Security news.
Today's security news highlights CISA's addition of two Google vulnerabilities to its KEV catalog, indicating active exploitation. We also see reports of state-sponsored cyber espionage targeting Southeast Asian militaries and a global INTERPOL crackdown on cybercrime infrastructure. Microsoft is investigating several issues impacting Windows 11 and Outlook users.
CISA Adds Two Google Vulnerabilities to KEV Catalog
CISA has added CVE-2026-3909 (Google Skia Out-of-Bounds Write) and CVE-2026-3910 (Google Chromium V8 Unspecified Vulnerability) to its Known Exploited Vulnerabilities Catalog, urging immediate remediation.
Chinese Hackers Target Southeast Asian Militaries
A suspected China-based cyber espionage group, tracked as CL-STA-1087, has been targeting military organizations in Southeast Asia since at least 2020 using AppleChris and MemFun malware.
FBI Seeks Victims of Malware-Laden Steam Games
The FBI is investigating eight malicious games uploaded to Steam that spread malware and is asking affected gamers to provide information.
INTERPOL Dismantles 45,000 Malicious IPs
A global law enforcement operation involving 72 countries, led by INTERPOL, has taken down 45,000 malicious IP addresses and servers used for phishing, malware, and ransomware.
Windows 11 Users on Samsung PCs Lose C: Drive Access
Microsoft is investigating an issue where some Samsung laptops running Windows 11 lose access to their C: drive and cannot launch applications after installing the February 2026 security updates.
Poland's Nuclear Research Centre Targeted by Cyberattack
Poland's National Centre for Nuclear Research (NCBJ) reported a cyberattack on its IT infrastructure, which was detected and blocked without impact.
Starbucks Data Breach Impacts Employees
Starbucks disclosed a data breach affecting hundreds of employees, stemming from phishing attacks targeting an employee portal.
Storm-2561 Spreads Trojan VPN Clients via SEO Poisoning
Microsoft detailed a credential theft campaign by Storm-2561, which uses SEO poisoning to distribute fake, digitally signed VPN clients.