On this week's Security Sprint, Dave and Andy covered the following topics:

Opening:

• TribalHub 6th Annual Cybersecurity Summit, 17–20 Feb 2026, Jacksonville, Florida

• IT-ISAC, Food & Ag ISAC Ransomware Reports!

• Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) Rulemaking; Town Hall Meetings

• What to Know About the Homeland Security Shutdown New York Times 15 Feb 2026

Main Topics:

South Korea blames Coupang data breach on management failure, not sophisticated attack – Reuters – 10 Feb 2026. “’It's more of a management problem than an advanced attack,’ Choi Woo-hyuk, deputy minister for cyber security and network policy, told a press conference, citing lax oversight of authentication systems.” South Korean authorities released findings on a massive Coupang data leak, concluding that a former engineer exploited known authentication weaknesses and a retained signing key to access customer accounts for months, exposing personal data on about 33.7 million users.

AI Threats & Mitigation

• GTIG AI Threat Tracker: Distillation, Experimentation, and Continued Integration of AI for Adversarial Use — Google Cloud Blog — 12 Feb 2026. Google Threat Intelligence Group describes observed adversary use of AI across multiple phases of the attack lifecycle and highlights rising model extraction and distillation activity.

• What CISOs need to know about ClawDBot, I mean MoltBot, I mean OpenClaw CSO Online — 16 Feb 2026. The article outlines enterprise risk considerations around OpenClaw and similar autonomous agent tooling that can execute actions on behalf of users with broad system access. It includes the warning that “The problem with running this is that these tools can do basically anything that a user can do,” says Rich Mogull, chief analyst at Cloud Security Alliance.

Awareness of Preoperational Surveillance Tactics Associated With Terrorism Offers Opportunities — Joint Counterterrorism Assessment Team First Responder’s Toolbox, ODNI — 13 Feb 2026.

CISA’s 2025 Year in Review: Driving Security and Resilience Across Critical Infrastructure. Notable highlights include:

• Strengthened Collective Defense: Published more than 1,600 products and triaged 30,000+ incidents through CISA’s 24/7 Operations Center – keeping critical systems secure.

• Blocked Malicious Activity at Scale: Stopped 2.62 billion malicious connections on federal civilian networks and 371 million within critical infrastructure.

• Enhanced Preparedness Nationwide: Led 148 cyber and physical security exercises with 10,000+ participants, helping partners refine emergency plans and boost local and national resilience.

• Following Executive Order 14305, “Restoring American Airspace Sovereignty,” CISA published the Be Air Aware™ suite of security guides in November to help organization detect, respond to, and safely manage Unmanned Aircraft System Threats.

Quick Hits:

• Improving your response to vulnerability management — NCSC, 10 Feb 2026

• Guidance to Assist Non-Federal Entities to Share Cyber Threat Indicators and Defensive Measures with Federal Entities under the Cybersecurity Information Sharing Act of 2015 – CISA – 03 Feb 2026

• CISA Helps Johnny Secure Operational Technology: New Guidance Addresses Cyber Risks from Legacy Protocols. CISA released the guidance Barriers to Secure OT Communication: Why Johnny Can’t Authenticate.

• Poland energy sector cyber incident highlights OT and ICS security gaps

• CISA Updates BRICKSTORM Backdoor Malware Analysis Report

• Blended Threats: Axios Future of Cybersecurity – Axios – 10 Feb 2026

• A Defector Explains the Remote-Work Scam Helping North Korea Pay for Nukes Wall Street Journal 16 Feb 2026

• Hacktivism today: what three years of research reveal about its transformation

• Pakistan mosque attack highlights worsening militant threat

In this episode of The Gate 15 Interview, Andy Jabbour speaks with four Gate 15 analysts as Sadie-Anne Jones, Chase Snow, Mackenzie Gryder and Preston Wright share about their experiences, their work at Gate 15 and across critical infrastructure and faith-based organizations and more, including a rapid-fire round of Three Questions!

• Sadie-Anne on LinkedIn.
• Chase on LinkedIn.
• Mackenzie on LinkedIn.
• Preston on LinkedIn.

In the podcast the team and Andy discuss:

• Backgrounds and paths to Gate 15.
• Surprising things the team has learned so far, and their ideas on threats, resilience, and what leaders may want to be thinking about today.
• The next hurdle they want to jump.
• We play 3 Questions! and talk late night snacks, secret skills, and where we love to chill and play.
• And more!

In this week's episode of the Security Sprint, Dave and Andy covered the following topics:

Open:

• TribalHub 6th Annual Cybersecurity Summit, 17–20 Feb 2026, Jacksonville, Florida

• Congress reauthorizes private-public cybersecurity framework & Cybersecurity Information Sharing Act of 2015 Reauthorized Through September 2026

• AMWA testifies at Senate EPW Committee hearing on cybersecurity

Main Topics:

Terrorism & Extremism

o Killers without a cause: The rise in nihilistic violent extremism — The Washington Post, 08 Feb 2026

o Terrorists’ Use of Emerging Technologies Poses Evolving Threat to International Peace, Stability, Acting UN Counter-Terrorism Chief Warns Security Council United Nations / Security Council, 04 Feb 2026

OpenClaw: The Helpful AI That Could Quietly Become Your Biggest Insider Threat – Jamf Threat Labs, 09 Feb 2026. Jamf profiles OpenClaw as an autonomous agent framework that can run on macOS and other platforms, chain actions across tools, maintain long term memory and act on high level goals by reading and writing files, calling APIs and interacting with messaging and email systems. The research warns that over privileged agents like this effectively become new insider layers once attackers capture tokens, gain access to control interfaces or introduce malicious skills, enabling data exfiltration, lateral movement and command execution that look like legitimate automation. The rise of Moltbook suggests viral AI prompts may be the next big security threat; We don’t need self-replicating AI models to have problems, just self-replicating prompts.

• From magic to malware: How OpenClaw's agent skills become an attack surface

• Exposed Moltbook database reveals millions of API keys

• The rise of Moltbook suggests viral AI prompts may be the next big security threat

• OpenClaw & Moltbook: AI agents meet real-world attack campaigns

• Malicious MoltBot skills used to push password-stealing malware

• Moltbook reveals AI security readiness

• Moltbook exposes user data via API

• OpenClaw: Handing AI the keys to your digital life

Quick Hits:

• Active Tornado Season Expected in the US

• CISA Directs Federal Agencies to Update Edge Devices – GovInfoSecurity, 05 Feb 2026 & read more from CISA: Binding Operational Directive 26-02: Mitigating Risk From End-of-Support Edge Devices – CISA, 05 Feb 2026.

• A Technical and Ethical Post-Mortem of the Feb 2026 Harvard University ShinyHunters Data Breach

• Hackers publish personal information stolen during Harvard, UPenn data breaches

• Two Ivy League universities had donor information breaches. Will donors be notified?

• Harassment & scare tactics: why victims should never pay ShinyHunters

• Please Don’t Feed the Scattered Lapsus$ & ShinyHunters

• Mass data exfiltration campaigns lose their edge in Q4 2025

• Executive Targeting Reaches Record Levels as Threats Expand Beyond CEOs

• Notepad++ supply-chain attack: what we know

• Summary of SmarterTools Breach and SmarterMail CVEs

• Infostealers without borders: macOS, Python stealers, and platform abuse

In this week's episode of the Security Sprint, Dave and Andy covered the following topics:

Opening:

• Check out the new SUN format and Subscribe to GRIP! Gate 15’s Resilience and Intelligence Portal
• Big News! The Tribal-ISAC Appoints First Executive Director to Advance Cybersecurity for Tribal Governments and Enterprises – Tribal-ISAC | 27 Jan 2026:
• Keys & Locks – The Overlooked Security Risk – Fact Sheet — WaterISAC | 28 Jan 2026

Main Topics:

Insider Threats: Assembling A Multi-Disciplinary Insider Threat Management Team — CISA | 27 Jan 2026 (Analysis/Commentary) CISA’s new infographic guides organizations in forming insider threat teams that bring together HR, legal, IT, security, and leadership under a “Plan, Organize, Execute, Maintain” framework.

• Savannah Best Buy employee says hacker group blackmailed him into theft ring scheme
• Study: Future workers would sell patient data
• Former Google Engineer Found Guilty of Economic Espionage and Theft of Confidential AI Technology
• Former TD Bank Employee Pleads Guilty to Accepting Bribes and Laundering $55 Million From Colombia
• Two Recent Guilty Pleas Highlight Financial Crime Risks Posed by Bank Insiders
• The Evolution of Insider Threat

Ransomware Threat Outlook 2025-2027 — Canadian Centre for Cyber Security | 28 Jan 2026 The Cyber Centre assesses that ransomware against Canadian organizations is increasing and rapidly evolving, with actors almost certainly opportunistic and financially motivated, and essentially all organizations and individuals at risk of being targeted at some point.

• Ransomware: How to Prevent and Recover (ITSAP.00.099) — Canadian Centre for Cyber Security
• Ransomware Playbook (ITSM.00.099) — Canadian Centre for Cyber Security
• Threat Spotlight: Ransomware and Cyber Extortion in Q4 2025
• NCC Group Monthly Threat Pulse – Review of December 2025
• The Convergence of Infostealers and Ransomware: From Credential Harvesting to Rapid Extortion Chains

FBI Operation Winter SHIELD: 10 Cybersecurity Actions for Critical Infrastructure & FBI Launches ‘Winter SHIELD’ Cyber Campaign — FBI & Infosecurity Magazine, 29 Jan 2026.

• NSA Releases Phase One and Phase Two of the Zero Trust Implementation Guidelines
• How to prepare and plan your organisation’s response to a severe cyber threat: a guide for CNI
• Cyber security considerations for drone use (ITSAP.00.143)
• Cyber security advisory AV26-058: OpenSSL Security Advisory
• Cyber Incident Reporting Guidelines: Key Information & Sharing Requirements — Canadian Centre for Cyber Security, 2026
• DOD: JIATF 401 Publishes New Guidance for Physical Protection of Critical Infrastructure (U.S. Department of Defense, Jan 2026)
• Spotting malicious email messages (ITSAP.00.100) — Canadian Centre for Cyber Security | Jan 2026

Quick Hits:

• 2025 Threat Report: Exploitation Grows Across IT, IoT, and OT — Forescout Vedere Labs | 29 Jan 2026
• Man arrested after spraying substance on Rep. Ilhan Omar
• Ilhan Omar Attack: Suspect Identified as Anthony Kazmierczak Amid Rising Political Violence
• Calls to Impeach DHS Secretary Noem Grow After Minneapolis Shootings and Omar Attack
• ‘No Kings’ march event in Twin Cities & ‘No Kings’ protest march set for March 28
• USCP Threat Assessment Cases for 2025 – Source: U.S. Capitol Police, 27 Jan 2026.

In this week's Security Sprint, Dave and Andy talked about the following topics:

Opening:

• WaterISAC to host H2OEx regional exercise to strengthen sector preparedness & WaterISAC merch!

• The Gate 15 Interview EP 66: Chris Camacho: Cyber Risk, Building Communities, Nirvana, and Peruvian Chicken

• Nerd Out EP 66. Terrorism trends and hacktivism in the current geopolitical environment, plus Nerd Movie review

Main Topics:

Rules of Engagement: safety, security and resilience considerations after Minneapolis and the murder of Alex Pretti

Severe Weather Planning & Resilience:

• Winter storm kills 11, leaves more than 800,000 without power as cold tightens grip

• The massive storm has passed, but deep cold remains a danger

• Storm-related power outages (U.S.)

• PowerOutage.us

AI-Powered Disinformation Swarms Are Coming for Democracy (Wired, 23 Jan 2026; Analysis/Commentary) – Wired examines how coordinated “disinformation swarms” powered by generative AI are shifting influence operations from single narratives to adaptive, multi-persona campaigns that probe, learn, and re-target in real time. Rather than pushing one false claim, these swarms test thousands of micro-messages across platforms, identify which narratives gain traction with which audiences, and dynamically reinforce them using synthetic text, images, and increasingly video. Researchers warn this model overwhelms traditional fact-checking and moderation, exploits algorithmic amplification, and blurs the line between foreign and domestic influence, particularly when paired with real grievances.

Quick Hits:

• CISA budget bill would require agency to maintain ‘sufficient’ staffing levels and Congressional appropriators move to extend information-sharing law, fund CISA

• Acting CISA chief defends workforce cuts, declares agency ‘back on mission’

• What to do when your organization has been compromised by a cyber attack (ITSAP00009)

In the latest Episode of Nerd Out, Dave and Alec talked about the following topics:

Trends in Terrorism: What’s on the Horizon in 2026?

• https://thesoufancenter.org/intelbrief-2026-january-8/

Critical Infrastructure Attacks Became Routine for Hacktivists in 2025⁠

• https://cyble.com/blog/hacktivists-critical-infrastructure-attacks-2025/⁠

Severe Winter Weather Forecast to Impact Large Portions of the U.S.

• https://www.wpc.ncep.noaa.gov/#page=ovw⁠
• https://www.ready.gov/winter-weather⁠
• https://www.cbsnews.com/news/maps-winter-storm-snow-cold-weekend/⁠

Talking Nerd Movies and our excitement level, plus a review of A Knight in the Seven Kingdoms.

In this week's Security Sprint, Dave and Andy covered the following topics:

Opening:

• Cyber Insights 2026: Information Sharing (SecurityWeek, 16 Jan 2026)

• ICYMI: Homeland Republicans underscore importance of strong public-private sector partnerships to deter cyber threats — House Homeland Security Committee (Majority) | Jan 17, 2026

Main Topics:

Pro-Russia hacktivist activity continues to target UK organisations & NCSC warns of hacktivist groups disrupting UK online services (UK National Cyber Security Centre, Jan 2026). The NCSC reports sustained, low-sophistication but high-volume hacktivist campaigns—primarily DDoS and website defacements—linked to pro-Russia narratives and opportunistic targeting of UK public- and private-sector organizations. While technically unsophisticated, the activity is persistent, media-aware, and designed to generate disruption, reputational harm, and psychological impact rather than deep network compromise. The NCSC emphasizes preparedness measures including DDoS resilience, clear incident communications, and executive awareness that “noise” activity can still impose real operational cost.

• Russia-linked APT28 targets energy and defense groups tied to NATO

• UAT-8837 targets critical infrastructure sectors in North America

• A Day Without ICS: The real impact of ICS/OT security threats

Ransomware

• Worldwide ransomware roundup: 2025 end-of-year report

• Global ransomware attacks rose 32% in 2025, as manufacturers emerged as top target

• 2025 Shattered Records: Key takeaways from the GRIT 2026 Ransomware & Cyber Threat Report

• DeadLock Ransomware: Smart Contracts for Malicious Purposes

Domestic Operations: Joint Interagency Task Force-Counter Cartel (JIATF-CC) established & US Northern Command establishes JTF-GOLD

Quick Hits:

• (TLP:CLEAR) Assessing Terrorism Trends on the Horizon in 2026 — WaterISAC — Jan 15, 2026

• UK NCSC: Designing safer links: secure connectivity for operational technology

• NCSC UK: Secure connectivity principles for OT (collection)

• FBI: Secure Connectivity Principles for Operational Technology (OT) (PDF)

• ACSC (Australia): New publication for small businesses managing cyber risks from AI

• Artificial intelligence for small business: Managing cyber security risks

• Developing your IT recovery plan (Canadian Centre for Cyber Security, Jan 2026)

• Improving cyber security resilience through emergency preparedness planning (Canadian Centre for Cyber Security, Jan 2026)

• Developing your incident response plan (Canadian Centre for Cyber Security, Jan 2026)

• Developing your business continuity plan (Canadian Centre for Cyber Security, Jan 2026)

In this episode of The Gate 15 Interview, Andy Jabbour speaks with Chris Camacho. Chris is Abstract Security’s Co-Founder and Chief Operating Officer (COO). In this role, Chris is responsible for the go-to-market strategy, company vision, growth, collaboration, and client engagement. He is a leader, innovator and community builder. Before co-founding Abstract Security, Chris served as both Chief Strategy Officer and Chief Revenue Officer at Flashpoint and was responsible for helping grow the company to an acquisition by Audax PE and supporting three acquisitions to Flashpoint’s portfolio, which helped the company be an industry market leader in the information security market. Before his time at vendors like Abstract Security and Flashpoint, Chris was the Senior Vice President of Information Security at Bank of America, where he oversaw the Threat Management Program. An entrepreneur, Chris also served as CEO for NinjaJobs, a career-matching community for elite cybersecurity talent. As he continues to build trust and relationships throughout the cybersecurity community, he’s now building C2 Corner, a space for security leaders to share stories, connect through experience, and build what’s next together. Chris on LinkedIn.

In the podcast Chris and Andy discuss:

• Chris’s background and the road from financial services to becoming a vendor.
• Chris shares some threat perspective from deepfakes to the complexities of geopolitics and polarization.
• Chris talks about managing ever-increasing amounts of data and how Abstract Security is helping organizations to reduce risk.
• We discuss the idea of AI SOCs helping to enhance security operations.
• The importance of community building: from trust groups and ISACs to C2 Corner to in-person meet-ups!
• Chris shares some career advice, and
• We play 3 Questions! and talk Chris’s favorite meats, reading books (and writing books?), and the glory of the 90s.

Selected links:

• Abstract Security. “Security teams should stop adversaries—not manage security data. Abstract’s streaming-first platform simplifies the entire security data pipeline, from ingestion to detection to storage. By eliminating noise and delays, we help your team move faster, stay focused, and outpace attackers in real time.”
• Introducing C2 Corner: By Practitioners, For the Industry
• Applied Security Data Strategy: A Leader’s Guide: a practical toolkit designed to help organizations of all sizes

In this week's Security Sprint, Dave and Andy covered the following topics:

Warm Open:

• TribalHub Cybersecurity Summit! 17-20 Feb, Jacksonville, Florida

• Crypto ISAC & Crypto Crime Reaches Record High in 2025 as Nation-State Sanctions Evasion Moves On-Chain at Scale (and so many breach and incident reports)

• MFA follow up and the alleged Instagram breach: Instagram user data leak: scraped records from 2022 resurface

Main Topics:

Complex realities for the workplace:

• Venezuela, geopolitics and domestic considerations

• Immigration and ICE-related incidents and protests

• Considerations for leaders in the workplace

Insider Threats:

• Malicious employees for hire: How dark web criminals recruit insiders

• Hiding in plain sight: What the death of Aldrich Ames teaches us about insider threats

The State of Ransomware in the U.S.: Report and Statistics 2025. “Since 2023, the number of globally claimed victims has increased from approximately 5400 annually to over 8000 in 2025… the number of victims has grown, so has the number of ransomware groups… ransomware has become more decentralized, more competitive, and more resilient. As long as affiliates remain plentiful and social engineering remains effective, victim counts are likely to continue rising.”

Quick Hits:

• FBI FLASH: North Korean Kimsuky Actors Leverage Malicious QR Codes in Spearphishing Campaigns Targeting U.S. Entities

• How China and Russia are using Maduro’s capture to sway U.S. discourse

• U-Haul truck drives into crowd at Westwood rally against Iranian government

• The Government Cyber Action Plan: strengthening resilience across the UK

• CISA - Secure Your Business; Protect your business, employees and customers with smart cybersecurity practices

In this week's Security Sprint, Dave and Andy covered the following topics:

Warm Open:

• Trump suggests US used cyberattacks to turn off lights in Venezuela during strikes

• Protests in US cities over Trump’s military intervention in Venezuela

• Trump Ramps Up Incendiary Threats After Venezuela Strike

• White House: RUBIO: This Is Our Hemisphere — and President Trump Will Not Allow Our Security to be Threatened

• PMs of Greenland, Denmark tell Trump to stop U.S. takeover threats

Main Topics:

Leftwing militants claim responsibility for arson attack on Berlin power grid. Protest over climate crisis and AI has cut power to tens of thousands of homes which may take days to fully restore. The Vulkangruppe (Volcano Group) said it had deliberately targeted some of the city’s wealthiest districts.

Ransomware:

• Recorded Future: New ransomware tactics to watch out for in 2026

• Semperis: What CISOs Need to Know About Fighting Ransomware in 2026

• Top 10 Ransomware Groups of 2025

MFA: Dozens of Global Companies Hacked via Cloud Credentials from Infostealer Infections & More at Risk. This report provides a granular reconstruction of the compromised assets. Furthermore, we demonstrate that these catastrophic security failures were not the result of zero-day exploits in the platform architecture, but rather the downstream effect of malware infections on employee devices combined with a critical failure to enforce Multi-Factor Authentication (MFA).

• One criminal, 50 hacked organizations, and all because MFA wasn't turned on. "Because the organizations listed below did not enforce MFA, the attacker walks right in through the front door," the cybersecurity shop said in a Monday report. "No exploits, no cookies – just a password."

• Cloud file-sharing sites targeted for corporate data theft attacks

AI Deepfakes Are Impersonating Pastors to Try to Scam Their Congregations; Religious communities around the US are getting hit with AI depictions of their leaders sharing incendiary sermons and asking for donations.

Quick Hits:

• Bleeping Computer: The biggest cybersecurity and cyberattack stories of 2025

• Infosecurity's Top 10 Cybersecurity Stories of 2025

• Supply chains, AI, and the cloud: The biggest failures (and one success) of 2025.

• Two Americans Plead Guilty to Targeting Multiple U.S. Victims Using ALPHV BlackCat Ransomware

• CISA Known Exploited Vulnerabilities Surged 20% in 2025; CISA’s Known Exploited Vulnerabilities (KEV) Catalog Grew By 20% In 2025, Including 24 Vulnerabilities Exploited By Ransomware Groups