Gottumukkala is out as acting CISA director

Metacurity is a daily intelligence layer for people who must stay current on the critical happenings in the cybersecurity realm.

We scan thousands of sources on the web to decode the narrative, surface overlooked signals, and connect the dots others miss.

Every day, Metacurity delivers independent, analytical, and daily intelligence that sits outside the cybersecurity echo chamber and reputation economy of other newsletters. Along with the headline-grabbing news items, Metacurity delivers news of developments you won't see in other cybersecurity newsletters.

Please consider supporting Metacurity's continued existence by upgrading your subscription. Thank you.

Madhu Gottumukkala, who has been serving as acting director of CISA, will move to a newly created post within the Department of Homeland Security as director of strategic implementation, a DHS official said.

The official described the change as part of broader efforts to “stop waste, fraud and abuse” and streamline the agency’s operations, saying Gottumukkala had advanced a return to the agency’s core mission.

However, Gottumukkala’s reassignment follows months of criticism from lawmakers and industry observers about the agency’s staffing levels and internal management. During hearings earlier this year, members of the House Homeland Security Committee pressed him over workforce reductions that saw roughly one-third of CISA’s staff depart and questioned personnel decisions, including efforts to reassign senior officials.

Nick Andersen, CISA’s executive assistant director for cybersecurity, will take over as the new acting director, according to DHS. Andersen, a career cybersecurity official with public and private sector experience, has been viewed more favorably by industry and government partners than his predecessor.

The leadership change comes as the agency remains without a permanent Senate-confirmed director. The White House has nominated Sean Plankey for the position, but he has not yet received a confirmation hearing.

DHS officials acknowledged “significant criticism” of CISA’s performance under Gottumukkala, but defended his work on internal reform. Andersen’s elevation is seen as an attempt to stabilize leadership at the agency responsible for defending the US critical infrastructure and federal networks against growing cyber threats.

Perhaps in unrelated moves, CISA’s Chief Information Officer Bob Costello and acting Chief Human Capital Officer Kevin Diana were recently told to accept another role at DHS or resign. (Luke Barr / ABC News, Tim Starks / Cyberscoop, and John Sakellariadis / Politico)

Related: Nextgov/FCW, Politico

A Greek court found Intellexa founder Tal Dilian and the other three defendants linked to the Greece-based spyware company or related firms guilty of breaching personal data in 2020-2021 and sentenced them to prison terms.

The Second Single-Member Misdemeanor Court of Athens handed down a combined prison sentence of 126 years and eight months to the four defendants of the spyware firm Intellexa. Under Greek sentencing laws, the defendants must serve a mandatory eight years of that term, though the sentence has been suspended pending an appeal.

Intellexa SA founder Tal Dilian and the other three defendants did not enter a formal plea but have all denied charges against them. They were represented by their lawyers in the courtroom.

The charges stem from allegations that the group’s Predator spyware was used to target phones and communications in what became known as the “Predatorgate” scandal that shook Greek politics and security institutions in 2022.

The case drew widespread public attention when opposition politician Nikos Androulakis revealed his phone had been targeted with the spyware, leading to resignations at Greece’s national intelligence agency and intense debate about privacy and institutional oversight. (Renee Maltezou and Yannis Souliotis / Reuters and Tasos Kokkinidis / The Greek Reporter)

Related: ICIJ, The Jerusalem Post, The Times of Israel, BBC News, Haaretz, Reuters, Greek Reporter, Athens News, Politico, The Record, Kathimerini.gr, Courthouse News Service, TechCrunch, Balkan Insight

In a public statement, Anthropic said it would not agree to changes sought by the Pentagon that it believes would weaken safeguards on its AI models.

The company said it supports national security efforts but maintains firm restrictions on uses such as mass surveillance or fully autonomous weapons. Anthropic framed its position as consistent with its long-standing safety commitments and said it could not accept terms that would remove or dilute those protections.

The Pentagon has rejected the characterization that it was attempting to override ethical or legal guardrails. Defense Department officials said they had made compromises during negotiations and emphasized that any use of AI systems would remain subject to USlaw and policy. Officials also underscored the military’s need to integrate advanced AI tools into defense operations as part of broader modernization efforts.

Separately, the Pentagon is moving to build AI tools to support cyber operations focused on China, underscoring the military’s broader push to integrate advanced artificial intelligence capabilities into strategic competition.

The department was in talks with leading AI companies about partnerships to conduct automated reconnaissance of China’s power grids, utilities, and sensitive networks, as well as those of other adversaries, said several people with knowledge of the plans.

The proposed system would use AI to penetrate computer networks, map vulnerabilities, and integrate potential targets into US war planning, the people added.

OpenAI, Anthropic, Google, and Elon Musk’s xAI have been awarded contracts worth about $200mn to partner with the US government for military, cyber, and security applications. Which companies will be involved in the new cyber initiative is yet to be determined. (Statement from Dario Amodei, Jennifer Jacobs, Joe Walsh / CBS News and Cristina Criddle, George Hammond, and Demetri Sevastopulo / Financial Times)

Related: The Verge, CNN, Benzinga, The Information, The Register, San Francisco Chronicle, Sources, Defense One, NPR, Chicago Tribune, Politico, The Hill, Decrypt, Gizmodo, Implicator.ai, Understanding AI, BeInCrypto, Techstrong.ai, The Atlantic, The Deep View, TechCrunch, EFF

More than 200 employees at Google DeepMind and Google’s broader AI research division sent a letter to Jeff Dean, Google’s chief scientist, opposing the use of the company’s advanced AI technology in US surveillance and autonomous weapon systems.

The protest was prompted by Pentagon pressure on AI companies to commit their models — including Google’s Gemini — for use in defense and intelligence applications without clear public safeguards against misuse.

In the letter, the staff expressed concern that allowing Google’s AI to be used for mass domestic surveillance or in systems capable of autonomous lethal action would violate the company’s own ethical commitments and Google’s publicly stated AI principles.

These principles originally committed Google not to pursue applications that could enable harm, such as weapons or intrusive monitoring, and the protesters warned that bending to military demands could erode those safeguards and undermine civil liberties. (Tripp Mickle / New York Times)

Related: The Week, Axios, Business Insider

A global law enforcement initiative known as Project Compass has led to the arrest of 30 suspects tied to The Com, a decentralized online network of largely young participants involved in cybercrime, extortion, violent acts, and other illicit behavior, Europol said.

Project Compass, coordinated by Europol with support from 28 countries, including Five Eyes partners, aims to share intelligence and improve cooperation against the sprawling threat.

Officials say the effort has helped identify or partially identify 179 alleged perpetrators and safeguard four victims, as well as map affiliations across The Com’s subgroups, which US authorities characterize as including Hacker Com, In Real Life Com, and Extortion Com. Crimes attributed to the network range from cyberattacks and extortion to physical violence and evasion of law enforcement.

“The Com deliberately targets children in the digital spaces where they feel most at ease,” said a Europol official. Despite the arrests, authorities say many members remain at large and more victims await help. (Matt Kapko / CyberScoop)

Related: Europol, Heise Online

UFP Technologies, a US maker of medical devices and components, has disclosed a cyberattack in which hackers stole company data and disrupted some information technology systems.

In a Securities and Exchange Commission filing, the company said it detected suspicious activity on Feb. 14 and immediately took steps to isolate affected systems and bring in outside cybersecurity experts.

Preliminary findings indicate the intruder stole data before being removed, and some company data may have been destroyed. The incident affected systems used for billing and delivery labeling, but core operations remain largely intact, and the company said it does not expect a material financial impact.

It is still investigating whether any personal information was compromised and will notify individuals if required under law. No ransomware group has publicly claimed responsibility. (Bill Toulas / Bleeping Computer)

Related: SEC, SC Media, The Record, Medical Device and Diagnostic Industry, The HIPAA Journal, Security WeekKathimerini

Hackers compromised roughly 5,000 Yes Bank-issued multi-currency forex cards in what has been described as a BIN, or bank identification number, attack, resulting in fraudulent transactions totaling about Rs 2.55 crore, or approximately $300,000 based on current exchange rates.

The incident involved unauthorized international transactions carried out using card details that were systematically tested and exploited by attackers.

The suspicious activity was detected after a spike in transaction declines and unusual overseas charges. Yes Bank said it blocked hundreds of additional attempted transactions to limit further losses and took preventive measures, including restricting certain high-risk international e-commerce routes. The affected cards were largely linked to BookMyForex, a forex services partner, though the company denied any breach of its internal systems.

The fraud has raised concerns about vulnerabilities in prepaid forex card systems, particularly in cross-border transactions, and prompted increased scrutiny from customers and regulators. Investigations into how the card details were compromised are ongoing, while impacted users have reported unauthorized dollar-denominated charges on their accounts. (Lokmat Times)

Related: Devdiscourse, Financial Express, Economic Times, NDTV

Embattled South Korean online retail giant Coupang saw its operating profit plunge due to a massive data breach revealed in November, according to the company's annual and fourth-quarter consolidated financial report submitted to the US Securities and Exchange Commission.

Fourth-quarter operating profit plummeted 97% to 115 billion won (US$80 million) from 4.353 trillion won (US$300 million) in the same period the previous year. The fourth-quarter operating margin stood at just 0.09%. Net income turned to a loss, with a net loss of 377 billion won (US$260 million) compared to a net profit of 1.827 trillion won in the same period the previous year.

On an annual basis, while revenue grew and profit margins slightly increased, profitability declined. Last year’s annual operating profit was 6.79 trillion won (US$473 million), up 12.7% from the previous year (6.023 trillion won). However, the annual operating margin fell from 1.46% to 1.38%.

Bom Kim, Coupang founder and chairman, issued his first verbal apology regarding last year’s large-scale customer data breach in Korea during an earnings call.

Kim said he once again apologized for the customers' concern and the inconvenience caused by the personal data leak that occurred last year.

Kim issued a written apology in December, about a month after the data breach was disclosed, but this was the first time that he has apologized directly in a public setting. (Lee Joon-woo / Chosun Daily and Nam Hyun-woo / Korea Times)

Related: SEC, Korea Herald, Tech in Asia, Inside Retail, Yonhap News

Academic researchers at the 2026 Network and Distributed System Security Symposium unveiled a novel attack technique dubbed “AirSnitch” that can bypass protections in modern Wi-Fi networks and potentially allow attackers to intercept or manipulate data on home, office, and enterprise wireless systems.

AirSnitch exploits weaknesses in how client isolation and network layers are implemented, enabling an attacker on the same wireless access point to position itself between devices and view or alter traffic that should be encrypted, researchers said.

The technique does not break the underlying Wi-Fi authentication or encryption algorithms, but it nullifies client isolation safeguards that are designed to prevent one connected device from directly accessing another’s traffic.

Researchers demonstrated that AirSnitch can be used to launch full “man-in-the-middle” (MitM) attacks, letting attackers intercept data, poison domain name system (DNS) lookups, steal session cookies, and potentially access unencrypted information even on protected networks.

The vulnerability affects a broad range of routers and network configurations from major vendors and open-source firmware, and works across different network segments or service set identifiers (SSIDs), the report said. Researchers shared their findings at the 2026 Network and Distributed System Security Symposium. (Dan Goodin / Ars Technica)

Related: NDSS Symposium, Tom's Hardware, UC Riverside, Hacker News, r/pwnhub, r/firewalla, Lobsters, Ars OpenForum

Best Thing of the Day: Sending a Psychopath Back to Prison

The Helsinki Court of Appeal increased Aleksanteri Kivimäki's sentence to almost seven years in the criminal case against the psychotherapy center Vastaamo, sending him back to prison after his release from pretrial detention.

Worst Thing of the Day: While You're Trying on Your Jeans, Lean into the Eyeball Scanning Orb

Sam Altman's eyeball-scanning identity project, Tools for Humanity, now plans to lean on partnerships with traditional brands such as Gap, Visa, and Tinder to handle a large share of the marketing for World ID.

Closing Thought