Stormcast Report Highlights Recent Cyber Threats and Vulnerabilities

The Stormcast of February 18, 2026, from the Internet Storm Center highlights several recent threats and vulnerabilities. A phishing campaign targets MetaMask users through a fake emergency email urging them to activate two-factor authentication (2FA), unrelated to any vulnerability in MetaMask. Kaspersky documents a backdoor named Kinado preinstalled in the firmware of certain Android devices, introduced during the production phase. A vulnerability in Apache NiFi (a Java-based data processing tool) allows bypassing access restrictions to components, even with required permissions. Palo Alto Unit 42 demonstrates a technique of abusing large language models (LLM) to generate phishing pages via JavaScript code, exploiting the trust placed in sites hosting these models. Finally, Apple announces the addition of end-to-end encryption (E2E) for RCS (the successor to SMS) in the beta version of iOS/iPadOS 26.4, slated for an upcoming release.