#CyberWeekly

Jason's got nothing on Microsoft's February Patch Tuesday. While the horror franchise scares with a hockey mask, Redmond delivered real terror on February 11 with six actively exploited zero-days — released just in time for Friday the 13th. The patch bundle addressed 54 CVEs total, but these six were already hunting victims in the wild.

The lineup of horrors:

CVE	Component	Impact
CVE-2026-21510	Windows SmartScreen	Security prompt bypass
CVE-2026-21513	Internet Explorer	Security bypass via HTML/LNK
CVE-2026-21514	Microsoft 365 / Office	OLE mitigation bypass
CVE-2026-21519	Desktop Window Manager	Privilege escalation
CVE-2026-21533	Remote Desktop Services	Escalation to System
CVE-2026-21525	Remote Access Connection Mgr	Denial of service

If you haven't patched yet, this is your final warning. Unlike the movies, these exploits don't need a sequel — they're already in production. Check your patch management process, prioritize these six CVEs, and get your clients protected. The only acceptable body count this Friday is zero.

Turning wiki pages into audit-ready documentation just got stupid simple. This week we shipped the wiki-centric compliance engine — a system that lets MSPs make clients audit-ready without ever leaving the wiki. No complex forms, no separate compliance tools, no switching between seventeen tabs.

Here's what's new:

• Wiki pages become control documentation — scope blocks, evidence blocks, and report blocks live right inside your wiki pages, all editable with a click
• Four ways to prove compliance — checkbox confirmation, wiki page links, external URLs, or file uploads. Combine them on a single evidence block
• Progressive refinement — start with "about 30 devices" and add structure when you have it. The system never blocks you from making progress
• Discussion threads everywhere — @mention teammates on any page, evidence block, or scope card. Keep audit trails without email chaos
• Version history with line-level diffs — see exactly what changed, when, and by whom. Compare any two versions side-by-side
• Forward references — define controls first, fill in entities later. Work top-down from requirements to inventory

The MSP benefit? Turn any client into an organized compliance machine. Everything is clickable and inline-editable — no code view required. Clients can print pages directly to PDF for auditors. And because it's all wiki-based, you get audit-ready documentation that actually stays up to date.

The ransomware business is booming, and SMEs are paying the price — literally. BlackFog's State of Ransomware 2026 report, released February 12, shows a 49% increase in attacks year-over-year. Ransomware operators aren't getting lazier either — the average attack now takes just 24 hours from breach to encryption, with groups like Scattered Spider moving 48% faster than last year.

Two-thirds of victims are SMEs with under 500 employees, confirming what we already suspected: small businesses are the new gold rush. Why? Weaker defenses, slower patching, and limited security teams make them low-hanging fruit for Ransomware-as-a-Service operators hunting fast payouts. Belgium alone has 130 victims listed on leak sites — a sobering reminder that "it won't happen to us" is a losing bet.

The defense playbook hasn't changed — but urgency has. Multi-factor authentication, regular tested backups, patch management, and employee training aren't optional anymore. For MSPs, this is your value prop: clients either pay you for prevention or pay ransomware gangs for recovery.

Someone finally weaponized the Outlook add-in ecosystem. Cybersecurity researchers discovered the first malicious Microsoft Outlook add-in deployed in the wild — a supply chain attack that hijacked an abandoned legitimate add-in by claiming its expired domain. Once active, the add-in served a fake Microsoft login page and harvested over 4,000 credentials before detection.

The attack vector is clever and worrying: attackers didn't need to compromise Microsoft or bypass security controls. They just waited for a domain to expire, registered it, and inherited the trust relationship with existing Outlook installations. Users saw a familiar add-in name, entered their credentials on what looked like a legitimate Microsoft page, and handed over the keys. This is supply chain risk in its purest form — the legitimate tool becomes the weapon.

What to do? Audit your organization's Outlook add-ins immediately. Remove anything unused, verify domains for active add-ins, and implement least-privilege access controls so compromised credentials don't grant full network access. For MSPs: add "Outlook add-in audit" to your quarterly security review checklist.

Ransomware just disrupted cancer research, and the damage goes beyond data. The University of Hawaii Cancer Center confirmed a ransomware attack that compromised research servers, encrypted files, and exposed sensitive data including documents containing Social Security numbers. Research operations — critical work on treatments and clinical trials — were disrupted while the organization worked to contain the breach.

Healthcare and research institutions remain high-value targets because they combine sensitive data with operational urgency. Attackers know hospitals and universities can't afford extended downtime, making them more likely to pay ransoms. The Cancer Center breach shows the cascading impact: lost research time, exposed patient data, disrupted collaborations, and potential setbacks in ongoing studies.

For healthcare organizations and researchers: backups are your insurance policy. Offline, tested, verified backups mean ransomware becomes an inconvenience instead of a catastrophe. Segment your network so a breach in one system doesn't cascade. And implement incident response procedures before you need them — because "we'll figure it out during the crisis" is how research gets lost.