Threat Research

Security briefing: February 2026 | Sysdig

Sysdig
Security briefing: February 2026 | Sysdig

AI-driven attacks and supply-chain compromises dominated February’s threat landscape, with rapid exploit weaponization (BeyondTrust CVE-2026-1731, OpenClaw CVE-2026-25253), credential and token theft (Vidar), and large-scale AI-enabled campaigns against exposed management ports (Fortinet FortiGate). Organizations must prioritize identity hygiene, token rotation, inventory and governance of AI agents, and active detection because AI has compressed kill chains from initial access to admin in minutes. #CVE-2026-1731 #OpenClaw

Keypoints

  • BeyondTrust Remote Support vulnerability CVE-2026-1731 was weaponized within hours of PoC release and reclassified as a zero-day with active exploitation and subsequent ransomware usage.
  • Microsoft identified “AI Recommendation Poisoning,” where hidden instructions bias AI-generated summaries—threatening integrity of training and retrieval data.
  • Supply chain and agent risks: a compromised token caused a malicious Cline CLI v2.3.0 update that installed OpenClaw, and 8–12% of audited ClawHub skills contained backdoors or credential stealers.
  • Vidar infostealer variants targeted AI agent deployments, exfiltrating configuration files, tokens, and API keys from OpenClaw instances.
  • AWS reported an AI-planned campaign that compromised 600+ Fortinet FortiGate devices across 55 countries by exploiting exposed management ports and weak credentials.
  • Sysdig TRT demonstrated that AI can compress an attack kill chain to eight minutes from initial access to admin, including data exfiltration and an LLMjacking attack.
  • High-profile incidents include a rapid EU incident response that contained staff data exposure and a France breach where stolen privileged credentials exposed up to 1.2M bank-account records (FICOBA).

MITRE Techniques

  • [T1190 ] Exploit Public-Facing Application – Vulnerabilities in remote-support and agent systems were exploited for remote code execution. (‘CVE-2026-1731 is a critical pre-authorization remote code execution vulnerability in the BeyondTrust Remote Support product.’; ‘CVE-2026-25253 allows remote code execution … their token is sent to an attacker-owned server’)
  • [T1195 ] Supply Chain Compromise – A compromised token and malicious package distribution led to unauthorized updates and installation of malicious components in developer tooling. (‘A compromised token led to an unintended update to the open source, AI-powered coding assistant, Cline CLI.’ )
  • [T1078 ] Valid Accounts – Stolen or misused credentials were used to access sensitive systems and datasets. (‘a threat actor used the credentials of a privileged employee to access a file with a list of all bank accounts … FICOBA’)
  • [T1552 ] Unsecured Credentials – Tokens, API keys, and configuration files were harvested from AI agent deployments and local environments. (‘a variant of the infostealer malware Vidar was reported as exfiltrating configuration files, tokens, and API keys from a victim’s OpenClaw deployment.’)
  • [T1041 ] Exfiltration Over C2 Channel – Sensitive data and credentials were exfiltrated after gaining access, enabling further compromise and misuse. (‘exfiltrating configuration files, tokens, and API keys’ and ‘the attacker was able to exfiltrate sensitive data and launch an LLMjacking attack’)

Indicators of Compromise

  • [Vulnerability ] Exploited RCE identifiers – CVE-2026-1731 (BeyondTrust Remote Support), CVE-2026-25253 (OpenClaw RCE)
  • [Malware / Component ] Malicious tools and stealers – Vidar (infostealer), OpenClaw (malicious component installed by compromised Cline CLI)
  • [File / Package ] Compromised releases and marketplace items – Cline CLI v2.3.0 (unauthorized installer), ClawHub skills containing backdoors or credential stealers
  • [Credentials / Tokens ] Stolen authentication artifacts – API keys and tokens exfiltrated from OpenClaw deployments, privileged employee credentials used to access FICOBA
  • [Affected Systems / Vendors ] Targeted devices and organizations – Fortinet FortiGate devices (600+ compromised across 55 countries), BeyondTrust Remote Support, FICOBA (French national bank account registry)

Read more: https://www.sysdig.com/blog/security-briefing-february-2026