📅 Weekly Security Briefing — Feb 9–15, 2026

Here’s your compact, verified roundup of key cybersecurity and AI developments from the past week. This week’s cycle features urgent vulnerability patching, breakthrough generative models, marketplace threats against open AI platforms, geopolitical IP disputes, and broad infrastructure mandates.

🛡️ Microsoft Patch Tuesday: Six Zero-Days Under Active Exploitation

What happened: Microsoft’s February 2026 Patch Tuesday addressed 54–59 vulnerabilities across Windows, Office, Azure, Exchange, and other components. Among them were six zero-day flaws already being exploited in the wild, including security feature bypasses affecting Windows Shell, MSHTML, and Office file handling — and privilege escalation bugs in Desktop Window Manager and Remote Desktop Services. Multiple advisories note that CISA added these zero-days to its Known Exploited Vulnerabilities catalog.

🔗 https://www.securityweek.com/6-actively-exploited-zero-days-patched-by-microsoft-with-february-2026-updates/

🚀 OpenAI Unveils GPT-5.3-Codex-Spark on Specialized AI Hardware

What happened: OpenAI launched GPT-5.3-Codex-Spark, a specialized coding model optimized for ultra-high throughput on non-GPU chips (powered via Cerebras Systems’ Wafer Scale Engine). Initial previews show over 1,000 tokens per second performance, emphasizing ultra-low latency and iterative interactive development workflows.

🔗 https://openai.com/index/introducing-gpt-5-3-codex-spark/

⚠️ OpenClaw Marketplace Flooded with Malicious AI Agent ‘Skills’

What happened: Security teams reported that the open-source AI agent platform OpenClaw faced a major security incident after analysts found that roughly 12% of listings in its ‘skills’ marketplace contained malicious code — including keyloggers, credential stealers, and backdoor tools. Over 340 suspicious modules were identified, and a high-impact one-click RCE vulnerability was patched this week after being used to compromise agent instances. (Original article: reco.ai)

🔗 https://www.kaspersky.com/blog/openclaw-vulnerabilities-exposed/55263/

🕵️ OpenAI Warns US Congress of DeepSeek’s ‘Model Distillation’ Tactics

What happened: OpenAI sent an urgent policy brief to the US House Select Committee on China alleging that competitor DeepSeek is programmatically extracting high-quality outputs from Western frontier models to train its next-generation R1 chatbot. The memo frames the practice as “model distillation” that free-rides on proprietary research, raising concerns about intellectual property, API usage guardrails, and AI competition before lawmakers. (Article from Taipei Times)

🔗 https://finance.yahoo.com/news/openai-warns-congress-deepseek-distillation-183144659.html

📢 CISA Issues ‘Rip and Replace’ Mandate for Unsupported Edge Devices

What happened: CISA issued Binding Operational Directive 26-02, requiring federal agencies to remove or replace all end-of-life edge network devices — including firewalls, routers, and other perimeter hardware — within one year. The directive cites sustained targeting of unsupported infrastructure by advanced threat actors allegedly tied to nation-state groups, emphasizing that devices no longer receiving updates pose systemic risk to network defenses.

🔗 https://thehackernews.com/2026/02/cisa-orders-removal-of-unsupported-edge.html

📉 300 Million AI Chat Messages Leaked via Misconfigured Firebase Database

What happened: A major data breach impacting Chat & Ask AI exposed roughly 300 million private messages from over 25 million users due to an unsecured Firebase backend. The exposed records contained sensitive chat histories (spanning interactions with ChatGPT, Claude, and other models), user profile data, and billing information — highlighting ongoing misconfiguration risks in AI-enhanced ‘wrapper’ applications. (Malwarebytes report)

🔗 https://www.malwarebytes.com/blog/news/2026/02/ai-chat-app-leak-exposes-300-million-messages-tied-to-25-million-users

💬 Wrap-Up

I have also saw new AI model from Seedance 2.0. It really looks incredible. I wonder what will be the impact. Last time Deepseek was released it impacted stock market in a big way. Of course Deepseek now is banned in many US and EU companies due to regulation violation. This all said...it makes me think more and more, that China will win the AI war. They don't need to play nice. They can use any data they want to train their models. Given that China is one of the biggest threats in cyber security landscape...We are approaching interesting times. What do you think?

0 comments

AI Security & Automation

skool.com/cloud-ai-security-academy-4626

Learn AI, automation and security tools reshaping modern SOC and cyber careers.

AI Automation Society Plus

The AI Agents Course

Tech Confident Community

AI Automation Society

Bring people together around your passion and get paid.