Top 5 Cybersecurity News Stories February 20, 2026

Cybersecurity threats evolve rapidly as threat actors target your data and funds. To keep you secure, we’ve scoured the web for the top 5 cybersecurity news stories February 20, 2026, no threat too big or small, from espionage to flaws in everyday devices.

1. KEV Surge: Ivanti, BeyondTrust, SolarWinds RMM flaws exploited

CISA has recently updated its Known Exploited Vulnerabilities (KEV) catalog, adding several critical remote management flaws that are actively being exploited in the wild. Key additions include BeyondTrust Remote Support and Privileged Remote Access vulnerabilities (CVE-2026-1731, with a CVSS score of 9.9), alongside multiple SolarWinds Web Help Desk issues enabling unauthorized access.

Mass internet scanning reveals widespread attacker activity targeting these for gaining privileged footholds in networks, prompting federal agencies to enforce strict three-day patch deadlines. This surge highlights remote access tools as high-priority targets for threat actors, urging organizations to conduct immediate exposure audits, implement enhanced network segmentation, enforce Zero Trust principles, and prioritize rapid patching to bolster enterprise resilience against such persistent threats.

Read more on Western Illinois University Cybersecurity Center

2. PromptSpy: Gen-AI Embedded in Android Malware

ESET researchers have uncovered PromptSpy, marking the first known Android malware that integrates generative AI—specifically Google Gemini—directly into its runtime execution for sophisticated adaptive persistence mechanisms. The malware dynamically queries the AI model to generate real-time instructions for UI manipulation, allowing it to pin itself prominently in the recent apps list and overlay deceptive interfaces that hinder uninstallation attempts.

Additional capabilities encompass VNC remote access, lockscreen content capture, screenshots, audio/video recording, and data exfiltration, primarily distributed through fake banking applications aimed at users in Argentina. Victims must boot into Safe Mode for effective removal, while Google Play Protect has begun detecting and blocking known variants. This development signals a troubling evolution in mobile threats, where AI enhances evasion and interactivity.
Read more on Help Net Security

3. FCC Telecom Ransomware Alert: 4x Attack Rise

The U.S. Federal Communications Commission (FCC) has released an urgent public alert regarding a dramatic fourfold increase in ransomware attacks specifically targeting telecommunications operators since 2021. The advisory stresses the implementation of robust network segmentation strategies, reliable and regularly tested backups, and mature incident response plans to protect critical operations.

These attacks pose severe risks not only to telecom providers but also to national security and public safety, potentially causing widespread service outages that disrupt emergency communications and dependent enterprise services. The FCC emphasizes telecom infrastructure resilience as a cornerstone of critical infrastructure protection, calling on operators to enhance defenses proactively amid escalating threats from sophisticated ransomware groups.
Read more on World Economic Forum

4. Warlock Hits SmarterTools via Unpatched Email

SmarterTools confirmed a significant ransomware breach by the Warlock group (also tracked as Storm-2603) on January 29, 2026, stemming from an unpatched SmarterMail server vulnerable to authentication bypass (CVE-2026-23760). Attackers exploited this flaw to deploy ransomware payloads and a malicious Supabase MSI installer that embedded Velociraptor for long-term persistence and forensic evasion within the environment.

Cybersecurity firm ReliaQuest observed subsequent admin password resets and lateral movement attempts, underscoring persistent risks in email server infrastructure. The incident serves as a stark reminder of the critical need for timely vulnerability patching, routine security audits, and monitoring to prevent similar compromises and limit attacker dwell time.
Read more on The Hacker News

5. Advantest Semiconductor Breach

Advantest Corporation, a major provider of semiconductor test equipment, disclosed on February 15, 2026, the detection of anomalous IT activity that prompted a full-scale cybersecurity incident response. The company swiftly engaged external cybersecurity experts, enacted containment measures, and isolated affected systems to prevent further compromise while investigations continue.

As a key player in global chip manufacturing and electronics production supply chains, this breach raises significant concerns about potential disruptions to semiconductor testing operations and broader ripple effects across technology sectors. Ongoing assessments will determine the full scope of data impact and recovery timelines.
Read more on Advantest

At DIESEC, our experts are ready to assist with all your cybersecurity needs. We ensure your system is safe and secure and provide training for your employees to avoid falling victim to social engineering tactics.

For more information, please contact us now!