Patch or pull the plug.

CISA cracks down on aging edge devices. Congress looks to sure up energy sector security. DHS facial recognition software may fall short. Romania’s national oil pipeline operator suffers a cyberattack. The European Commission may fine TikTok for being addictive. DKnife is a China-linked threat actor operating a long-running adversary-in-the-middle framework. Researchers say OpenClaw is being abused at scale. Our guest is Mike Carr, Field CTO at Xona, talking about how Italy should be thinking about protecting the 2026 Winter Olympics. A BASE jumper attempts a daring AI alibi.

Today is Friday February 6th 2026. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

CISA cracks down on aging edge devices. 

U.S. federal civilian agencies have been ordered to identify and remove aging network security gear before it becomes an easy entry point for attackers. The directive comes from Cybersecurity and Infrastructure Security Agency, which has issued a Binding Operational Directive requiring agencies to inventory and replace “end-of-support” edge devices, including firewalls, routers, and VPN gateways that no longer receive vendor patches.

Agencies must immediately update supported equipment, produce a full edge-device inventory within three months, and remove unsupported devices from networks within a year. A two-year deadline follows for putting tracking systems in place to prevent future lapses. CISA says obsolete edge hardware has become a “substantial and constant” risk, since compromised perimeter devices can provide fast access to internal systems. Acting CISA director Madhu Gottumukkala framed the move as part of a broader effort, developed with the Office of Management and Budget, to harden government networks against sustained cyber campaigns.

Congress looks to sure up energy sector security. 

A House Energy Subcommittee has advanced five bipartisan bills designed to strengthen the physical and cyber security of the United States energy sector. The measures focus on modernizing programs at the Department of Energy, hardening the electric grid and pipelines, and prioritizing cybersecurity for smaller and more vulnerable utilities.

Key proposals include the Energy Emergency Leadership Act, which expands DOE’s authority to respond to energy emergencies, and the Rural and Municipal Utility Cybersecurity Act, extending cybersecurity support and grants for small and rural utilities through 2030. Other bills target grid resilience, pipeline cybersecurity, and reauthorization of the Energy Threat Analysis Center to improve threat analysis and information sharing.

While the bills advanced unanimously, they still must clear full committee review, House and Senate votes, and reconciliation. The effort aligns with DOE’s recent Liberty Eclipse exercise, which trains industry and government partners to respond to major cyberattacks on energy infrastructure.

DHS facial recognition software may fall short. 

According to reporting by WIRED, the Department of Homeland Security has deployed a face-recognition app called Mobile Fortify nationwide without the level of privacy scrutiny that previously governed such technologies. Launched in spring 2025, the tool is used by immigration agents from Immigration and Customs Enforcement and Customs and Border Protection during street-level encounters far from the border. Despite DHS describing Fortify as a way to “verify” identities, records and expert testimony show it only generates possible matches, not confirmations, and can easily misidentify people, including US citizens. Reporting documents agents using the app on bystanders and protesters, often without consent, and relying on factors like language or appearance to escalate stops. Fortify expands biometric collection into routine encounters, feeding long-retained databases linked through DHS systems. Critics say the tool was fast-tracked after DHS dismantled centralized privacy oversight, raising serious concerns about accuracy, civil liberties, and unchecked surveillance powered by algorithms.

Romania’s national oil pipeline operator suffers a cyberattack. 

Romania’s national oil pipeline operator, Conpet, said a cyberattack disrupted parts of its IT environment and knocked its website offline, but did not affect oil transport operations. The company said operational technology systems, including SCADA, remained fully functional and contractual obligations were unaffected. Conpet has not confirmed a data breach, though the Qilin ransomware group has claimed responsibility and alleged large-scale data theft. Conpet said it is working with Romanian cybersecurity authorities to investigate and restore systems.

Flickr warns users of a third party data breach. 

Photo-sharing platform Flickr is warning users about a potential data exposure tied to a vulnerability at a third-party email service provider. The flaw may have exposed real names, email addresses, IP addresses, location data, and account activity, though Flickr says passwords and payment details were not affected. The company shut down access within hours after being alerted on February 5 and has not disclosed how many users were impacted. Flickr is urging vigilance against phishing and a review of account settings.

The European Commission may fine TikTok for being addictive. 

The European Commission says TikTok may face a major fine for violating the EU’s Digital Services Act by deploying addictive design features. Regulators’ preliminary findings say infinite scroll, autoplay, push notifications, and personalized recommendations encourage compulsive use and were not properly assessed for risks to users’ mental and physical well-being, particularly minors.

The Commission found TikTok ignored warning signals such as late-night use by children and frequent app openings. If confirmed, the violations could lead to fines of up to 6% of TikTok’s global annual revenue. EU tech commissioner Henna Virkkunen said platforms are responsible for user harm under the DSA. Regulators argue TikTok’s existing safeguards are ineffective, and say core design changes may be required to avoid penalties.

DKnife is a China-linked threat actor operating a long-running adversary-in-the-middle framework. 

Researchers at Cisco Talos say a China-linked threat actor has operated a long-running adversary-in-the-middle framework, dubbed DKnife, since at least 2019. The Linux-based toolset monitors and manipulates network traffic to deliver and manage backdoors such as ShadowPad and DarkNimbus, mainly targeting Chinese-speaking users. Talos found overlaps with the earlier Spellbinder framework, suggesting shared development. DKnife can hijack downloads, steal credentials, and intercept encrypted traffic, reinforcing assessments that it is operated by China-nexus threat actors.

Researchers say OpenClaw is being abused at scale. 

Researchers at Bitdefender Labs warn that the fast-growing open-source AI project OpenClaw is being abused at scale by cybercriminals. OpenClaw, which has amassed more than 160,000 stars on GitHub, allows users to add “skills” that automate tasks across apps. Bitdefender found that about 17% of skills analyzed in early February 2026 were malicious.

According to the research, attackers clone legitimate tools with subtle name changes and hide harmful instructions in descriptions. Many of the malicious skills target cryptocurrency users, stealing wallet keys or delivering malware on macOS, but researchers also observed spread into corporate environments. One account was linked to 199 fake skills. Bitdefender says users should treat AI skills like full software installs and verify them carefully before use.

This week’s Threat Source newsletter from Cisco Talos warns security professionals against rushing to adopt poorly vetted AI tools and highlights the growing risks at the network edge. Author Joe Marshall calls out OpenClaw for requiring users to hand over sensitive credentials and system access. According to the newsletter, those secrets are often stored insecurely, while unvetted “skills” are already being actively exploited, making the platform a high-risk proposition for users and organizations.

The piece urges skepticism toward hype-driven AI releases that prioritize convenience over security, arguing that users are being asked to absorb unreasonable risk. The takeaway is clear: harden gateways, audit firmware and binaries, enforce strong authentication, and closely monitor network traffic, because attackers increasingly operate where traditional endpoint defenses cannot see.

 

 

A BASE jumper attempts an AI alibi. 

Federal prosecutors say a California thrill-seeker may have let gravity, and Instagram, get the better of him. Jack Propeck of Mission Viejo is charged after allegedly BASE jumping from Glacier Point in Yosemite National Park during last year’s government shutdown. Investigators say the case began with a tip about an Instagram video showing the jump, helpfully panning to the jumper’s face mid-descent. License-plate data placed Propeck’s car in the park, and photos showed him wearing the same distinctive purple mirrored sunglasses seen in the video. When contacted, Propeck denied being the jumper, claiming artificial intelligence had pasted his face onto the footage. Rangers were unconvinced. BASE jumping is illegal in national parks, and officials say shutdown or not, rules still apply. Propeck, who is representing himself, is due in court in April, gravity having already had its say.

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

 

 

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re proud that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K helps cybersecurity professionals and organizations grow, learn, and stay ahead. We’re the nexus for discovering the people, tech, and ideas shaping the industry.  Learn how at n2k.com.

 

N2K’s senior producer is Alice Carruth. Our producer is Liz Stokes. We’re mixed by Elliott Peltzman and Tré Hester, with original music by Elliott Peltzman. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.