Cybersecurity Headlines – February 18, 2026

Host: Rich Stroffelino, CISO Series

Episode Overview

This episode delivers rapid-fire updates on key cyber incidents, government campaigns, and notable research findings from the world of information security. Topics include a targeted cyberattack on Iranian protestors, the UK’s effort to boost small business cybersecurity, the controversial use of Cellebrite’s phone hacking technology in Kenya, Pentagon concerns over AI supplier Anthropic, and more.

Key Discussion Points & Insights

1. Iranian Protestors Targeted by Spyware Campaign

Summary:
Researchers at Acronis identified a sophisticated cyber-espionage campaign targeting anti-government protest supporters in Iran since January 2026.
Attack Method:
- Malicious files were bundled with authentic protest footage and reports.
- New malware dubbed Crescent Harvest acted as both infostealer and remote access trojan.
- Stole credentials, browser histories, Telegram info, and could execute remote commands.
- Distribution relied on peer-to-peer sharing, heightened due to government internet blackouts.
Attribution:
Strong indications suggest Iranian-aligned threat actors.
Memorable quote:

"Given the intended targets and the sophistication in avoiding detection, the researchers suggested... it shows links to Iranian aligned threat actors." – Rich Stroffelino [00:33]

2. UK Launches "Lock the Door" Cybersecurity Campaign

Summary:
Faced with reports that 82% of businesses suffered cyber incidents in the last year—despite only 30% following government frameworks—the UK is ramping up basic cyber hygiene campaigns aimed at SMEs.
Campaign Details:
- Outreach via social media, business networks, radio, and podcasts.
- Encourages patching, strict access controls, and directs to free online readiness checks and 30-minute consultations with NCSC advisors.
- Previews Cyber Essentials certification questions.
Key stat:

"82% of businesses experience some form of cyber incident within the past year." – Rich Stroffelino [01:29]

3. Cellebrite Linked to Kenyan Politician's Phone Hack

Incident:
Citizen Lab reports Kenyan authorities used Cellebrite’s phone-cracking tools against activist and presidential candidate Boniface Mwangi after his July arrest.
Indicators:
- Mwangi noticed his phone no longer required a password.
- Evidence of exfiltration, including sensitive political plans.
Company Response:
Cellebrite claims a "rigorous review process" for tech misuse allegations.
Notable quote:

"Mwangi was alerted to this intrusion when his phone no longer required a password to unlock." – Rich Stroffelino [02:27]

4. Pentagon Considers Anthropic as a Supply Chain Risk

Big Move:
The Pentagon, per Axios, contemplates labeling Anthropic as a supply chain risk—typically reserved for foreign adversaries.
Context:
- Anthropic’s language models only ones cleared for classified use.
- Ban reflects disputes over usage, especially mass surveillance and autonomous weaponry, to which Anthropic is resistant.
Consequences:
Would block Anthropic from government contracts and bar suppliers from using it.
Memorable moment:

"Anthropic holding a hard line against using it for mass surveillance of US citizens and for unmanned weapons development." – Rich Stroffelino [03:31]

5. Identity Abuse Powers Most Attacks

Research:
Palo Alto’s Unit 42 finds identity-based techniques were responsible for two-thirds of initial network access during 2025.
Attack Vectors:
- Social engineering (most common)
- Compromised credentials
- Insider threats and brute force
Financial Impact:
Median ransom payments rose by 87% to US $500,000.
Quote:

"As is quickly becoming cliche, threat actors aren't breaking in, they're logging in." – Rich Stroffelino [05:02]

6. Man Arrested Over Mishandled Police Files

Story:
Dutch police mistakenly sent a man a download link to confidential files.
- The recipient refused to delete the files without a reward.
- Police arrested him, seized devices, and launched a search.
Commentary:

"In true mess around with it and find out energy. The police arrested the man, seized his data storage devices and searched his home." – Rich Stroffelino [05:37]

7. "Kinadu" Malware Embedded in Android Firmware

Research:
Kaspersky found a backdoor (Kinadu) in Android devices, spread through compromised firmware as well as apps.
Infection Spread:
Over 13,000 devices (Brazil, Germany, Japan, Netherlands, Russia), some pre-loaded on OEM devices.
Use:
Although capable of full device takeover, current use appears limited to ad fraud.

8. Phobos Ransomware Suspect Arrested in Poland

Details:
Polish cybercrime officers, in Europol’s Operation Aether, arrested a suspect tied to Phobos ransomware.
- Seized evidence links suspect to attacks with over US $16 million in ransoms (2024).
Background:
Phobos linked to breaches at 1,000+ global entities.

9. iOS 26.4 Beta: RCS & Memory Protections

Features:
- Adds limited support for encrypted RCS messages (Android-to-Android only).
- Expands Memory Integrity Enforcement (MIE) to always-on protections, defending against spyware attack paths.
Quote:

"MIE is meant as a defense against typical spyware attack paths, providing always on memory protection across the kernel and user LAN processes." – Rich Stroffelino [07:13]

Notable Quotes & Timestamps

“Given the intended targets and the sophistication in avoiding detection, the researchers suggested... it shows links to Iranian aligned threat actors.” — Rich Stroffelino [00:33]
“82% of businesses experience some form of cyber incident within the past year.” — Rich Stroffelino [01:29]
“Mwangi was alerted to this intrusion when his phone no longer required a password to unlock.” — Rich Stroffelino [02:27]
“Anthropic holding a hard line against using it for mass surveillance of US citizens and for unmanned weapons development.” — Rich Stroffelino [03:31]
“As is quickly becoming cliche, threat actors aren't breaking in, they're logging in.” — Rich Stroffelino [05:02]
“In true mess around with it and find out energy. The police arrested the man, seized his data storage devices and searched his home.” — Rich Stroffelino [05:37]
“MIE is meant as a defense against typical spyware attack paths, providing always on memory protection across the kernel and user LAN processes.” — Rich Stroffelino [07:13]

Key Segment Timestamps

Iranian Protestors Targeted: [00:06] – [01:29]
UK "Lock the Door" Campaign: [01:29] – [02:27]
Kenyan Politician Phone Crack (Cellebrite): [02:27] – [03:31]
Pentagon & Anthropic: [03:31] – [05:02]
Identity Abuse in Attacks: [05:02] – [05:37]
Dutch POL File Mishap: [05:37] – [06:16]
Kinadu Android Malware: [06:16] – [06:46]
Phobos Ransomware Arrest: [06:46] – [07:13]
Apple iOS Beta Protections: [07:13] – [07:56]

For deep dives and more details: Visit CISOseries.com
Host’s closing note:

“Reminding you to have a super sparkly day.” – Rich Stroffelino

Cybersecurity Headlines – February 18, 2026

Host: Rich Stroffelino, CISO Series

Episode Overview

Key Discussion Points & Insights

1. Iranian Protestors Targeted by Spyware Campaign

Summary:
Researchers at Acronis identified a sophisticated cyber-espionage campaign targeting anti-government protest supporters in Iran since January 2026.
Attack Method:
- Malicious files were bundled with authentic protest footage and reports.
- New malware dubbed Crescent Harvest acted as both infostealer and remote access trojan.
- Stole credentials, browser histories, Telegram info, and could execute remote commands.
- Distribution relied on peer-to-peer sharing, heightened due to government internet blackouts.
Attribution:
Strong indications suggest Iranian-aligned threat actors.
Memorable quote:

"Given the intended targets and the sophistication in avoiding detection, the researchers suggested... it shows links to Iranian aligned threat actors." – Rich Stroffelino [00:33]

2. UK Launches "Lock the Door" Cybersecurity Campaign

Summary:
Faced with reports that 82% of businesses suffered cyber incidents in the last year—despite only 30% following government frameworks—the UK is ramping up basic cyber hygiene campaigns aimed at SMEs.
Campaign Details:
- Outreach via social media, business networks, radio, and podcasts.
- Encourages patching, strict access controls, and directs to free online readiness checks and 30-minute consultations with NCSC advisors.
- Previews Cyber Essentials certification questions.
Key stat:

"82% of businesses experience some form of cyber incident within the past year." – Rich Stroffelino [01:29]

3. Cellebrite Linked to Kenyan Politician's Phone Hack

Incident:
Citizen Lab reports Kenyan authorities used Cellebrite’s phone-cracking tools against activist and presidential candidate Boniface Mwangi after his July arrest.
Indicators:
- Mwangi noticed his phone no longer required a password.
- Evidence of exfiltration, including sensitive political plans.
Company Response:
Cellebrite claims a "rigorous review process" for tech misuse allegations.
Notable quote:

"Mwangi was alerted to this intrusion when his phone no longer required a password to unlock." – Rich Stroffelino [02:27]

4. Pentagon Considers Anthropic as a Supply Chain Risk

Big Move:
The Pentagon, per Axios, contemplates labeling Anthropic as a supply chain risk—typically reserved for foreign adversaries.
Context:
- Anthropic’s language models only ones cleared for classified use.
- Ban reflects disputes over usage, especially mass surveillance and autonomous weaponry, to which Anthropic is resistant.
Consequences:
Would block Anthropic from government contracts and bar suppliers from using it.
Memorable moment:

"Anthropic holding a hard line against using it for mass surveillance of US citizens and for unmanned weapons development." – Rich Stroffelino [03:31]

5. Identity Abuse Powers Most Attacks

Research:
Palo Alto’s Unit 42 finds identity-based techniques were responsible for two-thirds of initial network access during 2025.
Attack Vectors:
- Social engineering (most common)
- Compromised credentials
- Insider threats and brute force
Financial Impact:
Median ransom payments rose by 87% to US $500,000.
Quote:

"As is quickly becoming cliche, threat actors aren't breaking in, they're logging in." – Rich Stroffelino [05:02]

6. Man Arrested Over Mishandled Police Files

Story:
Dutch police mistakenly sent a man a download link to confidential files.
- The recipient refused to delete the files without a reward.
- Police arrested him, seized devices, and launched a search.
Commentary:

"In true mess around with it and find out energy. The police arrested the man, seized his data storage devices and searched his home." – Rich Stroffelino [05:37]

7. "Kinadu" Malware Embedded in Android Firmware

Research:
Kaspersky found a backdoor (Kinadu) in Android devices, spread through compromised firmware as well as apps.
Infection Spread:
Over 13,000 devices (Brazil, Germany, Japan, Netherlands, Russia), some pre-loaded on OEM devices.
Use:
Although capable of full device takeover, current use appears limited to ad fraud.

8. Phobos Ransomware Suspect Arrested in Poland

Details:
Polish cybercrime officers, in Europol’s Operation Aether, arrested a suspect tied to Phobos ransomware.
- Seized evidence links suspect to attacks with over US $16 million in ransoms (2024).
Background:
Phobos linked to breaches at 1,000+ global entities.

9. iOS 26.4 Beta: RCS & Memory Protections

Features:
- Adds limited support for encrypted RCS messages (Android-to-Android only).
- Expands Memory Integrity Enforcement (MIE) to always-on protections, defending against spyware attack paths.
Quote:

"MIE is meant as a defense against typical spyware attack paths, providing always on memory protection across the kernel and user LAN processes." – Rich Stroffelino [07:13]

Notable Quotes & Timestamps

“Given the intended targets and the sophistication in avoiding detection, the researchers suggested... it shows links to Iranian aligned threat actors.” — Rich Stroffelino [00:33]
“82% of businesses experience some form of cyber incident within the past year.” — Rich Stroffelino [01:29]
“Mwangi was alerted to this intrusion when his phone no longer required a password to unlock.” — Rich Stroffelino [02:27]
“Anthropic holding a hard line against using it for mass surveillance of US citizens and for unmanned weapons development.” — Rich Stroffelino [03:31]
“As is quickly becoming cliche, threat actors aren't breaking in, they're logging in.” — Rich Stroffelino [05:02]
“In true mess around with it and find out energy. The police arrested the man, seized his data storage devices and searched his home.” — Rich Stroffelino [05:37]
“MIE is meant as a defense against typical spyware attack paths, providing always on memory protection across the kernel and user LAN processes.” — Rich Stroffelino [07:13]

Key Segment Timestamps

Iranian Protestors Targeted: [00:06] – [01:29]
UK "Lock the Door" Campaign: [01:29] – [02:27]
Kenyan Politician Phone Crack (Cellebrite): [02:27] – [03:31]
Pentagon & Anthropic: [03:31] – [05:02]
Identity Abuse in Attacks: [05:02] – [05:37]
Dutch POL File Mishap: [05:37] – [06:16]
Kinadu Android Malware: [06:16] – [06:46]
Phobos Ransomware Arrest: [06:46] – [07:13]
Apple iOS Beta Protections: [07:13] – [07:56]

For deep dives and more details: Visit CISOseries.com
Host’s closing note:

“Reminding you to have a super sparkly day.” – Rich Stroffelino

wavePod

Hacking protestors, UK "locks the door," Kenyan politician phone cracked

Powered by Wave AI

Summary

Cybersecurity Headlines – February 18, 2026

Episode Overview

Key Discussion Points & Insights

1. Iranian Protestors Targeted by Spyware Campaign

2. UK Launches "Lock the Door" Cybersecurity Campaign

3. Cellebrite Linked to Kenyan Politician's Phone Hack

4. Pentagon Considers Anthropic as a Supply Chain Risk

5. Identity Abuse Powers Most Attacks

6. Man Arrested Over Mishandled Police Files

7. "Kinadu" Malware Embedded in Android Firmware

8. Phobos Ransomware Suspect Arrested in Poland

9. iOS 26.4 Beta: RCS & Memory Protections

Notable Quotes & Timestamps

Key Segment Timestamps

Summary

Cybersecurity Headlines – February 18, 2026

Episode Overview

Key Discussion Points & Insights

1. Iranian Protestors Targeted by Spyware Campaign

2. UK Launches "Lock the Door" Cybersecurity Campaign

3. Cellebrite Linked to Kenyan Politician's Phone Hack

4. Pentagon Considers Anthropic as a Supply Chain Risk

5. Identity Abuse Powers Most Attacks

6. Man Arrested Over Mishandled Police Files

7. "Kinadu" Malware Embedded in Android Firmware

8. Phobos Ransomware Suspect Arrested in Poland

9. iOS 26.4 Beta: RCS & Memory Protections

Notable Quotes & Timestamps

Key Segment Timestamps