Another week, another collection of reasons why your security team hasn’t slept properly since 2019. This week’s FWU brings you everything from ransomware gangs cosplaying as employee monitoring software to North Korean job applicants who are definitely not who they claim to be on LinkedIn (looking at you, “Senior DevOps Engineer”).

We’ve got cloud infrastructure being turned into crime bots, Olympic ice dancers accidentally committing AI plagiarism, and the eternal question: “Is that zero-day actively exploited?” (Spoiler: yes, probably within 24 hours of the PoC dropping).

Plus, if you’ve ever wondered what happens when someone hijacks an abandoned Outlook add-in with a 4.71-star rating, the answer is: 4,000 people learn an important lesson about marketplace trust models.

Dive in for your weekly dose of “things that keep CISOs up at night” ⬇️

#FWU #fridaywrapup #ZeroDayMadness #SupplyChainChaos #CloudCrimeWave #Ransomware #DataBreach #Malware

Major Cyberattacks & Incidents

This week delivered multiple high-impact breaches and exploitation campaigns targeting enterprise infrastructure.

• 🚨 Hackers exploit SolarWinds Web Help Desk vulnerabilities to deploy Velociraptor forensic tools for persistence and remote control on compromised systems. (Published on 9-Feb-2026, BleepingComputer). Read More

• ⚠️ Nearly 100 organizations compromised through Ivanti zero-day vulnerabilities, with Shadowserver identifying 86 affected instances across multiple threat groups. (Published on 9-Feb-2026, CyberScoop). Read More

• ☁️ TeamPCP threat actor compromises cloud infrastructure at scale using automated worm-like attacks against exposed services and interfaces. (Published on 9-Feb-2026, Dark Reading). Read More

• 🏥 ApolloMD data breach exposes personal information of 626,000 patients from affiliated physicians and medical practices. (Published on 12-Feb-2026, SecurityWeek). Read More

• 🚗 Conduent breach now affects 25 million individuals, including nearly 17,000 Volvo Group employees whose data was exposed in the expanding incident. (Published on 11-Feb-2026, SecurityWeek). Read More

Malware & Vulnerabilities

Critical flaws and sophisticated malware campaigns dominated the vulnerability landscape this week.

• 🔴 Microsoft patches six actively exploited zero-days in February 2026 Patch Tuesday, addressing roughly 60 vulnerabilities across company products. (Published on 10-Feb-2026, SecurityWeek). Read More

• 📱 ZeroDayRAT emerges as new mobile spyware targeting both Android and iOS devices, providing attackers with persistent access capabilities. (Published on 10-Feb-2026, Infosecurity). Read More

• 🎣 Lumma Stealer rebounds with ClickFix lures and Castleloader malware, installing the information stealer at scale after previous disruption. (Published on 11-Feb-2026, Ars Technica). Read More

• 🔧 BeyondTrust critical RCE vulnerability targeted by hackers within 24 hours of proof-of-concept release for unauthenticated remote code execution. (Published on 13-Feb-2026, SecurityWeek). Read More

• 🏛️ CISA orders federal agencies to patch critical Microsoft Configuration Manager vulnerability from October 2024 now actively exploited in attacks. (Published on 13-Feb-2026, BleepingComputer). Read More

• 📧 Abandoned Outlook add-in AgreeTo hijacked through orphaned subdomain to phish 4,000 Microsoft Office Store users through verified marketplace listing. (Published on 12-Feb-2026, CSO Online). Read More

Espionage & Data Extraction

Nation-state actors and sophisticated threat groups launched targeted espionage campaigns across multiple platforms.

• 🎭 North Korean operatives impersonate professionals using real LinkedIn accounts with verified emails and identity badges for fraudulent remote job applications. (Published on 10-Feb-2026, The Hacker News). Read More

• 📲 Hackers use Signal QR codes and fake support scams to conduct surveillance on military and political leaders, German agencies warn. (Published on 9-Feb-2026, Hackread). Read More

• 📦 Lazarus Group plants malicious packages in npm and PyPI repositories as part of fake recruitment campaign active since May 2025. (Published on 12-Feb-2026, The Hacker News). Read More

• 🎯 APT36 and SideCopy deploy cross-platform RATs targeting Indian defense and government organizations, compromising Windows and Linux environments. (Published on 11-Feb-2026, The Hacker News). Read More

• 💼 UAT-9921 threat actor deploys VoidLink modular framework targeting technology and financial sectors, active since 2019 according to Cisco Talos. (Published on 13-Feb-2026, The Hacker News). Read More

Ransomware & Criminal Operations

Ransomware groups adopt new tactics including legitimate tool abuse and coordinated bluster campaigns.

• 🔒 Crazy ransomware gang abuses employee monitoring software and SimpleHelp remote tool to maintain persistence and evade detection before deploying ransomware. (Published on 11-Feb-2026, BleepingComputer). Read More

• ⚡ 0APT ransomware group emerges with massive victim claims potentially being hoax, but demonstrates genuine technical capabilities and attack threats. (Published on 11-Feb-2026, CyberScoop). Read More

AI & Policy

Artificial intelligence security concerns and policy developments took center stage with marketplace safeguards and threat warnings.

• 🛡️ OpenClaw integrates VirusTotal malware scanning for ClawHub marketplace after security firms identify malicious extensions and unauthorized enterprise deployments. (Published on 9-Feb-2026, CSO Online). Read More

• ⛸️ Czech ice dancers learn LLMs can produce plagiarism when their AI-generated Olympic music contains copyrighted content from original sources. (Published on 10-Feb-2026, TechCrunch). Read More

• 🤖 Google warns hackers abuse Gemini AI across all attack stages, highlighting AI model extraction attacks where actors probe models to replicate logic. (Published on 12-Feb-2026, BleepingComputer). Read More

• 💰 RentAHuman experiment reveals AI agents hiring humans for gig work to promote AI startups in meatspace, raising questions about AI labor dynamics. (Published on 13-Feb-2026, Ars Technica). Read More

• 🌍 Munich Security Conference reveals G7 countries rank cyber-attacks as top risk while BICS members place cyber threats eighth on priority list. (Published on 13-Feb-2026, Infosecurity). Read More

Stay informed and secure in the tech and cybersecurity world. Have a great weekend, and remember to patch and protect your systems!