In this roundup, Tony examines how opportunistic threat actors are exploiting weak authentication, unmanaged exposure, and the popularity of AI tools.

28 Feb 2026

As February 2026 comes to a close, ESET Chief Security Evangelist Tony Anscombe provides insights into significant cybersecurity developments that have unfolded during the month. His analysis emphasizes key lessons drawn from incidents that have captured attention and posed heightened risk to businesses and organizations worldwide.

• One notable event involved the misuse of commercial generative AI tools, which led to the compromise of over 600 FortiGate devices across 55 different nations. Rather than leveraging specific software vulnerabilities, these attacks capitalized on exposed management ports and the absence of robust authentication, particularly two-factor authentication. This series of breaches highlights a concerning trend in which threat actors are increasingly relying on weak credentials to gain unauthorized access, as reported by Amazon Threat Intelligence.
• Further illustrating the growing threat posed by generative AI, researchers from ESET unveiled PromptSpy, a malicious Android application that represents a pioneering instance of malware that exploits generative AI for context-aware manipulation of user interfaces. This discovery underscores the dual-use nature of AI technology, emphasizing the urgent need for vigilant cybersecurity measures to counteract its potential misuse in cyberattacks. The increasing sophistication of such malware serves as a stark reminder that the same technologies designed to enhance user experience can also be weaponized against unsuspecting individuals.
• Additionally, U.S. ATM operators have been alerted by the FBI regarding a surge in malware-driven jackpotting attacks. These nefarious activities involve criminals exploiting malware to manipulate cash machines into dispensing large sums of cash, indicating a troubling escalation in the tactics employed by cybercriminals. This development sets off alarm bells for financial institutions and highlights the necessity for improved security protocols to safeguard ATMs from such vulnerabilities, which can lead to substantial financial losses.
• The security community is also analyzing a comprehensive report released at the end of January by Poland’s CERT. This report meticulously examined cyberattacks that targeted over 30 organizations within critical infrastructure sectors. Accompanying this analysis, ESET researchers delved into specific case studies, including an examination of a wiper tool used in a targeted attack against an energy company. This incident is illustrative of the broader risks faced by vital infrastructure and serves as a critical reminder of the need for heightened security awareness among organizations operating in these sectors.

In light of these incidents, businesses are urged to extract meaningful lessons and bolster their cybersecurity defenses. It is imperative to prioritize the implementation of strong authentication practices, conduct regular audits of exposed management interfaces, and remain vigilant against the evolving threats posed by emerging technologies. For a more comprehensive understanding of these developments and their implications, viewers are encouraged to watch the linked video and explore the January 2026 edition of Tony’s monthly security news roundup.