It's been a packed 24 hours in the cyber world, with a flurry of recent breaches, critical vulnerabilities under active exploitation, and fascinating new threat research emerging. We're also seeing important updates on the evolving threat landscape, regulatory clarity, and significant law enforcement actions. Let's dive in:

Recent Cyber Attacks and Breaches ⚠️

- The University of Mississippi Medical Center (UMMC) has shut down all clinics statewide following a ransomware attack, with officials confirming communication with the attackers and CISA/FBI assistance.
- Japanese semiconductor test equipment supplier Advantest is dealing with a ransomware attack that impacted several systems, highlighting the ongoing targeting of the lucrative semiconductor industry.
- Wynn Resorts, the Las Vegas casino giant, is reportedly the latest victim of ShinyHunters, who claim to have stolen over 800,000 employee records, including Social Security numbers, and are demanding a $1.5 million Bitcoin ransom.
- The French Ministry of Finance disclosed a data breach affecting 1.2 million accounts in its national bank account registry (FICOBA), where stolen civil servant credentials led to the exposure of bank account details, physical addresses, and tax IDs.
- Ukraine's central bank reported a supply-chain attack on a contractor supporting its collectible coin online store, exposing customer registration data but not core banking systems or financial details.
- The FBI issued a flash alert on ATM jackpotting, noting over 700 incidents in 2025 with losses exceeding $20 million, primarily using Ploutus malware to exploit physical and software vulnerabilities to dispense cash without authorisation.

🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/university-of-mississippi-medical-center-closes-clinics-after-ransomware-attack/
🗞️ The Record | https://therecord.media/leading-japanese-semiconductor-supplier-ransomware
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/02/20/shinyhunters_wynn_resorts/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/data-breach-at-french-bank-registry-impacts-12-million-accounts/
🗞️ The Record | https://therecord.media/hackers-breach-ukraine-national-bank-contractor
🗞️ The Record | https://therecord.media/fbi-atm-jackpotting-2025-report

Actively Exploited Vulnerabilities 🛡️

- CISA has ordered federal agencies to patch a maximum-severity Dell RecoverPoint for Virtual Machines bug (CVE-2026-22769) within three days, as it's been actively exploited since mid-2024 by suspected China-nexus operators.
- The BeyondTrust Remote Support RCE flaw (CVE-2026-1731) is now being actively exploited in ransomware attacks, with CISA adding it to its KEV catalog and urging immediate patching for self-hosted instances.
- A supply chain attack poisoned the npm package for Cline (an AI coding tool), silently installing the OpenClaw AI framework on approximately 4,000 systems after an attacker exploited a prompt injection vulnerability to steal an npm publish token.

🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/02/20/cisa_dell_vulnerability/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/cisa-beyondtrust-rce-flaw-now-exploited-in-ransomware-attacks/
🌑 Dark Reading | https://www.darkreading.com/application-security/supply-chain-attack-openclaw-cline-users

New Threat Research and Tradecraft 🧠

- Proofpoint researchers uncovered "TrustConnect," a fake RMM vendor that actually sells a remote access trojan (RATaaS), complete with a legitimate EV code-signing certificate and distributed via phishing campaigns, with ties to Redline infostealer customers.
- ESET has identified "PromptSpy," the first known Android malware to use generative AI (Google Gemini) at runtime to adapt its persistence mechanisms across different devices, while also functioning as spyware with VNC capabilities.
- The "Starkiller" phishing-as-a-service (PhaaS) kit is gaining traction for its ability to bypass MFA by proxying actual login pages in real-time, stealing credentials and session tokens, and evading traditional phishing detection methods.
- MIT CSAIL's 2025 AI Agent Index highlights a concerning lack of safety disclosures and standards from AI agent developers, with most relying on a few foundation models, creating complex dependencies that are difficult to evaluate.
- Wiz researchers revealed that virtually every major AI platform they targeted was vulnerable, emphasising that infrastructure security across the five layers of the AI stack (training, inference, application, cloud, hardware) is more critical than prompt injection concerns, with issues like the "Pickle" format allowing arbitrary code execution.

🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/02/19/rmm_rat_trustconnect/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/promptspy-is-the-first-known-android-malware-to-use-generative-ai-at-runtime/
🌑 Dark Reading | https://www.darkreading.com/threat-intelligence/starkiller-phishing-kit-mfa
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/02/20/ai_agents_abound_unbound_by/
🌑 Dark Reading | https://www.darkreading.com/application-security/lessons-ai-hacking-model-every-layer-risky

Threat Landscape Commentary 🌍

- Dutch intelligence warns that Russia is intensifying its hybrid attacks (cyberattacks, sabotage, disinformation) across Europe, signalling preparation for a prolonged confrontation with the West and an increased risk tolerance.
- A report from Intel 471 indicates that Latin America's cybersecurity maturity is lagging behind its rapidly escalating threat landscape, with a 78% increase in ransomware breaches in 2025 and the region becoming a central hub for cybercrime.

🗞️ The Record | https://therecord.media/russia-cyberattacks-europe-warfare
🌑 Dark Reading | https://www.darkreading.com/threat-intelligence/latin-americas-cyber-maturity-lags-threat-landscape

Regulatory Developments ⚖️

- The UK's Information Commissioner's Office (ICO) has won a significant legal battle against DSG Retail, with the Court of Appeal confirming that payment card details (even without cardholder names) constitute "personal data" from the data controller's perspective, upholding a £500,000 fine for a 2017 breach.

🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/02/20/ico_wins_battle_in_protracted_fight/

Law Enforcement Actions 🚨

- A Ukrainian national, Oleksandr Didenko, has been sentenced to five years in prison for facilitating North Korea's remote IT worker scheme, which involved stealing US identities and creating fraudulent accounts to funnel hundreds of thousands of dollars to the regime.
- A Romanian hacker, Catalin Dragomir, pleaded guilty to breaching Oregon's Department of Emergency Management in 2021 and selling access for $3,000 in Bitcoin, facing up to seven years in prison for this and other hacks.

🤫 CyberScoop | https://cyberscoop.com/doj-ukrainian-north-korea-remote-worker-scheme-facilitator-sentenced/
🗞️ The Record | https://therecord.media/romanian-hacker-faces-7-years-oregon-breach

#CyberSecurity #ThreatIntelligence #Ransomware #DataBreach #Vulnerability #ZeroDay #RCE #SupplyChainAttack #Malware #RATaaS #Phishing #MFA #AI #AIsecurity #HybridWarfare #LawEnforcement #DataPrivacy #InfoSec