Episode Summary: Cybersecurity Headlines – February 12, 2026

Main Theme
This episode, hosted by Sarah Lane, delivers a concise roundup of major developments in the cybersecurity landscape. Topics include innovative attack techniques, new state-level security measures, details of recent breaches, software supply chain threats, emerging ransomware operations, privacy issues with browser extensions, critical software vulnerabilities, and the takedown of a major phishing operation.

Key Discussion Points and Insights

1. Crazy Gang Abuses Employee Monitoring Tools

• Overview:
  Security researchers at Huntress discovered that the Crazy ransomware gang is misusing legitimate employee monitoring software and the Simple Help remote support tool to persist inside corporate networks undetected.
• Tactics:
  • Attackers installed “Net Monitor for employees” for screen watching, file transfer, and remote command execution.
  • Simple Help was deployed under disguised file names for backup access and disabling Windows Defender.
  • Activities focused on spotting cryptocurrency wallets and remote access tools.
• Access Vector:
  Both incidents were traced to a single operator using stolen SSL VPN credentials.
• Notable Quote:
  “The attackers installed Net Monitor for employees to watch screens, transfer files and run commands, while also deploying Simple Help under disguised file names…”
  — Sarah Lane [00:13]
• Timestamp: 00:07–01:10

2. Nevada Unveils Statewide Data Classification

• Overview:
  Nevada introduces a mandatory data classification policy for all agencies, following a significant state-level cyberattack.
• Framework:
  Data must now be labeled as public, sensitive, confidential, or restricted. When in doubt, stricter safeguards are applied.
• Purpose:
  The classification aims to establish a statewide security baseline and will guide future protections, like multi-factor authentication.
• Broader Reforms:
  Plans include establishing a state Security Operations Center (SOC).
• Notable Quote:
  “Officials say the policy establishes a shared baseline for protecting information and will underpin future cybersecurity measures…”
  — Sarah Lane [01:10]
• Timestamp: 01:10–01:43

3. Georgia Healthcare Breach: Impact Expands

• Overview:
  2025 attack on Apollo MD, a large Georgia physician group, is confirmed to have exposed sensitive data of 626,540 people.
• Breach Details:
  Hackers accessed names, birth dates, addresses, diagnosis, treatment details, insurance data, and Social Security numbers over two days.
• Attribution:
  The Chilean ransomware gang is responsible; Cisco Talos notes the group averaged 40 victim data publications monthly.
• Notable Quote:
  “Hackers were inside the company's systems for two days in May, accessing names, birth dates, addresses, diagnosis, treatment details, insurance data and Social Security numbers.”
  — Sarah Lane [01:43]
• Timestamp: 01:43–02:15

4. Outlook Store Add-in Hijacked for Phishing

• Overview:
  A legitimate Outlook add-in, “Agree to,” was hijacked after developer abandonment, turning it into a phishing delivery platform.
• Incident Details:
  • The new operator pushed a fake Microsoft login page to steal user account credentials, credit cards, and security answers (over 4,000 accounts compromised).
  • Stolen data was exfiltrated via Telegram.
  • Microsoft removed the add-in; researchers note it's likely the first malicious add-in found in Outlook’s official marketplace.
• Notable Quote:
  “Researchers say it may be the first malicious Outlook add in discovered there.”
  — Sarah Lane [02:15]
• Timestamp: 02:15–02:52

5. 0APT Ransomware Group: Hype vs. Reality

• Overview:
  New ransomware group 0APT claims 200 victims in its debut week, but security firms suspect exaggeration.
• Industry Response:
  • GuidePoint: The group’s encryptor lacks sophistication, real operational capacity not demonstrated.
  • Halcyon: Claims appear to be a publicity stunt to attract affiliates, though the overall threat is legitimate.
• Notable Quote:
  “Halcyon says the group's victim list appears to be a publicity stunt to attract affiliates…”
  — Sarah Lane [04:02]
• Timestamp: 04:02–04:42

6. Chrome Extensions Leak Millions of Browsing Histories

• Overview:
  Researcher Q Continuum exposed 287 Chrome extensions (37.4 million installs) exfiltrating browser histories to over 30 organizations.
• Key Findings:
  • Extensions sent data to companies including SimilarWeb, SEMrush, Alibaba, and ByteDance.
  • Many extensions over-requested history access and buried disclosures in privacy policies.
  • 20 million installs linked to unknown data collectors.
• Notable Quote:
  “About 20 million installs were tied to unknown collectors.”
  — Sarah Lane [05:11]
• Timestamp: 04:42–05:24

7. Windows 11 Notepad Vulnerability Patched

• Overview:
  Microsoft fixed a critical Notepad flaw that allowed malicious markdown links to execute code silently.
• Vulnerability:
  • Special links could launch files without security prompts, inheriting user permissions.
• Remediation:
  Patch Tuesday update introduces warnings for nonstandard links; Notepad updates now automatic via the Microsoft Store.
• Notable Quote:
  “The flaw let specially crafted links launch files without any Windows security warning, giving attackers the same permissions as the user who clicked them.”
  — Sarah Lane [05:31]
• Timestamp: 05:24–05:56

8. Joker Opt Phishing-Service Seller Arrested

• Overview:
  Dutch police, after a three-year investigation, arrested a 21-year-old for selling licenses to the “Joker Opt” phishing-as-a-service tool.
• Platform Impact:
  • Enabled over 28,000 attacks across 13 countries, causing at least $10 million in losses.
  • Service specialized in automating voice calls to intercept one-time passcodes.
  • Licenses sold via Telegram; police are pursuing dozens of identified buyers.
• Notable Quote:
  “Authorities say the phishing as a service platform caused at least $10 million in losses across more than 28,000 attacks in 13 countries by automating calls to victims to capture one time passcodes.”
  — Sarah Lane [06:17]
• Timestamp: 05:56–06:41

Notable Quotes & Memorable Moments

• On attacker innovation:
  “Attackers installed Net Monitor for employees to watch screens, transfer files and run commands...”
  — Sarah Lane [00:13]

• On the shifting landscape:
  “Researchers say it may be the first malicious Outlook add in discovered there.”
  — Sarah Lane [02:51]

• On data collection at scale:
  “About 20 million installs were tied to unknown collectors.”
  — Sarah Lane [05:18]

• On law enforcement action:
  “Authorities say the phishing as a service platform caused at least $10 million in losses...”
  — Sarah Lane [06:20]

Timestamps of Important Segments

| Segment | Timestamp | |------------------------------------------------|---------------| | Crazy Gang abuses employee monitoring tools | 00:07–01:10 | | Nevada introduces data classification | 01:10–01:43 | | Georgia healthcare breach update | 01:43–02:15 | | Outlook Add-in hijacked for phishing | 02:15–02:52 | | 0APT ransomware group emerges | 04:02–04:42 | | Chrome extensions leak histories | 04:42–05:24 | | Windows 11 Notepad flaw patched | 05:24–05:56 | | Joker Opt phishing tool seller arrested | 05:56–06:41 |

Summary & Tone

The episode adopts a brisk, headline-driven delivery, focusing on actionable intelligence and recent events shaping information security. The stories highlight a mix of attack ingenuity, ongoing threat actor evolution, improvements in defensive posture, risks in software supply chains, and law enforcement successes.

For further details or to explore any headline in depth, listeners are encouraged to visit CISOseries.com.