Feb 19, 2026

Email 1:

Subject: Risky Bulletin: Supply chain attack plants backdoor on Android tablets

Summary:

– Supply chain attack discovered planting backdoors (Keenadu) in Android tablet firmware from multiple manufacturers, including Alldocube.

– Backdoor embedded in the Android Zygote process; extremely persistent and stealthy.

– Keenadu remains dormant for ~2.5 months before contacting command and control servers to download additional modules.

– Modules perform ad-click fraud, browser hijacking, and unwanted app installation.

– Keenadu linked to previous malware families Triada, Vo1d, and BADBOX. Likely a threat actor cluster specializing in implanting malicious code during firmware development.

– Estimated infections exceed 13,000 devices, possibly much higher.

– Kaspersky warns credential theft may be imminent as the malware matures.

– Additional news highlights: data leak at Abu Dhabi Finance Week event exposing passport and ID scans of 700+ attendees (including notable politicians and billionaires); ransomware attacks on South African Land Bank and Tulsa airport; multiple WhatsApp takeovers in Armenia; privacy and tech regulatory updates from EU and Apple.

---

Email 2:

Subject: ID documents for billionaires and top politicians at Abu Dhabi conference were exposed online

Summary:

– Over 700 passports and identity cards from Abu Dhabi Finance Week attendees exposed on an unsecured cloud server, including identities of high-profile individuals like former UK PM David Cameron and US politician Anthony Scaramucci.

– Discovery made by security researcher Roni Suchowski; server secured after media was contacted.

– Amnesty International reports Angola journalist hacked by spyware from Intellexa via WhatsApp links in 2024. Spyware wiped after reboot but initial infection demonstrated.

– Polish police arrested a Phobos ransomware affiliate involved in ransomware and data theft operations as part of Europol’s Operation Aetor.

– Mandiant and Google researchers disclose exploitation of critical Dell RecoverPoint zero-day vulnerability by Chinese APT group UNC6201 deploying new “Grimbolt” malware allowing root-level persistence on VMware infrastructure.

– Spanish police arrested a man exploiting a hotel booking site vulnerability to reserve luxury rooms for as little as one cent.

– Australian fintech YouX suffered a massive breach exposing data of over 600,000 loan applicants and other personal information.

– Kaspersky reveals Keenadu Android firmware backdoor infection on thousands of devices across multiple tablet manufacturers traced to a supply chain compromise during firmware build.

– Crypto wallet phishing scam alert involving physical mails impersonating Trezor and Ledger wallet makers to steal recovery phrases.

---

Email 3:

Subject: Chinese threat actor exploits maximum-severity Dell zero-day | The CyberWire 2.18.26s

Summary:

– Chinese APT group UNC6201 actively exploiting critical hardcoded credential vulnerability (CVE-2026-22769) in Dell RecoverPoint for Virtual Machines since mid-2024.

– Vulnerability allows unauthenticated remote attackers root-level access and persistence.

– Dell issued remediation guidance; Google published detection and response steps for incident responders.

– Microsoft patches a bug in 365 Copilot that caused confidential emails to be summarized, potentially violating data loss prevention policies.

– New malware campaign “CRESCENTHARVEST” targets Iranian protesters and dissidents with malware distributed as fake protest-related media files.

– Spanish court orders ProtonVPN and NordVPN to block IP addresses linked to illegal football streaming sites following a suit by LaLiga and Telefónica, though VPN providers raise due process concerns.

---

Email 4:

Subject: New Android Malware Found on Thousands of Devices

Summary:

– Newly discovered Android malware has infected thousands of devices, including embedded backdoors in firmware as reported in parallel by Kaspersky.

– Dell RecoverPoint zero-day vulnerability actively exploited by Chinese hackers highlighted again.

– Palo Alto Networks announces acquisition of Israeli startup Koi Security for $400 million, aiming to enhance AI endpoint security and control malicious AI agents.

– Research reveals vulnerabilities in popular cloud-based password managers that could leak credentials if cloud servers are compromised.

– Other ongoing cybersecurity trends and updates include password manager flaws, industrial control system threats, increased supply chain attacks, and new analysis tools.

– Emphasis on modernizing security in the era of AI-driven software and attacks.

---

These summaries reflect the key cybersecurity incidents, vulnerabilities, threat actor activities, and industry trends reported in the provided emails as of February 2026.

Stay Well!