Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:
Identity verification systems are struggling with synthetic fraud
Fake and expired IDs keep showing up in routine customer transactions, from alcohol purchases to credit card applications. The problem shows up most often in industries that depend on fast onboarding and remote transactions, where identity checks rely heavily on scanned documents and automated workflows.
Enterprises are racing to secure agentic AI deployments
AI assistants are tied into ticketing systems, source code repositories, chat platforms, and cloud dashboards across many enterprises. In some environments, these systems can open pull requests, query internal databases, book services, and trigger automated workflows with limited human involvement. The State of AI Security 2026 from Cisco places this level of access inside a growing pattern of AI-driven operations that connect directly to core business systems.
The hidden security cost of treating labs like data centers
In this Help Net Security interview, Rich Kellen, VP, CISO at IFF, explains why security teams should not treat OT labs like IT environments. He discusses how compromise can damage scientific integrity and create safety risks that backups cannot fix.
AI is becoming part of everyday criminal workflows
Underground forums include long threads about chatbots drafting phishing emails, generating code snippets, and coaching social engineering calls. A new study examined conversations captured between January 1, 2025 and July 31, 2025 across dozens of cybercrime forums to map how AI tools are entering day to day criminal operations.
AI-driven DAST reduces manual setup and surfaces exploitable vulnerabilities
In this Help Net Security interview, Joni Klippert, CEO at StackHawk, discusses what defines DAST coverage in 2026 and why scan completion does not equal security. She explains how AI-driven DAST testing automates attack surface discovery, supports business-logic testing in pre-production, and reduces the manual setup that has limited adoption. Klippert also describes how organizations can implement runtime testing without instrumenting production systems.
Review: Digital Forensics, Investigation, and Response, 5th Edition
Digital Forensics, Investigation, and Response, 5th Edition presents a structured survey of the digital forensics discipline. The book spans foundational principles, platform specific analysis, specialized branches, and incident response integration.
Open-source security debt grows across commercial software
Open source code sits inside nearly every commercial application, and development teams continue to add new dependencies. Black Duck’s 2026 Open Source Security and Risk Analysis Report data shows that nearly all audited codebases contain open source components, with average component counts rising sharply over the past year.
The $19.5 million insider risk problem
Routine employee activity across corporate systems carries an average annual cost of $19.5 million per organization. That figure comes from the 2026 Cost of Insider Risks Global Report, conducted by the Ponemon Institute and based on data from 354 organizations that experienced one or more material insider related incidents over the past year.
Industrial networks continue to leak onto the internet
Industrial operators continue to run remote access portals, building automation servers, and other operational technology services on public IP address ranges. Palo Alto Networks, Siemens, and Idaho National Laboratory describe the scope of that exposure in the Intelligence-Driven Active Defense Report 2026.
DeVry University’s CISO on higher education cybersecurity risk
In this Help Net Security interview, Fred Kwong, VP, CISO at DeVry University, outlines how the university balances academic openness with cyber risk. He describes how systems for students are separated from back end operations to limit exposure.
Japanese chip-testing toolmaker Advantest suffers ransomware attack
Japanese tech testing company Advantest has suffered a ransomware attack, the company confirmed last Thursday, after detecting unusual activity within its IT environment on February 15, 2026.
Fake troubleshooting tip on ClawHub leads to infostealer infection
A new malware delivery campaign has hit ClawHub, the official online repository for “skills” that augment the capabilities of the popular OpenClaw AI agent. Unlike previous ones, this campaign does not aim to trick users into downloading a bogus, malicious skill.
Self-spreading npm malware targets developers in new supply chain attack
Security researchers have uncovered another supply chain attack targeting developers: 19 typosquatting npm packages published on npmjs.com that steal credentials, infect projects, and propagate themselves across developer environments.
CISA flags exploited FileZen command injection bug, patch now! (CVE-2026-25108)
CISA has added CVE-2026-25108, an OS command injection vulnerability in Soliton Systems’ FileZen secure file transfer solution, to its Known Exploited Vulnerabilities (KEV) catalog. The vendor has confirmed active exploitation, stating it has received multiple reports of damage caused by attackers abusing the flaw.
SolarWinds Serv-U hit by four critical RCE-level vulnerabilities
SolarWinds has fixed four critical vulnerabilities in its popular Serv-U file transfer solution, which is used by businesses and organizations of all sizes. If exploited, the flaws may allow attackers to create a system admin user and/or execute code as a privileged account.
Threat actor leveraged Cisco SD-WAN zero-day since 2023 (CVE-2026-20127)
A “highly sophisticated” cyber threat actor has been exploiting a zero-day authentication bypass vulnerability (CVE-2026-20127) in Cisco Catalyst SD-WAN Controller (formerly vSmart) and Cisco Catalyst SD-WAN Manager (formerly SD-WAN vManage), Cisco has announced.
Scattered Lapsus$ Hunters seeks women for vishing attacks
The Scattered Lapsus$ Hunters (SLH) hacking collective has launched a recruitment push aimed specifically at women, offering cash payments for participating in voice-phishing (vishing) attacks. A few days ago, threat intelligence firm Dataminr detected posts on a public Telegram channel advertising roles for female callers willing to conduct social-engineering phone operations.
IronCurtain: An open-source, safeguard layer for autonomous AI assistants
Veteran security engineer Niels Provos is working on a new technical approach designed to stop autonomous AI agents from taking actions you haven’t specifically authorized.
Why SOCs are moving toward autonomous security operations in 2026
The modern security operations center faces a crisis of scale that human effort cannot fix. With alert volumes exponentially growing and threat actors automating their attacks, organizations must pivot to autonomous SOC strategies. This shift to AI-driven defense is the only way to survive the operational realities of 2026.
Binding Operational Directive 26-02 sets deadlines for edge device replacement
In this Help Net Security video, Jen Sovada, General Manager, Public Sector at Claroty, explains CISA’s Binding Operational Directive 26-02 and what it means for federal agencies. The directive requires agencies to inventory, report, decommission, and replace unsupported edge devices such as firewalls, routers, switches, load balancers, and wireless access points.
Police seize 100,000 stolen Facebook credentials in cybercrime raid
Officers from Poland’s Central Bureau for Combating Cybercrime (CBZC) dismantled an organized group that used phishing to seize Facebook accounts and extract BLIK payment codes from victims.
Spanish police arrest suspected Anonymous members over DDoS attacks on government sites
Spanish police (Guardia Civil) arrested four members of the hacktivist group Anonymous Fénix over DDoS attacks targeting ministries, political parties and public institutions. Police identified the organization’s leadership, including its administrator and moderator, who were arrested in May 2025 in Alcalá de Henares (Madrid) and Oviedo (Asturias).
Security and complexity slow the next phase of enterprise AI agent adoption
Enterprise AI agents are embedded in routine business processes, particularly inside engineering and IT operations. Many organizations report active production deployments, and agent development ranks high on strategic agendas. A new study from Docker, The State of Agentic AI Report, examines how enterprises are deploying agentic systems and the challenges emerging as deployments scale.
Microsoft extends security patching for three Windows products at a price
Support is ending for three Windows products released in 2016, with deadlines beginning in October 2026. Windows 10 Enterprise LTSB 2016 and Windows 10 IoT Enterprise 2016 LTSB will reach end of support on October 13, 2026, followed by Windows Server 2016 on January 12, 2027.
International operation dismantles fraud network, €400,000 seized
A coordinated international operation supported by Eurojust dismantled a fraudulent call centre operating from three offices and targeting citizens throughout Europe. Authorities arrested 11 suspects and seized more than €400,000 in cash.
Teenagers charged over public bike service breach that exposed 4.62 million records
Two South Korean teenagers have been charged in connection with a cyberattack that compromised the personal data of 4.62 million users of Seoul’s public bike service, Ttareungyi. The compromised data included user IDs, mobile phone numbers, addresses, dates of birth, gender, and weight.
Airline brands become launchpads for phishing, crypto fraud
Airline brands sit at the center of peak travel booking cycles, loyalty programs, and high value transactions. Criminal groups continue to register thousands of lookalike domains tied to these brands, targeting travelers, employees, and business partners. Recent threat intelligence from BforeAI’s PreCrime Labs identifies sustained impersonation activity across the global commercial airline sector.
Cyber valuations climb as capital concentrates, AI security expands
Venture funding in cybersecurity continued to concentrate in large private rounds at the end of 2025, driving valuations higher across stages. Data from DataTribe shows total capital invested approached $150 billion for the year, with a disproportionate share flowing into fewer than 100 deals.
Ex-L3Harris executive sentenced to 87 months for selling stolen cyber-exploit trade secrets
Peter Williams, a former executive of Trenchant, L3Harris’ cyber division, has been sentenced to 87 months in prison by a federal judge in Washington, D.C., after pleading guilty to stealing and selling sensitive cyber-exploit trade secrets to a Russian broker.
Anthropic’s Remote Control feature brings Claude Code to mobile devices
Anthropic has introduced a new Claude Code feature called Remote Control, allowing developers to continue a local coding session from a phone, tablet, or any web browser. The feature is rolling out as a research preview to Max users.
Samsung’s Galaxy S26 turns privacy into a visible and invisible feature
The Samsung Galaxy S26 series is out, offering plenty of security features that protect personal data while providing users with transparency and control over how their information is used. The feature that grabbed the spotlight is the built-in Privacy Display on the Galaxy S26 Ultra model, designed to help keep on-screen activity out of view in public places.
Telegram rises to top spot in job scam activity
Encrypted messaging platforms are becoming a primary channel for Authorised Push Payment (APP) fraud, with Telegram representing a growing share of reported cases, according to the Revolut report.
NATO greenlights iPhone and iPad for classified information handling
Apple confirmed that the iPhone and iPad have been approved for use with classified information in NATO restricted environments. The devices will no longer require special software or settings to handle NATO restricted-level information.
Microsoft taps ASUS and Dell for the Windows 365 Cloud PC strategy
Microsoft is adding two new Windows 365 Cloud PC devices, the ASUS NUC 16 for Windows 365 and the Dell Pro Desktop for Windows 365, expanding hardware options for its cloud-based desktop service. Both devices are scheduled for release in the third quarter of 2026, with distribution varying by region and model.
Meta tightens grip on scam advertisers
Meta is stepping up the fight against scams on its platforms by filing multiple lawsuits targeting companies and individuals in Brazil, China, and Vietnam who used deceptive tactics to run scam ads. The company said it has taken technical enforcement actions in these cases, including suspending payment methods used in the scams, disabling accounts linked to those operations, and blocking domains associated with scam sites.
Coroot: Open-source observability and APM tool
Coroot is an open-source observability and application performance monitoring tool. The core software, published in Go and accompanied by companion repositories such as coroot-node-agent, focuses on collecting telemetry data across systems. It uses extended Berkeley Packet Filter (eBPF) technology to gather metrics and trace inter-service communications without manual instrumentation of application code.
Perplexity AI lands on Samsung’s next Galaxy lineup
Samsung will add Perplexity to its upcoming Galaxy S26 devices as part of its Galaxy AI multi-agent ecosystem expansion. Users will be able to access Perplexity through quick-access controls, such as pressing and holding the side button, or by using the voice wake phrase “Hey, Plex.”
WhatsApp is adding another lock to your account
Meta has released WhatsApp Beta for Android 2.26.7.8 through the Google Play Beta Program. The update includes references to password-protected accounts, indicating plans to introduce an additional layer of protection beyond the app’s current authentication options.
Windows 365 for Agents brings managed cloud PCs to autonomous workflows
Microsoft’s Windows 365 for Agents is a cloud platform that gives AI agents secure access to cloud PCs. It lets builders run copilots, agents, and automated workflows in Windows environments without managing infrastructure. The platform includes security, policy controls, scalability, and visibility so agents can browse websites, process data, and complete tasks inside a managed cloud PC.
Microsoft expands Sovereign Cloud security with governance, local productivity and AI
Microsoft expands Microsoft Sovereign Cloud with new disconnected and AI capabilities that help organizations run critical infrastructure, productivity services and large AI models inside sovereign boundaries while keeping governance and operational continuity across connected and disconnected environments.
Edge systems take the brunt of internet-wide exploitation attempts
Internet-facing VPNs, routers, and remote access services absorbed sustained exploitation attempts throughout the second half of 2025, with nearly 3 billion malicious sessions recorded over 162 days. The concentration on edge infrastructure aligns with how attackers pursue initial access across the public internet.
Microsoft adds domain libraries and Copilot integration to the quantum development kit
The Microsoft Quantum Development Kit (QDK) is an open-source toolkit that runs on laptops and in common development environments. It includes code, simulators, libraries, and workflows that work with Visual Studio Code and GitHub Copilot. Integration with these tools gives developers features for writing, testing, debugging, and submitting quantum code.
Apple blocks 18+ app downloads in select markets
Apple has introduced expanded age assurance tools to help developers comply with regulations taking effect in Brazil, Australia, Singapore, Utah, and Louisiana. The updates, available in beta, expand the Declared Age Range API and related App Store systems.
Reddit fined $19.5 million for failing to protect children’s personal data
The UK’s Information Commissioner’s Office (ICO) has fined Reddit $19.5 million after finding that the company failed to use children’s personal information lawfully, exposing them to inappropriate and harmful content.
Hottest cybersecurity open-source tools of the month: February 2026
This month’s roundup features exceptional open-source cybersecurity tools that are gaining attention for strengthening security across various environments.
Wireshark 4.6.4 resolves dissector flaws, plugin compatibility issue
Packet inspection remains a routine activity across enterprise networks, incident response workflows, and malware investigations. Continuous use places long-term stability and parsing accuracy at the center of daily operations. Wireshark version 4.6.4 addresses two vulnerabilities affecting protocol dissectors and resolves a plugin compatibility issue within the 4.6 release series.
Fraudsters integrate ChatGPT into global scam campaigns
AI models are being folded into fraud and influence operations that follow long standing tactics. A February 2026 update to OpenAI’s Disrupting Malicious Uses of Our Models report details how ChatGPT and related API access were used in romance scams, fake legal services, coordinated influence campaigns, and a state linked harassment effort.
AWS Security Hub Extended brings enterprise security under one roof
AWS Security Hub Extended is a plan within Security Hub that simplifies how customers procure, deploy, and integrate a full-stack enterprise security solution across endpoint, identity, email, network, data, browser, cloud, AI, and security operations.
The CISO role keeps getting heavier
Personal liability is becoming a routine part of the CISO job. In Splunk’s 2026 CISO Report, titled From Risk to Resilience in the AI Era, 78% of CISOs said they are concerned about their own liability for security incidents, up from 56% last year. The role carries personal exposure alongside operational accountability, and that shift is influencing how security leaders approach risk, documentation, and board communication.
Android app uses Bluetooth signals to detect nearby smart glasses
Smart glasses with built-in cameras are showing up in more public spaces, and a growing number of people want a way to know when one is nearby. An Android app called Nearby Glasses, developed by Yves Jeanrenaud, attempts to fill that gap by scanning Bluetooth Low Energy traffic for manufacturer identifiers associated with known smart glasses makers.
Ransomware activity peaks outside business hours
Intrusions continue to center on credential access and timed execution outside standard business hours. The Sophos Active Adversary Report 2026 analyzes 661 incident response and managed detection and response cases handled between November 1, 2024 and October 31, 2025, spanning organizations in 70 countries.
Android 17 second beta expands privacy controls for contacts, SMS and local networks
Google’s second beta of Android 17 continues updates to platform behavior and introduces new APIs focused on protecting sensitive data.
Europol goes after The Com’s ransomware and extortion networks
Law enforcement agencies across 28 countries have spent the past year building cases against a loosely organized collective known as The Com, a decentralized network of mostly teenagers and young adults linked to high-profile ransomware attacks, financial extortion, and the coercion of vulnerable children.
Cybersecurity jobs available right now: February 24, 2026
We’ve scoured the market to bring you a selection of roles that span various skill levels within the cybersecurity field. Check out this weekly selection of cybersecurity jobs available right now.
New infosec products of the month: February 2026
Here’s a look at the most interesting products from the past month, featuring releases from Aikido Security, Avast, Armis, Black Duck, Compliance Scorecard, Fingerprint, Gremlin, Impart Security, Portnox, Redpanda, Socure, SpecterOps, Veza, and Virtana.
