Google rushes fix for actively exploited Chrome zero-day

Google has released emergency security updates to address a high-severity Chrome vulnerability that is being actively exploited in the wild, marking the first Chrome zero-day patched in 2026. Tracked as CVE-2026-2441, the flaw is a use-after-free vulnerability caused by an iterator invalidation bug in Chrome’s CSSFontFeatureValuesMap. The issue was reported by security researcher Shaheen Fazim.

Successful exploitation could allow attackers to trigger browser crashes, rendering issues, data corruption, or other undefined behaviour. While Google has confirmed real-world exploitation, it has not disclosed further details, stating that access to bug information will remain restricted until the majority of users have applied the fix.

The patch has been backported into stable Chrome releases for Windows, macOS, and Linux, highlighting the urgency of the threat. Google has also indicated that the fix addresses the immediate problem, with additional related work still ongoing. Users are strongly advised to update Chrome as soon as possible, either manually or by restarting the browser to apply updates automatically.

Deutsche Bahn hit by DDoS attack disrupting digital rail services

German rail operator Deutsche Bahn has confirmed it was targeted by a cyberattack that disrupted key digital services, including travel information and booking systems. The company said a distributed denial-of-service (DDoS) attack struck its IT systems in waves around midday on Tuesday, overwhelming online services on its website and the DB Navigator app.

Deutsche Bahn described the scale of the attack as considerable and confirmed it was specifically targeted. While many DDoS attacks are often dismissed as digital vandalism, their impact can be significant when aimed at critical national infrastructure. Customers were first alerted to service disruptions on Tuesday afternoon, with systems largely stabilised by the evening. Further issues emerged on Wednesday morning, which the company later attributed to the ongoing attack.

Deutsche Bahn stated that defensive measures helped minimise customer impact and stressed that protecting customer data and service availability remains its top priority. The operator has been working closely with German cybersecurity authorities. The incident comes amid repeated warnings that transport infrastructure is a prime target for cyber and hybrid attacks, particularly against the backdrop of heightened geopolitical tensions.

CISA adds four actively exploited flaws to KEV catalogue

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added four vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalogue, warning that all are being actively exploited in the wild. The move signals a heightened risk to organisations running affected software.

The newly added flaws include CVE-2026-2441, a high-severity use-after-free vulnerability in Google Chrome that can enable heap corruption through a crafted HTML page. Its inclusion follows Google’s recent confirmation that the flaw is already being exploited. Also listed is CVE-2024-7694, an arbitrary file upload vulnerability in TeamT5 ThreatSonar Anti-Ransomware, which could allow attackers to upload malicious files and execute system commands.

CISA also flagged CVE-2020-7796, a critical SSRF vulnerability in Zimbra Collaboration Suite, previously linked to widespread scanning and exploitation activity, and CVE-2008-0015, an older Windows ActiveX flaw that can lead to remote code execution and malware delivery.

US federal agencies have been urged to apply fixes by 10 March 2026, with all organisations advised to prioritise patching and mitigation to reduce exposure.

Dutch telecom Odido breach exposes data of 6.2 million customers

Odido, the Netherlands’ largest telecommunications provider, has confirmed a cyber attack that exposed the personal data of more than six million customers. The company detected the incident on 7 February and launched an investigation with the support of external cyber forensics specialists.

The breach affected a customer contact system and resulted in the exposure of extensive personal information, including names, addresses, phone numbers, email addresses, customer numbers, IBANs, dates of birth, and government-issued ID details. While no passwords, call records, location data, billing information, or ID document scans were accessed, the stolen data could still be used for highly convincing phishing campaigns, identity fraud, or SIM swap attacks.

Odido stated that its operational services were not disrupted and that customers could continue to use mobile, internet, and TV services safely. The company moved quickly to cut off unauthorised access, enhanced monitoring, notified affected customers within 48 hours, and reported the incident to the Dutch Data Protection Authority.

The incident highlights why telecommunications providers remain prime targets for cyber criminals due to the scale and sensitivity of the data they hold.

Figure breach exposes data from nearly one million fintech accounts

Hackers have stolen the personal and contact information of almost one million users after breaching systems at Figure Technology Solutions, a blockchain-based financial technology company. While Figure did not publicly disclose the incident, the company confirmed that attackers accessed a limited number of files through a social engineering attack that tricked an employee into granting access.

According to breach notification service Have I Been Pwned, data from 967,200 accounts was later posted online. The exposed information includes names, email addresses, phone numbers, physical addresses, and dates of birth. No financial credentials or passwords have been confirmed as compromised, but the data is sufficient to enable identity fraud and highly targeted phishing attacks.

The ShinyHunters extortion group has claimed responsibility and leaked around 2.5GB of data on its dark web site. The incident appears linked to a wider campaign using voice phishing to compromise single sign-on accounts, highlighting ongoing risks posed by social engineering even in highly digital, security-aware organisations.

Stolen government credentials used to access 1.2 million French bank accounts

French authorities have confirmed that a hacker accessed data linked to 1.2 million bank accounts after stealing official government credentials, according to the Economy Ministry. The intrusion targeted a national database containing records of bank accounts held in French financial institutions and was detected in late January.

Using the compromised credentials, the attacker was able to consult personal data including bank account numbers, account holder names, addresses, and in some cases tax identification numbers. Authorities stressed that no access was gained to account balances or transaction histories, and there is currently no evidence that data was removed from the system. Once identified, the attacker’s access was immediately blocked.

Affected individuals are expected to be notified in the coming days, and a criminal complaint has been filed. The incident has also been reported to France’s data protection authority, the CNIL. The Economy Ministry has not attributed the attack, and it remains unclear whether the activity was carried out by a cybercriminal or a state-linked actor, amid a broader rise in high-profile cyber incidents targeting French public sector systems.

If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation. 

The Threat Intel Roundup was prepared by Integrity360 summarising threat news as we observe it, current at the date of publishing. It should not be considered to be legal, consulting or any other professional advice. Any recommendations should be considered in the context of your own organisation. Integrity360 does not take any political stance in the information that we share. Moreover, the opinions expressed may not necessarily be the views of Integrity360.