A

You're listening to the cyberwire network. Powered by n2k.

B

Identity is a top attack vector. In our interview with Kavitha Mariapan from Rubrik, she breaks down why 90% of security leaders believe that identity based attacks are their biggest threat. Throughout this conversation we explore why recovery times are getting longer, not shorter, and what resiliency will look like in this AI driven world. If you're struggling to get a handle on identity risk, this is something you should tune into. Check out the full interview@thecyberwire.com Rubrik. Maybe that's an urgent message from your CEO, or maybe it's a deepfake trying to target your business. Doppel is the AI native social engineering defense platform, fighting back against impersonation and manipulation. As attackers use AI to make their tactics more sophisticated, Doppel uses it to fight back from automatically dismantling cross channel attacks to building team resilience and more Doppel outpacing what's next in social engineering? Learn more@doppl.com that's d o p e l.com. We got your patch Tuesday Updates Preliminary findings from the European Commission come down on TikTok. Switzerland's military cancels its contract with Palantir Social engineering leads to payroll fraud Google hands over extensive personal data on a British student activist. Researchers unearth a global espionage operation called the Shadow Campaigns. Notepad's newest features could lead to remote code execution. Our guest is Hazel Serra, resident agent in charge of the Atlantic City office for the United States Secret Service. And Ring says it's all about dogs, but critics hear the whistle. Foreign. It's Wednesday, February 11, 2026. I'm Dave Bittner and this is your Cyberwire Intel Briefing. Thanks for joining us here today. It's great to have you with us. This month's Patch Tuesday brought a wide range of security updates from major software and hardware vendors urging organizations and users to apply patches promptly to mitigate active threats and emerging risks. Microsoft's February security update fixes around 60 vulnerabilities across Windows Office Azure, across Windows, Office, Azure, and related components, including six actively exploited zero days. These flaws span security feature bypasses, elevation of privilege, remote code execution, denial of service, and information disclosure bugs. Several of the zero days affecting Windows, Shell, mshtml, and Office were publicly disclosed or exploited prior to the update. Administrators are strongly advised to apply these patches immediately. Adobe released updates covering multiple products, including audition, after effects, InDesign, Bridge, Lightroom, Classic, Substance 3D apps, and the DNG SDK. The patches address over 44 vulnerabilities with several rated critical that could lead to arbitrary code execution if a user opens a malicious file. To date, Adobe has not reported active exploitation of these flaws in the wild. Several industrial automation vendors, including Siemens, Schneider Electric, Phoenix Contact and Aviva have published security advisories for their ICS and OT products as part of this Patch Tuesday cycle. These advisories cover a dozen vulnerabilities impacting control software, PLCs and related devices and provide fixes, mitigations or configuration guidance to reduce risk in industrial environments. Both intel and AMD released multiple advisories for vulnerabilities in their hardware and Firmware, with over 80 flaws addressed across CPUs, chipsets and related technologies. These updates include a range of severity levels and underlying ongoing efforts by chip vendors to harden platforms against both software and hardware assisted attacks. This patch Tuesday underscores that attackers are targeting both software and hardware layers, from exploited Microsoft zero days to critical Adobe flaws and a broad set of chip vulnerabilities. Organizations should prioritize patch deployment across endpoints, servers, industrial systems and firmware to reduce exposure the European Commission has preliminarily found that TikTok's design may breach the Digital Services act by promoting addictive use through features like Infinite Scroll, Autoplay, push notifications and personalized recommendations. Regulators say TikTok failed to properly assess risks to users mental and physical well being, especially minors, and ignored indicators of compulsive use. Existing screen time and parental controls were deemed ineffective. The commission suggests TikTok may need fundamental design changes and could face fines of up to 6% of global turnover if violations are confirmed. Switzerland's military has ended its contract with Palantir after a security audit found a significant risk that US Intelligence agencies could access sensitive Swiss defense data. While auditors praised Palantir's technical capabilities, the potential exposure was unacceptable for Switzerland's neutrality. The decision raises broader questions about data sovereignty and may prompt other non NATO states, including Ukraine, to reassess similar partnerships. Despite this reputational setback In Europe, Palantir's US business remains strong, highlighted by a recent $448 million Navy contract. Financially, the Swiss exit is minor, but it underscores growing international unease over jurisdictional control of defense data. Researchers at Binary Defense investigated a payroll fraud incident in which attackers redirected a physician's salary using social engineering rather than malware. The scheme began with compromised credentials for a shared mailbox, likely obtained in a prior breach. After studying internal emails, the attacker impersonated a locked out physician in a help desk call, pressuring staff to reset the password and MFA using the organization's own virtual desktop infrastructure. The attacker then accessed workday and changed direct deposit details, evading detection because the activity appeared legitimate. The breach was only discovered when the physician missed a paycheck, researchers warn. This highlights identity as the new perimeter and urge stronger verification and controls around payroll changes. Google has complied with an ICE subpoena seeking extensive personal data on British student activist and journalist Amandla Thomas Johnson, including banking and credit card details linked to his Gmail account, according to documents obtained by the Intercept. The request followed Thomas Johnson's brief participation in a 2024 protest at Cornell University and cited only a generic immigration enforcement rationale. Google disclosed the data without prior notice, denying him the chance to challenge the subpoena. Civil liberties groups including the EFF and aclu, warn the case reflects a broader pattern of tech companies quietly cooperating with DHS surveillance requests, often under gag orders. Privacy experts say the episode raises serious concerns about data sovereignty, transparency and user rights, and highlights the need for stronger legal protections governing government access to to digital data. Palo Alto Networks Unit 42 has published a major analysis of a global espionage operation it calls the Shadow campaigns tracking a state aligned cyber espionage group designated TGR STA 1030, also known as UNC 6619. The group, assessed with high confidence to operate out of Asia, has been active since at least 2024 using phishing and exploitation of known vulnerabilities to compromise government ministries, law enforcement, border control and other critical infrastructure entities in at least 37 countries, and has conducted reconnaissance against infrastructure in 155 countries. The campaigns appear focused on long term intelligence collection tied to geopolitical and economic interests. Unit 42's report details the group's techniques, tooling and targets and has shared defensive indicators to help organizations better detect and mitigate this widespread espionage threat. Researchers have identified a high severity flaw in Notepad's recently added markdown support that could enable remote code execution. The bug allows attackers to trick users into opening a malicious markdown file and clicking an embedded link, triggering execution via unverified protocols with the user's permissions. Microsoft has patched the issue and says there's no evidence of active exploitation. The finding renews criticism of expanding Notepad's feature set, which ships enabled by default. Coming up after the break, my conversation with Hazel Sarah, resident agent in charge of the Atlantic City office for the United States Secret Service and Ring says it's all about dogs, but critics hear the whistle. Stay with us. What's your 2am Security worry? Is it Do I have the right control?

A

Maybe?

B

Are my vendors secure? Or the one that really keeps you up at night? How do I get out from under these old tools and manual processes? That's where Vanta comes in. Vanta automates the manual work so you can stop sweating over spreadsheets, chasing audit evidence, and filling out endless questionnaires. Their trust management platform continuously monitors your systems, centralizes your data, and simplifies your security at scale. And it fits right into your workflows, using AI to streamline evidence collection, flag risks, and keep your program audit ready all the time. With Vanta, you get everything you need to move faster, scale confidently, and finally get back to sleep. Get started@vanta.com cyber that's V A N T A dot com cyber. Hazel Serra is resident agent in charge of the Atlantic City office for the United States Secret Service. I recently sat down with her to discuss the evolution of the Secret Service's investigative mission. So before we get going here, I would love to get a quick description of the origin story for the U.S. secret Service.

A

Oh, absolutely. This is kind of interesting. So the organization started in 1865, and the reason that it got started was because there was a very large problem with counterfeit. Over one third of the money being circulated was counterfeit. So after the Civil War, they said, well, you know, something needs to be done, and they created the Secret Service. So we were doing a great job investigating counterfeit currency.

B

And.

A

And then after the assassination of President McKinley in 1901 was when they designated our agency to protect the presidents. And that's why we have what we call the dual mission.

B

So I want to start out with a little bit of level setting, because I think probably like a lot of folks in our audience, when I think Secret Service, the first thing I think is you all protect the President.

A

And that is correct. We do. But that's not all we do.

B

So educate me here. What else does the Secret Service provide our great nation?

A

So we have what's called a dual mission. So not only do we protect the President and also their families and foreign heads of state, but we also investigate financial crimes. So where we started investigating counterfeit currency, that moved to credit card fraud, identity theft, and now most recently, cryptocurrency investigations.

B

Yeah, I guess I was familiar that the Secret Service dealt with counterfeiting. So I guess that does tie into things like crypto these days.

A

Correct? Yes.

B

And so what has your part been in that in your office in New.

A

Jersey, as far as the investigation goes.

B

The investigations, and trying to track down People who are up to no good when it comes to these things.

A

Well, I am responsible for four districts in my office. So anything that happens in any of those districts that any of those investigations we have to respond to. So in my district I have all the casinos in Atlantic City. So that requires a lot of relationships and having be able to talk to my partners and have my agents responsible to respond to those incidents. But not only that, we do get a lot of investigations that involved protective intelligence. So. So anytime that someone makes a threat against one of our protectees, we have to go out there and talk to that person and make sure that they're not going to carry that out.

B

So I mean, talking about the casinos in particular, I would suspect that's a place where a lot of people are trying to do various things with money.

A

Yes, yes, no, they are. And I am very friendly with most of the security directors in all the casinos. We meet on a regular basis and we do discuss any types of trending fraud attempts that go on in the casinos. And we also provide them with training so they're up to date with some of the latest and greatest trends in the financial crimes business.

B

I know you've shared some parallels between the mission of protecting the President and this whole notion of zero trust in cybersecurity. Can you flesh that out for us?

A

Yes. So I actually had been privy to a presentation by John Kinderbag. I'm not sure if you know who he is, but he's the godfather of the zero trust model. And when I heard him speak, I immediately made that connection of our zero fail mission because it's very similar. We don't trust anybody. And just cause you get into one layer of security in our perimeter, doesn't mean that we're gonna allow you into the next one. We don't trust anyone, anything. We have to verif continuously. And that's very similar to what the zero trust model is ours. You know, we have a zero fail mission. There's very little room for error. There's really no room for error. So we have to really stop and analyze and put layers upon layers of protection. Everywhere that the President goes. We don't just protect the White House, we protect him everywhere. That is done intentionally. So we have to protect him wherever he goes in the country. And when we do that, we basically apply the same standard that we have at the White House. With multiple, multiple teams, multiple people, lots of talents, lots of resources. It's a very large footprint.

B

So you all are the OG defense in depth organization?

A

Yes, absolutely. We have over 120 years of protection experience, and I dare to say that nobody does it better than we do.

B

Tell me about digital reconnaissance and what part that plays these days in this. This digital world. Being able to keep track of folks who may be out there trying to do someone harm.

A

Well, that's a layered approach as well, and a very challenging approach because of some of the anonymity that people can do online and basically hide behind the computer. So it is a very challenging crime. But we have had lots of success with it. We have some of the best tracers in the country. We have many analysts that will take a little bit of information and be able to build at a case from it. And a lot of it really works on working in a partnership with some of our other sister agencies, our other local and state partners, and really all of us just coming together in order to investigate these types of crimes. And like I said, we have had a lot of success, but it is very challenging. And we have been able to return many of the funds that we have been able to receive. We have been able to return it back to the victims, but that's very. It doesn't happen very often, unfortunately.

B

Yeah. I mean, is it fair to say that you all focus a lot of your time and attention on being proactive so that you don't have to be reactive?

A

Absolutely. That really is the best piece of advice, is to go out there, do some outreach. I spend a lot of time speaking to some of the organizations that have elderly populations because they're mostly targeted. And what I say to them is, the reason that you're being targeted is because you have acquired lots of wealth in your life. That's really the reason why. And by educating these groups, they go out and they start sending that message to their other friends and family. And that's really the best way to protect, you know, our people, because there's a lot of money that is leaving our country, unfortunately, because of these scams, and there's not a whole lot that they can do once it happens. Like I said, it's very challenging. So being proactive is the best thing that we could do. Education is a large piece of it. We have partnered with our local prosecutor's office in order to go out there and present to these groups. And, you know, we've done even lots of social media campaigns on cryptocurrency and how not to become a victim. We actually had an operation, we called it Operation Cryptoguard. And we had basically identified all the bitcoin ATM machines. In the area. And we now went out and put up warning signs that, hey, these are the red flags to look for if you're going to send some money out. Do you know the person on the other side that you're sending this money to? Because that alone is a red flag. How did you meet this person? And actually, you know, it's hard because we don't really know if it's really working right. Like, we just put them up and that's it. But I actually got a call from one of my federal partners and said that they had a friend that went to one of the Bitcoin ATM machines and they were about to put in their life savings and they saw the sign and it stopped. So it does work.

B

Wow. Well, for the folks in our audience who are tasked with protecting executives, not quite the level of the President of the United States, but there are some lessons here that transfer.

A

Yeah, no, absolutely, they do. With the Secret Service, you know, we don't just protect the White House, we protect the president. And why do we do that? We do that because he is well known, he represents our country. He is the most powerful person in the world. And, you know, what I've seen is that many of the private sector organizations are still just protecting the walls of their organization. They're not protecting you after you leave. Hopefully they have a secure phone that you're using. But once you go home, you're exposed again. So if you are an individual where you are the face of organization and the organization isn't protecting you at home, then you're leaving yourself completely open and vulnerable.

B

Now, I understand that you're in the process of winding down your public service and taking a shift to the private sector. Can you share with us what your plans are?

A

Yes. So I have been with the agency for 25 years and eight months, and I've loved every minute of it. It's really bittersweet leaving. I love the miss. You know, I think that the mission has a lot of synergy with the fact that we have investigations and protection. And I've seen the world and have made many relationships, but as with anything else, you know, it comes to an end. And I was just recently offered a position to work for an organization that has a very similar mission objective. And, you know, what I do best is our mission. So that came very natural to me. And I'm not going to stop doing protection. So that makes me very happy. And I accepted a position with Blackcloak and they do digital executive protection, which is really fascinating to me. Because I did what we call in the Secret Service, critical systems protection. And it's very similar where, you know, we've been doing this for years. I mean, I was a baby agent, and this was back in the. Yeah, it was like back in 2000s. I know you're like.

B

You were a teenager, right?

A

Teenager. But what I say by baby agent is just that, you know, I was young. It was my phase one. I was in the field. Cause we have three different phases. And when I was in the first phase of my career, we were already doing these kinds of things. Like, we were already monitoring the network. We were already, you know, very concerned that if the president was in an elevator, can somebody control it and trap us in there? Are we, you know, we were concerned that if the President is out there doing a speech and there is some digital screens in the back, can someone control that and put some kind of verbiage that would say fire, you know, evacuate or something that would create panic. Right. So all those things are, you know, were being thought of back then. We haven't really crossed that road here with the private sector. It seems like it's in discussions, but this organization really hit the, you know, the nail right on the head. I mean, it's amazing. I thought that, you know, the CEO is a genius for identifying this gap.

B

Well, I know Chris Pearson and the CEO of Blackcloak. He's been a good friend of the Cyberwire show for many, many years. Now. I won't inflate his ego by calling him a genius, but he certainly is.

A

He is to me. Well, good enough.

B

He's not my boss.

A

He's not my boss yet either.

B

Okay, fair enough. Fair enough. Help me understand the relationship between the federal organizations, because I think in cyber. We certainly hear of the FBI being an active player here, probably more than the Secret Service. Is that fair?

A

So I say it really depends on the district that you're in. Right? It depends on the relationships in that particular state or county. So, for example, they're in my district. My parent office is Philadelphia. There are certain cases that we know the FBI is working on, and we have a great relationship. We'll talk about it and say. And we'll know that we'll refer that to them. What I generally tell people, because the common question is, who do I call? Who do I call? If something's happening, who do I call? I always say we are like a giant switchboard. You call one of us, you call all of us. We will get you to the right person.

B

The point is, call Any words of wisdom for the folks in our audience who are tasked with protecting their. Not only their executives, but their organizations? Based on your decades of experience with the Secret Service, what would you like to leave people with?

A

Well, what I want to leave people with is that it is important to talk to your people and have them understand the threat. I think that what makes a Secret Service successful is that we truly believe in the threat and we believe that someone is going to get close. Mina, we see it all the time. We have people that call our office that are mentally disturbed. They'll show up. They have strange affinities to our protectees. Some of them think that they are related to them. So we believe it and we understand it, and we have this. This mindset that someone is going to cause us harm. And you have to train your people to understand it and believe that threat. And if they don't believe that there's a threat and they're just going, you know, doing their job, just helping people, then that's when they're gonna become targets because they're not thinking about that threat seriously. So having those conversations with your people, security awareness is really important. And especially the people that have access to the purse strings, we see those are continuously being targeted. So that they need a special kind of training. Not. Not your general one where, you know, don't click on the link thing. They need, like, their own. Like, hey, these are the types of. These are the types of scams that you could be presented to you. So those people need to be trained individually, not individually, but, you know, they need to be trained separately. And then the other thing that I would say is think that when you train your people, sometimes it's best to just train them on security, something that is personal to them. You know, again, not this whole click on a link thing. Something about maybe how to protect yourself online, how to protect yourself if you're dating online, you know, how to protect your home, how to protect your Internet at home. Because I really, truly believe that when you train people to have a security mindset, that is going to 100% trend into the workplace. So those people are gonna buy in to the fact that there's a threat. There's a threat everywhere. I should be a little bit more careful about what I do at work because I know that these threats exist. So when you make it personal to your employee, that's when it's actually gonna click with your people, because they're gonna know that you care about them and about their security and not just about the bottom line in the business.

B

This that's Hazel Sarah, resident agent in charge of the Atlantic City office for the US Secret Service. The world moves fast. Your workday even faster Pitching products, drafting reports, analyzing data Microsoft 365 copilot is your AI assistant for work built into Word, Excel, PowerPoint, and other Microsoft 365 apps you use, helping you quickly write, analyze, create, and summarize so you can cut through clutter and clear a path to your best work. Learn more@Microsoft.com M365 Copilot this episode is.

A

Brought to you by Indeed. Stop waiting around for the perfect candidate. Instead, use Indeed Indeed sponsored jobs to find the right people with the right skills fast. It's a simple way to make sure your listing is the first candidate. C According to Indeed data, sponsored jobs have four times more applicants than non sponsored jobs. So go build your dream team today with Indeed. Get a $75 sponsored job credit at Indeed.com podcast terms and conditions appreciate and.

B

Finally, Ring used its Super Bowl Spotlight to announce Search Party, an AI feature framed as a heartwarming way to find lost dogs by turning an entire neighborhood's doorbell cameras into a canine manhunt. Upload that photo of Rover, the ad suggests, and suddenly every Ring Cam is on patrol, scanning sidewalks with the enthusiasm of a TSA beagle. Privacy critics note the joke lands a little sideways. Technology built to find runaway Labradors could just as easily be repurposed to track people. After years of backlash over police partnerships, Ring briefly rebranded itself as a Porch Moment curator. But founder Jamie Simonoff's return has brought a renewed push for AI and law enforcement integration. The result is a system that promises to reunite pets while quietly expanding a networked surveillance Dragnet. Even the YouTube comments seem to wonder whether this was really about dogs or was just a very good boy serving as a fig leaf. And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music by Elliot Peltzman. Our executive producer is Jennifer Ibin. Peter Kilby is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. Foreign. If you only attend one cyber security conference this year, make it RSAC 2026. It's happening March 23rd through the 26th in San Francisco, bringing together the global security community for four days of expert insights, hands on learning and real innovation. I'll say this plainly, I never miss this conference. The ideas and conversations stay with me all year. Join thousands of practitioners and leaders tackling today's toughest challenges and shaping what comes next. Register today@rsaconference.com cyberwire26 I'll see you in San Francisco.