Please enjoy our newest podcast, the weekly Security Sprint, on Spotify, Apple, as well as other locations accessible via the Spotify for Podcasters link or almost anywhere you listen to your favorite podcasts. You can view here.
In this week’s Security Sprint, Dave and Andy covered the following topics:
Opening:
- TribalHub 6th Annual Cybersecurity Summit, 17–20 Feb 2026, Jacksonville, Florida
- IT-ISAC, Food & Ag ISAC Ransomware Reports!
- Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) Rulemaking; Town Hall Meetings
- What to Know About the Homeland Security Shutdown New York Times 15 Feb 2026
Main Topics:
South Korea blames Coupang data breach on management failure, not sophisticated attack – Reuters – 10 Feb 2026. “’It’s more of a management problem than an advanced attack,’ Choi Woo-hyuk, deputy minister for cyber security and network policy, told a press conference, citing lax oversight of authentication systems.” South Korean authorities released findings on a massive Coupang data leak, concluding that a former engineer exploited known authentication weaknesses and a retained signing key to access customer accounts for months, exposing personal data on about 33.7 million users. The Science Ministry framed the incident as a management and governance failure rather than an advanced cyberattack and criticized the company for delayed breach reporting and for allegedly deleting data that investigators had ordered preserved. Regulators signaled plans for fines and further investigation while emphasizing that poor key management, access control, and offboarding procedures enabled large-scale unauthorized access despite relatively basic techniques. Target: E-commerce providers, identity and access management teams, legal and compliance leaders responsible for breach reporting, and any firm that retains privileged developer keys. Dig: Use this case as a concrete example in executive risk conversations on IAM hygiene, review your signing key lifecycle and offboarding controls, and validate that breach notification and evidence preservation processes are tested and auditable.
AI Threats & Mitigation
- GTIG AI Threat Tracker: Distillation, Experimentation, and Continued Integration of AI for Adversarial Use — Google Cloud Blog — 12 Feb 2026. Google Threat Intelligence Group describes observed adversary use of AI across multiple phases of the attack lifecycle and highlights rising model extraction and distillation activity. The report also characterizes how state-linked actors integrate AI into research, targeting, and phishing enablement based on late 2025 observations and disruption activity. Target is model providers and organizations consuming AI services, with spillover risk to enterprises facing more scalable social engineering and faster attacker iteration.
- What CISOs need to know about ClawDBot, I mean MoltBot, I mean OpenClaw CSO Online — 16 Feb 2026. The article outlines enterprise risk considerations around OpenClaw and similar autonomous agent tooling that can execute actions on behalf of users with broad system access. It includes the warning that “The problem with running this is that these tools can do basically anything that a user can do,” says Rich Mogull, chief analyst at Cloud Security Alliance. “But it’s controlled externally. For an enterprise, this could be high risk. There are some guardrails that can be put around it, but they’re new, unproven, and have already been circumvented by researchers.” His recommendation: CISOs prohibit its use altogether.
Awareness of Preoperational Surveillance Tactics Associated With Terrorism Offers Opportunities — Joint Counterterrorism Assessment Team First Responder’s Toolbox, ODNI — 13 Feb 2026. This JCAT First Responder’s Toolbox product focuses on terrorist preoperational surveillance behaviors and provides indicators and mitigation considerations intended for public safety and private sector security partners. Target is early-stage attack planning activity where surveillance and probing can be detected and interrupted before an incident occurs. Per the product scope statement, “This product highlights both prevalent and novel tactics that violent extremists use to conduct preoperational surveillance as part of their attack planning. Based on observed tactics, the product offers a list of potential indicators for awareness, along with considerations and possible mitigation measures for public safety and private sector security partners.” Dig for ways to operationalize the indicators into guard force briefings and suspicious activity reporting workflows, and ensure frontline teams understand how to document and escalate observations without tipping off hostile surveillance. PDF link provided for reference: 172s Awareness of Preoperational Surveillance Tactics Associated with Terrorism Offers Opportunities. (DNI)
CISA’s 2025 Year in Review: Driving Security and Resilience Across Critical Infrastructure. Notable highlights include:
- Strengthened Collective Defense: Published more than 1,600 products and triaged 30,000+ incidents through CISA’s 24/7 Operations Center – keeping critical systems secure.
- Blocked Malicious Activity at Scale: Stopped 2.62 billion malicious connections on federal civilian networks and 371 million within critical infrastructure.
- Enhanced Preparedness Nationwide: Led 148 cyber and physical security exercises with 10,000+ participants, helping partners refine emergency plans and boost local and national resilience.
- Following Executive Order 14305, “Restoring American Airspace Sovereignty,” CISA published the Be Air Aware™ suite of security guides in November to help organization detect, respond to, and safely manage Unmanned Aircraft System Threats.
Quick Hits:
- Improving your response to vulnerability management — NCSC, 10 Feb 2026
- Guidance to Assist Non-Federal Entities to Share Cyber Threat Indicators and Defensive Measures with Federal Entities under the Cybersecurity Information Sharing Act of 2015 – CISA – 03 Feb 2026
- CISA Helps Johnny Secure Operational Technology: New Guidance Addresses Cyber Risks from Legacy Protocols. CISA released the guidance Barriers to Secure OT Communication: Why Johnny Can’t Authenticate.
- Poland energy sector cyber incident highlights OT and ICS security gaps
- CISA Updates BRICKSTORM Backdoor Malware Analysis Report
- Blended Threats: Axios Future of Cybersecurity – Axios – 10 Feb 2026
- A Defector Explains the Remote-Work Scam Helping North Korea Pay for Nukes Wall Street Journal 16 Feb 2026
- Hacktivism today: what three years of research reveal about its transformation
- Pakistan mosque attack highlights worsening militant threat
Read more about Gate 15’s full podcast menu at our Podcast page. You can subscribe and enjoy all the Gate 15 Podcasts on Spotify for Podcasters, Apple, Spotify, as well as other locations accessible from the Spotify for Podcasters link. Week-to-week, you can hear and learn more about our all-hazards threats, risks, mitigation and other issues impacting homeland security risk management from our team as well as our regular and special guests. The full podcast menu includes:
- The Security Sprint is our weekly rundown of the week’s notable all-hazards security news, risks and threats and some of the key focus areas for organizations to consider behind the headlines. Gate 15 team members discuss physical security, cybersecurity, natural hazards, health threats and other issues across our environment.
- Nerd Out! Security Panel Discussion, moderated by Dave Pounder, focuses on physical security topics including terrorism, extremism, hostile events, and other pertinent topics.
- The Gate 15 Interview, is a monthly interview between Gate 15’s founder and Managing Director, Andy Jabbour and guests from throughout the homeland security risk management community addressing a wide range of all-hazards topics and issues.
- The Cybersecurity Evangelist, with Jennifer Lyn Walker, is a cybersecurity-focused discussion with Jen and invited guests. This is presently a Gate 15 special podcast and occasionally is updated on our Gate 15 podcast channel.
- Venue Security, The IAVM Podcast Series was a 2024 limited series podcast as Gate 15’s founder and Managing Director, Andy Jabbour hosted a series of short interviews with venue safety and security experts from the International Association of Venue Managers’ (IAVM) Venue Safety and Security Committee (VSSC) and other special guests from the IAVM community.
- The Risk Roundtable, was a monthly discussion among our team and occasional guests exploring the all-hazards threats and risks impacting the United States and internationally. This was suspended in September 2023.
We hope you’ll subscribe, listen and share your ideas and other feedback! Reach out to us on Bluesky, LinkedIn, via email at Gate15@gate15.global.