Daily Digest

Critical 'IronBite' SCADA Zero-Day Threatens Energy Sector; 'ChronoLocker' Ransomware Cripples Global Logistics

Critical 'IronBite' SCADA Zero-Day Threatens Energy Sector; 'ChronoLocker' Ransomware Cripples Global Logistics

February 16, 2026
12 articles (12 new)
36 min read

Summary

This period saw the emergence of multiple critical threats, headlined by the 'IronBite' zero-day (CVE-2026-31501) in SCADA systems, prompting a CISA emergency directive due to active exploitation targeting the energy sector. Simultaneously, the 'ChronoLocker' ransomware group crippled logistics giant AmeriCargo, causing significant supply chain disruptions. Other major incidents include a 'GhostTouch' zero-day (CVE-2026-31999) in the Androis mobile OS, supply chain attacks on the PyPI repository, and sophisticated espionage campaigns by the 'Silent Geese' and 'Crimson Wyvern' APT groups targeting NATO and cancer research institutes, respectively.

Filter by Category

New Articles (12)

CISA Issues Emergency Directive for 'IronBite' SCADA Zero-Day Under Active Attack

CRITICAL

Critical 'IronBite' RCE Vulnerability (CVE-2026-31501) in Avarium SCADA Systems Actively Exploited

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive for a critical zero-day vulnerability, CVE-2026-31501, dubbed 'IronBite'. This remote code execution (RCE) flaw in Avarium's OmniLogic SCADA platform scores a perfect 10.0 on the CVSS scale and is believed to be under active exploitation by state-sponsored actors targeting the energy sector. The vulnerability affects versions 4.x through 5.7.2 and can be triggered by a single network packet, requiring no authentication or user interaction. CISA has mandated immediate disconnection of affected systems from external networks for all federal agencies, highlighting the severe risk to critical infrastructure in North America and Europe.

February 16, 2026
5 min read
zero-daySCADAICSRCECISA +2 more
CISA Issues Emergency Directive for 'IronBite' SCADA Zero-Day Under Active Attack
Vulnerability
Industrial Control Systems
Cyberattack

ChronoLocker Ransomware Cripples AmeriCargo, Freezing US Supply Chains

HIGH

Logistics Giant AmeriCargo Halts Operations Following Devastating ChronoLocker Ransomware Attack

The 'ChronoLocker' ransomware gang has launched a crippling attack against AmeriCargo, a major North American logistics firm, forcing a halt to its operations. The attack, which began on February 15, 2026, has encrypted critical systems managing port operations and freight tracking, leading to widespread supply chain disruptions across the United States. The threat actors claim to have exfiltrated 2 terabytes of sensitive data, including client contracts and financial information, and are demanding a $30 million ransom. This incident highlights the escalating trend of ransomware groups targeting critical infrastructure to maximize pressure and financial gain.

February 16, 2026
5 min read
ransomwareChronoLockersupply chainlogisticsdata exfiltration +1 more
ChronoLocker Ransomware Cripples AmeriCargo, Freezing US Supply Chains
Ransomware
Cyberattack
Supply Chain Attack

New APT 'Silent Geese' Deploys 'PoliGraph' Backdoor in Espionage Campaign Against NATO

HIGH

'Silent Geese' APT Targets NATO Diplomats with Sophisticated Phishing and Novel 'PoliGraph' Malware

A newly identified state-sponsored threat actor, named 'Silent Geese,' is conducting a highly targeted cyber-espionage campaign against diplomatic personnel in multiple NATO member states. According to research from SecuraIntel, the advanced persistent threat (APT) group uses convincing spear-phishing emails related to a fake security summit to lure victims. The emails contain a malicious PDF that exploits a vulnerability to install 'PoliGraph,' a novel and stealthy backdoor. This malware is designed for long-term intelligence gathering, capable of exfiltrating documents, capturing keystrokes, and recording audio, posing a significant threat to international security.

February 16, 2026
5 min read
APTSilent Geesecyber-espionagephishingNATO +2 more
New APT 'Silent Geese' Deploys 'PoliGraph' Backdoor in Espionage Campaign Against NATO
Threat Actor
Phishing
Malware

PaySphere FinTech App Breach Exposes Data and Transaction Histories of 4 Million Users

HIGH

PaySphere Breach: 4 Million Users' Personal Data and Transaction Histories Exposed After Credential Theft

The popular FinTech payment app, PaySphere, has disclosed a major data breach affecting approximately 4 million users. The company announced that an unauthorized party gained access to a production database for over two weeks, from January 28 to February 12, 2026. The compromised data includes full names, email addresses, phone numbers, and detailed transaction histories. The breach was traced back to a compromised employee account that was phished, allowing attackers to bypass multi-factor authentication. While financial details like bank accounts were reportedly not accessed, the exposure of transaction data poses significant privacy and security risks to users.

February 16, 2026
5 min read
data breachFinTechphishingcredential theftMFA bypass +1 more
PaySphere FinTech App Breach Exposes Data and Transaction Histories of 4 Million Users
Data Breach
Phishing
Cloud Security

CopperSteal Infostealer Evolves to Target AWS, Azure, and Google Cloud Credentials

HIGH

New 'CopperSteal' Malware Variant Enhances Cloud Credential Theft Capabilities

A new variant of the 'CopperSteal' information-stealing malware has emerged with a dangerous new focus: enterprise cloud environments. According to analysis by ThreatFabric, the updated malware now includes specific modules designed to hunt for and exfiltrate credentials, access keys, and session cookies from AWS, Microsoft Azure, and Google Cloud. The malware is typically delivered through trojanized software masquerading as developer tools. This evolution marks a significant threat escalation, as stolen cloud credentials can be sold on underground forums and used to facilitate more severe attacks like ransomware deployment, corporate espionage, and data breaches.

February 16, 2026
5 min read
infostealerCopperStealcloud securityAWSAzure +2 more
CopperSteal Infostealer Evolves to Target AWS, Azure, and Google Cloud Credentials
Malware
Cloud Security
Threat Intelligence

Telehealth Provider HealthPath Exposes 700,000 Patient Medical Files in S3 Bucket Leak

HIGH

Unsecured Amazon S3 Bucket at HealthPath Exposes Medical Records of 150,000 Patients

Telehealth provider HealthPath has suffered a massive data exposure due to a misconfigured Amazon S3 bucket. A security researcher discovered the cloud storage bucket was left publicly accessible, exposing over 700,000 sensitive documents, including medical scans, test results, and patient identification forms. The data belongs to an estimated 150,000 patients and contained extensive personally identifiable information (PII) and protected health information (PHI). HealthPath attributed the exposure to 'human error' during a system update on January 20, 2026. The company now faces a major regulatory investigation under HIPAA for failing to secure patient data.

February 16, 2026
5 min read
data exposurecloud securityAmazon S3misconfigurationhealthcare +2 more
Telehealth Provider HealthPath Exposes 700,000 Patient Medical Files in S3 Bucket Leak
Data Breach
Cloud Security
Regulatory

Patch Now: Critical RCE Flaw (CVE-2026-31845) in ZenithJS Framework Threatens Web Apps

CRITICAL

ZenithJS Issues Emergency Patch for Critical 9.8 CVSS Remote Code Execution Vulnerability

The maintainers of ZenithJS, a popular JavaScript web framework, have released an emergency patch for a critical remote code execution (RCE) vulnerability, CVE-2026-31845. The flaw, rated 9.8 on the CVSS scale, exists in the framework's data serialization library and allows an unauthenticated attacker to execute arbitrary code on a server by sending a crafted HTTP request. The vulnerability is due to unsafe deserialization of user input. All applications built with ZenithJS versions 3.0.0 through 3.4.0 are affected. Given the framework's widespread use, developers are urged to upgrade to the patched version 3.4.1 immediately to prevent potential widespread exploitation.

February 16, 2026
5 min read
vulnerabilityRCEZenithJSJavaScriptopen source +2 more
Patch Now: Critical RCE Flaw (CVE-2026-31845) in ZenithJS Framework Threatens Web Apps
Vulnerability
Patch Management
Supply Chain Attack

Supply Chain Attack: Malicious 'PyUtils-Core' Library on PyPI Steals Developer Secrets

HIGH

Popular Python Library 'PyUtils-Core' Compromised in Supply Chain Attack to Steal API Keys

A software supply chain attack has compromised 'PyUtils-Core,' a popular Python library on the Python Package Index (PyPI) with millions of monthly downloads. The PyPI security team removed versions 1.8.7 and 1.8.8 after discovering they contained malicious code designed to steal developer secrets. The code, injected after the library maintainer's account was compromised, scans for and exfiltrates environment variables, including API keys, authentication tokens, and other secrets commonly found in developer environments and CI/CD pipelines. All users who downloaded the affected versions are urged to rotate their credentials immediately.

February 16, 2026
5 min read
supply chain attackPyPIPythoncredential theftopen source security +1 more
Supply Chain Attack: Malicious 'PyUtils-Core' Library on PyPI Steals Developer Secrets
Supply Chain Attack
Malware
Security Operations

Social Media Giant ConnectSphere Hit with Landmark €800M GDPR Fine for Data Breaches

INFORMATIONAL

ConnectSphere Fined €800 Million by EU Regulators for Systemic GDPR Failures

In a landmark ruling, European Union regulators have fined the social media platform ConnectSphere €800 million for significant and repeated violations of the General Data Protection Regulation (GDPR). The fine, issued by Ireland's Data Protection Commission (DPC), stems from a lengthy investigation into the company's data security practices between 2023 and 2025. The DPC found that ConnectSphere failed to implement appropriate technical measures to protect user data, citing inadequate access controls and weak password hashing, which directly contributed to multiple large-scale data breaches. ConnectSphere has been ordered to overhaul its security architecture and intends to appeal the decision.

February 16, 2026
5 min read
GDPRregulationfinedata privacycompliance +2 more
Social Media Giant ConnectSphere Hit with Landmark €800M GDPR Fine for Data Breaches
Regulatory
Policy and Compliance
Data Breach

'Crimson Wyvern' APT Steals Cancer Research Data in Global Espionage Campaign

HIGH

Crimson Wyvern APT Targets U.S., U.K., and Japanese Cancer Research Institutes with 'SerpentShell' Malware

A state-sponsored APT group tracked as 'Crimson Wyvern' is orchestrating a widespread cyber-espionage campaign against leading cancer research facilities and pharmaceutical companies. According to a new report from Mandiant, the attacks have targeted organizations in the U.S., U.K., and Japan with the goal of stealing valuable intellectual property, particularly data on novel drug therapies and clinical trials. The threat actors gain initial access by exploiting VPN vulnerabilities and then deploy a custom backdoor, 'SerpentShell,' to maintain long-term access and exfiltrate sensitive research data. The campaign poses a serious threat to public health innovation and commercial competitiveness.

February 16, 2026
5 min read
APTCrimson Wyverncyber-espionagehealthcareintellectual property theft +1 more
'Crimson Wyvern' APT Steals Cancer Research Data in Global Espionage Campaign
Threat Actor
Cyberattack
Malware

NorthGrid Power Report Reveals IT-OT Segmentation Failure Led to Blackout Attack

HIGH

NorthGrid Power Incident Report Details Cyberattack That Caused December 2025 Outages

NorthGrid Power, a major U.S. utility, has published a detailed post-incident report on the December 2025 cyberattack that resulted in localized power outages. The report attributes the attack to a sophisticated threat actor and provides a transparent look at the attack chain. The intrusion began with a spear-phishing email to an IT employee and escalated as attackers moved laterally from the corporate IT network to the sensitive operational technology (OT) network. This was possible due to a misconfigured firewall rule. Once in the OT network, the attackers used custom malware to manipulate circuit breakers, causing the outages. The report serves as a critical case study on the dangers of IT-OT convergence and segmentation failures.

February 16, 2026
5 min read
incident reportICSOT securitycritical infrastructurenetwork segmentation +1 more
NorthGrid Power Report Reveals IT-OT Segmentation Failure Led to Blackout Attack
Incident Response
Industrial Control Systems
Cyberattack

Actively Exploited 'GhostTouch' Zero-Day in Androis Allows Silent Malware Installation

CRITICAL

'GhostTouch' Zero-Day (CVE-2026-31999) in Androis OS Allows No-Interaction App Installation

Google's Project Zero has disclosed a critical zero-day vulnerability, 'GhostTouch' (CVE-2026-31999), affecting billions of Androis devices. The flaw, present in Androis versions 14, 15, and the beta of 16, allows an attacker to silently install malicious applications on a victim's device without any user interaction. The attack is triggered simply by the user visiting a malicious webpage. Project Zero has confirmed the vulnerability is being actively exploited in the wild in targeted attacks, likely to install sophisticated spyware. While Google has released a patch, the fragmented Androis ecosystem means most users will remain vulnerable for weeks or months.

February 16, 2026
5 min read
zero-dayAndroidmobile securityvulnerabilityspyware +2 more
Actively Exploited 'GhostTouch' Zero-Day in Androis Allows Silent Malware Installation
Vulnerability
Mobile Security
Malware

📢 Share This Publication

Help others stay informed about cybersecurity threats