February 2026 Cyber Security Incidents: An Overview

BridgePay Payment Gateway Hit by Ransomware, Causing Nationwide Outages

BridgePay Network Solutions, a major U.S. payment gateway provider, confirmed a ransomware attack caused a widespread outage, disrupting card processing for merchants nationwide.

The outage began early on February 6, 2026, around 3:29 a.m. EST with degraded performance in systems like the virtual terminal, reporting, and API. By 5:48 a.m. EST, BridgePay posted its first status update, noting systems were down with an unknown resolution time.

The firm confirmed ransomware as the cause. Initial forensics showed no payment card data was compromised, with the accessed files encrypted and no evidence of any usable data exposure.

This incident underscores the rising threat of ransomware to payment infrastructure, where disruptions can halt real-world commerce. Unlike some attacks with data exfiltration, BridgePay reports encryption-only access so far. No full recovery ETA exists, heightening uncertainty for reliant businesses.

OpenClaw Partners with VirusTotal to Secure AI Agent Skill Marketplace

OpenClaw announced today a partnership with VirusTotal, Google’s threat intelligence platform, to implement automated security scanning for all skills published to ClawHub, its AI agent marketplace. The integration marks the first comprehensive security initiative for the emerging AI agent ecosystem.

All skills published to ClawHub will now undergo automatic scanning using VirusTotal’s threat intelligence database and Code Insight capability, an LLM-powered security analysis tool. Skills flagged as malicious will be immediately blocked from download, while suspicious content receives warning labels.

The partnership addresses a fundamental security problem unique to AI agents. Unlike traditional software that executes predetermined code paths, AI agents interpret natural language and make autonomous decisions about actions. This creates novel attack surfaces where malicious actors can exploit language itself to manipulate agent behavior.

BeyondTrust Remote Access Products 0-Day Vulnerability Allows Remote Code Execution

BeyondTrust has disclosed a critical pre-authentication remote code execution vulnerability affecting its Remote Support (RS) and Privileged Remote Access (PRA) platforms, potentially exposing thousands of organizations to system compromise.

The security flaw allows unauthenticated remote attackers to send specially crafted requests to vulnerable BeyondTrust systems, triggering command execution in the context of the site user.

The vulnerability was discovered by Harsh Jaiswal and the Hacktron AI team, who employed AI-enabled variant analysis techniques to identify the flaw.

BeyondTrust commended their responsible disclosure process, which enabled the company to investigate, develop patches, and notify customers before public exploitation could occur.

Organizations using affected BeyondTrust products should prioritize patching immediately to prevent potential exploitation of this critical vulnerability.

Claude Opus 4.6 Released with Improved Cybersecurity, Validating 500+ high-severity Vulnerabilities

Anthropic’s latest AI model autonomously identifies critical flaws in decades-old codebases, raising the stakes for both defenders and attackers

Anthropic released Claude Opus 4.6 on February 5, 2026, with dramatically enhanced cybersecurity capabilities that have already identified more than 500 previously unknown high-severity vulnerabilities in open-source software.

The AI model discovered these zero-day flaws without specialized tooling or custom scaffolding, demonstrating that large language models can now match or exceed traditional vulnerability discovery methods in both speed and sophistication.

Unlike traditional fuzzing tools that bombard code with random inputs, Claude Opus 4.6 employs human-like reasoning to identify vulnerabilities.

Italian university La Sapienza goes offline after cyberattack

Rome’s “La Sapienza” university has been targeted by a cyberattack that impacted its IT systems and caused widespread operational disruptions at the educational institute.

The university first disclosed the incident in a social media post earlier this week, saying that its IT infrastructure “has been the target of a cyberattack.”

“As a precautionary measure, and in order to ensure the integrity and security of data, an immediate shutdown of network systems has been ordered,” the organization said.

Given the situation, students and staff at Sapienza University of Rome should remain on high alert for phishing attacks, avoid clicking links in unsolicited communications, and monitor accounts for suspicious activity.

Romanian oil pipeline operator Conpet discloses cyberattack

Conpet, Romania’s national oil pipeline operator, has disclosed that a cyberattack disrupted its business systems and took down the company’s website on Tuesday.

Conpet operates nearly 4,000 kilometers of pipeline network, supplying domestic and imported crude oil and derivatives, including gasoline and liquid ethane, to refineries nationwide.

In a Wednesday press release, the company said the incident affected its corporate IT infrastructure but didn’t disrupt its operations or its ability to fulfill its contractual obligations.

Conpet added that the cyberattack also took down its website and that it’s now investigating the incident and restoring affected systems with the help of national cybersecurity authorities.

The pipeline operator has also notified the Directorate for Investigating Organized Crime and Terrorism (DIICOT) and filed a criminal complaint regarding the incident.

This cyberattack follows ransomware attacks on Romanian Waters (Romania’s water management authority) and Oltenia Energy Complex (the country’s largest coal-based energy producer) in December.

In December 2024, Electrica Group (a major Romanian electricity supplier and distributor) was also breached in a Lynx ransomware attack, while over 100 Romanian hospitals were knocked offline in February 2024 after a Backmydata ransomware attack took down their healthcare management systems.

Amazon’s cloud ‘hit by two outages caused by AI tools last year’

Amazon’s huge cloud computing arm reportedly experienced at least two outages caused by its own artificial intelligence tools, raising questions about the company’s embrace of AI as it lays off human employees.

A 13-hour interruption to Amazon Web Services’ (AWS) operations in December was caused by an AI agent, Kiro, autonomously choosing to “delete and then recreate” a part of its environment, the Financial Times reported.

AWS, which provides vital infrastructure for much of the internet, suffered several outages last year.

Michał Woźniak, a cybersecurity expert, said it would be nearly impossible for Amazon to completely prevent internal AI agents from making errors in future, because AI systems make unexpected choices and are extremely complex.

“Amazon never misses a chance to point to ‘AI’ when it is useful to them – like in the case of mass layoffs that are being framed as replacing engineers with AI. But when a slop generator is involved in an outage, suddenly that’s just ‘coincidence’,” he added.

A spokesperson from Amazon said: “This brief event was the result of user error – specifically misconfigured access controls – not AI.”

They said the “service interruption was an extremely limited event last year” when a tool used to visualise costs for its customers was affected in parts of China.