Hybrid Cloud
Cyber Security & NaaS
AI & Data
IoT & Connectivity
Business Applications
Intelligent Workplace
Consulting & Professional Services
Small Medium Enterprise
Health and Social Care
Industry
Retail
Tourism and Leisure
Transport & Logistics
Energy & Utilities
Banking and Finance
Smart Cities
Public Sector
Cyber Security Weekly Briefing, 14-20 February
Google releases urgent patch for first 0-day vulnerability of 2026 in Chrome
Google has released a critical security update for the stable channel of Chrome (versions 145.0.7632.75/.76 for Windows and macOS, and 144.0.7559.75 for Linux) to address the first 0-day vulnerability of the year.
The flaw, identified as CVE-2026-2441 (CVSSv3 8.8), is a use-after-free memory management issue in the browser’s CSS component.
Google has confirmed active exploitation in the wild. Immediate updating of all desktop installations is strongly recommended.
Analysis of persistent attacks against the Defence Industrial Base
Google Threat Intelligence Group has published a comprehensive report on APT operations targeting the global defence industrial base (DIB). The analysis covers state actors linked to China, Iran, Russia and North Korea, as well as hacktivist and criminal groups.
Observed tactics include exploitation of perimeter devices, recruitment-themed credential harvesting, and defence data exfiltration. Groups linked to China have been the most active in volume over the past two years.
Privilege escalation vulnerability in Windows Admin Center
Microsoft has addressed vulnerability CVE-2026-26119 (CVSSv3 8.8), a privilege escalation flaw that allows an attacker with low-level credentials to elevate privileges by bypassing permission controls in the administration interface. Although no active exploitation has been confirmed, it is rated as “most likely to be exploited”.
Applying the patch and auditing administrative accounts is advised.
UNC6201 exploited critical vulnerability in Dell RecoverPoint
Google Threat Intelligence Group identified active exploitation of the 0-day vulnerability CVE-2026-22769 (CVSSv3 10.0) in Dell RecoverPoint by the UNC6201 threat group. The campaign enabled deployment of multiple malicious payloads, including SLAYSTYLE, BRICKSTORM and GRIMBOLT.
Dell has released a patch, and immediate updates alongside monitoring of indicators of compromise are recommended.
AI-as-a-proxy: abuse of AI assistants as C2 channels
Check Point Research has documented a technique that leverages AI assistants with web browsing capabilities as covert command and control channels. By emulating a browser through WebView2, malware can exchange data with attacker-controlled servers without requiring API keys or registered accounts.
Recommended mitigation includes enforcing authentication and monitoring outbound traffic to AI service domains.
◾ This newsletter is one of the deliverables of our Operational and Strategic Intelligence service. If you are interested in knowing the rest of the Operational and Strategic Intelligence contents included in the service, please contact us →
