February begins with a spotlight on the dual-edged impact of artificial intelligence in cybersecurity, alongside escalating ransomware and DDoS threats disrupting organisations worldwide. From AI uncovering hundreds of critical software flaws to stealthy ransomware campaigns exploiting virtual environments, today’s roundup highlights pressing challenges and strategic shifts for security teams and business leaders.
AI Enhances Vulnerability Detection but Raises Security Questions
Claude Opus 4.6 Uncovers Over 500 High-Severity Flaws
Anthropic’s latest large language model, Claude Opus 4.6, has demonstrated remarkable capabilities by identifying more than 500 previously unknown high-severity vulnerabilities in major open-source libraries such as Ghostscript, OpenSC, and CGIF. This advancement underscores AI’s growing role in proactive security research, enabling faster identification and remediation of critical flaws before attackers can exploit them.
For security teams, integrating AI-driven tools like Claude Opus 4.6 into code review and vulnerability management processes can significantly enhance detection efficiency. Business leaders should consider investing in such technologies to stay ahead of threat actors exploiting software supply chain weaknesses.
Risks in AI-Built Platforms: The Moltbook Case
Conversely, the agentic AI-powered platform Moltbook revealed severe security risks when its entire data was exposed through a publicly accessible API. This incident serves as a cautionary tale that rapid AI-driven development, if not coupled with rigorous security controls, can inadvertently introduce significant vulnerabilities.
Organisations leveraging AI to build web platforms or services must prioritise comprehensive security testing and API access controls to prevent data leaks and unauthorised access.
Ransomware and Stealth Tactics Escalate
CISA’s Quiet Updates Highlight Ransomware Trends
In 2025, the Cybersecurity and Infrastructure Security Agency (CISA) updated 59 entries in its Known Exploited Vulnerabilities (KEV) catalog to indicate exploitation in ransomware attacks. However, the silent nature of these updates has raised concerns about transparency and timely communication.
Security teams should monitor KEV catalog changes closely and advocate for clearer communication from authorities to better prioritise patching critical vulnerabilities linked to ransomware threats.
Ransomware Gangs Exploit ISPsystem VMs for Payload Delivery
Ransomware operators have been found abusing virtual machines provisioned by ISPsystem to deliver malicious payloads stealthily at scale. This tactic complicates detection since the infrastructure appears legitimate.
Businesses relying on virtualisation and cloud services must strengthen monitoring of VM usage and implement robust anomaly detection to identify and mitigate such abuse.
High-Impact Cyber Incidents Affecting Public and Educational Institutions
Spain’s Ministry of Science Shuts Down Systems After Breach
Following breach claims, Spain’s Ministry of Science has partially shut down its IT systems, affecting citizen and company-facing services. Though details remain limited, this disruption highlights the real-world consequences of cybersecurity failures in government agencies.
Italian University La Sapienza Goes Offline After Cyberattack
Rome’s La Sapienza university suffered a cyberattack resulting in widespread operational disruptions. Educational institutions, often less fortified than corporate or government entities, remain attractive targets for attackers seeking to cause maximum impact.
These incidents remind security teams in public sector and education to prioritise incident response readiness and continuous monitoring.
Emerging Threats and Strategic Moves in Cybersecurity
Record-Breaking 31.4 Tbps DDoS Attack by AISURU/Kimwolf Botnet
The AISURU/Kimwolf botnet launched an unprecedented DDoS attack peaking at 31.4 Tbps. Although it lasted only 35 seconds, the attack typifies the increasing scale and intensity of volumetric HTTP floods targeting organisations.
Organisations must invest in scalable DDoS mitigation solutions and collaborate with service providers like Cloudflare to absorb such hyper-volumetric attacks.
Zscaler’s Acquisition of SquareX Enhances Browser Security
Zscaler’s acquisition of browser security firm SquareX aims to embed lightweight security extensions into any browser, reducing dependency on third-party browsers. This move reflects a growing industry focus on strengthening browser security as a frontline defence.
Businesses should evaluate browser security strategies in light of this trend to better protect users from web-based threats.
Microsoft to Retire Exchange Online EWS in 2027
Microsoft announced it will retire the Exchange Web Services (EWS) API for Exchange Online by April 2027, after nearly two decades. Organisations using EWS must begin planning migrations to supported APIs to avoid disruptions.
Legacy Security Challenges Persist
EnCase Driver Exploited to Bypass Endpoint Detection and Response
A forensic tool’s driver, despite having an expired digital certificate, was loaded by Windows due to security gaps. Attackers weaponise such drivers to evade Endpoint Detection and Response (EDR) systems, underscoring the continuing challenge of controlling trusted but vulnerable software components.
Security teams need to review driver signing policies and enforce stricter controls to prevent similar exploitation.
Key Takeaways
- AI tools like Claude Opus 4.6 can accelerate discovery of critical software vulnerabilities but require careful integration and oversight.
- Rapid AI-driven development must include rigorous security measures to avoid inadvertent data exposure.
- Ransomware actors increasingly exploit legitimate cloud/virtual infrastructure for stealthy operations.
- Public sector and educational institutions remain high-risk targets needing enhanced incident response and resilience.
- Hyper-volumetric DDoS attacks are escalating in scale, demanding robust mitigation strategies.
- Browser security is gaining strategic importance as seen in Zscaler’s recent acquisition.
- Legacy systems and software components with outdated certificates continue to present attack vectors.
- Organisations must prepare for Microsoft’s Exchange Online EWS retirement to ensure continuity.
Staying informed about these evolving threats and innovations is essential for security professionals and business leaders committed to safeguarding their digital environments.