Risky Bulletin: Denmark Recruits Hackers for Offensive Cyber Operations

Podcast: Risky Bulletin
Host: risky.biz
Date: February 6, 2026
Episode Summary Prepared by: Catalyn Kim Panu, Read by Claire Aird

Overview

This episode of Risky Bulletin focuses on Denmark's active efforts to recruit hackers for offensive cyber operations, alongside a rapid-fire rundown of major cybersecurity developments worldwide. Topics span public sector directives, international cyber warfare, insider breaches, compensation for past leaks, new criminal campaigns, and significant personnel changes in the infosec world.

Key Discussion Points & Insights

1. Denmark's Offensive Cyber Recruitment Initiative

• Denmark's military intelligence service (DDIS) is openly recruiting for offensive cyber operators.
• Key details:
  • Recruits undergo a five-month training course at the agency's "Hacker Academy".
  • No special prerequisites; selection is based purely on aptitude.
  • Signifies a transparent, merit-focused approach to national cyber capability building.

Quote:

"DDIS says it's only interested in aptitude and there are no special requirements for joining." — Claire Aird, [00:20]

2. US Federal Edge Device Security Alert

• CISA mandates all US agencies decommission unsupported edge devices within 12 months.
  • Agencies must catalog all devices and track end-of-life dates.
  • CISA will provide an initial list of non-supported devices.
• Driven by vulnerabilities in outdated hardware, aiming to avoid future cybersecurity incidents.

Quote:

"Agencies will be responsible for building a device inventory and monitoring end of life dates." — Claire Aird, [00:38]

3. AT&T & Verizon Block Cyber Incident Reports

• Both companies prevent release of Google Mandiant’s Salt Typhoon hack reports, citing attorney-client privilege.
• Senator Maria Cantwell pushes for forced disclosure, facing institutional resistance.

4. Russian Hackers Target Milano Winter Olympics

• Italian officials thwarted multiple attacks against Olympics-related sites, hotels, and ministries.
• Continues pattern of Russian cyber operations targeting Olympics after the country's athletic ban.

Quote:

"Russian hackers previously targeted Olympic events in 2024 and 2018." — Claire Aird, [01:09]

5. US Uses Cyber in Military Strikes Against Iran

• US military cyber units reportedly disrupted Iran’s Air Defense during strategic strikes.
  • The maneuver allegedly stopped Iran from launching surface-to-air missiles during attacks on nuclear programs.
  • Described as a highly sophisticated operation by US Cyber Command.

Quote:

"Cyber Command called it one of its most sophisticated actions against the country." — Claire Aird, [01:32]

6. Coinbase Insider Breach (2nd in a Year)

• Contractor sold user data to hackers—the breach affected 30 users.
• Discovered when "Scattered Lapsus Hunters" posted on Telegram.
• Contractor terminated.

Quote:

"This is Coinbase's second insider breach in the last year." — Claire Aird, [01:48]

7. Northern Ireland Police Data Breach Compensation

• Over 9,400 staff to receive £7,500 each following a mass data exposure (due to website misconfiguration).
• Compounding the issue, more officers’ names were mistakenly published after the compensation was announced.

8. Substack Security Breach

• October breach exposed user emails, phone numbers, and metadata.
• Substack learned of the compromise only recently, contacting those affected.

9. Cyber Attack Shuts Down Rome’s La Sapienza University

• The university, with 120,000+ students, took itself offline as a precaution and expects to resume next week.

10. $2.5M “Prince of Dubai” Scam

• Romanian businesswoman deceived by scammer posing as Dubai royalty for “humanitarian investment”.
• Authorities identified the perpetrator as a Nigerian national.

11. Incognito Dark Web Marketplace Sentence

• Rui Siang Lin, Taiwanese national, sentenced to 30 years in US prison for operating a dark web marketplace that traded $105M in illegal goods and services.
• Arrested in May 2024 at JFK Airport, after the platform’s closure and alleged theft from users.

12. New Cloud Attacks from “Team PCP”

• Active as of November, Team PCP targets misconfigured Docker, Kubernetes, Ray dashboards, and Redis databases.
• Data exfiltrated is ransomed via Telegram.

13. Rublevka Crypto Drainer Group

• Russian group “Rublevka” has stolen over $10 million through social media-linked fake crypto promotion sites and custom malware.

14. Android Security Lag

• Over 40% of Android devices are on outdated, unsupported OS versions.
• Only 7.5% run the latest (Android 16).

Quote:

"Only 7.5% of devices run the latest version of Android. Android 16 was released in June last year." — Claire Aird, [03:02]

15. Microsoft Appoints New Security Chief

• Hyatt Galop is the new EVP for security, replacing Charlie Bell.
  • Background: Google Cloud president for customer experience, ex-Microsoft with 15 years' tenure.
  • Bell transitions to a role focused on engineering quality.

16. Pinterest Layoff Tracking Script Fallout

• Two engineers fired after creating a script to monitor Slack username deactivation (correlating with layoffs).
• Pinterest claimed the tool accessed confidential data, shortly after a major workforce reduction (15%) as company pivots to AI.

Notable Quotes & Moments

• On Denmark’s recruitment openness:

  "DDIS says it's only interested in aptitude and there are no special requirements for joining." — Claire Aird, [00:20]

• On cyber operations against Iran:

  "Cyber Command called it one of its most sophisticated actions against the country." — Claire Aird, [01:32]

• On Coinbase’s insider trouble:

  "This is Coinbase's second insider breach in the last year." — Claire Aird, [01:48]

• On Android security:

  "Only 7.5% of devices run the latest version of Android. Android 16 was released in June last year." — Claire Aird, [03:02]

Timestamps for Major Segments

• [00:04] — Denmark recruits for cyber operations
• [00:29] — CISA directive on edge devices
• [00:52] — AT&T & Verizon block hack reports
• [01:09] — Russian hackers/Olympics attacks
• [01:21] — US cyber strike on Iran
• [01:44] — Coinbase insider breach
• [01:51] — Northern Ireland Police breach/compensation
• [02:12] — Substack breach
• [02:19] — La Sapienza attack
• [02:30] — “Prince of Dubai” scam
• [02:41] — Incognito Marketplace sentencing
• [02:52] — Team PCP cloud attacks
• [02:58] — Rublevka crypto scam
• [03:02] — Android patch stats
• [03:10] — Microsoft security leadership change
• [03:24] — Pinterest layoff script and firings

Tone & Style

Claire Aird delivers tightly crafted, matter-of-fact news bulletins, maintaining a brisk, journalistic style with emphasis on the essential facts and implications for the cybersecurity community.

This episode offers a fast, comprehensive sweep of global cyber threats, government mandates, and the human stories defining today’s risk landscape, all in less than four minutes.