Top 5 Cybersecurity News Stories February 27, 2026

Microsoft has patched a critical privilege escalation vulnerability, CVE-2026-26119 (CVSS 8.8), in its Windows Admin Center management platform. The flaw stemmed from improper authentication, allowing an authenticated attacker on the network to elevate privileges to that of the user running the affected system.

While Microsoft has not reported exploitation in the wild, the vendor assessed that exploitation was more likely and credited security researcher Andrea Pierini for the discovery. The patch was included in Windows Admin Center version 2511 in December 2025, and organizations are advised to apply the update promptly.
Read more onThe Hacker News

INTERPOL and 16 African countries concluded Operation Red Card 2.0, resulting in 651 arrests and recovery of more than $4.3 million during an eight-week crackdown on transnational online fraud. The initiative, conducted from December 8, 2025 to January 30, 2026, targeted high-yield investment scams, mobile money fraud, and fraudulent loan applications.

Investigators linked scam networks to over $45 million in losses and identified more than 1,247 victimsacross Africa and beyond. Authorities also seized devices, malicious domains, and infrastructure connected to these schemes. The coordinated effort underscores growing international collaboration in combating online financial crime.
Read more on The Hacker News

A zero-day vulnerability, CVE-2026-22769 (CVSS 10.0), in Dell RecoverPoint for Virtual Machines has been actively exploited by a suspected China-linked threat group dubbed UNC6201 since mid-2024. The flaw, caused by hard-coded credentials in affected versions, allowed attackers to gain unauthorized root access and establish persistent backdoors such as BRICKSTORM and GRIMBOLT.

Exploitation techniques included web shell deployment via Tomcat Manager, enabling deep system compromise and stealthy lateral movement. Dell recommends upgrading to patched versions and deploying devices within segmented, protected networks, while defenders are urged to hunt using emerging indicators of compromise.
Read more on The Hacker News

OpenAI confirmed that Chinese-linked threat actors misused ChatGPT in a broader cyberattack and influence campaign. Although the AI model was not used directly to create exploits or penetrate networks, it was leveraged to draft operational plans, propaganda, spear-phishing content, and narrative messaging that supported harassment and misinformation efforts.

Operators exploited the model to generate polished narratives in multiple languages, facilitating large-scale social media manipulation and targeted intimidation. OpenAI has banned implicated accounts, strengthened abuse detection, and shared indicators with authorities. The report highlights evolving misuse of generative AI in psychological and informational dimensions of modern cyber operations.
Read more on GBHackers

Marquis Software Solutions has filed a lawsuit against SonicWall in Texas federal court, alleging that a vulnerability in SonicWall’s MySonicWall cloud backup service led to a damaging ransomware attack in August 2025. The complaint claims a defective API allowed unauthorized access to firewall backup files by guessing predictable device serial numbers.

Exposed backups contained unencrypted sensitive data including MFA scratch codes and credentials, enabling attackers to bypass defenses. Marquis asserts SonicWall failed to detect or disclose the breach promptly, resulting in significant business losses and reputational harm. The suit cites negligence and failure to adhere to cybersecurity standards.
Read more on GBHackers