CyberWire Daily – “Facing a Slow-Burn Confrontation”
Date: February 20, 2026
Host: Dave Bittner (N2K Networks)
Guest: James Turgal, VP of Global Cyber Risk and Board Relations at Optiv; former FBI
Episode Overview
This episode delivers a comprehensive snapshot of the day’s most pressing cybersecurity news, highlighting emerging threats across geopolitical, commercial, and technological landscapes. Topics include Russia’s escalating hybrid operations in Europe, a series of major cyber incidents in the US, novel malware and vulnerability discoveries, and an in-depth expert interview focusing on the current wave of AI-powered tax scams and IRS fraud.
Key News Stories & Analysis
1. Russian Hybrid Operations in Europe
[00:32]
- Dutch intelligence agencies warn of Russia escalating hybrid operations across Europe, aiming for a “slow-burn confrontation” below the threshold of open war.
- Noted increases since late 2023 in cyber attacks, sabotage, disinformation, espionage, and mapping of seabed infrastructure.
- The Netherlands faced DDoS attacks, police system espionage, and critical infrastructure probing.
- Russian risk tolerance reportedly rising, with more reliance on online-recruited low-level agents.
- Urgent recommendations: bolster national cyber resilience and enhance public-private cooperation.
2. University of Mississippi Medical Center Ransomware Attack
[02:47]
- Ransomware took down IT networks, electronic medical records, and statewide clinics.
- Resulted in canceled patient appointments and elective surgeries. Emergency services ran under contingency protocols.
- MedCom transfer system also affected but kept operating due to redundancies.
- Investigation ongoing; variant and origin of ransomware still unknown.
3. PayPal Data Breach
[04:43]
- Breach in Working Capital loan application exposed customer data (names, contact info, SSNs, DOB) for nearly six months in 2025.
- Fix applied after discovery; PayPal offering credit monitoring and password resets.
- Affected accounts saw limited unauthorized transactions, later refunded.
4. ATM Jackpotting on the Rise
[05:45]
- FBI: Over $20 million lost by Americans due to ATM jackpotting in 2025 (700+ incidents).
- Techniques exploit XFS software layer in ATMs, using malware (e.g., Plautus) and physical access.
- FBI advises banks to audit ATM security, particularly for unauthorized storage use and anomalous processes.
- Ongoing law enforcement action against criminal groups, e.g., Tren de Aragua members.
5. Trust Connect: New Malware-as-a-Service
[08:39]
- Proofpoint identifies Trust Connect, a fake remote monitoring tool (MAS), advertised at $300/month.
- Delivered via phishing “Meeting Invites” and “Tax Doc” lures, often alongside legitimate RMM tools.
- Web dashboard allows attackers to control infected systems and drop payloads.
- Proofpoint coordinated takedown of initial infrastructure; operators pivoted to “Doc Connect.”
- Actors likely linked to prior Redline Stealer campaigns.
6. Android Malware Integrates Generative AI
[10:37]
- ESET researchers document ‘PromptSpy’, first Android malware utilizing generative AI (Google’s Gemini).
- Malware sends screen info to AI, receives custom instructions for persistence across devices.
- Employs Android Accessibility services; core functions include spyware features: remote screen, credential interception, screenshots, etc.
- Notable as a real-time, adaptive threat, even if current distribution is limited.
7. Critical Zero-Day in Grandstream VOIP Phones
[12:11]
- Rapid7 discloses unauthenticated buffer overflow in Grandstream GXP 1600 VOIP phones.
- Flaw enables remote code execution with root privileges, exposing device configurations and calls.
- Vendor released necessary firmware patches.
8. IRS IT Staff Losses & Concerns
[13:11]
- IRS cut 40% of IT staff and 80% of tech execs, broadest shakeup in 20 years.
- Over 1,000 IT staff reassigned to frontline tax support, causing internal concern.
- Treasury Inspector General warns about risks to tax law implementation for the 2026 season.
- AI expected to supplement depleted staff.
Expert Interview: James Turgal on AI-Driven Tax Scams & IRS Fraud
[15:12–23:18]
Rise of AI in Tax Scams
[15:12]
- Dave Bittner: “I can't help feeling like we're in a little different situation when it comes to this tax season because of the prevalence of AI scams. Is that an accurate perception on my part?”
- James Turgal: “Oh, absolutely… AI is taking all types of fraud, specifically phishing and vishing… to an entirely new level.”
Modern Tactics Used by Scammers
[15:47]
- Attackers use a three-pronged approach:
- Email scams (phishing)
- Voice scams (vishing)
- Fraudulent text messages (smishing)
- Messages claim refunds are on hold or demand payment for supposed “back taxes,” using AI to simulate near-perfect language and escalate psychological pressure.
- AI-driven interactions adapt tone in real time:
“If you are not sounding like you are… nervous, they'll up the tone… using words like, you know, ‘search warrant’ or ‘arrest warrant’…” – James Turgal [16:40]
Shift from Shotgun to Targeted Attacks
[17:52]
- Attackers now leverage massive data lakes sourced from previous breaches to create detailed victim profiles, increasing targeting precision.
Guidance for Individuals
[18:56]
- “Breathe in, breathe out, take a deep breath and understand that the fraud piece of this is a real thing… they need to be vigilant.”
- IRS contacts ONLY via official mail—never email, call, or text.
- Always verify sender’s address (should be IRS.gov); ignore messages demanding immediate payment; challenge callers with off-script questions (e.g., requesting physical address details) to expose AI scammers.
- If a response “doesn't fit, then you immediately hang up because you know it's AI generated imposter.” – James Turgal [20:28]
Reporting & Resources
[21:00]
- Report incidents at ic3.gov (FBI’s Internet Crime Complaint Center).
- Report IRS phishing attempts at the official IRS phishing site.
- “Even your local police departments are now trained in how to deal with this. But certainly at the federal level, you are absolutely not alone.” – James Turgal [21:53]
The Human Factor in Social Engineering
[22:08]
- Traditional security tools (antivirus, ad blockers) are ineffective against these scams since they rely on social engineering across voice, text, and email, fueled by breached personal data.
Memorable Quotes
-
On AI’s role in fraud:
“AI is taking all types of fraud… to an entirely new level.”
– James Turgal [15:12] -
On attacker adaptation:
“The AI is now smart enough to read the tone of the victim… they’ll up the tone using different words like ‘search warrant’ or ‘arrest warrant’.”
– James Turgal [16:40] -
On vigilance:
“The IRS is only going to communicate with you via U.S. postal mail… If it doesn’t come from IRS.gov domain, it’s fraud.”
– James Turgal [19:56] -
On overcoming isolation:
“There are a lot of resources out there… you are absolutely not alone.”
– James Turgal [21:53]
Notable Complaint: AI & DEI Grant Terminations
[22:56]
- Authors Guild alleges NEH grants were canceled based on ChatGPT’s keyword analysis, using a “grudge list” of DEI-related terms.
- Grants mentioning “LGBTQ, tribal, or Black” were targeted; terminations done with little or no human oversight.
Timestamps for Key Segments
- Russia’s Hybrid Threats in Europe: [00:32–02:47]
- Ransomware Hits Mississippi Medical Center: [02:47–04:10]
- PayPal Data Breach: [04:43–05:45]
- ATM Jackpotting Trends: [05:45–07:12]
- Trust Connect Malware Analysis: [08:39–09:37]
- Android AI Malware Discovery: [10:37–11:56]
- Critical VOIP Vulnerability: [12:11–13:04]
- IRS IT Workforce Issues: [13:11–14:40]
- James Turgal Interview (AI tax scams): [15:12–23:18]
- AI-Assisted DEI Grant Cancellations: [22:56–23:20]
Conclusion
This episode provides actionable context on evolving cyber threats—from state actors and organized crime to emerging, AI-driven social engineering campaigns. The James Turgal interview stands out, offering practical, clear-headed advice on navigating AI-enabled IRS scams during tax season—and highlighting the crucial role of public awareness and reporting.
