Cybersecurity Update 1-14 February 2026

United States of America  

Agentic AI - OpenClaw — Creates Unacceptable Cyber Risk. On 1 February 2026, OpenClaw released security updates to its Agentic AI project. The OpenClaw project is a self hosted personal artificial intelligence (AI) assistant agent formerly known as both Clawdbot and Moltbot. It runs locally and executes actions (skills) on the user’s behalf. OpenClaw operates insecurely by default and is unmanaged with high privileges, creating a security hazard to anyone using it. ClawHub is a marketplace designed to make it easy for OpenClaw users to find and install third-party skills. An example of a third party skill is youtube-summarize-pro. The OpenClaw AI agents — which anyone can download and run on their own servers — is given full shell access to a user's machine, including the ability to read and write files, tap into your browser and email inbox, and store login credentials. This gives the OpenClaw AI agents the ability to clear your inbox, send emails, manage your calendar, check you in for flights, and so on. It can operate on WhatApp, Telegram, or any chat application you use. Koi Security conducted "a security audit of 2,857 skills on ClawHub and found 341 malicious skills across multiple campaigns. Each skill appeared legitimate and described itself as a normal integration. Yet, all of these skills share the same malicious command-and-control infrastructure and use sophisticated social engineering to convince users to execute malicious commands. The trojan has key-logging functionality to capture API keys, crypto currency wallet private keys (targeting target ByBit, Polymarket, Axiom), SSH credentials, browser passwords, broader credentials and passwords, as well as other sensitive data from the machine. More than 21,000 OpenClaw AI agents are now publicly exposed, raising security concerns over their action-capable design and extensibility because they are platform-agnostic. Trend Micro disclosed that it observed malicious actors on the Exploit.in forum actively discussing the deployment of OpenClaw skills to support activities such as botnet operations. On 7 February 2026, OpenClaw announced a partnership with Google's VirusTotal malware scanning platform to scan skills that are being uploaded to ClawHub to improve the security of its agentic ecosystem. (E-Security Planet, Cisco Blog, ComputerWorld, OpenClawAI, Wiz, HackerNews, Koi Security, Cybersecurity News, Gartner, GitHub, Zero Leaks, Apple Insider, Cisco Skill Scanner Tool, Wired, RiskInsight, Fortune, PaloAlto Blog, ZDNet, InfoSec Magazine, OpenClaw, GenDigital, HackerNews, TrendMicro)

8-minute Access: AI Accelerates Breach of AWS Environment. On 3 February 2026, the Sysdig Threat Research Team (TRT) published a report about how a malicious actor was able to gain administrative access to an Amazon Web Services (AWS) environment in less than 10 minutes. The incident took place on 28 November 2025 and stood out because of its speed, but also for multiple techniques used that suggest the malicious actor leveraged large language models (LLMs) throughout the operation to automate reconnaissance, generate malicious code, and make real-time decisions. During the attack, the malicious actor collected and exfiltrated data from the cloud environment, provisioned GPU instances on Elastic Compute Cluster (EC2) for potential resource abuse or LLM model development, and abused Amazon Bedrock, an AI app-dev environment, for LLMjacking to gain access to cloud-hosted models. (DarkReading, SysDig Blog, HackRead)

Administrative Subpoenas Being Used to Coerce Technology Companies to Hand Over Data. On 3 February 2026, an elderly gentleman from Philadelphia filed a complaint against the Department of Homeland Security (DHS) because it served Meta an administrative subpoena to discover his true identity — for trying to help immigrants with their due process rights. In the last few months, DHS has relied on the use of administrative subpoenas to seek identifiable information about individuals who run anonymous Instagram accounts, which share posts about ICE immigration raids in their local neighborhoods. These subpoenas have also been used to demand information about people who have criticized Trump officials or protested government policies. Using this information about people's Gmail accounts or Instagram, etc. federal agents arrive at their doors. DHS lawyers sent an administrative subpoena to Meta demanding it turn over personal information of the person who runs the account, citing a non-Homeland Security employee who claimed to receive a tip that ICE agents were being stalked. The American Civil Liberties Union (ACLU), representing the account owner, said there was no evidence of wrongdoing and after sharing further evidence, DHS withdrew its subpoena. There are multiple cases where these subpoenas are being used and the ACLU called the subpoena “part of a broader strategy to intimidate people who document immigration activity or criticize government actions.” “Companies like Google know a lot about our lives, and we should feel confident that the government can’t get their hands on that information on a whim; it would damage the trust of users who allow them to collect sensitive information about their lives and preferences, and it would chill political expression across the board. These abusive subpoenas seek to punish individuals for their speech, but that is prohibited by the First Amendment.” (ACLU Press Release, Bloomberg, TechCrunch, The Verge, TechDirt)

CBP Uses Clearview AI to Support Facial Recognition. On 10 February 2026, U.S. Customs and Border Protection (CBP) announced its intent to award Clearview AI a sole-source award to augment its facial recognition and biometric capabilities. The contractor (Clearview AI) shall provide technical support, codes for fixes, access to product documentation, and any updates required to carry out that task, and to comply with the statement of work. The period of performance for this requirement shall be a 30-day delivery period for the licenses and for a 12- month base period from 30 September 2026 to 29 September 2027. This first year base contract will provide CBP with access to a database of more than 60 billion publicly available images. The investment, CBP said, will enhance its “tactical targeting” capabilities through a coordinated effort to “disrupt, degrade, and dismantle” people and networks viewed as security threats. The agreement anticipates analysts handling sensitive personal data, including biometric identifiers such as face images, and requires nondisclosure agreements for contractors who have access. (FedScoop, SAM Announcement, Wired)

Tulsa International Airport Ransomed. On 31 January 2026, officials at Tulsa International Airport confirmed that they fell victim to a ransomware incident conducted by Qilin, a Russian speaking cybercriminal syndicate. The malicious actors breached the airport’s business network and accessed data. The stolen data included sensitive court case files, insurance files, vendor revenue sheets, as well as financial, administrative, and personal data for employees and partners. Airport operations and travel were not affected because of proper network segmentation. (KFOR, SCWorld)

AI Generated Documents are Not Protected by Privilege. On 10 February 2026, the U.S. District Court for the Southern District of New York ruled from the bench that documents a client created using a commercial generative AI tool (Anthropic’s Claude) and sent to his lawyer were not protected by privilege. During the search of the defendant’s property, federal agents seized electronic devices containing approximately thirty-one documents generated using Anthropic’s AI tool Claude. (Debevoise)

Step Finance says Compromised Executive’s Devices Led to $40M Crypto Theft. On 31 January 2026, Step Finance detected a breach of its platform and announced that it lost $40 million worth of digital assets after malicious actors compromised devices belonging to the company's team of executives. Step Finance is a decentralized finance (DeFi) platform and analytics tool built on the Solana blockchain that allows users to visualize, track, analyze, and manage their crypto assets and positions. (BleepingComputer, StepFinance)

Coinbase Confirms Insider Breach Linked to Leaked Support Tool Screenshots. On 3 February 2026, Coinbase confirmed that a contractor improperly accessed the data of approximately thirty customers in December 2025. "The individual no longer performs services for Coinbase. We have also disclosed this incident to the relevant regulators, as is standard practice.” (BleepingComputer)

Federal Communications Commission (FCC) Warns Telecommunications Carriers to Prepare for Ransomware. On 29 January 2026, the FCC warned telecommunications companies to regularly patch their systems, enable multi-factor authentication (MFA) and segment their networks to avoid falling victim to ransomware attacks. “Recent events show that some U.S. communications networks are vulnerable to cyber exploits that may pose significant risks to national security, public safety, and business operations”. The alert said the FCC “has become aware” over the past year “of ransomware incidents involving small-to-medium sized communications companies that disrupted service, exposed information, and locked providers out of critical files.” (FCC Alert, CybersecurityDive)

NSA releases Phase One and Phase Two of the Zero Trust Implementation Guidelines. On 30 January 2026, the National Security Agency (NSA) published the Zero Trust Implementation Guidelines (ZIGs) that outline the activities needed to achieve the Department of War (DoW)- defined Target-level Zero Trust (ZT) maturity. These guidelines assist organizations like the Defense Industrial Base and affiliated groups in integrating Zero Trust principles, ensuring secure and resilient operations. Phase One details 36 activities organizations can use to build upon or further refine their environment to establish a secure foundation that supports 30 ZT capabilities specific to this phase. Phase Two details 41 activities that initiate the integration of core ZT solutions within the component environment. These activities enable 34 capabilities specific to this phase. (NSA Blog, Zero Trust Guideline - Phase One, Zero Trust Guideline - Phase Two)

Malicious Actors Compromise NGINX Servers Enabling Large-scale Web Traffic Hijacking. On 4 February 2026, DataDog published a blog detailing an active web traffic hijacking campaign that targets NGINX installations and Chinese hosting infrastructure (Baota Panel). NGINX is open-source software for web traffic management. It intermediates connections between users and servers and is employed for web serving, load balancing, caching, and reverse proxying. "The malicious configuration intercepts legitimate web traffic between users and websites and routes it through malicious actor-controlled backend servers.” The campaign is targeting Asian top-level domains (TLDs) (.in, .id, .pe, .bd, and .th) and government and educational sites (.edu and .gov).(BleepingComputer, HackerNews, DataDog Blog)

U.S. Senators Demand Answers from Treasury on IRS’s Data-sharing Deal with ICE. On 30 January 2026, the U.S. Senate Finance Committee’s top Democrat is demanded answers from the Treasury Department about the IRS’s data-sharing agreement with Immigration and Customs Enforcement (ICE). The Treasury Secretary must respond by 16 February 2026. Sen. Ron Wyden (D-Ore.) and 10 of his colleagues reprimanded the IRS and Treasury’s “unprecedented and disturbing disclosure of federal tax return information” to the Department of Homeland Security under an April 2025 memorandum of understanding. (FedScoop, US Senate Committee on Finance)

Scanner for Detecting Backdoors in AI Models. On 4 February 2026, Microsoft stated that it developed a scanner designed to detect backdoors in open-weight AI models. In a paper published at Cornell University, researchers present a practical scanner for identifying sleeper agent-style backdoors in causal language models. Their scanning methodology assumes no prior knowledge of the trigger or target behavior and requires only inference operations. It integrates naturally into broader defensive strategies and does not alter model performance. Microsoft said it identified observable indicators that suggest the presence of backdoors in language models. "The scanner we developed first extracts memorized content from the model and then analyzes it to isolate salient substrings”. (Hacker News, Cornell Paper on Scanning)

International Items of Interest

Chile Launches LATAM GPT. On 10 February 2026, Chile’s National Center for Artificial Intelligence Research (CENIA) launched LATAM-GPT. CENIA is the premier AI hub in Chile, focused on developing, researching, and promoting ethical, sustainable, and collaborative AI technology for Latin America. Situated in the Santiago region, it fosters innovation and talent while, in 2026, navigating the environmental impact of major data centers. LATAM-GPT involved an investment of about $3.5 million. It included collaboration from more than 15 countries and 60 organizations including universities, international institutions and technology leaders. Developers plan to add multimodal capabilities allowing the system to generate not only text but also images, audio and video. Leiva said the model currently compares to ChatGPT version 3. (CENIA, LATAM-GPT, Launch Event, UPI)

French AI Accelerator Backed by All the AI Platforms. On 10 February 2026, Paris-based Station F announced it had partnered with Anthropic, Google, Meta, Microsoft, Mistral, and OpenAI which is the first time the firms are all participating in a single accelerator. Other partners include cloud and semiconductor companies AWS, AMD, Qualcomm, and OVH Cloud. The accelerator will run for 3 months, 2 times per year. Each F/ai cohort will include 20 startups that will undergo a curriculum geared specifically toward helping European AI startups generate revenue earlier in their lifecycle, in turn making it easier to secure the funding required to expand into the largest global markets. The startups are all building AI applications on top of the foundational models developed by the partnering labs, in areas ranging from agentic AI to procurement and finance. (Station F, Wired, Station F International)

Germany Warns of Signal Account Hijacking. On 6 February 2026, German cybersecurity authorities (Federal Office for the Protection of the Constitution (BfV) and the Federal Office for Information Security (BSI)) issued an urgent warning about an ongoing, sophisticated phishing campaign that is targeting the Signal messaging accounts of high-ranking individuals, including politicians, military personnel, diplomats, and investigative journalists across Germany and Europe. The advisory poses that it bears the hallmarks of Russian state-sponsored cyber operations. The malicious actors are exploiting human trust and the app’s legitimate functionality to gain unauthorized access to private messages — without malware. “At the heart of the campaign is Signal’s “linked devices” feature, which allows users to connect their Signal account to secondary devices such as desktop computers or tablets. This convenience feature generates a QR code that, when scanned, grants the new device full access to the user’s message history and ongoing conversations. German authorities warn that the malicious actors have crafted malicious QR codes disguised as legitimate Signal group invitations or security verification prompts. When a target scans one of these codes, they unwittingly link the attacker’s device to their own Signal account, effectively giving the adversary a real-time mirror of all incoming and outgoing messages. Germany’s advisory builds upon earlier findings from Google’s Threat Intelligence Group, which in early 2025 documented similar tactics being used by Russian malicious actors — specifically a group tracked as UNC5792 — to target Signal users in Ukraine. If Russian intelligence operatives have developed a reliable playbook for compromising encrypted messenger accounts through social engineering, there is every reason to believe that similar techniques will be — or already are being — applied to other platforms, including WhatsApp, Telegram, and Threema. (German Advisory, Hacker News, Apple Media, Bleeping Computer, The 420)

Russia Interferes with Satellite Communications. On 4 February 2026, it was reported that European security officials suspect that two Russian space vehicles have intercepted the unencrypted communications of at least a dozen key satellites, possibly compromising sensitive information. According to orbital data and ground-based telescope observations, the Russian satellites — Luch-1 and Luch-2— have repeatedly maneuvered into close proximity with Europe’s 17 most important geostationary satellites. Europe’s satellites provide communications services across Europe, the UK, and large parts of Africa and the Middle East. The intrusions could also enable Russians to manipulate satellite trajectories or take them down. Major General Michael Traut, head of the German military’s space command suspects Russia is conducting SIGINT operations. Intelligence and military officials worry that Russia’s recent escalation of “hybrid warfare” in Europe has now reached into space. (FT, Kyiv Post, SpaceNews).

Russian Legion Launches Cyber Attacks on Denmark. On 27 January 2026, a newly formed Russian malicious actor alliance consisting of Cardinal, The White Pulse, Russian Partizan, and Inteid, now known as the Russian Legion launched a coordinated cyber campaign against Denmark, threatening critical infrastructure and government services. The group initiated “OpDenmark” to try to force Denmark to withdraw its planned 1.5 billion DKK military aid package to Ukraine. The incidents could severely impact Danish public and private sectors, demanding (long-needed) attention to cybersecurity measures. The primary attack method used to date are DDoS primarily targeting the energy sector, health care services, and public sector organizations. (Cybersecurity News, Industrial Cyber)

Punishing Owl Targets Russian Security Agencies. On 12 December 2025, a previously unknown malicious actor, Punishing Owl, launched sophisticated cyberattacks against Russian government security agencies and published the stolen documents. The malicious actors used multiple methods, including DNS manipulation and email compromise, to amplify their impact. They redirected traffic to a server in Brazil hosting stolen files and a political manifesto. The attack infrastructure shows technical sophistication with fake TLS certificates and credential stealing malware. (CyberSecurityNews, Habr)

Ukraine Tightens Controls on Starlink Terminals to Counter Russian Drones. On 4 February 2026, Ukraine’s Defense Chief, Mykhailo Fedorov, confirmed that the Ukrainian government has introduced a mandatory “whitelist” for Starlink terminals, under which only verified and registered devices will be allowed to operate in the country. All other terminals will be automatically disconnected. “Russian drones equipped with Starlink are difficult to intercept.” “They fly at low altitude, are resistant to electronic warfare, and can be controlled by operators over long distances in real time.” The new rules are aimed at countering Russian operations. (The Record, Fedorov Telegram Message)

Norway’s Threat Assessment Released. On 6 February 2026, the Norwegian Police Security Service released its annual threat assessment that highlights the threats Norway’s security. Chinese security and intelligence services have enhanced their ability to conduct intelligence operations in Norway, including cyber operations and human intelligence collection. The report confirms that China’s Salt Typhoon actor has exploited vulnerable network devices in Norway. Moreover, China is expected to continue improving its efforts to collect intelligence and map Norwegian digital infrastructure. The report also warns that China is “systematically” exploiting collaborative research and development projects to bolster its own military capacity and security capabilities. Besides China, Russia remains the principal overall threat to Norway’s security. The agency cited sustained espionage, mapping of critical infrastructure, pressure on Ukrainian refugees, covert intelligence operations using civilian vessels and the risk of sabotage. Russian intelligence has been “closely monitoring military targets and allied activities and capabilities in Norway for many years,” the report said, adding that the tense geopolitical situation in Europe is likely to drive increased activity. (Norway Threat Assessment, The Record, CyberScoop)

Romania’s Conpet Oil Pipeline Operator Breached by Qilin Ransomware Group. On 3 February 2026, Romania’s national oil pipeline operator, Conpet, disclosed that a cyberattack disrupted its IT systems. CONPET operates Romania’s national crude oil pipeline network, transporting crude, rich gas, condensate, and ethane to refineries nationwide. It manages 3,800+ km of pipelines vital to the country’s energy sector. While the core operations, including crude oil and gasoline transport, remain unaffected, the company’s IT infrastructure faced significant disruption. The ransomware syndicate, Qilin, has claimed responsibility and states it has at least 1TB of documents. Conpet is investigating with national cybersecurity authorities and has filed a criminal complaint with the Directorate for Investigation of Organized Crime and Terrorism (DIICOT). (The Record, Conpet Facebook Post, Industrial Cyber, Qilin Post)

Singapore Publishes China-linked Malicious Actors Breached All Four Telecommunications Operators. On 9 February 2026, the Cyber Security Agency of Singapore (CSA) and the Infocomm Media Development Authority (IMDA) shared details of a multi agency cybersecurity operation, codenamed Operation CYBER GUARDIAN, to defend Singapore’s telecommunications sector. The unauthorized access was attributed to the PRC affiliated malicious actor UNC3886, and affected all four telecom networks: Singtel, M1, StarHub, and Simba Telecom. The CSA stated that the malicious actors were not able to disrupt services and did not access personal data but did deploy advanced tools, including a zero-day exploit in a firewall to access the telco’s networks. Once the breach(es) were detected, the CSA, IMDA and other government agencies swiftly launched a coordinated whole-of-Government response, in partnership with the telcos to contain the breach. Operation CYBER GUARDIAN, is Singapore’s largest coordinated cyber incident response effort undertaken to date, spanning more than eleven months. Over 100 cyber defenders across agencies such as CSA, IMDA, the Centre for Strategic Infocomm Technologies (CSIT), the Digital and Intelligence Service (DIS), the Government Technology Agency of Singapore (GovTech) and the Internal Security Department (ISD) were involved in the operation. Cyber defenders have implemented remediation measures, closed off UNC3886’s access points, and expanded monitoring capabilities in the targeted telcos. (CSA Report, Straits Times, Security Week)

Potential Breach of 28% of Mexican Population. On 30 January 2026, the Chronus Group claimed that they had illegally copied 2.3-terabytes of information related to at least 36 million Mexicans. Documents and data were leaked online from at least 25 different government institutions in Mexico. The data included names, telephone numbers, addresses, dates of birth, and proof of registration in Mexico's public universal healthcare system Instituto Mexicano del Seguro Social (IMSS) Bienestar. However, Mexico’s cybersecurity and digital-technology agency, the Agencia de Transformación Digital y Telecomunicaciones (ATDT), downplayed the significance of any potential compromise. (DarkReading)