When Windows breaks and chips crack.

Patch Tuesday. Preliminary findings from the European Commission come down on TikTok. Switzerland’s military cancels its contract with Palantir. Social engineering leads to payroll fraud. Google hands over extensive personal data on a British student activist. Researchers unearth a global espionage operation called “The Shadow Campaigns.” Notepad’s newest features could lead to remote code execution. Our guest is Hazel Cerra, Resident Agent in Charge of the Atlantic City Office for the United States Secret Service. Ring says it’s all about dogs, but critics hear the whistle.

Today is Wednesday February 11th 2026. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

Patch Tuesday. 

This month’s Patch Tuesday brought a wide range of security updates from major software and hardware vendors, urging organizations and users to apply patches promptly to mitigate active threats and emerging risks.

Microsoft’s February security update fixes around 58–60 vulnerabilities across Windows, Office, Azure, and related components, including six actively exploited zero-day vulnerabilities. These flaws span security feature bypasses, elevation of privilege, remote code execution, denial-of-service and information disclosure bugs. Several of the zero-days—affecting Windows Shell, MSHTML, and Office—were publicly disclosed or exploited prior to today’s update. Administrators are strongly advised to apply these patches immediately.  

Adobe released updates covering multiple products including Audition, After Effects, InDesign, Bridge, Lightroom Classic, Substance 3D apps, and the DNG SDK. The patches address 44+ vulnerabilities, with several rated Critical that could lead to arbitrary code execution if a user opens malicious files. To date, Adobe has not reported active exploitation of these flaws in the wild.  

Several industrial automation vendors — including Siemens, Schneider Electric, Phoenix Contact, and Aveva — published security advisories for their ICS/OT products as part of this Patch Tuesday cycle. These advisories cover a dozen vulnerabilities impacting control software, PLCs, and related devices, and provide fixes, mitigations, or configuration guidance to reduce risk in industrial environments.  

Both Intel and AMD released multiple advisories for vulnerabilities in their hardware and firmware, with over 80 flaws addressed across CPUs, chipsets, and related technologies. These updates include a range of severity levels and underline ongoing efforts by chip vendors to harden platforms against both software and hardware-assisted attacks.  

This Patch Tuesday underscores that attackers are targeting both software and hardware layers — from exploited Microsoft zero-days to critical Adobe flaws and a broad set of chip vulnerabilities. Organizations should prioritize patch deployment across endpoints, servers, industrial systems, and firmware to reduce exposure.

Preliminary findings from the European Commission come down on TikTok. 

The European Commission has preliminarily found that TikTok’s design may breach the Digital Services Act by promoting addictive use through features like infinite scroll, autoplay, push notifications, and personalized recommendations. Regulators say TikTok failed to properly assess risks to users’ mental and physical wellbeing, especially minors, and ignored indicators of compulsive use. Existing screen-time and parental controls were deemed ineffective. The Commission suggests TikTok may need fundamental design changes and could face fines of up to 6% of global turnover if violations are confirmed.

Switzerland’s military cancels its contract with Palantir. 

Switzerland’s military has ended its contract with Palantir after a security audit found a significant risk that U.S. intelligence agencies could access sensitive Swiss defense data. While auditors praised Palantir’s technical capabilities, the potential exposure was unacceptable for Switzerland’s neutrality. The decision raises broader questions about data sovereignty and may prompt other non-NATO states, including Ukraine, to reassess similar partnerships. Despite this reputational setback in Europe, Palantir’s U.S. business remains strong, highlighted by a recent $448 million Navy contract. Financially, the Swiss exit is minor, but it underscores growing international unease over jurisdictional control of defense data.

Social engineering leads to payroll fraud. 

Binary Defense researchers investigated a payroll fraud incident in which attackers redirected a physician’s salary using social engineering rather than malware. The scheme began with compromised credentials for a shared mailbox, likely obtained in a prior breach. After studying internal emails, the attacker impersonated a locked-out physician in a help-desk call, pressuring staff to reset the password and MFA. Using the organization’s own virtual desktop infrastructure, the attacker then accessed Workday and changed direct-deposit details, evading detection because activity appeared legitimate. The breach was only discovered when the physician missed a paycheck. Researchers warn this highlights identity as “the new perimeter” and urge stronger verification and controls around payroll changes.

Google hands over extensive personal data on a British student activist. 

Google has complied with an ICE subpoena seeking extensive personal data on British student activist and journalist Amandla Thomas-Johnson, including banking and credit card details linked to his Gmail account, according to documents obtained by The Intercept. The request followed Thomas-Johnson’s brief participation in a 2024 protest at Cornell University and cited only a generic immigration enforcement rationale. Google disclosed the data without prior notice, denying him the chance to challenge the subpoena. Civil liberties groups, including the EFF and ACLU, warn the case reflects a broader pattern of tech companies quietly cooperating with DHS surveillance requests, often under gag orders. Privacy experts say the episode raises serious concerns about data sovereignty, transparency, and user rights, and highlights the need for stronger legal protections governing government access to digital data.

Researchers unearth a global espionage operation called “The Shadow Campaigns.”

Palo Alto Networks’ Unit 42 has published a major analysis of a global espionage operation it calls “The Shadow Campaigns,” tracking a state-aligned cyber-espionage group designated TGR-STA-1030 (aka UNC6619). The group, assessed with high confidence to operate out of Asia, has been active since at least early 2024, using phishing and exploitation of known vulnerabilities to compromise government ministries, law enforcement, border control and other critical infrastructure entities in at least 37 countries, and has conducted reconnaissance against infrastructure in 155 countries. The campaigns appear focused on long-term intelligence collection tied to geopolitical and economic interests. Unit 42’s report details the group’s techniques, tooling and targets, and has shared defensive indicators to help organizations better detect and mitigate this widespread espionage threat.

Notepad’s newest features could lead to remote code execution. 

Researchers have identified a high-severity flaw in Notepad’s recently added Markdown support that could enable remote code execution. Tracked as CVE-2026-20841 (8.8), the bug allows attackers to trick users into opening a malicious Markdown file and clicking an embedded link, triggering execution via unverified protocols with the user’s permissions. Microsoft patched the issue in its latest Patch Tuesday release and says there’s no evidence of active exploitation. The finding renews criticism of expanding Notepad’s feature set, which ships enabled by default.

 

Ring says it’s all about dogs, but critics hear the whistle. 

Ring used its Super Bowl spotlight to announce “Search Party,” an AI feature framed as a heartwarming way to find lost dogs by turning an entire neighborhood’s doorbell cameras into a canine manhunt. Upload a photo of Milo, the ad suggests, and suddenly every Ring cam is on patrol, scanning sidewalks with the enthusiasm of a TSA beagle. Privacy critics note the joke lands a little sideways: technology built to find runaway Labradors could just as easily be repurposed to track people. After years of backlash over police partnerships, Ring briefly rebranded itself as a porch-moment curator, but founder Jamie Siminoff’s return has brought a renewed push for AI and law-enforcement integration. The result is a system that promises to reunite pets while quietly expanding a networked surveillance dragnet. Even the YouTube comments seemed to wonder whether this was really about dogs, or just a very good boy serving as a fig leaf.

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

 

And that’s the CyberWire Daily, brought to you by N2K CyberWire.

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re proud that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K helps cybersecurity professionals and organizations grow, learn, and stay ahead. We’re the nexus for discovering the people, tech, and ideas shaping the industry.  Learn how at n2k.com.

 

N2K’s senior producer is Alice Carruth. Our producer is Liz Stokes. We’re mixed by Elliott Peltzman and Tré Hester, with original music by Elliott Peltzman. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.