Executive Summary
February closed with aconcentrated surge in exploited vulnerabilities and ransomware activity,signaling intensified adversary focus on high-impact enterprise targets. Atotal of 28 vulnerabilities were added to the CISA Known ExploitedVulnerabilities (KEV) catalog, with Microsoft accounting for eight entries,followed by multiple additions impacting Cisco, Roundcube, Sangoma FreePBX,GitLab, and SolarWinds, alongside individual entries affecting Apple, Dell, andGoogle.
Beyond KEV updates, activeexploitation activity was observed across widely deployed platforms includingRARLAB WinRAR, the Linux Kernel, Atlassian Crowd, Hotta Studio products, andMicrosoft Office demonstrating adversaries’ continued preference for bothenterprise-grade software and legacy attack surfaces.
On the ransomware front,Qilin led activity with 110 victim disclosures, followed by The Gentlemen (83)and Clop (79), underscoring sustained extortion pressure. Healthcare,education, and manufacturing sectors remained primary targets, as threat actorscombined newly disclosed flaws with long-standing vulnerabilities to establishaccess, exfiltrate data, and maximize operational disruption.
Subscribe to our Newsletter
