Podcast Summary

Podcast: Daily Cyber Threat Brief
Host: Dr. Gerald Auger (Dr. Gerald Oer), Simply Cyber Media Group
Episode: 🔴 Feb 10’s Top Cyber News NOW! - Ep 1065
Date: February 10, 2026

Episode Overview

This episode delivers an in-depth analysis of the key cybersecurity news stories and threats relevant to industry professionals, with Gerald Auger’s signature blend of expertise, candor, and humor. The top stories include Chinese state-sponsored cyber activity, new AI-designed malware, the explosion of misconfigured OpenClaw AI agents, dangerous zero-days in cloud and AI tools, and the importance of patch management and GRC best practices. The conversation also features a live community Q&A ("jawjacking") with digital forensics expert Eric Taylor, discussing career advice and vulnerability management.

Key Discussion Points & Insights

1. China’s UNC 3886 Targets Singapore Telecom (13:57 - 20:49)

• China-linked UNC 3886 ran a targeted espionage campaign against all four major Singapore telecom operators, using a zero-day exploit and sophisticated rootkits.
• Singapore’s “Cyber Guardian” counter-operation claims to have ejected attackers, with no evidence of customer data compromise or service outages.
• Expert Insight: Dr. Auger is skeptical of Singapore's assurance:

  "As much as it sucks to say for Singapore to say, 'Oh no, we totally rooted them out and beat them back'—I don’t know, like, what level of confidence do you have in that?" (15:11)

• Context: China is highly skilled in telecom espionage. These nation-state campaigns often have intelligence, not data theft, as their primary objective.

2. AI-Built Linux Malware ‘VoidLink’ (20:49 - 28:03)

• "VoidLink" is an AI/LLM-generated Linux malware framework targeting multi-cloud environments, capable of credential theft, system fingerprinting, and kernel-level persistence.
• Gerald's Take:

  "What you see on the front end … is all pretty … [but] the back end could be duct tape, bubble gum ... just because you see commented code doesn’t mean it wasn’t human-reviewed—maybe they just didn’t clean it up." (22:13)

• The story shifts to discussing the detection of "vibe coded" (obviously AI-generated) scripts and the implications for defenders: more, faster, and buggier malware; need for better IAM and machine-identity governance.

3. Over 135,000 OpenClaw AI Instances Exposed (28:03 - 36:06)

• OpenClaw, an open-source AI agent platform, is widely and insecurely deployed—many public-facing instances are vulnerable to RCE and data leaks due to default settings.
• Real-World Risks:
  Dr. Auger spells out the GRC nightmare:

  "If you see this [OpenClaw] command in your network logs, immediately go to the end user's computer and say, 'What the hell are you doing?'" (29:50)

• Practical Guidance:
  • Look for OpenClaw connections/commands in logs.
  • Default configs mean AIs often have dangerous access—API keys, OS, secrets, etc.—and can be manipulated with prompt injections or Telegram without validation.
  • General Warning: "People are moving recklessly with these OpenClaw instances." (33:35)

4. Zero-Click RCE in Claude Desktop Extensions (36:06 - 38:43)

• Anthropic’s Claude desktop extensions had a zero-click CVSS 10.0 flaw: attackers could exploit a Google Calendar invite to run malicious code.
• Vendor Response Criticized:

  “Dude, that is a lazy, ridiculous argument. Anthropic's not going to fix this because you choose whether or not you install it? … That's the lamest excuse from a software vendor I've ever heard.” (36:50)

• Advice: Uninstall the extension—there’s no patch. Zero-click AIs raise the risk profile; users should exercise heightened caution.

5. China Rehearsing OT/ICS Cyber Attacks (43:27 - 48:24)

• Leaks reveal China uses "Expedition Cloud," a cyber range platform, to simulate attacks on regional critical infrastructure, including power and transport.
• Despite high operational expertise, human error remains (exposed FTP server with personal files and malware).
• Auger’s Take:

  "Technology doesn’t care what your politics are or what language you speak. If you set up insecure infrastructure, you will be punished for it." (46:05)

6. BridgePay Ransomware Incident (48:24 - 53:46)

• Processing outages at BridgePay (like Stripe) disrupted payments for small businesses.
• No card data stolen; motive was classic ransomware, not data theft.
• Speculation:

  "I am surprised the Secret Service and FBI are involved … Tinfoil hat me says, somebody at BridgePay has got friends in high places." (49:16)

• Broader Point: Not all ransomware incidents get federal attention—connection helps.

7. Latest Ivanti Zero-days Widespread Exploitation (53:01 - 57:15)

• Two unauthenticated RCEs in Ivanti Endpoint Manager Mobile (EPMM), affecting gov’t agencies, with nearly 1,300 exposed systems still at risk.
• Advice:
  Patch immediately; hunt for IOCs if you’re just now finding out:

  "[First] fix the problem, then see if you have an issue … Patch it, go threat hunting." (53:46)

8. Warlock Gang Exploits SmarterMail Vulns (57:15 - 57:54)

• Warlock ransomware used two SmarterMail bugs (RCE, auth bypass) to compromise about a dozen Windows systems, attempted to deploy ransomware via Active Directory.
• Advice:
  • Update SmarterMail immediately.
  • After fixing, thoroughly investigate for signs of compromise:

    "This is like a, pause the show, go get this sorted out." (57:54)

Notable Quotes & Memorable Moments

• On Vendor Responsibility (Anthropic / Claude extension):
  “We’re not going to patch Windows because you can use Mac. Like—what!? That doesn’t even make sense.” (36:50 – Dr. Auger)

• On China’s Espionage Approach:
  “Obviously, China didn’t do this [for customer records]. … That’s like going into Gordon Ramsay’s restaurant to order chicken nuggets.” (17:48)

• On the Influx of AI-malware and Tooling:
  “You don’t need to worry about Void Link today. What you need to worry about is faster malware being developed and pushed out.” (27:15)

• On Open Source AI Recklessness:
  "This is so 2026 … everybody’s going YOLO … people are moving recklessly with these OpenClaw instances." (28:50; 33:35)

• On Patch Management:
  "Fix it immediately … then go threat hunting. A lot of times people fix it and just move on to the next thing … you have to do some level of due care afterwards." (57:54)

Community Q&A: Jawjacking with Eric Taylor

(63:14 – ~90:00)

AI Tools & Career Discussion (63:14+)

• Agentic AI: Discussed using Claude Code, Anthropic, and Ollama for code generation and automation (parsing PDFs for IOCs).
• Advocates for experimenting with combinatorial models and automating threat intel extraction.

Resume & Cyber Career Guidance (72:21+)

• No universal resume format; keep it professional, avoid AI-generated/resume-builder clones; personalize where possible.
• Persistence matters—emailing after applying helps you stand out in an AI-dominated screening process.
• Anecdote:

  "Do not let platforms build your resume … to me, that’s a little lazy. I’d rather you put something together in Word." (72:23)

Vulnerability Management Advice

• Use vendor tools you know (e.g., CrowdStrike) and supplement with open-source (e.g., OpenCTI).
• Maintain external threat intelligence feeds; use custom tools (e.g., EPSS lookup).

Plugin & Extension Security

• Recommend using Microsoft Entra ID or Group Policy Objects (GPOs) for approved browser and extension whitelisting.
• Push for deny-all, whitelist-allowed model; monitor for unauthorized browsers and plugins.

Mentoring Non-Tech Entrants to Tech

• Help new entrants identify their interests (GRC, technical, IOT, etc.).
• Let them "tinker," explore different tracks, and focus on avoiding burnout.

Community Engagement & Personal Touches

• Tidbits Tuesday: Dr. Auger shares his own workflow—preferring dry erase boards and print-outs for big tasks despite digital tools, invites chat to discuss their approaches (39:15).
• Real Community Value: Shoutouts to regulars, encouragement to bring new listeners, praise for sharing insights live.
• Notable Humorous Bits:
  • Ongoing jokes about “vibe-coded” software.
  • “It’s like picking peanuts out of elephant poop vs. shutting down the whole circus.”
  • OpenClaw/FTP server/tax document cross-over banter.

Timestamps for Key Segments

• 13:57: UNC 3886 attacks Singapore Telecom
• 20:49: AI-Generated VoidLink Linux Malware
• 28:03: OpenClaw Cloud AI exposures
• 36:06: Claude Desktop Extension Zero-Click RCE
• 43:27: China's OT/ICS Cyber Range Training
• 48:24: BridgePay ransomware incident
• 53:01: Ivanti EPMM zero-days widespread exploitation
• 57:15: Warlock gang/SmarterMail vulnerabilities
• 63:13: Jawjacking live Q&A (Eric Taylor)
• 72:21: Resume/career advice segment

Conclusion & Takeaways

Overarching Themes:

• The acceleration of state-sponsored and sophisticated cyber threats, especially from China, is relentless and evolving with AI tools.
• The proliferation of insecure AI agents/platforms in both personal and enterprise settings creates new massive exposures.
• Patch fast, threat hunt afterward, communicate openly with your IT/security stakeholders.
• Human judgment—both attacker sloppiness and defender vigilance—remains critical.
• Community engagement, career advice, and personal methodology (even old-school tools!) are valued as much as technical acumen.

Actionable Guidance:

• Monitor for OpenClaw deployments in your org
• Patch Ivanti EPMM, SmarterMail, Claude desktop extensions ASAP
• Whitelist browser extensions, automate vulnerability ingest and tracking
• Encourage learning, experimentation, and cross-disciplinary skills for newcomers in the field

“Go out there and kill it, ladies and gentlemen ... always be curious!”
— Eric Taylor (89:23)

"I'm Gerald Oer. Until next time—stay secure. Let's go!"
— Dr. Gerald Auger (63:13)