👉 What’s trending in cybersecurity today?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

Get BlueSleuth-Lite

🚨 Cyber Alerts

1. SmartLoader Uses Fake Oura Server

Researchers have uncovered a new SmartLoader campaign that distributes a compromised version of an Oura Health Model Context Protocol server to infect users with the StealC information stealer. By creating a deceptive network of fake GitHub accounts and repositories, threat actors are leveraging the growing popularity of AI integration tools to steal sensitive data and cryptocurrency credentials.

2. Bogus Security Report Phishing Scam

Attackers are deploying a deceptive phishing campaign that utilizes a fake PDF incident report hosted on Amazon Web Services to manipulate users. By fabricating reports of unusual login activity, the scheme attempts to pressure victims into enabling two-factor authentication through a fraudulent interface.

3. Notepad++ Fixes Hijacked Updater

Notepad++ has addressed a sophisticated supply chain attack by a Chinese threat group that exploited the software’s update process to deliver targeted malware. The latest release introduces a double-verification system that validates both the update server response and the installer file to ensure total integrity.

For more alerts click here!

RSVP Here

💥 Cyber Incidents

4. DavaIndia Pharmacy Data Breach

DavaIndia Pharmacy recently suffered a significant security breach that compromised customer order details and granted unauthorized individuals full administrative access to their internal systems. The vulnerability was discovered by a security researcher who identified an exposed subdomain that allowed anyone to bypass authentication and control sensitive backend functions.

5. youX Confirms Major Data Breach

A prominent member of a hacking forum has taken credit for a cyberattack on the Australian fintech company youX, which may have impacted hundreds of thousands of people. The company confirmed the unauthorized access and is currently working with regulators to notify affected individuals whose personal and financial data was exposed.

6. Figure Discloses Phishing Data Breach

Figure recently disclosed a security breach resulting from a social engineering attack that targeted one of its employees. The company is currently investigating the incident and has begun notifying affected individuals while providing credit monitoring services.

For more incidents click here!

Get Help

📢 Cyber News

7. Man Arrested Over Police Data Leak

Dutch authorities arrested a forty-year-old man in Ridderkerk after he downloaded confidential police files sent to him by mistake and attempted to extort the department for their deletion. Although the files were sent via an accidental download link, officials maintain that the suspect committed computer trespassing by knowingly accessing and retaining data not intended for him.

8. California AG Announces $2.75M Disney Deal

California Attorney General Rob Bonta has reached a 2.75 million dollar settlement with the Walt Disney Company following allegations that it failed to honor consumer requests to opt out of data sharing. The settlement requires Disney to overhaul its privacy systems to ensure that a single opt-out request effectively applies to all devices and services linked to a user’s account.

9. Google Links Russian Actor to CANFAIL

A newly discovered hacking group linked to Russian intelligence is actively targeting Ukrainian infrastructure with a specialized malware strain called CANFAIL. While initially focused on government and military sectors, the group has expanded its reach to include aerospace, nuclear research, and international humanitarian organizations.

For more news click here!

Click Here

📈Cyber Stocks

Cybersecurity stocks on Wednesday, 18 February 2026 reflected ongoing pressure across tech sectors, with major names like Palo Alto Networks reacting sharply to earnings and guidance news.

• Palo Alto Networks Inc closed most recently at around 163.50 dollars and was lower on Wednesday, weighed by weak forward guidance after strong earnings performance, contributing to a sharp intraday decline.

• CrowdStrike Holdings Inc was recently at about 395.50 dollars and likely traded lower with sector weakness, reflecting rotation out of high-beta endpoint and cloud security stocks.

• Okta Inc recently traded near mid-80s dollars and was pressured by broader tech softness, with identity/security equities under pressure amid risk-off flows.

• Zscaler Inc stood near ~170-180 dollars and likely softened, with zero-trust cloud security equities tracking general tech moves.

• Fortinet Inc last available prices were near ~82-85 dollars and remained under mixed pressure, with hardware/secure networking names lagging.

💡 Cyber Tip

📝 Notepad++ Fixes Hijacked Updater

Notepad++ has released version 8.9.2 to address a prior supply chain attack that abused its update mechanism to deliver targeted malware. The new release introduces a double-verification design that validates both the update server response and the installer’s digital signature, preventing execution of tampered files.

🛠️ What You Should Do

• Upgrade immediately to Notepad++ version 8.9.2 or later

• Verify downloads originate from the official project website

• Avoid third-party mirrors or unofficial update channels

• Ensure digital signature validation is enabled

• Monitor systems for unexpected update behavior

⚠️ Why This Matters
Compromised update systems are a high-impact supply chain risk. By strengthening signature validation and reducing updater attack surface, Notepad++ closes a pathway attackers previously used to deliver stealthy backdoors to targeted users.

Visit BookClub

📚 Cyber Book

The Age of Surveillance Capitalism by Shoshana Zuboff

Get Book

Copyright © 2026 CyberMaterial. All Rights Reserved.

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium