Daily Cyber Threat Brief – Ep 1071 (February 18, 2026)

Host: Dr. Gerald Auger (Simply Cyber Media Group)
Main Theme:
A high-energy daily rundown of the top cybersecurity news, blending serious analysis, practical takeaways, and a welcoming, community-driven vibe. Dr. Auger not only distills key headlines but also provides actionable insights for practitioners, students, and those seeking to advance in cybersecurity.
Community Notes:

• Interactive and supportive chat engagement is a hallmark.
• First-timers are enthusiastically welcomed.
• Mix of technical depth, career advice, and light-hearted moments.

Key Stories & Insights

1. Iranian Anti-Government Protesters Targeted with Surveillance Malware

[12:51]

• Summary: Iranian authorities are distributing a new espionage malware ("Crescent Harvest") via real protest-related content, targeting supporters of anti-government protests for surveillance.
• Impact & Analysis:
  • Classic authoritarian tactic: using digital infiltration to unmask, organize against, and suppress dissenters.
  • Malware acts as info-stealer and RAT, grabbing credentials, browser history, Telegram info, and more.
  • Delivery mechanism exploits trust in shared media among protestors—"people are going to install whatever you tell them because they think that you're part of the revolution." – Dr. Auger [15:48]
• Takeaway:
  • Surveillance and repression tactics extend beyond authoritarian regimes; any government could deploy such strategies.
  • Lesson: "This can happen anywhere… It's a leverage of power." – Dr. Auger [16:23]
  • Need for secure communications among activists and awareness of targeted campaigns.
  • Memorable moment: Dr. Auger reflects on global implications and risks of similar operations in US, UK, Ghana, etc. [16:39]

2. UK Gov Launches “Lock the Door” Cybersecurity Campaign

[17:41]

• Summary: In response to 82% of UK businesses suffering cyber incidents last year (but low Cyber Essentials uptake), the government is rolling out a PSA campaign targeting SMEs, offering readiness checks and resources.
• Analysis & Commentary:
  • Dr. Auger criticizes the lack of detail—what does “leave the door open” mean in practice? Is it MFA, open RDP ports?
  • Highlights fatigue over similar stats: "We spend tons of time trying to convince Carl in accounting not to click on dumb stuff... This is why we have a job." [19:09]
  • Questions real-world effectiveness: “The business isn’t listening to the people they pay to secure them, so why would they listen to the government with PSAs?”
  • Notable quote & moment:
    “This could result in better outcomes for the private sector. In the 1980s, it was considered very uncool to wear your seatbelt ... but a government campaign made it cool. So, these things can actually change behavior if done right.” [23:17]
• Takeaway:
  • Raising collective security maturity remains a persistent challenge.
  • Smart, well-executed public campaigns can shift behaviors—if they land culturally.

3. Kenyan Presidential Candidate’s Phone Hacked with Cellebrite

[25:04]

• Summary: Citizen Lab report shows Kenyan authorities used Cellebrite to unlock and exfiltrate data from activist Boniface Mwangi’s phone following his arrest. Evidence included plans for his presidential run.
• Analysis:
  • Cellebrite is legal tech enabling law enforcement to unlock phones—raises concern about political abuse of surveillance tools.
  • "People in power will abuse power... This is why a massive surveillance network for 'good' can be weaponized." – Dr. Auger [26:36]
  • Cites similar incidents globally, e.g., Catalan region candidacy surveillance.
  • On Apple’s lockdown mode: May hinder tools like Cellebrite, but not infallible; adds friction for high-risk users.
• Takeaway:
  • Political and activist figures face heightened risk of surveillance and should consider advanced device protections.
  • Public/press scrutiny needed on how forensics and surveillance tools are wielded.

4. Pentagon Considers Anthropic AI as a Supply Chain Risk

[30:15]

• Summary: Pentagon is mulling labeling Anthropic (AI company) a supply chain risk—would ban its LLMs (the only ones cleared for classified work)—because company resists use in mass surveillance and autonomous weapons.
• Analysis & Commentary:
  • Dr. Auger frames this as a veiled threat to Anthropic due to refusal to "bend the knee" to government demands.
  • Points out inconsistency: “If Anthropic is a supply chain risk, explain to me how OpenAI isn’t?” [31:18]
  • Emphasizes massive entanglement between the U.S. military and its suppliers—hard to “untangle,” used as leverage.
  • Memorable quote:
    “Straight cash, homie. That means they have tons of money. And when the largest employer threatens to cut you off, you bend the knee.” [32:37]
• Takeaway:
  • AI’s dual-use nature complicates government/industry relationships—policy, ethics, commercial interests collide.

5. [MIDROLL] Community Engagement—Wayback Wednesday & Q&A

[35:05–40:53]

• Segment:
  • Nostalgic look at vintage tech toys and games (e.g., ‘80s football handhelds).
  • Fun, lighthearted moment to bring the community together.
  • Newcomers encouraged to participate (“la la la la la la la” chat spam).
• Memorable Moment:
  “We’ve come a long way, baby. Moby said it best… Or Fatboy Slim said it best.” [38:40]

6. Identity-based Attacks Dominate Threat Landscape—Unit 42 Report

[40:53]

• Summary:
  • 2/3 of all initial network intrusions exploited identity (via social engineering, compromised credentials, poor identity policies, insider threats); only 22% from vulnerability exploits.
  • Median payment for financially motivated attacks up 87%—~$500K.
• Analysis:
  • “Threat actors aren’t breaking in—they’re logging in.” [41:01]
    Dr. Auger: “Identity is the new perimeter. Period. Full stop.” [41:57]
  • Reiterates basic controls: enforce MFA, strong offboarding, monitor identity events, user education.
  • Warns about AI-driven mass-scale social engineering (deep fakes, 24/7 calling)—recommends code words for family.
  • Notable quote:
    “If you take out the first step, steps 2, 3, 4, 5, 6… don’t happen.” [43:07]
• Takeaway:
  • Prioritize identity protections; break the attack chain early.
  • Prepare for aggressive social engineering at AI scale in 2026.

7. Dutch Man Arrested for Refusing to Delete Confidential Police Files

[48:39]

• Summary:
  • Accidentally sent secret files by Dutch police; recipient refuses to delete unless compensated—police arrest him.
• Analysis:
  • Honest mistake by officer; recipient’s leverage attempt promptly shut down.
  • Compares scenario to someone receiving accidental funds from a bank—you don’t get to keep them.
  • “What a [jerk]... I’m sorry, this is a family show.” [49:18]
• Takeaway:
  • Be cautious sending sensitive docs/links.
  • Law enforcement treated the event as criminal trespass, making an example.

8. Android Devices Shipping with Preinstalled Malware (“Kinadu”)

[52:22]

• Summary:
  • Kaspersky found over 13,000 devices (various OEMs) with “Kinadu” malware embedded via over-the-air updates, third-party stores, even Google Play. Victims in Brazil, Germany, Japan, Netherlands, Russia. Used for ad fraud but can act as a full backdoor.
• Analysis:
  • “These Android devices are coming prepackaged with malware. This is a supply chain attack.” [53:13]
  • Device will not activate malware if language or timezone is Chinese—implying Chinese operators (logic bomb).
  • Uses ad fraud now, but infrastructure could enable wider abuse.
• Takeaway:
  • Avoid ultra-cheap, no-name Android devices; stick to trusted brands.
  • Supply chain security continues to be a massive threat in low-cost electronics.

9. Polish Police Arrest Alleged Brain Behind Phobos Ransomware-as-a-Service

[56:57]

• Summary:
  • Arrest in Poland of 47-year-old suspected key Phobos actor as part of a Europol operation—seized evidence of recent attacks.
  • Phobos linked to over 1,000 global breaches, $16m in ransom since 2024.
• Analysis:
  • Applauds law enforcement: “When you get the 47-year-old guy who’s the brain, that's not rebranding—you've cut the head off the snake.” [57:37]
• Takeaway:
  • Arresting real individuals, not just disrupting infrastructure, is key to curbing ransomware.

10. Apple Beta Brings Encrypted RCS and Stronger Memory Protections

[59:36]

• Summary:
  • iOS 26.4 beta introduces encrypted RCS texts (currently Android-to-Android only), extended memory integrity protections against spyware.
• Analysis:
  • Apple continues privacy-first approach, though some concessions in China/UK.
  • For blue-bubble elitists ("Apple vs. Android"): RCS encryption is closing the message privacy gap.
  • Links to expert Matt Johansen for deeper dive [60:19].
• Takeaway:
  • Secure cross-platform messaging improves, but feature rollout still fragmented.

Notable Quotes & Moments

• On persistent user issues:
  “This is why some of us self-medicate when we get home from work—we are running into this wall over and over and over again.” – Dr. Auger [21:01]
• On identity attacks:
  “Threat actors are not breaking in, they're logging in.” [41:32]

Community Q&A, Career Tips, and Closing Segments

[60:50 onward]

• Q&A included:
  • Prepper tablet discussion: Dr. Auger describes assembling an offline cyber “survival” kit, including Wikipedia, Google Maps, field medicine, and the Gutenberg Project. "If we get kicked off the Internet permanently, I worry for my children, honestly." [62:08]
  • Advice for starting in cyber at 35: “There’s no age limit—cyber as a second career is common.” [70:27]
  • Breaking into blue team, presenting detection rules, using SBAR format (Situation-Background-Assessment-Recommendation) for reports.
  • Community projects, including a vulnerability scanner & attestation registry for AI tools.
• Career, well-being, and self-improvement are frequent undercurrents.

Episode Flow & Atmosphere

• Fast pace, rich with analogies and references: From the "Catalina wine mixer" to comparing MFA to putting up alligators in the moat.
• Highly interactive: Frequent callouts to chat, sponsorships, and celebratory encouragement for community milestones (jobs, college acceptances).
• Encourages documentation for CPE credits: “Every single episode of the Daily Cyber Threat Brief is worth half a CPE…grab a screenshot…assemble an evidence trail.” [00:56]

Timestamps Reference Guide

| Segment | Start Time | | --- | --- | | Anti-Government Protesters Targeted | [12:51] | | UK “Lock the Door” Campaign | [17:41] | | Cellebrite & Kenya | [25:04] | | Pentagon vs. Anthropic | [30:15] | | Identity-Based Attacks | [40:53] | | Dutch Police Data Mishap | [48:39] | | Kinadu Android Malware | [52:22] | | Phobos Ransomware Arrest | [56:57] | | Apple RCS & Security | [59:36] | | Q&A & Community | [60:50+] |

Summary Takeaways for Listeners/Newcomers

• Stay alert for targeted, state-backed surveillance (domestic and abroad).
• Identity is the new network perimeter—pivot your defenses accordingly.
• Supply chain, both in AI and hardware, becomes an ever more critical attack surface.
• Community questions and career tips are as valuable as headline breakdowns.
• The show’s mix of levity, real talk, and actionable advice makes it unique.

For cyber pros and newbies alike, Dr. Auger’s podcast provides a daily shot of wisdom, practical perspective, technical learning, and community spirit.