Don’t Hack On Me — Signal February 16, 2026

The Story

Google released an emergency Chrome update on Friday to patch CVE-2026-2441 — a high-severity (CVSS 8.8) use-after-free vulnerability in Chrome’s CSS engine that’s being actively exploited in the wild. It’s the first Chrome zero-day of 2026, and Google is doing what Google always does: confirming exploitation exists while saying absolutely nothing about who’s doing it or who’s being targeted.

The vulnerability is an iterator invalidation bug in CSSFontFeatureValuesMap — Chrome’s implementation of CSS font feature values. When Chrome parses stylesheets and applies them to the DOM, certain sequences of operations cause premature memory deallocation. An attacker can reallocate that freed memory with malicious data, redirecting execution flow. The attack is delivered via a crafted HTML page, meaning phishing links or compromised websites are the likely vector. Security researcher Shaheen Fazim discovered and reported the flaw on February 11. Google patched it two days later on February 13.

Here’s the part that matters: this isn’t just a Chrome problem. Every browser built on Chromium is affected — Microsoft Edge, Brave, Opera, Vivaldi, Arc, and any other Chromium-based browser you’re running. That’s roughly 70% of global browser market share running on a single engine. One vulnerability, one codebase, and most of the internet’s browsers need a patch. Chrome’s fixed versions are 145.0.7632.75/76 for Windows and Mac, and 144.0.7559.75 for Linux. Other Chromium browsers will ship their own patches as they pull in the fix.For context, Chrome had roughly 8 actively exploited zero-days in 2025 and 7 in 2024. That’s averaging close to one per month. Browser zero-days aren’t rare events anymore — they’re a recurring line item in your patching calendar.

What Does This Mean to Me?

If you’re in security operations: Update Chrome right now. Don’t wait for the auto-update cycle — this is an actively exploited zero-day, and you don’t know where this is going to show up. Go to chrome://settings/help, force the update, and restart your browser. If you manage endpoints, push the update through MDM immediately. Don’t rely on auto-update for a zero-day.

And it’s not just Chrome. Chromium is the backbone of almost everything. Edge, Brave, Opera, Vivaldi — and it goes beyond the obvious ones. Perplexity’s Comet browser runs on Chromium. Arc runs on Chromium. If it’s a browser and it’s not Firefox or Safari, it’s probably Chromium. Every one of those needs to be updated once their vendor ships the fix. Make sure you know which Chromium-based browsers are running in your environment, because your users might be on browsers your asset inventory doesn’t even track.

Everyone should have automatic browser updates enabled — that’s table stakes. But for an actively exploited zero-day, automatic isn’t fast enough. Manual update. Now.

If you’re in leadership: The Chromium monoculture is something worth thinking about. One vulnerability in one codebase just put ~70% of the world’s browsers at risk. Google patches fast — two days from report to fix is impressive — and Chrome’s sandbox architecture limits the blast radius of any single exploit. That’s the upside. The downside is that when the Chromium engine has a flaw, the attack surface is enormous.

This isn’t a “switch browsers” argument. The security benefits of Chromium’s architecture and update cadence are real. But it is an argument for making sure your browser patching is as tight as your OS patching. Browser zero-days are averaging one per month across 2024 and 2025. That’s not a spike — it’s the baseline. If your patching program doesn’t treat browser updates with the same urgency as OS patches, it’s time to fix that.

The bigger picture: We’ve normalized browser zero-days. Chrome had 7 in 2024, 8 in 2025, and the first one of 2026 just dropped. Google’s response is always the same — confirm exploitation, withhold details, ship a patch. The 2-day turnaround is genuinely good. But the cadence tells you something: browsers are one of the most valuable attack surfaces on the internet, and threat actors are investing heavily in finding and exploiting browser vulnerabilities. The best defense is the simplest one: keep your browser updated, and when a zero-day drops, don’t wait. Update now.

Stay alert. Don’t let them hack on you.Subscribe to Don’t Hack On Me | donthackonme.com

This post was researched, drafted, and edited with AI assistance. The analysis and perspective are Marcus’s. See something wrong? Leave a comment.

Don’t Hack On Me — Signal February 15, 2026

The Story

On February 5, OpenAI released GPT-5.3-Codex — and quietly made history. It’s the first AI model that OpenAI itself classifies as “High” risk for cybersecurity under their Preparedness Framework. That classification means OpenAI believes the model can automate end-to-end cyber operations against reasonably hardened targets, or automate the discovery and exploitation of operationally relevant vulnerabilities. Read that again. The company that built it is telling you it can hack things.

The capability curve has been steep. OpenAI’s models went from a 27% success rate on capture-the-flag cybersecurity challenges (GPT-5, August 2025) to 76% (GPT-5.1-Codex-Max, November 2025). GPT-5.3-Codex pushes that further. The company also has Aardvark, an agentic security researcher in private beta that scans codebases, reasons over entire repositories, finds vulnerabilities, and proposes patches. Aardvark has already discovered and responsibly disclosed vulnerabilities that received 10 CVE identifiers in open source projects.

So what’s OpenAI’s answer to releasing a model that can hack hardened targets? A program called Trusted Access for Cyber — an identity and trust-based framework that gates enhanced cyber capabilities behind verification. Vetted security professionals get access. Everyone else gets guardrails. Individual users can verify their identity; enterprises can request trusted access for teams. There’s also an invite-only tier for security researchers who need more permissive models. OpenAI is backing it with $10 million in API credits for defensive cyber research.

Not everyone is satisfied with the safeguards. The Midas Project, an AI safety watchdog, pointed out that GPT-5.3-Codex triggered OpenAI’s own “high risk” threshold but was deployed without the specific misalignment safeguards the Preparedness Framework calls for at that level. OpenAI’s response: those safeguards are only required when high cyber capability occurs in conjunction with long-range autonomy. The model is a powerful tool, not an autonomous agent — the distinction matters.

Source:Trusted Access for Cyber (OpenAI, February 5, 2026

Who’s Covering This

• Fortune — “Unprecedented cybersecurity risks.” Focuses on the tension between capability advancement and safety. (February 5, 2026)

• OpenAI System Card — The technical system card detailing the “High” cybersecurity risk classification and mitigation approach. (February 5, 2026)

• SC Media — Covers the Trusted Access launch and $10 million in API credits for defensive research. (February 2026)

• OpenAI — Strengthening Cyber Resilience — OpenAI’s broader strategy post explaining how they’re planning for models that could develop zero-day exploits against well-defended systems. (February 2026)

• OpenAI — Introducing Aardvark — The agentic security researcher that scans codebases and has already found 10 CVEs in open source projects. (October 2025)

If you’re in cybersecurity operations: This is a tools story, and you should think about it the way you think about every powerful tool that’s come through this industry. Cobalt Strike was supposed to be a penetration testing tool. Metasploit was supposed to be a penetration testing tool. Both ended up in the hands of threat actors. That’s going to happen with AI cyber capabilities too — it’s not a question of if, it’s a question of when. The question is whether defenders get to use these tools first.

OpenAI’s Trusted Access program is an attempt to put these capabilities in the hands of the good guys before the bad guys figure it out on their own. If you’re a security practitioner or your team does vulnerability management, pen testing, or code review — apply. Get in early. Start experimenting with what these models can do for your workflows now, because the attackers aren’t waiting for an access program. The $10 million in API credits is real money on the table for defensive research. Take advantage of it.

If you’re in leadership: The models are getting better — fast. OpenAI went from 27% on CTF challenges to 76% in three months. GPT-5.3-Codex is even better. And OpenAI isn’t the only one: Hacktron AI found the BeyondTrust variant through AI-enabled analysis just weeks ago. This isn’t theoretical anymore. AI systems are finding real vulnerabilities at production scale.

What does that mean for your program? Vulnerability volume is going to increase. AI is going to find more bugs faster — both by the good guys doing responsible disclosure and by the bad guys scanning for exploitable targets. Your vulnerability management program needs to be ready for a world where the rate of CVE discovery accelerates. FIRST is already projecting 50,000+ CVEs in 2026 — a record. The organizations that integrate AI into their defensive workflows early will have an advantage. The ones that don’t will be patching faster just to keep up.

The safety debate around the Midas Project’s criticism is worth watching but shouldn’t distract from the practical reality: OpenAI’s logic makes sense here. A high-capability tool without autonomous agency is still just a tool — it needs a human operator. The risk profile is fundamentally different from an autonomous agent that can chain operations independently. The real risk isn’t the model itself. It’s who gets access and what they do with it.

The bigger picture: Every generation of security tooling follows the same pattern. A powerful capability emerges. It gets built for defense. It ends up in offense. The defenders who adopted early had the advantage; the ones who waited were playing catch-up. We saw it with Metasploit, we saw it with Cobalt Strike, and we’re going to see it with AI cyber capabilities. Sometimes you don’t know what software is going to be used for — even Sam Altman has said they’ve been surprised by how their models get applied. The capability is here. The question isn’t whether AI can hack things — OpenAI just told you it can. The question is whether you’re going to use it to find the holes before someone else does.

This post was researched, drafted, and edited with AI assistance. The analysis and perspective are Marcus’s. See something wrong? Leave a comment.

Don’t Hack On Me — Signal

February 15, 2026

The Story

Palo Alto’s Unit 42 dropped a report on February 5 detailing what they’re calling the “Shadow Campaigns” — a state-aligned cyberespionage operation that compromised over 70 organizations across 37 countries in the past year. The group, tracked as TGR-STA-1030 (also known as UNC6619), has been active since at least January 2024 and hit some of the highest-value targets on the board: national law enforcement agencies, ministries of finance and foreign affairs, a parliament, a senior elected official, and national telecom providers. Between November and December 2025 alone, they conducted active reconnaissance against government infrastructure in 155 countries. That’s roughly one in five nations on earth.

The technical details are serious. The group deployed a previously unknown Linux kernel rootkit called ShadowGuard — an eBPF-based rootkit that runs in kernel space without appearing as a loadable module, making it extremely difficult to detect with conventional tools. It can hide up to 32 processes simultaneously, intercept system calls, and conceal files and directories. They also rotated through Cobalt Strike, VShell (a Go-based C2), Havoc, SparkRat, and Sliver across different phases of the campaign. Their persistence toolkit included Behinder and Godzilla web shells, plus GOST and FRPS tunneling tools.

Here’s where it gets interesting — and where the story becomes about more than just TTPs. Unit 42’s published report attributed TGR-STA-1030 to a “state-aligned group that operates out of Asia” with “activity patterns aligned with GMT+8.” That’s deliberately vague. On February 12, Reuters reported that the original draft of the report attributed the campaign to China. According to Reuters, Palo Alto Networks executives — not the researchers — ordered the attribution stripped. The reason: fear of retaliation from Beijing. Palo Alto has five offices in China and was among roughly 15 U.S. and Israeli cybersecurity firms that China has banned on national security grounds. The company denied the claims.

Source: The Shadow Campaigns: Uncovering Global Espionage (Unit 42, February 5, 2026)

Who’s Covering This

• Reuters — Broke the exclusive that Palo Alto execs overrode researchers and stripped China attribution from the report due to fear of retaliation from Beijing. The real story behind the story. (February 12, 2026)

• BleepingComputer — Emphasizes the reconnaissance scope: 155 countries scanned, 37 compromised, critical infrastructure across the board. (February 5, 2026)

• SecurityWeek — Focuses on victim types — ministries, law enforcement, border control — and the ShadowGuard rootkit discovery. (February 5, 2026)

• The Hacker News — Technical breakdown of the breach scale, phishing lures, and the Diaoyu loader malware. (February 6, 2026)

• SC Media — Covers the attribution controversy angle — corporate self-censorship in threat intelligence reporting. (February 2026)

What Does This Mean to Me?

If you’re in the security operations: Here’s the thing that matters most: this group used zero zero-days. Every exploit in their toolkit was an N-day — known vulnerabilities with patches available, some dating back to 2019. They weaponized Microsoft Exchange RCE, SAP Solution Manager privilege escalation, Atlassian Crowd (CVE-2019-11580), and D-Link RCE, among others. A state-aligned group that compromised 70+ organizations across 37 countries did it with bugs you’ve had patches for. That’s your action item. Check your exposure against the CVEs listed in the Unit 42 report. Hunt for the IOCs — they published IP addresses, domains, and file hashes. And if you’re running Linux infrastructure, understand that eBPF-based rootkits like ShadowGuard represent a real detection gap. Traditional kernel module monitoring won’t catch it. Start looking at eBPF monitoring capabilities in your stack.

If you’re in leadership: The attribution controversy is worth paying attention to — but not for the reasons the headlines suggest. Reuters reporting that Palo Alto stripped China attribution under corporate pressure is a reminder that threat intelligence from vendors is filtered through commercial interests. That’s always been true, but it’s rarely this visible. Factor that into how you consume vendor threat intel.

But here’s the bigger point: it doesn’t matter who the adversary is. Whether this is China, Russia, or anyone else operating out of GMT+8 — the vulnerabilities they exploited are the same. The patches are the same. The defensive actions are the same. We spend too much time in this industry debating flags and not enough time patching the CVEs from 2019 that state-sponsored groups are still using to walk through the front door. The targeting in this campaign aligned with geopolitical interests — rare earth mining deals, diplomatic pressure points, trade negotiations — but the exploitation was pure opportunism against unpatched systems. Attribution is interesting. Patching is what keeps you from being in the next report.

The bigger picture: A state-aligned espionage group hit 70 organizations across 37 countries using nothing but known vulnerabilities, commodity C2 frameworks, and one novel rootkit. They compromised parliaments, ministries, and law enforcement agencies. And when the security vendor that discovered it tried to tell the world who did it, corporate leadership said no. Every part of that sentence should bother you — but the part you can actually control is whether your systems are patched. Start there.

Stay alert. Don’t let them hack on you.

Subscribe to Don’t Hack On Me

This post was researched, drafted, and edited with AI assistance. The analysis and perspective are Marcus’s. See something wrong? Leave a comment.

Don’t Hack On Me — Signal February 14, 2026

The Story

Remember the BeyondTrust vulnerability that let Chinese state-sponsored group Silk Typhoon breach the U.S. Treasury Department in late 2024? Same product. Same WebSocket endpoint. New code path. And this time it’s worse.

CVE-2026-1731 is a critical (CVSS 9.9) pre-authentication remote code execution vulnerability in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA). An unauthenticated attacker can execute arbitrary OS commands via specially crafted requests — no credentials required, no user interaction needed. It affects RS versions 25.3.1 and prior and PRA versions 24.3.4 and prior. Roughly 8,500 self-hosted instances are exposed to the internet, and BeyondTrust serves 20,000+ customers including 75% of the Fortune 100.

Here’s where it gets interesting: this vulnerability was discovered by Hacktron AI through AI-enabled variant analysis of CVE-2024-12356 — the same vulnerability class that enabled the Treasury breach. An AI system found a variant of a nation-state-exploited flaw through automated analysis. That’s a first worth paying attention to.

The timeline is aggressive. BeyondTrust published advisory BT26-02 on February 6 and auto-patched SaaS customers on February 2. A proof-of-concept exploit hit GitHub on February 10. GreyNoise detected active reconnaissance probing within 24 hours. Attackers are already in the wild — Arctic Wolf confirmed exploitation attempts deploying the SimpleHelp RMM tool for persistence and lateral movement. CISA added CVE-2026-1731 to the Known Exploited Vulnerabilities catalog on February 13 with a remediation deadline of February 16. That’s a three-day window. CISA doesn’t do that unless it’s bad.

Source: BT26-02 Security Advisory (BeyondTrust, February 6, 2026)

Who’s Covering This

• Rapid7 — Technical breakdown of the vulnerability, affected versions, and fix versions. (February 9, 2026)

• GreyNoise — Active scanning detected within 24 hours of PoC release. Also observed the old Silk Typhoon exploit chain (CVE-2024-12356 + CVE-2025-1094) still being replayed as recently as January 2026. (February 12, 2026)

• The Hacker News — Confirmed in-the-wild exploitation of the CVSS 9.9 vulnerability. (February 2026)

• Hacktron AI — The discoverers. Describes how AI-enabled variant analysis found the flaw and the responsible disclosure process. (February 6, 2026)

• CISA — Added to KEV catalog with a February 16 remediation deadline. (February 13, 2026)

• Arctic Wolf — Detected attackers exploiting CVE-2026-1731 to deploy SimpleHelp RMM tool for persistence and lateral movement. (February 2026)

What Does This Mean to Me?

If you’re in security operations: If your organization runs BeyondTrust Remote Support or Privileged Remote Access on-prem, this is a drop-everything patch. Self-hosted instances need to be updated immediately — CISA’s three-day window ends February 16. SaaS customers were auto-patched on February 2, but verify with your BeyondTrust admin. While you’re at it, hunt for indicators of the SimpleHelp RMM tool in your environment — Arctic Wolf confirmed attackers are deploying it post-exploitation for persistence and lateral movement. If you had unpatched instances exposed to the internet before the fix, assume possible compromise and scope an investigation.

Also worth noting: GreyNoise observed the old Silk Typhoon exploit chain (CVE-2024-12356) still being replayed as recently as January 2026. If you patched the first one but haven’t patched this new variant, you’re still exposed on the same endpoint.

If you’re in leadership: This is the same product that enabled a nation-state breach of the U.S. Treasury, and it’s the same vulnerability class on the same endpoint. That’s a pattern, not a coincidence. If your organization relies on BeyondTrust for privileged access — and if you’re in the Fortune 100, there’s a 75% chance you do — this should trigger a broader conversation about your architecture. Privileged access tools sit at the heart of your trust model. When they have pre-auth RCE flaws, attackers don’t need credentials. They don’t even need to knock.

The AI discovery angle matters for your strategy too. This is one of the first major CVEs discovered by an AI system through variant analysis. That’s going to accelerate. Vulnerability discovery is getting faster on both sides — AI is finding bugs before and after the bad guys. The good news: responsible disclosure worked here. Hacktron found it, reported it, BeyondTrust patched it. But the window between disclosure and exploitation is shrinking to hours, not days. Your patching programs need to match that pace.

The bigger picture: We’re going to see more of this. AI-enabled variant analysis means that when a vulnerability class is found in a product, every related code path in that product gets scrutinized at machine speed. For defenders, that’s ultimately good — bugs get found and fixed faster. For attackers, it means they can automate the same analysis. The race between discovery and exploitation is getting faster on both sides. The organizations that survive are the ones that can patch at the speed the threat demands. CISA giving a three-day remediation window is the clearest signal yet that the old “patch within 30 days” cadence is dead for critical vulns.

Stay alert. Don’t let them hack on you.

Subscribe to Don't Hack On Me

This post was researched, drafted, and edited with AI assistance. The analysis and perspective are Marcus’s. See something wrong? Leave a comment.