On this week’s show, Patrick Gray, Adam Boileau and James WIlson discuss the week’s cybersecurity news. They cover:

• Palo Alto threat researchers want to attribute to China, but its management says shush
• An increasing proportion of ransomware is data extortion. Is this good?
• Cambodia says it’s going to dismantle scam compounds
• CISA sufferers through yet another shutdown
• Google Gemini’s training secrets are being systematically harvested to improve other LLMs
• Academics assess SaaS password managers’ resilience against a malicious server

This episode is sponsored by SSO-firewall integration vendor Knocknoc. Chief exec Adam Pointon joins to talk about the latest in defences… which is to say Knocknoc for Solaris/Sparc and HPUX on PA-RISC?! Okay also that other little known OS… Windows.

Show Notes:

Data-only extortion grows as ransomware gangs seek better profits | Cybersecurity Dive https://www.cybersecuritydive.com/news/ransomware-extortion-bec-arctic-wolf/812321/

Arctic Wolf Threat Report 2026 https://arcticwolf.com/resource/_pfcdn/assets/preprocessed/10926/33669238-9331-4464-918c-c77e18337e92/33669238-9331-4464-918c-c77e18337e92.pdf

Exclusive: Palo Alto chose not to tie China to hacking campaign for fear of retaliation from Beijing, sources say https://www.reuters.com/world/china/palo-alto-chose-not-tie-china-hacking-campaign-fear-retaliation-beijing-sources-2026-02-12/

Risky Bulletin: Cambodia promises to dismantle scam networks by April - Risky Business Media https://risky.biz/risky-bulletin-cambodia-promises-to-dismantle-scam-networks-by-april/

Age of the ‘scam state’: how an illicit, multibillion-dollar industry has taken root in south-east Asia | Cybercrime | The Guardian https://www.theguardian.com/technology/2025/dec/02/scam-state-multi-billion-dollar-industry-south-east-asia

Critical flaw in BeyondTrust Remote Support sees early signs of exploitation | Cybersecurity Dive https://www.cybersecuritydive.com/news/critical-flaw-beyondtrust-remote-support-early-exploitation/812215/

CISA Navigates DHS Shutdown With Reduced Staff - SecurityWeek https://www.securityweek.com/cisa-navigates-dhs-shutdown-with-reduced-staff/

Kimwolf Botnet Swamps Anonymity Network I2P – Krebs on Security https://krebsonsecurity.com/2026/02/kimwolf-botnet-swamps-anonymity-network-i2p/

BADIIS to the Bone: New Insights to a Global SEO Poisoning Campaign — Elastic Security Labs https://www.elastic.co/security-labs/badiis-to-the-bone-new-insights-to-global-seo-poisoning-campaign

Over 500,000 VKontakte accounts hijacked through malicious Chrome extensions | The Record from Recorded Future News https://therecord.media/500000-vkontakte-accounts-hijacked-chrome-extensions

Password managers’ promise that they can’t see your vaults isn’t always true - Ars Technica https://arstechnica.com/security/2026/02/password-managers-promise-that-they-cant-see-your-vaults-isnt-always-true/

Zero Knowledge (About) Encryption: A Comparative Security Analysis of Three Cloud-based Password Managershttps://eprint.iacr.org/2026/058.pdf

Google finds state-sponsored hackers use AI at ‘all stages’ of attack cycle | CyberScoop https://cyberscoop.com/state-hackers-using-gemini-google-ai/

Google: Gemini hit with 100,000+ prompts in cloning attempt https://www.nbcnews.com/tech/security/google-gemini-hit-100000-prompts-cloning-attempt-rcna258657

Proofpoint acquires Acuvity to tackle the security risks of agentic AI | CyberScoop https://cyberscoop.com/proofpoint-acuvity-deal-agentic-ai-security/

Cisco Redefines Security for the Agentic Era with AI Defense Expansion and AI-Aware SASE https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2026/m02/cisco-redefines-security-for-the-agentic-era.html

Sophos Acquires Arco Cyber to Bring CISO-Level, Agentic AI-Powered Expertise to Every Organization https://www.sophos.com/en-us/press/press-releases/2026/02/sophos-acquires-arco-cyber

Dave Kennedy on X: “Regarding this, there was a couple questions on does the pacemaker continue to advertise - most BLE implantable devices go into a sleep type mode. In this case, we are lucky - it does not. We know based on law enforcement answers that she is using a more modern pacemaker with” / X https://x.com/hackingdave/status/2023079529569214868?s=46&t=VLIuBKdOq3MvRk4IpV-_-A

Clash Report on X: “BIG: Dutch Defence Minister Gijs Tuinman hints that software independence is possible for F-35 jets. He literally said you can “jailbreak” an F-35. When asked if Europe can modify it without US approval: “That’s not the point… we’ll see whether the Americans will show https://t.co/f11cGvtYsO” / X https://x.com/clashreport/status/2023077430840172571?s=46&t=VLIuBKdOq3MvRk4IpV-_-A

Dutch police arrest man who refused to delete confidential files shared by mistake | The Record from Recorded Future News https://therecord.media/netherlands-arrest-confidential-files-police