News

Microsoft Patches 6 Actively Exploited Zero-Days in February 2026 Updates

Luciano Ferrari

16 Feb 2026 — 2 min read

Monday, February 16, 2026

Top 5 Cybersecurity Stories You Should Know

Microsoft Patches 6 Actively Exploited Zero-Days in February 2026 Updates — tl;dr: Microsoft's February 2026 Patch Tuesday updates addressed approximately 60 vulnerabilities, including six actively exploited zero-days. Key vulnerabilities include CVE-2026-21510, which allows bypassing Windows SmartScreen prompts, and CVE-2026-21533, enabling privilege escalation in Windows Remote Desktop Services. Although no public attacks exploiting these vulnerabilities have been reported, the potential for exploitation exists, especially among nation-state actors. Users and organizations are advised to promptly apply these updates to mitigate risks associated with these vulnerabilities across Windows and Office products, as well as other Microsoft services.
↪ https://www.securityweek.com/6-actively-exploited-zero-days-patched-by-microsoft-with-february-2026-updates/
CVE-2026-22153: Fortinet FortiOS Authentication Bypass Vulnerability — tl;dr: CVE-2026-22153 is a high-severity authentication bypass vulnerability affecting Fortinet's FortiOS versions 7.6.0 to 7.6.4. This flaw allows unauthenticated attackers to bypass LDAP authentication mechanisms in Agentless VPN or FSSO policies, potentially granting unauthorized access to sensitive systems and data. Organizations using affected FortiOS versions are at heightened risk of data breaches and malware deployment. It is crucial for administrators to apply the necessary patches immediately to mitigate these risks and protect their network security.
↪ https://securityvulnerability.io/vulnerability/CVE-2026-22153
Ivanti EPMM RCE Zero-Days (CVE-2026-1281, 1340) Actively Exploited — tl;dr: Ivanti Endpoint Manager Mobile (EPMM) is facing critical remote code execution vulnerabilities, CVE-2026-1281 and CVE-2026-1340, both with a CVSS score of 9.8. These flaws allow unauthenticated attackers to execute arbitrary code via crafted HTTP requests, posing significant risks to managed mobile devices and enterprise data. Organizations using affected EPMM versions (12.5.0.0 and prior) should immediately apply the recommended RPM updates to mitigate risks and validate their systems for compromise. A permanent fix is expected in version 12.8.0.0, scheduled for Q1 2026.
↪ https://horizon3.ai/attack-research/vulnerabilities/cve-2026-1281-cve-2026-1340/
CISA Highlights Cyber Threats and Response Strategies for National Security — tl;dr: The Cybersecurity and Infrastructure Security Agency (CISA) emphasizes the importance of tracking and responding to evolving cyber threats, including malware, phishing, and ransomware. Nation-state actors exploit vulnerabilities to disrupt essential services, making it crucial for individuals, businesses, and governments to collaborate in cybersecurity efforts. CISA provides resources, alerts, and advisories to help organizations manage vulnerabilities and respond to incidents effectively. By staying informed and implementing recommended practices, stakeholders can enhance their defenses against cyber threats and contribute to national security.
↪ https://www.cisa.gov/topics/cyber-threats-and-response
Palo Alto Networks Patches CVE-2024-3400 Exploited by Python Backdoor — tl;dr: Palo Alto Networks has released critical patches for a zero-day vulnerability (CVE-2024-3400) in PAN-OS that allows attackers to exploit device telemetry data, gaining root access to firewalls. Approximately 41,336 devices are potentially exposed, with reports of attackers deploying a Python backdoor named Upstyle. Security firm Volexity detected the exploit in late March 2024, linking it to sophisticated state-sponsored attackers, possibly the Lazarus Group. Users are urged to update their PAN-OS software immediately or disable device telemetry temporarily to mitigate risks until updates can be applied.
↪ https://hackread.com/palo-alto-patche-0-day-cve-2024-3400-python-backdoor/