SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Wednesday, February 18th, 2026: IR Phishing; Neenadu Android Backdoor; NiFi Bugs; LLMs Phishing; Encrypted RCS
10 snips
Feb 18, 2026 A phishing campaign faking incident reports to trick MetaMask users into reset actions. Discovery of an Android firmware backdoor linking multiple botnets and supply-chain risks. An Apache NiFi authorization bug that can expose cloud data pipelines. Research showing LLMs can generate real-time phishing JavaScript. Apple adds end-to-end encrypted RCS but broad adoption remains a hurdle.
AI Snips
Chapters
Transcript
Episode notes
Verify Crypto Wallet Alerts Before Acting
- Do treat phishing that claims urgent crypto incidents as fraudulent unless verified through official channels.
- Do avoid clicking links in unexpected wallet-security emails and check vendor communications directly.
Malicious Firmware Introduced During Builds
- Kaspersky documented Android devices shipped with a preinstalled backdoor added during firmware builds.
- Johannes Ulrich described how compromised production-line systems can install malicious firmware at scale.
NiFi Risks From Casual Cloud Deployments
- Exposed NiFi instances often result from cloud deployments by data teams without security awareness.
- Treat NiFi as a sensitive admin service that should not be Internet-exposed.