with some other sister agencies, our other local and state partners,
and really all of us just coming together in order to investigate these types of crimes.
And like I said, we have had a lot of success.
But it is very challenging.
And we have been able to return many of the funds that we have been able to receive.
We have been able to return it back to the victims.
But that's very, it doesn't happen very often, unfortunately.
Yeah.
I mean, is it fair to say that you all focus a lot of your time and attention on being proactive
so that you don't have to be reactive?
Absolutely.
That really is the best piece of advice is to go out there, do some outreach.
reach. I spend a lot of time speaking to some of the organizations that have elderly populations
because they're mostly targeted. And what I say to them is the reason that you're being targeted
is because you have acquired lots of wealth in your life. That's really the reason why.
And by educating these groups, they go out and they start sending that message to their other
friends and family. And that's really the best way to protect our people. We're people.
because there's a lot of money that is leaving our country, unfortunately, because of these
scams.
And there's not a whole lot that they can do once it happens.
Like I said, it's very challenging.
So being proactive is the best thing that we could do.
Education is a large piece of it.
We have partnered with our local prosecutor's office in order to go out there and present to
these groups.
And, you know, we've done even lots of social media campaigns on cryptocurrency and how not to
become a victim. We actually had an operation. We called it Operation Crypto Guard. And we had basically
identified all the Bitcoin ATM machines in the area. And we now went out and put up warning signs
that, hey, these are the red flags to look for if you're going to send some money out. Do you know
the person on the other side that you're sending this money to? Because that alone is a red flag.
How did you meet this person? And actually, you know, it's hard because we don't really know if it's
working, right? Like, we just put them up and that's it. But I actually got a call from one of my federal
partners and said that they had a friend that went to one of the Bitcoin ATM machines and they
were about to put in their life savings and they saw the sign and it stopped. So it does work.
Wow. Well, for the folks in our audience who are tasked with protecting executives,
not quite the level of the president of the United States, but there are some lessons here that
transfer.
Yeah, no, absolutely they do. With the Secret Service, you know, we don't just protect the White House. We protect the president. And why do we do that? We do that because he is well known. He represents our country. He is the most powerful person in the world. And, you know, what I've seen is that many of the private sector organizations are still just protecting the walls of their organization. They're not protecting you after you leave.
hopefully they have a secure phone that you're using, but once you go home, you're exposed again.
So if you are an individual where you are the face of the organization and the organization isn't protecting you at home,
then you're leaving yourself completely open and vulnerable.
Now, I understand that you're in the process of winding down your public service and taking a shift to the private sector.
Can you share with us what your plans are?
Yes, so I have been with the agency for 25 years and eight months, and I've loved every minute of it.
It's really bittersweet leaving. I love the mission. You know, I think that the mission has a lot of synergy with the fact that we have investigations and protection.
And I've seen the world and have made many relationships. But as with anything else, it, you know, it comes to an end.
And I was just recently offered a position to work for an organization that has a very similar mission objective.
And what I do best is our mission.
So that came very natural to me.
And I'm not going to stop doing protection.
So that makes me very happy.
And I accepted a position with Black Cloak.
And they do digital executive protection, which is really fascinating to me because I did,
what we call in the Secret Service critical systems protection.
And it's very similar where, you know, we've been doing this for years.
I mean, I was a baby agent, and this was back in the, yeah, it was like back in 2000s.
I know you're laughing.
When you were a teenager, right?
I was a teenager.
Sure.
But what I say by baby agent is just, you know, I was young.
It was my phase one.
I was in the field because we have three different phases.
And when I was in the first phase of my career, we were already doing these kinds of things.
Like we were already monitoring the network.
We were already, you know, very concerned that if the president was in an elevator, can somebody control it and trap us in there?
Are we, you know, we were concerned that if the president is out there doing a speech and there's some digital screens in the back, can someone control that and put some kind of rubbish that would say fire, you know, evacuator, something that would create panic, right?
So all those things are, you know, we're being thought of back then.
we haven't really crossed that road here with the private sector.
It seems like it's in discussions,
but this organization really hit the nail right on the head.
I mean, it's amazing.
I thought that, you know, the CEO is a genius for identifying this gap.
Well, I know Chris Pearson and the CEO of Black Cloak.
He's been a good friend of the Cyberwire show for many, many years now.
I won't inflate his ego by calling him a genius, but he certainly is.
He is to me.
Well, good enough.
He's not my boss.
He's not my boss yet either.
Okay, fair enough.
Fair enough.
Help me understand the relationship between the federal organizations.
Because I think in cyber, we certainly hear of the FBI being an active player here,
probably more than the Secret Service. Is that fair? So I say it really depends on the district that
you're in, right? It depends on the relationships in that particular state or county. So for example,
they're in my district. My parent's office is Philadelphia. There are certain cases that we know the FBI is
working on and we have a great relationship. We'll talk about it and say and we'll know that we'll refer that to them.
What I generally tell people, because the common question is, who do I call?
Who do I call?
If something's happening, who do I call?
I always say we are like a giant switchboard.
You call one of us, you call all of us.
We will get you to the right person.
The point is, call.
Any words of wisdom for the folks in our audience who are tasked with protecting their,
not only their executives, but their organizations.
Based on your decades of experience with the Secret Service,
what would you like to leave people with?
Well, what I want to leave people with is that it is important to talk to your people and have them understand the threat.
I think that what makes a Secret Service successful is that we truly believe in the threat and we believe that someone is going to get close.
We see it all the time.
We have people that call our office that are mentally disturbed.
They'll show up.
They have strange affinities to our protectees.
Some of them think that they are related to them.
So we believe it and we understand it and we have this mindset that someone is going to cause us harm.
And you have to train your people to understand it and believe that threat.
And if they don't believe that there's a threat and they're just going, you know, doing their job, just helping people,
then that's when they're going to become targets because they're not, they're not.
thinking about that threat seriously. So having those conversations with your people, security
awareness is really important and especially the people that have access to the purse strings.
We see those people are continuously being targeted. So that they need a special kind of training,
not not in your general one where, you know, don't click on the link thing. They need like their
own like hey, these are the types of these are the types of scams that you could be presented to you.
So those people need to be trained individually, not individually, but you know, they need to be trained
separately. And then the other thing that I would say is think that when you train your people,
sometimes it's best to just train them on security, something that is personal to them.
You know, again, not this whole click on a link thing.
Something about maybe how to protect yourself online, how to protect yourself if you're,
dating online, you know, how to protect your home, how to protect your internet at home.
Because I really truly believe that when you train people to have a security mindset, that is going
to 100% transfer into the workplace. So those people are going to buy in to the fact that
there's a threat. There's a threat everywhere. I should, you know, be a little bit more careful
about what I do at work because I know that these threats exist. So when you make it personal
to your employee, that's when it's actually going to be a click with your people because they're going
to know that you care about them and about their security and not just about the bottom line in the
business.
That's Hazel Sarah, resident agent in charge of the Atlantic City Office for the U.S. Secret Service.
And finally, Ring used its Super Bowl spotlight to announce search party, an AI feature framed as a
heartwarming way to find lost dogs by turning an entire neighborhood's doorbell cameras into a
canine manhunt.
Upload that photo of Rover, the ad suggests, and suddenly every ring cam is on patrol,
scanning sidewalks with the enthusiasm of a TSA Beagle.
Privacy critics note, the joke lands a little sideways.
Technology built to find runaway Labrador's could just as easily be repurposed to track people.
After years of backlash over police partnerships, Ring briefly rebranded itself as a Porch Moment curator,
but founder Jamie Simonov's return has brought a renewed push for AI and law enforcement integration.
The result is a system that promises to reunite pets while quietly expanding a networked surveillance dragnet.
Even the YouTube comments seemed to wonder whether this was really about dogs or was just a very good boy,
serving as a fig leaf.
And that's the Cyberwire.
For links to all of today's stories,
check out our daily briefing at thecyberwire.com.
We'd love to know what you think of this podcast.
Your feedback ensures we deliver the insights
that keep you a step ahead
in the rapidly changing world of cybersecurity.
If you like our show,
please share a rating and review
in your favorite podcast app.
Please also fill out the survey in the show notes
or send an email to Cyberwire at n2K.com.
N2K's senior producer is Alice Carruth.
Our Cyberwire producer is Liz Stokes.
We're mixed by Trey Hester, with original music by Elliot Peltzman.
Our executive producer is Jennifer Eibin.
Peter Kilby is our publisher, and I'm Dave Bittner.
Thanks for listening.
We'll see you back here tomorrow.
If you only attend one cybersecurity conference this year, make it RASAC 2026.
It's happening March 23rd through the 26th in San Francisco.
bringing together the global security community for four days of expert insights,
hands-on learning, and real innovation.
I'll say this plainly, I never miss this conference.
The ideas and conversations stay with me all year.
Join thousands of practitioners and leaders tackling today's toughest challenges
and shaping what comes next.
Register today at rsacconference.com slash cyberwire 26.
I'll see you in San Francisco.