Patch or pull the plug.

A

You're listening to the Cyberwire Network, powered by N2K.

B

Most security conferences talk about Zero Trust Zero Trust World puts you inside this is a hands on cybersecurity event designed for practitioners who want real skills, not just theory. You'll take part in live hacking labs where you'll attack real environments, see how modern threats actually work and learn how to stop them before they turn into incidents. But Zero Trust World is more than labs. You'll also experience expert led sessions, practical case studies and technical deep dives focused on real world implementation. Whether you're Blue team, Red team or responsible for securing an entire organization, the content is built to be immediately useful. You'll earn CPE credits, connect with peers across the industry and leave with strategies you can put into action right away. Join us March 4th through the 6th in Orlando, Florida. Register now@ZTW.com and take your Zero Trust strategy from theory to execution. CISA cracks down on aging edge devices Congress looks to shore up energy sector security DHS facial recognition software may fall short. Romania's national oil pipeline operator suffers a cyber attack. The European Commission may fine TikTok for being addictive. Dknife is a China linked threat actor operating a long running adversary in the middle Campaign researchers say Open Claw is being abused at scale. Our guest is Mike Carr, Field CTO at Zona, talking about how Italy is thinking about protecting the 2026 Winter Olymp and a base jumper attempts a daring AI alibi. It's Friday, february 6, 2026. I'm dave bittner and this is your cyberwire intel brief. Foreign thanks for joining us here today. Happy Friday. It is great to have you with us. US Federal civilian agencies have been ordered to identify and remove aging network security gear before it becomes an easy entry point for attackers. The directive comes from cisa, which has issued a binding operational directive requiring agencies to inventory and replace end of support edge devices, including firewalls, routers and VPN gateways that no longer receive vendor patches. Agencies must immediately update supported equipment, produce a full edge device inventory within three months, and remove unsupported devices from networks within a year. A two year deadline follows for putting tracking systems in place to prevent future lapses. CISA says obsolete edge hardware has become a substantial and constant risk since compromised perimeter devices can provide fast access to internal systems. Acting CISA Director Madhu Garamukhala framed the move as part of a broader effort developed with the Office of Management and Budget to harden government networks against sustained cyber campaigns. A House Energy Subcommittee has advanced five bipartisan bills designed to strengthen the physical and cybersecurity of the United States energy sector. The measures focus on modernizing programs at the Department of Energy, hardening the electric grid and pipelines, and prioritizing cybersecurity for smaller and more vulnerable utilities. Key proposals include the Energy Emergency Leadership act, which expands doe's authority to respond to energy emergencies, and the Rural and Municipal Utility Cybersecurity act, extending cybersecurity support and grants for small and rural utilities through 2030. Other bills target grid resilience, pipeline cybersecurity and reauthorization of the Energy Threat Analysis center to improve threat analysis and information sharing. While the bills advanced unanimously, they still must clear full committee review, House and Senate votes and reconciliation. The effort aligns with doe's recent Liberty Eclipse exercise, which trains industry and government partners to respond to major cyber attacks on energy infrastructure. According to reporting by Wired, the Department of Homeland Security has deployed a face recognition app called Mobile Fortify nationwide without the level of privacy scrutiny that previously governed such technologies. Launched in spring 2025, the tool is used by immigration agents from Immigration and Customs Enforcement and Customs and Border Protection during street level encounters far from the border. Despite DHS describing Fortify as a way to verify identities, records and expert testimony show it only generates possible matches, not confirmations, and can easily misidentify people, including US Citizens reporting documents. Agents using the app on bystanders and protesters, often without consent and relying on factors like language or appearance to escalate stops. Fortify expands biometric collection into routine encounters, feeding long retained databases linked through DHS systems. Critics say the tool was fast tracked after DHS dismantled centralized privacy oversight, raising serious concerns about accuracy, civil liberties and unchecked surveillance. Powered by algorithms Romania's national oil pipeline operator Konpet said a cyberattack disrupted parts of its IT environment and knocked its website offline but did not affect oil transport operations. The company said operational technology systems including scada, remained fully functional and and contractual obligations were unaffected. Kahnpet has not confirmed a data breach, though the Ken Ransomware Group has claimed responsibility and alleged large scale data theft. Kahnpet says it is working with Romanian cybersecurity authorities to investigate and restore systems. Photo sharing platform Flickr is warning users about a potential data exposure tied to a vulnerability at a third party email service provider. The flaw may have exposed real names, email addresses, IP addresses, location data and account activity, though Flickr says passwords and payment details were not affected. The company shut down access within hours after being alerted on February 5 and has not disclosed how many users were impacted. Flickr is urging vigilance against phishing and a review of account settings. The European Commission says TikTok may face a major fine for violating the EU's Digital Services act by deploying addictive design features. Regulators preliminary findings say Infinite scroll, autoplay, push notifications and personalized recommendations encourage compulsive use and were not properly assessed for risks to users mental and physical well being, particularly minors. The commission found TikTok ignored warning signals such as late night use by children and frequent app openings. If confirmed, the violations could lead to fines of up to 6% of TikTok's global annual revenue. EU Tech Commissioner Henna Virkunin said platforms are responsible for user harm under the DSA. Regulators argue TikTok's existing safeguards are ineffective and say core design changes may be required to avoid penalties. Researchers at Cisco Talos say a China linked threat actor has operated a long running adversary in the middle framework dubbed D Knife since at least 2019. The Linux based toolset monitors and manipulates network traffic to deliver and manage backdoors such as shadowpad and Dark Nimbus, mainly targeting Chinese speaking users. Talos found overlaps with earlier spellbinder framework suggesting shared development. Dknif can hijack downloads, steal credentials and intercept encrypted traffic, reinforcing assessments that it is operated by China nexus threat actors. Researchers at bitdefender Labs warn that the fast growing open source AI project OpenClaw is being abused at scale by cybercriminals. OpenClaw, which has amassed more than 160,000 stars on GitHub, allows users to add skills that automate tasks across apps. Bitdefender found that about 17% of skills analyzed in early February were malicious. According to the research, attackers clone legitimate tools with subtle name changes and and hide harmful instructions in descriptions. Many of the malicious skills target cryptocurrency users stealing wallet keys or delivering malware on macOS, but researchers also observed spread into corporate environments. One account was linked to 199 fake skills. Bitdefender says users should treat AI skills like full software installs and verify them carefully before use. This week's Threat Source newsletter from Cisco Talos warns security professionals against rushing to adopt poorly vetted AI tools and highlights the growing risks at the network edge. Author Joe Marshall calls out OpenClaw for requiring users to hand over sensitive credentials and system access. According to the newsletter, those secrets are often stored insecurely while unvetted skills are already being actively exploited, making the platform a high risk proposition for users and organizations. The piece urges skepticism toward hype driven AI releases that prioritize convenience over security, arguing that users are being asked to absorb unreasonable risk. The takeaway is Hardened gateways audit firmware and binaries, enforce strong authentication and closely monitor network traffic because attackers increasingly operate where traditional endpoint defenses cannot see. Coming up after the break, Mike Carr from Zona talks about how Italy should be thinking about protecting the 2026 Winter Olympics, and a base jumper attempts a daring AI alibi. Stay with us. Ever wished you could rebuild your network from scratch to make it more secure, scalable and simple? Meet Meter, the company reimagining enterprise networking from the ground up. Meter builds full stack zero trust networks including hardware, firmware and software, all designed to work seamlessly together. The result? Fast, reliable and secure connectivity without the constant patching, vendor juggling or hidden costs. From wired and wireless to routing, switching, firewalls, DNS security and vpn, every layer is integrated and continuously protected in one unified platform. And since it's delivered as one predictable monthly service, you skip the heavy capital costs and endless upgrade cycles. Meter even buys back your old infrastructure to make switching effortless, transform complexity into simplicity, and give your team time to focus on what really matters helping your business and customers thrive. Learn more and book your demo@meter.com cyberwire that's M E T E R.com cyberwire foreign. If securing your network feels harder than it should be, you're not imagining it. Modern businesses need strong protection, but they don't always have the time, staff or patience for complex setups. That's where Nord layer comes in. Nordlayer is a toggle ready network security platform built for businesses. It brings vpn, access control and threat protection together in one place. No hardware, no complicated configuration. You can deploy it in minutes and be up and running in less than 10. It's built on zero trust principles so only the right people can get access to the right resources. It works across all major platforms scales easily as your teams grow and integrates with what you already use. And now Nordlayer goes even further through its partnership with CrowdStrike, combining NordLayer's network security with Falcon endpoint protection for small and mid sized businesses. Enterprise grade security made manageable. Try Nordlayer risk free and get up to 22% off yearly plans plus an extra 10% with the code CYBERWIRE10. Visit nordlayer.com cyberwire daily to learn more. Mike Carr is field CTO at Zona. I recently caught up with him to discuss how Italy should be thinking about protecting the 2026 Winter Olympics.

C

I'm a little atypical because I look at those events from this perspective. Right. My brain has always been wired for the logistics and the stuff under the covers that's happening there. So looking at an event this large, it's really about the compromises that those organizations are making under the covers around speed of deployment versus security. There's a lot of places where because their ephemeral networks or their temporary shortcuts get taken that probably shouldn't be taken in full time type configurations, but they matter just as much or more.

B

Well, tell us about the setup of something like this. I mean, obviously it takes years to prepare an event venue for something of this scale. But at the same time, as you say, this isn't a permanent installation.

C

Yeah, it's very temporary. Right. And it's a lot of overlapping pieces that don't really fit quite right. So we have external network access, we have internal network access, we have badge scanners and physical equipment being bridged out to the Internet or maybe just internally to a network. And there isn't really a comprehensive owner in some of these situations, which is problematic. Right. In a single organization, if I go to one of my customers and say, should it be A, B or C, there's an adult that can make that decision. In an organization that's single threaded. But across a situation like this where you have so many different separate parties engaged, you know, stuff like that either falls through the cracks or somebody just makes a decision to move forward because time is always against them.

B

Can you give us some examples of some of the things that you would find concerning with this project like this?

C

Absolutely. So, you know, we hear from customers at Zona all the time that vendors want to do what's best for them. And I mean, that's their business. They're supposed to, but it turns into things like wireless hotspots being added to networks in places where they don't belong, or access not, you know, being approved or even documented just to make things go a little faster or a little smoother. And that can lead to unknown attack vulnerabilities. Right.

B

Hmm. What, what do you suppose the bad guys would be after in a situation like this? Are there things that have a big red bullseye on them?

C

It's a great question. So looking at the previous attacks and the environment we live in today, I think there's a couple of different main driving factors. The first is financial. That comes in a couple of different segments. The first is being able to, you know, access funds that aren't yours. Right. Being able to attack credit card processing systems or ticketing systems and extract funds, ransomware is a huge factor today these days. Right. The ability to turn off an event that the whole world is watching presents a lot of time and financial pressure for an organization to, you know, succumb to those demands. Similarly, a stage like this, globally, where everyone is paying attention, is a place that folks who want to, to be heard in terms of messaging can be seen very quickly. Right. If you have something you want to make the world hear and you turn off the thing that everybody's watching, you kind of have their undivided attention.

B

What do you suppose the folks in charge of security are focused on in these weeks leading up to the event itself? Where do you suppose things stand right now?

C

I'd say at this point, the focus is actually making the implementation match the thing that they drew on the whiteboard over the last couple of years. To your earlier point. Right. This. There. There's the perfect world that you want to live in and you can draw that on a whiteboard and kind of make a best level of effort. And then there's the reality of the situation when you get there and the patch cable's 20ft too short or the WI fi doesn't reach to this area, or nobody told you that the vendor needed this port coming in or this port coming out. The reality of implementation is where it kind of all goes pear shaped.

B

Yeah. And as you say, I mean, the opening ceremonies happen when they happen, there's no putting them off for a day.

C

Yeah, we had that outage a couple of years ago at a Super Bowl. Right. The power went out in the facility and everybody just stared at their televisions impatiently until they got it sorted out. And that's, that's the reality of the physical world for these, these sorts of large scale events right there. Everything has to go right for this to work, which is very similar to security. Like, even if it isn't a security issue, just having the power be out for half an hour while they tried to get everything back on to continue? The folks that are running these events have to be right 100% of the time. And security vulnerabilities, attackers only have to be right once in order for it to work out for them.

B

Are there lessons that we can take away from large events like this that, you know, the folks defending their own networks can apply?

C

You know, from our perspective at Zona, I think the biggest, you know, key 10,000 foot takeaway is that you are a target. And I think that's something that's been changing here in the last couple of years, especially from, you know, this first attack in Ukraine, is that you are specifically being attacked, and you need to act as if that is the case. We can't continue to keep our head in the sand around, hey, nobody knows about me. I'm just some little podunk water treatment plant or OT facility. Nobody cares about me. You're specifically on people's radar. Similarly, all these events are becoming targets because of the visibility and the financial opportunity there. So trying to be prepared, as prepared as you can be, I think, is the. Is the key takeaway here. And to be prepared, that means you have to really understand what is going on in your environment and in your network. And in a lot of these places, again, there isn't a comprehensive single owner that can say, ah, yes, I can say with authority, do these things and not those things. Because it's a hodgepodge of different organizations coming together temporarily that we really need. Everybody involved needs to be as focused as they can be on the security of the implementation.

B

Yeah. I mean, it strikes me that we talk so much in cybersecurity about supply chains and that this is a tangle of supply chains. Right. Of so many interconnecting parts that have to all function together to make an Olympic Games possible.

C

Absolutely. And as more things become digital, it gets more tangled. Understanding that my dad went to the 1984 Olympics in LA and he loved it. He had a paper ticket in his hand. He didn't have a smartphone. Right. He handed the guy the ticket. And I mean, that comes with some drawbacks. You can't forget your ticket and still make it. But the world was a different place.

B

You probably signed a few travelers checks. Exactly.

C

Right. Like, come on.

B

Right. It was a different world.

C

But, you know, that's pros and cons. If we just think about the idea of public WI fi in these spaces, or even just the cell towers in those spaces, they weren't designed for the sorts of load that they are experienced those couple of times a year for these huge events. We've all been to these sorts of games where suddenly your cell phone just isn't working, or it's working at the speed of smell. We can't really. It just doesn't work the way you expect it to. And that's true for everybody who's trying to conduct business and maintain security through these events as well.

B

Yeah. All right, well, Mike, I think I have everything I need for our story here. Is there anything I missed? Anything I didn't ask you that think it's important to share.

C

I think my closing words are that security is no accident. It's an active thing we have to be paying attention to, and it comes in a lot of knowns and also a lot of unknowns. And so taking some time to evaluate the whole environment is key.

B

That's Mike Carr, Field CTO at Zona.

D

The world moves fast. Your workday even faster. Pitching products, drafting reports, analyzing data. Microsoft 365 Copilot is your AI assistant for work built into Word, Excel, PowerPoint and other Microsoft 365 apps you use, helping you quickly write, analyze, create and summarize so you can cut through clutter and clear a path to your best work. Learn more@Microsoft.com M365 Copilot this episode is.

A

Brought to you by Indeed. Stop waiting around for the perfect candidate. Instead, use Indeed sponsored Jobs to find the right people with the right skills fast. It's a simple way to make sure your listing is the first candidate C According to Indeed data, sponsored jobs have four times more applicants than non sponsored jobs. So go build your dream team today with Indeed. Get a $75 sponsored job credit@ Indeed.com podcast. Terms and conditions apply.

B

And finally, federal prosecutors say a California thrill seeker may have let gravity and Instagram get the better of him. Jack Propek of Mission Viejo is charged after allegedly base jumping from Glacier Point in Yosemite national park during last year's government shutdown. Investigators say the case began with a tip about an Instagram video showing the jump helpfully zooming in on the jumper's face mid descent. License plate data placed Propek's car in the park, and photos showed him wearing the same distinctive purple mirrored sunglasses seen in the video. When contacted, Propek denied being the jumper, claiming, wait for it, artificial intelligence had pasted his face onto the footage. Park rangers were unconvinced Base jumping is illegal in national parks, and officials say shut down or not, the rules still apply. Propek, who is representing himself, is due in court in April, Gravity having already had its say. And that's the Cyberwire. For links to all of today's stories, check out our daily briefing@thecyberwire.com be sure to check out this weekend's Research Saturday and my conversation with Pieto Voltia, head of threat intel and platform at Abnormal AI. We're discussing their work inbox prime AI, a new phishing kit fueling scalable AI powered cybercrime. That's Research Saturday. Check it out. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music and sound design by Elliot Heltzman. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here next week.

C

Foreign.

B

If you only attend one cybersecurity conference this year, make it RSAC 2026. It's happening March 23rd through the 26th in San Francisco, bringing together the global security community for four days of expert insights, hands on learning and real innovation. I'll say this plainly, I never miss this conference. The ideas and conversations stay with me all year. Join thousands of practitioners and leaders tackling today's toughest challenges and shaping what comes next. Register today@rsaconference.com cyberwire26 I'll see you in San Francisco.