Risky Business
Risky Business #824 -- Microsoft's Secure Future Is Looking a Bit Wobbly
Risky Business
•February 11, 2026•56 min
0
Risky Business•Feb 11, 2026
Why It Matters
These developments underscore how quickly geopolitical tensions translate into cyber threats, affecting critical infrastructure and widely used software. Understanding the shifting threat landscape and the potential of AI‑driven security tools helps professionals anticipate attacks and adapt defenses in a rapidly evolving digital environment.
Key Takeaways
- •Microsoft swaps security chief for engineering quality, raising doubts
- •Secure Boot root certificates expire 2024, older hardware may fail
- •Russian APT exploits legacy Office 2016, Microsoft patches unexpectedly
- •China-linked UNC‑3886 targets Singapore telcos in massive espionage
Pulse Analysis
Microsoft’s executive reshuffle sparked fresh scrutiny of its Secure Future Initiative. Charlie Bell, the longtime security architect, moved to an engineering‑quality role reporting directly to Satya Nadella, while Hayat Galot, a sales‑focused EVP, took over security leadership. Observers worry the shift signals a commercial tilt rather than deep technical stewardship, potentially weakening Microsoft’s long‑term security roadmap at a time when the company remains a cornerstone of enterprise protection.
Technical headaches also dominated the week. Microsoft’s Secure Boot infrastructure faces a critical deadline: the root CA certificates embedded in hardware since 2011 will expire in 2024. Modern machines can receive updates, but legacy devices risk boot failures unless manufacturers intervene. Meanwhile, a Russian‑linked APT exploited a dormant vulnerability in Office 2016, prompting an unexpected patch for an out‑of‑support product. The incident underscores the importance of rigorous patch management and the hidden risks of legacy software lingering in corporate environments.
State‑sponsored campaigns continued to shape the threat landscape. Russian actors targeted Olympic‑related entities with limited strategic payoff, while China‑linked groups such as Salt Typhoon and UNC‑3886 launched expansive espionage operations against telecom providers in Singapore and other regions. A surprising drop in global Telnet traffic hinted at proactive ISP filtering ahead of a newly disclosed vulnerability, illustrating how network‑level defenses can silently influence attack vectors. Together, these developments reinforce the need for continuous monitoring, cross‑border intelligence sharing, and resilient architecture in today’s hyper‑connected enterprise world.
Episode Description
On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:
Microsoft reshuffles security leadership. It doesn’t spark joy.
Russia is hacking the Winter Olympics. Again. But y tho?
China-linked groups are keeping busy, hacking telcos in Norway, Singapore and dozens of others
Campaigns underway targeting Ivanti, BeyondTrust and SolarWinds products
An unknown hero blocks 23/tcp on the US internet backbone
And James Wilson pops into talk about Claude’s go at a C compiler
This week’s episode is sponsored by Ent.AI, an AI startup that isn’t quite ready to tell us all what they’re doing. But nevertheless, founder Brandon Dixon joins to discuss AI’s role in security. Where does language-based understanding take us that previous methods couldn’t?
This episode is also available on Youtube.
Show notes
Updates in two of our core priorities - The Official Microsoft Blog
Strengthening Windows trust and security through User Transparency and Consent | Windows Experience Blog
Microsoft prepares to refresh Secure Boot’s digital certificate | Cybersecurity Dive
Microsoft Patch Tuesday matches last year’s zero-day high with six actively exploited vulnerabilities | CyberScoop
Microsoft releases urgent Office patch. Russian-state hackers pounce. - Ars Technica
Italy blames Russia-linked hackers for cyberattacks ahead of Winter Olympics | The Record from Recorded Future News
Researchers uncover vast cyberespionage operation targeting dozens of governments worldwide | The Record from Recorded Future News
Germany warns of state-linked phishing campaign targeting journalists, government officials | The Record from Recorded Future News
Norwegian intelligence discloses country hit by Salt Typhoon campaign | The Record from Recorded Future News
Singapore says China-linked hackers targeted telecom providers in major spying campaign | The Record from Recorded Future News
Largest Multi-Agency Cyber Operation Mounted to Counter Threat Posed by Advanced Persistent Threat (APT) Actor UNC3886 to Singapore’s Telecommunications Sector | Cyber Security Agency of Singapore
How Intel and Google Collaborate to Strengthen Intel® TDX
Strengthening the Foundation: A Joint Security Review of Intel TDX 1.5 - Google Bug Hunters
Active Exploitation of SolarWinds Web Help Desk (CVE-2025-26399) | Huntress
EU, Dutch government announce hacks following Ivanti zero-days | The Record from Recorded Future News
North Korean hackers targeted crypto exec with fake Zoom meeting, ClickFix scam | The Record from Recorded Future News
BeyondTrust warns of critical RCE flaw in remote support software
Rapid7 Analysis of CVE-2026-1731
Building a C compiler with a team of parallel Claudes \ Anthropic
(1) Post by @ryiron.bsky.social — Bluesky
What AI Security Research Looks Like When It Works | AISLE
South Korean crypto exchange races to recover $40bn of bitcoin sent to customers by mistake | South Korea | The Guardian
White House to meet with GOP lawmakers on FISA Section 702 renewal | The Record from Recorded Future News
Show Notes
0
Comments
Want to join the conversation?
Loading comments...