CyberWire Daily

Stealer in the status bar. [Research Saturday]

Today we have Ziv Mador [https://www.linkedin.com/in/ziv-mador-a9bab2/], VP of Security Research from LevelBlue [https://www.linkedin.com/company/levelbluecyber/] SpiderLabs discussing their work on "SpiderLabs IDs New Banking Trojan Distributed Through WhatsApp." Researchers at LevelBlue SpiderLabs have identified a new Brazilian banking Trojan dubbed Eternidade Stealer, spread through WhatsApp hijacking and social engineering campaigns that use a Python-based worm to steal contacts and distribute malicious MSI installers. The Delphi-compiled malware targets Brazilian victims, profiles infected systems, dynamically retrieves its command-and-control server via IMAP email, and deploys banking overlays to harvest credentials from financial institutions and cryptocurrency platforms. The campaign reflects the continued evolution of Brazil’s cybercrime ecosystem, combining WhatsApp propagation, geofencing, encrypted C2 communications, and process injection to maintain stealth and persistence. The research can be found here: * SpiderLabs IDs New Banking Trojan Distributed Through WhatsApp [https://www.levelblue.com/blogs/spiderlabs-blog/spiderlabs-ids-new-banking-trojan-distributed-through-whatsapp/] Learn more about your ad choices. Visit megaphone.fm/adchoices [https://megaphone.fm/adchoices]

Total defense meets total threat.

Global leaders call for collaboration at the Munich Cyber Security Conference. Phishing campaigns exploit fake video conference invitations. Italian authorities say cyber attacks on the Winter Olympics have met overall mitigation. AI reshapes the economics of ransomware attacks. CISA tags a critical Microsoft Configuration Manager vulnerability. Foxveil is a new malware loader targeting legitimate platforms. Researchers examine macOS infostealers. California fines Disney $2.75 million for violating the Consumer Privacy Act. Maria Varmazis, host of T-Minus space daily and CyberWire Producer Liz Stokes preview their coverage of the NATO Cyber Coalition 2025 Cyber Exercise in Tallinn, Estonia. When pull requests get personal. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing [https://thecyberwire.com/newsletters/daily-briefing], and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn [https://www.linkedin.com/company/10454826/admin/feed/posts/]. CyberWire Guest Today we are joined by Maria Varmazis [https://www.linkedin.com/in/varmazis/], host of T-Minus [https://space.n2k.com/podcasts/t-minus] space daily and CyberWire Producer Liz Stokes [https://www.linkedin.com/in/elizabeth-stokes-183925181/] as they share  their coverage of the NATO Cyber Coalition 2025 Cyber Exercise in Tallinn, Estonia. Selected Reading US wants cyber partnerships to send ‘coordinated, strategic message’ to adversaries [https://therecord.media/us-wants-cyber-partnerships-to-send-message-to-adversaries] (The Record)  Europe must adapt to ‘permanent’ cyber and hybrid threats, Sweden warns [https://therecord.media/sweden-cyber-threats-europe-permanent] (The Record)  Attackers Weaponize Signed RMM Tools via Zoom, Meet, & Teams Lures [https://www.netskope.com/blog/attackers-weaponize-signed-rmm-tools-via-zoom-meet-teams-lures] (Netskope) Winter Olympics 2026: Hacktivism Surges Ahead of Protests and Suspected Sabotage [https://www.intel471.com/blog/winter-olympics-2026-hacktivism-surges-ahead-of-protests-and-suspected-sabotage/] (Intel 471) How AI is and is Not Changing Ransomware [https://www.halcyon.ai/ransomware-research-reports/how-ai-is-and-is-not-changing-ransomware] (Halcyon) CISA flags critical Microsoft SCCM flaw as exploited in attacks [https://www.bleepingcomputer.com/news/security/cisa-flags-microsoft-configmgr-rce-flaw-as-exploited-in-attacks/] (Bleeping Computer) Foxveil malware loader abuses Discord, Cloudflare, Netlify for staging [https://www.scworld.com/news/foxveil-malware-loader-abuses-discord-cloudflare-netlify-for-staging] (SC Media) AMOS infostealer targets macOS through a popular AI app [https://www.bleepingcomputer.com/news/security/amos-infostealer-targets-macos-through-a-popular-ai-app/] (Bleeping Computer) California fines Disney $2.75 million for data privacy violations [https://therecord.media/california-fines-disney-data-privacy] (The Record) An AI Agent Published a Hit Piece on Me [https://theshamblog.com/an-ai-agent-published-a-hit-piece-on-me/] (The Shamblog) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey [https://www.surveymonkey.com/r/NCFFCZJ]. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com [http://sponsor.thecyberwire.com/]. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices [https://megaphone.fm/adchoices]

AI or I-Spy?

Malicious Chrome extensions pose as AI tools. Google says nation-states are increasingly abusing its Gemini artificial intelligence tool.  Data extortion group World Leaks deploys a new malware tool called RustyRocket. An Atlanta healthcare provider data breach affects over 625,000. Apple patches an iOS zero-day that’s been around since version 1.0. A government shutdown would furlough more than half of CISA’s staff. Dutch police arrest the alleged seller of the JokerOTP phishing automation service. Our guest is Simon Horswell, Senior Fraud Specialist at Entrust, discussing evolving romance scams for Valentine's Day. Fun with filters provides fuel for phishers.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing [https://thecyberwire.com/newsletters/daily-briefing], and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn [https://www.linkedin.com/company/10454826/admin/feed/posts/]. CyberWire Guest Today we are joined by Simon Horswell [https://www.linkedin.com/in/simon-horswell-72b2052a/], Senior Fraud Specialist at Entrust [https://www.linkedin.com/company/entrust/], discussing evolving romance scams for Valentine's Day. If you enjoyed this conversation, tune into Hacking Humans [https://thecyberwire.com/podcasts/hacking-humans/373/notes] to hear the full interview. Selected Reading Fake AI Chrome extensions with 300K users steal credentials, emails [https://www.bleepingcomputer.com/news/security/fake-ai-chrome-extensions-with-300k-users-steal-credentials-emails/] (Bleeping Computer) Nation-state hackers ramping up use of Gemini for target reconnaissance, malware coding, Google says [https://therecord.media/nation-state-hackers-using-gemini-for-malicious-campaigns] (The Record) World Leaks Ransomware Adds Custom Malware ‘RustyRocket' to Attacks [https://www.infosecurity-magazine.com/news/world-leaks-ransomware-rustyrocket/] (Infosecurity Magazine) ApolloMD Data Breach Impacts 626,000 Individuals [https://www.securityweek.com/apollomd-data-breach-impacts-626000-individuals/] (SecurityWeek) Apple patches decade-old iOS zero-day exploited in the wild [https://www.theregister.com/2026/02/12/apple_ios_263/] (The Register) CISA: DHS Funding Lapse Would Sideline Federal Cyber Staff [https://www.govinfosecurity.com/cisa-dhs-funding-lapse-would-sideline-federal-cyber-staff-a-30740] (Gov Infosecurity) CISA Shares Lessons Learned from an Incident Response Engagement [https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-266a] (CISA.gov) Police arrest seller of JokerOTP MFA passcode capturing tool [https://www.bleepingcomputer.com/news/security/police-arrest-seller-of-jokerotp-mfa-passcode-capturing-tool/] (Bleeping Computer) What Can the AI Work Caricature Trend Teach Us About the Risks of Shadow AI? [https://www.fortra.com/blog/what-can-ai-work-caricature-trend-teach-us-about-risks-shadow-ai] (Fortra) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey [https://www.surveymonkey.com/r/NCFFCZJ]. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com [http://sponsor.thecyberwire.com/]. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices [https://megaphone.fm/adchoices]

When Windows breaks and chips crack.

Patch Tuesday. Preliminary findings from the European Commission come down on TikTok. Switzerland’s military cancels its contract with Palantir. Social engineering leads to payroll fraud. Google hands over extensive personal data on a British student activist. Researchers unearth a global espionage operation called “The Shadow Campaigns.” Notepad’s newest features could lead to remote code execution. Our guest is Hazel Cerra, Resident Agent in Charge of the Atlantic City Office for the United States Secret Service. Ring says it’s all about dogs, but critics hear the whistle. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing [https://thecyberwire.com/newsletters/daily-briefing], and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn [https://www.linkedin.com/company/10454826/admin/feed/posts/]. CyberWire Guest Today, we’re joined by Hazel Cerra [https://www.linkedin.com/in/hazelcerra/], Resident Agent in Charge of the Atlantic City Office for the United States Secret Service [https://www.linkedin.com/company/us-secret-service/], as she discusses the evolution of the Secret Service’s investigative mission—from its early focus on financial crimes such as counterfeit currency and credit card fraud to the growing challenges posed by cryptocurrency-related crime. Selected Reading Microsoft February 2026 Patch Tuesday Fixes 58 Vulnerabilities, Six actively Exploited Flaws [https://beyondmachines.net/event_details/microsoft-february-2026-patch-tuesday-fixes-58-vulnerabilities-six-actively-exploited-flaws-0-y-l-t-j/gD2P6Ple2L] (Beyond Machines) Adobe Releases February 2026 Patches for Multiple Products [https://beyondmachines.net/event_details/adobe-releases-february-2026-patches-for-multiple-products-5-q-6-7-r/gD2P6Ple2L] (Beyond Machines) ICS Patch Tuesday: Vulnerabilities Addressed by Siemens, Schneider, Aveva, Phoenix Contact [https://www.securityweek.com/ics-patch-tuesday-vulnerabilities-addressed-by-siemens-schneider-aveva-phoenix-contact/] (SecurityWeek) Chipmaker Patch Tuesday: Over 80 Vulnerabilities Addressed by Intel and AMD [https://www.securityweek.com/chipmaker-patch-tuesday-over-80-vulnerabilities-addressed-by-intel-and-amd/] (SecurityWeek) Commission preliminarily finds TikTok's addictive design in breach of the Digital Services Act [https://ec.europa.eu/commission/presscorner/detail/en/ip_26_312] (European Commission) Palantir's Swiss Exit Highlights Global Data Sovereignty Challenge [https://www.newscase.com/palantirs-swiss-exit-highlights-global-data-sovereignty-challenge/] (NewsCase) Payroll pirates conned the help desk, stole employee’s pay [https://www.theregister.com/2026/02/11/payroll_pirates_business_social_engineering/] (The Register) Google Fulfilled ICE Subpoena Demanding Student Journalist’s Bank and Credit Card Numbers [https://theintercept.com/2026/02/10/google-ice-subpoena-student-journalist/?mid=1#cid=3384744] (The Intercept) The Shadow Campaigns: Uncovering Global Espionage [https://unit42.paloaltonetworks.com/shadow-campaigns-uncovering-global-espionage/] (Palo Alto Networks Unit 42) Notepad's new Markdown powers served with a side of RCE [https://www.theregister.com/2026/02/11/notepad_rce_flaw/] (The Register) With Ring, American Consumers Built a Surveillance Dragnet [https://www.404media.co/with-ring-american-consumers-built-a-surveillance-dragnet/?ref=daily-stories-newsletter&attribution_id=698b47cbe724d10001786209&attribution_type=post] (404 Media) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey [https://www.surveymonkey.com/r/NCFFCZJ]. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com [http://sponsor.thecyberwire.com/]. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices [https://megaphone.fm/adchoices]

A spyware swiss army knife.

ZeroDayRAT delivers full mobile compromise on Android and iOS. The UK warns infrastructure operators to act now as severe cyber threats mount. Russia moves to block Telegram. The FTC draws a line on data sales to foreign adversaries. Researchers unpack DeadVax, a stealthy new malware campaign, while an old-school Linux botnet resurfaces. BeyondTrust fixes a critical flaw. And in AI, are we moving too fast? One mild training prompt may be enough to knock down safety guardrails. Our guest is Omer Akgul, Researcher at RSA Conference, discussing his work on "The Case for LLM Consistency Metrics in Cybersecurity (and Beyond)." A pair of penned pentesters provoke a pricey payout.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing [https://thecyberwire.com/newsletters/daily-briefing], and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn [https://www.linkedin.com/company/10454826/admin/feed/posts/]. CyberWire Guest Today we are joined by Omer Akgul [https://www.linkedin.com/in/omer-akgul-51031bb3/], PhD, Researcher at RSA Conference [https://www.linkedin.com/company/one-rsac/], discussing his work on "The Case for LLM Consistency Metrics in Cybersecurity (and Beyond) [https://www.rsaconference.com/library/blog/the-case-for-llm-consistency-metrics-in-cybersecurity-and-beyond]." Selected Reading New ‘ZeroDayRAT’ Spyware Kit Enables Total Compromise of iOS, Android Devices [https://www.securityweek.com/new-zerodayrat-spyware-kit-enables-total-compromise-of-ios-android-devices/] (SecurityWeek) NCSC Issues Warning Over “Severe” Cyber-Attacks Targeting Critical National Infrastructure [https://www.infosecurity-magazine.com/news/ncsc-warning-severe-cyberattacks/] (Infosecurity Magazine) Russian Watchdog Starts Limiting Access to Telegram, RBC Reports [https://www.bloomberg.com/news/articles/2026-02-10/russian-watchdog-starts-limiting-access-to-telegram-rbc-reports] (Bloomberg) FTC Reminds Data Brokers of Their Obligations to Comply with PADFAA [https://www.ftc.gov/news-events/news/press-releases/2026/02/ftc-reminds-data-brokers-their-obligations-comply-padfaa] (FTC) Dead#Vax: Analyzing Multi-Stage VHD Delivery and Self-Parsing Batch Scripts to Deploy In-Memory Shellcode [https://www.securonix.com/blog/deadvax-threat-research-security-advisory/] (secureonix) New ‘SSHStalker’ Linux Botnet Uses Old Techniques [https://www.securityweek.com/new-sshstalker-linux-botnet-uses-old-techniques/] (SecurityWeek) BeyondTrust Patches Critical RCE Vulnerability [https://www.securityweek.com/beyondtrust-patches-critical-rce-vulnerability/] (SecurityWeek) Critics warn America’s 'move fast' AI strategy could cost it the global market [https://cyberscoop.com/trump-ai-policy-global-adoption-safety-regulation-critics/] (CyberScoop) Microsoft boffins figured out how to break LLM safety guardrails with one simple prompt [https://www.theregister.com/2026/02/09/microsoft_one_prompt_attack/] (The Register) County pays $600,000 to pentesters it arrested for assessing courthouse security [https://arstechnica.com/security/2026/01/county-pays-600000-to-pentesters-it-arrested-for-assessing-courthouse-security/] (Ars Technica) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey [https://www.surveymonkey.com/r/NCFFCZJ]. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com [http://sponsor.thecyberwire.com/]. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices [https://megaphone.fm/adchoices]