Major Data Breaches at Figure and French Government Expose Millions; Novel AI-Powered Malware Emerges

Publication Date: February 20, 2026

Summary

This cybersecurity brief for February 20, 2026, covers a series of high-impact incidents, including a social engineering attack on fintech firm Figure exposing nearly 1 million users and a breach of France's national bank registry affecting 1.2 million accounts. A significant development is the discovery of 'PromptSpy,' the first Android malware to leverage Google's Gemini AI for stealth. Additionally, CISA has issued urgent warnings about exploited RMM tool vulnerabilities, while ransomware attacks continue to cripple critical sectors like healthcare and telecommunications, affecting the University of Mississippi Medical Center and prompting an FCC alert.

Today New Articles

PromptSpy: First Android Malware to Weaponize Google's Gemini AI for Stealth and Persistence

Security researchers at ESET have uncovered 'PromptSpy,' a groundbreaking Android malware that integrates Google's Gemini AI to achieve persistence and evade removal. This marks the first known instance of malware weaponizing a large language model (LLM) in it...

CISA KEV Catalog Updated with Actively Exploited BeyondTrust and SolarWinds RMM Flaws

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added several critical vulnerabilities in Remote Monitoring and Management (RMM) tools from BeyondTrust and SolarWinds to its Known Exploited Vulnerabilities (KEV) catalog. This action confir...

Ransomware Attack Cripples University of Mississippi Medical Center, Forcing Clinic Closures

The University of Mississippi Medical Center (UMMC) has been hit by a severe ransomware attack, causing widespread disruption to its IT systems and patient care. The attack disabled the electronic health records (EHR) system, forcing the medical center to canc...

Semiconductor Giant Advantest Hit by Ransomware, Investigates Impact on Supply Chain

Advantest Corporation, a leading Japanese manufacturer of semiconductor testing equipment, has detected and is investigating a ransomware intrusion on its internal IT network. The company acted to isolate the affected systems to prevent the malware from spread...

Warlock Ransomware Hits SmarterTools by Exploiting Flaw in its Own Email Server Software

In an ironic turn, software company SmarterTools was breached by the Warlock ransomware group, who exploited a known vulnerability (CVE-2026-23760) in SmarterTools' own SmarterMail email server software. The attackers leveraged the authentication bypass flaw f...

Critical Flaw in Grandstream VoIP Phones (CVE-2026-21486) Allows Silent Eavesdropping

A significant vulnerability, CVE-2026-21486, has been disclosed in popular VoIP phones from Grandstream. The flaw could be exploited by remote attackers to gain access to internal device interfaces and, most critically, to silently eavesdrop on private phone c...

Honeywell CCTV Cameras Have Critical Auth Bypass Flaw, Allowing Video Hijacking

A critical authentication bypass vulnerability has been reported in multiple Honeywell CCTV camera models. The flaw, disclosed on February 19, 2026, could allow a remote, unauthenticated attacker to hijack user accounts and gain complete access to the cameras....

Article Updates

Starbucks Discloses Data Breach Affecting 889 Employees via Phishing Attack

Update:Further investigation into the Starbucks data breach affecting 889 employees has revealed that the incident was not a direct phishing attack on Starbucks' own staff. Instead, threat actors successfully compromised a third-party business partner through a phish...

FCC Warns US Telecoms of Soaring Ransomware Threat, Mandates Stronger Defenses

Update:The FCC's latest advisory reinforces its warning to the telecom sector, adding critical recommendations such as implementing Multi-Factor Authentication (MFA) for all remote access and privileged accounts, and maintaining reliable, offline, and frequently test...