Cybersecurity News | Daily Recap [21 Feb 2026]

hendryadrian.com

hendryadrian.com

Vulnerabilities & Exploits

• CISA added two actively exploited Roundcube flaws (CVE-2025-49113, CVE-2025-68461) to its KEV after rapid weaponization, forcing federal remediation by 13 Mar 2026 – Roundcube KEV
• A critical CVE-2026-1731 in BeyondTrust is being exploited in ransomware campaigns (PoC published), enabling pre-auth RCE and observed delivering payloads like SparkRAT and VShell – BeyondTrust RCE, BeyondTrust Ransom
• Multiple critical flaws (including CVE-2026-25715, CVE-2026-24455, CVE-2026-26049, CVE-2026-26048) were disclosed in the Jinan USR IOT PUSR USR-W610 device family with CISA advisories for mitigation – USR IoT
• A missing-authentication flaw (CVE-2026-24790, CVSS v3 8.2) in the Welker OdorEyes XL4 controller could allow unauthorized control of odorization systems; CISA recommends isolation and defense-in-depth – Welker Flaw

Malware & Financial Fraud

• Crime groups hit ATMs with malware-based jackpotting to steal roughly $20M from machines in coordinated campaigns – ATM Jackpot
• An industrial-scale scam impersonating Indonesia’s Coretax distributed malicious APKs via phishing/WhatsApp, causing an estimated $1.5m–$2m loss and linked to the GoldFactory cluster using Gigabud.RAT and MMRat – Fake Coretax
• A new Remcos RAT variant adds real-time webcam streaming, online keylogging and stronger evasion, fetching modular DLL plugins and minimizing forensic traces on Windows hosts – Remcos RAT

Data Breaches & Incidents

• PayPal disclosed a data breach that exposed user information for about 6 months, prompting notifications and investigation – PayPal Breach
• The French national bank account registry FICOBA was breached via stolen civil‑servant credentials, exposing data tied to roughly 1.2 million accounts and triggering investigations by DGFiP, CNIL and prosecutors – FICOBA Breach, FICOBA Report
• Japanese test-equipment maker Advantest disclosed a ransomware intrusion affecting parts of its corporate network and potential customer/employee data, isolating systems and engaging specialists as investigations continue – Advantest Hit, Weekly Mention

Policy, AI & Research

• Anthropic launched Claude Code Security, an AI-powered code-scanning feature that proposes patches with multi-stage verification and human-in-the-loop review in a limited enterprise preview – Claude Security
• EC-Council unveiled the Enterprise AI Credential Suite with four role-based AI certifications and an updated Certified CISO v4 to boost U.S. AI workforce readiness under an Adopt.Defend.Govern framework – AI Certifications
• Elon Musk’s X is appealing a record €120M EU fine under the Digital Services Act, alleging procedural errors as the Commission prepares to defend the decision in court – X Appeal
• NIST demonstrated a single‑chip source that emits on‑demand single photons to enable more practical QKD, a development that could harden defenses against “harvest now, decrypt later” attacks – Quantum Chip
• Weekly roundups flagged rising ICS advisories, ransomware disruptions to clinics, EU AI policy moves and other sector developments in consolidated coverage – In Other News, Weekly Roundups

Cybercrime Arrests & Sentences

• A Ukrainian national, Oleksandr Didenko, was sentenced to 5 years after running Upworksell.com, which sold stolen U.S. identities and enabled North Korean IT workers to access ~40 U.S. companies using at least 871 American identities – NK Laptop Scheme
• Romanian national Catalin Dragomir pleaded guilty to breaching Oregon’s Office of Emergency Management and other U.S. targets, admitting losses of at least $250,000 and facing up to 7 years in prison – Oregon Breach

DevOps & Supply Chain Risks

• Analysis of > 34,000 public container images found about 7.3% malicious (with ~70% of those mining crypto) and 42% containing multiple secrets, prompting calls to “shift down” security into platform automation and golden paths – Shift Nightmare

Cybersecurity News | Daily Recap – hendryadrian.com