A (0:00)

Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at meter.com CST CISA orders federal agencies to patch actively exploited dell vulnerability within three days Texas sues TP link for cybersecurity risks 1 billion personal record exposed by an AI system and is it possible that all US Social Security numbers could have been leaked? This is Cybersecurity Today. I'm your host Jim Love. The US Cybersecurity and Infrastructure Security Agency CISA has directed federal civilian agencies to patch a critical Dell vulnerability within three days after it was confirmed as actively exploited by threat actors. CISA added the flaw identified as CVE202622769 to its exploited Vulnerabilities Catalog and issued an emergency binding operational directive requiring immediate remediation. The directive applies specifically to federal civilian executive branch agencies under CESA's authority. The vulnerability affects Dell Recover Point for Virtual Machines, a disaster recovery tool widely used in enterprise environments. The flaw stems from hard coded credentials in its management interface, allowing unauthenticated remote attackers to gain full control of affected systems with root level privileges. The exploitation has been linked to a China aligned threat cluster AS, and the vulnerability carries a CVSS score of 10, the maximum severity rating. Dell has released a patch and is urging customers to apply it immediately. CISA's three day deadline is unusually short, but reflects the confirmed exploitation and the potential impact on sensitive government infrastructure. The Texas Attorney General has filed a lawsuit against TP Link Systems alleging the router maker has misled consumers about the security and origin of its devices while exposing users to potential Chinese state linked cyber threats filed under the Texas Deceptive Trade Practices Act. The lawsuit claims TP Link marketed products as secure and labeled them made in Vietnam even though nearly all components originated in China. Texas argues that the distinction matters because Chinese national intelligence law can compel companies with Chinese ties to cooperate with state intelligence requests. The state also alleges that TP Link routers have been exploited in past cyber attacks by Chinese state sponsored actors, including botnets built from compromised consumer devices. TP Link denies the allegations, stating that it operates independently of the Chinese government, stores US User data on Amazon Web services and bases core operations in the United States. A massive data leak tied to an AI powered identity verification provider exposed nearly 1 billion sensitive personal records online, including full names, email addresses, phone numbers and even national identification numbers. Cybersecurity researchers discovered an unsecured MongoDB database containing nearly a terabyte of data that was publicly accessible without authentication. The records are reported to originate from IDMerit, a company that provides digital identity verification and know your customer services used in fraud detection and onboarding systems. The exposed data set reportedly included, as we said, full names, birth dates, Social Security numbers or other ID numbers, physical addresses, email addresses, phone numbers, gender, postal codes. It was a treasure trove for hackers. The database was secured after discovery but not before it was accessible online. And we all know that there are bots out there searching for unsecured databases. There is no evidence, however, that the AI systems themselves were compromised. The underlying issue appears to be a classic misconfiguration, but at a massive scale, when identity verification providers aggregate data from multiple jurisdictions, a single exposed database has become a high valued target for fraud, phishing and even account takeover. A February 4, 2026 Market Watch report details a whistleblower complaint from former Social Security Administration Chief Data Officer Chuck Borges alleging that employees tied to the Department of Government Efficiency, or DOGE, copied the SSA's master database containing names, Social Security numbers and addresses of Americans into a cloud environment without normal oversight. Borges called the situation a national security disaster. According to the report, borges resigned in August 2025 and later filed a protected disclosure complaint urging congressional investigation. He alleges that a live copy of the SSA database was created outside the standard security controls, potentially exposing hundreds of millions of Americans to long term fraud risk. Reports from the Washington Post and MarketWatch indicate that the data set allegedly accessible included not only Social Security numbers, but medical and mental health records, bank and credit card information, tax details, work histories, home addresses, citizenship data and even parents Social Security numbers. However, in a letter to Senator Michael Crapo, Social Security Commissioner Frank D. Bizignano said an internal review found that the core numident database, the official master file containing American Social Security numbers, remained secure and had not been hacked, leaked or accessed in an unauthorized way. Directly contradicting Borges's allegation. I'm going to speak plainly on this one. I had the chance to have an interview with a whistleblower about the Doge situation before and I gotta tell you I'm leaning towards Borges explanation. And I have to acknowledge the no confirmed public evidence that the master database has been breached. But when the asset in question underpins an entire country's identity and financial system, the real question becomes if something this foundational were compromised at scale, could it even realistically be mitigated or replaced. And that's our show. We'd like to thank Meter for their support in bringing you this podcast. Meter delivers full stack networking infrastructure, wired, wireless and cellular to leading enterprises. Working with their partners, Meter designs, deploys and manages everything required to get performant, reliable and secure connectivity in a space. They design the hardware, the firmware, build the software, manage deployments, and run support. It's a single integrated solution that scales from branch offices to warehouses to large campuses, all the way to data centers. Book a demo@meter.com CST that's M E T E R.com CST I'm your host, Jim Love. Thanks for listening.