Transcript
A (0:00)
From the CISO series. It's Cybersecurity Headlines
B (0:07)
these are the cybersecurity headlines for Thursday, February 19, 2026. I'm Sarah Lane. Microsoft Copilot summarizes confidential Emails Microsoft says a code bug in Microsoft 365 copilot caused the AI to summarize emails marked confidential so since late January, bypassing sensitivity labels and data loss prevention policies. The issue was detected on January 21 and affects the Copilot Chat work tab, which incorrectly pulls and summarizes emails from users, sent items and draft folders, including messages explicitly restricted from automated access. Microsoft says this is a code error and began rolling out effects earlier this month. Shiny Hunters takes Cargurus Records the Shiny Hunters cybercrime group claims it breached CarGurus and stole 1.7 million corporate records, threatening to leak the data if the company doesn't respond by February 20th. The gang says this includes personally identifiable information and internal corporate data. Cargurus has not confirmed the breach, but this is part of a broader spree attributed to Shiny Hunters and affiliates that who have recently posted alleged breaches involving investment firms Mercer Advisors and Beacon Point Advisors, as well as companies including Canada Goose and Figure Technology Solutions. Texas sues TP Link over router hack Texas Attorney General Ken Paxton sued TP Link Systems alleging it deceptively markets its products as secure while allowing vulnerabilities that Chinese state sponsored hackers have exploited. The Lawsuit cites a 2023 report linking TP link firmware flaws to activity by the Camaro Dragon hacking group and argues because many components are sourced from China, the company could be subject to Chinese intelligence laws requiring cooperation with state authorities. TP Link denied the allegations. Honeywell CCTVs vulnerable to auth bypass CISA says a 9.8 severity vulnerability affecting multiple Honeywell CCTV models could let unauthenticated attackers take over device accounts and access camera feeds. The flaw stems from an exposed API endpoint that lets attackers change the account's password recovery email without authentication, effectively enabling account hijacking and some critical infrastructure environments. CISA is telling organizations to limit network exposure, isolate devices behind firewalls and use secure remote access methods. Huge thanks to our sponsor Conveyor, every fast growing company hits this one moment. Sales wants to close bigger enterprise deals, but this means the security team is buried in security questionnaires. Alteryx avoided the deluge of questionnaires by using Conveyor to automate their customer security Reviews. The result? AI completes questionnaires 40% more customers are supported through a self serve trust center and more than half a billion dollars in security influenced revenue. If you're trying to scale without adding headcount, take a look at conveyor@conveyor.com Fraudster hacks Hotel system pays 1 cent Spanish police arrested a 20 year old man accused of hacking a hotel booking website to manipulate its payment validation system, letting him book stays for just one cent per night. Authorities say the suspect repeatedly exploited the flaw, including during a four night €4,000 stay in Madrid. The scheme initially appeared to process full payments, but when funds were transferred to the hotel it it revealed that only $0.01 had actually been paid. Crescent Harvest Campaign Targets Iran Protest supporters Acronis researchers have identified a campaign dubbed Crescent Harvest targeting supporters of Iran's protests with rat malware delivered via malicious shortcut files disguised as protest media. The malware uses DLL sideloading through a legitimate Google signed binary to evade detection and can steal credentials to telegram data, browser information and log keystrokes. The activity is likely linked to an Iran aligned threat group and reflects ongoing state backed surveillance of activists and dissidents. Threat actor exploits del0day researchers at Mandiant and Google say a suspected China linked threat group has been exploiting a critical zero day and Dell recover point for virtual machines since at least mid 2024. The hard coded credential flaw allows unauthenticated attackers to gain root level access, move laterally, maintain persistence and deploy malware. Dell has issued remediation guidance. Google has offered recommendations to help organizations assess potential compromise. Lawsuit Claims Feds used Gross Mischaracterizations A former federal election official told a court that the FBI misrepresented key facts and omitted public evidence in its affidavit used to justify last month's raid on Fulton County, Georgia election offices. The affidavit cited alleged issues with ballot image storage and vote tabulation to suggest a conspiracy to favor Joe Biden. Researcher Ryan Macias, who tested and certified the county's 2020 voting machines, said these claims have already been investigated and found baseless. Macias noted standard practices, prior state investigations and minor discrepancies mischaracterized with the affidavit containing factual errors on vote counts and reporting timelines undermining its basis for probable cause. Agentic AI was the buzzword of the year in 2025. Everyone wants to figure out how to use agents, but how do you know how much authority to give them in your soc? That is what we're trying to answer on this week's episode of Defense in Depth. Look for the episode how much autonomy should you give AI agents in your soc wherever you get your podcasts. If you have thoughts on the news from today or about the show in general, be sure to reach out to us@feedbackisoseries.com we would love to hear from you. I am Sarah Lane reporting for the CISO series and we will talk to you tomorrow.