Friday Wrap Up: 20 February 2026
Another week, another reminder that the internet is basically a haunted house and someone keeps adding new rooms. 🏚️
This week’s Friday Wrap Up covers data breaches hitting your wallet and your wardrobe, Android malware clever enough to use Google’s own AI against you, Chrome zero-days being actively exploited, fake AI tools fooling a quarter million users, and OAuth phishing attacks that let hackers waltz through MFA like they own the place.
Oh, and your password manager? Researchers had some thoughts. Not great ones.
Drop into the full newsletter for the details your security team will definitely want to see before Monday. 👇
#FWU #fridaywrapup #SupplyChainSecurity #MobileThreatIntelligence #AIandCyber #Malware #Ransomware #DataBreach
Major Cyberattacks & Incidents
This week’s breach roundup spans retail, fintech, and consumer payments — a reminder that no sector is off-limits.
🦢 ShinyHunters claims to have stolen 600K Canada Goose customer records containing personal and payment-related data. Canada Goose says it has not confirmed a breach of its own systems but is actively investigating. (Published on 16-Feb-2026, BleepingComputer). Read More
🏦 Blockchain fintech firm Figure Technology Solutions suffered a breach exposing nearly 1 million accounts’ personal and contact information, with ShinyHunters leaking over 2GB of stolen data. (Published on 18-Feb-2026, BleepingComputer). Read More
💳 PayPal disclosed a data breach caused by a software error in a loan application that exposed customers’ sensitive personal information, including Social Security numbers, for nearly six months. (Published on 20-Feb-2026, BleepingComputer). Read More
🖥️ Hackers used fake Social Security Administration emails to hijack ScreenConnect remote access tools, bypassing Windows security to target organizations in the UK, US, and Canada. (Published on 17-Feb-2026, Hackread). Read More
🎭 Operation DoppelBrand used spoofed brand identities of major financial institutions like Wells Fargo to run credential theft phishing campaigns targeting corporate employees. (Published on 16-Feb-2026, Infosecurity). Read More
Malware & Vulnerabilities
This week’s malware landscape featured stealthy mobile threats, preinstalled risks, and a developer supply chain compromise.
📱 ZeroDayRAT, a new mobile spyware sold on Telegram, enables real-time surveillance and data theft on Android and iOS devices, with dedicated sales and support channels for buyers. (Published on 16-Feb-2026, The Hacker News). Read More
📲 Keenadu, a new Android malware, has been found preinstalled on thousands of devices and distributed through Google Play and third-party app stores, posing broad consumer risk. (Published on 18-Feb-2026, SecurityWeek). Read More
🕵️ An infostealer campaign is actively targeting OpenClaw users by stealing configuration files, potentially exposing sensitive credentials and operational data stored by the autonomous AI agent. (Published on 17-Feb-2026, Infosecurity). Read More
🤖 PromptSpy, the first Android malware to abuse Google’s Gemini AI at runtime, captures lockscreen data, blocks uninstallation, and maintains persistence on the device after reboots. (Published on 19-Feb-2026, The Hacker News). Read More
⛓️ A supply chain attack on Cline CLI 2.3.0 used a compromised npm token to stealthily install OpenClaw on developer systems via an unauthorized package update. (Published on 20-Feb-2026, The Hacker News). Read More
Phishing & Social Engineering
Attackers are getting craftier about bypassing security controls users thought they could rely on.
🪤 A new device code phishing campaign tricks employees into handing over OAuth tokens granting persistent access to Microsoft 365 accounts, including Outlook, Teams, and OneDrive — without stealing passwords. (Published on 20-Feb-2026, CSO Online). Read More
🧩 Thirty fake AI browser extensions tricked over 260,000 Chrome users — and Google itself — into believing they were legitimate tools, highlighting serious gaps in extension vetting. (Published on 16-Feb-2026, Dark Reading). Read More
Vulnerability Research & Industry Analysis
Researchers this week exposed long-standing weaknesses in tools millions rely on daily — from browsers and IDEs to PDF platforms and password managers.
🔑 Security researchers challenged end-to-end encryption claims of popular commercial password managers, uncovering vulnerabilities that allow hackers to view and change stored passwords. (Published on 16-Feb-2026, Infosecurity). Read More
🌐 Google patched CVE-2026-2441, the first actively exploited Chrome zero-day of 2026, a high-severity use-after-free flaw in Chrome’s CSS component already being exploited in the wild. (Published on 16-Feb-2026, SOC Prime). Read More
💻 Critical vulnerabilities found in four VS Code extensions — Live Server, Code Runner, Markdown Preview Enhanced, and one other — with a combined 125 million installs could allow remote code execution and local file theft. (Published on 18-Feb-2026, The Hacker News). Read More
📄 Researchers discovered 16 vulnerabilities in Foxit and Apryse PDF tools exploitable via malicious documents or URLs, enabling account takeover and data exfiltration from widely deployed platforms. (Published on 18-Feb-2026, SecurityWeek). Read More
🔍 A scan of 5 million JavaScript applications revealed the shocking prevalence of leaked API keys and secrets hidden in front-end bundles, exposing the true scale of a long-understated problem. (Published on 17-Feb-2026, BleepingComputer). Read More
🔬 Emerging chiplet-based computing architectures introduce new cybersecurity challenges for AI systems and autonomous vehicles, demanding fresh approaches to securing modular, flexible hardware supply chains. (Published on 20-Feb-2026, Dark Reading). Read More
Espionage & Nation-State Activity
Nation-state threats dominated headlines this week, with Chinese actors at the center of long-running campaigns and legal action.
🐉 A Chinese APT group exploited a CVSS 10.0 zero-day vulnerability in Dell RecoverPoint for Virtual Machines for two years before Mandiant publicly disclosed the campaign. (Published on 18-Feb-2026, Infosecurity). Read More
⚖️ Texas sued TP-Link Systems, alleging the company deceived consumers by marketing routers as secure while Chinese state-backed hackers exploited firmware vulnerabilities to access users’ devices. (Published on 19-Feb-2026, BleepingComputer). Read More
🌍 Long-standing Western cybersecurity alliances are showing signs of fracture as geopolitical shifts cause major nations to rethink collaborative security frameworks built over the past two decades. (Published on 17-Feb-2026, Computer Weekly). Read More
AI & Policy
AI is reshaping the threat landscape from both sides of the fence — as a tool for attackers and a defense mechanism for platforms.
🦠 Researchers demonstrated that Microsoft Copilot and xAI Grok can be weaponized as stealthy malware command-and-control proxies, blending malicious traffic into normal enterprise communications. (Published on 17-Feb-2026, The Hacker News). Read More
🎲 AI-generated passwords are highly predictable and not truly random, making them significantly easier for cybercriminals to crack than traditional randomly generated passwords. (Published on 19-Feb-2026, Malwarebytes). Read More
🧠 Memory, not just GPUs, is becoming the critical bottleneck and cost driver in AI infrastructure, shifting how organizations plan and budget for running large language models at scale. (Published on 17-Feb-2026, TechCrunch). Read More
🛡️ Google reported its AI systems prevented 1.75 million malicious apps from reaching Google Play in 2025, demonstrating measurable progress in AI-assisted platform security. (Published on 19-Feb-2026, TechCrunch). Read More
🔐 Android 17 Beta debuts a secure-by-default architecture alongside new privacy features and a Canary development channel, raising the baseline security bar for Android devices. (Published on 17-Feb-2026, Infosecurity). Read More
Stay informed and secure in the tech and cybersecurity world. Have a great weekend, and remember to patch and protect your systems!