Podcasts
CyberWire Daily
Ep 2494
The CyberWire Daily Podcast 2.23.26
Ep 2494 | 2.23.26

The basics broke telecom.

Show Notes
Transcript

A senior FBI cyber official warns Salt Typhoon remains an ongoing threat. Data protection authorities issue a joint statement raising serious concerns about AI image creation. A Japanese semiconductor equipment maker confirms a ransomware attack. New number formats seek to reduce AI overhead. A low-skilled Russian-speaking threat actor compromised more than 600 Fortinet FortiGate firewalls. Spanish authorities have arrested four alleged members of Anonymous. CISA tags a pair of Roundcube Webmail flaws. Cybersecurity stocks fell sharply on news of a new security feature in Claude AI. Monday business breakdown. Brandon Karpf, friend of the show discussing sovereignty in space and cyber. Digital disruption drains drumsticks.

Today is Monday February 23rd 2026. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

A senior FBI cyber official warns Salt Typhoon remains an ongoing threat. 

A senior FBI cyber official warns that Salt Typhoon, the Chinese espionage group behind the 2024 compromise of U.S. telecommunications infrastructure, remains an ongoing threat to both public and private sectors. Speaking at CyberTalks in Washington, D.C., Michael Machtinger said organizations that engaged early with the FBI and CISA were most successful in limiting damage. Reporting previously found the telecom sector struggled with basic cybersecurity weaknesses and fragmented networks, which Salt Typhoon exploited for persistent access. Machtinger emphasized that simple vulnerabilities, not advanced zero-day exploits, were the primary entry points, with phishing and legacy systems still common attack vectors. He urged organizations to adopt fundamental practices such as zero trust and least-privilege access. Salt Typhoon’s campaign has reportedly affected more than 80 countries and continues to pose a significant threat.

Data protection authorities issue a joint statement raising serious concerns about AI image creation. 

Data protection authorities from around the world, coordinated by the International Enforcement Cooperation Working Group (IEWG), have issued a joint statement raising serious concerns about artificial intelligence systems that generate realistic images and videos of identifiable people without their consent. The signatories highlight that while AI image and video tools can offer benefits, they have also enabled non-consensual intimate imagery, defamatory depictions, and other harmful content, with particular risks for children and vulnerable groups. Organizations developing or deploying such technology are reminded to comply with applicable privacy and data protection laws and to implement strong safeguards to prevent misuse. The statement calls for meaningful transparency about system capabilities and risks, effective mechanisms for individuals to request removal of harmful AI-generated content, and enhanced protections where children are depicted. It emphasizes that technological advancement should not come at the expense of privacy, dignity, and safety.

A Japanese semiconductor equipment maker confirms a ransomware attack. 

Japanese semiconductor equipment maker Advantest confirmed it suffered a ransomware attack after detecting unusual activity in its IT environment on February 15, 2026. The company said a third party may have accessed parts of its network and deployed ransomware. Advantest activated incident response protocols, isolated affected systems, and engaged external cybersecurity experts. The investigation remains ongoing, and it is unclear whether customer or employee data was impacted. The company has not reported significant operational disruptions and says it will provide updates as it assesses the full scope of the incident.

New number formats seek to reduce AI overhead. 

Artificial intelligence has fueled a surge in new digital number formats as engineers seek to reduce computation time and energy use by shrinking bit counts. While AI systems can operate effectively with 16, 8, or even fewer bits, scientific computing fields such as physics and engineering require far greater dynamic range and precision. Laslo Hunhold, an AI engineer at Openchip, argues that traditional 64-bit standards are excessive for most tasks but still better suited to scientific workloads than many AI-optimized formats. AI data tends to follow predictable distributions and tolerates lower precision, whereas scientific applications must accurately represent extremely large and small values. Hunhold developed a new format called “takum,” inspired by posits but redesigned to preserve dynamic range even when bits are reduced. He says takums are specifically tailored to scientific computing, addressing limitations in existing low-bit formats.

A low-skilled Russian-speaking threat actor compromised more than 600 Fortinet FortiGate firewalls. 

A low-skilled, Russian-speaking threat actor used commercial generative AI tools to compromise more than 600 Fortinet FortiGate firewalls across 55 countries, according to an AWS Security blog. The financially motivated campaign ran from January 11 to February 18, 2026, and relied on scanning internet-exposed management interfaces and credential reuse rather than exploiting new vulnerabilities. The actor used AI to generate attack plans, write Python and Go tooling, and automate reconnaissance, lateral movement, and credential theft using well-known open-source tools. AWS assessed the activity as opportunistic, noting the attacker often failed against patched systems or closed ports. No AWS infrastructure was involved. Amazon Threat Intelligence expects continued AI adoption by lower-skill actors and recommends strong patching, credential hygiene, network segmentation, and improved post-exploitation detection as primary defenses.

Spanish authorities have arrested four alleged members of Anonymous. 

Spanish authorities have arrested four alleged members of Anonymous Fénix for launching distributed denial-of-service attacks against government ministries, political parties, and public institutions following the 2024 DANA floods. Guardia Civil detained two suspects last week, adding to two earlier arrests in May 2025. The group claimed the targeted entities were responsible for the flood tragedy. A court ordered the seizure of its X and YouTube accounts and the closure of its Telegram channel. Police said several attacks were successful, though specific targets were not disclosed.

CISA tags a pair of Roundcube Webmail flaws. 

CISA has added two Roundcube Webmail flaws to its Known Exploited Vulnerabilities catalog, citing active exploitation, and ordered federal agencies to patch within three weeks. The first, CVE-2025-49113, is a critical remote code execution bug flagged as exploited shortly after its June 2025 patch. The second, CVE-2025-68461, patched in December 2025, allows unauthenticated cross-site scripting via SVG animate tags. CISA warned the vulnerabilities pose significant risk to federal networks and set a March 13 remediation deadline under Binding Operational Directive 22-01.

Cybersecurity stocks fell sharply on news of a new security feature in Claude AI. 

Cybersecurity stocks fell sharply after Anthropic introduced a new security feature in its Claude AI model that scans codebases for vulnerabilities and suggests patches. CrowdStrike dropped 8%, Cloudflare fell 8.1%, SailPoint slid 9.4%, and Okta declined 9.2%, while the Global X Cybersecurity ETF sank 4.9% to its lowest level since November 2023. Investors worry that AI-native tools could reduce demand for traditional security software by enabling users to generate and secure code themselves. Broader software shares have also struggled, with the iShares Expanded Tech-Software Sector ETF down more than 23% this year. Analysts say AI may ultimately benefit cybersecurity, but near-term volatility is likely as AI providers expand into security-focused offerings and compete for budget dollars.

Monday business breakdown. 

RSA Conference named ten finalists for its Innovation Sandbox contest, awarding each $5 million to accelerate growth. The cohort spans fraud prevention, AI code security, identity, governance, and application security startups across the US, Israel, Canada, and the UK. Funding momentum continues across the sector, with major raises including Cogent Security at $42 million, Venice at $33 million, Segura and VulnCheck at $25 million each, Lema AI and Opaque at $24 million, and Complyance at $20 million. Smaller rounds went to Aliro, Veria Labs, and Cydelphi.

Mergers and acquisitions also surged, with Palo Alto Networks planning a $400 million acquisition of Israeli AI security startup Koi. Check Point acquired three AI-focused firms for over $150 million, while Proofpoint, Keycard, Endor Labs, and Quantum Leap each announced strategic buys. The deals signal strong investor appetite for AI-driven security, governance, and agent-focused protection platforms.

Digital disruption drains drumsticks. 

A cyber attack at Hazeldenes, a major chicken processor in central Victoria, has done what few things can, it has left pubs and butchers staring into empty fridges. After computer issues escalated last week, the company shut down on-site Wi-Fi, disrupting packaging operations and halting deliveries. Hazeldenes says it is working with cybersecurity investigators and authorities to restore systems and determine what happened.

The ripple effects were immediate. Wholesalers scrambled for alternate suppliers when the usual 2am deliveries failed to arrive. In Ouyen, butcher Nathan Grayling found not a single box of chicken waiting for the town’s pubs or supermarkets. The local hotel confirmed the grim reality, no chicken, no parmas. With limited communication and uncertain timelines, businesses are left improvising, and Victoria has learned that when Wi-Fi goes down, sometimes dinner does too.

All bad news, unless, of course, you’re one of the chickens…

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re proud that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K helps cybersecurity professionals and organizations grow, learn, and stay ahead. We’re the nexus for discovering the people, tech, and ideas shaping the industry.  Learn how at n2k.com.

 

N2K’s senior producer is Alice Carruth. Our producer is Liz Stokes. We’re mixed by Elliott Peltzman and Tré Hester, with original music by Elliott Peltzman. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.

CyberWire Daily
Podcast Info
HOST(S):
Dave Bittner
Dave Bittner is a security podcast host and one of the founders at CyberWire. He's a creator, producer, videographer, actor, experimenter, and entrepreneur. He's had a long career in the worlds of television, journalism and media production, and is one of the pioneers of non-linear editing and digital storytelling.
Schedule: Monday-Friday
Creator: N2K Networks, Inc.