1) Executive Summary
- AI-Driven Attacks Surge: Adversaries continue to weaponize generative AI to accelerate breaches, credential theft, and lateral movement — reducing time-to-compromise significantly.
- Supply Chain and Third-Party Risk: A growing share of breaches now exploit third-party vulnerabilities and software dependencies.
- Identity and Credential Abuse: Nearly 90% of investigated incidents involve identity weaknesses, highlighting MFA gaps and session token exploitation.
- Rapid Exploitation of Vulnerabilities: Zero-days and critical exposures in widely used platforms (firewalls, cloud services) are being quickly weaponized in active campaigns.
- Global Threat Actors Targeting Strategic Sectors: Nation-state and financially motivated groups escalate operations across industries — from semiconductor manufacturing to defense and national infrastructure.
2) Top Threats Developments
Major Cybersecurity Incidents & Threat Trends — February 2026
1. Generative AI Used in Breaches
- A Russian-speaking actor used AI-assisted techniques to breach over 600 FortiGate devices globally, harvesting credentials and backups for potential ransomware follow on.
2. Critical Infrastructure Vulnerabilities
- VMware Aria vulnerabilities (remote code execution) disclosed and patched — active exploitation risk requires immediate remediation.
- Malicious actors launched steganographic malware campaigns hiding RATs in PNG images, signaling advanced supply chain evasion tactics.
3. High-Impact Breaches
- A major Japanese semiconductor supplier suffered a significant ransomware incident — underscoring threat evolution targeting vital hardware sectors.
- Weekly news roundups highlighted widespread threats including PayPal breach vectors, Chrome 0-day exploits, and more.
3) Statistical Highlights
AI’s Impact on Attack Speed
- AI-enabled cyber operations grew by 89% YoY; average breakout to privilege escalation now ~29 minutes (fastest at 27 seconds).
Identity-Driven Intrusions
- 87% of intrusions involved identity weaknesses — attackers blending credential theft with access across cloud, SaaS, and endpoint surfaces.
Third-Party Breaches
- 1 in 4 breaches exploit third-party vulnerabilities, with AI-powered phishing representing >80% of social engineering events.
Ransomware & Malware Trends
- Stealth and evasion techniques dominate tradecraft, with information stealers like Arkanix and supply chain malware affecting developer tools and package repositories.
4) Notable Exploited Vulnerabilities
| Platform |
Risk |
Status |
| VMware Aria Operations |
Remote Code Execution |
Patched (Broadcom Advisory) |
| FortiGate Firewalls |
Credential Compromise via AI-assisted attack |
Active |
| Roundcube Webmail |
Multiple active CVEs; exploitation on exposed hosts |
High Urgency |
5) Threat Actors & Motivations
- Cybercriminal Groups: Focused on ransomware, credential theft, RAT deployment, and supply chain compromise.
- State-Sponsored Campaigns: China, Russia, Iran, and North Korea intensify targeted social engineering against defense and critical sectors.
- Automated APT Tooling: AI used not only in attack orchestration but also in prompt-injection abuse within AI development platforms.
Threat Actor Landscape
The February 2026 threat landscape reflects increased activity from financially motivated cybercriminal groups, continued nation-state targeting of strategic industries, and persistent insider and hacktivist risks.
Enterprise Risk Scoring Dashboard
This dashboard provides a high-level risk scoring assessment based on current threat intelligence trends observed in February 2026.