Ransomware activity spikes across SMEs 🚨. AI tools reshape threat detection and Zero Trust implementation 🤖🔐.

Hello! Here’s your Daily Cybersecurity & AI Threat Intelligence Newsletter for February 3, 2026.

Today's headlines

• CISA’s KEV ransomware updates surface in GreyNoise analysis.
• CrowdStrike earns 2026 Gartner Customers’ Choice for application security.
• Check Point’s 2026 report highlights AI‑driven attack techniques.
• CrowdStrike Falcon achieves perfect score in SE Labs ransomware test.
• ScanBox keylogger deployed via watering‑hole attacks targeting Australian sites.

1️⃣ Noise in the Silence: Unmasking CISA's Hidden KEV Ransomware Updates

Key Points:

• GreyNoise identified previously unseen KEV ransomware campaigns.
• CISA’s hidden updates were correlated with increased traffic spikes.
• Provides actionable IOCs for mid‑size business defenders.

Description:

GreyNoise’s latest research reveals that CISA’s KEV (Known Exploited Vulnerabilities) list has been silently updated with new ransomware signatures, exposing a wave of attacks targeting small and mid‑sized enterprises. The blog details the methodology used to uncover the updates and supplies indicators of compromise for rapid detection.

Why It Matters:

Understanding the hidden KEV updates enables security teams to prioritize patching and monitoring efforts, reducing the risk of ransomware infection that could cripple critical operations and lead to significant financial loss.

2️⃣ CrowdStrike Named a Customers’ Choice in 2026 Gartner Peer Insights Voice of the Customer for Application Security Posture Management Tools

Key Points:

• Earned top ranking in Gartner Peer Insights for ASPM tools.
• Customers cite risk‑based prioritization and DevSecOps integration.
• Highlights strong market confidence in CrowdStrike’s platform.

Description:

CrowdStrike announced its recognition as a Customers’ Choice in the 2026 Gartner Peer Insights for Application Security Posture Management. The award reflects positive feedback from users across travel, hospitality, IT services, and banking sectors, emphasizing the platform’s ability to reduce noise and prioritize real threats.

Why It Matters:

The accolade signals to enterprises that CrowdStrike’s ASPM solution is trusted for effective vulnerability management, encouraging wider adoption and potentially raising the overall security posture across industries.

 3️⃣ Check Point Releases Cyber Security Report 2026 Highlighting AI‑Powered Threats

Key Points:

• AI-generated malware and deepfake phishing surge.
• Zero‑day exploit activity increases by 18% year‑over‑year.
• Recommendations for AI‑augmented defense strategies.

Description:

Check Point’s 2026 Cyber Security Report provides a comprehensive analysis of global attack trends, noting a marked rise in AI‑driven threats such as synthetic phishing and autonomous malware. The report combines threat‑cloud telemetry with expert insights to outline emerging risks.

Why It Matters:

Enterprises can leverage the report’s findings to adapt defenses, invest in AI‑enhanced detection tools, and mitigate the growing danger posed by automated attack infrastructures.

 4️⃣ CrowdStrike Falcon Achieves Perfect Score in SE Labs Ransomware Test

Key Points:

• Falcon detected 100% of ransomware samples in SE Labs challenge.
• Demonstrates effective behavior‑based and static analysis.
• Benchmark validates Falcon’s endpoint protection capabilities.

Description:

In a rigorous evaluation by SE Labs, CrowdStrike Falcon scored a flawless 100% detection rate against a suite of real‑world ransomware variants. The test measured both prevention and remediation performance across diverse attack vectors.

Why It Matters:

The results reinforce Falcon’s reliability for organizations seeking robust ransomware protection, influencing procurement decisions and strengthening confidence in endpoint security investments.

 5️⃣ CISA Publishes List of Publicly Available Tools Seen in Cyber Incidents

Key Points:

• Catalogs over 150 tools commonly leveraged by threat actors.
• Includes open‑source scanners, exploitation frameworks, and C2 utilities.
• Provides guidance on detection and mitigation for each tool.

Description:

CISA released an advisory detailing publicly available tools that have been observed in recent cyber incidents worldwide. The document aids defenders by mapping each tool to typical behaviors and recommended detection signatures.

Why It Matters:

By integrating this guidance, security operations can more quickly identify and block malicious tool usage, lowering the likelihood of successful intrusion attempts.

 6️⃣ Watering‑hole Attacks Deploy ScanBox Keylogger via Targeted Australian Sites

Key Points:

• APT TA423 linked to distribution of ScanBox JavaScript keylogger.
• Victims include Australian news portals and offshore energy firms.
• Attack leverages deceptive URLs mimicking legitimate news articles.

Description:

ThreatPost reports a series of watering‑hole campaigns attributed to the China‑based APT group TA423, which deliver the ScanBox reconnaissance framework to visitors of compromised Australian news sites. The JavaScript keylogger captures keystrokes and system information before exfiltration.

Why It Matters:

Organizations accessing compromised sites risk credential theft and further lateral movement; early detection of ScanBox activity can prevent data breaches and protect supply‑chain partners.

 7️⃣ GitHub Considers Kill Switch for Pull Requests to Curb AI‑Generated Code

Key Points:

• Proposes a mechanism to halt PR merges flagged as AI‑generated.
• Aims to reduce low‑quality or malicious code contributions.
• Raises discussion on developer workflow impact and automation ethics.

Description:

The Register covers GitHub’s internal debate on implementing a “kill switch” that would block pull requests identified as being generated by AI tools. The feature is intended to curb the influx of low‑quality or potentially dangerous code created by automated systems.

Why It Matters:

If adopted, the safeguard could improve codebase integrity across millions of repositories, mitigating supply‑chain risks associated with AI‑produced vulnerabilities.

 8️⃣ VMware vDefend DFW Guides Rapid Zero‑Trust Micro‑segmentation for VCF Workloads

Key Points:

• Step‑by‑step framework for deploying micro‑segmentation in weeks.
• Integrates with VMware Cloud Foundation to isolate workloads.
• Reduces attack surface and lateral movement potential.

Description:

VMware’s vDefend DFW 1‑2‑3‑4 methodology outlines a fast‑track approach to implementing Zero‑Trust micro‑segmentation across VMware Cloud Foundation environments. The guide details planning, policy creation, automation, and validation phases to secure workloads efficiently.

Why It Matters:

Adopting the framework enables organizations to quickly enforce granular security controls, limiting breach impact and complying with regulatory requirements for network segmentation.

 9️⃣ AI Accelerates Zero‑Trust Implementation, Says VMware

Key Points:

• AI automates policy generation based on traffic analysis.
• Reduces deployment time from months to days.
• Improves continuous verification of identities and devices.

Description:

VMware’s recent blog post explains how artificial intelligence can streamline the implementation of Zero‑Trust security objectives. By analyzing network traffic patterns, AI can auto‑generate micro‑segmentation policies, accelerating deployment and ongoing adjustments.

Why It Matters:

Leveraging AI for Zero‑Trust reduces manual effort, minimizes configuration errors, and enhances the organization’s ability to adapt to evolving threats in real time.

 🔟 Check Point’s 2nd February 2026 Threat Intelligence Report Shows Emerging Attack Vectors

Key Points:

• Rise in supply‑chain attacks targeting software updates.
• Increased use of encrypted C2 channels obscuring traffic.
• Emerging threat actors exploiting AI‑generated phishing kits.

Description:

The 2nd February 2026 Threat Intelligence Report from Check Point highlights new attack vectors, including sophisticated supply‑chain compromises and the growing prevalence of encrypted command‑and‑control communications that evade traditional detection.

Why It Matters:

Awareness of these trends equips defenders to update detection rules, strengthen supply‑chain vetting processes, and invest in decryption‑capable monitoring solutions.

Stay vigilant and secure.