Daily Cyber Threat Brief Podcast

Host: Dr. Gerald Auger, Simply Cyber Media Group
Episode: 🔴 Feb 20’s Top Cyber News NOW! – Ep 1073
Date: February 20, 2026

Episode Overview

In today’s Daily Cyber Threat Brief, Dr. Gerald Auger delivers eight top cybersecurity news stories vital for industry professionals—from urgent federal patch mandates and novel AI-powered malware, to the latest in phishing kits, attack trends, and government responses to healthcare and financial breaches. He injects real-world analysis, practical takeaways, and community engagement, all in his candid and fast-paced style. The episode is live, unscripted, and packed with actionable advice, career tips, and plenty of community shoutouts.

Headlines & Key Insights

1. CISA Orders Emergency Patch for Dell Recover Point Flaw

[14:07]

• Details: CISA has ordered federal agencies to patch a maximum-severity Dell Recover Point vulnerability within three days, after active exploitations surfaced, attributed to a Chinese-linked threat group (UNC6201).
• Technical: The vulnerability involves hardcoded credentials, allowing deployment of malware such as ‘Grimbolt’ and the harder-to-analyze ‘Brickstorm’ backdoor.
• insights:
  • “Three-day turnaround for patch compliance is unusually fast in federal government—almost unprecedented.”
    — Dr. Auger, [17:49]
  • Suggests a sense of urgency akin to “an active Bonnie and Clyde running around robbing banks.”
  • Log retention likely makes full threat hunting for two-year-old exploits impossible, so focus efforts strategically.
  • Takeaway: Patch immediately and search for IOCs, but set realistic limits on historical threat hunting due to log constraints.

2. Android Malware Uses Google Gemini AI for Advanced Device Control

[21:51]

• Details: ESET reports ‘PromptSpy’—a malware using Gemini (Google’s AI) to interpret device UI, facilitating persistence and remote control.
• Capabilities: Natural language prompts enable automated actions, keeping the malware pinned in the recent apps and bypassing traditional detection.
• insights:
  • “AI will do whatever you ask it to do, and you can easily trick or dupe it into breaking through its guardrails.”
    — Dr. Auger, [22:47]
  • Early proof-of-concept, but it signals a trend in AI-assisted, contextually-smart malware, especially dangerous on touch-driven devices.
  • Takeaway: Monitor for unusual device behavior, especially with emerging malware using AI for UI navigation.

3. Nearly Half of All Cyber Attacks Now Start in the Browser

[28:26]

• Details: Palo Alto’s 2026 Global Incident Response Report attributes 48% of major attacks to browser-based vectors (phishing, links, spoofed sites).
• Recommendations: Use ad blockers, password managers, anonymous search engines, and regular patching.
• insights:
  • “The browser is the attack surface now. I’d argue it’s probably even higher than 50%.”
    — Dr. Auger, [29:09]
  • SaaS and web apps dominate both enterprise and personal usage, target-rich for attackers.
  • “Educate your end users. If you can centrally manage browser updates, do it.”
  • Takeaway: User education and technical controls (automatic browser updates, ad blockers) are critical first-line defenses.

4. ‘Starkiller’ Phishing Kit Bypasses MFA Using Man-in-the-Middle Proxies

[33:20]

• Details: New commercial phishing-as-a-service kit ‘Starkiller’ delivers real-time phishing sites using proxies, fully bypassing MFA by capturing session tokens.
• Technical: No static templates, evading standard detection; works by relaying real authentication to the target site invisibly.
• insights:
  • “They didn’t use the term, but this is man-in-the-middle. You’re giving attackers your password and your MFA as you log in.”
    — Dr. Auger, [34:36]
  • Session token theft is the end goal—passkeys won’t necessarily prevent compromise in this case.
  • “Everything I’ve said so far is protection… If you want detection, set up alerts for anomalous logins.”
  • Takeaway: User awareness for phishing remains top priority. Detection should focus on unusual logins, as technical controls alone are insufficient.

5. France’s National Bank Account Database Breached via Identity Theft

[47:01]

• Details: Attacker impersonated a civil servant to access FICOBA, the nationwide bank account registry; 1.2 million records were exposed.
• Impacts: Only metadata (not balances) leaked, but opens users to highly targeted phishing campaigns.
• insights:
  • “Threat actors are not breaking in, they are logging in. Identity is the new perimeter.”
    — Dr. Auger, [47:51]
  • Urges implementation of strict least privilege, conditional access, and rigorous monitoring of account activity.
  • Takeaway: Prioritize identity management and monitoring; treat privilege access as high risk.

6. ATM Jackpotting on the Rise: FBI Warns of Ploutus Malware

[51:11]

• Details: ATMs are being physically accessed by criminals (using legit service keys), swapping drives/installing malware to force machines to dispense cash.
• Technical: Ploutus malware exploits XFS API, is not remote “hacking”—requires physical breach.
• insights:
  • “If you get physical access to a computer, it’s game over. This isn’t just cyber—this is locks and keys.”
    — Dr. Auger, [51:54]
  • Takeaway: Strengthen physical security around critical infrastructure, not just digital defenses.

7. HHS to Review Third-Party Risk After Change Healthcare Mega-Breach

[55:40]

• Details: US Health & Human Services is ramping up scrutiny of vendor risk after Change Healthcare’s breach (lack of MFA on remote access was root cause).
• insights:
  • “Change Healthcare was the soft underbelly nobody was watching—crippled healthcare nationwide.”
    — Dr. Auger, [56:12]
  • Laments delays: “Third-party risk has been a thing since 2020. This is security theater.”
  • Prediction for agency recommendations:
    • Patch, implement MFA, strong passwords, BCP, account decommissions—"nothing new."
  • Takeaway: Proactively address vendor risk—don’t wait for regulation.

8. Android ‘MASSIVE’ Banking Malware Disguised as IPTV App

[61:25]

• Details: ‘MASV’ banking trojan uses overlays and keylogging to steal credentials, targets the Portuguese government’s digital ID app, among others.
• insights:
  • “If you try to download a free streaming app to avoid subscription fees, criminals are going to steal your money. News at 11.”
    — Dr. Auger, [62:14]
  • Educate users in plain language—avoid technical jargon for non-technical audiences.
  • Takeaway: Warn users—don’t sideload apps. The risk is financial loss, not just privacy.

Community & Career Sections

CPE Credits & Community Engagement

[00:01, Throughout]

• Regulars and newcomers welcomed; half a CPE per episode (screenshot evidence suffices for certifying bodies).
• “You could get up to 120 continuing professional education credits a year for $0—just by showing up.”
  — Dr. Auger, [04:24]

James McQuiggin’s Dad Jokes (Friday Segment)

[41:16]

• “What do you get when you cross an angry sheep with an angry cow? Two animals in a bad mood.”
• “Why did the farmer try to make it in music after a bad harvest? Because they had sick beets!”
• “Why is running a dating service for chickens a bad idea? Because you’ll struggle to make hens meet.”
• “He stores dad jokes in his dad-a-base.”
  — Dr. Auger

Jawjacking: Career Q&A and Personal Advice

[Post-Show, ~63:40+]

• Tips on breaking into cyber without going broke—plenty of free online and community resources (e.g. John Strand’s Cyber Security Foundations course, Simply Cyber Academy).
• Networking supersedes technical merit for career advancement:
  • “Business America is not a meritocracy. Work hard, build relationships, and network—it matters.”
• Cyber mentors and women-in-cyber orgs recommended (WiCyS).
• “AI skills are the new hotness—prompt engineering is dead; skills are in.”

Notable Quotes

• “Active exploit—three days to patch in government is unheard of. It’s an emergency.” — [17:49]
• “AI will do whatever you ask. Malware is already using it—this is only going to accelerate.” — [22:47]
• “Educate users. If you think you’re smart getting free IPTV, you’ll lose more from a drained bank account.” — [62:14]
• “Physical security matters as much as digital—if a criminal gets your ATM’s hard drive, it’s over.” — [51:54]
• “Identity is the new perimeter. Threat actors are logging in, not breaking in.” — [47:51]
• “Third-party risk isn’t new—don’t wait for a government report to lock down your SaaS supply chain.” — [56:40]

Important Timestamps

• CISA Dell Patch Emergency: [14:07–21:51]
• AI-powered Android Malware: [21:51–28:26]
• Browser Attack Trends: [28:26–33:20]
• Starkiller MFA Bypass Kit: [33:20–40:32]
• France Bank Data Breach: [47:01–51:11]
• ATM Jackpotting: [51:11–55:40]
• HHS & Third-Party Risk: [55:40–61:25]
• Android MASV Malware: [61:25–62:14]
• Midroll / Dad Jokes: [41:16]
• Jawjacking / Career Advice: [Post Show, ~63:40+]

Episode Tone & Language

Dr. Auger brings a fast-moving, candid “real talk” style—equal parts expert and mentor. He’s energetic, occasionally sarcastic, and supportive of new and veteran community members alike. Practicality, wit, and a sense of humor (including dad jokes) balance the technical content. The posture is inclusive, frequently encouraging participation, and quick to point users to free resources and communal support within cybersecurity.

Final Takeaways

• Patch fast, hunt smart—respond to new threats using practical, risk-based priorities.
• AI-enabled malware is here and escalating—expect adaptation in attack tactics.
• Browser and identity remain the soft underbelly—user awareness is mandatory.
• Community, continuing learning, and networking are crucial for career resilience.
• Don’t neglect physical security, vendor dependencies, or good old-fashioned logs and monitoring.

For the Simply Cyber community, the best defense and the best career move is always: Stay engaged, stay educated, stay secure. See you next episode!