Cybersecurity News | Daily Recap [26 Feb 2026]

hendryadrian.com

hendryadrian.com

Exploit Markets

• United States sanctions target Operation Zero and its owner Sergey Zelenyuk after investigators found the broker bought stolen zero‑day exploits sold by a jailed ex‑L3Harris exec, Peter Williams, whose theft caused $35 million in losses and prompted criminal sentencing and asset forfeiture – Exploit Sanctions, Exec Sentenced, Zero‑Day Theft

AI-Powered Threats

• SURXRAT, an Android RAT sold as MaaS, is evolving with LLM-driven features (including conditional download of a 23GB LLM) and ties to ArsinkRAT, while analysis of OpenClaw warns that a plugin “skills” marketplace (incl. CVE-2026-25253) could enable poisoned modules for credential theft and RCE—raising supply‑chain risks – SURXRAT RAT, OpenClaw Hype

Breaches & Ransomware

• Marquis sued SonicWall, alleging a 2025 breach of its cloud backup exposed firewall configuration backups and emergency “scratch codes,” enabling a ransomware attack and PII theft – SonicWall Suit
• UFP Technologies, a medical device supplier, disclosed a Feb 14 incident involving stolen files and suspected file‑encrypting ransomware that disrupted billing and delivery‑label systems while contingency plans limited operational impact – UFP Incident

Vulnerabilities & Patches

• Zyxel released fixes for critical UPnP command‑injection CVE-2025-13942 affecting many 4G/5G CPE, DSL/Ethernet CPE, ONT and extenders that can permit unauthenticated remote OS command execution and urged replacement of EOL routers as exploitation is tracked – Zyxel RCE
• Microsoft published optional Feb 2026 preview KB5077241 for Windows 11 delivering 29 non‑security quality improvements including BitLocker reliability fixes and built‑in Sysmon functionality plus management/usability features – Win11 KB5077241

Cybersecurity News | Daily Recap – hendryadrian.com