Stable Channel Update for Desktop
Google shipped an emergency Chrome stable update to 145.0.7632.75/76 (Windows and Mac) and 144.0.7559.75 (Linux). The release fixes CVE-2026-2441, a high-severity use-after-free bug in CSS. Google also states an exploit exists in the wild, so this is a restart-and-verify-your-fleet item, not a wait-for-the-next-window patch.
City of Marietta hit by nationwide ransomware attack
A ransomware incident at third-party payment processor BridgePay is disrupting online credit card payments for the City of Marietta, Georgia. The city says it’s working on an alternative payment solution while some services are affected. The report notes the attack began February 6 and the specific ransomware group has not been publicly identified. This is a good reminder to validate vendor contingency plans for payment rails and other critical third parties.
Blockchain fintech giant Figure hit by data breach, says ‘limited number of files’ impacted
Figure Technology disclosed a breach that started with an employee phishing event, leading to access to internal systems and theft of a limited set of files. Reporting says ShinyHunters claimed responsibility and that leaked data may include names, addresses, dates of birth, and phone numbers. Figure is offering identity theft and credit monitoring services. Even without email exposure, the stolen data is prime for targeted vishing, especially with voice cloning in the mix.
Hacker reveals 6.8 billion emails online and warns victims “your data is public”
Cybernews reports a forum post claiming a dataset of 6.8 billion unique email addresses, with researchers estimating the usable set may be closer to 3 billion after removing invalid entries and duplicates. The data appears to be compiled from “combos,” logs, and databases, and is positioned as a mass targeting accelerator for phishing and credential stuffing. Even if it is “only” email addresses, this kind of list is often used to enrich other leak data and sharpen targeting. It’s a good trigger to push MFA coverage and monitor for spikes in password spray and BEC attempts.
Businesses urged to “lock the door” on cyber criminals as new government campaign launches
The UK government launched a campaign aimed at getting more organizations, especially small and mid-sized firms, to adopt basic cyber hygiene via Cyber Essentials. The announcement cites significant incident cost estimates and notes many breaches exploit simple gaps like missing updates and weak access controls. The campaign focuses on practical steps such as patching and tightening account access. If you do supplier risk in the UK, this is useful language to reference when pushing baseline controls.
2026 Unit 42 Global Incident Response Report — Attacks Now 4x Faster
Palo Alto Networks’ Unit 42 released its 2026 incident response report, highlighting that attacker timelines are compressing and that early response speed matters more than ever. The write-up emphasizes identity as a key limiter of blast radius once attackers get in. It also calls out the need for broad visibility across environments so teams can contain quickly and avoid “slow-motion” escalations. If you’re prioritizing investments, this reinforces identity hardening plus faster detection-to-containment loops.
