This Month in Security with Tony Anscombe – February 2026 Edition

The misuse of commercial generative AI tools marks a turning point in cyber‑offense, as attackers no longer need zero‑day exploits to compromise high‑value assets. The FortiGate incidents demonstrate that exposed management interfaces combined with absent multi‑factor authentication create a low‑effort, high‑reward vector across thousands of devices. Organizations must prioritize credential hygiene, enforce MFA on all privileged access points, and regularly audit remote management ports to reduce the attack surface that AI‑enhanced adversaries can exploit.

PromptSpy illustrates a new breed of malware that integrates large language models to adapt its behavior in real time. By analyzing on‑screen content, the Android payload can generate convincing UI overlays that trick users into divulging credentials or installing additional payloads. This context‑aware approach raises detection challenges, as traditional signature‑based tools may miss the dynamic, AI‑generated components. Security teams should augment endpoint monitoring with behavioral analytics and sandbox environments capable of interpreting AI‑driven code paths.

Meanwhile, the FBI’s warning on ATM jackpotting and Poland’s CERT findings on wiper attacks highlight the persistent threat to both financial services and critical infrastructure. Jackpotting attacks leverage malware to override hardware controls, resulting in immediate cash loss and reputational damage for banks. Wiper campaigns, often linked to nation‑state actors, aim to cripple essential services, forcing costly recovery efforts. A coordinated response—sharing threat intelligence, implementing robust backup strategies, and conducting regular red‑team exercises—remains essential for mitigating these evolving risks.