Latest Internet & Cybersecurity News
PayPal Data Breach Exposed Personal Information for Months
A significant PayPal data breach exposed customer personal information over several months, leading to fraudulent transactions. The incident was highlighted in top cybersecurity news roundups for February 23, 2026. Investigations are ongoing to assess the full scope and impact on users.
AI-Assisted Hacker Breaches 600+ Fortinet Firewalls Across 55 Countries
A Russian-speaking threat actor used generative AI to breach over 600 Fortinet FortiGate firewalls in 55 countries by targeting weak credentials on exposed interfaces. The campaign, active for five weeks, automated lateral movement without exploits. Amazon's security team disclosed the attack, emphasizing AI's role in scaling operations.
CISA Orders Emergency Patch for Exploited Dell RecoverPoint Vulnerability
CISA mandated U.S. federal agencies to patch CVE-2026-22769 in Dell RecoverPoint within three days due to active exploitation by Chinese-linked actors since mid-2024. The flaw involves hardcoded credentials enabling backdoor deployment like Grimbolt. This affects VMware backup environments and critical infrastructure.
Ransomware Attack Disrupts University of Mississippi Medical Center Clinics
Ransomware hit UMMC, shutting down clinics statewide, canceling elective procedures, and forcing manual operations. Electronic medical records were impacted, with FBI involvement in the response. Emergency care continued amid system restoration efforts.
Advantest Corporation Suffers Ransomware Attack
Japanese semiconductor tester Advantest detected ransomware on February 15, 2026, affecting its network; systems were isolated with third-party help. Potential data exposure is under investigation, serving major chip makers. No confirmed exfiltration yet, but notifications may follow.
Odido Telecom Data Breach Compromises 6.2 Million Customers
Dutch telecom Odido suffered a breach exposing names, addresses, phone numbers, dates of birth, and IDs for 6.2 million users. Billing info, passwords, and call logs remained safe. Threat actors accessed personal data in a major incident.
Deutsche Bahn Rail Operator Hit by DDoS Attack
Germany's national rail operator Deutsche Bahn faced a DDoS attack disrupting booking tools and travel info services. The incident impacted digital operations on Tuesday. Investigations continue into the threat actors.
Former Google Engineer Convicted of AI Trade Secrets Theft for China
A former Google software engineer was convicted on 14 counts for stealing 2,000 pages of AI-related trade secrets and uploading them to his personal account. The espionage case ties to the People's Republic of China. Sentencing pending.
Russia-Linked Cyber Attack Damages Poland's Power Grid
Polish officials attributed a December 2025 cyber attack on power plants and renewable energy systems to Russian group Sandworm. Equipment was damaged in the incident acknowledged in January. It targeted critical energy infrastructure.
Google Patches Critical Chrome CSS Zero-Day Under Active Exploit
Google addressed CVE-2026-2441, a use-after-free flaw in Chrome's CSS engine, exploited in the wild since mid-February 2026. Users urged to update immediately. The vulnerability shocked the security community.
CISA Adds BeyondTrust Vulnerability to Known Exploited List for Ransomware
CVE-2026-1731 in BeyondTrust Remote Support is being used in ransomware attacks, prompting CISA's KEV catalog update. Hospitals and others at risk; prioritize patching. Review logs for lateral movement signs.