February 2026 Cybersecurity Round-Up

By Editorial Team | March 11, 2026

If there’s anything the world will remember February 2026 for, it’s the war that started in the Middle East on the final day of the month. However, for those with an interest in cybersecurity, the preceding 27 days also provided a lot of noteworthy news. Here’s a roundup of the key cyberattacks and CVEs we saw during the month.

Cyberattacks in February 2026

Microsoft Outlook

Researchers uncovered the first known malicious Outlook add-in operating in the wild, after attackers hijacked the domain associated with an abandoned plugin called AgreeTo. The add-in redirected users to a fake Microsoft login page and successfully harvested more than 4,000 Microsoft account credentials before it was removed from the Office marketplace.

Attackers increasingly target ecosystem trust layers, where a legitimate tool can quietly become malicious when ownership changes or infrastructure is abandoned. As organisations integrate dozens of productivity extensions into daily workflows, the add-in ecosystem becomes another software supply chain.

Google Chrome

In a related incident, security researchers uncovered more than 30 malicious Chrome extensions masquerading as AI assistants. These were installed by over 300,000 users. The extensions claimed to offer tools for ChatGPT-style productivity but instead harvested browser data, including emails, credentials, and browsing activity, which was sent to attacker-controlled servers.

Attackers are exploiting the AI gold rush the same way they once exploited cryptocurrency hype. They’re focusing on hyped areas of tech where demand outpaces scrutiny. Browser extensions are particularly dangerous because they operate with deep permissions; also, a lot of work gets done in browsers with employees using various SaaS solutions. When users install AI-branded extensions without questioning their provenance, they effectively grant attackers a persistent “adversary-in-the-browser” foothold.

ManoMano

European DIY marketplace ManoMano disclosed a large-scale data breach after attackers compromised a third-party customer support provider in Tunis and accessed its Zendesk account, which was used to handle support interactions. The attacker (using the alias “Indra”) reportedly exfiltrated personal information, including names, email addresses, phone numbers, and customer-service conversations, affecting up to 37.8 million users. The company confirmed the incident, revoked the subcontractor’s access, and notified regulators such as France’s CNIL and the national cybersecurity agency ANSSI.

Threat actors compromised the customer-service layer surrounding the platform rather than the ManoMano e-commerce site itself. As businesses outsource customer operations, marketing, logistics, and support tooling, the attack surface increasingly sits outside the primary platform for e-commerce companies. The perimeter has effectively dissolved into a web of subcontractors and SaaS integrations.

Freight and Logistics Phishing Campaign February 2026

A report emerged towards the end of February 2026 about a large-scale phishing campaign targeting freight and logistics companies across the US and Europe. The attackers impersonated logistics companies to trick people into opening malicious files or visiting credential-harvesting portals. In total, they managed to steal 1,649 unique credential pairs out of roughly 3,500 stolen login records, using 52 fake domains.

Freight and logistics firms have become prime cyberattack targets because they sit at the centre of global trade communication flows. Employees routinely receive invoices, shipment updates, customs documents, and vendor emails, so phishing is a natural option.

Conpet

Romania’s national oil pipeline operator Conpet confirmed that it suffered a cyberattack attributed to the Qilin ransomware group. Qilin is well-known for targeting high-value organisations in critical sectors like energy and healthcare.

The attack disrupted corporate IT systems and took the company’s public website offline, while investigators determined that internal data had been stolen during the breach. Critically, Conpet reported that pipeline operations and industrial control systems continued to function normally.

Effective segmentation between IT and OT here likely prevented a far more serious incident. However, attackers don’t need to shut down pipelines to create leverage. Corporate systems contain contracts, logistics schedules, supplier information, and internal communications. All of this is valuable data for extortion or intelligence gathering.

Key CVEs in February 2026

Conclusion

From malicious Outlook add-ins and fake AI browser extensions to compromised support tools and developer environments, threat actors focused their attention in February 2026 toward everyday software and trusted integrations. At the same time, breaches like ManoMano and the Conpet pipeline attack show how third-party dependencies and critical infrastructure remain attractive entry points.

Contact us now to discover how we can strengthen your cybersecurity posture.

Posted in DIESEC™ and tagged critical infrastructure, cyberattacks, data breaches, ecosystem trust layers, February 2026 cybersecurity, malicious browser extensions, Outlook add-ins, phishing campaigns, ransomware, software supply chain security, third-party risk