Zero-Days, Shiny Hunters, and the Texas Throwdown

Show Notes

On today's episode of Cyber Scoops & Digital Shenanigans, host Mike Housch breaks down ten stories rattling the security world this week — from a Chrome zero-day already being exploited in the wild and a Chinese espionage group quietly living inside Dell infrastructure for 18 months, to ShinyHunters going car shopping at CarGurus and Texas AG Ken Paxton picking a legal fight with TP-Link over alleged CCP ties. It's a packed house — buckle up.

Transcript

Hey everybody, welcome back to Cyber Scoops & Digital Shenanigans it's been awhile, I took a little break, but I'm back and I'm ready to dig into the week's cybersecurity news without putting you to sleep. I'm your host, Mike Housch, and today is February 19th, 2026.

We have got a loaded show today. Ten stories. Zero-days, Chinese state espionage, AI agent security drama, a massive European rail data breach, ShinyHunters causing chaos again, and — in what might be my personal favorite headline of the week — Texas picking a legal fight with a router company over alleged ties to the Chinese Communist Party. I love this industry, I genuinely do.

Let's not waste any time. Let's get into it.

Alright, we are kicking off today with everyone's favorite browser and our very first actively exploited Chrome zero-day of 2026. Google pushed out an emergency patch on February 13th for CVE-2026-2441 — a high-severity use-after-free vulnerability in Chrome's CSS handling.

Now, for those of you who are not neck-deep in vulnerability research, a use-after-free bug means the browser is referencing memory that has already been freed. That creates a window for attackers to potentially execute arbitrary code inside the browser's sandbox — all by pointing a victim at a specially crafted web page. No clicks needed beyond showing up to the wrong URL.

The vulnerability was discovered and responsibly reported by security researcher Shaheen Fazim on February 11th, and Google had a patch out within two days. I want to acknowledge that — two days from report to patch is genuinely fast. But here's the problem: it was already being exploited in the wild before the patch dropped.

The fix landed in Chrome 145.0.7632.75 and .76 for Windows and Mac, and 144.0.7559.75 for Linux. If you haven't updated yet, I need you to stop what you're doing, open Chrome, go to the three-dot menu, go to Help, go to About Google Chrome, let it update, and restart the browser. I'll be here when you get back.

And look — this is the first Chrome zero-day of 2026. But in 2025, Google patched eight actively exploited Chrome zero-days. Eight. So statistically speaking, this is just the opening act. Keep patching, keep your auto-update enabled, and for the love of all things holy, don't run a Chrome version that's more than a few weeks old in a managed enterprise environment. Your endpoint team will thank you.

Next up — the return of the device code phishing campaign, and this time it's coming with new tooling and it is absolutely surging.

So let me walk you through how this works, because it's clever. OAuth 2.0 has a flow called the device authorization grant. It was designed for situations where you're trying to log into something with limited input capability — think a smart TV or a gaming console. You get a code, you go to a verification page, you type in the code, and you're authenticated.

Attackers have figured out how to weaponize this. They generate the device code themselves, then — through phishing, vishing, or social engineering — they convince the victim to go to Microsoft's legitimate verification page and enter that code. The moment the victim does that, the attacker receives a valid access token. No password required. MFA is completely bypassed. And because the whole transaction happens on Microsoft's own infrastructure, it looks and feels legitimate.

What's turbocharging this campaign right now is the tooling. There's SquarePhish2 — an updated phishing framework that uses QR codes to automate the device authorization flow. And then there's Graphish — a free phishing kit being shared on underground forums that supports adversary-in-the-middle attacks and OAuth authorization abuse. Both tools are designed to be accessible to attackers with limited technical skill. When you commoditize an attack technique, adoption explodes.

A suspected Russia-aligned group being tracked as UNK_AcademicFlare has been running this campaign since September 2025, and they're targeting government entities, think tanks, higher education, and transportation sectors across the U.S. and Europe. They're also using compromised email accounts from government and military organizations to send the initial lures — making them significantly more convincing.

Here's the hard truth: this is one of those attacks where traditional technical controls won't save you on their own. User awareness matters here. But more importantly — if your identity and access management team hasn't looked at restricting or tightly monitoring device code authentication flows in your Entra ID environment, that conversation needs to happen today. Conditional access policies, blocking device code flows for users who genuinely don't need them, anomaly detection on OAuth token issuance — these are the controls to prioritize. Don't wait for your SOC to catch this after the fact.

Alright, let's take a detour into the AI agent security space, because this is a story that's going to keep growing.

If you haven't heard of OpenClaw — welcome back from wherever you've been. This is the open-source AI agent framework that went viral in late 2025. It racked up over 190,000 GitHub stars, making it the 21st most popular code repository ever posted to GitHub. What made it explosive was accessibility — it lets you spin up AI agents and interact with them through WhatsApp, Slack, Discord, iMessage, and most major messaging platforms. Earlier this month, OpenAI CEO Sam Altman announced that OpenClaw's founder is joining OpenAI, and OpenClaw will continue as an open-source project under a foundation with OpenAI's support. Big deal.

But here's the cybersecurity subplot that should be on every security team's radar: OpenClaw has significant unresolved security issues. Infostealers are actively targeting OpenClaw AI agent configuration files and gateway tokens. There's a documented flaw enabling AI log poisoning — a prompt injection variant where an attacker can corrupt the agent's memory or decision-making process by poisoning its log data. This is not theoretical. These are active exploits in the wild.

In response, Adversa AI has launched SecureClaw — an open-source security plugin and skill for OpenClaw environments. It has 55 audit checks covering security conditions across an OpenClaw installation, mapped to all 10 categories of the OWASP Agentic Security Initiative Top 10. It's structured as two components: a plugin for automated hardening and auditing integrated into OpenClaw's plugin system, and a skill with rule definitions that runs alongside agents.

Here's my take: the AI agent ecosystem is moving at a pace that is genuinely outrunning security. Adoption is happening faster than anyone has had time to think through attack surfaces. Log poisoning, prompt injection, configuration theft, token hijacking — these are novel threat categories that traditional security tooling was not designed to catch. SecureClaw is a step in the right direction. If your organization is experimenting with OpenClaw — or any AI agent framework — make sure your security team is in that conversation before something goes sideways.

Okay, this next one is the kind of story that gives enterprise security teams a quiet existential crisis. Researchers at Novee — a penetration testing startup that came out of stealth in January 2026 with over $51 million in funding — have disclosed more than a dozen vulnerabilities in popular PDF platforms from Foxit and Apryse.

The vulnerability types are a nice representative sample of what can go wrong: DOM-based cross-site scripting through remote configuration and message handlers, server-side request forgery with data exfiltration channels, path traversal in backend collaboration services, and OS command injection within PDF SDK components.

Now here's what makes this story genuinely alarming beyond just "patch your PDF software." These PDF viewers are embedded in authenticated applications everywhere. Enterprise document management platforms. Legal technology tools. HR systems. E-signature workflows. Finance platforms. And the researchers demonstrated that in scenarios where a PDF viewer is embedded inside an authenticated app — which is incredibly common — a single malicious PDF, or even just a crafted link, is sufficient to achieve exploitation under a trusted origin.

We're talking account takeover. Persistent cross-user compromise — meaning a payload can survive page refreshes and potentially affect other users. And in some scenarios, backend remote code execution. A document your employee opens in your document management system could be the entry point for a full compromise.

Both Foxit and Apryse have patched the reported vulnerabilities after responsible disclosure, which is the good news. But think about the broader implication: how many third-party applications in your environment have an embedded PDF rendering component? How often are those third-party components on your patch management radar?

Make sure your Foxit and Apryse integrations are on the latest versions. And if your security team is not doing regular assessments of embedded document processing components in enterprise SaaS tools — this is your motivation to start.

Now THIS one is a proper espionage story. Get comfortable.

Mandiant and Google Cloud Threat Intelligence have published detailed research on a threat actor designated UNC6201 — a suspected China-nexus cyberespionage group — that has been quietly exploiting a critical zero-day in Dell RecoverPoint for Virtual Machines since at least mid-2024. The vulnerability is CVE-2026-22769. CVSS score: 10.0. A perfect ten. Maximum severity. Full house in bad news poker.

What's the flaw? Hardcoded admin credentials for the Apache Tomcat Manager. Attackers can leverage those hardcoded creds to deploy malicious WAR files — which are Java web application archives — directly onto the appliance. From there, UNC6201 deployed a web shell called SLAYSTYLE to maintain persistent access.

But it gets more sophisticated. The group deployed two backdoors: BRICKSTORM and its successor, GRIMBOLT, which replaced BRICKSTORM starting in September 2025. These aren't simple callback implants — they're stealthy, long-term persistence mechanisms designed to blend into enterprise infrastructure.

And here's the tradecraft detail that really stood out to me: Mandiant observed UNC6201 using what they're calling "Ghost NICs" — phantom network interfaces created within VMware virtual infrastructure — for stealthy network pivoting that doesn't trigger normal detection mechanisms. They also used iptables for Single Packet Authorization. This is patient, methodical, well-resourced espionage. They're not smashing and grabbing. They're setting up camp for the long term.

Timeline: mid-2024 through now. That's roughly 18 months of undetected access in targeted environments. Mandiant says fewer than a dozen known organizations were affected, so this was precision targeting, not broad exploitation.

If your environment runs Dell RecoverPoint for Virtual Machines — and many enterprises run it for disaster recovery and VM replication — patch CVE-2026-22769 immediately and then go hunting for indicators of compromise. BRICKSTORM, GRIMBOLT, and SLAYSTYLE IOCs are publicly available from Mandiant. Don't just patch and move on. Assume breach and go looking.

From state-sponsored espionage to a good old-fashioned criminal data breach — let's talk about Eurail.

The European rail pass company confirmed a breach back in mid-January 2026, and the situation has been deteriorating since. Attackers accessed systems storing basic customer identity and contact information — but also passport data. And for individuals who received a DiscoverEU pass, the exposed data can include passport copies, health data, and bank account numbers. Health data and bank account numbers. From a rail pass company. Nobody woke up this morning expecting that sentence.

The attackers claim to have stolen approximately 1.3 terabytes of data from Amazon Web Services S3 buckets, Zendesk, and GitLab instances. The stolen dataset has been posted to the dark web via a Telegram channel, with sample data already shared publicly as proof of authenticity. The claimed dataset contains multiple database files with between 50,000 and 17 million records each, with the attackers claiming 100 million total lines of raw data.

And in a move that surprises absolutely no one familiar with the extortion playbook, the hackers announced on their Telegram channel that negotiations with Eurail have failed. Quote: "If the company would like to prevent publication or sale of this data, they can resume negotiation." Unquote. Lovely people.

The GDPR implications here are going to be significant. We're potentially talking about millions of EU residents whose passport copies, health information, and financial data were sitting in cloud storage and are now being shopped on the dark web. Eurail has a regulatory reckoning coming on top of the reputational damage.

If you've used a Eurail pass — monitor your credit, be alert for identity-based fraud, and watch for phishing attempts using your travel history as social engineering bait.

Our friends ShinyHunters are back in the news. This time, they've allegedly driven off with 1.7 million CarGurus records. I appreciate the automotive metaphor here, even if it's entirely accidental.

ShinyHunters posted CarGurus on their leak site on Wednesday, claiming to have 1.7 million corporate records containing personally identifiable information and internal corporate data. They gave CarGurus a deadline of February 20th — which is tomorrow from when we're recording this — to respond, or the data starts leaking.

CarGurus has not confirmed the breach. But the context here is what I want to emphasize: this is the latest in a string of 15 breaches claimed by ShinyHunters and an affiliated group called Scattered Lapsus$ Hunters since the beginning of 2026 alone. Investment firms Mercer Advisors and Beacon Pointe Advisors, Canada Goose, Figure Technology Solutions — they have been on an absolute tear to start this year.

ShinyHunters, for anyone new to the podcast — these are not amateurs. They're one of the most prolific and well-documented cybercriminal groups operating today. Their claims tend to have credibility. This isn't some random account posting noise.

If CarGurus is a business partner, if you have an account on their platform, if any of your organization's vehicles are listed there — watch this space. And if you're a CISO and you have vendors in your third-party ecosystem who might be on ShinyHunters' radar, now is a good time to ask some pointed questions about their security posture.

Alright, let's get into some legal and policy theater, because this one is entertaining on multiple levels. Texas Attorney General Ken Paxton has filed suit against TP-Link Systems, alleging that the company's networking devices allow the Chinese Communist Party to access Americans' devices. Paxton's office announced this is the first of several lawsuits planned against what they're calling "China-aligned companies."

The allegations include some spicy specifics. The suit claims TP-Link markets its devices as "Made in Vietnam" while Vietnam-sourced components account for less than one percent of the devices' actual parts. Final assembly happens in Vietnam, but the vast majority of components come from China. The AG is calling that deceptive marketing under Texas consumer protection law.

The suit also alleges that TP-Link's mobile applications collect personal data without proper informed consent, and that because TP-Link is subject to PRC national intelligence laws — which legally compel Chinese firms to cooperate with Chinese intelligence services — American consumer networking data is effectively accessible to Beijing.

TP-Link fired back. A spokesperson called the lawsuit "without merit and will be proven false," noting that TP-Link Systems Inc. is an independent American company with core operations in the U.S. and that all U.S. user networking data is stored on Amazon Web Services servers.

Here's the interesting subplot: at the federal level, a proposed ban on TP-Link routers has apparently been shelved. So Texas is going it alone here. Whether this specific lawsuit has legs legally is a question for the lawyers. But the broader policy question — about consumer networking equipment, supply chain integrity, and the intersection of Chinese corporate law and American data privacy — is absolutely legitimate, and this conversation is not going away.

Quick one before we hit our final story. HackerOne updated its AI policy this week after security researchers raised serious concerns about a pretty fundamental question: are my vulnerability submissions being used to train AI models?

That's a reasonable thing to worry about. Bug hunters submit highly detailed, technically sensitive vulnerability data to these platforms. The idea that it might be fed into AI training pipelines without consent is legitimately alarming to the researcher community. And frankly, it's the kind of thing that could erode trust in the entire bug bounty ecosystem if not addressed clearly.

HackerOne's updated policy is explicit: they do not train generative AI models — internally or through third parties — on researcher submissions or customer confidential data. Third-party AI providers are explicitly prohibited from retaining or using researcher data for their own training. Their agentic AI system called Hai was described this way: "You are not inputs to our models. Hai is designed to complement your work, not replace it."

HackerOne also formalized a Good Faith AI Research Safe Harbor — a new opt-in framework establishing legal protections for researchers testing AI systems. Because AI testing often involves techniques that don't fit into traditional vulnerability disclosure frameworks, creating legal ambiguity and potential liability for researchers. The new Safe Harbor is designed to address that gap.

I think the transparency here is good. Researchers have every right to demand clarity on how their work is being used. And the broader question of AI training data provenance and consent is one that every platform handling sensitive research data should be thinking through carefully. HackerOne responded. That matters.

Alright, closing out today's show with what is, for my money, the most technically creative story of the week. Microsoft has disclosed a new variant of ClickFix attacks — and this one is using DNS as a payload delivery channel.

Let me back up for anyone not familiar with ClickFix. It's a social engineering technique where victims are tricked into running malicious commands on their own machines. The classic version presents a fake error message or a fake CAPTCHA that says "to fix this issue, press Windows+R and paste this command." The victim does it, and the attacker's payload executes. It's been a highly effective attack vector for the past couple of years because it hands execution to the victim themselves, bypassing a lot of endpoint controls.

Classic ClickFix attacks pull their payloads over HTTP using mshta or PowerShell commands. But security tools have gotten substantially better at catching those. So the attackers evolved.

In the new variant documented by Microsoft, victims are instructed to run an nslookup command — pointing at an attacker-controlled DNS server rather than the system's default resolver. The DNS server returns a query response that contains a malicious PowerShell script embedded in the output fields. That script gets executed, which downloads a ZIP archive containing a Python runtime and malicious scripts. The malware establishes persistence by creating a startup shortcut, and the final payload is ModeloRAT — a remote access trojan that gives the attacker ongoing command-and-control access to the compromised system.

Why DNS? A few reasons. DNS traffic is ubiquitous and tends to be less scrutinized by security tools than HTTP requests. DNS responses can be modified on the fly, letting attackers change their payloads without changing the initial command the victim runs. And because it blends in with normal DNS activity, it's significantly harder to detect on the wire.

The defensive lesson here: DNS monitoring and anomaly detection needs to be part of your security stack. If you're not logging DNS traffic, analyzing query patterns, and detecting unexpected outbound DNS to external resolvers, you're blind to a growing class of attacks. Your DNS data is one of the most underutilized threat intelligence sources in the enterprise. Start using it.

Alright, that is a wrap on today's episode of Cyber Scoops & Digital Shenanigans. We covered a lot of ground — a Chrome zero-day already being exploited in the wild, OAuth device code vishing surging with new tooling, AI agent security falling behind OpenClaw's explosive growth, PDF platforms with account takeover vulnerabilities baked in, a CVSS-10 Chinese espionage campaign hiding in Dell disaster recovery infrastructure for eighteen months, a European rail data breach with passport and health data on the dark web, ShinyHunters adding CarGurus to a growing list of alleged victims, Texas going legal on TP-Link over CCP ties, HackerOne cleaning up its AI policy after researcher backlash, and threat actors using DNS traffic to smuggle PowerShell payloads past your security stack.

As always, all source articles will be in the show notes. If you found today's episode valuable, share it with a colleague who needs it — and there's always someone who needs it — leave a review, and for the love of everything, patch your Chrome browser.

I'm Mike Housch. Stay patched, stay paranoid, and I'll catch you next time on Cyber Scoops & Digital Shenanigans.