A self-spreading npm malware campaign used typosquatted packages to infiltrate developer environments, stealing credentials and propagating across ecosystems.

Industry responses and developments feature new AI-driven security tools (DAST), innovations like Coroot and Windows 365 for Agents, extended AWS Security Hub, and governance updates including CISA directives and NATO-approved devices for classified info.

The broader security discourse covers AI-enabled cybercrime workflows, autonomous security operations, open-source risk in commercial software, insider risk costs, and exposure in edge and OT environments.

The story centers on how artificial intelligence is increasingly intertwined with both defense and crime, while asset and identity security tightening continues amid persistent vulnerabilities in edge devices, cloud services, and supply chains.

A Cisco SD-WAN zero-day (CVE-2026-20127) has been exploited since 2023 by a sophisticated actor to bypass authentication in Catalyst SD-WAN components.

A week-in-review highlights February 2026’s cybersecurity landscape, covering malware trends, notable vulnerabilities, cybercrime activity, and major enterprise security developments.

Notable incidents include the Advantest ransomware attack, the ClawHub infostealer campaign, the seizure of 100,000 stolen Facebook credentials in Poland, arrests related to Anonymous Fénix DDoS activities, and a UK Reddit privacy fine over child data protections.