February 20, 2026

Critical OpenSSL RCE, Foxit 0-Day Exploits, AI Security Flaws & More: ThreatsDay Bulletin

Vaibhav February 19, 2026
Critical-OpenSSL-RCE-Foxit-0-Day-Exploits-AI-Security-Flaws-More-ThreatsDay-Bulletindata-2
Post Views: 15

New Threats Emerge as Cybersecurity Landscape Continues to Evolve

The cybersecurity threat landscape remains in a state of constant flux, with new risks, tactics, and security gaps emerging across platforms, tools, and industries. This week’s developments highlight the need for defenders to stay vigilant and adapt their strategies to address the evolving threat landscape.

Google Enhances Android Security with New Features

Google has announced the first beta version of Android 17, which includes two significant security enhancements. The deprecation of Cleartext Traffic Attribute and the introduction of HPKE Hybrid Cryptography aim to improve secure communication and protect user data. Developers are encouraged to migrate to Network Security Configuration files for granular control over cleartext traffic.

LockBit 5.0 Ransomware: A New Analysis

A recent analysis of LockBit 5.0 ransomware has revealed its defense evasion and anti-analysis techniques, including packing, DLL unhooking, process hollowing, and patching. The Windows version of the malware also employs nested obfuscation to target Mac users. The campaign primarily targets users attempting to visit software review sites, leveraging typosquatting to redirect them to fake sites and activate the infection chain.

ClickFix Campaigns on the Rise

ClickFix, a social engineering tactic, continues to evolve and target macOS users. A new variant, dubbed Matryoshka, uses a fake installation/fix flow to trick victims into executing a malicious Terminal command. The campaign primarily targets users attempting to visit software review sites, leveraging typosquatting in the URL name to redirect them to fake sites and activate the infection chain.

Phobos Affiliate Detained in Europe

Polish authorities have detained a 47-year-old man suspected of ties to the Phobos ransomware group. The suspect faces a potential prison sentence of up to five years. The arrest is part of Europol’s Operation Aether, which targets the 8Base ransomware group, believed to be linked to Phobos.

Industrial Ransomware Attacks on the Rise

There has been a sharp increase in ransomware attacks targeting industrial organizations, with 119 groups tracked in 2025, a 49% increase from 2024. The most targeted sector was manufacturing, followed by transportation. A hacking group tracked as Pyroxene has been observed conducting supply chain-leveraged attacks targeting defense, critical infrastructure, and industrial sectors.

Copilot Bug Exposes Confidential Emails

A bug in Microsoft 365 Copilot has been found to summarize confidential emails from Sent Items and Drafts folders without users’ permission, bypassing data loss prevention safeguards. The bug, tracked as CW1226324, has been active since January 21, 2026.

Jira Exploited in Spam Campaigns

Atlassian Jira Cloud has been exploited in automated spam campaigns, allowing attackers to bypass traditional security measures. The operators created Atlassian Cloud trial accounts using randomized naming conventions, generating disposable Jira Cloud instances at scale.

GitLab SSRF Vulnerability Added to CISA’s KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2021-22175 to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the patch by March 11, 2026.

Other notable developments:

  • A new variant of Remcos RAT has been spotted, exhibiting a significant change in behavior compared to previous versions.
  • Poland has banned Chinese cars and motor vehicles equipped with technology to record position, images, or sound from entering protected military facilities.
  • A DKIM replay attack has been found to abuse legitimate invoices and dispute notifications from trusted vendors.
  • The abuse of Remote Monitoring and Management (RMM) software has surged 277% year-over-year.
  • Texas has sued TP-Link and Anzu Robotics over China links.
  • A new campaign has been detected targeting Fortune 500 companies, leveraging trusted company branding with lookalike websites.
  • A vulnerability in OpenSSL has been patched, which could lead to remote code execution attacks under certain conditions.
  • A security issue has been discovered where security vendors inadvertently expose deliberately vulnerable training applications to the public internet.

These developments highlight the need for defenders to stay vigilant and adapt their strategies to address the evolving threat landscape.



About Author

Vaibhav

See author's posts

More Stories

Firmware-Backdoors-The-Hidden-Threat-to-Your-Online-Securitydata-1

Firmware Backdoors: The Hidden Threat to Your Online Security

Vaibhav February 20, 2026
Firmware-Backdoors-The-Hidden-Threat-to-Your-Online-Securitydata

Firmware Backdoors: The Hidden Threat to Your Online Security

Vaibhav February 20, 2026
Android-Malware-Leverages-Generative-AI-for-Advanced-Threats-PromptSpy-Breakthroughdata

Android Malware Leverages Generative AI for Advanced Threats: PromptSpy Breakthrough

Vaibhav February 20, 2026

You may have missed

Android-Malware-Leverages-Generative-AI-for-Runtime-Attacks-First-Known-Incident-of-PromptSpydata

Android Malware Leverages Generative AI for Runtime Attacks: First Known Incident of PromptSpy

Vaibhav February 20, 2026
Android-Malware-Leverages-Generative-AI-for-Sophisticated-Attacks-PromptSpy-Breakthroughdata

Android Malware Leverages Generative AI for Sophisticated Attacks: PromptSpy Breakthrough

Vaibhav February 20, 2026
Ukrainian-Sentenced-to-5-Years-in-Prison-for-North-Korean-Remote-Work-Scheme-Facilitationdata

Ukrainian Sentenced to 5 Years in Prison for North Korean Remote Work Scheme Facilitation

Vaibhav February 20, 2026
Firmware-Backdoors-The-Hidden-Threat-to-Your-Online-Securitydata-1

Firmware Backdoors: The Hidden Threat to Your Online Security

Vaibhav February 20, 2026
Android-Malware-Leverages-Generative-AI-for-Runtime-Attacks-PromptSpy-Sets-New-Threat-Landscapedata-1

Android Malware Leverages Generative AI for Runtime Attacks: PromptSpy Sets New Threat Landscape

Vaibhav February 20, 2026
en_USEnglish
en_USEnglish