Cybersecurity Weekly Update: 9-16 February 2026
- SOC Team
- 14 hours ago
- 2 min read
1. Microsoft February Patch Tuesday Fixes Six Actively Exploited Zero-Days
Microsoft released its February 2026 Patch Tuesday updates, addressing more than 50 vulnerabilities, including six actively exploited zero-day flaws affecting Windows, Office, and core components. Several of these vulnerabilities enable remote code execution and security feature bypass. (securityweek.com)
Why it matters: Actively exploited zero-days present immediate enterprise risk. Organisations across defence, financial services, healthcare, and education must assume exploitation attempts are ongoing.
Action: Accelerate patch deployment cycles. Prioritise internet-facing assets and high-privilege user endpoints.
2. BeyondTrust Critical RCE Vulnerability (CVE-2026-1731)
A critical unauthenticated Remote Code Execution vulnerability affecting BeyondTrust Remote Support and Privileged Remote Access platforms was disclosed. The flaw allows arbitrary command execution if exposed to the internet. (techradar.com)
Why it matters: Remote support and privileged access systems are prime post-exploitation tools. Compromise could result in full domain takeover.
Action: Apply patches immediately and audit external exposure of PAM and remote access services.
3. State-Sponsored Hackers Target Defence Sector Employees
Google’s Threat Intelligence Group reported increased state-linked campaigns targeting defence sector staff through personalised phishing and fake recruitment platforms. Attackers are increasingly focusing on individuals rather than perimeter systems. (theguardian.com)
Why it matters: Personal accounts and contractor environments are becoming entry points into high-value defence networks.
Action: Enforce MFA across all accounts, including contractors. Increase monitoring of identity-based anomalies.
4. SmarterTools Ransomware Breach via Unpatched SmarterMail Server
American software vendor SmarterTools confirmed a ransomware breach affecting an unpatched SmarterMail virtual machine. An authentication bypass flaw (tracked as CVE-2026-23760) allowed attackers to reset administrative credentials and gain full access. The incident did not impact core services thanks to network isolation, but it underscores the systemic dangers of unpatched legacy servers. (techradar.com)
Why it matters: Neglected or forgotten systems can serve as footholds for ransomware and other attacks.
Action: Enforce strict patch management, maintain asset inventories, and isolate legacy systems from production networks.
5. Ransomware Disrupts Major U.S. Payment Gateway — BridgePay
BridgePay Network Solutions, a significant U.S. payment processing provider, suffered a ransomware attack that knocked systems offline, causing widespread service disruption for merchants relying on its payment APIs and gateways. Federal law enforcement, including the U.S. Secret Service, has been engaged to investigate the incident, and efforts to fully restore services are ongoing. (techradar.com)
Why it matters: Critical payments infrastructure attacks can disrupt commerce, affecting financial services and retail environments and undermining trust in digital payments.
Action: Review incident response readiness, implement data backups, and validate ransomware containment and restoration procedures.
Key Recommendations
Urgent Patching: Deploy Microsoft, BeyondTrust, and SmarterMail fixes without delay.
Protect Privileged Access: Harden remote support and administrative interfaces; isolate unused systems.
Identity Security: Extend MFA and phishing defence to all users, including contractors.
Ransomware Preparedness: Test backups, simulate ransomware IR playbooks, and engage forensic partners early.
Asset Hygiene: Maintain accurate inventories; decommission or isolate legacy endpoints.
