Cyber Briefing: 2026.02.17
Infostealers target AI tokens, Ivanti and Chrome patch critical flaws, major data breaches surface, Poland arrests Phobos suspect, Apple tests encrypted RCS.
👉 What’s the latest in the cyber world today?
Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please Subscribe
🚨 Cyber Alerts
1. OpenClaw AI Tokens Stolen By Infostealer
Researchers have identified a new trend in malware where information stealers are now targeting the configuration files and identities of personal artificial intelligence agents. By capturing specific data like authentication tokens and behavioral guidelines, attackers can potentially hijack an individual’s digital persona or gain unauthorized remote access to their AI environment.
2. Ivanti Patches Endpoint Manager Bugs
Ivanti has issued critical security updates to address more than a dozen vulnerabilities in its Endpoint Manager software, including a high-severity authentication bypass. This specific flaw, identified as CVE-2026-1603, allows remote attackers to bypass security protocols and steal sensitive login credentials without requiring any prior access.
3. Chrome Zero-Day CVE-2026-2441 Patched
Google recently issued an emergency patch for Chrome to resolve a critical security vulnerability that is currently being used in active cyberattacks. This specific flaw, categorized as a use-after-free bug within the browser’s CSS engine, marks the first zero-day exploit patched by the company in 2026.
For more alerts click here!
💥 Cyber Incidents
4. Eurail Traveler Data Listed On Dark Web
Eurail B.V. has confirmed that customer data stolen during a recent security breach is now being marketed on the dark web and shared via Telegram. The company is currently investigating the specific scope of the leak to identify exactly which records and individuals have been compromised.
5. Washington Hotel Discloses Ransomware
The Washington Hotel brand in Japan recently suffered a ransomware attack that compromised business data stored on its internal servers. In response, the company has launched an investigation with cybersecurity experts to evaluate the extent of the breach and restore affected systems.
6. Canada Goose Data Breach Exposes Records
Canada Goose is investigating claims by the ShinyHunters extortion group regarding a data breach involving more than 600,000 customer records. The leaked information includes names, contact details, and partial payment card data allegedly stolen from a third-party processor in late 2025.
For more incidents click here!
📢 Cyber News
7. Ireland Probes X Over Grok Images
Ireland’s Data Protection Commission has launched a formal inquiry into X regarding the use of its Grok AI tool to create non-consensual sexual images of real people, including minors. The investigation seeks to determine if the platform violated several core GDPR principles, including data protection by design and the mandatory performance of impact assessments.
8. Poland Arrests Suspect In Phobos Case
Polish authorities have arrested a 47-year-old man in the Małopolska region for his alleged involvement with the Phobos ransomware group, an international operation responsible for extorting millions from over 1,000 organizations. During the raid, police seized devices containing vast amounts of stolen credentials and credit card data used to facilitate cyberattacks as part of the coordinated global crackdown known as Operation Aether.
9. Apple Tests Encrypted RCS Messaging
Apple has launched a new developer beta for iOS and iPadOS 26.4 that introduces end-to-end encryption for RCS messaging between Apple devices. This update also includes enhanced memory safety protections and is expected to enable Stolen Device Protection by default for all users.
For more news click here!
📈Cyber Stocks
Cybersecurity stocks on Tuesday, 17 February 2026 traded with measured strength as broader tech sentiment stabilized and investors rotated selectively back into cloud and identity security leaders.
Zscaler closed at 177.72 dollars and advanced, with zero-trust and secure access architectures underpinning investor interest.
Fortinet closed at 85.56 dollars and moved up, supported by steady network security and converged infrastructure demand.
Check Point Software Technologies closed at 171.48 dollars and was higher, with defensive firewall and threat prevention offerings maintaining stability.
SentinelOne closed at 13.87 dollars and edged higher, as AI-driven endpoint protection names saw selective buying.
Rapid7 closed at 7.18 dollars and was modestly higher, reflecting stable vulnerability management and SIEM exposure.
CyberArk Software closed at 408.85 dollars and was largely flat, with privileged access management demand continuing to anchor performance.
💡 Cyber Tip
🌐 Chrome Zero-Day CVE-2026-2441 Patched
Google has released an emergency Chrome update to fix a critical zero-day vulnerability that is already being exploited in the wild. The flaw, a use-after-free bug in the browser’s CSS engine, could allow attackers to execute arbitrary code through specially crafted web pages.
🛠️ What You Should Do
Update Chrome immediately to the latest version
Restart the browser after updating to activate the patch
Ensure automatic updates are enabled
Update other Chromium-based browsers like Edge or Brave
Avoid visiting untrusted or suspicious websites until patched
⚠️ Why This Matters
Browser zero-days provide attackers with a direct entry point into systems. Delaying updates increases the risk of malware infection, credential theft, and system compromise through simple web browsing.
📚 Cyber Book
Automating Inequality by Virginia Eubanks
Copyright © 2026 CyberMaterial. All Rights Reserved.
Follow CyberMaterial on:
Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium