As February 2026 progresses, this week’s The Cyber Express Weekly Roundup examines a series of cybersecurity incidents and enforcement actions spanning Europe, Africa, Australia, and the United States.   The developments include a breach affecting the European Commission’s mobile management infrastructure, a ransomware attack disrupting Senegal’s national identity systems, a landmark financial penalty imposed on an Australian investment firm, and the sentencing of a fugitive linked to a multimillion-dollar cryptocurrency scam.  From suspected exploitation of zero-day vulnerabilities to prolonged breach detection failures and cross-border financial crime, these cases highlights the operational, legal, and systemic dimensions of modern cyber risk.  

The Cyber Express Weekly Roundup 

European Commission Mobile Infrastructure Breach Raises Supply Chain Questions 

The European Commission reported a cyberattack on its mobile device management (MDM) system on January 30, potentially exposing staff names and mobile numbers, though no devices were compromised, and the breach was contained within nine hours. Read more... 

Ransomware Disrupts Senegal’s National Identity Systems 

In West Africa, a major cyberattack hit Senegal’s Directorate of File Automation (DAF), halting identity card production and disrupting national ID, passport, and electoral services. While authorities insist no personal data was compromised, the ransomware group. The full extent of the breach is still under investigation. Read more... 

Australian Court Imposes Landmark Cybersecurity Penalty 

In Australia, FIIG Securities was fined AU$2.5 million for failing to maintain adequate cybersecurity protections, leading to a 2023 ransomware breach that exposed 385GB of client data, including IDs, bank details, and tax numbers. The firm must also pay AU$500,000 in legal costs and implement an independent compliance program. Read more... 

Crypto Investment Scam Leader Sentenced in Absentia 

U.S. authorities sentenced Daren Li in absentia to 20 years for a $73 million cryptocurrency scam targeting American victims. Li remains a fugitive after fleeing in December 2025. The Cambodia-based scheme used “pig butchering” tactics to lure victims to fake crypto platforms, laundering nearly $60 million through U.S. shell companies. Eight co-conspirators have pleaded guilty. The case was led by the U.S. Secret Service. Read more... 

India Brings AI-Generated Content Under Formal Regulation 

India has regulated AI-generated content under notification G.S.R. 120(E), effective February 20, 2026, defining “synthetically generated information” (SGI) as AI-created content that appears real, including deepfakes and voiceovers. Platforms must label AI content, embed metadata, remove unlawful content quickly, and verify user declarations. Read More... 

Weekly Takeaway 

Taken together, this weekly roundup highlights the expanding attack surface created by digital transformation, the persistence of ransomware threats to national infrastructure, and the intensifying regulatory scrutiny facing financial institutions.  From zero-day exploitation and supply chain risks to enforcement actions and transnational crypto fraud, organizations are confronting an environment where operational resilience, compliance, and proactive monitoring are no longer optional; they are foundational to trust and continuity in the digital economy. 

As the first week of February 2026 concludes, The Cyber Express weekly roundup examines the developments shaping today’s global cybersecurity landscape. Over the past several days, governments, technology companies, and digital platforms have confronted a wave of cyber incidents ranging from disruptive attacks on public infrastructure to large-scale data exposures and intensifying regulatory scrutiny of artificial intelligence systems.  This week’s cybersecurity reporting reflects a broader pattern: rapid digital expansion continues to outpace security maturity. High-profile breaches, misconfigured cloud environments, and powerful AI tools are creating both defensive opportunities and significant new risks.  

The Cyber Express Weekly Roundup 

Cyberattack Disrupts Spain’s Ministry of Science Operations 

Spain’s Ministry of Science, Innovation, and Universities confirmed that a cyberattack forced a partial shutdown of its IT systems, disrupting digital services relied upon by researchers, universities, students, and businesses nationwide. Initially described as a technical incident, the disruption was later acknowledged as a cybersecurity event that required the temporary closure of the ministry’s electronic headquarters. Read more.. 

OpenAI Expands Controlled Access to Advanced Cyber Defense Models 

OpenAI announced the launch of Trusted Access for Cyber, a new initiative designed to strengthen defensive cybersecurity capabilities while limiting the potential misuse of highly capable AI systems. The program provides vetted security professionals with controlled access to advanced models such as GPT-5.3-Codex, which OpenAI identifies as its most cyber-capable reasoning model to date. Read more.. 

French Authorities Escalate Investigations Into X and Grok AI 

French police raided offices belonging to the social media platform X as European investigations expanded into alleged abuses involving its Grok AI chatbot. Authorities are examining claims that Grok generated nonconsensual sexual deepfakes, child sexual abuse material (CSAM), and content denying crimes against humanity, including Holocaust denial. Read more.. 

AI-Generated Platform Moltbook Exposes Millions of Credentials 

Security researchers disclosed that Moltbook, a viral social network built entirely using AI-generated code, exposed 1.5 million API authentication tokens, 35,000 user email addresses, and thousands of private messages due to a database misconfiguration. Wiz Security identified the issue after discovering an exposed Supabase API key embedded in client-side JavaScript, which granted unrestricted access to the platform’s production database. Read more.. 

Substack Discloses Breach Months After Initial Compromise 

Substack revealed that attackers accessed user email addresses, phone numbers, and internal metadata in October 2025, though the breach went undetected until February 3, 2026. CEO Chris Best notified affected users, stating, “I’m incredibly sorry this happened. We take our responsibility to protect your data and your privacy seriously, and we came up short here.” Read more.. 

Weekly Takeaway 

This Cyber Express weekly roundup highlights a clear takeaway for the global cybersecurity community: digital expansion without equivalent security investment increases organizational and systemic risk. AI-built platforms, advanced security tooling, and large-scale public-sector systems are being deployed rapidly, often without adequate access controls, monitoring, or testing. As recent incidents show, these gaps lead to data exposure, prolonged breach detection, and service disruption. To reduce risk, organizations must embed security controls, clear ownership, and continuous monitoring into system design and daily operations, rather than relying on post-incident fixes or policy statements.

The third week of 2026 highlights a series of cybersecurity events affecting businesses, critical infrastructure, and regulatory compliance. This week, network administrators are grappling with the exploitation of a previously patched FortiOS vulnerability, while ransomware attacks continue to expose sensitive data across major corporations.   Meanwhile, hacktivist groups are targeting industrial systems and government networks, and the European Union has introduced new rules to phase out high-risk telecom and ICT products from non-EU suppliers.  These incidents demonstrate that cybersecurity risks are no longer confined to IT systems. They now intersect with national security, operational continuity, and regulatory oversight, requiring organizations to adopt both technical defenses and strategic risk management measures.  

The Cyber Express Weekly Roundup 

Active Exploits Hit “Patched” FortiOS 7.4.9 

Administrators report active exploitation of CVE-2025-59718 on FortiGate devices running FortiOS 7.4.9. Attackers bypass authentication through forged FortiCloud SSO logins, creating local admin accounts to maintain access. Evidence suggests that the patch may be incomplete or bypassed. Experts advise manually disabling FortiCloud SSO via CLI and auditing logs for unusual SSO activity, new admin accounts, and configuration exports. Read more… 

Ingram Micro Data Breach Exposes 42,521 Individuals 

A ransomware attack in July 2025 compromised sensitive employee and job applicant data at Ingram Micro, affecting 42,521 individuals. Exposed information includes names, contact details, dates of birth, Social Security numbers, and employment records. The attack disrupted logistics operations for about a week and was discovered in December 2025. Affected individuals have been notified and offered two years of credit monitoring and identity protection. Read more… 

One in Ten UK Businesses Could Fail After Major Cyberattack 

A Vodafone Business survey found over 10% of UK business leaders fear their organizations could fail after a major cyberattack. While 63% acknowledge rising cyber risks and 89% say high-profile breaches increased alertness, only 45% provide basic cyber-awareness training to all staff. Weak passwords, phishing, and emerging AI/deepfake scams heighten vulnerabilities. Read more… 

EU Proposes Rules on “High-Risk” Telecom Products 

The European Commission proposed updates to the Cybersecurity Act to phase out “high-risk” ICT products from mobile, fixed, and satellite networks supplied by risky countries, including China and Russia. Mobile networks have 36 months to comply; timelines for other networks will follow. Read more… 

Hacktivist Activity Surges, Targeting Critical Infrastructure 

The Cyble 2025 Threat Landscape report shows hacktivists targeting ICS, OT, and HMI/SCADA systems. Groups like Z-Pentest, Dark Engine, and NoName057(16) focused on industrial sectors in Europe and Asia. Hacktivist activity rose 51% in 2025, driven largely by pro-Russian and pro-Palestinian collectives. Many groups aligned with state interests, including GRU-backed Russian operations and Iranian-linked teams. Read more… 

NCSC Warns UK Organizations of Russian-Aligned Hacktivists 

The UK National Cyber Security Centre (NCSC) warned that Russian-aligned hacktivists, including NoName057(16), increasingly target UK organizations with denial-of-service attacks on local government and critical infrastructure. While technically simple, these attacks can severely disrupt services. Read more… 

Weekly Roundup Takeaway 

This week’s events highlight that cybersecurity in 2026 continues to influence business continuity, infrastructure integrity, and regulatory compliance. From FortiOS exploits and large-scale ransomware breaches to rising hacktivist activity and evolving EU telecom rules, organizations must integrate operational, technical, and strategic measures to mitigate risk and protect assets across sectors. 

Poland narrowly avoided a nationwide power outage at the end of December after what senior officials have described as the most serious cyberattack on its energy infrastructure in years. The Poland cyberattack occurred during a period of severe winter weather, further complicating the crisis management efforts.  In an interview on RMF FM, Minister of Digital Affairs Krzysztof Gawkowski warned that the threat was no longer hypothetical. “The digital tanks are already here,” he said, referring to the growing use of cyber tools as weapons. According to Gawkowski, the Polish cyberattack was aimed directly at cutting off electricity to citizens in the final days of December. “We were very close to a blackout,” he admitted.  The situation was particularly challenging because the attacks coincided with harsh weather conditions, which further strained the energy system. Despite these factors, authorities managed to stabilize the network before power supplies were interrupted on a large scale. 

Russian Sabotage and the Scale of the Poland Cyberattack 

Krzysztof Gawkowski noted that the government views the incident as a deliberate sabotage rather than a random hacking attempt. “Everything suggests that we are dealing with Russian sabotage—because it has to be called by its name—which was intended to destabilize the situation in Poland,” he said during the RMF FM broadcast. He described the operation as the largest cyberattack on Poland’s energy infrastructure in years, with a clear objective of triggering a blackout.  [caption id="attachment_108679" align="alignnone" width="662"] Krzysztof Gawkowski Speaks on the Poland cyberattack (Source: RMF)[/caption] While stressing over the seriousness of the Poland cyberattack, Gawkowski also sought to reassure the public. “There is no need to panic,” he said, adding that state institutions were well prepared to respond and had acted effectively to prevent the worst-case scenario.  Additional details were provided earlier by Energy Minister Miłosz Motyka, who said that hackers attempted to breach multiple electricity-producing facilities across the country. The targets included one combined heat and power plant as well as numerous individual renewable energy sources. Motyka described the incident as unprecedented in its coordination.   “We have not experienced an attack like this before,” he said. “For the first time, various locations were targeted simultaneously.” According to the minister, the attack was successfully countered before it could cause lasting damage. 

Strengthening Defenses Against Future Attacks 

Motyka characterized the Poland cyberattack as “threatening” and fundamentally different from previous incidents. In response, he announced that Poland would step up investment in its energy infrastructure this year. The government plans to implement an “anti-blackout package” focused on modernization and stronger cybersecurity protections to better defend against similar attacks in the future.  The cyberattack on Poland is part of a wider trend affecting institutions and companies across the European Union. In recent years, cyber operations attributed to Russian state-sponsored actors have increasingly targeted critical infrastructure, often described as elements of hybrid warfare aimed at destabilizing the EU and disrupting Western support for Ukraine, accusations that Moscow has denied.  Poland itself has faced a series of cyber incidents in recent months. In November, several attacks disrupted digital payment services, while a separate breach led to the leaking of customer login details from a Polish travel agency.  

Political Fallout Amid Rising Cyber Risks 

The broader implications of the Poland cyberattack have extended into the political arena. During his RMF FM interview, Krzysztof Gawkowski was asked whether technical problems that delayed the leadership election of the Poland 2050 party could also be linked to cyber activity. The vote was not resolved on Monday “for technical reasons,” raising speculation about possible interference.  Gawkowski said he had no direct knowledge connecting the issue to the wider cyberattack on Poland but confirmed that the matter had been reported to the Internal Security Agency. “There will be a review. I’m not ruling out any scenario,” he said. He added that the party itself might have more information, noting, “The services will investigate, but what happened there? I don’t know. This is definitely a problem for Poland 2050.”  The minister also addressed other digital policy issues, including the president’s veto of a digital bill over concerns about online censorship. Gawkowski said he was willing to meet with Karol Nawrocki to discuss the legislation, describing the veto as political in nature and criticizing the narrative that content removal automatically constitutes an attack on freedom of speech.