CISO Daily Brief: Major Data Breach, Critical Vulnerabilities, and Android Banking Malware – February 19, 2026

Today’s cybersecurity landscape presents several high-impact developments that require CISO attention. From a major fintech data breach to critical vulnerabilities in widely used devices and software, the risks span operational, regulatory, and reputational domains. This briefing distills the most urgent items and provides actionable steps to help you prepare your organization and leadership for board-level discussions.

Top Items CISOs Should Care About (Priority)

Data breach at fintech firm Figure affects nearly 1 million accounts

• What happened: Fintech company Figure suffered a data breach impacting nearly one million accounts, exposing sensitive financial data.
• Why it matters: This incident carries significant regulatory, reputational, and board-level risk due to the scale and sensitivity of the data involved.
• What to verify internally:
  • Exposure to Figure as a vendor, partner, or service provider
  • Controls over sensitive customer and financial data
  • Incident response and notification procedures
  • Regulatory reporting readiness
• Exec questions to prepare for:
  • Are we directly or indirectly exposed to Figure’s services or data?
  • How do we monitor for third-party breaches affecting our ecosystem?
  • What is our plan for customer notification and regulatory compliance?
  • What lessons can we apply from this incident?
• Sample CISO response: We are reviewing our exposure to Figure and validating our controls for sensitive data. Our incident response and regulatory teams are on alert for any related developments.

Fake IPTV Apps Spread Massiv Android Malware Targeting Mobile Banking Users

• What happened: Malicious IPTV apps are distributing a new Android banking malware called 'Massiv', targeting mobile banking users at scale.
• Why it matters: This campaign poses a high threat to financial assets and brand trust, especially for organizations with mobile banking users or apps.
• What to verify internally:
  • Mobile device management and malware detection coverage
  • Employee and customer awareness of malicious apps
  • Monitoring for suspicious banking app activity
  • Incident response playbooks for mobile threats
• Exec questions to prepare for:
  • Are our mobile users or customers at risk?
  • How do we detect and respond to mobile malware?
  • What is our communication plan for affected users?
  • Are our mobile apps protected against similar threats?
• Sample CISO response: We are increasing monitoring for mobile malware and reinforcing user education on app downloads. Our mobile security controls are under review for potential gaps.

Critical infra Honeywell CCTVs vulnerable to auth bypass flaw

• What happened: A critical authentication bypass vulnerability was discovered in Honeywell CCTV systems used in critical infrastructure environments.
• Why it matters: Exploitation could allow unauthorized access to surveillance systems, posing operational and regulatory risks.
• What to verify internally:
  • Inventory of Honeywell CCTV deployments
  • Patch and firmware update status
  • Network segmentation and access controls
  • Monitoring for unauthorized access attempts
• Exec questions to prepare for:
  • Do we use affected Honeywell CCTV systems?
  • Have we applied the latest patches or mitigations?
  • What is our exposure if these systems are compromised?
  • Are we meeting regulatory requirements for critical infrastructure?
• Sample CISO response: We are assessing our CCTV inventory and ensuring all critical systems are patched or isolated. Additional monitoring is in place for unauthorized access.

Critical Flaws Found in Four VS Code Extensions with Over 125 Million Installs

• What happened: Four popular Visual Studio Code extensions with over 125 million installs were found to have critical vulnerabilities.
• Why it matters: These flaws pose a significant risk to the software supply chain and could impact enterprise development environments.
• What to verify internally:
  • Usage of affected VS Code extensions among developers
  • Patch and update status for developer tools
  • Supply chain risk management practices
  • Monitoring for suspicious development activity
• Exec questions to prepare for:
  • Are our developers using these vulnerable extensions?
  • How do we manage risks from third-party development tools?
  • What is our process for rapid patching in the development environment?
  • Could this impact our software supply chain?
• Sample CISO response: We are auditing our developer environments for affected extensions and accelerating patching. Supply chain security controls are being reviewed.

Grandstream GXP1600 VoIP Phones Exposed to Unauthenticated Remote Code Execution

• What happened: A critical remote code execution vulnerability was disclosed in Grandstream GXP1600 VoIP phones, allowing attackers to compromise devices without authentication.
• Why it matters: This flaw could disrupt communications and enable lateral movement within enterprise networks.
• What to verify internally:
  • Inventory of Grandstream VoIP phones
  • Patch and firmware update status
  • Network segmentation for VoIP devices
  • Monitoring for abnormal VoIP traffic
• Exec questions to prepare for:
  • Are we using affected VoIP devices?
  • Have we applied the necessary patches?
  • What is our risk if these devices are compromised?
  • How do we isolate VoIP infrastructure from critical systems?
• Sample CISO response: We are identifying and patching vulnerable VoIP devices and reviewing network segmentation to limit potential impact.

Telegram channels expose rapid weaponization of SmarterMail flaws

• What happened: Threat actors are rapidly exploiting SmarterMail vulnerabilities, as evidenced by activity on Telegram channels.
• Why it matters: This increases the risk of email system compromise and potential data loss.
• What to verify internally:
  • Use of SmarterMail or similar platforms
  • Patch and update status for email systems
  • Monitoring for suspicious email activity
  • Incident response readiness for email compromise
• Exec questions to prepare for:
  • Are our email systems vulnerable?
  • What is our patching cadence for email infrastructure?
  • How do we detect and respond to email compromise?
  • What is our backup and recovery plan for email data?
• Sample CISO response: We are confirming our email systems are patched and monitoring for signs of compromise. Incident response plans are updated for rapid action.

Notable Items

• CRESCENTHARVEST Campaign Targets Iran Protest Supporters With RAT Malware: Ongoing nation-state campaign relevant for geopolitical threat awareness.
• AI platforms can be abused for stealthy malware communication: Emerging threat vector for AI and cloud environments.
• Microsoft says bug causes Copilot to summarize confidential emails: Confidentiality bug in AI assistant impacting sensitive data.

CISO Action Checklist Today

• Assess exposure to Figure data breach and validate third-party risk management controls
• Review mobile security posture and reinforce user education on malicious apps
• Inventory and patch Honeywell CCTV and Grandstream VoIP devices
• Audit developer environments for vulnerable VS Code extensions and update as needed
• Verify patch status and monitoring for SmarterMail and other email platforms
• Ensure incident response plans are current for data breaches and mobile threats
• Review network segmentation for OT, VoIP, and surveillance systems
• Monitor for abnormal activity across mobile, email, and developer environments
• Prepare executive communications and regulatory reporting templates
• Stay informed on emerging threats in AI, nation-state, and cloud environments