Major Cybersecurity Incidents: PayPal Breach, Chrome 0-Day, and BeyondTrust Exploit

In the week spanning February 16 to 22, 2026, the cybersecurity landscape witnessed a series of significant incidents affecting major organizations and technologies.

Ransomware Attacks Escalate

The Hellcat ransomware group intensified its operations by infiltrating Ascom’s ticketing system, exfiltrating 44GB of sensitive data, including source code and confidential documents. The initial breach was facilitated through compromised Jira credentials obtained via Infostealer malware.

AI-Powered Threats Emerge

A financially motivated threat actor utilized multiple AI services to compromise over 600 FortiGate devices. This marks a notable instance of AI being employed in offensive cyber operations targeting enterprise network infrastructure.

Critical Vulnerabilities and Exploits

Several critical vulnerabilities were disclosed and actively exploited during this period:

  • BeyondTrust Appliances: A critical remote code execution (RCE) vulnerability was exploited by attackers who manipulated WebSocket connections to execute code. A single IP address was responsible for 83% of these attempts.
  • Google Chrome: An emergency update addressed a high-severity heap buffer overflow flaw that could allow attackers to crash the browser or execute arbitrary code.
  • Ivanti EPMM: A critical RCE vulnerability (CVE-2026-1281) was actively exploited, with a single IP address accounting for 83% of attacks.

Data Breaches Expose Sensitive Information

Several organizations reported significant data breaches:

  • PayPal: A breach exposed customers’ Social Security Numbers, dates of birth, and business Personally Identifiable Information (PII), increasing the risk of identity theft and financial fraud.
  • SpyX: The spyware operation confirmed a breach affecting nearly 2 million users, including approximately 17,000 plaintext Apple Account credentials.
  • California Cryobank: A significant data breach exposed sensitive customer PII, executed via SQL injection to extract records while compromising logging systems to conceal the intrusion.

Cloudflare Outage Highlights Infrastructure Vulnerabilities

Cloudflare experienced a six-hour global service outage on February 21, 2026, disrupting services worldwide. The incident was traced to a password rotation error that led to widespread service failures across multiple product lines.

These events underscore the evolving nature of cyber threats, emphasizing the need for organizations to adopt proactive security measures, stay informed about emerging vulnerabilities, and implement robust incident response strategies to mitigate potential damages.