Chinese APT Exploits Dell Zero-Day in Espionage Campaign; Major Data Breaches Hit Figure, Betterment
Summary
This edition for February 18, 2026, covers a critical cyberespionage campaign by a Chinese APT group (UNC6201) exploiting a Dell RecoverPoint zero-day (CVE-2026-22769) to target VMware infrastructure. Additionally, major data breaches impacted nearly one million customers each at fintech firms Figure and Betterment, with the ShinyHunters group claiming responsibility. Other significant events include a critical RCE flaw in Grandstream VoIP phones, a breach of a French government database exposing 1.2 million bank accounts, and an actively exploited zero-day in Google Chrome.
Today New Articles
Metasploit Module Released for Critical RCE Flaw in Grandstream VoIP Phones (CVE-2026-2329)
Researchers at Rapid7 have disclosed a critical, unauthenticated remote code execution (RCE) vulnerability, CVE-2026-2329, affecting Grandstream GXP1600 series VoIP phones. The flaw is a stack-based buffer overflow in the phone's web API, allowing a remote att...
French Government Database Breach Exposes 1.2 Million Bank Accounts via Stolen Credentials
The French Economy Ministry has confirmed a data breach affecting its FICOBA national bank account database. An unauthorized individual gained access to the system using credentials stolen from a government official, exposing the personal and banking informati...
The data breach at investment advisor Betterment LLC, first disclosed in January 2026, is now understood to be far more severe. The incident stemmed from a social engineering attack that gave an attacker access to a third-party communications platform. The Shi...
The Huntress 2026 Cyber Threat Report, released February 18, 2026, details a major shift in the cybercrime landscape towards an industrialized, business-like model. Analyzing data from millions of endpoints, the report finds that threat actors are prioritizing...
A widespread and ongoing phishing campaign is abusing the legitimate notification features of Atlassian's Jira platform to deliver malicious links to government and corporate targets worldwide. By creating tasks or comments in Jira, attackers trigger legitimat...
Two distinct and sophisticated cyber threat campaigns were reported on February 18, 2026. The first, dubbed 'Contagious Interview,' is a financially motivated operation targeting MetaMask browser wallets. It uses injected malicious code to surgically alter tra...
Malicious GitHub Fork of 'Triton' macOS App Used to Distribute Windows Malware
A malicious supply chain attack was identified on GitHub on February 17, 2026, targeting users through a deceptive fork of a legitimate open-source application. Attackers cloned 'Triton,' a macOS client for the omg.lol service, and created a malicious reposito...
UC Berkeley to Host Regional Summits to Strengthen Cyber Civil Defense
The UC Berkeley Center for Long-Term Cybersecurity (CLTC) announced on February 17, 2026, that it will host three regional Cyber Civil Defense Summits in 2026. The initiative aims to build collaboration between volunteer cyber defenders, government officials,...
Article Updates
Fintech Firm Figure Technologies Breached by ShinyHunters; 1 Million Customer Records Leaked
Update:The Figure Technology Solutions data breach, involving the leak of nearly one million customer records by ShinyHunters, has been independently confirmed by the data breach notification service 'Have I Been Pwned'. The service added 967,000 unique email address...
Google Scrambles to Patch First Actively Exploited Chrome Zero-Day of 2026
Update:Further details regarding the actively exploited Chrome zero-day, CVE-2026-2441, confirm that the critical patch was released on February 13, 2026. This update also explicitly identifies Vivaldi and Opera as additional Chromium-based browsers impacted by the u...