Issue #186 - February 16, 2026
- Feb 16
- 2 min read
Supply Chain Attack Embeds Malware in Android Devices
Source: Dark Reading
Researchers found malware embedded at the Android firmware level through a supply chain compromise. The threat can copy itself into apps and then pull down additional payloads for ad fraud, browser hijacking, and other remote actions. The key risk is that users may receive devices or updates already compromised.
Flaws in popular VSCode extensions expose developers to attacks
Source: BleepingComputer
Multiple high and critical flaws in widely used Visual Studio Code extensions could let attackers steal local files or execute code, depending on the extension and exploit path. The story highlights how IDE plugins often run with deep access to a developer’s machine and can enable lateral movement into corporate environments.
Data Minimization Is Still an Underrated Security Control
Source: Data Breach Today
A practical argument for reducing the amount of sensitive data your business collects and stores. The piece explains that breaches are inevitable, but the impact is not: if you store less, retain it for less time, and restrict access, you reduce both attacker value and recovery costs.
npm’s Update to Harden Their Supply Chain, and Points to Consider
Source: The Hacker News
npm completed an authentication overhaul aimed at reducing package supply chain attacks, including moving away from long-lived classic tokens and pushing short-lived session approaches. The article emphasizes remaining gaps, like MFA phishing risk and optional security settings, and encourages stronger publishing protections and verifiable build practices.
Google Patches First Actively Exploited Chrome Zero-Day of 2026
SecurityWeek
Google shipped an emergency Chrome update for a high-severity vulnerability that it says has an exploit in the wild. The article outlines what was patched, why the flaw is serious, and the likely real-world risk: browser compromise paths that can enable session theft, data access, and follow-on attacks.