Cyber Briefing: 2026.02.20
ClickFix spreads MIMICRAT, VoIP zero-day enables eavesdropping, Gemini-powered malware emerges, hospitals and chip firms hit, global scam arrests surge.
👉 What are the latest cybersecurity alerts, incidents, and news?
Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please Subscribe
🚨 Cyber Alerts
1. ClickFix Uses Hacked Sites For MIMICRAT
Security researchers have uncovered a sophisticated ClickFix campaign that hijacks legitimate websites to infect users with a novel remote access trojan known as MIMICRAT. By tricking visitors into running malicious PowerShell commands under the guise of fake browser verification prompts, attackers gain deep system access for potential data theft or ransomware deployment.
2. Grandstream VoIP Flaw Enables Eavesdropping
A critical security flaw in Grandstream GXP1600 series VoIP phones allows remote attackers to gain full root access without needing any login credentials. This vulnerability, which is tracked as CVE-2026-2329, enables hackers to silently intercept calls and eavesdrop on private business communications.
3. PromptSpy Abuses Gemini For Persistence
Researchers have identified PromptSpy, the first Android malware to utilize Google’s Gemini AI to maintain persistence on infected devices. This malware leverages generative AI to analyze screen layouts and receive real-time instructions for navigating system interfaces to prevent its own closure or removal.
For more alerts click here!
💥 Cyber Incidents
4. Hackers Stole 2 Quadrillion Bytes
Israel now ranks as one of the top three most targeted nations for cyber warfare globally according to national authorities. In recent years, hackers have successfully breached two petabytes of sensitive data, a volume equivalent to the entire contents of the National Library of Israel multiplied one hundred times.
5. Cyberattack Shuts UMMC Clinics
The University of Mississippi Medical Center has suspended clinic operations and canceled appointments following a cybersecurity attack that disabled its statewide computer systems. While urgent care and emergency services remain available through manual paper-based protocols, officials are working with federal agencies to secure patient data and restore the network.
6. Japanese Chip Supplier Hit By Ransomware
Advantest, a major Japanese provider of semiconductor testing tools, is currently investigating a ransomware attack that compromised parts of its corporate network. After detecting suspicious activity over the weekend, the company disabled affected systems and is working with cybersecurity specialists to determine the full scope of the breach.
For more incidents click here!
📢 Cyber News
7. Africa Scam Crackdown Nets 651 Arrests
Sixteen African nations collaborated in an international crackdown on cybercrime known as Operation Red Card 2.0, resulting in 651 arrests and the recovery of over 4.3 million dollars. The two-month mission dismantled criminal networks responsible for massive financial losses through investment scams, mobile money fraud, and malicious loan applications.
8. Ukrainian Gets 5 Years In IT Fraud Case
A 29-year-old Ukrainian man received a five-year prison sentence for managing a sophisticated identity theft operation that helped North Korean IT workers secure jobs at American companies. By stealing the identities of U.S. citizens and creating remote laptop farms, the defendant facilitated the funneling of significant employment earnings back to the North Korean regime to support its weapons programs.
9. FBI Reports 1,900 ATM Jackpotting Incidents
The FBI has issued a warning regarding a significant rise in ATM jackpotting, noting that over twenty million dollars was stolen in 2025 alone. These attacks involve criminals physically tampering with machines to install malware that forces the hardware to dispense cash without requiring a bank card or account authorization.
For more news click here!
📈Cyber Stocks
Cybersecurity stocks on Friday, 20 February 2026 reflected continued recalibration across the software sector, as investors balanced resilient enterprise security demand against earnings-driven volatility and valuation sensitivity.
Zscaler Inc was around ~167.33 dollars and slightly softer, reflecting rotation in cloud security valuations.
Fortinet Inc closed near ~81.67 dollars and was modestly higher, outperforming some peers on the day amid defensive security interest.
Check Point Software Technologies Ltd. was about ~180.91 dollars and slightly lower, with defensive firewall and threat prevention names under pressure.
SentinelOne Inc traded near ~13.22 dollars and was modestly softer, as smaller AI-focused endpoint security equities reflected risk-off flows.
Rapid7 Inc was around ~10.81 dollars and lower, in line with mid-cap cybersecurity rotation.
💡 Cyber Tip
🖥️ ClickFix Uses Hacked Sites to Deploy MIMICRAT
Researchers have uncovered a ClickFix campaign that compromises legitimate websites to deliver a new remote access trojan called MIMICRAT. Victims are shown fake browser verification or Cloudflare-style prompts and tricked into pasting malicious PowerShell commands, triggering a multi-stage infection that disables defenses and installs the RAT.
🛠️ What You Should Do
Never copy and paste commands from website popups or verification pages
Monitor for unusual PowerShell execution and security control tampering
Enable logging for AMSI and script activity
Block outbound traffic to unknown command-and-control domains
Train users to recognize fake CAPTCHA and browser error lures
⚠️ Why This Matters
This attack blends social engineering with in-memory execution and encrypted command traffic. Once MIMICRAT is installed, attackers gain deep remote control, creating a pathway for data theft, lateral movement, or ransomware deployment.
📚 Cyber Book
American Surveillance: Intelligence, Privacy, and the Fourth Amendment by Anthony Gregory
Copyright © 2026 CyberMaterial. All Rights Reserved.
Follow CyberMaterial on:
Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium