Facing a slow-burn confrontation. - CyberWire Daily

Summary6 min read

CyberWire Daily – “Facing a Slow-Burn Confrontation”

Date: February 20, 2026
Host: Dave Bittner (N2K Networks)
Guest: James Turgal, VP of Global Cyber Risk and Board Relations at Optiv; former FBI

Episode Overview

This episode delivers a comprehensive snapshot of the day’s most pressing cybersecurity news, highlighting emerging threats across geopolitical, commercial, and technological landscapes. Topics include Russia’s escalating hybrid operations in Europe, a series of major cyber incidents in the US, novel malware and vulnerability discoveries, and an in-depth expert interview focusing on the current wave of AI-powered tax scams and IRS fraud.

Key News Stories & Analysis

1. Russian Hybrid Operations in Europe

[00:32]

Dutch intelligence agencies warn of Russia escalating hybrid operations across Europe, aiming for a “slow-burn confrontation” below the threshold of open war.
Noted increases since late 2023 in cyber attacks, sabotage, disinformation, espionage, and mapping of seabed infrastructure.
The Netherlands faced DDoS attacks, police system espionage, and critical infrastructure probing.
Russian risk tolerance reportedly rising, with more reliance on online-recruited low-level agents.
Urgent recommendations: bolster national cyber resilience and enhance public-private cooperation.

2. University of Mississippi Medical Center Ransomware Attack

[02:47]

Ransomware took down IT networks, electronic medical records, and statewide clinics.
Resulted in canceled patient appointments and elective surgeries. Emergency services ran under contingency protocols.
MedCom transfer system also affected but kept operating due to redundancies.
Investigation ongoing; variant and origin of ransomware still unknown.

3. PayPal Data Breach

[04:43]

Breach in Working Capital loan application exposed customer data (names, contact info, SSNs, DOB) for nearly six months in 2025.
Fix applied after discovery; PayPal offering credit monitoring and password resets.
Affected accounts saw limited unauthorized transactions, later refunded.

4. ATM Jackpotting on the Rise

[05:45]

FBI: Over $20 million lost by Americans due to ATM jackpotting in 2025 (700+ incidents).
Techniques exploit XFS software layer in ATMs, using malware (e.g., Plautus) and physical access.
FBI advises banks to audit ATM security, particularly for unauthorized storage use and anomalous processes.
Ongoing law enforcement action against criminal groups, e.g., Tren de Aragua members.

5. Trust Connect: New Malware-as-a-Service

[08:39]

Proofpoint identifies Trust Connect, a fake remote monitoring tool (MAS), advertised at $300/month.
Delivered via phishing “Meeting Invites” and “Tax Doc” lures, often alongside legitimate RMM tools.
Web dashboard allows attackers to control infected systems and drop payloads.
Proofpoint coordinated takedown of initial infrastructure; operators pivoted to “Doc Connect.”
Actors likely linked to prior Redline Stealer campaigns.

6. Android Malware Integrates Generative AI

[10:37]

ESET researchers document ‘PromptSpy’, first Android malware utilizing generative AI (Google’s Gemini).
Malware sends screen info to AI, receives custom instructions for persistence across devices.
Employs Android Accessibility services; core functions include spyware features: remote screen, credential interception, screenshots, etc.
Notable as a real-time, adaptive threat, even if current distribution is limited.

7. Critical Zero-Day in Grandstream VOIP Phones

[12:11]

Rapid7 discloses unauthenticated buffer overflow in Grandstream GXP 1600 VOIP phones.
Flaw enables remote code execution with root privileges, exposing device configurations and calls.
Vendor released necessary firmware patches.

8. IRS IT Staff Losses & Concerns

[13:11]

IRS cut 40% of IT staff and 80% of tech execs, broadest shakeup in 20 years.
Over 1,000 IT staff reassigned to frontline tax support, causing internal concern.
Treasury Inspector General warns about risks to tax law implementation for the 2026 season.
AI expected to supplement depleted staff.

Expert Interview: James Turgal on AI-Driven Tax Scams & IRS Fraud

[15:12–23:18]

Rise of AI in Tax Scams

[15:12]

Dave Bittner: “I can't help feeling like we're in a little different situation when it comes to this tax season because of the prevalence of AI scams. Is that an accurate perception on my part?”
James Turgal: “Oh, absolutely… AI is taking all types of fraud, specifically phishing and vishing… to an entirely new level.”

Modern Tactics Used by Scammers

[15:47]

Attackers use a three-pronged approach:
- Email scams (phishing)
- Voice scams (vishing)
- Fraudulent text messages (smishing)
Messages claim refunds are on hold or demand payment for supposed “back taxes,” using AI to simulate near-perfect language and escalate psychological pressure.
AI-driven interactions adapt tone in real time:

“If you are not sounding like you are… nervous, they'll up the tone… using words like, you know, ‘search warrant’ or ‘arrest warrant’…” – James Turgal [16:40]

Shift from Shotgun to Targeted Attacks

[17:52]

Attackers now leverage massive data lakes sourced from previous breaches to create detailed victim profiles, increasing targeting precision.

Guidance for Individuals

[18:56]

“Breathe in, breathe out, take a deep breath and understand that the fraud piece of this is a real thing… they need to be vigilant.”
IRS contacts ONLY via official mail—never email, call, or text.
Always verify sender’s address (should be IRS.gov); ignore messages demanding immediate payment; challenge callers with off-script questions (e.g., requesting physical address details) to expose AI scammers.
If a response “doesn't fit, then you immediately hang up because you know it's AI generated imposter.” – James Turgal [20:28]

Reporting & Resources

[21:00]

Report incidents at ic3.gov (FBI’s Internet Crime Complaint Center).
Report IRS phishing attempts at the official IRS phishing site.
“Even your local police departments are now trained in how to deal with this. But certainly at the federal level, you are absolutely not alone.” – James Turgal [21:53]

The Human Factor in Social Engineering

[22:08]

Traditional security tools (antivirus, ad blockers) are ineffective against these scams since they rely on social engineering across voice, text, and email, fueled by breached personal data.

Memorable Quotes

On AI’s role in fraud:

“AI is taking all types of fraud… to an entirely new level.”
– James Turgal [15:12]
On attacker adaptation:

“The AI is now smart enough to read the tone of the victim… they’ll up the tone using different words like ‘search warrant’ or ‘arrest warrant’.”
– James Turgal [16:40]
On vigilance:

“The IRS is only going to communicate with you via U.S. postal mail… If it doesn’t come from IRS.gov domain, it’s fraud.”
– James Turgal [19:56]
On overcoming isolation:

“There are a lot of resources out there… you are absolutely not alone.”
– James Turgal [21:53]

Notable Complaint: AI & DEI Grant Terminations

[22:56]

Authors Guild alleges NEH grants were canceled based on ChatGPT’s keyword analysis, using a “grudge list” of DEI-related terms.
Grants mentioning “LGBTQ, tribal, or Black” were targeted; terminations done with little or no human oversight.

Timestamps for Key Segments

Russia’s Hybrid Threats in Europe: [00:32–02:47]
Ransomware Hits Mississippi Medical Center: [02:47–04:10]
PayPal Data Breach: [04:43–05:45]
ATM Jackpotting Trends: [05:45–07:12]
Trust Connect Malware Analysis: [08:39–09:37]
Android AI Malware Discovery: [10:37–11:56]
Critical VOIP Vulnerability: [12:11–13:04]
IRS IT Workforce Issues: [13:11–14:40]
James Turgal Interview (AI tax scams): [15:12–23:18]
AI-Assisted DEI Grant Cancellations: [22:56–23:20]

Conclusion

This episode provides actionable context on evolving cyber threats—from state actors and organized crime to emerging, AI-driven social engineering campaigns. The James Turgal interview stands out, offering practical, clear-headed advice on navigating AI-enabled IRS scams during tax season—and highlighting the crucial role of public awareness and reporting.

Loading summary

Transcript23 lines

[00:02]
A
You're listening to the Cyberwire Network powered by N2K. Cyber threats strike in minutes. Your analysis can't take weeks. That's where Velox Reverser from Booz Allen comes in. It's an autonomous malware reverse engineering and threat intelligence product that turns weeks of painstaking manual analysis into minutes of AI powered insight sites. With Velox Reverser security teams can perform deep analysis to learn how malware works and how to stop it. It's an advanced product that works at machine speed if you need to outpace evolving adversaries and strengthen your defense at scale. Request a demo or start your 30 day free trial of Velux Reverser today at Booz Allen.com Reverser. Dutch authorities warn Russia is escalating hybrid operations across Europe. Ransomware shuts down the University of Mississippi Medical Center. PayPal notifies customers of a data breach. The FBI says ATM jackpotting is on the rise. Trust Connect Malware masquerades as a legitimate remote monitoring and management tool. Researchers uncover the first Android malware to integrate generative AI. A critical zero day hits Grand Stream voiceover IP phones the IRS slashes IT staff and technology executives Our guest is James Tergal, a 22 year FBI vet and VP of Global Cyber Risk and Board Relations at Optiv, discussing the latest wave of tax scams and IRS fraud and Doge dudes deliver DEI death blows. It's Friday, February 20th, 2026. I'm Dave Buettner and this is your Cyberwire Intel Briefing. Thanks for joining us on this rainy Friday here in the dmv. It is great to have you with us. Russia is escalating hybrid operations across Europe as it prepares for a prolonged confrontation with the west, according to a new joint assessment from the Netherlands General Intelligence and Security Service and Military Intelligence and Security Service. The Dutch agencies report a sharp rise since late 2023 in cyber attacks, sabotage, disinformation, espionage and covert political influence designed to remain below the threshold of open war. While a direct Russian NATO conflict remains unlikely, it's no longer unthinkable, they warn. The Netherlands has faced distributed denial of service attacks, espionage targeting police systems and activity probing critical infrastructure. Moscow is also mapping seabed infrastructure and relying more on low level agents recruited online. Dutch officials say Russia's risk tolerance has increased and the campaign is likely to continue in waves. The report urges stronger national resilience and closer public private cooperation to counter a sustained asymmetric threat. A ransomware attack struck the University of Mississippi Medical center on Thursday, shutting down its IT network. Electronic medical records system and clinics statewide. University leaders confirmed the attack forced widespread cancellations of appointments and elective surgeries, with emergency services continuing under downtime protocols. The electronic medical records platform was among the affected systems. Mississippi MedCom, which coordinates hospital transfers, was also disrupted but continues operating through redundancies. An FBI official said it's too early to identify the ransomware variant or origin. The full scope of potential data exposure remains unclear. Patients reported canceled procedures, including chemotherapy and difficulty contacting providers. Experts warn ransomware can significantly worsen patient outcomes and prolong disruptions for weeks or months. Hospital leadership said reducing clinical volume is necessary to stabilize operations. While the investigation continues, PayPal is notifying customers after a software error in its PayPal working capital loan application exposed sensitive data for nearly six months in 2025. The company says names, contact details, Social Security numbers and dates of birth were accessible from July 1 through December 13 before the issue was discovered and fixed. A small number of accounts saw unauthorized transactions, which PayPal says have been refunded. The company reset affected passwords and is offering two years of credit monitoring through Equifax. PayPal has not disclosed how many customers were impacted. The FBI says Americans lost more than $20 million last year in a sharp rise in ATM jackpotting attacks. In a recent flash alert, the bureau reported more than 700 incidents in 2025 alone, compared to about 1,900 total since 2020. These attacks use malware such as Plautus to bypass bank authorization by exploiting the Extensions for financial services or XFS, software layer inside ATMs. Criminals typically gain physical access with generic keys, install the malware on the machine's hard drive and TR cash withdrawals without a card or account. The FBI advises financial institutions to audit for unauthorized storage use and suspicious processes. The warning follows justice department charges against 87 alleged trendy Aragua members tied to jackpotting schemes. In a Manhattan courtroom, Arkansas Dr. David Churchill described discovering his 27 year old son, Reed, dead from fentanyl laced pills purchased on the Dark Web marketplace incognito. The site's administrator, 25 year old Lin Ru Sang of Taiwan, was sentenced to 30 years in prison for running the platform, which facilitated more than $100 million in drug sales before shutting down in 2024. At sentencing, Lynn's defense revealed that an FBI confidential informant had helped moderate the marketplace for nearly two years. According to Wired. Court filings alleged the informant had authority to remove fentanyl sellers but at times allowed flagged vendors to continue operating. Prosecutors argued the informant acted as Lynn's subordinate and that Lynn knowingly enabled opioid sales. The judge expressed skepticism about the FBI's prolonged involvement, but ruled that any government role did not diminish Lyn's responsibility. Lyn has filed an appeal. Proofpoint has identified a new malware as a service platform called Trust Connect that masquerades as a legitimate remote monitoring and management tool. The Service, advertised at $300 per month, operates through a fake business website that doubles as its command and control server and customer portal. Threat actors distributed the signed malware in late January 2026 using lures such as Meeting Invites and Tax Doc, often alongside legitimate remote access tools like Screen Connect and LogMeIn. Trust Connect provides a web based dashboard for managing infected devices, executing commands, and deploying additional payloads. Proofpoint coordinated disruption of its infrastructure and revoked a fraudulently obtained extended validation certificate used to sign the malware. The operator has since pivoted to new infrastructure promoting a similar tool called Doc Connect. Researchers assess with moderate confidence that the actor was previously linked to Redline Stealer activity Researchers at ESET have identified what they say is the first Android malware to integrate generative AI directly into its execution flow. The malware dubbed Prompt Spy abuses Google's Gemini model to adapt how it maintains persistence across different Android devices. Because app pinning methods vary by manufacturer, PromptSpy sends Gemini an XML dump of the screen and receives JSON instructions on how to lock itself in the recent Apps list. It then executes those steps using Android's Accessibility service in a feedback loop until persistence is achieved. Beyond this AI driven feature, the malware functions as spyware, enabling remote screen control, credential interception, screenshots and app monitoring. Although distribution appears limited and may be proof of concept, researchers say it demonstrates how generative AI can dynamically guide malware behavior in real time. Rapid7 Labs has disclosed a critical zero day vulnerability affecting all Grandstream GXP 1600 series voice over IP phones. The flaw is an unauthenticated stack based buffer overflow in the device's web based API service. Accessible in default configurations. With a CVSS score of 9.3, it allows remote code execution with root privileges. Rapid7 demonstrated the exploitation using a Metasploit module, showing attackers could extract stored credentials and potentially reconfigure devices to route calls through a malicious SIP proxy. Grandstream has released firmware updates to remediate the issue. The IRS has lost 40% of its IT staff and nearly 80% of its technology executives, marking its largest tech reorganization in 20 years. Speaking at an association of government accountants panel. IRS CIO Kashit Pandya said the cuts followed broader federal workforce reductions in 2025, when the agency lost a quarter of its overall staff. The IT division began the year with roughly 8,500 employees. About 1,000 technologists were reassigned to frontline tax season support, a move that drew internal criticism. Pandya said the shakeup aims to break down silos and create cross functional teams, which focused on end to end delivery. However, the treasury inspector general warned that IT staffing losses could jeopardize implementation of tax law changes for the 2026 filing season. AI is expected to support remaining staff. Coming up after the break, James Turgall from Optiv discusses the latest wave of tax scams and IRS fraud and Doge dudes deliver DEI death blows Stick around. When it comes to mobile application security, good enough is a risk. A recent Survey shows that 72% of organizations reported at least one mobile application security incident last year, and 92% of responders reported threat levels have increased in the past two years. Guard Square delivers the highest level of security for your mobile apps without compromising performance, time to market or user experience. Discover how Guard Square provides industry leading security for your Android and iOS apps at www.guardsquare.com. Most Security Conferences Talk about Zero Trust Zero Trust World puts you inside. This is a hands on cybersecurity event designed for practitioners who want real skills, not just theory. You'll take part in live hacking labs where you'll attack real environments, see how modern threats actually and learn how to stop them before they turn into incidents. But Zero Trust World is more than labs. You'll also experience expert led sessions, practical case studies and technical deep dives focused on real world implementation. Whether your Blue team, Red team or responsible for securing an entire organization, the content is built to be immediately useful. You'll earn CPE credits, connect with peers across the industry and leave with strategies you can put into action right away. Join us March 4th through the 6th in Orlando, Florida. Register now at ztw.com and take your zero trust strategy from Theory to execution. James Turgal is a 22 year old veteran of the FBI and currently VP of Global Cyber Risk and Board Relations at Optiv. I sat down with him to learn more about the latest wave of tax scams and IRS fraud. So today we're talking about tax scams and IRS fraud. You know James, this is a sort of an annual thing as it comes up on tax season here, but I can't help feeling like we're in a little different situation when it comes to this tax season because of the prevalence of AI scams, is that an accurate perception on my part?
[15:12]
B
Oh, absolutely, yeah. 100%. You're 100% right. AI is taking all types of fraud, specifically phishing and vishing. Right? So phishing, which is email vishing, which is voice scams, and smishing, which is fraudulent text messages. It's taken that to an entirely new level.
[15:36]
A
Well, can you walk us through the kinds of, I don't know, the state of the art that's in play these days when it comes to these scammers trying to take advantage of people at tax season?
[15:48]
B
Well, it is amazing when you start to look at what and how they're doing it. So as I just talked about a second ago, they're actually coming at poor victims in three different ways, right? From three different angles.
[16:04]
A
Right?
[16:04]
B
They're doing it from the fact of you are a. You're getting emails, you're getting voice messages, and what they're doing is they're creating this kind of pretext call. So it'll start out with statements such as an email, your refund is on hold, pending identity verification or unusual activity on your IRS account, or you owe back taxes, final notice. And this right, gets your attention, it gets a victim's attention. And then the AI now is smart enough to start to understand and actually get into a conversation with a victim, right? So it's like near perfect email tone. All their emails look exquisite. They match all the pages. When you start to write, you engage with them. The, The AI is now smart enough to read the tone of the victim, right? So now you have, now you have the situation where you are communicating with the AI and they are. It's reading your tone. So if. If you are not sounding like you are, you know, nervous, they'll up the tone of your. Of the. Of the email, they'll up the tone of. Of the actual conversation using different words like, you know, search warrant or arrest warrant or something like that. So the, the AI, the large language models, are really adept now at engaging with the victim and actually playing along with that victim.
[17:41]
A
To what degree is this still a shotgun approach? Or how easy is it for these scammers to have some information about their victims ahead of time?
[17:52]
B
You know, historically it was very much a shotgun approach, but there is. There's a ton of, you know, data. Remember, think about all the breaches that you and I see get reported in the news all the time, right? And so you get information, all those breaches, all that data, right? The millions and millions of personally identifiable information that gets out there and sold on the dark web. You got to realize the threat actors are taking that data, they're putting it in these huge data lakes and they're writing algorithms that kind of bounce that data off of each other. And they are able to create some highly tactical profiles of individuals where they've gotten enough data from various different breaches out there in the world, but they're now targeting them.
[18:47]
A
What are your recommendations then? I mean, given the rise in sophistication of these tools, what's the best way for folks to protect themselves?
[18:57]
B
I mean, they need to. First of all, they need to breathe in, breathe out, take a deep breath and understand that the fraud piece of this is a real thing and it can really happen to them. And so they need to be vigilant. Right? So. And to avoid the email scams, it's what we talk about all the time, Right? So the IRS is only going to communicate with you via U.S. postal mail.
[19:28]
A
Right.
[19:29]
B
They don't contact people by email or text messages. Right. And if you know someone is demanding from the IRS this immediate payment, that's all fraud, Right? So you have to be vigilant. You need to look at that email and you need to physically go up into that bar at the top and understand that it needs to come from the IRS.gov domain.
[19:56]
A
Right?
[19:56]
B
And if it doesn't come from IRS.gov domain, it's fraud.
[20:01]
A
Right.
[20:01]
B
And if there's someone calling you and the voice sounds boxy or you sense they're creating a sense of urgency on you, that doesn't seem right. Start asking questions that seem kind of off the cuff. But if you ask that question to the AI, what's the address of the building? And you're right now you start asking those types of immediate, what I call environmental questions, the AI will stammer and the AI will break because they're not used to it. It's not part of their script. And so if you get one of those answers that doesn't fit, then you immediately hang up because you know it's AI generated imposter.
[20:48]
A
Are there resources that the IRS has? And the FBI, for example, I know you are former FBI. Does the FBI want to hear from folks who feel as though they may have been scammed?
[21:01]
B
Oh, absolutely. Right. So ic3.gov, right, the Internet Crime Complaint center is the FBI's website where you should absolutely, 100% report this. You can also. There's also a website that is run by the irs and it's phishing ph I s h I n g r s.gov where if you suspect a phishing attempt, you can actually go to that site and it will help you verify whether or not there is anything out there coming from the IRS about you.
[21:38]
A
You know, I think when people get hit by these sorts of things, it's very easy for them to feel like they're alone or they're isolated. You know, they don't have anywhere to turn. And what I hear you saying is that that's not the case.
[21:54]
B
Oh, absolutely. Yeah. No. There are a lot of resources out there. Even your local police departments are now trained in how to deal with this. But certainly at the federal level, you are absolutely not alone.
[22:08]
A
Is this primarily a social engineering type of thing? I mean, we talk that people should have antivirus and ad blockers and all those sorts of things, but this particular type of scamming really strikes me as being human to human.
[22:24]
B
Yeah, this is not something that, you know, a, a software program that, you know, McAfee or whatever your, whatever you use. Yeah, that's not going to stop this. This is, this is social engineering, but this is social engineering where you're being bombarded from, from all aspects. Again, voice, text, email, you know, it could be a telephone call. And again, all of this data is out there, you know, on the dark web and threat actors have access to it. If you've been, you know, your, your Panera Bread, you know, account was compromised or, you know, any, any of these breaches that happen out there, all that data is being sold on the dark web. And so it is. It is absolutely imperative for you to think about it in those terms. Right. It's not just an isolated attack. You're really being targeted.
[23:19]
A
That's James Turgal from Optiv. What's your 2am Security worry? Is it, do I have the right controls in place? Maybe are my vendors secure or the one that really keeps you up at night? How do I get out from under these old tools and manual processes? That's where Vanta comes in. Vanta automates the manual work so you can stop sweating over spreadsheets, chasing audit evidence and filling out endless questionnaires. Their trust management platform continuously monitors your systems, centralizes your data, and simplifies your security at scale. And it fits right into your workflows. Using AI to streamline evidence collection, flag risks, and keep your program audit ready all the time. With Vanta, you get everything you need to move faster, scale confidently, and finally get back to sleep. Get started@vanta.com cyber that's v a n t a dot com cyber foreign. Maybe that's an urgent message from your CEO, or maybe it's a deep fake trying to target your business. Doppel is the AI native social engineering defense platform fighting back against impersonation and manipulation. As attackers use AI to make their tactics more sophisticated, Doppel uses it to fight back from automatically dismantling cross channel attacks to building team resilience and more Doppel outpacing what's next in social engineering? Learn more@doppel.com that's-o P E L.com. And finally, in a newly amended complaint, the Authors Guild alleges that federal humanities grants were terminated not through policy review, but by a pair of DOGE appointees armed with a keyword list and ChatGPT. According to the filing, Nate Kavanaugh and Justin Fox flagged National Endowment for the Humanities grants by prompting ChatGPT to determine in under 120 characters whether a project was related at all to DEI. Fox reportedly fed in short descriptions and accepted the chatbots verdicts without defining what DEI meant. Grants mentioning terms like lgbtq, tribal or black landed on cancellation lists labeled craziest grants or other bad grants. None so identified were moved to the Keep folder unless tied to favored initiatives. Termination emails were then sent from a private server bearing the acting director's name, though he later said he neither selected the grants nor drafted the letters. Efficiency, it seems, came with a chatbot and a grudge list. And that's the CyberWire. For links to all of today's stories, check out our daily briefing@thecyberwire.com be sure to check out this weekend's research Saturday and my conversation with Tomer Barr, VP of Security research at Safe Breach Labs. The research we're discussing is titled Prince of Persia, A Decade of Iranian Nation State APT Campaign Activity under the Microscope that's Research Saturday. Do check it out. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K senior producer is Alice Carruth. Alice has been a steady, generous force at N2K CyberWire, someone whose fingerprints are all over the quality and care our work is known for. As a senior producer, she's been instrumental in shaping T minus, bringing clarity, rigor and calm to a fast moving beat while also lending her sharp instincts and production wisdom across the cyber side of the house. She made hard things look easy and she did it with grace. More than that, Alice has been a trusted teammate, thoughtful, collaborative and always focused on making the work and the people doing it better. Today is her last day with us here at N2K CyberWire. We're thrilled for her as she steps into a true dream job, even as we'll miss her deeply here. Alice, thank you for everything you've given this team. We're cheering you on as you take on new challenges and can't wait to see what you do next. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music by Elliot Peltzman. Our Executive Producer is Jennifer Ivan. Peter Kilpe is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here next week. If you only attend one cybersecurity conference this year, make it RSAC 2026. It's happening March 23rd through the 26th in San Francisco, bringing together the global security community for four days of expert insights, hands on learning and real innovation. I'll say this plainly, I never miss this conference. The ideas and conversations stay with me all year. Join thousands of practitioners and leaders tackling today's toughest challenges and shaping what comes next. Register today@rsaconference.com cyberwire26 I'll see you in San Francisco. Ever wished you could rebuild your network from scratch to make it more secure, scalable and simple? Meet Meter, the company reimagining enterprise networking from the ground up. Meter builds full stack zero trust networks including hardware, firmware and software, all designed to work seamlessly together. The result? Fast, reliable and secure connectivity without the constant patching, vendor juggling or hidden costs. From wired and wireless to routing, switching, firewalls, DNS security and vpn, every layer is integrated and continuously protected in one unified platform. And since it's delivered as one predictable monthly service, you skip the heavy capital costs and endless upgrade cycles. Meter even buys back your old infrastructure to make switching effortless, transform complexity into simplicity, and give your team time to focus on what really matters, helping your business and customers thrive. Learn more and book your demo@meter.com cyberwire that's M E T E R.com cyberwire.