Advisories

ZeroFox Weekly Intelligence Brief – February 14, 2026

|by Alpha Team

banner image

ZeroFox Weekly Intelligence Brief – February 14, 2026

ZeroFox’s Weekly Intelligence Briefing highlights the major developments and trends across the threat landscape, including digital, cyber, and physical threats. ZeroFox Intelligence is derived from a variety of sources, including—but not limited to—curated open-source accesses, vetted social media, proprietary data sources, and direct access to threat actors and groups through covert communication channels. Information relied upon to complete any report cannot always be independently verified. As such, ZeroFox applies rigorous analytic standards and tradecraft in accordance with best practices and includes caveat language and source citations to clearly identify the veracity of our Intelligence reporting and substantiate our assessments and recommendations. All sources used in this particular Intelligence product were identified prior to 6:00 AM (EST) on February 12, 2026; per cyber hygiene best practices, caution is advised when clicking on any third-party links.

Read the Brief

View the full report here

Former Executive Accused of Trafficking Stolen Exploits to Russian Entities

What we know:

  • The U.S. Department of Justice has charged an individual for selling proprietary cyber intrusion tools to a Russia-linked broker seeking zero-day exploits.
  • The accused sold eight proprietary tools and exploit packages to the Russian broker, who is suspected to cater to other Russian entities, including the Russian government.

Breach of Staff Device Platform Exposes European Commission Employee Details

What we know:

  • On January 30, 2026, the European Commission contained a cyberattack that targeted its Mobile Device Management (MDM) systems, which are used to manage staff phones and tablets.
  • The attackers are suspected to have accessed employee names and phone numbers, but the Commission confirmed that no mobile devices themselves were compromised.

UNC1069 Targets Cryptocurrency Sector

What we know:

  • Financially motivated North Korean threat actor UNC1069 is targeting the cryptocurrency sector using artificial intelligence (AI)-generated videos and ClickFix lures to deliver malware for macOS and Windows users.

Tags: tlp:green