Google says hackers are abusing Gemini AI for all attacks stages

Google reports multiple state backed groups are using Gemini to support end to end operations, including recon, payload development, and post compromise tasks. The practical risk is faster iteration on lures, tooling, and procedures, even when the model is not directly producing malware. The main defensive takeaway is to treat AI assisted social engineering as higher volume and higher quality, and tighten controls around initial access paths like email, OAuth consent, and exposed services.

Microsoft’s February 2026 Patch Tuesday addresses 54 CVEs

This month’s Microsoft release includes multiple zero days reported as exploited in the wild, spanning Windows and Office components. Tenable highlights the exploited items and the kinds of attacker outcomes involved, including privilege escalation and security feature bypass. If you run Windows endpoints at scale, prioritize rapid rollout for the exploited CVEs and validate that detection for related exploit chains is in place.

About the security content of iOS 26.3 and iPadOS 26.3

Apple shipped fixes for an exploited vulnerability in dyld (CVE-2026-20700) that can enable arbitrary code execution. Apple indicates it was used in a highly targeted campaign, which typically means limited victim count but high impact. The immediate action is to update iOS and iPadOS devices that can take 26.3, and confirm your MDM compliance rules enforce the minimum version.

Ransomware attackers are exploiting critical SmarterMail vulnerability (CVE-2026-24423)

CISA added CVE-2026-24423 to the Known Exploited Vulnerabilities catalog, with reporting that ransomware actors are actively leveraging it. The issue impacts SmarterTools SmarterMail and is described as a missing authentication or RCE class risk depending on build and exposure. If you have any SmarterMail footprint, confirm versions, patch immediately, and review internet exposure and admin access controls.

BridgePay Ransomware Causes Widespread Payment Outages

BridgePay took systems offline after a ransomware incident that disrupted payment processing for downstream customers. Early statements indicate payment card data was not accessed, but outages forced some businesses into manual or cash only workflows. This is a reminder to validate contingency plans for third party payment providers, including alternate processors and clear customer communication paths.

A Joint Security Review of Intel TDX 1.5

Google and Intel published results from a joint security review of Intel TDX 1.5, identifying five vulnerabilities plus additional weaknesses and hardening opportunities. The interesting angle is the focus on confidential computing assumptions, where cloud workloads rely on isolation even if the host is compromised. If you depend on TDX in cloud environments, track vendor remediation status and ensure your threat model does not assume TEE features are infallible.