Security Check-in Quick Hits: Key Cybersecurity Threats and Insights – Nation-State Exploits, Outages, Zero-Days, and Emerging Risks

For February 19, 2026

Chinese APT Exploits Dell RecoverPoint Zero-Day in Prolonged Campaign

In a concerning escalation of state-sponsored cyber espionage, a Chinese-linked advanced persistent threat (APT) group has been actively exploiting a zero-day vulnerability in Dell RecoverPoint for Virtual Machines (CVE-2026-22769) for nearly 18 months. This flaw, now added to CISA’s Known Exploited Vulnerabilities (KEV) catalog alongside GitLab CVE-2021-22175, allows unauthorized access and potential data exfiltration from virtual environments. The group, identified as UNC3886, targeted Singapore telcos but was thwarted by robust defenses from four major providers. Organizations using Dell RecoverPoint are urged to apply patches immediately, as exploitation has been confirmed in real-world attacks. This incident highlights the persistent risks from nation-state actors, with geopolitical tensions amplifying cyber threats. BeyondTrust Remote Support flaws are also under active exploitation, compounding the need for vigilant patching.

Massive Cyber Attack Disrupts US Internet Backbone

A widespread cyber attack struck the US internet infrastructure, causing simultaneous outages across major services including YouTube, Google, AWS, and Cloudflare. Downdetector reports spiked dramatically, leaving millions offline and raising alarms about potential state-sponsored disruption to critical infrastructure. This event underscores vulnerabilities in undersea power, data, and gas lines, as well as airspace threats from drones, eroding traditional geographical protections. With cybercrime costs projected to exceed $10.5 trillion in 2025, such attacks emphasize the need for resilient, decentralized systems like blockchain-based networks to mitigate single points of failure.

Firefox Zero-Day RCE Stemming from a Single Typo

A critical remote code execution vulnerability in Mozilla Firefox arose from a simple developer error: typing “&” (bitwise AND) instead of “|” (bitwise OR) in the SpiderMonkey JavaScript engine’s WebAssembly garbage collection code. Discovered in Firefox 149 Nightly builds, this flaw enabled code execution within the renderer process but was patched before reaching stable releases. This incident serves as a stark reminder of how minor coding mistakes can lead to severe security gaps, especially in widely used browsers. Users should ensure they’re on the latest versions to avoid similar risks.

Montaro’s Claimed Breach of QatarEnergy Exposes 4.5TB of Sensitive Data

Threat actor Montaro has claimed responsibility for breaching QatarEnergy, allegedly exfiltrating 4.5 terabytes of data including employee records, passport details, Qatar ID data, phone numbers, SMS logs, and AWS cloud information. This unverified attack targets the energy sector, a critical infrastructure area increasingly under siege. With an ESIX score of 7.19, the potential impact is significant, aligning with rising data-only extortion trends. Energy firms must bolster defenses against such ransomware and extortion operations, as seen in similar incidents like the YouX breach involving customer ID documents.

Emergence of New OT Threat Groups Targeting Industrial Disruption

Dragos has identified three new operational technology (OT) threat groups—Azurite, Pyroxene, and Sylvanite—shifting from reconnaissance to active disruption of global critical infrastructure. These actors are eyeing real-world impacts on industrial systems, exacerbating risks in sectors like energy and utilities. Combined with prediction markets being weaponized for information operations and surging data extortion, OT environments demand enhanced monitoring and zero-trust architectures to counter these evolving threats.

AI as an Expanding Cyber Attack Surface and Vulnerability Vector

Artificial intelligence is increasingly weaponized, creating new cyber attack surfaces that defenses may struggle to keep pace with. Misconfigured AI systems, infostealers targeting tools like OpenClaw AI, and vulnerabilities in password managers highlight AI’s dual role as both tool and target. Espionage campaigns have hit government and infrastructure in 37 countries, while innovations like AI pentests from Silent Breach add layers to testing but also complexity. As AI integrates deeper, stability hinges on rapid adaptation and secure configurations.

Israeli Cyber Tools Enable Vehicle Hacking and Surveillance

Israeli companies are deploying advanced cyber tools to hack vehicle digital systems, enabling spying on occupants and real-time tracking. These capabilities allow cross-referencing data to identify targets among thousands of cars, raising privacy and security concerns in connected vehicles. This development ties into broader geopolitical cyber tensions, including settler attacks in the West Bank, and underscores the need for robust automotive cybersecurity standards.

Ransomware Surge with New Variants like KAIROS and MacOS Infostealers

Ransomware continues to dominate threats, with the new KAIROS variant operating from Ukraine and hosting data on both clearnet and TOR. MacOS infostealers are invading globally, stealing passwords with increasing complexity, while Microsoft Shell Shock (CVE-2026-21510) and other flaws like those in Soliton, HPE, n8n, Wireshark, Fortinet, and Palo Alto are actively exploited. CISA’s reduced capacity due to a shutdown further strains responses, emphasizing backups, multi-factor authentication, and swift patching to combat this persistent menace.