Weekly Cybersecurity Recap - 9 February 2026

Introduction

The past week highlighted how attackers continue to combine credential theft, supply chain compromises, and critical vulnerabilities to gain footholds in enterprise environments. At the same time, geopolitical tensions, AI-driven ecosystems, and evolving cybercrime tactics are reshaping how organizations think about resilience and incident response.

From nation-state espionage campaigns and ransomware-linked exploits to evolving extortion strategies and open-source security risks, defenders are facing an increasingly complex threat landscape that demands proactive governance, strong identity protection, and faster response capabilities.

Identity, Fraud & Social Engineering

Six in ten financial cyberattacks start with stolen login details

Authorities warned that compromised credentials remain one of the biggest drivers of financial cybercrime. With attackers relying heavily on stolen usernames and passwords, individuals and organizations face growing risks of identity theft and unauthorized account access.

The findings reinforce how weak authentication practices and credential reuse continue to expose financial data. Strengthening identity controls and monitoring suspicious login activity are becoming essential to reduce fraud risks.

ShinyHunters escalates tactics in extortion campaign linked to Okta environments

Researchers observed an escalation in ShinyHunters-linked campaigns that combine voice phishing with branded credential-harvesting sites to compromise enterprise environments. Attackers are targeting single sign-on systems and MFA processes to gain persistent access.

The campaigns highlight how threat actors are blending social engineering with identity-focused attacks to bypass security controls. Organizations relying on identity platforms must strengthen verification processes and educate users about sophisticated phishing tactics.

Vulnerabilities, Exploits & Active Threats

Critical n8n Flaw CVE-2026-25049 Enables System Command Execution via Malicious Workflows

A newly disclosed vulnerability in the n8n workflow automation platform enables arbitrary command execution through malicious workflows due to insufficient input sanitization. The flaw builds on previous vulnerabilities, showing how patching gaps can persist.

Security teams are urged to apply updates quickly and review workflow automation privileges. As automation tools become more integrated into operations, they also introduce new attack surfaces that adversaries are actively exploring.

Critical SmarterMail Vulnerability Exploited in Ransomware Attacks

Attackers are exploiting a critical SmarterMail vulnerability to execute arbitrary code remotely through malicious HTTP requests. The flaw allows unauthenticated attackers to reset administrator passwords and gain full control of servers.

Ransomware operators are already leveraging this vulnerability in active campaigns. Organizations using affected systems must urgently patch and monitor for unauthorized administrative changes or suspicious activity.

Malicious NGINX Configurations Enable Large-Scale Web Traffic Hijacking Campaign

Threat actors have been manipulating NGINX configurations and management panels to reroute legitimate web traffic through attacker-controlled infrastructure. The campaign is linked to ongoing exploitation trends in web server ecosystems.

Such attacks can expose sensitive data and disrupt business operations while remaining difficult to detect. Security teams should audit server configurations and monitor for unusual routing or proxy behavior.

Supply Chain & Open Source Security

Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

Researchers identified compromised open-source packages distributing malicious code capable of stealing cryptocurrency wallet credentials and deploying remote access tools. The attack demonstrates the continued risks in software supply chains.

Developers are urged to verify dependencies, use integrity checks, and monitor repositories for suspicious updates. Supply chain compromises remain a significant risk as attackers target trusted development ecosystems.

Shai-hulud: The Hidden Cost of Supply Chain Attacks

Recent worm-like supply chain attacks have infected thousands of software packages and repositories, spreading malicious code across ecosystems. While immediate damage may be hard to quantify, long-term operational and reputational costs are significant.

Organizations must strengthen dependency management and implement continuous monitoring for malicious code. The broader impact of these attacks extends beyond individual victims to entire development communities.

AI, Automation & Security Innovation

OpenClaw Integrates VirusTotal Scanning to Detect Malicious ClawHub Skills

OpenClaw has partnered with VirusTotal to scan skills uploaded to its ClawHub marketplace, aiming to prevent malicious code from entering agentic ecosystems. The initiative reflects growing concerns around AI-driven automation platforms.

As agentic tools expand in enterprise environments, proactive scanning and governance are essential to reduce abuse. Integrating threat intelligence into development workflows helps prevent vulnerabilities from reaching production environments.

Threat Landscape, Strategy & Sector Risks

Cyberspy Group Hacked Governments and Critical Infrastructure in 37 Countries

A state-sponsored cyberespionage campaign targeted government and critical infrastructure systems across dozens of countries. The operation leveraged region-specific tools and infrastructure, suggesting coordinated nation-state involvement.

Such campaigns highlight the geopolitical dimension of cybersecurity and the need for cross-border collaboration. Critical sectors must strengthen defenses against persistent and highly sophisticated adversaries.

How cybersecurity can best navigate geopolitics to secure a resilient and open digital future

Cybersecurity is increasingly shaped by geopolitical competition, regulatory fragmentation, and sovereignty-driven policies. Organizations operating globally must adapt to shifting legal frameworks and cross-border data challenges.

Building resilience now requires partnerships between governments and businesses to manage hybrid threats and digital interdependencies. Strategic planning must account for geopolitical tensions that influence cyber risk.

The First 90 Seconds: How Early Decisions Shape Incident Response Investigations

Incident response outcomes are often determined in the earliest moments after detection, when teams face incomplete information and intense pressure. Early mistakes can lead to prolonged breaches and greater operational impact.

Organizations should prioritize structured response procedures, clear communication channels, and rapid triage capabilities. Strengthening early-stage decision-making can dramatically improve containment and recovery outcomes.