February 2026 continues to highlight the evolving and persistent threats in cybersecurity, marked by high-severity vulnerabilities, sophisticated espionage campaigns, and innovative defensive technologies. This roundup covers the latest incidents affecting critical infrastructure, cloud environments, and software vendors, alongside emerging trends in supply chain security.
Major Vulnerabilities and Exploits
Fortinet Patches Critical SQL Injection Flaw
Fortinet has addressed a critical SQL Injection vulnerability (CVE-2026-21643) in FortiClientEMS with a CVSS score of 9.1, which could allow unauthenticated attackers to execute arbitrary code. This flaw represents a significant risk given Fortinet’s widespread use in enterprise environments. Security teams must prioritise patching to prevent potential breaches and maintain secure endpoint management.
SolarWinds WHD Vulnerabilities Exploited for Malicious Persistence
Attackers are exploiting vulnerabilities in SolarWinds Web Help Desk (WHD) to execute code on exposed systems. Notably, threat actors deploy legitimate forensics tools like Velociraptor to maintain persistence and control, complicating detection and response efforts. Organisations using SolarWinds WHD should immediately apply patches and monitor for unusual activity.
SmarterTools Network Breached via Its Own Software Vulnerabilities
The Warlock ransomware gang exploited vulnerabilities in SmarterTools’ SmarterMail product to breach the company’s network. Although business applications and account data were reportedly unaffected, this incident underscores the risks inherent in software supply chains and internal product vulnerabilities. Businesses relying on SmarterTools should review their exposure and enhance monitoring.
Espionage and Threat Actor Activity
Chinese Cyberespionage Group UNC3886 Targets Singapore’s Top Telcos
Singapore’s four largest telecommunication providers—Singtel, StarHub, M1, and Simba Telecom—were targeted by the China-linked UNC3886 group in a deliberate and well-coordinated cyber espionage campaign. The Cyber Security Agency of Singapore has highlighted the importance of robust defence measures to protect national infrastructure from state-sponsored threats. This case exemplifies the ongoing geopolitical risks affecting critical communication networks globally.
TeamPCP Turns Cloud Infrastructure into Automated Botnets
The threat actor known as TeamPCP has been actively compromising cloud environments through worm-like automated attacks targeting exposed services and interfaces. This method of rapidly scaling malicious infrastructure via cloud platforms poses a significant challenge for cloud security teams, stressing the need for comprehensive visibility and hardened configurations.
Emerging Trends in Ransomware and Defence Evasion
Reynolds Ransomware Employs Vulnerable Drivers for Evasion
Researchers have identified that Reynolds ransomware bundles a newly disclosed vulnerable driver, a technique that facilitates Bring Your Own Vulnerable Driver (BYOVD) attacks. This approach helps ransomware bypass traditional defences by abusing trusted system components, signalling an increasing sophistication in evasion tactics.
Innovations in Third-Party Risk Management
Lema AI Raises $24 Million to Address Supply Chain Security
Lema AI, a newcomer in cybersecurity, has emerged from stealth mode with $24 million in funding aimed at mitigating third-party and supply chain risks. Their solution focuses on improving visibility and risk assessment across extended vendor ecosystems, an area of growing concern as supply chain attacks continue to rise.
Upcoming Events
Shields Up: Technologies Reshaping Cybersecurity Defences
Looking ahead, DarkReading will host a virtual event exploring key technologies transforming cybersecurity defences. This event promises insights into innovative strategies and tools that security leaders can adopt to strengthen organisational resilience.
Key Takeaways
- Critical vulnerabilities in widely used products like Fortinet FortiClientEMS and SolarWinds WHD require immediate patching to prevent severe exploitation.
- Espionage campaigns by state-linked groups such as UNC3886 highlight the ongoing geopolitical risks to critical telecom infrastructure.
- Cloud environments remain attractive targets for automated, worm-like attacks, demanding enhanced security postures.
- Ransomware groups increasingly use sophisticated evasion techniques, including leveraging vulnerable drivers.
- Investment in third-party risk solutions like those from Lema AI reflects growing awareness of supply chain security challenges.
- Continuous monitoring, vulnerability management, and adopting emerging defensive technologies are essential for security teams and business leaders to stay ahead.
By staying informed of these developments, organisations can better prepare for and mitigate the complex threats shaping today’s cybersecurity landscape.