This Week in Cybersecurity
The final week of February 2026 delivered a stark reminder that ransomware continues to operate without mercy — two critical infrastructure targets fell in the same week: a major US healthcare system and the world's largest semiconductor test equipment supplier. Meanwhile, an old threat got dramatically worse: AT&T's 2024 breach has resurfaced with SSNs now decrypted, and a novel Russian freight-sector phishing ring was exposed and disrupted before it could scale further.
On the AI front, commercial generative AI crossed a new threshold this week — Amazon's threat intelligence team documented a single actor using multiple GenAI tools to compromise 600 FortiGate firewalls across 55 countries, with no software vulnerabilities required. This is the clearest demonstration yet that AI has eliminated the skill floor for large-scale infrastructure attacks.
The leaderboard has also shifted: Claude Opus 4.6 climbed to #1 on Chatbot Arena, and Gemini 3.1 Pro Preview set an all-time record on Artificial Analysis at an Intelligence Index score of 57.
Top Stories
Diesel Vortex: Russian Freight Phishing Ring Disrupted
A sophisticated Russian-linked PhaaS operation called Diesel Vortex was exposed and disrupted this week after stealing 1,649 credentials from major freight operators including DAT Truckstop, Penske Logistics, and Teleroute using 52 typosquatting domains over five months. The operation — complete with a call centre, programmers, and dedicated logistics fraud staff — was coordinated against in a joint takedown involving GitLab, Cloudflare, Google, CrowdStrike, and Microsoft.
UMMC Ransomware: 35 Clinics Closed Across Mississippi
The University of Mississippi Medical Center detected a ransomware attack on February 19 that took down its EPIC EMR system and forced the closure of all 35 statewide health clinics, canceling surgeries and outpatient appointments. The FBI has surged resources into the investigation. No ransomware group has claimed responsibility as of press time.
AT&T Breach Resurfaces — 148M SSNs Now Decrypted
The 2024 AT&T breach has become dramatically more dangerous. A dataset of 176 million records — including 148 million Social Security numbers that were previously encrypted but are now in plaintext — began circulating in criminal markets on February 2. Every AT&T customer should place a credit freeze and IRS Identity Protection PIN immediately.
AI-Armed Hacker Compromises 600+ FortiGate Devices in 55 Countries
Amazon's threat intelligence team documented how a Russian-speaking amateur used multiple commercial GenAI services to breach 600+ FortiGate firewalls across 55 countries in 5 weeks — exploiting zero software vulnerabilities. Just exposed management ports and weak credentials, scaled by AI. Post-exploitation activity aligns with ransomware pre-positioning.
Advantest Semiconductor Supplier Hit by Ransomware
Advantest, the world's largest automatic test equipment supplier whose tools are used by TSMC, Samsung, and SK Hynix, confirmed a ransomware attack on February 19. No group has claimed responsibility. This is the fifth major semiconductor-sector ransomware incident since 2023 — and the supply chain implications are significant.
Security Advisories This Week
Three new CVEs added to the Security Advisories section, all confirmed in the CISA KEV catalog:
CVE-2026-21514 — Microsoft Office Word OLE Bypass (CVSS 7.8 / High) A logic flaw in Word's OOXML parser silently executes malicious OLE objects without any "Enable Content" prompt or Protected View warning. Actively exploited. Federal patch deadline: March 3, 2026. Full advisory →
CVE-2026-25108 — Soliton FileZen OS Command Injection (CVSS 8.8 / High) OS command injection in the FileZen secure file transfer appliance allows authenticated attackers to achieve arbitrary command execution via crafted HTTP requests. Multiple confirmed real-world attacks. Federal patch deadline: March 17, 2026. Full advisory →
CVE-2026-21513 — Microsoft MSHTML Framework Bypass (CVSS 8.8 / High)
A protection mechanism failure in ieframe.dll allows crafted .html, .mht, or Office files to bypass browser security zones and execute arbitrary resources. Can be chained with CVE-2026-21514 for a compound attack. Federal patch deadline: March 3, 2026.
Full advisory →
AI Leaderboard Update
The AI Leaderboard has been refreshed with February 25 rankings. Notable movements:
Chatbot Arena (ELO):
- 🥇 Claude Opus 4.6 — new #1 at ELO 1504, up from #2
- Gemini 3.1 Pro Preview debuts at #3 (1500)
- Bytedance's Doubao Seed 2.0 Preview enters the top 10 at #9
Artificial Analysis (Intelligence Index):
- 🥇 Gemini 3.1 Pro Preview takes #1 at score 57 — highest ever recorded on this benchmark
- Claude Sonnet 4.6 (max) enters at #3
SWE-Bench Verified:
- The leaderboard has shifted from standalone models to agent-scaffold combinations
- live-SWE-agent + Claude 4.5 Opus leads at 79.2%
- Bytedance TRAE + Doubao-Seed-Code debuts at #2 with 78.8%
Quick Hits
- 700Credit breach: Millions of SSNs from US auto financing credit checks have been exposed — if you've applied for vehicle financing recently, monitor your credit
- Figure / Shiny Hunterz: Fintech company Figure hit by ransomware from the Shiny Hunterz group; internal documents and client PII compromised
- Coupang data breach: Korean e-commerce giant facing regulatory action following customer data exposure
CosmicBytez Labs — IT & Cybersecurity Intelligence Hub