Hackers abuse Gemini, Apple patches ancient bug, CISA criticizes shutdown

Fri Feb 13 2026

Summary

Cybersecurity Headlines – February 13, 2026

Podcast: CISO Series
Host: Steve Prentice
Theme: Key information security news stories, focusing on misuse of AI, critical vulnerabilities, regulatory challenges, privacy issues, data breaches, and cybercrime economy developments.

Episode Overview

This episode delivers a concise roundup of major cybersecurity happenings as of February 13, 2026. Notable topics include the abuse of Google's Gemini AI by state-aligned hackers, Apple patching a decade-old critical vulnerability, warnings from the acting head of CISA regarding the risks of a government shutdown, attempts by Russia to control messaging apps, a new AI-powered fare evasion detection program in New York City, and several high-profile cybercrime and data breach reports.

Key Discussion Points & Insights

1. Hackers Abuse Gemini AI for Sophisticated Attack Chains

[00:10]

Google’s Threat Intelligence Group confirms that state-backed threat actors from China, Iran, North Korea, and Russia are heavily misusing Google's Gemini AI.
Gemini is leveraged throughout entire attack chains:
- Target profiling
- Open source intelligence
- Phishing lure generation
- Translation services for phishing
- Coding, vulnerability testing, and troubleshooting
Hackers utilize expert-level “cybersecurity personas” within Gemini to automate sophisticated vulnerability analysis, even scripting targeted pen-testing plans for fictitious scenarios.
Quote (Steve Prentice, 00:25):

"Gemini is used from reconnaissance and phishing lure creation to command and control development and data exfiltration..."
Social engineering and “click-fix” campaigns are cited as evolving areas of interest among these actors.
Raises concerns of AI amplifying severity and automation of cyberattacks.

2. Apple Patches Decades-Old iOS Zero-Day

[01:10]

Apple fixes a critical vulnerability (in Dyld, the dynamic linker) affecting all iOS versions since 1.0.
The exploit, identified by Google’s Threat Analysis Group, was used in “extremely sophisticated” attacks against selected individuals.
Allows threat actors with memory write access to execute arbitrary code.
Quote (Brian Milbier, Deputy CISO at Huntris, 01:35):

"This vulnerability represents a door that has been unlocked for over a decade."

3. Acting CISA Chief Criticizes Potential Government Shutdown

[02:07]

Acting CISA leader, Madhu Gautamakala, warns Congress that another funding lapse for DHS would severely hinder CISA’s operations:
- Reduced response to active threats
- Delays in developing new capabilities
- Inability to finalize key regulations
CISA plans to keep about 888 of 2,341 staff working during a shutdown—without pay.
Quote (Steve Prentice, summarizing, 02:28):

"[A shutdown] would hamper CISA's ability to respond to threats, offer services, develop new capabilities and finish writing a key regulation..."

4. Russia Moves to Control Messaging App Usage

[03:00]

Roskomnadzor (Russia’s communications regulator) has deliberately throttled Telegram, citing non-compliance with local law; 90 million Russians reportedly affected.
Reports of attempts to fully block WhatsApp, in favor of the state-backed platform Max Max.
The government is actively encouraging users to shift to domestic messaging solutions.
Reflects rising trend of state control over private digital communications.

5. AI Cameras Monitor Fare Evaders in New York Subway

[04:15]

NYC’s MTA pilots AI-powered gate cameras to identify fare evaders on subways.
Five-second video clips are recorded when a rider fails to pay, and AI generates a physical description of the suspected evader—information sent directly to the MTA.
Raises significant privacy concerns among advocacy groups about surveillance and data use.

6. Infostealer Malware Targets macOS via AI Apps

[05:04]

Flare Security’s 2026 report warns of the dominant, evolving threat of infostealers—malware that harvests and monetizes digital identities.
Particularly notable: Infostealer “Atomic macOS Stealer” is hijacking a popular AI app to infect users.
Attackers exploit user trust in emerging tech trends, app stores, and search engines, making social engineering more successful.
Quote (Flare Security report, 05:32):

"[Infostealers] are more than standalone malware...foundational components of a mature cybercrime economy built around harvesting, trading, and operationalizing stolen digital identities."

7. Data Breach: Conduent Incident Hits Volvo Group

[06:01]

Service provider Conduent suffered a breach (Oct 21, 2024 – Jan 2026 detection) affecting Volvo Group:
- ~17,000 employees impacted
- Loss of PII, health insurance, and medical details
- Attackers had months of undetected access
This is Volvo’s second major vendor-related breach in months—previously via Miljo Data (IT provider).
Highlights risks of third-party vendor dependencies.

8. US-Based Trenchant Exec Illegally Sells Hacking Tools to Russia

[07:00]

Peter Williams, previously of US defense contractor L3Harris (Trenchant division), pleaded guilty to selling stolen hacking tools to a Russian broker (2022–2025).
Sold eight tools for $1.3 million in cryptocurrency.
Tools targeted software vulnerabilities for illicit system access; Russian government was an end customer.
Williams faces up to nine years in prison.
Memorable:

Williams submitted a letter to the judge explaining his decisions, saying that he regretted his actions.

Notable Quotes

On Gemini AI misuse:

"Gemini is used from reconnaissance and phishing lure creation to command and control development and data exfiltration..."
— Steve Prentice, [00:25]
On Apple’s zero-day vulnerability:

"This vulnerability represents a door that has been unlocked for over a decade."
— Brian Milbier, Deputy CISO, Huntris, [01:35]
On infostealers evolving roles:

"[Infostealers] are more than standalone malware...foundational components of a mature cybercrime economy built around harvesting, trading, and operationalizing stolen digital identities."
— Flare Security report, [05:32]

Timestamps for Key Segments

Gemini AI Misuse: [00:10]
Apple iOS Vulnerability: [01:10]
CISA and Government Shutdown Risks: [02:07]
Russian Messaging App Crackdown: [03:00]
NY Subway AI Fare Evaders: [04:15]
Infostealer Malware Trends: [05:04]
Conduent/Volvo Group Breach: [06:01]
Trenchant Hacking Tools to Russia: [07:00]

Tone and Style

Steve Prentice presents in the CISO Series’ signature concise, informative style, frequently quoting primary sources, drawing attention to expert views, and highlighting both technical and policy implications without editorializing.

Final Thoughts

Today’s episode captures the expanding intersection of AI with cyber offense, the vulnerabilities lingering in foundational tech, and the mounting challenges posed by state actors—from government bureaucracy to information control—and the persistent risks tied to third-party vendors and the cybercrime ecosystem. The coverage is essential listening for security leaders tracking rapid changes across offense, defense, and policy.

Loading summary...

Transcript

A (0:00)

From the ciso series, it's cybersecurity headlines.

B (0:08)

These are the cybersecurity headlines for Friday, February 13, 2026. I'm Steve Prentice. Hackers abuse Gemini AI for all attack stages, says Google A report released yesterday from the Google Threat Intelligence Group confirms that threat actors from China, Iran, North Korea and Russia have used Gemini for target profiling and open source intelligence, generating phishing lures, translating text coding, vulnerability testing and troubleshooting, end quote. They are also showing increased interest in using it for social engineering click fix campaigns. The report says that Gemini is used from reconnaissance and phishing lure creation to command and control development and data exfiltration, end quote with specific actions including using an expert cybersecurity Persona to request that Gemini automate vulnerability analysis and provide targeted testing plans in the context of a fabricated scenario. A link to the report is available in the show. Notes to this episode. Apple patches decades old, possibly exploited iOS zero day this vulnerability affects every iOS version since 1.0 and has been used in what the company calls an extremely sophisticated attack against targeted individuals discovered by Google's Threat Analysis Group. The CVE numbered vulnerability dealing with Dyld. Apple's dynamic linker allows attackers with memory write capability to execute arbitrary code. Brian Milbier, deputy CISO at Huntris, said, quote, this vulnerability represents a door that has been unlocked for over a decade, end quote Acting CISA chief criticizes potential DHS funding lapse Speaking to the House Appropriations Subcommittee on Homeland Security on Wednesday, acting CISA leader Madhu Gautamakala stated that another Department of Homeland Security shutdown would hamper CESA's ability to respond to threats, offer services, develop new capabilities and finish writing a key regulation while the two sides on the Hill battle it out gotta Mercalla said CISA planned to designate 888 of its 2,000, 341 employees as accepted, meaning they could continue to work during a shutdown, albeit without pay. Moscow moves to throttle telegram and WhatsApp in favor of its own messaging app Russia's communications regulator Roscom Nadzor, confirmed on Tuesday that it has deliberately slowed down the Telegram app, which has nearly 90 million local users, citing the company's failure to comply with Russian law. Russian users began reporting widespread Telegram disruptions earlier this week, according to data from Internet monitoring service Down Detector. Meanwhile, a separate report from Meta on Thursday said Russia has also attempted to fully block WhatsApp in an effort to push users towards a state backed alternative. Users therefore, are being encouraged to switch to the alternative Max Max, a government backed messaging platform. Huge thanks to our sponsor ThreatLocker. Want real zero trust training? Zero Trust World 2026 delivers hands on labs and workshops that show CISOs exactly how to implement and maintain zero trust in real environments. Join us March 4th through 6th in Orlando, plus a live CISO series episode on March 6th. You can get $200 off with the code ZTWCISO26@ZTW.com New York City explores using AI cameras to spot Subway Fare Evaders the New York Metropolitan Transportation Authority is testing subway gates that use cameras powered by artificial intelligence to collect data on people suspected of not paying fares. This is of course generating concern amongst privacy advocates. Cubic, the manufacturer of the gates, reportedly says their product has cameras that record for five seconds when someone neglects to pay a fare. Artificial intelligence is used to produce a physical description of suspected fare evaders, they say, and the description is sent to the MTA. Amos Infosteeler targets macOS through a popular AI app Researchers from Flare Security have released their 2026 Enterprise Infosteeler Identity Exposure Report, which highlights the growing dominance of infostealers within the cybercrime economy and the expanding impact of identity exposure on organizations. They state that infostealers like Atomic macOS Stealer are more than standalone malware and act as foundational components of a mature cybercrime economy built around harvesting, trading and operationalizing stolen digital identities. End quote. They find success in a highly opportunistic social engineering approach in which attackers continuously adapt to technology trends, abusing trusted platforms, popular software, search engines and even emerging AI ecosystems to trick users into executing malware themselves. A link to this report is also available in the show. Notes to this episode. Conduit breach hits Volvo Group an intrusion on the network of the technology services company Conduent that occurred on January 13, 2025, has impacted Volvo Group with nearly 17,000 employees affected. Volvo appears to have learned about the incident only in January of 2026. Conduent provides services for printing and mailroom, document processing, payment integrity and other back office support services to to Volvo groups as well as to other companies, some of whom have also been affected by its data breach. An investigation into the attack on Conduent shows that the hackers had access to ITS network since October 21, 2024, taking PII, health insurance data and medical information. This is the second third party vendor related data breach to hit Volvo Group in recent months, having suffered a breach through Miljo Data, a Swedish IT company that had also been hit by ransomware, Department of Justice says Trenchant boss sold exploits to Russian broker Trenchant is a US Based maker of hacking and surveillance tools and is a division of the US defence contractor L3Harris. In October, Australian national Peter Williams, 39, pleaded guilty to selling eight hacking tools that he stole from his employer Trenchant, including software that takes advantage of flaws in other software to gain access to someone's computer or device. Williams admitted to making more than $1.3 million in crypto from the sales between 2022 and 2025, per the Justice Department. Federal prosecutors said Williams sold the hacking tools to a Russian company which counts the Russian government as amongst its customers. In response to the prosecutor's memorandum and request for a nine year sentence, Williams submitted a letter to the judge explaining his decisions, saying that he regretted his actions we hope all of our listeners have a wonderful weekend and come back on Monday Ready to join us for our Department of no Livestream? Each Monday at 4pm Eastern we bring you the biggest news stories and break down why they matter for your security program. If you have ever wondered how you can use the news of the week to spark needed security conversations with the rest of the business, you gotta join us on Monday at 4pm on the CISO Series YouTube channel. We certainly hope to see you there. And if you have some thoughts on the news from today or about the show in general, please be sure to reach out to us@feedbackisoseries.com we would love to hear from you. I'm Steve Prentiss reporting for the CISO Series.