Cybersecurity Headlines – February 10, 2026
Host: Sarah Lane, CISO Series
Main Theme: Daily roundup of pressing Information Security news, covering state-sponsored attacks, advanced malware, and critical software vulnerabilities exposing organizations worldwide.
Episode Overview
This episode highlights high-profile cyber threats and vulnerabilities uncovered across the globe with a special focus on nation-state campaigns, multi-cloud malware, and major software flaws. It provides concise insights into critical breaches, tool exposures, and intelligence about attacker tactics, as well as industry reactions and recommendations.
Key Discussion Points & Insights
1. UNC3886 Targets Singapore Telecoms
- China-linked APT Activity:
The hacking group UNC3886, believed to be Chinese state-sponsored, launched an espionage campaign on Singapore’s four major telecoms. - Techniques Used:
- Employed a zero-day exploit and deployed rootkits
- Gained access to segments of critical systems
- Impact:
- No disruption to services or exposure of customer data
- Singapore's Cyber Security Agency launched “Cyber Guardian” to respond; intruder access has been cut off
Quote ([00:20]):
“The group used a zero day exploit and rootkits to gain access to parts of critical systems.” – Sarah Lane
2. VoidLink: AI-Assisted Multi-Cloud Malware
- New Malware Framework:
Ontinu researchers dissect VoidLink, a Linux-based malware persisting across diverse multi-cloud environments (AWS, Azure, Google Cloud, Alibaba, Tencent). - Capabilities:
- Credential theft, environment fingerprinting, container escapes, and kernel-level hiding
- Utilizes encrypted, web-mimicking traffic for stealth
- AI Involvement:
- Code structure and debug logs suggest generation by a large language model with minimal human review
Quote ([01:12]):
“Analysts say the code shows clear signs of AI assisted development.” – Sarah Lane
- Code structure and debug logs suggest generation by a large language model with minimal human review
3. OpenClaw AI Agent Platform Exposure
- Mass Vulnerability:
- Over 135,000 publicly-exposed OpenClaw instances discovered
- Insecure default configuration (listening on all interfaces) increases risk
- Consequences:
- Linked to several high-risk vulnerabilities and data leaks
- Over 50,000 remain susceptible to a patched RCE bug
- Risk Amplification:
- Exposure could lead to theft of credentials, files, and other sensitive corporate or personal data
Quote ([01:36]):
“The platform’s design and widespread insecure deployments could give attackers access to credentials, files and other sensitive data.” – Sarah Lane
- Exposure could lead to theft of credentials, files, and other sensitive corporate or personal data
4. New Zero-Click Vulnerability in Claude Desktop Extensions
- Zero-Click Exploit Identified:
- Researchers at LayerX reveal a critical flaw (CVSS 10.0) in Anthropic’s Claude desktop extensions
- Allows code execution via malicious Google Calendar events (affects >10,000 users)
- Root Cause:
- Dangerous chaining of extension tools with full system privileges and no sandboxing; low-risk events triggering high-impact actions
- Vendor Response:
- Anthropic declines to patch, stating the flaw is outside their threat model as extension/permission choice lies with the user
Quote ([02:24]):
“LayerX says Anthropic declined to fix it...because users choose which extensions and permissions to enable.” – Sarah Lane
- Anthropic declines to patch, stating the flaw is outside their threat model as extension/permission choice lies with the user
5. China's Cyber Attack Rehearsals on Critical Infrastructure
- Insider Intelligence:
- Leaked documents (via Recorded Future) uncover "Expedition Cloud," a cyber range designed for practicing attacks against neighboring countries’ critical infrastructure.
- Automation & State Involvement:
- Realistic replicas of power grids, transport, and smart homes are in play, with evidence of AI-assisted operations and state sponsorship.
- Geopolitical Implications:
- Indicates potential preparations for offensive cyber campaigns despite official Chinese denials
Quote ([03:12]):
“The platform suggests state sponsorship and potential evidence of China preparing offensive cyber campaigns.” – Sarah Lane
- Indicates potential preparations for offensive cyber campaigns despite official Chinese denials
6. BridgePay Suffers Ransomware Outage
- Incident Details:
- Ransomware led to platform-wide outage, halting card payments for restaurants, retailers, and some municipal services
- Company Assurance:
- No payment card data lost; compromised data was encrypted
- Ongoing Response:
- FBI and Secret Service involved in investigation
7. Ivanti Zero Day Fallout Increases
- Zero Day Rampage:
- Ivanti Endpoint Manager Mobile (EPMM) 0-days exploited in the wild against ~100 victims; two critical (9.8 CVSS) vulnerabilities abused
- Targets:
- Dutch government, European Commission, and infrastructure providers impacted
- Threat Landscape:
- Multiple threat actors involved; increased attacks after public disclosure; 1,300+ systems still vulnerable
Quote ([04:30]):
“Hundreds of attacks observed in a day, with nearly 1,300 Internet exposed EPMM instances still at risk.” – Sarah Lane
- Multiple threat actors involved; increased attacks after public disclosure; 1,300+ systems still vulnerable
8. Warlock Ransomware Gang Breaches SmarterTools
- Attack Details:
- Exploited two critical SmarterMail flaws (unauthenticated RCE and auth bypass) unpatched on the targeted server
- Impact:
- About a dozen Windows machines compromised; key business and account data believed safe
- Ongoing Threats:
- Similar attacks seen on customer systems; Active Directory targeted to spread ransomware
Quote ([05:16]):
“SmarterTools also observed similar attacks on customer systems, with the group targeting Active Directory to spread ransomware.” – Sarah Lane
- Similar attacks seen on customer systems; Active Directory targeted to spread ransomware
Notable Quotes
- On AI-Generated Malware:
“Analysts say the code shows clear signs of AI assisted development with leftover debug logs and structured phase labels.” ([01:13] – Sarah Lane) - On Vendor Threat Models:
“Anthropic declined to fix it based on the fact that the issue falls outside its threat model because users choose which extensions and permissions to enable.” ([02:28] – Sarah Lane) - On Infrastructure Cyber Wargaming:
“The platform suggests state sponsorship and potential evidence of China preparing offensive cyber campaigns despite official denials.” ([03:27] – Sarah Lane) - On Ransomware Risks:
“The attackers gained access through an unpatched server, compromising about a dozen Windows machines, though the company says business apps and account data weren’t affected.” ([05:04] – Sarah Lane)
Timestamps for Key Segments
- UNC3886 Singapore Telecom Attack: [00:06–01:04]
- VoidLink Multi-Cloud Malware Analysis: [01:04–01:30]
- OpenClaw Mass Exposure: [01:30–01:55]
- Claude Extensions Zero-Click Flaw: [01:55–02:39]
- China’s Cyber Attack Testing: [03:00–03:46]
- BridgePay Ransomware Outage: [03:46–04:14]
- Ivanti Endpoint Manager Zero Days: [04:14–04:48]
- Warlock Ransomware & SmarterTools: [04:48–05:38]
Final Thoughts
This episode paints an urgent picture of rapidly evolving threats—state actors exploiting zero days, AI-powered malware frameworks, rampant unsecured deployments, and critical vulnerabilities lurking in widely used platforms. The discussion underscores the importance of proactive patching, vigilant system exposure management, and persistent adversary tracking.
Call to Action:
For more in-depth coverage or to discuss these stories, visit CISOseries.com.