Executive Summary
February closed with a concentrated surge in exploited vulnerabilities and ransomware activity, signaling intensified adversary focus on high-impact enterprise targets. A total of 28 vulnerabilities were added to the CISA Known Exploited Vulnerabilities (KEV) catalog, with Microsoft accounting for eight entries, followed by multiple additions impacting Cisco, Roundcube, Sangoma FreePBX, GitLab, and SolarWinds, alongside individual entries affecting Apple, Dell, and Google.
Beyond KEV updates, active exploitation activity was observed across widely deployed platforms including RARLAB WinRAR, the Linux Kernel, Atlassian Crowd, Hotta Studio products, and Microsoft Office demonstrating adversaries’ continued preference for both enterprise-grade software and legacy attack surfaces.
On the ransomware front, Qilin led activity with 110 victim disclosures, followed by The Gentlemen (83)and Clop (79), underscoring sustained extortion pressure. Healthcare, education, and manufacturing sectors remained primary targets, as threat actors combined newly disclosed flaws with long-standing vulnerabilities to establish access, exfiltrate data, and maximize operational disruption.
Subscribe to our Newsletter
