Arkanix was POC, 600 Fortinet firewalls breach, Russia heightens tension

Episode Overview

Podcast: Cybersecurity Headlines
Host: Steve Prentiss (CISO Series)
Episode Date: February 23, 2026
Theme:
This episode delivers concise updates on significant cybersecurity incidents and trends, including major breaches, the growing role of AI in cyber attacks, evolving geopolitical tensions, and notable vulnerabilities. The focus is on actionable intelligence and broader trends affecting organizations and individuals.

Key Discussion Points & Insights

1. Arkanix: An AI-Assisted Infostealer Experiment

[00:06–01:15]

Overview:
Researchers from Kaspersky identified Arkanix Stealer, an information theft malware that first appeared on Dark Web forums in late 2025.
AI Innovation:
The stealer’s code exhibited signs of AI (LLM) assistance, suggesting that large language models helped accelerate and cheapen development.
Features:
Modular design, standard data stealing capabilities, anti-analysis tools, control panel, and a Discord-based communication server.
Status:
Both the malware and its distribution infrastructure have been pulled by its developer.

“The clues that indicated LLM-assisted development might have drastically reduced development time and costs.” (Kaspersky researchers, [00:28])

2. Massive Fortinet Firewall Breach Driven by AI

[01:15–02:15]

Scale:
More than 600 Fortigate firewalls across 55 countries were compromised in five weeks.
Tactics:
No sophisticated exploits; instead, attackers targeted management interfaces with weak, non-MFA credentials.
AI’s Role:
Hackers leveraged generative AI for automating credential stuffing and lateral movement.

“The January hacking campaign did not rely on exploits. Instead, the threat actor targeted exposed management interfaces and weak credentials… using AI to help automate access to other devices.” — Steve Prentiss, summarizing CJ Moses (Amazon CISO), [01:55]

3. Russia Escalates Hybrid Warfare in Europe

[02:15–03:12]

Source:
Dutch intelligence agencies warn that the Kremlin is intensifying “hybrid” operations, prepping for extended confrontation with the West and possibly NATO.
Hybrid Definition:
Integrated mix of cyber attacks, sabotage, covert influence, disinformation, and espionage—designed to stay below open conflict thresholds.
Goal:
Test Western resilience and trigger uncertainty or disruption.

“Hybrid refers to a blend of cyber attacks, sabotage, disinformation, covert political influence and espionage designed to stay below the threshold of open war.” — Steve Prentiss, [02:56]

4. Ransomware Attack Hits Advantest, Major Japanese Semiconductor Supplier

[03:12–03:52]

Incident:
Advantest, a critical supplier to the semiconductor industry, suffered a ransomware attack disrupting vital systems.
Impact:
Tools impacted are utilized globally in the development of machine learning, autonomous vehicles, 5G, and more.
Attribution:
No ransomware group has claimed responsibility at the time of broadcast.

5. Anthropic Rolls Out Security Scanning for Claude AI

[04:43–05:08]

Feature:
Automated vulnerability scans for user codebases; suggests patches.
Availability:
Limited enterprise/team rollout after extensive internal testing.
Trend:
Responds to increasing demands for automated — rather than manual — security reviews as AI coding expands.

“As Vibe coding becomes more widespread, the demand for automated vulnerability scanning will exceed the capacity of manual security reviews.” — Steve Prentiss, [05:03]

6. ClickFix Campaign Deploys Mimic Rat Malware

[05:08–05:53]

Discovery:
Elastic Security Labs reports a new campaign that drops the previously unknown “Mimic Rat” via compromised sites in many regions and verticals.
Traits:
- Uses LUA-scripted shellcode loader
- Communicates over HTTPS
- Masquerades as legitimate web analytics traffic
- Content dynamically localizes to the victim’s browser language, supporting 17 languages for broader reach

7. Shiny Hunters Extort Wynn Resorts (Las Vegas)

[05:53–06:38]

Claim:
Shiny Hunters gang claims possession of 800,000+ Wynn Resorts records (including SSNs).
Access Vector:
Original breach traced to a known Oracle PeopleSoft vulnerability and employee credentials dating back to September 2025.
Threat:
Company has until February 23, 2026, to negotiate or face a public data leak and “other annoying digital problems.”

“Otherwise, a data leak and, in the words of the gang, ‘other annoying digital problems’ will occur.” — Steve Prentiss, [06:23]

8. PayPal’s Small, Prolonged Data Exposure

[06:38–07:13]

Incident:
A software bug in a small business loan system exposed the PII (including SSNs) of approx. 100 PayPal customers for nearly six months.
Response:
PayPal states the cause was a software error, not a breach or compromise of core systems. The error has been fixed.
Risk:
Limited number impacted, but the incident demonstrates the risk of long-term unnoticed exposure even in well-defended systems.

Notable Quotes & Moments

On accelerating malware development:

“LLM-assisted development might have drastically reduced development time and costs.” — Steve Prentiss (citing Kaspersky), [00:28]
On AI in offensive cyber operations:

“Using AI to help automate access to other devices on the breached network.” — Steve Prentiss, [02:01]
On the scope of Russian hybrid activity:

“Designed to stay below the threshold of open war.” — Steve Prentiss, [02:56]
On automation in security:

“The demand for automated vulnerability scanning will exceed the capacity of manual security reviews.” — Steve Prentiss, [05:03]

Timestamps for Important Segments

Arkanix infostealer & AI development: [00:06–01:15]
Fortinet firewall breach (AI-driven): [01:15–02:15]
Russia’s hybrid warfare escalation: [02:15–03:12]
Advantest ransomware attack: [03:12–03:52]
Anthropic security scanning announcement: [04:43–05:08]
ClickFix & Mimic Rat campaign: [05:08–05:53]
Wynn Resorts / Shiny Hunters extortion: [05:53–06:38]
PayPal’s small-scale data exposure: [06:38–07:13]

Episode Tone & Style

Steve Prentiss delivers updates in a matter-of-fact tone, emphasizing practical implications and urgency, particularly where AI and geopolitics intersect with cybersecurity. Context is consistently provided for why each story matters, keeping the focus on emerging trends and actionable awareness for audience professionals.

Episode Overview

Key Discussion Points & Insights

1. Arkanix: An AI-Assisted Infostealer Experiment

[00:06–01:15]

Overview:
Researchers from Kaspersky identified Arkanix Stealer, an information theft malware that first appeared on Dark Web forums in late 2025.
AI Innovation:
The stealer’s code exhibited signs of AI (LLM) assistance, suggesting that large language models helped accelerate and cheapen development.
Features:
Modular design, standard data stealing capabilities, anti-analysis tools, control panel, and a Discord-based communication server.
Status:
Both the malware and its distribution infrastructure have been pulled by its developer.

“The clues that indicated LLM-assisted development might have drastically reduced development time and costs.” (Kaspersky researchers, [00:28])

2. Massive Fortinet Firewall Breach Driven by AI

[01:15–02:15]

Scale:
More than 600 Fortigate firewalls across 55 countries were compromised in five weeks.
Tactics:
No sophisticated exploits; instead, attackers targeted management interfaces with weak, non-MFA credentials.
AI’s Role:
Hackers leveraged generative AI for automating credential stuffing and lateral movement.

“The January hacking campaign did not rely on exploits. Instead, the threat actor targeted exposed management interfaces and weak credentials… using AI to help automate access to other devices.” — Steve Prentiss, summarizing CJ Moses (Amazon CISO), [01:55]

3. Russia Escalates Hybrid Warfare in Europe

[02:15–03:12]

Source:
Dutch intelligence agencies warn that the Kremlin is intensifying “hybrid” operations, prepping for extended confrontation with the West and possibly NATO.
Hybrid Definition:
Integrated mix of cyber attacks, sabotage, covert influence, disinformation, and espionage—designed to stay below open conflict thresholds.
Goal:
Test Western resilience and trigger uncertainty or disruption.

“Hybrid refers to a blend of cyber attacks, sabotage, disinformation, covert political influence and espionage designed to stay below the threshold of open war.” — Steve Prentiss, [02:56]

4. Ransomware Attack Hits Advantest, Major Japanese Semiconductor Supplier

[03:12–03:52]

Incident:
Advantest, a critical supplier to the semiconductor industry, suffered a ransomware attack disrupting vital systems.
Impact:
Tools impacted are utilized globally in the development of machine learning, autonomous vehicles, 5G, and more.
Attribution:
No ransomware group has claimed responsibility at the time of broadcast.

5. Anthropic Rolls Out Security Scanning for Claude AI

[04:43–05:08]

Feature:
Automated vulnerability scans for user codebases; suggests patches.
Availability:
Limited enterprise/team rollout after extensive internal testing.
Trend:
Responds to increasing demands for automated — rather than manual — security reviews as AI coding expands.

“As Vibe coding becomes more widespread, the demand for automated vulnerability scanning will exceed the capacity of manual security reviews.” — Steve Prentiss, [05:03]

6. ClickFix Campaign Deploys Mimic Rat Malware

[05:08–05:53]

Discovery:
Elastic Security Labs reports a new campaign that drops the previously unknown “Mimic Rat” via compromised sites in many regions and verticals.
Traits:
- Uses LUA-scripted shellcode loader
- Communicates over HTTPS
- Masquerades as legitimate web analytics traffic
- Content dynamically localizes to the victim’s browser language, supporting 17 languages for broader reach

7. Shiny Hunters Extort Wynn Resorts (Las Vegas)

[05:53–06:38]

Claim:
Shiny Hunters gang claims possession of 800,000+ Wynn Resorts records (including SSNs).
Access Vector:
Original breach traced to a known Oracle PeopleSoft vulnerability and employee credentials dating back to September 2025.
Threat:
Company has until February 23, 2026, to negotiate or face a public data leak and “other annoying digital problems.”

“Otherwise, a data leak and, in the words of the gang, ‘other annoying digital problems’ will occur.” — Steve Prentiss, [06:23]

8. PayPal’s Small, Prolonged Data Exposure

[06:38–07:13]

Incident:
A software bug in a small business loan system exposed the PII (including SSNs) of approx. 100 PayPal customers for nearly six months.
Response:
PayPal states the cause was a software error, not a breach or compromise of core systems. The error has been fixed.
Risk:
Limited number impacted, but the incident demonstrates the risk of long-term unnoticed exposure even in well-defended systems.

Notable Quotes & Moments

On accelerating malware development:

“LLM-assisted development might have drastically reduced development time and costs.” — Steve Prentiss (citing Kaspersky), [00:28]
On AI in offensive cyber operations:

“Using AI to help automate access to other devices on the breached network.” — Steve Prentiss, [02:01]
On the scope of Russian hybrid activity:

“Designed to stay below the threshold of open war.” — Steve Prentiss, [02:56]
On automation in security:

“The demand for automated vulnerability scanning will exceed the capacity of manual security reviews.” — Steve Prentiss, [05:03]

Timestamps for Important Segments

Arkanix infostealer & AI development: [00:06–01:15]
Fortinet firewall breach (AI-driven): [01:15–02:15]
Russia’s hybrid warfare escalation: [02:15–03:12]
Advantest ransomware attack: [03:12–03:52]
Anthropic security scanning announcement: [04:43–05:08]
ClickFix & Mimic Rat campaign: [05:08–05:53]
Wynn Resorts / Shiny Hunters extortion: [05:53–06:38]
PayPal’s small-scale data exposure: [06:38–07:13]

wavePod

Powered by Wave AI

Summary

Episode Overview

Key Discussion Points & Insights

1. Arkanix: An AI-Assisted Infostealer Experiment

2. Massive Fortinet Firewall Breach Driven by AI

3. Russia Escalates Hybrid Warfare in Europe

4. Ransomware Attack Hits Advantest, Major Japanese Semiconductor Supplier

5. Anthropic Rolls Out Security Scanning for Claude AI

6. ClickFix Campaign Deploys Mimic Rat Malware

7. Shiny Hunters Extort Wynn Resorts (Las Vegas)

8. PayPal’s Small, Prolonged Data Exposure

Notable Quotes & Moments

Timestamps for Important Segments

Episode Tone & Style

Summary

Episode Overview

Key Discussion Points & Insights

1. Arkanix: An AI-Assisted Infostealer Experiment

2. Massive Fortinet Firewall Breach Driven by AI

3. Russia Escalates Hybrid Warfare in Europe

4. Ransomware Attack Hits Advantest, Major Japanese Semiconductor Supplier

5. Anthropic Rolls Out Security Scanning for Claude AI

6. ClickFix Campaign Deploys Mimic Rat Malware

7. Shiny Hunters Extort Wynn Resorts (Las Vegas)

8. PayPal’s Small, Prolonged Data Exposure

Notable Quotes & Moments

Timestamps for Important Segments

Episode Tone & Style