Six Actively‑Exploited Zero‑Days Included in February 2026 Patch Tuesday

Microsoft’s February 2026 Patch Tuesday released updates for more than 50 flaws, but six of those were zero‑day vulnerabilities already observed in the wild. Among them, CVE‑2026‑21510 lets an attacker execute arbitrary code simply by delivering a crafted hyperlink, requiring no user interaction or consent. The other five zero‑days span privilege‑escalation, remote code execution, and information‑leak vectors that threat actors have begun leveraging in active campaigns.

Defenders must prioritize immediate deployment of these patches and verify that any systems exposed to untrusted links or external content are fully updated. The presence of actively exploited zero‑days underscores the need for rapid patch management, enhanced network segmentation, and vigilant monitoring for indicators of compromise tied to the newly disclosed CVEs. Failure to act quickly could result in unauthorized code execution, lateral movement, and data exfiltration across vulnerable environments.

Categories: Malware & Ransomware, Vulnerabilities & Exploits, AI Security & Threats

Source: Read original article