22d • 🚨 News & Updates
📅 Weekly Security Briefing — Feb 16–22, 2026
Here’s your clean, high-signal roundup of the biggest cybersecurity developments from the past week — from cutting-edge AI threats to targeted phishing and critical device security patches.
🔍 Google Gemini Prompt Injection & ‘Delayed Tool Invocation’ Exploit
What happened: Security researchers demonstrated how indirect prompt injection can be used to trick Google’s Gemini assistant into leaking private data and performing actions by embedding hidden instructions within trusted inputs (e.g., calendar invites or text). This method — often referred to as delayed tool invocation — conditions the hidden instruction to run later when the user interacts with the AI, enabling exfiltration of calendar or email content and other workflows.
🇷🇺 Russian State-Linked Actors Conduct Sophisticated Microsoft 365 Phishing Campaigns
What happened: A series of phishing and device-code authentication abuse campaigns linked to Russian state-aligned threat groups (including activity attributed to organizations in the SVR network like APT29 and variants) continue to target Microsoft 365 and Azure AD authentication flows. Adversaries use social engineering — including OAuth device code phishing — to steal tokens and gain persistent access to corporate tenants.
🔗 https://www.securityweek.com/russian-state-hackers-target-organizations-with-device-code-phishing/
🍎 CISA Adds Apple iOS USB Restricted Mode Bypass Zero-Day to KEV Catalog
What happened: The U.S. Cybersecurity and Infrastructure Security Agency confirmed that CVE-2025-24200, a vulnerability allowing attackers with physical access to bypass USB Restricted Mode on locked Apple devices, has been added to its Known Exploited Vulnerabilities (KEV) catalog. The flaw impacts iOS and iPadOS devices and was patched by Apple after reports of sophisticated targeted attacks.
🛡️ Juniper Patches Critical 9.8 Vulnerability in Session Smart Routers
What happened: Juniper released security updates addressing a critical authentication bypass vulnerability (CVE-2025-21589) in its Session Smart Router line. The flaw could let unauthenticated attackers forge tokens and gain full admin control over the device’s interface, posing severe risks to enterprise WAN infrastructure. (Replaced with a confirmed vendor advisory and public report)
🚀 Microsoft Defender for Cloud Reaches GA with Vertex AI Security Support
What happened: Microsoft announced that its Microsoft Defender for Cloud platform now offers General Availability support for Google Vertex AI, extending cross-cloud AI security posture management. The integration enables unified visibility and risk assessment for AI workloads across Azure, AWS, and GCP. (Official documentation)
🛍️ E-commerce Threat: Attackers Abuse Google Tag Manager for Skimming
What happened: Cybersecurity firms reported a wave of threats abusing Google Tag Manager (GTM) to deploy credit card skimmers on e-commerce storefronts. By embedding malicious JavaScript in otherwise legitimate GTM tags, attackers harvest payment card data during checkout while evading traditional detection. (Source reporting on similar GTM abuse trends)
💬 Wrap-Up
This week’s top signals show how AI interfaces can be weaponized by language alone, how state-aligned actors continue sophisticated cloud identity abuse, and how hardware and OS security boundaries still matter — especially when zero-days are actively exploited and mandated for mitigation. Which threat should security teams track most closely in the coming weeks?
2
1 comment
📅 Weekly Security Briefing — Feb 16–22, 2026
powered by
skool.com/cloud-ai-security-academy-4626
Learn AI, automation and security tools reshaping modern SOC and cyber careers.
Suggested communities
Powered by