Transcript
A (0:00)
From the CISO series, it's Cybersecurity Headlines.
B (0:06)
These are the cybersecurity headlines for Wednesday, February 11, 2026. I'm Sarah Lane. EU grants Google approval for Wiz Google has secured unconditional EU antitrust approval for its $32 billion acquisition of Cloud security firm Wizard, Google's biggest ever deal. European regulators said the purchase wouldn't raise competition concerns because customers would still have alternatives to Google in cloud infrastructure like Amazon and Microsoft. The deal was first announced in March of 2025 and is expected to strengthen Google's cybersecurity offerings and its position in the cloud market. Microsoft rolls out secure boot certificates before expiration Microsoft started rolling out new secure boot certificates through monthly Windows updates ahead of the expiration of the original 2011 certificates in June. Secure Boot prevents untrusted bootloaders and rootkits from running at startup, and the refresh affects millions of devices across different hardware vendors. Most supported Windows 11 systems will receive the new certificates automatically, though some PCs may need firmware updates from manufacturers. Devices that missed the update will still work, but will enter a degraded security state without full boot level protections. North Korean hackers target cryptoexec North Korea linked UNC 1069 hackers targeted a cryptocurrency executive using a fake zoom meeting that allegedly featured a deepfake CEO. According to incident responders at Mandiant. The attackers used a click fix style trick to get the victim to run commands that installed multiple backdoors and data, stealing tools, harvesting credentials, browser data, Telegram messages and Apple notes. Mandian says the attack likely sought both direct crypto theft and material for future social engineering campaigns, noting North Korean hackers stole more than $2 billion in crypto in 2025 to to fund weapons programs. SolarWinds attacks highlight risks of exposed apps Attackers are exploiting vulnerabilities in SolarWinds Web Help Desk, with incidents tied to Internet exposed instances that give threat actors an initial foothold. According to both Microsoft and Huntress. CISA recently added a critical deserialization bug to its known exploited vulnerabilities list, while Scans found around 170 vulnerable systems online. Once inside, attackers used living off the land tools and remote management software to move laterally, deploy tunnels and forensics tools and target high value assets. Huge thanks to our sponsor ThreatLocker. Want real zero trust training zero trust world 2026 delivers hands on labs and workshops that show CISOs exactly how to implement and maintain zero trust in real environments. Join us March 4th through the 6th in Orlando, plus a live CISO series episode on March 6th. Get $200 off with ZTW CISO 26@ZTW.com Microsoft 365 outage takes down admin center Microsoft is investigating a Microsoft 365 outage affecting some business and enterprise admins in North America, blocking access to the admin center and in some cases the Microsoft 365 app. The company says it's analyzing telemetry usage patterns, CPU utilization and user provided data to isolate the root cause, while thousands of users have reported connection issues and slow performance, Linux Botnet SSH Stalker Uses Old School IRC Researchers at Flare say a new Linux botnet called SSH Stalker is using old school IRC for command and control, relying on noisy SSH brute force attacks, one minute cron jobs and exploits for more than a dozen Linux vulnerabilities dating back more than 15 years. The malware spreads worm style across cloud hosts, compiles payloads locally, and includes tools for AWS key theft, crypto mining and potential DDoS attacks. Though current bots mostly sit idle, Zero Day Rat is textbook stalkerware. Mobile security firm Iverify says a spyware family called Zero Day Rat is being sold openly on Telegram, giving buyers full remote access to infected Android and iOS devices. Through smashing and other social engineering lures, the malware can read SMS messages, capture SIM and location data, log keystrokes, record audio and screen activity, and send text to bypass mfa, enabling account takeovers and targeted scams. Researchers say the roughly $2,000 kit reflects the growing commercialization of surveillance tools, but once limited to nation state actors. Google Intel Security audit reveals TDX Vulnerability Google and Intel found five vulnerabilities and more than 35 bugs in Intel's Trust Domain Extensions TDX, a hardware based confidential computing feature designed to protect virtual machines and cloud environments. One flaw could let a malicious host fully compromise a protected virtual machine and access its decrypted state. Intel says it's patched the issues, which were uncovered during a five month joint security review by Google's cloud security team and intel researchers. It's Wednesday and you know what that means. You need to make sure you're subscribed to the CISO Series YouTube channel. Here's the value prop we have original shorts posted every day, clips from our podcast episodes, original interviews with security leaders, demos and more. So why not head over to YouTube right now and subscribe? If you have some thoughts on the news from today or about our show in general, be sure to reach out to us@feedbackisoseries.com we really want to hear from you. I am Sarah Lane reporting for the CISO series. And you stay classy out there. Planet Earth.