Daily Cyber Threat Brief Podcast – Ep 1072 Summary

Date: February 19, 2026
Host: Dr. Gerald Auger (Simply Cyber Media Group)
Co-host/Jawjacking Host: Eric Taylor
Main Theme:
This episode delivers the day’s top cybersecurity headlines, offering expert insight, community engagement, and actionable discussion targeting industry insiders, analysts, and business leaders. Dr. Auger breaks down technical news into lessons on risk, governance, and practical defense while blending humor and encouragement for cyber practitioners and newcomers alike.

Episode Highlights

Warm-Up & Housekeeping (00:01–12:07)

• Community Building:

  • Welcomes first timers. Encourages community participation:

    “If you're a first timer here... drop a hashtag first timer in chat. I want you to know this is a safe, awesome spot.” (03:27)

  • Jokes about technical gremlins, memes, and missing coffee.

• CPE Credits:

  • Podcast participation = 0.5 CPE per episode by engaging in chat and screenshots.

• Sponsors and Promotions:

  • Sponsors are explained as critical to the show:

    “The channel has to be funded... the sponsors help.” (06:29)

  • Mentions security product sponsors (Material Security, ThreatLocker, Conveyor, Flare).

• Theme Segment:

  • Thursday = “What's Your Meme?” day featuring creative memes by Dan “Haircut Fish” Reardon.

Key News Stories & Discussions

[12:07] Microsoft Copilot Summarizes Confidential Emails

• Summary:
  A bug in Microsoft 365 Copilot was found summarizing confidential emails, sidestepping sensitivity labels and DLP policies.

• Analysis:

  • Dr. Auger evaluates the risk: “Did it just summarize within the context of the viewer? Or save it offline, ingest into training data?” (13:00)
  • Data governance and legal implications discussed.
  • Uses “toothpaste out of the tube” metaphor for irreversibility:

    “All the toothpaste is out of the tube already.” (13:00)

  • Advocates for data-layer security in the age of AI:

    “We’re not really doing a lot at the data layer... if some processing happens that’s outside our environment, then that’s a problem.” (16:40)

• Key Takeaway:
  AI features introduce new risks—evaluate what systems and data you expose to them.

[17:48] Shiny Hunters Group Claims CarGurus Breach

• Summary:
  Shiny Hunters claim theft of 1.7M corporate records from CarGurus, threatening data leak.

• Analysis:

  • Dr. Auger details Shiny Hunters’ modus operandi:

    “Voice phishing to obtain single sign-on codes from Okta, Microsoft, Google users... they're not breaking in, they’re logging in.” (18:31)

  • Major lesson: Threat actors increasingly use legitimate credentials.
  • Calls for robust detection based on abnormal behavior, not just intrusion:

    “If you’re still ... looking for next hacksaw attack, you should be looking for that. But... look for conditional access, inconsistent patterns.” (21:00)

  • Reiterates least privilege (NIST AC-6) as vital:

    “Least privilege, my guy. When a new person starts... don't give them 30 years of accumulated access!” (23:37)

• Key Takeaway:
  Modern breaches often exploit login, not break-in—focus on identity monitoring and least privilege.

[24:50] Texas Sues TP-Link Over Router Security

• Summary:
  Texas alleges TP-Link routers, manufactured in China, enable exploitation by state actors.

• Analysis:

  • Dr. Auger questions the technical merit vs. political theatre:

    “We can definitively look at firmware... so we can tell if this is true or not. Now what I think is happening is political.” (29:29)

  • Raises hardware trustworthiness vs. global manufacturing.

• Key Takeaway:
  Scrutiny of supply chain security is increasing, but technical evaluation should drive conclusions—not just politics.

[31:34] Honeywell CCTV Severe Auth Bypass Vulnerability

• Summary:
  A 9.8 severity flaw allows account hijacking and camera access via an unprotected API.

• Analysis:

  • Dr. Auger riffs on “CCTV = supposed to be closed circuit,”

    “This is supposed to be off-network... Not anymore.” (32:14)

  • Discusses real threats: not just voyeurism, but internal footholds in flat networks.
  • Stresses: “Usability vs. security is a slider—public IPs make devices easy, but not safe.” (34:57)
  • Default credentials remain a widespread risk.

• Key Takeaway:
  Always segment IoT devices and never expose them directly to the internet.

[45:40] Fraudster Hacks Hotel Booking Site to Pay $0.01 per Night

• Summary:
  Spanish police arrest a man exploiting a payment system flaw for near-free luxury stays.

• Analysis:

  • Dr. Auger flashes back to early web days and the need for server-side validation:

    “You would just change the price in the source code... there was no validation. People were wholesale stealing.” (47:00)

  • This incident shows payment logic must be enforced at the backend, not the frontend.

• Key Takeaway:
  Payment system validation must be server-side to defend against tampering.

[49:45] Crescent Harvest Malware Targets Iran Protest Supporters

• Summary:
  A campaign uses RATs hidden in protest media to surveil supporters and activists.

• Analysis:

  • Documents recurring state-backed surveillance in authoritarian regimes.
  • Echoes previous episode’s report on similar activist targeting.

• Key Takeaway:
  Dissidents globally face advanced malware; secure communications and device hardening are critical.

[52:46] Dell RecoverPoint for VMs – Hardcoded Credential Exploited (Zero-Day)

• Summary:
  Mandiant and Google report a hardcoded credential flaw exploited by a China-linked group, yielding root access and persistence.

• Analysis:

  • “Hardcoded credential that allows remote access... gross.” (53:19)
  • Only impacts orgs using Dell RecoverPoint for VMs (backup for VMware).
  • Urgent for defenders: Hunt for IOCs if this tech is in use.

• Key Takeaway:
  Critical to patch promptly and hunt for compromise if using the affected Dell solution.

[58:02] FBI Misrepresented Facts in Georgia Election Systems Raid

• Summary:
  A court is told the FBI affidavit for a high-profile election office raid was based on mischaracterized and outdated claims.

• Analysis:

  • Dr. Auger expresses frustration at political overtones and lack of true cybersecurity depth:

    “This is 99.8% not a cyber story and absolutely a political story.” (58:58)

• Key Takeaway:
  Not every “cyber” headline is truly about technical security—don’t get distracted by noise.

Community Q&A & Jawjacking Highlights (65:22–90:29)

Host: Eric Taylor (“Jawjacking” co-host, Barricade Cyber Solutions)

• OBS/Stream Setup:
  Engages with the community about his streaming and technical setup.

• Imposter Syndrome & Career Growth:
  Addresses questions about making mistakes after years in a role:

  “We all make mistakes... The thing you must always remember is to make sure you learn from your mistakes.” (73:24)

• Getting into Digital Forensics:
  Suggestion:

  “Get to be a system admin, network admin. You're looking in logs a lot... If you find interest in literally digging in logs, digital forensics may be for you.” (75:40)

• Mount Rushmore of Cybersecurity:
  Rather than individuals, Eric follows strong organizations (Mandiant, Unit 42, Red Canary).

• Recent Notable Threat Actors:
  Calls out 0apt for attention-seeking tactics and Ransom ISAC for contributing threat intel.

• Tool Mention:
  Endorses OpenCTI as a threat intelligence aggregator.

Notable Quotes

• Dr. Gerald Auger (AI/Confidential Data):

  “The AI got access to these emails... Did [the org] even want co-pilot to have access to things? ... I want people to be thinking about those type of issues with AI.” (16:40)

• Dr. Gerald Auger (On Shiny Hunters TTPs):

  “Threat actors are not breaking in, they’re logging in.” (21:00)

• Dr. Gerald Auger (IoT Security):

  “Security is on one side, usability on the other... the more usable, the less secure.” (34:57)

• Eric Taylor (Mistakes in Cyber):

  “To err is human... If you're not learning from your mistakes, you're not growing.” (73:24)

Important Timestamps

• 00:01–07:47 – Community welcome, CPE credits, intros
• 12:07 – Microsoft Copilot email leak
• 17:48 – Shiny Hunters/CarGurus breach
• 24:50 – Texas sues TP-Link
• 31:34 – Honeywell CCTV vuln.
• 45:40 – Hotel fraud hack
• 49:45 – Crescent Harvest Iranian dissident malware
• 52:46 – Dell RecoverPoint zero-day exploited
• 58:02 – FBI/election raid affidavit
• 65:22–90:29 – Jawjacking: Q&A, career guidance, threat actor talk

Final Thoughts

The episode provided both solid technical news breakdowns and practical risk mitigations, especially regarding AI security, credential theft, supply chain risk, and IoT exposures. The informal, community-driven style, peppered with humor and pop-culture nods, makes for an inclusive and energetic daily cyber run-down.

Key Takeaways:

• Monitor AI feature integration with sensitivity to data exposure.
• Credentials, not exploits, are increasingly the attack vector of choice.
• Supply-chain and IoT risks abound—segment, patch, and monitor.
• Community support and continual learning are core to cyber resilience.

For full community engagement and bonus content, tune in live at 8 AM ET or participate in chat at https://simplycyber.io/streams.