Cybersecurity Week in Review: February 18

Major Data Breaches

IDMerit KYC Data Leak Exposes 1 Billion Records

A catastrophic data breach at IDMerit, a global digital identity verification provider, resulted in the exposure of over one billion personal records across 26 countries. The unprotected MongoDB instance contained highly sensitive KYC (Know Your Customer) data, including full names, addresses, national IDs, phone numbers, and telecom metadata. The United States was the most affected, with over 203 million records exposed. The breach highlights the risks of third-party identity vendors as critical infrastructure and the potential for downstream threats such as account takeovers, targeted phishing, and credit fraud. The company is under scrutiny, and the full impact is still being assessed1.

Data exposed: Full names, addresses, national IDs, phone numbers, email addresses, and more
Countries affected: 26, including the US, Germany, France, China, Brazil
Attack vector: Unsecured database
Industry impact: Global, with significant risks for identity theft and fraud

Ransom Man: Psychotherapy Service Breach

A new investigative podcast series has brought renewed attention to the infamous Vastaamo psychotherapy data breach, where Finnish hacker Julius Kivimäki (alias “ransom_man”) leaked the private therapy notes of over 33,000 patients. Victims received ransom emails threatening to publish their most intimate therapy notes unless paid in bitcoin. The breach triggered a national scandal in Finland and raised global concerns about the security of sensitive health data2.

Data exposed: Therapy notes, personal information
Victims: 33,000+ patients
Attack vector: Hacking and extortion
Response: National emergency meeting, ongoing legal proceedings

France’s Ministry of Economy: FICOBA Registry Breach

France’s Ministry of Economy disclosed a breach involving unauthorized access to the national bank account registry (FICOBA), impacting information tied to 1.2 million accounts. Exposed data includes names, addresses, account identifiers, and some tax-related identifiers. The breach was traced to compromised government credentials3.

Data exposed: Names, addresses, account and tax identifiers
Victims: 1.2 million account holders
Attack vector: Compromised government credentials

Significant Cyberattacks

University of Mississippi Medical Center Ransomware Attack

The University of Mississippi Medical Center suffered a ransomware attack that forced the closure of clinics and disrupted access to electronic medical records. Elective procedures were canceled, and the organization shifted to manual processes. No ransomware group has claimed responsibility, and the full extent of data compromise is under investigation3.

Impact: Clinic closures, EMR disruption, canceled procedures
Response: Systems taken offline, manual operations

Advantest Corporation Ransomware Incident

Japanese tech giant Advantest Corporation was hit by a ransomware attack, resulting in the deployment of ransomware within parts of its network. The incident may have affected internal systems, with potential compromise of customer or employee data3.

Impact: Internal system disruption, possible data compromise

Cline CLI 2.3.0 Supply Chain Attack

A supply chain attack targeted the open-source Cline CLI package, which was updated to stealthily install OpenClaw, an autonomous AI agent, on developer systems. The attack exploited a compromised npm publish token and affected users who installed the package during an eight-hour window on February 17. While OpenClaw itself is not malicious, the incident underscores the risks of supply chain attacks in the software ecosystem4.

Impact: 4,000+ downloads of the compromised package
Response: Package deprecated, token revoked, update released

Critical Vulnerabilities

Microsoft Patch Tuesday: Six Actively Exploited Zero-Days

Microsoft’s February Patch Tuesday addressed 59 vulnerabilities, including six zero-days actively exploited in the wild. Notable CVEs include:

CVE-2026-21510: Windows Shell Security Feature Bypass (CVSS 8.8)
CVE-2026-21513: MSHTML Framework Security Feature Bypass (CVSS 8.8)
CVE-2026-21514: Microsoft Word Security Feature Bypass (CVSS 7.8)
CVE-2026-21519: Desktop Window Manager Elevation of Privilege (CVSS 7.8)
CVE-2026-21525: Windows Remote Access Connection Manager DoS (CVSS 6.2)
CVE-2026-21533: Windows Remote Desktop Services Elevation of Privilege (CVSS 7.8)

CISA added these vulnerabilities to its Known Exploited Vulnerabilities catalog, urging immediate remediation. The flaws allow attackers to bypass security features, elevate privileges, and potentially execute code on affected systems56.

Google Chrome Zero-Day (CVE-2026-2441)

Google released emergency patches for a high-severity zero-day in Chrome (CVE-2026-2441, CVSS 8.8), a use-after-free bug in the CSS component. The flaw allows remote code execution within the browser sandbox and was observed being exploited in the wild. Users are urged to update Chrome and other Chromium-based browsers immediately7.

Government Responses

CISA and International Advisories

The US Cybersecurity and Infrastructure Security Agency (CISA) added multiple vulnerabilities to its Known Exploited Vulnerabilities catalog, including the six Microsoft zero-days and the Chrome CVE-2026-2441. CISA issued alerts urging both public and private sector organizations to prioritize patching and remediation efforts8.

The Canadian Centre for Cyber Security published advisories for Red Hat products, addressing vulnerabilities in the Linux kernel and encouraging prompt updates9.

The World Economic Forum’s Global Cybersecurity Outlook 2026 highlighted the growing complexity of the threat landscape, the impact of AI on cyber risk, and the need for global collaboration to address systemic challenges10.

Miscellaneous

RSAC 2026: AI and Security Governance in Focus

The RSA Conference 2026 continued to serve as a global forum for cybersecurity professionals, with a strong focus on AI security, agentic risk, and practical approaches to securing emerging technologies. Industry leaders emphasized the need for robust AI governance and the integration of AI-driven productivity into enterprise security strategies11.

BSidesICS/OT Miami 2026

BSidesICS/OT Miami brought together the industrial cybersecurity community to discuss defending critical infrastructure and operational technology environments. The event highlighted the increasing importance of ICS/OT security in the face of evolving threats12.

Conclusion

This week’s cybersecurity landscape was marked by large-scale data breaches, sophisticated ransomware attacks, and the urgent need to patch actively exploited vulnerabilities. Government agencies and industry leaders are responding with increased collaboration, advisories, and a focus on securing AI-driven environments. Organizations are urged to remain vigilant, prioritize patch management, and strengthen their supply chain security practices.

Sources: