Daily Cyber Threat Brief - Ep 1067 (Feb 12, 2026)
Host: Dr. Gerald Auger (Simply Cyber Media Group)
Theme: A practical and insightful breakdown of the day’s top cybersecurity news, focusing on actionable takeaways for SOC analysts, GRC professionals, and business leaders.
Episode Overview
Gerald Auger welcomes listeners to a packed, high-energy episode focusing on the cybersecurity stories shaping the industry—eight key threats and trends, each examined not just for what happened, but for what listeners should do differently or watchful for as a result. Mixing education, real-world advice, and community engagement, this edition covers everything from ransomware attack vectors and privacy policy pitfalls to Chrome extension abuse and evolving challenges in AI governance.
Key Stories & Insights
1. Ransomware Group ‘Crazy Gang’ Abuses Employee Monitoring Tools
[11:40]
- Story: Huntress researchers uncover that the Crazy Ransomware Gang is exploiting legitimate employee monitoring (“Net Monitor for employees”) and Simple Help remote support software to maintain persistence and prepare ransomware campaigns. Access was gained using stolen SSL VPN credentials—without multifactor authentication.
- Attack Techniques Used:
- Surveillance of employees by controlling screens and running commands
- Deployment of remote tools under disguised filenames
- Living-off-the-land (LOLBins) binaries for stealth and persistence
- Disabling Windows Defender to avoid detection
Auger’s Take:
"Any tool that can be used for legitimate business can be weaponized for crime... Like a gun can protect your home or be used for robbery." (13:07)
- Action Items:
- Require MFA on all internet-facing portals (esp. VPNs)
- Closely audit powerful remote admin tools for anomalous usage
- Monitor for suspicious PowerShell or administrative commands
- Set up alerts for actions like enabling dormant admin accounts
2. Nevada Rolls Out Statewide Data Classification Policy
[20:54]
- Story: After a major state incident, Nevada mandates that all agencies now label data as public, sensitive, confidential, or restricted, establishing uniform protection and paving the way for broader reforms like statewide SOC and mandatory MFA.
- Gerald's GRC Insight:
- Praises the move but warns: outside federal government/classified environments, “media marking” and data classification often fail in practice due to complexity and ambiguity.
“Implementing a media classification program is incredibly difficult... It will break down almost immediately.” (24:10)
- Predicts mislabeling and accidental leaks are inevitable, despite best intentions.
3. Mass Healthcare Breach by 'Chilean' Ransomware Gang
[28:43]
- Event: ApolloMD, a Georgia physician group, suffered a massive breach affecting 626,540 patients. Hackers had access for two days, stealing highly sensitive health and identity data.
- TTPs & Threat Actor Spotlight: The ‘Chilean’ gang is gaining momentum, particularly in healthcare and manufacturing.
- Advice:
- Study threat actors’ MITRE ATT&CK profiles and TTPs if maturity allows
- For smaller organizations: "Get the basics right—MFA and EDR everywhere."
"These guys were in there for two days... everybody went to work, went home, no idea." (33:42)
4. Weaponized Abandoned Outlook Add-In Used for Phishing
[34:29]
- Story: The ‘Agree To’ Outlook scheduling add-in, after being abandoned by its developer, was taken over by a threat actor who pushed a malicious update. The update stole 4,000+ credentials, including credit cards, via phishing pages embedded inside Outlook.
"This is a dimension of attack you should be aware of—abandoned projects picked up by criminals." (35:13)
- Key Insight/Awareness:
- Microsoft Marketplace (and others) lack ongoing review for dormant plugins
- Real risk: No notifications to users when a once-legit app is hijacked
- Immediate Action:
- Audit and uninstall ‘Agree To’ if present in your Office environment
- Use Microsoft 365 admin tools or registry queries to detect such add-ons
- Force credential updates for affected users
5. 0APT Ransomware Group: More Hype Than Hurt (So Far)
[46:05]
- Story: 0APT ransomware group claims hundreds of breaches in a week, but experts say it's mostly a publicity stunt to attract affiliates. Their code is real, but their claimed impact is likely grossly exaggerated.
"They're trying to look like the hot new [thing]... This reeks of young, inexperienced operators." (46:46)
- Takeaway: Don't overreact to hype; confirm TTPs and avoid giving oxygen to opportunistic threat actors.
6. Chrome Extensions Leak Browsing History to Dozens of Firms
[49:46]
- Research: Q Continuum finds 287 Chrome extensions—installed 37+ million times—secretly exfiltrate browser histories to companies like SEMrush, Alibaba, ByteDance. Many disclosures in privacy policies are vague or misleading.
"Your browsing history is worth a lot... It’s not hard to build a profile about you from this." (50:34)
- Advice:
- Educate users and audit extensions regularly
- Realize that even "legit" data brokers could enable extortion or blackmail if histories are sensitive
7. Windows 11 Notepad Flaw Allows Remote Code Execution via Markdown Links
[54:37]
- Vulnerability: Maliciously-crafted markdown links in Notepad could execute programs with user permissions, no warning—fixed in February Patch Tuesday.
"I’m stunned it took this long to figure out… Patch it now, because every user is potentially vulnerable." (55:12)
- Action: Patch immediately; be mindful of email/social engineering attacks using markdown files.
8. Joker Opt Phishing Kit Seller Arrested (Netherlands)
[58:22]
- Event: Dutch police arrest 21-year-old behind sale of the ‘Joker Opt’ phishing kit-as-a-service, responsible for $10M in global losses by automating voice phishing and 2FA bypass.
- Notable Quote:
"Good win for us, took three years to get this guy, but this was a robust business." (59:04)
- Key Point: Threat actors will exploit MFA weaknesses by targeting humans—not just systems.
Notable Quotes & Memorable Segments
- On MFA and VPN Security:
“Just put MFA on your VPN, broseph. What are you up to?” (12:41) - On Data Classification in Practice:
"I've only seen it [media marking] work once, in the federal government, and even that doesn’t work all the time." (26:16) - On Abandoned Add-Ins:
"Once a piece of software is in the Microsoft Store, there's no further review. That's why an abandoned project is dangerous." (35:13) - On Chrome Extension Privacy:
"We all think we're special, but your digital profile can be built frighteningly fast." (51:45) - On Social Engineering Risks:
“Dude, social engineering people’s wicked easy… here’s two tickets to the Masters, here’s nudes… click here.” (55:12)
Timestamps for Key Segments
- Crazy Gang abuses employee monitoring: [11:40]
- Nevada data classification policy: [20:54]
- ApolloMD healthcare breach: [28:43]
- Outlook ‘Agree To’ add-in compromised: [34:29]
- 0APT ‘stunt’ ransomware group: [46:05]
- Chrome extensions exfiltrate data: [49:46]
- Notepad RCE flaw: [54:37]
- Joker Opt phishing kit bust: [58:22]
Community, Humor, and Final Thoughts
- Midroll Lightheartedness:
Dan Reirdon’s custom meme of the week, featuring “mullet glory” and Olympic curling (44:00) - Continual shoutouts and “Welcome to the party, pal!” for new listeners throughout
- Practical Takeaways, Always:
Auger repeatedly circles back to: “Here’s what you should do differently, regardless of the product.” - GRC Mafia references for governance pros, and candid warnings about where theory and practice diverge
Bottom Line:
This episode arms listeners with fresh threat intelligence, practical action steps, and a reality check on the current landscape—where trust, hygiene, and quick response still beat panic or silver-bullet solutions.
For More:
Catch live episodes daily at 8AM ET at https://simplycyber.io/streams.
Full schedule and replays: https://simplycyber.io/schedule