Cyber Threat Bulletin

Reading time: 5 minutes

The final week of February 2026 has introduced a complex array of cybersecurity challenges, ranging from critical infrastructure vulnerabilities to the ethical quagmires of AI in modern combat. This advisory breaks down the essential security news every IT leader and security professional needs to prioritize this month.

Critical Vulnerability Alerts: VMware and Cisco

The most pressing technical threats this week involve widely used enterprise platforms. Security teams should immediately review their patching schedules for the following:

• VMware Aria Operations (Remote Code Execution): Multiple vulnerabilities (CVE-2026-22719, CVE-2026-22720, CVE-2026-22721) have been identified that could allow an attacker to execute arbitrary code remotely. Given the role of Aria Operations in managing large-scale cloud environments, these flaws represent a tier-1 risk. Ref: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947
• Cisco Catalyst SD-WAN: A critical authentication bypass and root escalation flaw (CVE-2026-20127) has been disclosed. This vulnerability allows unauthorized users to gain administrative control over SD-WAN fabrics, potentially compromising entire regional network segments. Ref: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa-EHchtZk
• SolarWinds Serv-U: Remote Code Execution vulnerabilities (CVE-2025-40538 through CVE-2025-40541) continue to impact file transfer services, necessitating urgent updates for legacy systems. Ref: https://www.solarwinds.com/trust-center/security-advisories

Major Data Breaches: Canadian Tire and CarGurus

The retail and automotive sectors faced significant exposure this week:

Canadian Tire Confirms Massive E-commerce Breach Impacting 38 Million Accounts.

Canadian Tire has disclosed a significant data breach involving an e-commerce database that exposed the personal information of over 38 million customers across brands like SportChek and Mark’s. While the company stated that passwords were hashed and primary banking data remained secure, leaked details including physical addresses, phone numbers, and masked card info have been identified in the dataset. Although no active misuse has been confirmed, experts warn that this large-scale credential leak poses a long-term risk for targeted phishing and social engineering campaigns.

Ref: https://haveibeenpwned.com/Breach/CanadianTire

https://corp.canadiantire.ca/English/media/news-releases/press-release-details/2025/Canadian-Tire-Corporation-E-Commerce-Data-Incident/default.aspx

CarGurus Targeted by ShinyHunters in Massive 12.5 Million Record Data Theft:

In February 2026, the extortion group ShinyHunters leaked a 6.1GB archive containing data from approximately 12.5 million CarGurus user accounts, including names, physical addresses, and finance pre-qualification details. While the platform has not yet publicly confirmed the scope of the breach, analysis by Have I Been Pwned reveals that over 12 million unique email addresses were exposed, significantly increasing the risk of credential stuffing and targeted phishing. The incident follows a failed extortion attempt and highlights a growing trend of threat actors exfiltrating both consumer data and internal business records to maximize leverage. This highlights ongoing risks in the digital consumer marketplace.

Ref: https://haveibeenpwned.com/Breach/CarGurus

https://x.com/haveibeenpwned/status/2025432800606957885

Security News:

Infrastructure Updates: AWS Outage in the Middle East

Regional service disruptions were reported in the me-central-1 region of the Middle East, where an AWS power outage impacted EC2 and networking services. This serves as a reminder for organizations to maintain multi-region redundancy to ensure business continuity during localized infrastructure failures.

Ref: https://health.aws.amazon.com/health/status

Kali Linux Integrates Claude AI via MCP for Automated Penetration Testing

On February 26, 2026, Kali Linux introduced an AI-assisted workflow using Anthropic’s Claude and the Model Context Protocol (MCP) to translate natural language prompts into executable terminal commands. This integration allows the AI to autonomously orchestrate tools like Nmap and Metasploit, though experts caution that human oversight is essential to mitigate risks like prompt injection and unauthorized tool execution.

Ref: https://www.kali.org/blog/kali-llm-claude-desktop/

The Convergence of AI and National Security

Perhaps the most significant development is the report that the US Military utilized Claude AI during strikes in Iran, despite an existing federal supply-chain ban on the technology.

The Pentagon's "Operation Epic Fury" reportedly embedded Claude into intelligence and targeting workflows. While Anthropic—the creator of Claude—prohibits the use of its models for "autonomous weaponization," the military has argued that the AI serves as a "decision-support" tool rather than an autonomous actor.

Ref: https://www.anthropic.com/news/statement-comments-secretary-war

https://x.com/sama/status/2027578652477821175

Key Takeaways for AI Governance:

1. Supply-Chain Friction: Defense reporting suggests that removing embedded AI like Claude is "impractical," even when bans are in place.
2. Corporate Policy vs. Operational Demand: OpenAI has since signed a negotiated agreement to deploy its systems within classified environments under strict safety conditions.
3. Ethical Compliance: This incident underscores the growing tension between AI vendors' ethical commitments and the operational requirements of national security.

Know your cyber threat posture. Take Complimentary Assessment: https://forms.gle/215oZk1AE2BSpu9P9

For detailed report & details: Call / WA +971 55 343 8693 | +971 52 373 4662 | [email protected]