Cybersecurity Weekly Roundup: February 16-22, 2026

Home » News
Yash Shield
News
Reading time icon 2 min. read

Calendar icon Published on

Cybersecurity saw major incidents from February 16 to 22, 2026. PayPal disclosed a breach exposing SSNs and DOBs for months. Google patched a Chrome zero-day under active exploit. Cloudflare faced a 6-hour global outage from BGP errors. Ransomware and new malware also surged.

Hellcat ransomware hit Ascom, stealing 44GB via Jira creds from infostealers. AI-powered attacks compromised 600+ FortiGate firewalls. BeyondTrust RCE saw heavy scanning from one IP. These events highlight rising enterprise risks.

BEST WINTER DEALS
Editor's Choice
Private Internet Access

Access content across the globe at the highest speed rate.

70% of our readers choose Private Internet Access

70% of our readers choose ExpressVPN

ExpressVPN

Browse the web from multiple devices with industry-standard security protocols.
Nord VPN

Faster dedicated servers for specific actions (currently at summer discounts)

Breach notifications poured in. SpyX spyware leaked 2 million users’ data, including Apple creds. California Cryobank lost customer PII via SQL injection. Noodlophile stealer evolved with fake jobs and DLL sideloading.

Key Threats This Week

VoidLink Linux malware used LLM for multi-cloud rootkits. Raspberry Robin worm tied to 200 flux domains. Grok and Copilot abused as C2 channels.

Vendors rushed patches. Ivanti EPMM, Splunk, Windows Admin Center fixed critical flaws. Chrome updated for CVE-2026-2441 use-after-free. Many exploits hit wild already.

Cloudflare’s outage stemmed from BYOIP password rotation failure. It withdrew routes globally for hours. No cyberattack, but availability proved fragile.

Vulnerabilities Table

CVE IDProductSeverityStatus
CVE-2026-1281Ivanti EPMM9.8 CriticalActively exploited
CVE-2026-20140Splunk EnterpriseHighSession hijacking
CVE-2025-26909WP Ghost Plugin9.6 CriticalRCE on 200k sites
CVE-2025-26512NetApp SnapCenter9.9 CriticalPriv esc
CVE-2026-2441Google ChromeHigh 8.8Zero-day exploited
N/ABeyondTrustCriticalWebSocket RCE
N/AWindows Admin CenterCriticalSystem takeover

PayPal breach lasted July to December 2025 via loan app error. Attackers grabbed PII for fraud.

Chrome fix rolled to v145.0.7632.75. Zero-day CVE-2026-2441 allowed sandbox escape via malicious pages.

Action Items

  • Patch Chrome, Ivanti, Splunk immediately.
  • Scan for BeyondTrust WebSocket scans from 193.24.123.42.
  • Review Jira creds after Hellcat ransomware.
  • Block Raspberry Robin domains (.wf, .pm TLDs).

Stay vigilant on AI C2 abuse and evolved stealers.

FAQ

What caused PayPal breach?

Loan app error exposed SSNs/DOBs July-Dec 2025. Six-month detection lag.

Details on Chrome zero-day?

CVE-2026-2441 use-after-free in CSS. Patched Feb 13, active exploits confirmed.

Why Cloudflare outage?

BYOIP password rotation withdrew BGP routes. Six hours global impact, no attack.

Top ransomware this week?

Hellcat stole 44GB from Ascom via infostealer Jira creds.

How many new CVEs?

Over 10 critical, including Ivanti RCE and WP Ghost 9.6 flaw.

Yash

Yash Shield

I am a Business Analytics student with a strong interest in publishing well-researched and data-driven news articles. I focus on analyzing trends in business, finance, and technology to create clear, accurate, and engaging content for readers. I enjoy transforming complex data and information into simple, meaningful stories that help audiences understand current developments. With analytical thinking and attention to detail, I aim to deliver credible and insightful news that adds real value to readers.

Readers help support VPNCentral. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help VPNCentral sustain the editorial team Read more

User forum

0 messages