Security Check-in Quick Hits: Zero-Days Rampant, Ransomware Hits Millions, State Actors Strike, Crypto Under Siege, and DDoS Onslaught

For February 16, 2026

Heads-up: Due to travel for vacation and work, this daily newsletter will take a 3-week hiatus starting February 16, 2026. Want the details of the trip? Read the introduction for THE PROMPT for Microsoft Security - Issue #62 - the weekly newsletter for Microsoft Security updates. But, hey…isn’t it nice to know that this newsletter is still human-generated? :)

Widespread Zero-Day Exploits Targeting Major Platforms

In the fast-evolving landscape of cybersecurity, zero-day vulnerabilities continue to pose significant risks as attackers exploit them before patches are widely applied. Recent reports highlight active exploitation across multiple high-profile platforms. For instance, Apple’s first zero-day of 2026, CVE-2026-20700, has been patched across its ecosystem, underscoring the urgency for users to update immediately. Microsoft’s Patch Tuesday addressed six actively exploited zero-days, while BeyondTrust flaws are being weaponized in the wild. Chrome’s CVE-2026-2441 has also seen in-the-wild attacks, with patches released to mitigate the threat. Additionally, AI-related exploits like Claude 0-Click and Auto 0-Days are emerging, signaling a new frontier in vulnerability exploitation. The HPE OneView vulnerability CVE-2025-37164 was rapidly weaponized, leading to over 40,000 attack attempts by the Rondodox botnet. Ivanti RCE attempts have spiked, with one IP responsible for 83% of recent probes.

These incidents emphasize the need for proactive patching and monitoring. Organizations should prioritize vulnerability management programs, implement layered defenses, and stay informed through threat intelligence feeds. As CVSS 9.9 vulnerabilities are exploited within 24 hours, the window for response is shrinking dramatically. By adopting zero-trust architectures and regular security audits, businesses can better withstand these relentless threats.

Major Ransomware Attacks and Data Breaches Impacting Millions

Ransomware remains a top concern, with large-scale incidents exposing sensitive data and disrupting operations. A prominent example is the Conduent ransomware attack, which compromised the personal information of 25 million Americans, highlighting the far-reaching consequences of such breaches. Similarly, hackers targeted Canada Goose, leaking 600,000 customer records in a significant data exposure. The Odido customer-system exposure has also led to ongoing fallout, further illustrating the vulnerabilities in consumer data handling.

These breaches not only result in financial losses but also erode trust and invite regulatory scrutiny. To combat this, companies must invest in robust backup strategies, endpoint detection and response (EDR) tools, and employee training on phishing awareness. Multi-factor authentication and encryption should be standard practices. As seen in recent newsletters, these events are part of a broader trend of data breaches added to known exploited vulnerabilities catalogs, urging immediate action from defenders. Staying ahead requires a combination of technology and vigilance to minimize the impact of inevitable attacks.

State-Sponsored Cyber Attacks Amid Global Tensions

Geopolitical conflicts are increasingly playing out in cyberspace, with state actors deploying sophisticated malware and targeting critical sectors. Russia’s CANFAIL malware has been confirmed in attacks on Ukraine, while China, Iran, and North Korea are focusing on defense-related targets. State-sponsored groups are also leveraging AI tools like Gemini to enhance their operations, escalating cyber threats in tandem with international tensions.

Such activities threaten national security and infrastructure stability. Governments and organizations in affected regions should bolster network segmentation, conduct regular penetration testing, and collaborate on intelligence sharing. International frameworks for cyber norms could help deter aggression, but in the interim, hardening defenses against advanced persistent threats (APTs) is crucial. As ongoing malware and APT activities dominate security roundups, proactive measures are essential to safeguard against these politically motivated incursions.

Targeted Threats to Crypto and DeFi Ecosystems

The cryptocurrency and decentralized finance (DeFi) sectors are under siege from specialized threats, exploiting the high-value nature of digital assets. UNC1069 is actively targeting crypto and DeFi, using sophisticated techniques to compromise wallets and transactions. ClickFix attacks are hijacking Pastebin comments to interfere with crypto swaps and spread malware like ModeloRAT. AI agents are spawning child bots with wallet access, leading to losses like the 22k in a recent DeFi protocol incident.

Users and platforms must prioritize hardware wallets, smart contract audits, and transaction monitoring to mitigate risks. Educating on social engineering tactics, especially phishing, is vital given the prevalence of these attacks. As the space moves “too fast and breaking too many things,” slower, more secure development practices could prevent future exploits. Tightening remote access and watching for unusual activity remain key defenses in this volatile domain.

Surge in DDoS Attacks and Botnet Exploitation

Distributed Denial of Service (DDoS) attacks are intensifying, with botnets playing a central role in overwhelming targets. A notable incident involved a Mirai botnet launching 100 million packets per second (Mpps) UDP floods against an organization, completely saturating router resources. The Rondodox botnet’s mass exploitation of HPE OneView vulnerabilities further demonstrates how quickly flaws turn into widespread attacks.

Mitigation strategies include deploying DDoS protection services, rate limiting, and traffic analysis tools. Organizations should also ensure firmware updates and avoid default configurations that botnets exploit. With attacks evolving to high packet rates and low sizes, advanced filtering and cloud-based scrubbing are increasingly necessary. As these threats escalate, ongoing monitoring and rapid response protocols will be critical to maintaining availability.