Latest Internet & Cybersecurity News
Microsoft February 2026 Patch Tuesday Fixes Six Actively Exploited Zero-Days
Microsoft released updates addressing 60 vulnerabilities, including six actively exploited zero-days like CVE-2026-21510, CVE-2026-21513, and CVE-2026-21525 in Windows components. Experts urge immediate patching as these bypass protections and enable attacks via malicious attachments or denial-of-service.
SAP also issued 27 notes with two critical flaws.
Chinese Cyberspies UNC3886 Infiltrate Singapore's Major Telcos
China-linked group UNC3886 exploited zero-day firewall vulnerabilities to access Singapore's four largest telecoms, deploying rootkits for persistence. Attackers exfiltrated technical network data for reconnaissance but no customer data was stolen, thanks to national response.
This highlights ongoing state-sponsored espionage in telecoms.
Ivanti EPMM Critical Vulnerabilities Exploited by Threat Groups
Threat actors used CVE-2026-1281 and CVE-2026-1340 for unauthenticated RCE on Ivanti Endpoint Manager Mobile, exposing employee data. Governments and others are targeted in widespread attacks.
Exposed data includes names, emails, and phone numbers.
New Ransomware Group 0APT Claims 90+ Victims in Days
Emerging ransomware 0APT surged with 91 claimed victims in two days, targeting transportation, tech, and finance sectors. Activity spike raises suspicions of credibility, exceeding even top groups like Qilin.
Victims reported rapidly in early February 2026.
Odyssey Stealer Targets macOS Users Worldwide
Infostealer malware Odyssey Stealer surges globally via fake CAPTCHA pages, expanding from US, France, Spain to North America, Latin America, Europe, Asia, and Africa. Deployed through social engineering to steal information from macOS systems.
Threat actors use it for broad data theft campaigns.
La Sapienza University Hit by Major Cyberattack
Europe's largest university, La Sapienza in Rome, suffered IT disruption from cyberattack, shutting down networks. Attackers exfiltrated 45 GB of student/staff data including IDs, health records, diplomas, and finances.
Recovery ongoing with task force formed.
Bitsight Launches Dark Web Intelligence for Supply Chains
Bitsight introduced real-time dark web monitoring for supply chain threats, mapping to third-party exposures for early warnings. Helps security teams prioritize risks across vendor ecosystems.
Announced February 10, 2026.
Vectra AI Report: Cyber Resilience Lags in AI Era
2026 State of Threat Detection report shows security teams lack confidence in detecting threats despite AI investments. Gaps persist in visibility and response, stalling resilience.
Highlights need for better risk signals.
Palo Alto Networks Completes CyberArk Acquisition
Palo Alto Networks acquired CyberArk to extend privilege security to all identities, including AI, reducing breach response time by 80%. Addresses identity-based attacks in AI era.
Enhances platform for human, machine, AI controls.
CISA Alerts on OT Vulnerabilities After Poland Energy Attack
CISA issued alerts on operational technology flaws following attack on Poland energy sector damaging RTUs and wiping HMI data. Urges patching critical OT systems.
Part of broader industrial cyber threats.
Citi Warns of Multi-Trillion Dollar Quantum Cyber Threat
Quantum attacks on systems like Fedwire could risk $2-3.3 trillion US GDP via 'harvest now, decrypt later'. High-risk sectors include finance, healthcare, energy.
Calls for massive cryptography upgrade.
AI Agent Platform Exposes 1.5M Tokens in Misconfiguration
Database leak reveals 1.5 million API tokens and 35,000 emails; vulnerable to prompt injection and dominated by bots, scams. 88:1 bot-to-human ratio signals 'Dead Internet' risks.
Agents can be weaponized for data exfiltration.