top of page

Cybersecurity Weekly Update: 2-9 February 2026

  • Writer: SOC Team
    SOC Team
  • 6 minutes ago
  • 3 min read

1. Microsoft Office ZERO‑DAY Actively Exploited


Microsoft confirmed that a zero‑day vulnerability in Microsoft Office (CVE‑2026‑21509) is actively being exploited in targeted attacks. The flaw allows attackers to bypass built‑in security protections and execute code when victims open specially crafted Office documents. Agencies including CERT‑UA and CISA have observed real‑world exploitation and have recommended immediate patching. (techradar.com)


Why it matters: Microsoft Office is widely used across defence, finance, healthcare, and education. An actively exploited zero‑day increases risk from spear‑phishing campaigns and malware delivery.


Action: Apply Microsoft’s emergency patch to all affected Office versions immediately and enforce additional email filtering for malicious file types.


2. Singapore Telcos Targeted in UNC3886 Cyberattack


Singapore’s authorities reported that four major telecommunications operators were targeted by a UNC3886‑linked cyberattack in 2025, although no customer data theft was confirmed. The threat actor is believed to have used sophisticated intrusion techniques, prompting nationwide defensive reviews. (theonlinecitizen.com)


Why it matters: Telecommunications infrastructure is a critical service; even non‑data‑theft breaches can impact network resilience and availability. APAC and European carriers should review remote access and network segmentation controls.


Action: Validate intrusion detection signatures, review third‑party access, and audit network traffic for lateral movement.


3. AI Model Discovers Hundreds of New Vulnerabilities — But Raises Risk Questions


Anthropic’s latest large AI model, Claude Opus 4.6, has autonomously discovered over 500 previously unknown high‑severity vulnerabilities in open‑source software. While this demonstrates AI’s power to accelerate defensive research, it also suggests attackers may leverage similar AI tools to scale discovery of exploitable flaws. (fortune.com)


Why it matters: Organisations must consider both the defensive and offensive implications of AI‑augmented vulnerability discovery. Rapid disclosure cycles may outpace traditional patching workflows.


Action: Integrate AI‑assisted scanning into vulnerability management and prioritise fixes based on CVSS and exploitability metrics.


4. CISA Adds SolarWinds Web Help Desk RCE to Known Exploited Vulnerabilities Catalog


The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added an actively exploited Remote Code Execution (RCE) vulnerability in SolarWinds Web Help Desk to its Known Exploited Vulnerabilities (KEV) catalog and mandated federal agency remediation by February 2026. This reflects ongoing exploitation observed in both public and private sector environments. (thehackernews.com)


Why it matters: SolarWinds products are widely used for IT service management across enterprises. Exploitable flaws in such platforms can lead to privileged access and wider compromise.


Action: Prioritise patching of SolarWinds Web Help Desk, verify configuration integrity, and monitor for suspicious service‑desk API activity.


5. Heightened Cyber Threats Around Major Global Events


With the 2026 Winter Olympics and the Super Bowl both imminent, cybersecurity professionals are warning of increased threats — from phishing campaigns and DDoS to politically motivated intrusions targeting associated venues and systems. Italian teams have already mitigated multiple attacks against Olympic systems, highlighting the persistent risk around large‑scale public events. (axios.com)


Why it matters: High‑profile events attract opportunistic and state‑linked actors. Financial services, hospitality, and transport sectors supporting these events are especially at risk.


Action: Enhance DDoS protection, reinforce phishing awareness campaigns, and coordinate with partners on incident response plans for expected traffic surges.


Key Recommendations


  • Patch Critical Software: Prioritise emergency fixes for Microsoft Office and SolarWinds Web Help Desk.

  • Monitor Telecom & Infrastructure Networks: Review segmentation and remote access after UNC3886‑linked activity.

  • Leverage Defensive AI Tools: Use AI‑assisted scanning to accelerate vulnerability discovery and remediation.

  • Prepare for Event‑Driven Attacks: Expand perimeter defenses and user awareness ahead of global events.

  • Threat Intelligence Integration: Ensure telemetry and SOC workflows incorporate known exploited indicators.

 
 
bottom of page