Weekly Cybersecurity Bulletin 16–22 Feb 2026

Reading time: 5 minutes

The cybersecurity landscape remains volatile as global threat actors exploit new high‑impact vulnerabilities and data breaches continue to expose millions of users.

Critical Vulnerabilities – Active Exploits & Emergency Patches

1. Splunk Enterprise for Windows – Local Privilege Escalation (CVE‑2026‑20143)
   Splunk disclosed a high‑severity flaw allowing local privilege escalation via Python module manipulation. The vulnerability enables attackers with limited access to escalate to SYSTEM privileges, execute arbitrary code, and disrupt services. Affected versions include Splunk Enterprise 10.0.0–10.0.2, 9.4.0–9.4.7, and 9.3.0–9.3.8.
   Action: Upgrade immediately to version 9.3.9, 9.4.8, 10.0.3, or 10.2.0. Enforce strict directory permissions and restrict local system access.
2. Dell RecoverPoint for Virtual Machines – Hardcoded Credential (CVE‑2026‑22769)
   Dell revealed a critical vulnerability rated CVSS 10.0, enabling unauthenticated remote attackers to gain root‑level access via embedded credentials. Active exploitation has been linked to China‑based group UNC6201, targeting enterprise virtual environments.
   Action: Upgrade to version 6.0.3.1 HF1 immediately or apply Dell’s remediation script. Deploy RecoverPoint appliances only within trusted internal networks and conduct post‑patch forensic reviews.
3. Windows Admin Center – Elevation of Privilege (CVE‑2026‑26119)
   Microsoft patched a network‑exploitable privilege escalation flaw that allows attackers with limited rights to gain elevated administrative access. Given the breadth of Windows Admin Center adoption across UAE enterprises, exploitation could enable lateral movement across managed infrastructure.
   Action: Install the latest update, restrict management portals to internal VLANs, and enforce MFA for all privileged accounts.

Global Attack Campaigns – Breaches Highlight Identity Risks

1. FICOBA Breach (France): 1.2 Million Bank Accounts Exposed
   A compromised government login led to widespread data leakage from France’s national bank account registry (FICOBA). Exposed data includes IBANs, personal identifiers, and addresses—demonstrating the continuing risk from insider credentials and inadequate segmentation.
   Lesson: Reinforce least‑privilege access controls, monitor credential abuse, and implement zero‑trust principles for national financial databases.
2. Figure Technology Solutions Breach: Nearly 1 Million Records Leaked
   Fintech lender Figure fell victim to a social engineering and SSO abuse campaign, exposing nearly one million users. Data leaked by the ShinyHunters group included names, emails, and contact details.
   Lesson: Strengthen phishing‑resistant MFA and monitor single sign‑on events for anomalies—an increasingly common attack vector for financial institutions in the region.

Security News – Infrastructure Outages & AI Innovations

• Cloudflare Global Outage
  A six‑hour global disruption affected Cloudflare’s Bring‑Your‑Own‑IP (BYOIP) services on Feb 20, 2026, impacting approximately 25% of prefixes. The outage—rooted in automation errors rather than a cyberattack—underscores the operational risks posed by misconfigured automation pipelines in global infrastructure.
• OpenAI Launches EVMbench for Smart Contract Security Testing
  In a major development for decentralized security, OpenAI and Paradigm launched EVMbench, a benchmark testing AI models’ ability to detect, patch, and exploit vulnerabilities in Ethereum smart contracts. The initiative, supported by a $10M Cybersecurity Grant Program, marks a new chapter in AI‑driven vulnerability research for blockchain ecosystems.
• Ivanti EPMM Zero‑Day Exploitation (CVE‑2026‑1281 & CVE‑2026‑1340)
  Over 4,400 Ivanti EPMM instances worldwide have been exploited through two critical zero‑days enabling unauthenticated remote code execution. Attackers deployed web shells and reverse shells across public‑facing instances.
  Action: Patch immediately with Ivanti RPM updates and review server directories for unauthorized JSP files or suspicious outbound traffic.

Regional Takeaway – Strengthening Cyber Resilience in the GCC

Amid rising global cyberthreats, enterprises in the UAE, Saudi Arabia, and wider GCC must proactively manage vulnerability exposure and incident response readiness. Security leaders should prioritize:

• Continuous monitoring of CVE disclosures from trusted vendors
• Automated patch management and threat intelligence integration
• Strong endpoint logging, segmentation, and MFA enforcement
• Incident playbooks tailored for privilege escalation and zero‑day exploitation

With increasing interconnection between financial systems, government infrastructure, and AI‑powered technologies, regional cybersecurity resilience depends on timely updates and layered defense strategies.

For tailored GRC and cybersecurity advisory services in the UAE, contact Crowe UAE’s Cyber Threat Management to strengthen your organization’s defense posture against emerging 2026 threats.