CyberWire Daily – "Your phone works for them now."

Date: February 9, 2026
Host: Dave Bittner (N2K Networks)
Special Guest: Ben Yellen (University of Maryland, Center for Cyber Health and Hazard Strategies)

Overview:

This episode delivers the top cybersecurity news of the day, focusing on growing threats involving mobile device vulnerabilities, state-sponsored attacks, privacy concerns in US government surveillance, and legal education about subpoenas. A notable deep dive features Ben Yellen explaining how administrative subpoenas work in federal investigations. The episode also covers recent business developments in the cybersecurity industry and exposes a fraud case leveraging stolen data on gambling sites.

Key Discussion Points

1. Critical Zero-Day in Ivanti Endpoint Manager Mobile

[03:06 – 04:04]

• Governments and agencies worldwide issue emergency warnings after attackers exploit Ivanti Endpoint Manager Mobile (EPMM) vulnerabilities, allowing takeover of managed devices without authentication.
  • "The flaws allow attackers to take control of managed mobile devices without authentication. Ivanti patched the issues in late January and warned customers to treat exposed systems as potentially compromised." (B, 03:15)
• The Dutch Data Protection Authority, Judicial Council, and EU Commission confirm breaches, with quick containment but continuing investigations.
• CISA adds EPMM flaw to its Known Exploited Vulnerabilities list; active exploitation in Canada, Singapore, UK.

2. China-Linked Espionage Targets Singaporean Telecoms

[04:04 – 05:02]

• Singapore blames threat actor UNC3886, with a “deliberate, targeted and well-planned operation” (B, 04:22) accessing all major telecoms covertly over 11 months.
• "Telecom infrastructure remains a prime target for state-backed actors." (C, 05:02)

3. DHS Privacy Probe into Biometric and Surveillance Practices

[05:02 – 06:12]

• DHS Inspector General begins an audit following senators’ concerns about surveillance abuses through Palantir, Clearview AI, license plate data, social media monitoring, and biometrics in immigration.
  • "[The] audit will assess compliance with federal law and whether these practices may have resulted in unlawful searches or privacy violations." (B, 05:18)

4. Zero-Click Vulnerability in LLM Extensions

[06:12 – 07:14]

• LayerX reveals a critical, architecture-level flaw in desktop extensions for Claude LLM, allowing full system compromise via a malicious Google Calendar invite without user action.
  • “The problem is architectural rather than a traditional software bug...can autonomously chain low trust data sources like calendars to high privilege execution tools.” (B, 06:40)
• Anthropic notified but reportedly chose not to fix for now.

5. Ransomware Disrupts US Payment Systems

[07:15 – 08:02]

• BridgePay Network Solutions outage halts online payments for Florida, Texas governments; 40 million transactions/month affected.
• FBI and Secret Service involved; no evidence of payment card data theft yet.

6. Chrome Extension Privacy Risk

[08:02 – 09:11]

• Vulnerability allows Chrome extensions to infer full URLs of tabs, harvesting sensitive info with only basic permissions.
  • “Herrera has urged clearer permission disclosures, warning users that minimal permissions can still expose browsing history.” (C, 08:58)
• Chromium developers decline to fix due to infeasible mitigation.

7. Other Headlines

• BeyondTrust critical RCE flaw in remote support tools; urgent patching needed. (09:11 – 09:49)
• Polish police catch suspect in 8-year-old Morele data breach (2M+ customers). (09:49 – 10:27)

Industry Business Developments

[10:27 – 11:38]

• Cyberfox lands nine-figure investment for product expansion and AI development.
• TRM Labs raises $70M; RapidFort and Outtake raise $42M and $40M, respectively.
• Noteworthy M&As: LevelBlue acquires AlertLogic; Varonis, Sempris, and Westcon Comstore announce security portfolio expansions.

Legal Deep Dive: Administrative vs Judicial Subpoenas

Interview Segment with Ben Yellen
[13:52 – 22:29]

Case Highlight:

• A 67-year-old emailed a DHS prosecutor advocating for asylum rights. He then received notice his Google data was subpoenaed, followed by a DHS and police visit.

"This individual receives a notice from Google saying that DHS had issued an administrative subpoena requiring Google to provide John's account information."
— Ben Yellen (14:03)

Administrative Subpoenas Explained:

• Much lower standard than judicial subpoenas/warrants: Only requires “reasonable suspicion,” not “probable cause.”
• Agencies act independently: No requirement for judicial oversight—decisions made internally.
  • “It can be all DHS staff and employees who are the judge, jury, and executioner of these administrative subpoenas, which kind of goes against the spirit of the Constitution.” (E, 17:56)
• Used widely for national security and other federal investigations (including ICE/immigration cases).
• Can have chilling effects on free speech—civil liberties groups warn of overreach.
• National Security Letters are a more restrictive (and secretive) administrative subpoena with gag orders.

User Recourse and Legal Pushback:

• Little recourse for individuals. Can only mount broad legal challenges through organizations like the ACLU.
  • “There isn’t much recourse...if Google decided...to refuse to comply, then you get litigation.” (E, 21:05)
• Subpoenas validated as constitutional; only real hope is future statutory reform or high-profile litigation.

Memorable Explanations:

• On practicality:

  "It would be far more burdensome if you had to go through the process of convincing a judge. For a lot of these things...the judicial branch has been a rubber stamp."
  — Ben Yellen (19:59)

• On privacy forfeiture:

  "Once this individual emailed an employee of DHS, he forfeited his reasonable expectation of privacy in that information."
  — Ben Yellen (18:36)

Notable Cybercrime: Online Gambling Fraud Case

[23:30 – 24:55]

• Federal prosecutors charge two Connecticut men for using stolen identities to create thousands of fake gambling accounts, defrauding FanDuel and others for $3M in bonus schemes.
  • "Winning bets were cashed out through virtual cards, then funneled into accounts they controlled. Authorities say the scheme ran for years, right up until it didn't." (B, 24:09)
• Now facing charges from wire fraud to money laundering.

Notable Quotes & Moments

• On Zero-Day Exploitation:

  "The flaws allow attackers to take control of managed mobile devices without authentication."
  — B, 03:15

• On Chilling Effects of Surveillance:

  "If you think you can never go directly to a government official and express your opinion...because you think you're going to be harassed by DHS agents, then that's really going to chill somebody's speech."
  — Ben Yellen (16:37)

• Joke about legal recourse:

  “He can complain to the Washington Post and their technology page and they can put it as an article. No.”
  — Ben Yellen (20:58)

Timestamps for Major Segments

• 03:06 – Ivanti Zero-Day Attack Wave
• 04:04 – China-Linked Espionage on Singapore Telcos
• 05:02 – DHS Privacy/Biometric Audit
• 06:12 – LLM Workflow Zero-Click Flaw
• 07:15 – Ransomware Hits BridgePay
• 08:02 – Chrome Extension Data Leak
• 09:11 – BeyondTrust Critical Flaw / Polish Data Breach
• 10:27 – Cybersecurity Business Funding & M&A
• 13:52 – Interview: Ben Yellen on Subpoenas
• 23:30 – Gambling Promotion Fraud Exposed

Episode Tone

Objective, analytical, and brisk, with a mix of crisp reporting and educational commentary. The interview segment features conversational legal analysis with a touch of dry humor.