top of page

Cybersecurity Weekly Update: 16-23 February 2026

  • Writer: SOC Team
    SOC Team
  • 2 days ago
  • 2 min read

1. Google Chrome Zero‑Day Actively Exploited


Google released an emergency patch for a high‑severity zero‑day flaw in its Chrome browser, tracked as CVE‑2026‑2441. The vulnerability, described as a “use‑after‑free” issue in the CSS component, has been confirmed as actively exploited in the wild, meaning attackers are already leveraging it against endpoint users. (thehackernews.com)


Why it matters: Browsers are one of the most exposed components in enterprise environments. A zero‑day in Chrome - the most widely deployed browser across organisations - poses immediate risk of remote code execution (RCE) and phishing‑assisted compromise.


Action: Update Chrome to the latest version across all managed and unmanaged endpoints without delay.


2. BeyondTrust Critical RCE Vulnerability Exploited in Ransomware Attacks


A critical remote code execution flaw impacting BeyondTrust Remote Support and Privileged Remote Access products (CVE‑2026‑1731) has been added to the U.S. Cybersecurity and Infrastructure Security Agency’s Known Exploited Vulnerabilities (KEV) catalog and is now linked to active exploitation in ransomware campaigns. (bleepingcomputer.com)


Why it matters: BeyondTrust is widely used for privileged access and support workflows - critical attack surfaces for both ransomware and persistent threats. Exploitation can lead to unauthorized system control, data theft, and lateral movement.


Action: Apply the latest patches from BeyondTrust - especially for on‑premises deployments - and verify patch status via appliance interfaces.


3. Ivanti EPMM Vulnerabilities Seeing Active Exploitation


Multiple zero‑day flaws in Ivanti Endpoint Manager Mobile (EPMM) - specifically CVE‑2026‑1281 and CVE‑2026‑1340 - are reported as being actively exploited against enterprise mobile management infrastructure. (securityweek.com)


Why it matters: Compromise of mobile device management systems can give attackers full control of registered devices, allowing lateral movement and persistence across enterprise environments - especially in sectors with distributed mobile fleets such as healthcare and education.


Action: Ensure the latest vendor patches are applied; review server exposure and harden remote access processes.


4. Microsoft Adds Six Zero‑Days to CISA KEV Catalog


The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added six Microsoft zero‑day vulnerabilities believed to be under active exploitation by threat actors - including nation‑state groups - with a hard remediation deadline of 3 March 2026. (hackerstorm.com)


Why it matters: Microsoft technologies underpin critical infrastructure and services in finance, defence, and healthcare. Active exploitation of multiple zero‑days significantly increases risk, particularly for unpatched systems.


Action: Audit Windows asset inventories and apply required updates ahead of the CISA deadline.


Key Recommendations


  • Patch Chrome immediately: Protect endpoints against active zero-day exploits (CVE‑2026‑2441).

  • Update BeyondTrust: Apply fixes for RCE vulnerability (CVE‑2026‑1731) to secure privileged access.

  • Harden Ivanti EPMM: Patch CVE‑2026‑1281 & CVE‑2026‑1340; review remote access and device exposure.

  • Apply Microsoft updates: Address six zero-days from CISA KEV; prioritize high-risk systems.

  • Monitor & respond: Enhance detection for active exploitation and ransomware activity across all critical assets.



 
 
bottom of page