Another Friday, another reason to question whether your apps, APIs, and Zoom calls are working for you — or someone else. 🛡️

This week’s Friday Wrap Up covers ransomware hitting chip makers and medical device companies, China-linked spies repurposing Google Sheets as a command center (productivity hack of the year, unfortunately), North Korea expanding into healthcare ransomware, and a fake Zoom meeting that installs surveillance software before you finish your first sip of coffee.

We’ve also got AI coding tools under the security microscope, a blockchain-backed botnet that laughs at takedowns, and a reminder that those old Google API keys you forgot about? They now open doors to Gemini AI data.

If your threat model doesn’t give you anxiety, you might not be reading the right newsletter. Click below for the full breakdown. 👇

#CyberSecurity #FWU #fridaywrapup #RansomwareWeek #NationStateThreats #DataBreach

Major Cyberattacks & Incidents This week was a buffet of breaches — ransomware hit chip testing and medical devices, while a casino and e-commerce giant rounded out the damage.

• 🏭 Leading semiconductor chip testing firm Advantest suffered a ransomware attack, triggering incident response protocols across operations. (Published on Feb 23, 2026, Infosecurity). Read More

• 🏥 Medical device manufacturer UFP Technologies was hit by ransomware involving both data theft and file-encrypting malware, compromising operations. (Published on Feb 25, 2026, SecurityWeek). Read More

• 💰 PayPal confirmed a six-month data exposure via its Working Capital loan system, leaking names, birthdates, and Social Security numbers. (Published on Feb 23, 2026, Hackread). Read More

• 🎰 Wynn Resorts confirmed employee data theft after appearing on ShinyHunters’ extortion leak site, marking another hospitality sector breach. (Published on Feb 24, 2026, BleepingComputer). Read More

• 🛒 Hackers allegedly stole personal data from 38 million ManoMano users, including names, emails, and phone numbers. (Published on Feb 27, 2026, SecurityWeek). Read More

Malware & Vulnerabilities New malware variants emerged from multiple directions this week — blockchain-backed botnets, trojanized apps, and stealthy Go modules made defenders earn their paychecks.

• ⛏️ A wormable cryptojacking campaign using pirated software deploys a custom XMRig miner with BYOVD exploits and a time-based logic bomb for persistence. (Published on Feb 23, 2026, The Hacker News). Read More

• 📱 ZeroDayRAT, a new Android/iOS malware-as-a-service sold via Telegram, claims full device monitoring, location tracking, and crypto theft capabilities. (Published on Feb 24, 2026, Hackread). Read More

• 👻 Arkanix Stealer, a C++/Python malware exfiltrating browser data and system info, quietly vanished shortly after its brief public debut. (Published on Feb 24, 2026, SecurityWeek). Read More

• ⛓️ The Aeternum C2 botnet uses Polygon blockchain for command-and-control, making traditional takedowns nearly impossible. (Published on Feb 26, 2026, Hackread). Read More

• ☠️ CISA warns RESURGE malware can lay dormant on Ivanti Connect Secure devices, exploiting CVE-2025-0282 with persistence capabilities that survive reboots. (Published on Feb 27, 2026, BleepingComputer). Read More

• 🐍 A malicious Go crypto module masquerades as a legitimate library, harvesting passwords, creating SSH backdoors, and deploying the Rekoobe Linux backdoor. (Published on Feb 27, 2026, The Hacker News). Read More

• 🎮 Trojanized gaming utilities distributed via browsers and chat platforms deploy a Java-based RAT using PowerShell and a malicious JAR file. (Published on Feb 27, 2026, The Hacker News). Read More

• 🧘 Android mental health apps with 14.7 million combined installs contain serious security vulnerabilities exposing sensitive medical data on Google Play. (Published on Feb 23, 2026, BleepingComputer). Read More

Espionage & Data Extraction Nation-state actors kept busy this week — China-linked groups used Google Sheets as a spy tool while North Korea expanded its ransomware reach.

• 🕵️ Google disrupted UNC2814, a China-linked group that breached 53 organizations across 42 countries using the GRIDTIDE backdoor and Google Sheets as covert C2 infrastructure. (Published on Feb 25, 2026, The Hacker News). Read More

• 📊 Chinese hackers repurposed Google Sheets as a covert spy tool to issue commands and harvest PII from telecom and government targets across 42 countries. (Published on Feb 26, 2026, CSO Online). Read More

• 🇰🇵 North Korea’s Lazarus Group expanded into healthcare ransomware via Medusa, targeting US organizations as part of its evolving criminal-espionage hybrid operations. (Published on Feb 24, 2026, Infosecurity). Read More

Major Cyberattacks & Infrastructure Firewalls and SD-WAN vulnerabilities reminded us that edge devices remain prime real estate for attackers this week.

• 🔥 AI-assisted attackers exploited exposed ports and weak credentials to compromise hundreds of FortiGate firewalls, according to AWS research. (Published on Feb 23, 2026, SecurityWeek). Read More

• 🛜 A critical authentication bypass in Cisco Catalyst SD-WAN (CVE-2026-20127) has been actively exploited in zero-day attacks since 2023, allowing attackers to add rogue peers. (Published on Feb 25, 2026, BleepingComputer). Read More

Social Engineering & Phishing Sometimes the most dangerous attack vector is a convincing Zoom invite — this week proved that human behavior remains the hardest vulnerability to patch.

• 📹 A fake Zoom meeting scam silently installs Teramind surveillance software on victims’ systems via an auto-download disguised as a legitimate update. (Published on Feb 25, 2026, CSO Online). Read More

• 🎯 The 1Campaign platform helps threat actors cloak malicious Google Ads, hiding phishing pages from security reviewers while targeting real users. (Published on Feb 27, 2026, Hackread). Read More

Vulnerability Research & Industry Analysis From AI coding tools to decade-old API keys, researchers this week found that trust is a fragile thing in software ecosystems.

• 🤖 Claude Code shows security promise but researchers caution its real-world impact has been overstated despite its stock-market ripple effect. (Published on Feb 26, 2026, Dark Reading). Read More

• 🔑 Google API keys originally embedded for Maps can now authenticate to Gemini AI, accidentally exposing private AI data through previously harmless credentials. (Published on Feb 26, 2026, BleepingComputer). Read More

• 🐙 The RoguePilot flaw in GitHub Codespaces allowed attackers to hijack repositories by injecting malicious Copilot instructions via GitHub Issues, now patched. (Published on Feb 24, 2026, The Hacker News). Read More

• 👑 Qilin ransomware gang dominated January 2026 with over 100 observed attacks, leading a rapidly fragmenting ransomware ecosystem. (Published on Feb 26, 2026, ComputerWeekly). Read More

Law Enforcement & Operations Interpol and African agencies made a dent in cybercrime this week — 651 arrests and $4.3 million recovered is a good Friday.

• 🚔 Operation Red Card 2.0 resulted in 651 arrests across Africa as Interpol and cybersecurity firms collaborated to recover $4.3 million from cybercrime groups. (Published on Feb 25, 2026, Dark Reading). Read More

AI & Policy The line between AI innovation and ethical guardrails got some public attention this week, with employees from competing labs taking a united stand.

• 🤝 Google and OpenAI employees co-signed an open letter supporting Anthropic’s Pentagon stance against mass domestic surveillance and autonomous weaponry. (Published on Feb 27, 2026, TechCrunch). Read More

Stay informed and secure in the tech and cybersecurity world. Have a great weekend, and remember to patch and protect your systems!