Cybersecurity Headlines – February 13, 2026

Podcast: CISO Series
Host: Steve Prentice
Theme: Key information security news stories, focusing on misuse of AI, critical vulnerabilities, regulatory challenges, privacy issues, data breaches, and cybercrime economy developments.

Episode Overview

This episode delivers a concise roundup of major cybersecurity happenings as of February 13, 2026. Notable topics include the abuse of Google's Gemini AI by state-aligned hackers, Apple patching a decade-old critical vulnerability, warnings from the acting head of CISA regarding the risks of a government shutdown, attempts by Russia to control messaging apps, a new AI-powered fare evasion detection program in New York City, and several high-profile cybercrime and data breach reports.

Key Discussion Points & Insights

1. Hackers Abuse Gemini AI for Sophisticated Attack Chains

[00:10]

Google’s Threat Intelligence Group confirms that state-backed threat actors from China, Iran, North Korea, and Russia are heavily misusing Google's Gemini AI.
Gemini is leveraged throughout entire attack chains:
- Target profiling
- Open source intelligence
- Phishing lure generation
- Translation services for phishing
- Coding, vulnerability testing, and troubleshooting
Hackers utilize expert-level “cybersecurity personas” within Gemini to automate sophisticated vulnerability analysis, even scripting targeted pen-testing plans for fictitious scenarios.
Quote (Steve Prentice, 00:25):

"Gemini is used from reconnaissance and phishing lure creation to command and control development and data exfiltration..."
Social engineering and “click-fix” campaigns are cited as evolving areas of interest among these actors.
Raises concerns of AI amplifying severity and automation of cyberattacks.

2. Apple Patches Decades-Old iOS Zero-Day

[01:10]

Apple fixes a critical vulnerability (in Dyld, the dynamic linker) affecting all iOS versions since 1.0.
The exploit, identified by Google’s Threat Analysis Group, was used in “extremely sophisticated” attacks against selected individuals.
Allows threat actors with memory write access to execute arbitrary code.
Quote (Brian Milbier, Deputy CISO at Huntris, 01:35):

"This vulnerability represents a door that has been unlocked for over a decade."

3. Acting CISA Chief Criticizes Potential Government Shutdown

[02:07]

Acting CISA leader, Madhu Gautamakala, warns Congress that another funding lapse for DHS would severely hinder CISA’s operations:
- Reduced response to active threats
- Delays in developing new capabilities
- Inability to finalize key regulations
CISA plans to keep about 888 of 2,341 staff working during a shutdown—without pay.
Quote (Steve Prentice, summarizing, 02:28):

"[A shutdown] would hamper CISA's ability to respond to threats, offer services, develop new capabilities and finish writing a key regulation..."

4. Russia Moves to Control Messaging App Usage

[03:00]

Roskomnadzor (Russia’s communications regulator) has deliberately throttled Telegram, citing non-compliance with local law; 90 million Russians reportedly affected.
Reports of attempts to fully block WhatsApp, in favor of the state-backed platform Max Max.
The government is actively encouraging users to shift to domestic messaging solutions.
Reflects rising trend of state control over private digital communications.

5. AI Cameras Monitor Fare Evaders in New York Subway

[04:15]

NYC’s MTA pilots AI-powered gate cameras to identify fare evaders on subways.
Five-second video clips are recorded when a rider fails to pay, and AI generates a physical description of the suspected evader—information sent directly to the MTA.
Raises significant privacy concerns among advocacy groups about surveillance and data use.

6. Infostealer Malware Targets macOS via AI Apps

[05:04]

Flare Security’s 2026 report warns of the dominant, evolving threat of infostealers—malware that harvests and monetizes digital identities.
Particularly notable: Infostealer “Atomic macOS Stealer” is hijacking a popular AI app to infect users.
Attackers exploit user trust in emerging tech trends, app stores, and search engines, making social engineering more successful.
Quote (Flare Security report, 05:32):

"[Infostealers] are more than standalone malware...foundational components of a mature cybercrime economy built around harvesting, trading, and operationalizing stolen digital identities."

7. Data Breach: Conduent Incident Hits Volvo Group

[06:01]

Service provider Conduent suffered a breach (Oct 21, 2024 – Jan 2026 detection) affecting Volvo Group:
- ~17,000 employees impacted
- Loss of PII, health insurance, and medical details
- Attackers had months of undetected access
This is Volvo’s second major vendor-related breach in months—previously via Miljo Data (IT provider).
Highlights risks of third-party vendor dependencies.

8. US-Based Trenchant Exec Illegally Sells Hacking Tools to Russia

[07:00]

Peter Williams, previously of US defense contractor L3Harris (Trenchant division), pleaded guilty to selling stolen hacking tools to a Russian broker (2022–2025).
Sold eight tools for $1.3 million in cryptocurrency.
Tools targeted software vulnerabilities for illicit system access; Russian government was an end customer.
Williams faces up to nine years in prison.
Memorable:

Williams submitted a letter to the judge explaining his decisions, saying that he regretted his actions.

Notable Quotes

On Gemini AI misuse:

"Gemini is used from reconnaissance and phishing lure creation to command and control development and data exfiltration..."
— Steve Prentice, [00:25]
On Apple’s zero-day vulnerability:

"This vulnerability represents a door that has been unlocked for over a decade."
— Brian Milbier, Deputy CISO, Huntris, [01:35]
On infostealers evolving roles:

"[Infostealers] are more than standalone malware...foundational components of a mature cybercrime economy built around harvesting, trading, and operationalizing stolen digital identities."
— Flare Security report, [05:32]

Timestamps for Key Segments

Gemini AI Misuse: [00:10]
Apple iOS Vulnerability: [01:10]
CISA and Government Shutdown Risks: [02:07]
Russian Messaging App Crackdown: [03:00]
NY Subway AI Fare Evaders: [04:15]
Infostealer Malware Trends: [05:04]
Conduent/Volvo Group Breach: [06:01]
Trenchant Hacking Tools to Russia: [07:00]

Tone and Style

Steve Prentice presents in the CISO Series’ signature concise, informative style, frequently quoting primary sources, drawing attention to expert views, and highlighting both technical and policy implications without editorializing.

Final Thoughts

Today’s episode captures the expanding intersection of AI with cyber offense, the vulnerabilities lingering in foundational tech, and the mounting challenges posed by state actors—from government bureaucracy to information control—and the persistent risks tied to third-party vendors and the cybercrime ecosystem. The coverage is essential listening for security leaders tracking rapid changes across offense, defense, and policy.

Cybersecurity Headlines – February 13, 2026

Episode Overview

Key Discussion Points & Insights

1. Hackers Abuse Gemini AI for Sophisticated Attack Chains

[00:10]

Google’s Threat Intelligence Group confirms that state-backed threat actors from China, Iran, North Korea, and Russia are heavily misusing Google's Gemini AI.
Gemini is leveraged throughout entire attack chains:
- Target profiling
- Open source intelligence
- Phishing lure generation
- Translation services for phishing
- Coding, vulnerability testing, and troubleshooting
Hackers utilize expert-level “cybersecurity personas” within Gemini to automate sophisticated vulnerability analysis, even scripting targeted pen-testing plans for fictitious scenarios.
Quote (Steve Prentice, 00:25):

"Gemini is used from reconnaissance and phishing lure creation to command and control development and data exfiltration..."
Social engineering and “click-fix” campaigns are cited as evolving areas of interest among these actors.
Raises concerns of AI amplifying severity and automation of cyberattacks.

2. Apple Patches Decades-Old iOS Zero-Day

[01:10]

Apple fixes a critical vulnerability (in Dyld, the dynamic linker) affecting all iOS versions since 1.0.
The exploit, identified by Google’s Threat Analysis Group, was used in “extremely sophisticated” attacks against selected individuals.
Allows threat actors with memory write access to execute arbitrary code.
Quote (Brian Milbier, Deputy CISO at Huntris, 01:35):

"This vulnerability represents a door that has been unlocked for over a decade."

3. Acting CISA Chief Criticizes Potential Government Shutdown

[02:07]

Acting CISA leader, Madhu Gautamakala, warns Congress that another funding lapse for DHS would severely hinder CISA’s operations:
- Reduced response to active threats
- Delays in developing new capabilities
- Inability to finalize key regulations
CISA plans to keep about 888 of 2,341 staff working during a shutdown—without pay.
Quote (Steve Prentice, summarizing, 02:28):

"[A shutdown] would hamper CISA's ability to respond to threats, offer services, develop new capabilities and finish writing a key regulation..."

4. Russia Moves to Control Messaging App Usage

[03:00]

Roskomnadzor (Russia’s communications regulator) has deliberately throttled Telegram, citing non-compliance with local law; 90 million Russians reportedly affected.
Reports of attempts to fully block WhatsApp, in favor of the state-backed platform Max Max.
The government is actively encouraging users to shift to domestic messaging solutions.
Reflects rising trend of state control over private digital communications.

5. AI Cameras Monitor Fare Evaders in New York Subway

[04:15]

NYC’s MTA pilots AI-powered gate cameras to identify fare evaders on subways.
Five-second video clips are recorded when a rider fails to pay, and AI generates a physical description of the suspected evader—information sent directly to the MTA.
Raises significant privacy concerns among advocacy groups about surveillance and data use.

6. Infostealer Malware Targets macOS via AI Apps

[05:04]

Flare Security’s 2026 report warns of the dominant, evolving threat of infostealers—malware that harvests and monetizes digital identities.
Particularly notable: Infostealer “Atomic macOS Stealer” is hijacking a popular AI app to infect users.
Attackers exploit user trust in emerging tech trends, app stores, and search engines, making social engineering more successful.
Quote (Flare Security report, 05:32):

"[Infostealers] are more than standalone malware...foundational components of a mature cybercrime economy built around harvesting, trading, and operationalizing stolen digital identities."

7. Data Breach: Conduent Incident Hits Volvo Group

[06:01]

Service provider Conduent suffered a breach (Oct 21, 2024 – Jan 2026 detection) affecting Volvo Group:
- ~17,000 employees impacted
- Loss of PII, health insurance, and medical details
- Attackers had months of undetected access
This is Volvo’s second major vendor-related breach in months—previously via Miljo Data (IT provider).
Highlights risks of third-party vendor dependencies.

8. US-Based Trenchant Exec Illegally Sells Hacking Tools to Russia

[07:00]

Peter Williams, previously of US defense contractor L3Harris (Trenchant division), pleaded guilty to selling stolen hacking tools to a Russian broker (2022–2025).
Sold eight tools for $1.3 million in cryptocurrency.
Tools targeted software vulnerabilities for illicit system access; Russian government was an end customer.
Williams faces up to nine years in prison.
Memorable:

Williams submitted a letter to the judge explaining his decisions, saying that he regretted his actions.

Notable Quotes

On Gemini AI misuse:

"Gemini is used from reconnaissance and phishing lure creation to command and control development and data exfiltration..."
— Steve Prentice, [00:25]
On Apple’s zero-day vulnerability:

"This vulnerability represents a door that has been unlocked for over a decade."
— Brian Milbier, Deputy CISO, Huntris, [01:35]
On infostealers evolving roles:

"[Infostealers] are more than standalone malware...foundational components of a mature cybercrime economy built around harvesting, trading, and operationalizing stolen digital identities."
— Flare Security report, [05:32]

Timestamps for Key Segments

Gemini AI Misuse: [00:10]
Apple iOS Vulnerability: [01:10]
CISA and Government Shutdown Risks: [02:07]
Russian Messaging App Crackdown: [03:00]
NY Subway AI Fare Evaders: [04:15]
Infostealer Malware Trends: [05:04]
Conduent/Volvo Group Breach: [06:01]
Trenchant Hacking Tools to Russia: [07:00]

wavePod

Hackers abuse Gemini, Apple patches ancient bug, CISA criticizes shutdown

Powered by Wave AI

Summary

Cybersecurity Headlines – February 13, 2026

Episode Overview

Key Discussion Points & Insights

1. Hackers Abuse Gemini AI for Sophisticated Attack Chains

2. Apple Patches Decades-Old iOS Zero-Day

3. Acting CISA Chief Criticizes Potential Government Shutdown

4. Russia Moves to Control Messaging App Usage

5. AI Cameras Monitor Fare Evaders in New York Subway

6. Infostealer Malware Targets macOS via AI Apps

7. Data Breach: Conduent Incident Hits Volvo Group

8. US-Based Trenchant Exec Illegally Sells Hacking Tools to Russia

Notable Quotes

Timestamps for Key Segments

Tone and Style

Final Thoughts

Summary

Cybersecurity Headlines – February 13, 2026

Episode Overview

Key Discussion Points & Insights

1. Hackers Abuse Gemini AI for Sophisticated Attack Chains

2. Apple Patches Decades-Old iOS Zero-Day

3. Acting CISA Chief Criticizes Potential Government Shutdown

4. Russia Moves to Control Messaging App Usage

5. AI Cameras Monitor Fare Evaders in New York Subway

6. Infostealer Malware Targets macOS via AI Apps

7. Data Breach: Conduent Incident Hits Volvo Group

8. US-Based Trenchant Exec Illegally Sells Hacking Tools to Russia

Notable Quotes

Timestamps for Key Segments

Tone and Style

Final Thoughts