CyberWire Daily — "When Windows breaks and chips crack."

Date: February 11, 2026
Host: Dave Bittner (N2K Networks)
Main Interview Guest: Hazel Serra (U.S. Secret Service, Atlantic City Resident Agent in Charge)

Episode Overview

This episode provides a comprehensive roundup of major cybersecurity news, focusing on critical Patch Tuesday updates, global concerns about data sovereignty, escalating social engineering threats, and a wide-reaching espionage campaign. The highlight is an in-depth interview with Hazel Serra, outgoing Resident Agent in Charge for the U.S. Secret Service's Atlantic City office, exploring the agency's dual mission of protection and financial crime investigation, the parallels between presidential security and zero trust architecture, and best practices for both public and private sector security.

Key News and Analysis Segments

1. Patch Tuesday Highlights: Software and Hardware Under Siege

[00:56 – 04:08]

• Microsoft:
  • February patch addresses ~60 vulnerabilities, including six actively-exploited zero days.
  • Affected domains: Windows, Office, Azure, Shell, mshtml.
  • Admins strongly urged to prioritize immediate patching:

    "Administrators are strongly advised to apply these patches immediately."

• Adobe:
  • Updates for products ranging from Audition, After Effects, to Bridge and Lightroom.
  • Over 44 vulnerabilities, several rated critical, possible arbitrary code execution via malicious files.
  • No active exploitations reported yet.
• Industrial Automation & ICS/OT Vendors:
  • Siemens, Schneider Electric, Phoenix Contact, and Aviva release advisories for a dozen vulnerabilities.
  • Risks to control software, PLCs; mitigations provided.
• Intel & AMD:
  • Jointly address more than 80 flaws in CPUs, chipsets, and firmware.
  • Increased focus on hardening against hardware-assisted attacks.
• Key Message:
  • Threat actors are attacking both hardware and software layers.
  • Organizations must update endpoints, servers, industrial systems, and firmware to reduce risk.

2. Global Data Protection & Sovereignty

[04:09 – 06:25]

• TikTok vs. European Commission:

  • Preliminary ruling finds TikTok design elements may breach Digital Services Act.
  • Issues: Infinite Scroll, autoplay, ineffective screen time controls, risk to minors.
  • Potential consequences: Fundamental design changes and fines up to 6% of global turnover.

• Switzerland Cancels Palantir Contract:

  • Security audit flagged risk of U.S. intelligence accessing Swiss defense data.
  • Decision reflects growing global sensitivity about defense data jurisdiction and sovereignty.
  • Palantir's U.S. business remains robust despite European concerns.

3. Social Engineering and Identity Threats

[06:26 – 07:32]

• Payroll Fraud Case (Binary Defense):
  • Attackers exploited compromised mailbox credentials and social engineering, not malware.
  • Impersonated physician, pressured helpdesk to reset MFA, changed payroll info undetected.
  • Emphasizes identity as "the new perimeter."

    “This highlights identity as the new perimeter and urge[s] stronger verification and controls around payroll changes.”

• Google Data Disclosure Under ICE Subpoena:
  • Google provided British activist’s banking data based on a generic ICE request, without notification or legal challenge opportunity.
  • Civil liberties concerns: pattern of tech firms complying with broad DHS subpoenas under gag orders, risking privacy and data sovereignty.

4. Nation-State Threats and Espionage

[07:33 – 08:54]

• "Shadow Campaigns" – Unit 42/Palo Alto Networks:
  • Newly exposed espionage operation (TGR STA 1030 / UNC 6619), assessed as Asia-based.
  • Spanned phishing, exploit campaigns, targeting government, border, law enforcement across 37+ countries.
  • Extensive reconnaissance in 155 countries.
• Notepad Vulnerability:
  • New high-severity flaw in markdown feature enables remote code execution if a user opens a malicious file and clicks embedded links.
  • Microsoft patched; criticism of Notepad’s expanding feature set.

5. Surveillance and Privacy Concerns: Ring’s AI Search Party

[30:05 – 31:43]

• Ring's Super Bowl Launch – "Search Party":
  • AI-powered system to find lost dogs by leveraging neighborhood Ring doorbells.
  • Critics: Tech could easily be turned to tracking people, not just pets.
  • Privacy fears re-ignited amid Ring's renewed law enforcement integration push, despite efforts to appear more community-friendly.

Featured Interview: Hazel Serra (U.S. Secret Service Atlantic City Office)

[13:04 – 28:41]

The Secret Service’s Dual Mission

• Origins:
  • Founded in 1865 to combat rampant counterfeiting post-Civil War.
  • Presidential protection mandate added after President McKinley’s assassination (1901).
  • "So we have what's called a dual mission...protect the President...but we also investigate financial crimes." [14:07]
• Scope:
  • Investigation has evolved: Counterfeit → Credit card fraud → Identity theft → Cryptocurrency investigations.
  • Hazel's region includes Atlantic City’s casinos—hotbeds for financial crime trends.

Casino Security and Partnerships

• Hazel’s Approach:
  • Strong, ongoing collaboration with casino security directors.
  • Training and trend briefings shared regularly.

Presidential Protection and Zero Trust: Parallels in Practice

• Connection to Zero Trust:
  • Inspired by John Kindervag's zero trust model:

    "We don't trust anyone, anything. We have to verify continuously. And that's very similar to what the zero trust model is ours." [16:23]

  • Security is layered and relentless—applies equally wherever the President goes.

  • "We have over 120 years of protection experience, and I dare to say that nobody does it better than we do." [17:41]

Digital Reconnaissance & Proactive Security

• Dealing with Anonymous Threats:
  • Utilizes skilled analysts, partnerships (local/state/federal).
  • Successes in recovering victim funds, but prevention is key.
• Outreach to Vulnerable Groups:
  • Focus on elderly populations: “...by educating these groups, they go out and they start sending that message to their other friends and family. And that's really the best way to protect, you know, our people...” [19:13]
  • Example: Operation Cryptoguard—warning signs at Bitcoin ATMs have interrupted scams.

Lessons for Private Sector Executive Protection

• Beyond the Office:
  • Many companies only secure executives on-site:

    "...once you go home, you’re exposed again. So if you are an individual where you are the face of [an] organization and the organization isn’t protecting you at home, then you’re leaving yourself completely open and vulnerable." [21:18]

Transition to the Private Sector

• Hazel's Next Role:
  • After 25+ years, moving to BlackCloak (digital executive protection).
  • Observes that executive digital risk off-premises is barely addressed in the private sector:

    “...if the president was in an elevator, can somebody control it and trap us?...if the President is out there doing a speech and there is some digital screens in the back, can someone control that and put some kind of verbiage...that would create panic...” [23:28]

  • Sees synergy and opportunity to bring Secret Service-level rigor to executive digital security.

Interagency Cooperation

• Secret Service vs. FBI in Cyber Cases:
  • Varies by district and relationship:

    "I always say we are like a giant switchboard. You call one of us, you call all of us. We will get you to the right person." [25:48]

Final Words of Wisdom

• Believe in the Threat, Invest in Awareness:
  • "We truly believe in the threat and we believe that someone is going to get close…having those conversations with your people, security awareness is really important." [26:04]
  • Train those with “purse strings” separately and rigorously.
  • Personalize security training—it increases both buy-in and effectiveness:

    “...when you train your people, sometimes it's best to just train them on security, something that is personal to them…when you make it personal to your employee, that's when it's actually gonna click with your people..." [28:34]

Notable Quotes & Memorable Moments

• "Identity is a top attack vector." [00:11]
• "Administrators are strongly advised to apply these patches immediately." [01:55]
• On casino security:
  "We provide them with training so they're up to date with some of the latest and greatest trends in the financial crimes business." — Hazel Serra [15:45]
• On zero trust:
  "We don't trust anyone, anything. We have to verify continuously. And that's very similar to what the zero trust model is ours...we have a zero fail mission." — Hazel Serra [16:23]
• On interagency response:
  "You call one of us, you call all of us. We will get you to the right person." — Hazel Serra [25:48]
• Advice to organizations:
  "Train those with access to the purse strings separately...when you make it personal to your employee, that's when it's actually gonna click with your people..." — Hazel Serra [27:54 & 28:34]
• On Ring's new feature:
  "[Ring's] system...promises to reunite pets while quietly expanding a networked surveillance Dragnet. Even the YouTube comments seem to wonder whether this was really about dogs or was just a very good boy serving as a fig leaf." [31:10]

Key Takeaways for Security Professionals

• Urgent need to patch both software and firmware as attackers increasingly exploit vulnerabilities at all layers.
• Organizations must shift security emphasis from the corporate perimeter to identifying and verifying users—identity risk is paramount.
• Executive protection—both cyber and physical—requires a layered, "always-on" approach; limiting focus to the office or work hours leaves critical gaps.
• Security training must be personalized and relevant to staff’s daily lives to drive true behavioral change.
• Interagency coordination is critical; report incidents to any agency, which will guide you to appropriate resources.

For further reading, defensive indicators, and links to referenced stories, visit the full daily briefing at the CyberWire website.