Weekly Cybersecurity Roundups Covering Breaches, Zero-Days, and AI-Driven Threats
Two weekly “roundup” articles summarized a broad set of security developments rather than a single incident. Reported items included data breaches (e.g., PayPal, SpyX, California Cryobank), active exploitation of multiple vulnerabilities (including a Google Chrome 0-day and critical issues in products such as BeyondTrust, Ivanti EPMM, Splunk Enterprise, and Windows Admin Center), and ransomware activity (e.g., Hellcat reportedly breaching Ascom’s ticketing infrastructure and exfiltrating ~44GB of data). The digest also highlighted availability risk via a reported Cloudflare global outage attributed to a cascading password-rotation failure.
The week-in-review content also mixed security news with interviews and tool/project updates, including discussion of the evolving CISO role amid agentic AI, the release of REMnux v8 (malware analysis distro) with AI integration, and commentary on “harvest now, decrypt later” quantum risk. It additionally referenced separate security headlines such as a firmware-level Android backdoor on tablets and a Dell zero-day reportedly exploited since 2024, but did not provide a unified, single-event narrative across the items.
Timeline
Feb 22, 2026
Notepad++ hardens update channel after prior hijack
Notepad++ implemented update-channel hardening measures following an earlier hijack incident. The change was reported as a supply-chain and software ecosystem security improvement.
Feb 22, 2026
Phobos ransomware affiliate arrested
A Phobos ransomware affiliate was arrested, marking a notable law enforcement action against ransomware operators. The arrest was included in the week's cybercrime developments.
Feb 22, 2026
INTERPOL-backed Operation Red Card 2.0 results announced
Authorities announced arrests and asset recoveries tied to Operation Red Card 2.0, an INTERPOL-backed law enforcement effort. The operation was cited as a significant cybercrime enforcement development.
Feb 22, 2026
France's FICOBA registry breach affects 1.2 million accounts
A breach of France's FICOBA bank account registry was reported to have affected 1.2 million accounts. The incident was included among the week's major data security events.
Feb 22, 2026
Firmware-level Android backdoor found on tablets
Researchers reported a firmware-level Android backdoor called Keenadu on tablets. The finding was highlighted as a major security story in the week's roundup.
Feb 22, 2026
Critical Grandstream VoIP flaw CVE-2026-2329 reported
A critical vulnerability affecting Grandstream VoIP phones, CVE-2026-2329, was disclosed in weekly security coverage. The issue was highlighted as a notable newly reported enterprise risk.
Feb 22, 2026
Dell zero-day CVE-2026-22769 publicly reported
Public reporting identified the long-running Dell RecoverPoint for VMs zero-day as CVE-2026-22769 and linked it to suspected China-nexus exploitation. The disclosure established that exploitation had been occurring since 2024.
Feb 22, 2026
Chrome zero-day CVE-2026-2441 disclosed as in-the-wild exploit
A Google Chrome zero-day, tracked as CVE-2026-2441, was reported as being exploited in the wild. It was listed among the week's most important vulnerability developments.
Feb 16, 2026
BeyondTrust appliance RCE exploitation observed in the wild
Attackers actively exploited a critical BeyondTrust appliance remote code execution flaw using malformed WebSocket remoteVersion values. GreyNoise reported that 83% of observed attempts were attributed to IP address 193.24.123.42.
Feb 16, 2026
Actor compromises 600+ FortiGate devices using generative AI services
A financially motivated threat actor used multiple commercial generative AI services in operations that compromised more than 600 FortiGate devices. The activity was highlighted in the weekly digest as a significant threat development.
Feb 16, 2026
Ascom breached via stolen Jira credentials
Hellcat ransomware actors breached Ascom using stolen Jira credentials and exfiltrated 44GB of data. The intrusion was reported as one of the week's notable ransomware incidents.
Feb 16, 2026
Cloudflare suffers six-hour global outage
Cloudflare experienced a six-hour global outage caused by a cascading password rotation failure. The incident was included among the major events in the February 16–22, 2026 weekly digest.
Jan 1, 2024
Dell RecoverPoint zero-day exploitation began
A suspected China-linked threat actor began exploiting a zero-day in Dell RecoverPoint for VMs, later tracked as CVE-2026-22769. The roundup says the activity had been ongoing since 2024.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Vulnerabilities
Threat Actors
Organizations
Sources
Related Stories
Weekly Cybersecurity Roundups Highlighting New Vulnerabilities and Incidents
Multiple outlets published **weekly cybersecurity roundups** summarizing a mix of vulnerability disclosures, ransomware/breach reporting, and policy developments rather than a single discrete incident. TechTarget highlighted a surge in reported vulnerabilities (citing **48,000+ new CVEs in 2025**) and called out several high-impact issues, including a **critical ServiceNow weakness** tied to weak authentication in the legacy *Virtual Agent* chatbot that became more dangerous when paired with agentic AI (*Now Assist*), potentially enabling impersonation and **admin-level access** into connected enterprise systems. Other roundup coverage aggregated unrelated security events across sectors. Sherpa Intelligence’s “Five for Friday” compiled items including ransomware claims (e.g., **Everest** targeting Nissan; **Nightspire** claiming an attack on a Hyatt Place property) and breach reporting (e.g., a **Korean Air** employee-data breach attributed to **Clop**). The Cyber Express weekly roundup similarly mixed disparate topics (platform policy changes around AI abuse, senior government appointments, and national-level connectivity disruptions), reinforcing that the common thread is **curation of multiple stories** rather than new primary reporting on one specific cyber event.
1 months ago
Security roundups covering multiple unrelated breaches, exploited vulnerabilities, and malware activity
The referenced items are **weekly newsletter/roundup posts** that aggregate multiple, unrelated cybersecurity developments rather than reporting a single discrete incident. They highlight a mix of **data breaches**, **ransomware**, **active exploitation and KEV additions**, and **malware campaigns**—including mentions of BeyondTrust RS/PRA vulnerabilities (including `CVE-2026-1731`) being exploited, CISA adding various flaws to the **Known Exploited Vulnerabilities (KEV)** catalog, and ongoing malware activity such as **LummaStealer**, **NetSupport RAT** targeting, and Linux botnet activity (e.g., **SSHStalker**). Separately, the roundup coverage also includes public-sector and critical-service disruptions and regulatory action: a reported cyberattack on the **European Commission’s mobile device management (MDM)** environment with potential exposure of staff contact details, a **ransomware** incident disrupting Senegal’s national identity services, and an Australian court penalty against **FIIG Securities** tied to inadequate cybersecurity controls following a prior ransomware breach and data exposure. Overall, the content is best treated as situational awareness across many stories, not as a cohesive incident requiring a single-issue response plan.
1 months ago
Weekly Cybersecurity Roundups Highlighting Government Campaigns, Nation-State Activity, and Emerging Vulnerabilities
Multiple weekly cybersecurity roundups and newsletters highlighted a mix of policy, threat, and vulnerability developments rather than a single discrete incident. UK government messaging featured prominently, including a campaign urging businesses to “lock the door” against cyber criminals and publication of longitudinal survey results indicating most organizations continue to experience cyber incidents (with reported rates in the 70–80% range across businesses and charities). Separately, commentary from European security circles emphasized growing calls for **offensive cyber capabilities** (“strike back”) amid concerns about Russian aggression and sabotage activity across Europe, including references to cyber operations targeting critical infrastructure. Threat reporting in the same period emphasized escalating **nation-state and proxy activity** against critical infrastructure and the defense industrial base, citing research that espionage groups (including those linked to China, Russia, and North Korea) have compromised organizations by exploiting **zero-day vulnerabilities in edge devices** (e.g., VPNs and gateways). Additional reporting pointed to newly identified OT-focused threat groups (e.g., **Sylvanite**, **Azurite**, **Pyroxene**) and a broad set of emerging technical risks and product/security changes, including discussion of an **OpenSSL RCE** risk, **Foxit 0-days**, and analysis of **LockBit 5.0** ransomware techniques (e.g., ETW tampering, process hollowing, log clearing) alongside Android platform security changes (e.g., deprecating cleartext traffic defaults and adding HPKE support).
1 months ago