A

You're listening to the Cyberwire Network powered by N2K.

B

The world moves fast. Your workday even faster Pitching products, drafting reports, analyzing data Microsoft 365 copilot is your AI assistant for work built into Word, Excel, PowerPoint and other Microsoft 365 apps you use, helping you quickly write, analyze, create and summarize so you can cut through clutter and clear a path to your best work. Learn more@Microsoft.com M365 copilot. A senior FBI cyber official warns Salt Typhoon remains an ongoing threat Data protection authorities issue a joint statement raising serious concerns about AI image creation A Japanese semiconductor equipment maker confirms a ransomware attack New number formats seek to reduce AI overhead A low skilled Russian speaking threat actor compromised more than 600 Fortinet Fortigate firewalls. Spanish authorities have arrested four alleged members of anonymous CISA tags, a pair of round cube webmail flaws Cybersecurity stocks fell sharply on news of a new security feature in Claude AI we got your Monday business breakdown. Brandon Karpf and Maria Vermazes join me to discuss sovereignty in space and cyber and digital disruption Drains drumsticks. It's Monday, February 23rd, 2026. I'm Dave Buettner and this is your Cyberwire Intel Brief. Thanks for joining us here today on a snowy day here in the dmv. It's great to have you with us. A senior FBI cyber official warns that Salt Typhoon, the Chinese espionage group behind the 2024 compromise of US telecommunications infrastructure, remains an ongoing threat to both public and private sectors. Speaking at cyber Talks in Washington, D.C. michael Machtinger said organizations that engaged early with the FBI and CISA were most successful in limiting damage reporting. Previously found the telecom sector struggled with basic cybersecurity weaknesses and fragmented networks, which Salt Typhoon exploited for persistent access. Machtinger emphasized that simple vulnerabilities, not advanced zero day exploits, were the primary entry points. With phishing and legacy systems still common attack vectors, he urged organizations to adopt fundamental practices such as zero trust and least Privilege access. Salt Typhoon's campaign has reportedly affected more than 80 countries and continues to pose a significant threat. Data protection authorities from around the world, coordinated by the International Enforcement Cooperation Working Group, have issued a joint statement raising serious concerns about artificial intelligence systems that generate realistic images and videos of identifiable people without their consent. The signatories highlight that while AI image and video tools can offer benefits, they've also enabled non consensual intimate imagery, defamatory depictions and other harmful content, with particular risks for children and vulnerable groups. Organizations developing or deploying such technology are reminded to comply with applicable privacy and data protection laws and to implement strong safeguards to prevent misuse. The statement calls for meaningful transparency about system capabilities and risks, effective mechanisms for individuals to request removal of harmful AI generated content, and enhanced protections where children are depicted. It emphasizes that technological advancement should not come at the expense of privacy, dignity and safety. Japanese semiconductor equipment maker Advantest confirmed it suffered a ransomware attack after detecting unusual activity in its IT environment on February 15. The company said a third party may have accessed parts of its network and deployed ransomware. Advantest activated incident response protocols, isolated affected systems, and engaged external cybersecurity experts. The investigation remains ongoing, and it's unclear whether customer or employee data was impacted. The company has not reported significant operational disruptions and says it will provide updates as it assesses the full scope of the incident. Artificial intelligence has fueled a surge in new digital number formats as engineers seek to reduce computation time and energy use by shrinking bit counts. While AI systems can operate effectively with 16, eight or even fewer bits, scientific computing fields such as physics and engineering require far greater dynamic range and precision. In an interview in the IEEE newsletter, Laszlo Hunhold, an AI engineer at OpenChip, argues that traditional 64 bit standards are excessive for most tasks but still better suited for scientific workloads than many AI optimized formats. AI data tends to follow predictable distributions and tolerates lower precision, whereas scientific applications must accurately represent extremely large and small values. Hunholt developed a new format called Takum, inspired by Posits but redesigned to preserve dynamic range even when bits are reduced. He says Takums are specifically tailored to scientific computing, addressing limitations in existing low bit formats. A low skilled Russian speaking threat actor used commercial generative AI tools to compromise more than 600 Fortinet Fortigate firewalls across 55 countries, according to an AWS security blog. The financially motivated campaign ran from January 11 through February 18 and relied on scanning Internet exposed management interfaces and credential reuse rather than exploiting new vulnerabilities. The actor used AI to generate attack plans, write Python and go tooling and automate reconnaissance, lateral movement and credential theft using well known open source tools. AWS assessed the activity as opportunistic, noting the attacker often failed against patched systems or closed ports. No AWS infrastructure was involved. Amazon Threat Intelligence expects continued AI adoption by lower skilled actors and recommends strong patching, credential hygiene, network segmentation and improved post exploitation detection as primary defenses. Spanish authorities have arrested four alleged members of Anonymous Fenix for launching distributed denial of service attacks against government ministries, political parties and public institutions following the 2024 Dana floods. Guardia Civil detained two suspects last week, adding to two earlier arrests in May of last year. The group claimed the targeted entities were responsible for the flood tragedy. A court ordered the seizure of its X and YouTube accounts and the closure of its Telegram channel. Police said several attacks were successful. Those specific targets were not disclosed. CISA has added two round cube webmail flaws to its known Exploited Vulnerabilities catalog, citing active exploitation and ordered federal agencies to patch within three weeks. The first is a critical remote code execution bug flagged as exploited shortly after its June 2025 patch. The second, patched in December of last year, allows unauthenticated cross site scripting via SVG animate tags. CISO warned the vulnerabilities pose significant risks to federal networks and set a March 13 remediation deadline. Cybersecurity stocks fell sharply after Anthropic introduced a new security feature in its Claude AI model that scans code bases for vulnerabilities and suggests patches. CrowdStrike dropped 8%, CloudFlare fell 8.1%, SailPoint slid 9.4% and Okta declined 9.2%, while the Global X Cybersecurity ETF sank 4.9% to its lowest level since November 2023. Investors worry that AI native tools could reduce demand for traditional security software by enabling users to generate and secure code themselves. Broader software shares have also struggled with the iShares Expanded Tech Software Sector ETF down more than 23% this year. Analysts say AI may ultimately benefit cybersecurity, but near term volatility is likely as AI provider expand into security focused offerings and compete for budget dollars. Many of these stocks seem to have rebounded in early pre market trading today. Turning to our Monday business breakdown, RRSA conference named 10 finalists for its Innovation Sandbox contest, awarding each $5 million to accelerate growth. The cohort spans fraud prevention, AI code security, identity governance and application security startups across the us, Israel, Canada and the uk. Funding momentum continues across the sector with major raises including Cogent Security at $42 million, Venice at 33 million, Segura and Volnchek at 25 million each Lima AI and Opaque at $24 million and Compliance at $20 million. Smaller rounds went to Olyro, Varialabs and Sydelfi. Mergers and acquisitions also surged, with Palo Alto Networks planning a $400 million acquisition of Israeli AI security startup COI. Check Point acquired three AI focused firms for over $150 million. While Proofpoint, Kicard, Endor Labs and Quantum Leap each announced strategic buys. The deals signal strong investor appetite for AI driven security, governance and agent focused protection platforms. Coming up after the break, my conversation with Brandon Karf and Maria Vermazes about sovereignty in space and cyber and digital disruption. Drains drumsticks. Stay with us. No, it's not your imagination. Risk and regulation really are ramping up and customers expect proof of security before they'll sign that deal. That's where Vanta comes in. VANTA automates your compliance process and brings compliance, risk and customer trust together on one AI powered platform. Whether you're preparing for SoC2 or managing an enterprise governance risk and compliance program, Vanta helps keep you secure and keeps your deals moving. Companies like Ramp and RYTR spend 82% less time on audits with Vanta. That's not just faster compliance, that's more time for growth. Take it from me, if you're thinking about compliance, take the time to check out Vanta. Get started@vanta.com cyber.

A

This episode is brought to you by indeed. Stop waiting around for the perfect candidate. Instead, use Indeed sponsored jobs to find the right people with the right skills fast. It's a simple way to make sure your listing is the first candidate. C. According to INDEED data, sponsored jobs have four times more applicants than non sponsored jobs. So go build your dream team today with Indeed. Get a $75 sponsored job credit at Indeed.com podcast. Terms and conditions apply.

B

It is always a treat for me when I welcome into the studio Brandon Karp. He is the leader of international Public Private Partnerships at ntt. Brandon, welcome.

C

Thank you, Dave. You look just as good as you sound today, sir.

B

Thank you. And that laugh our listeners surely recognize is my colleague Maria Vermazes.

C

Hi.

B

Giving me the amount of respect that I truly deserve. She is the host of the T Minus Space Daily podcast. Maria, welcome.

A

Thank you, Dave. It's always a pleasure. And hello, Brandon.

C

Hi, Maria.

B

So I want to talk about digital sovereignty today, both in space and cyber. A hot topic and one I think is pretty darn important. Maria, let's start off with space. It was actually a space story that caught my eye when it comes to this. Is it fair to say that nations around the world are looking to decrease their dependence on the us?

A

We're seeing a lot of money going into this, especially from Europe, into the amounts of billions of euros being invested in sovereign space communication systems, sovereign space, you name it, type of space systems. Basically, there has been talk of sovereign space Access for a long time from especially European sectors. But I think 2025 was the first year we saw some very serious money from another, a number of European countries going towards this effort. So I think Europe is really taking this seriously. Of course, it takes many years for something like this to get up and running. So it's not like the satellites are going to be up on orbit tomorrow. But it is a huge driver of a lot of space activity in Europe. So we're seeing a lot of money going to European contracts. And a lot of the rhetoric is also, instead of being sort of an implied thing, it's very explicit now. There was a big space conference that was in Europe just right before we recorded this episode. And that was all of the rhetoric was explicitly our space traffic data, our space infrastructure. It all needs to be made by Europeans, governed by Europeans, for Europeans. There's no bones about it, basically.

B

Well, Brandon, how about in cyber? What are you seeing in your travels?

C

Yeah, we're encountering the same drive towards digital and supply chain sovereignty and cyber, for sure. You know, in. I travel to Japan for work quite often, and I was also recently in Taiwan and the conversations around cloud infrastructure, sovereign cloud, not even just public cloud, which is what we're, you know, mostly used to in the US but actually sovereign cloud, where data does not leave the national boundaries of Japan or Taiwan. Japan's implementing this right now as we speak. Taiwan is. I was in conversations with senior government representatives just in December, and they're talking about acquiring services that are totally sovereign. So the data never leaves the geographic boundaries of those regions. And the challenge there is there's a lot of US cloud providers that just can't architecturally do that right now. There's, in fact, very few who can. And so this has broadly been a challenge for those types of organizations.

B

Yeah, I mean, let's talk about the practicality of this, the degree to which it is actually possible. You know, I think in regular conversation, you hear folks talk about how if we wanted to build an iPhone, for example, here in the US that we simply don't have the capability to do that right now.

A

Yep.

B

What does the rest of the world face when it comes to untethering themselves from the U.S. so let's stay with cyber for the moment, Brandon.

C

Yeah, so I mean, they're facing first, foremost cost, broadly speaking. There are benefits of the push towards sovereign cloud and data sovereignty. And then there are challenges for US Companies. Of course, I think the primary challenge we could see is a shifting away from US Standardization and how US decides to move data and the architectures we tend to use and the technologies we use. And as more countries, again, these are large countries with massive multibillion dollar markets, as they start pushing towards sovereignty, the US Companies will lose a little bit of control over where that goes. Now, some of those US Companies will play in that space, but that means that those organizations, whether it's Microsoft or Google or Oracle or what have you, need to invest in those new technologies. So it's a big new capital expenditure that requires building data centers. It's one of the things that my company is focused on. Right. NTT builds data centers. One of the things we do. And so it's why we're having these conversations. But means those companies need to invest in that infrastructure so that, I mean, massive capital expenditure for those organizations. But at the same time, you know, it's beneficial to the people in those countries in those organizations. You know, anecdotally, you know, people talk about sovereignty and it's a highfalutin term, but, you know, this comes down to like in high school, right? Or in college, you know, you've got a bunch of friends, you know, I went to the Naval Academy and a bunch of Rowan buddies, you know, we were taking crazy pictures, going out on the weekends, and they all have these pictures of me. And probably the.

A

Are you sure you want to put this on a podcast?

B

Highly specific, Brandon.

C

Exactly. You know where I'm going with this. And you know, they have data about me that I don't really want out there in the world. You know, you think about a young.

A

My email is Maria Vermoz.

C

Okay, exactly. And so, you know, and how many of us have had those experiences personally of. Okay, someone else has information about us that we don't necessarily want them to have control over. They get to my buddy Luis, he gets to decide who sends that picture of me in a specific tank top. And he knows if he listens to this, which one I'm talking about. And that's this principle of sovereignty of like when the data is sovereign, when it is, the architecture is localized, the laws, the regulations, the controls are also localized. And so if you're in Japan and you're leveraging a sovereign cloud architecture, if you're leveraging a sovereign AI tool and a model that is localized, the laws of Japan, which, by the way, are incredibly strict on privacy protection, apply to you, as opposed to just relying on the US Kind of laissez faire open. You know, you get what you get. You know, we've got a social safety Net, but it's located on the ground and it's covered in spikes. Right. So it's just a little bit different.

A

Right.

B

So, but let me use space is an example here, Maria. I mean, to what degree do you think that we're talking about true sovereignty versus shifting alliances and allegiances? In other words, has the experience that folks are going through right now put them off of partnerships altogether or are there still practical considerations, I think about space and if your nation's closer to the equator, you got an easier time chucking stuff up into orbit.

A

Right. That is the scientific term, is chucking up.

B

Thank you very much.

A

Yes. Yeah. I mean the practicalities of space, I mean, the very easy one is how do you get there in a lot of things in global space, A lot of other countries and international organizations follow the United States lead on policy and how regulations, for lack of a better term, because the US has been the big dog on that front for a long time. But I'm thinking about ESA and India specifically. Right now that mentality is changing. More partnerships are happening without the United States to try and secure access to space without going through the United States. But the reality is, for example, going back to Europe, them trying to put more of their own sovereign satellite constellations onto orbit. They do have a sovereign rocket, the Arian 6. They have their own spaceport, but they do not have the launch capacity anywhere close to what the United States can do. They can't get things into space nearly as quickly as we can. So in a lot of cases they're still having to launch their sovereign satellite constellations through the United States on American launch vehicles. The hope is that that will change, but that also takes a long time to use the massive cliche. Space is hard. Getting, getting rockets to launch is a lot harder than people think because it literally is rocket science. So there are going to be a lot of practical constraints for some time. And same thing for as other nations and international organizations create their own regulations and policies and norms. A lot of them are still cribbing the United States. But I do think that is going to change when you have these off the record conversations with people. I just had some last week actually, before we recorded this episode. There is an element of while we're going and driving hard towards sovereign space, we still have to work with the United States and a lot of things, if only for components. And if you know that there's a lot of restrictions on what the nations are wanting to do versus what they actually can do, simply because we've had a Large head start in the United States, but that's not going to last forever. A lot of other nations are quickly catching up. So the idea that this is going to be a US Exclusive thing, to say nothing of China, that, that's, that's definitely not going to last. So I think it would behoove folks in the United States who are in this world to really think hard about how they can maintain these relationships, because I know ESA and India are, especially in Australia, for that matter. They're working hard on creating their own pathways that kind of circumvent the United States.

B

Brandon, what opportunities does this bring for a nation like China?

C

Yeah, that's, that's exactly kind of the direction I wanted this to go in. Because listening to Maria, I thought of a couple things. First, I thought of Mark Carney's speech at the World Economic Forum. Oh, yeah. And if a listener, if someone on this, you know, who's listening to this show hasn't listened to that speech or read it, please go do so. There's a transcript posted online for the World Economic Forum, but he really outlines what is the kind of shifting economic and geopolitical and industrial perspective of the world, which is moving away from the United States and how that is opening up opportunities for other countries. But all three of us here are located in the U.S. we're very interested in the success of the U.S. in the success of our economy and the citizens of the US and that is a challenge that we have to confront, which is what Maria just outlined is going to drive increased investment in other nations in their domestic capacity, in their sovereign technologies, sovereign businesses, in the growth of their localized economies. So if they, you know, if at any level of analysis, whether it's a, you know, small, you know, microeconomic analysis or market analysis or what have you, you know, those markets are growing. US Market maybe not shrinking, but not growing as quickly. Now, that's good for those other markets, not as good for the US Market. As an individual, you're going to want to get, you know, invested if you can somehow get exposure to those international markets. But what it does for China, and we've seen this again, bringing it back to Mark Carney. Canada signed a big trade relationship and agreement with China now, and now they're importing Chinese electric cars. And so, I mean, that's, that's a huge deal.

B

It's a huge deal.

C

I mean, I mean, I don't know if anyone's been to Detroit, but Canada's right next door. You could get dinner in Detroit and then go See an after dinner show in Canada right there. Right. So you know, they're no longer going to be importing U.S. electric vehicles. And so imagine the exact same type of thing happening in the space technology industry. Or you, you know, these other types of manufacturing heavy industries of China's going to take advantage of this. They typically do. They're very forward thinking. So not only will the localized markets in Ecuador or other launch nations be growing around these spaceports, but also in cloud technologies as well. But also China is going to be getting deeper and deeper entrenched. Again, both of those situations hurting the American market.

B

Before I let you go, Brandon, you have a session at the upcoming RSAC conference in San Francisco. Can you give us a sneak peek of that?

C

Yeah. So I mean, everything we talked about today really has to do with risk analysis, risk forecasting. And so I'm hosting a workshop, a learning lab at RSA at the end of March. So RSA is coming up soon. Everyone who's attending, I just encourage you to sign up and register. There's only 56 available seats in my learning lab. The title of it is First Principles Risk Forecasting From Theory to Practice. The number is Lab2T09. And again, 56 seats, you gotta reserve it ahead of time, so look that up. My session will be on Tuesday at 1:15 in the afternoon. Two hour session, hands on practical risk analysis, risk forecasting for your organizations. And I'll actually be co hosting that with Rick Howard, previously of the Cyberwire.

A

That's awesome.

B

All right, well, Brandon Karf is leader of international public private partnership partnerships at ntt. And Maria Vermazes is host of the T Minus Space daily podcast. Thank you both for joining us.

C

Thanks Dave.

A

Pleasure as always.

B

No, it's not your imagination. Risk and regulation really are ramping up and customers expect proof of security before they'll sign that deal. That's where VANTA comes in. VANTA automates your compliance process and brings compliance, risk and customer Trust together on one AI powered platform. Whether you're preparing for SoC2 or managing an enterprise governance risk and compliance program, VANTA helps keep you secure and keeps your deals moving. Companies like Ramp and RYTR spend 82% less time on audits with Vanta. That's not just faster compliance, that's more time for growth. Take it from me, if you're thinking about compliance, take the time to check out Vanta. Get started@vanta.com cyber. New spring arrivals are at Nordstrom Rack stores. Now get ready to save big with up to 60% off rag and Bone, Marc Jacobs, Free people and more. How did I not know Rack has Adidas? Cause there's always something new. Join the Nordy Club to unlock exclusive discounts. Shop new arrivals first and more. Plus, buy online and pick up at your favorite Rack store for free. Great brands, great prices. That's why you Rack. And finally, a cyber attack at Hazeldean's, a major chicken processor in central Victoria, Australia, has done what few things can it has left pubs and butchers staring into empty fridges. After computer issues escalated last week, the company shut down on site WI Fi, disrupting packaging operations and halting deliveries. Hazeldine says it's working with cybersecurity investigators and authorities to restore systems and determine what happened. The ripple effects were immediate. Wholesalers scrambled for alternate suppliers when the usual 2am deliveries failed to arrive. One local butcher found not a single box of chicken waiting for the town's pubs or supermarkets. The local hotel confirmed the grim reality. No chicken. With limited communication and uncertain timelines, businesses are left improvising. And Victoria has learned that when WI Fi goes down, sometimes dinner does too. All bad news. Unless, of course, you're one of the chickens. And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com our CyberWire lead producer is Liz Stokes. We're mixed by Trey Hester with original music by Elliot Peltzman. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. If you only attend one cyber security conference this year, make it RSAC 2026. It's happening March 23rd through the 26th in San Francisco, bringing together the global security community for four days of expert insights, hands on learning and real innovation. I'll say this plainly. I never miss this conference. The ideas and conversations stay with me all year. Join thousands of practitioners and leaders tackling today's toughest challenges and shaping what comes next. Register today@rsaconference.com cyberwire26 I'll see you in San Francisco.