A

You're listening to the Cyberwire network. Powered by n2k.

B

Identity is a top attack vector.

C

In our interview with Kavitha Mariapan from Rubrik, she breaks down why 90% of security leaders believe that identity based attacks.

B

Are their biggest threat. Throughout this conversation we explore why recovery.

C

Times are getting longer, not shorter, and.

B

What resiliency will look like in this AI driven world. If you're struggling to get a handle.

C

On identity risk, this is something you should tune into. Check out the full interview@thecyberwire.com Rubrik. Maybe that's an urgent message from your.

B

CEO, or maybe it's a deepfake trying.

C

To target your business. Doppel is the AI native social engineering.

B

Defense platform fighting back against impersonation and manipulation. As attackers use AI to make their tactics more sophisticated, Doppel uses it to.

C

Fight back from automatically dismantling cross channel.

B

Attacks to building team resilience and more Doppel outpacing what's next in social engineering? Learn more@doppl.com that's d o p e l.com.

C

Avanti 0 days trigger emergency warnings around the globe Singapore blames a China linked spy crew for hitting all four major telcos. DHS opens a privacy probe into ICE surveillance researchers flag a zero click RCE lurking in LLM workflows Ransomware knocks global government payment systems offline in Florida and Texas Chrome extensions get nosy with your URLs beyond trust scrambles to patch a critical RCE A Polish data breach suspect is caught eight years later We've got our Monday business breakdown.

B

Ben Yellen gives us the 101 on.

C

Subpoenas and federal prosecutors say two Connecticut men bet big on fraud and lost. It's Monday, February 9th, 2026. I'm Dave Bittner and this is your Cyberwire Intel Briefing. Thanks for joining us here today. It's great as always to have you with us. A wave of cyberattacks exploiting critical zero.

B

Day vulnerabilities in Ivanti Endpoint Manager Mobile.

C

Has prompted emergency warnings from governments and cyber agencies worldwide.

B

The flaws allow attackers to take control of managed mobile devices without authentication. Ivanti patched the issues in late January and warned customers to treat exposed systems as potentially compromised. The Dutch Data Protection Authority and Judicial Council confirmed breaches with work related staff data accessed. The European Commission also reported an attack on its mobile device management infrastructure, though it said the incident was contained quickly. CISA added one flaw to its known Exploited Vulnerabilities catalog, while agencies in Canada, Singapore and the UK warned of active exploitation. No public attribution has been made and investigations continue.

C

Singapore says a China linked cyber espionage group targeted all four of the country's major telecommunications providers in a sustained spying campaign.

B

The Cybersecurity Agency of Singapore said the.

C

Threat actor UNC3886 carried out a deliberate.

B

Targeted and well planned operation using advanced tools to gain covert long term access. The activity was first disclosed in July with details withheld pending national security review. Singapore later launched Cyber Guardian, its largest ever cyber incident response effort involving more than 100 defenders over 11 months. Authorities said attackers accessed parts of telecom networks and in one case limited critical systems, but found no evidence of service disruption or customer data theft, officials warned. Telecom infrastructure remains a prime target for.

C

State backed actors the Department of Homeland Security Inspector General has launched an investigation into potential privacy abuses tied to Immigration.

B

And Customs Enforcement surveillance and biometric data programs. In a letter to Senators Mark Warner and Tim Kaine, Inspector General Joseph Cuffari said his office has begun an audit examining how DHS collects, shares and secures personally identifiable information and biometric data used in immigration enforcement. The audit will assess compliance with federal law and whether these practices may have resulted in unlawful searches or privacy violations. The Senator's request highlights concerns raised by reporting on DHS technologies, including contracts with Palantir, Clearview, AI license plate data access, social media monitoring tools and biometric databases. Lawmakers argue DHS has shown disregard for civil liberties, raising questions about the responsible use of powerful surveillance tools.

C

Security firm LayerX has disclosed a critical.

B

Zero click remote code execution vulnerability that exposes a fundamental trust boundary failure in large language model workflows. The flaw affects Claude desktop extensions and allows full system compromise through a malicious Google Calendar event without user interaction or confirmation. LayerX rated the issue a maximum 10 out of 10, so citing more than 10,000 affected users and over 50 extensions. The problem is architectural rather than a traditional software bug. Claude's extensions run with full system privileges and can autonomously chain low trust data sources like calendars to high privilege execution tools. Researchers warned this creates unsafe trust violations in AI driven automation. Layer X disclosed the issue to Anthropic, which reportedly chose not to remediate it for now. A ransomware attack on BridgePay Network Solutions has disrupted payment systems used by local governments and businesses in Florida and Texas. The Florida based company said it's working with the FBI and the United States Secret Service to investigate and recover from the incident, but which caused system wide outages. BridgePay has not provided a restoration timeline, but said it does not believe payment card data was stolen. The outages forced cities including Palm Bay and Frisco to take online payment portals offline, directing residents to Pay in person. BridgePay processes about 40 million transactions monthly. No ransomware group has claimed responsibility, and restoration efforts remain ongoing.

C

A newly disclosed vulnerability in Google Chrome allows browser extensions to infer the full URL of any open tab without requesting traditional tab or host permissions.

B

Security researcher Luan Herrera reported the issue in January, showing that extensions using only the declarative. Net Request API can exploit timing differences between blocked and allowed network requests by dynamically injecting blocking rules and measuring page reload times. A malicious extension can reconstruct URL's character by character, leaking sensitive data such as OAuth tokens, password reset links and private queries. The flaw affects current, stable and development versions of Chrome and appears to stem from long standing architectural behavior in Chromium. Chromium developers have labeled the issue won't fix, citing infeasible mitigation. Herrera has urged clearer permission disclosures, warning users that minimal permissions can still expose browsing history.

C

Beyond Trust has warned customers to urgently patch a critical pre authentication remote code.

B

Execution flaw affecting its remote support and privileged remote access products. The vulnerability stems from an OS command injection issue discovered by researchers at Hacktron AI. The flaw allows unauthenticated attackers to execute arbitrary commands without user interaction. Beyond Trust has secured its cloud systems and urged on premises customers to upgrade, noting thousands of exposed instances remain at risk if unpatched.

C

Polish authorities have charged a suspect nearly.

B

Eight years after a major data breach at morel.net, one of the largest in the country's history. The 2018 breach exposed data for more than 2 million customers, including names, contact details, addresses and hashed passwords. Investigators initially failed to identify the attacker, but renewed efforts led to the arrest of a 29 year old suspect in January, according to the Central Bureau for Combating Cybercrime. The suspect has admitted the offenses and now faces up to two years in prison.

C

Turning to our Monday business breakdown, cybersecurity.

B

Funding and deal activity remained strong, with multiple companies announcing sizable raises and acquisitions across the sector.

C

Florida based Cyberfox secured a nine figure.

B

Growth investment led by Level Equity, marking its first external funding and signaling plans for product expansion, AI development and acquisitions. Blockchain intelligence firm TRM Labs raised $70 million at a valuation above 1 billion, while supply chain security firm RapidFort and agentic AI startup Outtake raised $42 million and $40 million respectively.

C

Additional funding went to startups including Orion, Radical, Casada and Several early stage AI.

B

Security firms on the M and A front level Blue agreed to acquire AlertLogic, while Varonis, Sempris and Westcon Comstore each announced acquisitions to expand their security portfolios.

C

Be sure to keep up on the latest business news by subscribing to our Cyberwire Pro Business Briefing.

B

You can find out more about that on our website.

C

Coming up after the break, Ben Yellen gives us the 101 on subpoenas and federal prosecutors say two Connecticut men bet big on fraud and lost.

B

Stay with us. What's your 2am Security worry? Is it do I have the right controls in place? Maybe are my vendors secure? Or the one that really keeps you up at night? How do I get out from under these old tools and manual processes? That's where Vanta comes in. Vanta automates the manual work so you can stop sweating over spreadsheets, chasing audit evidence and filling out endless questionnaires. Their trust management platform continuously monitors your systems, centralizes your data and simplifies your security at scale. And it fits right into your workflows. Using AI to streamline evidence collection, flag risks, and keep your program audit ready all the time.

C

With Vanta, you get everything you need.

B

To move faster, scale confidently and finally get back to sleep. Get started@vanta.com cyber that's V A N T A dot com cyber.

D

The world moves fast your workday even faster. Pitching products, drafting reports, analyzing data. Microsoft 365 Copilot is your AI assistant for work built into Word, Excel, PowerPoint and other Microsoft 365 apps you use, helping you quickly write, analyze, create and summarize so you can cut through clutter and clear a path to your best work. Learn more@Microsoft.com M365 copilot.

C

It is always my pleasure to welcome back to the show Ben Yellen.

B

He is from the University of Maryland.

C

Center for Cyber Health and Hazard Strategies and also my co host over on the Caveat Podcast. Ben, welcome back.

E

Good to be with you again, Dave.

C

This story caught my eye from the Washington Post. This is written by John Woodrow Cox with a provocative title, Homeland Security is targeting Americans with this secretive legal weapon. We're talking about administrative subpoenas here.

B

What's going on Ben?

E

So this article has a really interesting hook. So it's the story of a 67 year old Pennsylvania man who decided to email a prosecutor from the Department of Homeland Security actually in respons to a separate Washington Post article on the government's attempt to deport an Afghan individual who was seeking asylum in the United States because they feared Taliban retribution or retaliation. Okay, so it's a very brief message. He just said, like, common sense and decency indicates that we should grant this person asylum. Cut to a couple hours later, this individual receives a notice from Google saying that DHS had issued an administrative subpoena requiring Google to provide John's account information.

B

For his Google account.

E

Exactly.

B

Okay.

E

And after that, as kind of the fruits of that tree, agents from the department of homeland security joined with the local police department and appeared at this guy's house to question him about the message. So this is an administrative subpoena. The standard of obtaining that subpoena is far lower than most other what we would normally call in the legal world, searches or seizures. So you do not have to have probable cause for an administrative subpoena in any context. You just have to have reasonable suspicion, which is a lower standard. And administrative subpoenas are used for all different types of things. We see them frequently in the national security context. There's a specific administrative subpoena tool called national security letters. Those are even more severe than the type of subpoena we're talking about here, because those orders usually go to individuals who work for big tech companies. You know, you need to hand over this data, and it comes with a gag order. So it says, not only do you need to hand this over, you are forbidden from discussing the fact that you received this national security letter, and if you talk about it, you're going to get arrested and prosecuted. So this is not something that's unique to the Trump administration. DHS and all different types of federal agencies have used administrative subpoenas. There have always been complaints from civil liberties organizations that these are overbroad. They have the potential to chill free speech and expression. This is a way to have kind of a chilling effect on potential critics of an administration's policy. If you think that you can never go directly to a government official and express your opinion on a public issue because you think you're going to be harassed by DHS agents, then that's really going to chill somebody's speech and therefore somebody's first amendment rights. So we've seen this type of search proliferate even more over the past several years. And in response, we've seen some of these civil liberties groups call for not only quashing the subpoena in this case, saying that it was retaliatory and unconstitutional, but also a facial challenge against DHS's statutory authority to conduct these types of searches in the first place. So just a really, really interesting and kind of disturbing story.

C

Well, help me understand here, because in the news these days, we hear about stories about ICE and their authority and so on and so forth. And what I hear bandied about is these administrative subpoenas versus judicial subpoenas. Can you just give us the 101 on the difference?

E

Sure. So you can obtain a subo just through your own federal agency if it is an administrative subpoena. The difference between that and, say, a warrant is that it doesn't have to go in front of any type of neutral magistrate. It is just a much more insular proceeding if it's within the purview of the agency to obtain that administrative subpoena. Everything can be done internal to that agency. So it can be all DHS staff and employees who are the judge, jury and executioner of these administrative subpoenas, which kind of goes against the spirit of the Constitution, which, you know, in order to search our papers, which in this modern day and age includes our electronic communications, you need. You need to come with a warrant, come back with a warrant. But that's not the case here. I think what the legal argument that federal agencies would make is once this individual emailed a employee of the Department of Homeland Security, he forfeited his reasonable expectation of privacy in that information. And therefore, this isn't a search at all in the first place. And since it's not a search, you don't have to go through the rest of the Fourth Amendment process. Like, is this unreasonable? Does this require probable cause? I think that's why DHS could use an administrative subpoena. Here is they are the ones who received the email. If he had emailed this to his friend who didn't work for DHS and they had some type of suspicion, it might be a little bit more difficult to go that administrative subpoena route, still be kosher legally. But because this was an email he sent to somebody at the agency, I think their argument would be that he forfeited his reasonable expectation of privacy.

C

And is the very existence of this type of subpoena a practical one, that it would be overly burdensome to have to present or have to get judicial oversight on everything.

E

Right. Especially when you're talking about large volumes of records. Which agencies do. I mean, we've seen it with the National Security Agency. They've made use of certain types of administrative subpoenas to try and access information.

C

Yeah.

E

It would be far more burdensome if you had to go through the process of convincing a judge. Now for A lot of these things, like the judicial branch has been a rubber stamp, especially when it relates to national security matters. But, yeah, this is a way where you don't have to establish probable cause that a crime is being committed in order to receive the information you want to receive. There just has to be a policy interest on behalf of the agency. And so that. That really does change the calculus. And that's why this is such a popular tool among federal agen.

C

So is there any recourse for the gentleman named in this story if he feels as though his email account was unjustly accessed? That was an unreasonable search. Is there anything he can do?

E

No. He can complain to the Washington Post and their technology page and they can put it as an article.

C

No.

E

I mean, there isn't much recourse. These types of subpoenas have been upheld as constitutional. You know what? The type of legal recourse he does have is what the ACLU is doing on his behalf, which is trying to quash the subpoena in the first place, which is going to be difficult because there are also issues of mootness. Like this has already happened. Presumably the Department of Homeland Security has already obtained the information they need to obtain. So it's not really a live case or controversy anymore. But there might be future cases where the ACLU can challenge DHS's statutory authority, and the person who received this administrative subpoena could be part of that lawsuit in one way or another. So if you have some type of live controversy in the future, if a company who receives the subpoena, if Google decided that, like, hey, we're going to stand up for our customer base and we're going to refuse to comply, then. Then you get litigation. And the ACLU could join and argue with Google or whomever the company is, that this statutory authority is overbroad and is unconstitutional facially.

B

I see.

E

But until we get to that point, there is very little recourse for somebody who's suffered an indignity like this one.

B

I see.

C

All right, well, Ben Yellen is from the University of Maryland center for Cyber Health and Hazard Strategies and also my co host over on the Kentucky Caveat podcast. Ben, thank you for helping us understand all this stuff.

E

Always happy to do it, Dave.

A

All right, This episode is brought to you by indeed. Stop waiting around for the perfect candidate. Instead, use Indeed sponsored Jobs to find the right people with the right skills. Skills fast. It's a simple way to make sure your listing is the first candidate. C. According to INDEED data, Sponsored jobs have four times more applicants than non sponsored jobs. So go build your dream team today with Indeed. Get a $75 sponsored job credit@ Indeed.com podcast. Terms and conditions apply.

C

And finally, federal prosecutors say two Connecticut men turned online gambling promotions into a.

B

Long side hustle, allegedly defrauding FanDuel and rival betting sites of roughly $3 million.

C

According to a 45 count indictment. Amitaj Kapoor and Siddharth Lelani are accused of buying stolen personal data for about.

B

3,000 victims and using it to create thousands of fake accounts on platforms including DraftKings and BetMGM, all in pursuit of new user bonuses.

C

Prosecutors say the operation was methodical.

B

Kapoor allegedly kept the stolen identities neatly organized in a spreadsheet, while background check services helped answer verification questions. Winning bets were cashed out through virtual cards, then funneled into accounts they controlled. Authorities say the scheme ran for years, right up until it didn't. Both men now face charges ranging from wire fraud to money laundering, with decades of potential prison time on the line.

C

And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com don't forget to check out the Grumpy Old Geeks podcast, where I contribute to a regular segment on Jason and Brian's show every week.

B

You can find Grumpy Old Geeks, where all the fine podcasts are listed.

C

We'd love to know what you think of this podcast.

B

Your feedback ensures we deliver the insights.

C

That keep you a step ahead in.

B

The rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app.

C

Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's senior producer is Alice Carruth.

B

Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music by Elliot Peltzman.

C

Our executive producer is Jennifer Ibin.

B

Peter Kilpe is our publisher and I'm Dave Bittner.

C

Thanks for listening.

B

We'll see you back here tomorrow.

C

If you only attend one cybersecurity conference this year, make it RSG AC 2026.

B

It's happening March 23rd through the 26th.

C

In San Francisco, bringing together the global security community for four days of expert insights, hands on learning and real innovation.

B

I'll say this plainly. I never miss this conference. The ideas and conversations stay with me all year. Join thousands of practitioners and leaders tackling.

C

Today'S toughest challenges and shaping what comes next.

B

Register today@rsaconference.com cyberwire26 I'll see you in San Francisco.