{"id":636,"date":"2026-02-23T18:04:20","date_gmt":"2026-02-23T16:04:20","guid":{"rendered":"https:\/\/blog.digitalonion.ly\/?p=636"},"modified":"2026-02-23T18:04:23","modified_gmt":"2026-02-23T16:04:23","slug":"digital-security-digest-what-just-happened-in-jan-feb-2026","status":"publish","type":"post","link":"https:\/\/blog.digitalonion.ly\/?p=636&lang=en","title":{"rendered":"Digital Security Digest: What Just Happened in Jan &amp; Feb 2026?"},"content":{"rendered":"\n<p><\/p>\n\n\n\n<p>If the first two months of 2026 are any indication, the &#8220;slow and steady&#8221; era of cybersecurity is officially dead. We\u2019ve seen a massive shift toward <strong>AI-native threats<\/strong>\u2014attacks that don&#8217;t just use AI as a gimmick, but rely on it to function.<\/p>\n\n\n\n<p>From $25 million deepfake heists to a &#8220;stealth&#8221; breach at PayPal that sat undiscovered for months, here is your human-friendly breakdown of the latest in online security.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">1. The $25 Million &#8220;Video Call&#8221; Nightmare<\/h2>\n\n\n\n<p>In a story that sounds like a sci-fi thriller, a finance worker at the engineering firm <strong>Arup<\/strong> was tricked into sending <strong>$25 million<\/strong> to scammers.<\/p>\n\n\n\n<p>How? He attended a video call where <em>everyone else<\/em> on the screen\u2014including his own CFO\u2014was an AI-generated deepfake. They looked like his colleagues, sounded like them, and even referenced internal projects.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>The Lesson:<\/strong> &#8220;Seeing is believing&#8221; is no longer a safe rule. If a request involves big money or sensitive data, verify it through a second, completely different channel (like a quick text or a physical phone call).<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">2. The PayPal &#8220;Six-Month&#8221; Glitch<\/h2>\n\n\n\n<p>We recently learned that <strong>PayPal<\/strong> dealt with a quiet but serious data exposure that lasted from July 2025 all the way through December. The issue was finally disclosed to users in February 2026.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What happened:<\/strong> A simple &#8220;code change&#8221; in their loan application process accidentally left the door open for hackers to see names, Social Security numbers, and birthdays.<\/li>\n\n\n\n<li><strong>The Catch:<\/strong> While only about 100 people were directly &#8220;hacked,&#8221; the incident highlights how even the biggest tech giants can have a &#8220;blind spot&#8221; for months at a time.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">3. Meet the New Villains: &#8220;LunaLock&#8221; and &#8220;PromptLock&#8221;<\/h2>\n\n\n\n<p>Ransomware has evolved. Two new types of AI-driven malware dominated the headlines this month:<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><td><strong>Threat<\/strong><\/td><td><strong>What it does<\/strong><\/td><\/tr><\/thead><tbody><tr><td><strong>LunaLock<\/strong><\/td><td>Uses AI to &#8220;hunt&#8221; through your files. It doesn&#8217;t just lock everything; it finds your most embarrassing or valuable data first to make sure you <em>have<\/em> to pay.<\/td><\/tr><tr><td><strong>PromptLock<\/strong><\/td><td>This targets AI tools themselves (like ChatGPT or corporate bots). It tries to &#8220;poison&#8221; the AI&#8217;s brain or steal the secret data it was trained on.<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">4. The &#8220;Patch Tuesday&#8221; Cleanup<\/h2>\n\n\n\n<p>Microsoft and Google had a busy February. Microsoft fixed <strong>59 different holes<\/strong> in their software, including several that hackers were already using to break into Windows computers.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Action Item:<\/strong> If your computer has been nagging you to &#8220;Restart to Update,&#8221; <strong>do it today.<\/strong> Those updates contain the &#8220;vaccines&#8221; for the specific bugs (like CVE-2026-21513) that are currently making the rounds.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">5. New Rules of the Road<\/h2>\n\n\n\n<p>The government is finally catching up. As of <strong>January 1, 2026<\/strong>, the EU&#8217;s new <strong>GDPR Procedural Regulation<\/strong> kicked in. It\u2019s designed to make it faster and easier for you to complain if a company mishandles your data.<\/p>\n\n\n\n<p>Additionally, the <strong>EU AI Act<\/strong> released new guidelines in February. Any AI used for &#8220;high-risk&#8221; stuff\u2014like deciding who gets a job or a loan\u2014now has to be way more transparent about how it works.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">The Bottom Line<\/h3>\n\n\n\n<p>The &#8220;bad guys&#8221; are getting faster thanks to AI, but the tools to catch them are getting smarter, too. The theme for 2026 is <strong>Verification.<\/strong> Don&#8217;t trust an urgent email, a weird video call, or a &#8220;too good to be true&#8221; offer without checking it out first.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>If the first two months of 2026 are any indication, the &#8220;slow and steady&#8221; era [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":637,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false},"version":2}},"categories":[81,87],"tags":[],"class_list":["post-636","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security-news","category---en"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/blog.digitalonion.ly\/wp-content\/uploads\/2026\/02\/Gemini_Generated_Image_3f7gzp3f7gzp3f7g1.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/blog.digitalonion.ly\/index.php?rest_route=\/wp\/v2\/posts\/636","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.digitalonion.ly\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.digitalonion.ly\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.digitalonion.ly\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.digitalonion.ly\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=636"}],"version-history":[{"count":1,"href":"https:\/\/blog.digitalonion.ly\/index.php?rest_route=\/wp\/v2\/posts\/636\/revisions"}],"predecessor-version":[{"id":638,"href":"https:\/\/blog.digitalonion.ly\/index.php?rest_route=\/wp\/v2\/posts\/636\/revisions\/638"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.digitalonion.ly\/index.php?rest_route=\/wp\/v2\/media\/637"}],"wp:attachment":[{"href":"https:\/\/blog.digitalonion.ly\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=636"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.digitalonion.ly\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=636"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.digitalonion.ly\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=636"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}