Today’s cybersecurity news highlights a critical patch update from Microsoft addressing multiple active zero-day vulnerabilities alongside emerging threats targeting Linux, macOS, and exposed enterprise applications. Meanwhile, regional challenges persist in curbing legacy protocol risks, underscoring the evolving complexity of today’s digital defence environment.
Critical Patch Tuesday Update from Microsoft
Microsoft’s February 2026 Patch Tuesday release is a major event this month, addressing over 50 security vulnerabilities across Windows and other products. Of particular concern are six zero-day flaws that attackers have actively exploited in the wild. Notably, three of these zero-days involve security feature bypasses, allowing attackers to circumvent built-in protections.
For security teams and business leaders, this update reinforces the urgency of timely patch management. Failure to apply these patches could expose organisations to data breaches, ransomware, or system compromise, especially given the active exploitation status.
Relevant articles:
Emerging Threats: Linux Botnet, macOS Malware, and Spyware
SSHStalker Linux Botnet Revives IRC for Command and Control
A new Linux-based botnet named SSHStalker has been discovered using the outdated IRC protocol for its command and control communications. This old-school approach may help it evade some modern detection tools that focus on newer C2 channels. Linux systems, often considered secure when properly managed, remain attractive targets for botnets, emphasising the need for robust monitoring.
North Korean Hackers Target macOS with AI-Driven Malware
Sophisticated North Korean threat actors have launched targeted campaigns against the cryptocurrency sector using new macOS malware. Utilising AI-generated videos and the ClickFix exploitation technique, these attacks highlight the increasing use of AI in social engineering and malware delivery. The dual targeting of macOS and Windows platforms suggests expanded attacker focus beyond traditional Windows environments.
ZeroDayRAT Spyware Bypasses MFA and Harvests Sensitive Data
ZeroDayRAT, described as ‘textbook stalkerware,’ can bypass multi-factor authentication (MFA) and access SIM card data, location information, and recent SMS messages. Its capabilities enable attackers to perform account takeovers or highly targeted social engineering, elevating risks for both individuals and organisations.
Relevant articles:
- BleepingComputer – SSHStalker
- BleepingComputer – North Korean macOS malware
- DarkReading – ZeroDayRAT
Risks from Exposed Enterprise Applications and Legacy Protocols
SolarWinds Web Help Desk Remains a High-Risk Target
Organizations running SolarWinds Web Help Desk (WHD) and exposing it to the public internet are facing increased attack risk. Threat actors exploit these publicly accessible instances to gain entry and move laterally within networks. This serves as a reminder for IT teams to restrict external exposure of management portals and enforce strict access controls.
Asia’s Slow Response to Telnet Threats
A recent report reveals that only Taiwan among Asian governments effectively blocked Telnet traffic, a protocol notorious for security vulnerabilities and exploitation. The region broadly lags in mitigating Telnet-related threats, leaving critical infrastructure and systems exposed. This gap suggests an urgent need for regional cybersecurity policy improvements and network hygiene practices.
Relevant articles:
Looking Ahead: Windows 11 26H1 for New Hardware
Microsoft’s announcement of Windows 11 26H1 shipping exclusively on devices with Snapdragon X2 processors and other upcoming ARM chips reflects the evolving hardware landscape. While not immediately relevant for existing PCs, this shift highlights the importance for security teams to prepare for ARM-based architectures and potential new security considerations tied to them.
Relevant article:
Key Takeaways
- Microsoft’s February patch update addresses six actively exploited zero-days; urgent patching is essential.
- New Linux botnet SSHStalker uses IRC-based C2, signalling attackers’ use of legacy protocols to evade detection.
- North Korean hackers employ AI-driven social engineering to deliver macOS and Windows malware targeting cryptocurrency.
- ZeroDayRAT spyware bypasses MFA, exposing risks even for accounts with advanced security measures.
- Exposed SolarWinds Web Help Desk installations remain a top target; organisations must limit public accessibility.
- Asia’s slow action on blocking Telnet traffic highlights ongoing regional cyber hygiene challenges.
- Windows 11 26H1 release focused on new ARM-based hardware suggests a shift in platform security priorities.
Organisations should stay vigilant across these varied threat vectors and ensure robust patch management, network segmentation, and user awareness programmes to navigate this complex cybersecurity landscape.