CosmicBytez Newsletter #4 — February 2026 Security Digest

Welcome to Issue #4

February 2026 has been one of the most eventful months in cybersecurity this year. From critical zero-days in Exchange Server and FortiOS to the FBI's urgent warning on AI-generated deepfakes, the threat landscape continues to evolve at an unprecedented pace.

This issue covers the most important developments from the past two weeks, along with practical guidance to protect your organization.

Top Stories

Microsoft Patch Tuesday: 3 Zero-Days, 74 CVEs

Microsoft's February Patch Tuesday addressed 74 vulnerabilities including three actively exploited zero-days:

• CVE-2026-21478 — Exchange Server RCE (CVSS 9.1) — Unauthenticated remote code execution via deserialization. CISA KEV deadline: Feb 25.
• CVE-2026-21412 — Windows Kernel EoP (CVSS 7.8) — Used by APT groups targeting government entities.
• CVE-2026-21445 — SmartScreen Bypass (CVSS 8.1) — Being used in phishing campaigns to deliver info-stealers.

Action Required: Prioritize Exchange Server patching immediately. The kernel and SmartScreen patches should follow within 48 hours.

Read full analysis

FBI Warns: AI Deepfake Attacks Hit $145M in Losses

The FBI and CISA issued a joint advisory on AI-generated deepfake attacks targeting corporate executives. Since October 2025, over 400 incidents have been reported, with the largest single loss at $25.6 million — a deepfake video call impersonating a CEO on Microsoft Teams.

Key takeaway: Multi-person authorization for wire transfers and callback verification to known numbers are your best defenses.

Read full article →

Critical Fortinet SSL VPN Vulnerability (CVE-2026-0899)

A heap-based buffer overflow in FortiOS SSL VPN allows unauthenticated remote code execution with a CVSS score of 9.3. Proof-of-concept exploit code is circulating. Affected versions: FortiOS 7.2.x through 7.6.x.

Action Required: Patch to FortiOS 7.6.2, 7.4.6, or 7.2.10 immediately. If patching is delayed, disable SSL VPN.

Read security advisory →

This Month's Threat Landscape

By the Numbers

Critical Vulnerabilities This Month

New Content on CosmicBytez Labs

How-To Guides

• Active Directory Health Check — Comprehensive PowerShell diagnostic guide for AD infrastructure
• Configuring Windows LAPS — Automated local admin password management
• Nmap Scanning Techniques — From host discovery to NSE scripts
• OSINT Reconnaissance Methodology — Structured approach to open-source intelligence
• M365 Security & Compliance — Harden your Microsoft 365 tenant
• Group Policy Security Hardening — CIS-aligned GPO baselines
• Exchange Online Security — Email security configuration guide
• Python for Security Automation — Essential security scripting

Projects

• AD Penetration Testing Lab — Build a vulnerable AD environment for training
• OSINT Investigation Workstation — Dedicated OSINT VM setup
• M365 Security Baseline — End-to-end tenant hardening
• Network Traffic Analysis — Zeek + Suricata + ELK stack

Quick Wins This Month

Five things you can do today to improve your security posture:

1. Patch Exchange Server — CVE-2026-21478 is being actively exploited for unauthenticated RCE
2. Update FortiGate appliances — CVE-2026-0899 has public exploit code
3. Enable phishing-resistant MFA — FIDO2 security keys for all admin accounts
4. Review wire transfer procedures — Implement multi-person authorization and callback verification
5. Check for auto-forwarding rules — Attackers use these for persistent email access

What's Coming Next

• Expanded IT exam prep with CompTIA Security+ (SY0-701) study materials
• Deep dive into Azure AD Certificate Services (AD CS) attacks
• Wireshark protocol analysis tutorial series
• MITRE ATT&CK mapping for our security content

Stay Connected

• Visit CosmicBytez Labs for the latest content
• Use our Security Tools for quick calculations and lookups
• Prepare for certifications with IT Exam Prep
• Browse the Security Advisory Archive for latest CVEs

See you in Issue #5!

— Dylan H., CosmicBytez Labs