Cybersecurity Headlines – February 11, 2026
Host: Sarah Lane
Main Theme:
A rapid-fire rundown of the day’s most impactful stories in cybersecurity, highlighting key developments in cloud security, major exploits, threat actor activity, and critical vulnerabilities across the tech landscape.
1. EU Grants Google Approval for Wiz Acquisition
- Story Summary:
- Google receives unconditional EU antitrust approval for its $32 billion acquisition of cloud security firm Wiz, marking Google’s largest-ever deal ([00:13]).
- Regulators stated the acquisition does not raise competition concerns, citing Amazon and Microsoft as strong cloud infrastructure options.
- Strategic Impact: Expected to bolster Google’s cloud security capabilities and market positioning.
- Quote:
- “The purchase wouldn’t raise competition concerns because customers would still have alternatives to Google in cloud infrastructure like Amazon and Microsoft.” — Sarah Lane ([00:27])
2. Microsoft Rolls Out Secure Boot Certificates Ahead of Expiration
- Key Points:
- Microsoft has begun to deploy new Secure Boot certificates via Windows Update, preparing for the expiration of the original 2011 certificates in June ([00:52]).
- Why It Matters:
- Secure Boot is critical for preventing malicious bootloaders and rootkits at startup.
- Millions of devices across various manufacturers are impacted.
- Most Windows 11 devices get these updates automatically, but some may require manual firmware updates.
- Devices missing the update lose full boot-level protections (degraded security state).
- Quote:
- “Devices that missed the update will still work, but will enter a degraded security state without full boot level protections.” ([01:12])
3. North Korean Hackers Use Deepfake in Targeted Crypto Attack
- Incident Details:
- The North Korea-linked group UNC 1069 targeted a cryptocurrency executive through a fake Zoom meeting using a deepfake CEO ([01:21]).
- Attackers tricked the victim into running commands that installed backdoors and data exfiltration tools.
- Harvested Data: Credentials, browser data, Telegram messages, Apple notes.
- Broader Context:
- Reflects a pattern: North Korean hackers stole $2B+ in crypto in 2025, funding weapons.
- Quote:
- “The attackers used a click-fix style trick to get the victim to run commands that installed multiple backdoors and data-stealing tools…” ([01:36])
4. SolarWinds Attacks Highlight Risks of Exposed Web Apps
- Details:
- Attackers exploit vulnerabilities in SolarWinds Web Help Desk, especially internet-exposed instances ([01:57]).
- Critical deserialization bug just added to CISA’s Known Exploited Vulnerabilities list.
- Scans reveal ~170 vulnerable systems online.
- Attack Techniques:
- Use of “living off the land” tools, remote management software, lateral movement, and targeting high-value assets.
- Quote:
- “Once inside, attackers used living off the land tools and remote management software to move laterally, deploy tunnels and forensics tools and target high-value assets.” ([02:17])
5. Microsoft 365 Admin Center Outage
- Issue:
- Ongoing Microsoft 365 outage preventing business and enterprise admins in North America from accessing the admin center and, in some cases, the Microsoft 365 app ([03:05]).
- Microsoft is investigating telemetry, resource use, and user feedback to identify the cause.
- Thousands reporting connectivity and performance issues.
6. Linux Botnet ‘SSH Stalker’ Leverages IRC for C2
- Threat Report:
- Flare researchers found a new Linux botnet, “SSH Stalker,” using old-school IRC for command and control ([03:43]).
- Tactics:
- Noisy SSH brute-force attacks.
- Exploits 15+ Linux vulnerabilities, some over 15 years old.
- Lateral worm-style propagation across cloud hosts.
- Local payload compilation.
- Capabilities: AWS key theft, crypto mining, DDoS potential.
- Most bots currently idle.
7. Zero Day Rat: Commercial Stalkerware for Mobile Devices
- Revelation:
- Mobile security firm iVerify reports “Zero Day Rat” spyware being openly sold on Telegram ([04:25]).
- Capabilities:
- Remote access to Android/iOS devices.
- Read SMS, exfiltrate SIM/location data, log keystrokes, record audio/screen, and send texts to bypass MFA.
- Used in account takeovers and targeted scams.
- Sells for ~$2,000; signals growing commercial spyware market.
- Quote:
- “The roughly $2,000 kit reflects the growing commercialization of surveillance tools, but once limited to nation state actors.” ([04:52])
8. Google and Intel Reveal Major TDX Vulnerability
- Key Points:
- Joint security audit by Google Cloud Security and Intel identified five vulnerabilities and 35+ bugs in Intel Trust Domain Extensions (TDX) ([05:07]).
- TDX is designed for confidential computing—protecting VMs and cloud workloads.
- Severity:
- One flaw could allow a malicious host to compromise a protected VM and access decrypted data.
- Intel claims all issues are now patched.
- Quote:
- “One flaw could let a malicious host fully compromise a protected virtual machine and access its decrypted state.” ([05:30])
Memorable Quotes & Moments
- “The attackers used a click-fix style trick to get the victim to run commands that installed multiple backdoors and data-stealing tools…” — Sarah Lane ([01:36])
- “Devices that missed the update will still work, but will enter a degraded security state without full boot level protections.” — Sarah Lane ([01:12])
- “The roughly $2,000 kit reflects the growing commercialization of surveillance tools, but once limited to nation state actors.” — Sarah Lane ([04:52])
Episode Flow & Tone
- The episode delivers succinct, high-impact coverage with Sarah Lane’s calm, journalistic tone.
- Revelatory headlines coupled with pragmatic context make it valuable for busy security professionals.
Timestamps for Key Segments
- Wiz acquisition: [00:13–00:50]
- Microsoft Secure Boot: [00:52–01:15]
- North Korean Crypto Attack: [01:21–01:57]
- SolarWinds Exploits: [01:57–02:31]
- Microsoft 365 Outage: [03:05–03:43]
- SSH Stalker Botnet: [03:43–04:25]
- Zero Day Rat Stalkerware: [04:25–05:07]
- Intel TDX Vulnerabilities: [05:07–05:44]
