9th February - Threat Intelligence Report

• Conpet pipeline attack disrupted IT but not operations. • Qilin ransomware group claimed responsibility. • Check Point Harmony protects against this threat. • Report covers recent ransomware, supply‑chain, and vulnerability incidents. • Provides actionable threat intel for security teams.

Article Summaries:

• 9th February - Threat Intelligence Report

The bulletin highlights a series of cyber incidents. Romania’s Conpet pipeline operator suffered a Qilin ransomware attack that knocked its website offline but left operational technology intact. La Sapienza University in Rome shut down systems for three days after a cyberattack, while Connecticut’s New Britain city endured a ransomware hit that disrupted internet and phone services for 48 hours. A Belgian secondary school faced extortion after a ransomware breach. AI‑related threats included credential‑exploited AWS intrusions, the DockerDash vulnerability enabling remote code execution, and a data‑leak at toy maker Bondu. Vulnerabilities in Ivanti Endpoint Manager Mobile (CVE‑2026‑1281/1340) and a React Native CLI flaw (CVE‑2025‑11953) were actively exploited.

• Kubernetes has announced it will retire the popular Ingress‑NGINX controller, citing security and maintenance concerns after four new CVEs were discovered. The steering and security committees say the move will shift traffic handling to the newer Gateway API, which promises tighter integration and fewer attack vectors. Meanwhile, the data‑center industry is eyeing space: SpaceX and other startups are pursuing orbital data‑center deployments, while AT&T partners with Amazon Leo to add satellite broadband to its portfolio. Broadcom, Azure, and AMD also rolled out new networking silicon and VMs, underscoring a broader push for high‑performance, edge‑centric infrastructure.
• A significant chunk of the exploitation attempts targeting a newly disclosed security flaw in Ivanti Endpoint Manager Mobile (EPMM) can be traced back to a single IP address on bulletproof hosting infrastructure offered by PROSPERO. Threat intelligence firm GreyNoise said it recorded 417 exploitation sessions from 8 unique source IP addresses between February 1 and 9, 2026. An estimated 346 exploitation sessions have originated from 193.24.123[.]42, accounting for 83% of all attempts. The malicious activity is designed to exploit CVE-2026-1281 (CVSS scores: 9.8), one of the two critical securi
• Threat activity this week shows one consistent signal - attackers are leaning harder on what already works. Instead of flashy new exploits, many operations are built around quiet misuse of trusted tools, familiar workflows, and overlooked exposures that sit in plain sight. Another shift is how access is gained versus how it’s used. Initial entry points are getting simpler, while post-compromise activity is becoming more deliberate, structured, and persistent. The objective is less about disruption and more about staying embedded long enough to extract value. There’s also growing overlap betwee
• Google on Thursday said it observed the North Korea-linked threat actor known as UNC2970 using its generative artificial intelligence (AI) model Gemini to conduct reconnaissance on its targets, as various hacking groups continue to weaponize the tool for accelerating various phases of the cyber attack life cycle, enabling information operations, and even conducting model extraction attacks. “The group used Gemini to synthesize OSINT and profile high-value targets to support campaign planning and reconnaissance,” Google Threat Intelligence Group (GTIG) said in a report shared with The Hacker Ne

Sources:

• https://research.checkpoint.com/2026/9th-february-threat-intelligence-report/
• https://packetpushers.net/podcasts/network-break/nb561-kubernetes-retires-ingress-nginx-are-data-centers-headed-for-orbit/
• https://thehackernews.com/2026/02/83-of-ivanti-epmm-exploits-linked-to.html
• https://thehackernews.com/2026/02/threatsday-bulletin-ai-prompt-rce.html
• https://thehackernews.com/2026/02/google-reports-state-backed-hackers.html
• https://www.darkreading.com/endpoint-security/ivanti-epmm-zero-day-bugs-exploit
• https://www.bleepingcomputer.com/news/security/one-threat-actor-responsible-for-83-percent-of-recent-ivanti-rce-attacks/
• https://research.checkpoint.com/2026/16th-february-threat-intelligence-report/
• https://www.crowdstrike.com/en-us/blog/patch-tuesday-analysis-february-2026/
• https://unit42.paloaltonetworks.com/ivanti-cve-2026-1281-cve-2026-1340/
• https://www.securityweek.com/ivanti-exploitation-surges-as-zero-day-attacks-traced-back-to-july-2025/
• https://thehackernews.com/2026/02/threatsday-bulletin-openssl-rce-foxit-0.html
• https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-actively-exploited-dell-flaw-within-3-days/
• https://www.thezdi.com/blog/2026/2/19/cve-2026-20841-arbitrary-code-execution-in-the-windows-notepad
• https://unit42.paloaltonetworks.com/beyondtrust-cve-2026-1731/
• https://www.securityweek.com/beyondtrust-vulnerability-exploited-in-ransomware-attacks/
• https://thehackernews.com/2026/02/beyondtrust-flaw-used-for-web-shells.html
• https://www.bleepingcomputer.com/news/security/cisa-beyondtrust-rce-flaw-now-exploited-in-ransomware-attacks/
• https://research.checkpoint.com/2026/23rd-february-threat-intelligence-report/
• https://thehackernews.com/2026/02/weekly-recap-double-tap-skimmers.html (Latest source article published: 2026-02-24 12:04 UTC)