This posting is here to collect cyber security news in February 2026.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
This posting is here to collect cyber security news in February 2026.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
136 Comments
Tomi Engdahl says:
https://www.facebook.com/share/p/18Jse5zQ1o/
Microsoft has confirmed that a bug in its Copilot AI led to confidential customer emails being summarized without authorization.
The issue was first detected on January 21st and persisted for several weeks before a fix was initiated.
Copilot Chat’s Work tab incorrectly processed email messages stored in drafts and Sent Items folders even when they were protected by sensitivity labels or Data Loss Prevention policies.
While the AI could read and summarise these emails for the user Microsoft stated it did not grant access to anyone who was not already authorised to see the content.
The bug which administrators could track under the ID CW1226324 affected paying Microsoft 365 customers using Copilot Chat across Office apps such as Word, Excel, and PowerPoint. Microsoft said it has since addressed the issue.
Microsoft says bug causes Copilot to summarize confidential emails
https://www.bleepingcomputer.com/news/microsoft/microsoft-says-bug-causes-copilot-to-summarize-confidential-emails/
Microsoft says a Microsoft 365 Copilot bug has been causing the AI assistant to summarize confidential emails since late January, bypassing data loss prevention (DLP) policies that organizations rely on to protect sensitive information.
According to a service alert seen by BleepingComputer, this bug (tracked under CW1226324 and first detected on January 21) affects the Copilot “work tab” chat feature, which incorrectly reads and summarizes emails stored in users’ Sent Items and Drafts folders, including messages that carry confidentiality labels explicitly designed to restrict access by automated tools.
Microsoft began rolling out Copilot Chat to Word, Excel, PowerPoint, Outlook, and OneNote for paying Microsoft 365 business customers in September 2025.
“Users’ email messages with a confidential label applied are being incorrectly processed by Microsoft 365 Copilot chat,” Microsoft said when it confirmed this issue.
Microsoft error sees confidential emails exposed to AI tool Copilot
https://www.bbc.com/news/articles/c8jxevd8mdyo
Microsoft has acknowledged an error causing its AI work assistant to access and summarise some users’ confidential emails by mistake.
The tech giant has pushed Microsoft 365 Copilot Chat as a secure way for workplaces and their staff to use its generative AI chatbot.
But it said a recent issue caused the tool to surface information to some enterprise users from messages stored in their drafts and sent email folders – including those marked as confidential.
Microsoft says it has rolled out an update to fix the issue, and that it “did not provide anyone access to information they weren’t already authorised to see”.
“While our access controls and data protection policies remained intact, this behaviour did not meet our intended Copilot experience, which is designed to exclude protected content from Copilot access,” they added.
“A configuration update has been deployed worldwide for enterprise customers.”
The blunder was first reported by tech news outlet Bleeping Computer, which said it had seen a service alert confirming the issue.
Tomi Engdahl says:
Copilot spills the beans, summarizing emails it’s not supposed to read
Data Loss Prevention? Yeah, about that..
https://www.theregister.com/2026/02/18/microsoft_copilot_data_loss_prevention/
The bot couldn’t keep its prying eyes away. Microsoft 365 Copilot Chat has been summarizing emails labeled “confidential” even when data loss prevention policies were configured to prevent it.
Though there are data sensitivity labels and data loss prevention policies in place for email, Copilot has been ignoring those and talking about secret stuff in the Copilot Chat tab. It’s just this sort of scenario that has led 72 percent of S&P 500 companies to cite AI as a material risk in regulatory filings.
Redmond, earlier this month, acknowledged the problem in a notice to Office admins that’s tracked as CW1226324, as reposted by the UK’s National Health Service support portal. Customers are said to have reported the problem on January 21, 2026.
“Users’ email messages with a confidential label applied are being incorrectly processed by Microsoft 365 Copilot chat,” the notice says. “The Microsoft 365 Copilot ‘work tab’ Chat is summarizing email messages even though these email messages have a sensitivity label applied and a DLP policy is configured.”
Microsoft explains that sensitivity labels can be applied manually or automatically to files as a way to comply with organizational information security policies. These labels may function differently in different applications, the company says.
The software giant’s documentation makes clear that these labels do not function in a consistent way.
“Although content with the configured sensitivity label will be excluded from Microsoft 365 Copilot in the named Office apps, the content remains available to Microsoft 365 Copilot for other scenarios,” the documentation explains. “For example, in Teams, and in Microsoft 365 Copilot Chat.”
DLP, implemented through applications like Microsoft Purview, is supposed to provide policy support to prevent data loss.
“DLP monitors and protects against oversharing in enterprise apps and on devices,”
In theory, DLP policies should be able to affect Microsoft 365 Copilot and Copilot Chat. But that hasn’t been happening in this instance.
The root cause is said to be “a code issue [that] is allowing items in the sent items and draft folders to be picked up by Copilot even though confidential labels are set in place.”
In a statement provided to The Register after this story was filed, a Microsoft spokesperson said, “We identified and addressed an issue where Microsoft 365 Copilot Chat could return content from emails labeled confidential authored by a user and stored within their Draft and Sent Items in Outlook desktop. This did not provide anyone access to information they weren’t already authorized to see. While our access controls and data protection policies remained intact, this behavior did not meet our intended Copilot experience, which is designed to exclude protected content from Copilot access. A configuration update has been deployed worldwide for enterprise customers.”
Tomi Engdahl says:
Mobiilivarmenteen kaappaus yhdellä pankkitunnistuksella
https://www.linkedin.com/redir/redirect/?url=https%3A%2F%2Fpjarvinen%2Eblogspot%2Ecom%2F2026%2F02%2Fmobiilivarmenteen-kaappaus-yhdella%2Ehtml&urlhash=zgf8&mt=wtl7PTYfDRofisaN1XL8ska8fwrQ3ONNO7dJ2oZOqT6Snb8JNpA6tLxXyow73ChI84nGN-zKQLABEqHD_JEy8uQL-5nwaDR5CNdwlrgF-ZbnTH5lZBVtAQ&isSdui=true
Puhelimeen kilahtelee jatkuvasti kalasteluviestejä, joilla yritetään saada uhri luovuttamaan pankkitunnuksensa. Juuri nyt aktiivisena on ovela kampanja, jossa ilmoitetaan ajanvarauksesta lääkäriin tai sosiaalitoimen palveluun, ja tarjotaan linkki perumista varten. Peruminen vaatii tietenkin tunnistautumisen, johon kelpaavat vain pankkitunnukset.
Minulta kysytään usein, miksi huijarit kalastelevat pankkitunnuksia. Eihän yhdellä tunnistuskerralla voi edes siirtää rahaa.
Yksikin tunnistuskerta saattaa riittää pankin tunnistusohjelman asentamiseen rosvon puhelimeen, jolloin tilin hallinta menetetään täydellisesti. Toinen mahdollisuus on mobiilivarmenteen kaappaaminen.
Mobiilivarmenne omaan puhelimeen voidaan hakea pelkällä pankkitunnistamisella. Juju on siinä, ettei hakemisen yhteydessä tarkisteta, kenen puhelimeen varmenne varsinaisesti tulee. Jos uhri erehtyy syöttämään pankkitunnuksensa kalastelusivulle, rosvo saa hänen mobiilivarmenteen omaan puhelimeensa ja pystyy siitä eteenpäin todentamaan itsensä vahvasti moniin viranomais- ja lainapalveluihin.
Olen yrittänyt herättää tästä keskustelua, mutta laihoin tuloksin. Viranomaiset suosittelevat mobiilivarmennetta pankkien ulkopuoliseen asiointikäyttöön, joten olisi kohtuullista että ne myös varoittaisivat väärinkäytön mahdollisuuksista tai vaatisivat lisää suojakeinoja.
Tomi Engdahl says:
Man accidentally gains control of 7,000 robot vacuums
Sammy Azdoufal just wanted to steer his DJI Romo with a gaming controller.
https://www.popsci.com/technology/robot-vacuum-army/
software engineer’s earnest effort to steer his new DJI robot vacuum with a video game controller inadvertently granted him a sneak peak into thousands of people’s homes.
While building his own remote-control app, Sammy Azdoufal reportedly used an AI coding assistant to help reverse-engineer how the robot communicated with DJI’s remote cloud servers. But he soon discovered that the same credentials that allowed him to see and control his own device also provided access to live camera feeds, microphone audio, maps, and status data from nearly 7,000 other vacuums across 24 countries.
The backend security bug effectively exposed an army of internet-connected robots that, in the wrong hands, could have turned into surveillance tools, all without their owners ever knowing.
Luckily, Azdoufal chose not to exploit that. Instead, he shared his findings with The Verge, which quickly contacted DJI to report the flaw. While DJI tells Popular Science the issue has been “resolved,” the dramatic episode underscores warnings from cybersecurity experts who have long-warned that internet-connected robots and other smart home devices present attractive targets for hackers.
The DJI Romo robovac had security so poor, this man remotely accessed thousands of themThe immediate threat may be fixed, but this raises serious questions.
https://www.theverge.com/tech/879088/dji-romo-hack-vulnerability-remote-control-camera-access-mqtt
Tomi Engdahl says:
https://www.malwarebytes.com/blog/news/2026/02/hobby-coder-accidentally-creates-vacuum-robot-army
Tomi Engdahl says:
https://www.inc.com/leila-sheridan/huge-robot-vacuum-security-flaw-exposed-after-1-owner-accidentally-controlled-thousands-using-an-ai-tool/91304719
Tomi Engdahl says:
https://www.androidauthority.com/robot-vacuum-hack-3641615/
Tomi Engdahl says:
Hackers Can Leverage Grok and Copilot for Stealthy Malware Communication and Control
https://cybersecuritynews.com/grok-and-copilot-for-malware-communication/#google_vignette
A novel attack technique that repurposes mainstream AI assistants, specifically xAI’s Grok and Microsoft Copilot, as covert command-and-control (C2) relays, enabling attackers to tunnel malicious traffic through platforms that enterprise networks already trust and permit by default.
Dubbed “AI as a C2 proxy,” the technique uncovered by Check Point Research (CPR) exploits the web-browsing and URL-fetching capabilities available in both platforms.
Because AI service domains are increasingly treated as routine corporate traffic, often allowed by default and rarely inspected as sensitive egress, malicious activity blending through them evades most conventional detection mechanisms.
CPR researchers demonstrated that both Grok (grok.com) and Microsoft Copilot (copilot.microsoft.com) can be driven through their public web interfaces to fetch attacker-controlled URLs and return structured responses, establishing a fully bidirectional communication channel.
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/critical-infra-honeywell-cctvs-vulnerable-to-auth-bypass-flaw/
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/cisa-beyondtrust-rce-flaw-now-exploited-in-ransomware-attacks/
Tomi Engdahl says:
Copilot quietly pulls your data from other Microsoft products, including Edge and MSN, but you can opt out
https://www.windowslatest.com/2026/02/19/copilot-quietly-pulls-your-data-from-other-microsoft-products-including-edge-and-msn-but-you-can-opt-out/
Microsoft has quietly confirmed that Copilot automatically pulls your data from other Microsoft products, such as Bing, MSN, and Edge. We don’t know whether Windows is included in “other” products, but it doesn’t appear to be, at least for now. Regardless, you can turn off “usage” sharing with Copilot, but it could make Copilot less useful.
Tomi Engdahl says:
Traficomilta kylmäävä varoitus: Rikolliset keksineet keinon ohittaa vahva tunnistautuminen
Microsoft 365 -palveluihin tehdyissä tilimurroissa hyödynnetään aitm-hyökkäystekniikkaa, joka ohittaa jopa monivaiheisen tunnistautumisen. Tilimurtoja tehdään erityisesti yrityksiä ja organisaatioita vastaan.
https://www.iltalehti.fi/digiuutiset/a/ff3a7078-ef4b-4ee4-9e10-396d2b31cb7d
Tomi Engdahl says:
https://thehackernews.com/2026/02/threatsday-bulletin-openssl-rce-foxit-0.html
Tomi Engdahl says:
Week in review: Exploited newly patched BeyondTrust RCE, United Airlines CISO on building resilience
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:
https://www.helpnetsecurity.com/2026/02/15/week-in-review-exploited-newly-patched-beyondtrust-rce-united-airlines-ciso-on-building-resilience/
Tomi Engdahl says:
”Tätä pankit eivät voi kertoa julkisesti” – Näin kaikille suomalaisille suositeltu mobiilivarmenne voidaan kaapata, varoittaa tietoturva-asiantuntija
Tietoturva-asiantuntijan mukaan ihmisten tulee olla tietoisia viranomaisten laajalti suosittelemaan mobiilivarmenteeseen liittyvästä väärinkäytön mahdollisuudesta. ”Olen yrittänyt herättää tästä keskustelua, mutta laihoin tuloksin”, Petteri Järvinen kirjoittaa.
https://www.uusisuomi.fi/uutiset/a/3524ba79-4e2c-47bb-8d19-bf83ddfcd8ca
”Tämän pankit haluaisivat kertoa asiakkailleen, mutta eivät voi julkisesti sitä tehdä.” Näin kuvaa it-asiantuntija, tietoturvan puolestapuhuja Petteri Järvinen kirjoitustaan suomalaisille suositeltuun mobiilivarmenteeseen liittyvästä sudenkuopasta.
Tomi Engdahl says:
Jailbreaking the matrix: How researchers are bypassing AI guardrails to make them safer
https://techxplore.com/news/2026-02-jailbreaking-matrix-bypassing-ai-guardrails.html
A paper written by University of Florida Computer & Information Science & Engineering, or CISE, Professor Sumit Kumar Jha, Ph.D., contains so many science fiction terms, you’d be forgiven for thinking it’s a Hollywood script: Nullspace steering. Red teaming. Jailbreaking the matrix. But Jha’s work is decidedly focused on real life, most notably strengthening the security measures built into AI tools to ensure they are safe for all to use.
As AI assistants move from novelty to infrastructure, helping write code, summarizing medical notes and answering customer questions, the biggest question isn’t just what these systems can do, but what happens when they are pushed to do what they shouldn’t.
“By showing exactly how these defenses break, we give AI developers the information they need to build defenses that actually hold up,” Jha said. “The public release of powerful AI is only sustainable if the safety measures can withstand real scrutiny, and right now, our work shows that there’s still a gap. We want to help close it.”
The paper on the research, “Jailbreaking the Matrix: Nullspace Steering for Controlled Model Subversion,” has been accepted to the 2026 International Conference on Learning Representations (ICLR 2026), held in Rio de Janeiro, April 23–27.
Tomi Engdahl says:
User accidentally gains control of over 6,700 robot vacuums while tinkering with their own device to enable control with a PlayStation controller — security flaw reveals floor plans and live video feeds
News
By Jowi Morales published 22 hours ago
Did he just unintentionally raise his own robot army?
https://www.tomshardware.com/tech-industry/cyber-security/user-accidentally-gains-control-of-over-6-700-robot-vacuums-while-tinkering-with-their-own-device-to-enable-control-with-a-playstation-controller-security-flaw-reveals-floor-plans-and-live-video-feeds
A security flaw that exposed thousands of DJI Romo robot vacuums to unauthorized access has been unintentionally revealed after a tinkerer built an app to control their own device with a PlayStation controller. According to The Verge, this problem allowed the app to retrieve accurate floor plans, access live camera and microphone feeds, and even let it remotely control the affected devices.
Tomi Engdahl says:
Flaws in four popular VS Code extensions left 128 million installs open to attack
https://www.csoonline.com/article/4133800/flaws-in-four-popular-vs-code-extensions-left-128-million-installs-open-to-attack.html
Three of the four vulnerabilities remained unpatched months after OX Security reported them to the maintainers.
Critical and high-severity vulnerabilities were found in four widely used Visual Studio Code extensions with a combined 128 million downloads, exposing developers to file theft, remote code execution, and local network reconnaissance.
Application security company OX Security published the findings this week, saying it had begun notifying vendors in June 2025 but received no response from three of the four maintainers.
Three CVEs, CVE-2025-65717, CVE-2025-65715, and CVE-2025-65716, were formally assigned and published on February 16.
VS Code extensions are add-ons that expand the functionality of Microsoft’s widely used code editor, adding capabilities such as language support, debugging tools, live preview, and code execution. They run with broad access to local files, terminals, and network resources, which is what made these vulnerabilities consequential.
Unlike the rogue extensions that threat actors have repeatedly planted in the VS Code marketplace, these flaws resided in legitimate, widely installed tools, meaning developers had no reason to suspect them, OX Security said in an advisory.
“Our research demonstrates that a hacker needs only one malicious extension, or a single vulnerability within one extension, to perform lateral movement and compromise entire organizations,” the advisory added.
The vulnerabilities also affected Cursor and Windsurf, the AI-powered IDEs built on VS Code’s extension infrastructure.
OX Security published individual advisories for each flaw, detailing how each could be exploited and what an attacker could achieve.
Tomi Engdahl says:
“These vulnerabilities confirm that IDEs are the weakest link in an organization’s supply chain security,” the researchers at OX Security said in the advisory.
Tomi Engdahl says:
Exploit the Colonel
Lockheed Martin F-35s Can Be Jailbroken Like $80 Million iPhones, European Military Chief Says
“You can jailbreak an F-35 just like an iPhone.”
https://futurism.com/science-energy/f35-jailbreak-dutch
Depending on who you ask, Lockheed Martin’s F-35 Lightning II is either the most sophisticated weapons platform ever built, or an $80 million disaster that’s too fragile for rain and its namesake lightning. What it definitely is, Dutch defense secretary Gijs Tuinman insists, is jailbreakable — “just like an iPhone.”
In an episode of the Danish podcast Boekestijn en De Wijk show, translated from Dutch by the Register, Tuinman suggested that the incredibly expensive F-35s could be maintained by European armies with or without support from the US.
Tomi Engdahl says:
ISO 27001: Rakenna digiturvasuunnitelma, joka täyttää standardin vaatimukset
Kerromme, kuinka ISO 27001 -tietoturvastandardi tukee systemaattisessa digiturvan johtamisessa. Käymme läpi myös standardiin tulleen 2022-päivityksen vaikutukset.
https://www.digiturvamalli.fi/koulutus/tietoturva-iso27001-vaatimukset-ja-oma-toteutussuunnitelma?utm_term=&utm_campaign=FI_PMax_ISO27001_webinar_7/25&utm_source=adwords&utm_medium=ppc&hsa_acc=7610695024&hsa_cam=22823387223&hsa_grp=&hsa_ad=&hsa_src=&hsa_tgt=&hsa_kw=&hsa_mt=&hsa_net=adwords&hsa_ver=3&gad_source=1&gad_campaignid=22833028555&gclid=Cj0KCQiAhtvMBhDBARIsAL26pjGz2Sii161oCddpf2VezPFbd81nPhfpBE2eCMPtV_zjpTnX3FLRnYwaAkUcEALw_wcB
Tomi Engdahl says:
Vaarallinen vakoiluohjelma leviää puhelimissa – Varastaa lähes kaikki tiedot
Jani Ahosola18.2.202619:4524h
Viestitse leviävä haittaohjelma antaa hyökkääjälle lähes rajattoman pääsyn kohteensa laitteelle.
https://www.iltalehti.fi/digiuutiset/a/c9a7a3d2-8fa1-452f-91ca-6c5bbc700d4e
Tomi Engdahl says:
One stolen credential is all it takes to compromise everything
Attackers often gain access through routine workflows like email logins, browser sessions, and SaaS integrations. A single stolen credential can give them a quick path to move across systems when access permissions are broad and visibility is fragmented.
That pattern appears across more than 750 incident response engagements covered in Unit 42’s Global Incident Response Report 2026. In 87% of cases, attacker activity crossed multiple attack surfaces, meaning investigators had to trace behavior across endpoints, identity systems, networks, and cloud services within the same intrusion.
https://www.helpnetsecurity.com/2026/02/18/identity-based-cyberattacks-compromise/
Tomi Engdahl says:
Microsoft adds Copilot data controls to all storage locations
https://www.bleepingcomputer.com/news/microsoft/microsoft-adds-copilot-data-controls-to-all-storage-locations/?fbclid=IwdGRjcAQKwHxleHRuA2FlbQIxMQBzcnRjBmFwcF9pZAwzNTA2ODU1MzE3MjgAAR7xB7UZhBjswMSIR-JuFLh15Er_nHaXKlOMFdv2DPHxgopecoGOa5dLqeCrQA_aem_0j6l7n1_gCkNVgzfCcgBbg
Microsoft is expanding data loss prevention (DLP) controls to block the Microsoft 365 Copilot AI assistant from processing confidential Word, Excel, and PowerPoint documents, regardless of their location.
Currently, Microsoft Purview DLP policies apply only to files stored in SharePoint or OneDrive, but not to those stored on local devices.
This change will be deployed through the Augmentation Loop (AugLoop) Office component between late March and late April 2026 to ensure that DLP controls apply to all Office documents, whether they are stored locally, in SharePoint, or OneDrive.
Tomi Engdahl says:
https://www.independent.co.uk/news/world/europe/starlink-russia-ukraine-andrii-biletski-elon-musk-b2926280.html?fbclid=IwdGRjcAQLlgtjbGNrBAuWB2V4dG4DYWVtAjExAHNydGMGYXBwX2lkDDM1MDY4NTUzMTcyOAABHlfArMxcuJnDhX7828c31aKXei1ELLQg3U8NQNMwdNLwcDtH7vXhC-W60Z1L_aem_JJLcuzMkuK2mVCMeuFZaAw
Tomi Engdahl says:
Discord Discord
Discord’s Verification Saga Has Devolved Into a Complete Self-Inflicted Embarrassment
It keeps getting worse for Discord.
https://futurism.com/future-society/discord-age-verification?fbclid=IwdGRjcAQL1UxjbGNrBAvVLGV4dG4DYWVtAjExAHNydGMGYXBwX2lkDDM1MDY4NTUzMTcyOAABHgAOTkRyDXoQdEIsc3BG0Nrlae6g1z2GI2siWQNovl3M7bAYY3MQWsGnfiet_aem_EMFhXByWPmTlWPKMNuZnEg
Messaging platform Discord’s efforts to roll out age verification software have been nothing short of a disaster.
Back on February 9, the company announced that it was launching “enhanced teen safety features” that would require underage users across the world to have their faces scanned or upload a form of ID.
The news led to a massive outcry, with privacy advocates arguing the effort could easily backfire, allowing extremely sensitive data to leak into the wrong hands. Case in point, Discord had already drawn plenty of criticism in October after admitting that a “third-party service provider” had leaked ID photos of around 70,000 users following a cyberattack.
Adding insult to injury, Discord was swept into the next controversy after nearly 2,500 files associated with Persona’s facial recognition checks were made publicly accessible on a US government-authorized endpoint, as The Rage reports, revealing “extensive surveillance Persona software performs on its users, bundled in an interface that pairs facial recognition with financial reporting.”
The timing couldn’t have been worse, with the Department of Homeland Security already coming under fire this week for using facial recognition and license plate readers to surveil and threaten legal observers, according to a class action suit.
Tomi Engdahl says:
https://thelocalstack.eu/posts/linkedin-identity-verification-privacy/
Tomi Engdahl says:
Media: Pohjoismaiden sähköverkkoon kohdistunut vakava ulkoinen uhka
https://www.iltalehti.fi/ulkomaat/a/90c1e8a2-c30f-4c3a-b164-0b24a8b00b93
Ruotsalaismedia TV4 kertoo useiden viranomaisten siirtyneen hälytystilaan.
Energiainfrastruktuuriin on kohdistunut vakava ulkoinen uhka kaikissa Pohjoismaissa, kertovat ruotsalaisen TV4:n lähteet.
TV4:n mukaan ulkomaiseen valtaan liittyvä uhka on otettava erittäin vakavasti. Media kertoo useiden Pohjoismaisten viranomaisten siirtyneen hälytystilaan ja Ruotsin poliisia on määrätty valvomaan energiatoimituksiin liittyviä yhteiskunnallisesti kriittisiä toimintoja.
Tomi Engdahl says:
https://www.iltalehti.fi/kotimaa/a/11c82b7f-a0df-45ff-95bf-8a5d24b23fd4
Tomi Engdahl says:
Claude Code Flaws Allow Remote Code Execution and API Key Exfiltration
https://thehackernews.com/2026/02/claude-code-flaws-allow-remote-code.html
Cybersecurity researchers have disclosed multiple security vulnerabilities in Anthropic’s Claude Code, an artificial intelligence (AI)-powered coding assistant, that could result in remote code execution and theft of API credentials.
“The vulnerabilities exploit various configuration mechanisms, including Hooks, Model Context Protocol (MCP) servers, and environment variables – executing arbitrary shell commands and exfiltrating Anthropic API keys when users clone and open untrusted repositories,” Check Point researchers Aviv Donenfeld and Oded Vanunu said in a report shared with The Hacker News.
Tomi Engdahl says:
New AirSnitch attack bypasses Wi-Fi encryption in homes, offices, and enterprises
That guest network you set up for your neighbors may not be as secure as you think
https://arstechnica.com/security/2026/02/new-airsnitch-attack-breaks-wi-fi-encryption-in-homes-offices-and-enterprises/
Tomi Engdahl says:
PoC Released for Windows Notepad Vulnerability that Enables Malicious Command Execution
https://cybersecuritynews.com/poc-windows-notepad-vulnerability/
Microsoft has patched a high-severity remote code execution (RCE) vulnerability in the modern Windows Notepad application, tracked as CVE-2026-20841, as part of its February 2026 Patch Tuesday release cycle.
The flaw, rooted in command injection, was originally discovered by Cristian Papa and Alasdair Gorniak of Delta Obscura and subsequently analyzed in depth by Nikolai Skliarenko and Yazhi Wang of the TrendAI Research team.
Successful exploitation allows an attacker to execute arbitrary commands in the security context of the victim’s account, simply by tricking the user into opening a specially crafted Markdown file and clicking a malicious hyperlink.
Tomi Engdahl says:
The OpenClaw Hype: Analysis of Chatter from Open-Source Deep and Dark Web
https://www.bleepingcomputer.com/news/security/the-openclaw-hype-analysis-of-chatter-from-open-source-deep-and-dark-web/
OpenClaw started as a side project of a developer who wanted to make his (and others) life easier with AI assistance. Clean mailbox, control schedule, organize thoughts and hear some music while his bot is doing all the dirty jobs for him.
With vibe coding Peter Steinberger developed OpenClaw. Kudus for that. But since then apart from changing its name twice it created a massive chatter around two topics. The AI hype and its cyber security implications.
This project has rapidly moved from a niche automation framework discussed in developer communities to a topic appearing across security research feeds, Telegram channels, forums, and underground-adjacent chatter. Alongside it, names like ClawDBot and MoltBot have appeared in the same narrative space, often framed as malicious derivatives, companion tooling, or botnet-like ecosystems.
Tomi Engdahl says:
A Chinese official’s use of ChatGPT accidentally revealed a global intimidation operation
https://www.cnn.com/2026/02/25/politics/chatgpt-china-intimidation-operation
A sprawling Chinese influence operation — accidentally revealed by a Chinese law enforcement official’s use of ChatGPT — focused on intimidating Chinese dissidents abroad, including by impersonating US immigration officials, according to a new report from ChatGPT-maker OpenAI.
The Chinese law enforcement official used ChatGPT like a diary to document the alleged covert campaign of suppression, OpenAI said. In one instance, Chinese operators allegedly disguised themselves as US immigration officials to warn a US-based Chinese dissident that their public statements had supposedly broken the law, according to the ChatGPT user. In another case, they describe an effort to use forged documents from a US county court to try to get a Chinese dissident’s social media account taken down.
Tomi Engdahl says:
https://thehackernews.com/2026/02/claude-code-flaws-allow-remote-code.html
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/when-identity-isnt-the-weak-link-access-still-is/