It’s a Paper Trail for the week ending in Feb 21, 2026, and we’ll cover what happened last week in the Information Security space.
Last Week, in Review
- The University of Mississippi Medical Center shut down all 35 clinics statewide after a ransomware attack. [NPR, BleepingComputer]
- An unsecured database at a KYC provider exposed 1 billion personal records, including names, addresses, dates of birth, and national IDs, for more than 26 countries. [CyberNews]
- Palo Alto Networks’ Unit 42 team observed that AI is shortening the time it takes from reconnaissance to exploitation in an attack, with an instance where it took as little as 72 minutes. [Palo Alto Networks]
- 94% of PE firms surveyed by CCI identified financial impact from cybersecurity risk, including increased compliance or cybersecurity costs (62%), indirect remediation or consultancy costs (46%) and reduced valuation or exit price due to cyber incidents (26%). [CCI]
- Gartner predicted that 40% of enterprise apps will have task-specific AI agents built within the applications in 2026, up from less than 5% in 2025. [Gartner]
Pulse
PromptSpy is malware capable of capturing device information, taking screenshots, gathering lockscreen data, and blocking uninstallation. While it is the first known Android malware that uses Google Gemini to analyze device UI and generate tap/swipe instructions dynamically for persistence, it highlights the new frontier in malware development that can make malware more dynamic and grant adversaries capabilities that may be difficult with traditional approaches. [ESET Research, HackerNews]
Microsoft Research Team observed a new type of exploitation against AI agents – AI Recommendation Poisoning – is being employed to influence AI agents’ behavior for “Summarize X” prompts by planting information in the AI agent’s memory – normally used to store user preferences and drive AI behavior customization. This can – over time – potentially lead to brand credibility confusion, financial impact, and erosion of trust. [Microsoft Research]
Fix-it Frank
Google issued an emergency update for a use-after-free vulnerability in Google Chrome – the first zero day of 2026 for Chrome – that can be exploited by visiting a maliciously crafted HTML page. It is recommended to update Chrome to v145.0.7632.75+ and relaunch after the update to activate the fix. [CVE, HackerNews]
On February 17, an unauthorized entity used a compromised NPM publish token to push Cline CLI v2.3.0 with a postinstall script that silently installed OpenClaw, an autonomous AI agent framework, on developer machines. To identify the potential impact, the environment should be investigated for unauthorized OpenClaw installations, and Cline should be upgraded to v2.4.0+ if used in an organization. [Adnan Khan, Snyk, TheHackerNews]
The Fine Print
Signed into law in March 2022, CIRCIA requires CISA to develop framework and rules for organizations in critical sectors (energy, healthcare, finance, IT, and more) to report material cyber incidents to CISA within 72 hours and ransomware payments within 24 hours. With the rules taking effect in 2026, CISA town halls – with probability of being delayed due to a lapse in funding – are providing an opportunity for organizations in critical sectors to provide limited inputs to the process. [CISA, DWT]
The Bottom Line
Threat activity is trending toward AI-augmented speed and scale, while at the same time, the rapid growth of enterprise AI agents is opening new attack surfaces that traditional defenses may not be designed for, and work on incoming CIRCIA reporting mandates signal governance beginning to catch up to the operational risk landscape.