6 Zero-Days Exploited NOW, Lazarus Poisons npm, AI-Generated Malware & More | HN62

Microsoft just dropped patches for SIX actively exploited zero-day vulnerabilities — and that's just the beginning. In this week's Hacking News, we break down the February 2026 Patch Tuesday emergency, North Korea's Lazarus Group poisoning npm and PyPI through fake job recruiters, nation-state hackers weaponizing Google's Gemini AI (including malware that writes its own payloads), a massive Dutch telecom breach affecting 6.2 million people, and a U.S. government contractor breach that ballooned from 4 million to potentially tens of millions affected.
This is Exploit Brokers by Forgebound Research — cybersecurity news, threat intelligence, and insights. Whether you're a security analyst, developer, or just someone who wants to stay informed, this episode has something for you.
🔔 Subscribe and hit the bell so you never miss an episode. ⭐ Listening on Spotify or Apple Podcasts? A follow and 5-star rating helps others find the show.
---
⏱️ TIMESTAMPS
0:00 — Cold Open: Did You Run Windows Update? 0:51 — Forge OS Intro 0:55 — Welcome & CTA 1:20 — Microsoft Patch Tuesday: 6 Actively Exploited Zero-Days 6:08 — Lazarus Group "GraphAlgo": Fake Recruiters Poison npm & PyPI 10:02 — Nation-States Weaponize Google Gemini AI (HONESTCUE Malware) 15:05 — Odido Breach: 6.2 Million Dutch Records Stolen 18:38 — Conduent Breach Expands from 4M to Tens of Millions 21:55 — Recap & 5 Key Takeaways 23:54 — Outro
---
📰 STORIES COVERED
Story 1 — Microsoft February 2026 Patch Tuesday • 58 vulnerabilities patched, 6 actively exploited zero-days • CVE-2026-21510: Windows SmartScreen bypass (CVSS 8.8) — "widespread active exploitation" • CVE-2026-21513: MSHTML security bypass • CVE-2026-21514: Microsoft Word OLE bypass • CVE-2026-21533: Remote Desktop Services privilege escalation to SYSTEM • CVE-2026-21519: Desktop Window Manager type confusion → SYSTEM • CVE-2026-21525: RasMan denial of service (VPN crash) • Google, CrowdStrike, Acros Security & Microsoft collaborated on discovery
Story 2 — Lazarus Group "GraphAlgo" Campaign • 192 malicious npm/PyPI packages targeting JavaScript & Python developers • Fake crypto companies (e.g., "Veltrix Capital") used for recruitment lures • Package "bigmathutils" had 10,000+ downloads before payload injection at v1.1.0 • Full-featured RAT with token-based C2 authentication • Attribution: Medium-to-high confidence (Lazarus/DPRK) — GMT+9 commit timestamps
Story 3 — Nation-State Actors Weaponize Google Gemini • Google GTIG report (Feb 12, 2026) confirms NK, Iran, China, Russia using Gemini • UNC2970 (Lazarus overlap) using AI for OSINT and target profiling • Iran's APT42 crafting native-sounding phishing with AI • HONESTCUE malware: Uses Gemini API to generate & execute C# payloads in memory (fileless + polymorphic) • COINBAIT phishing kit built using Lovable AI coding platform
Story 4 — Odido (Netherlands) Data Breach • 6.2 million customers affected (~1/3 of the Netherlands' population) • Stolen: Names, addresses, emails, phone numbers, DOBs, IBANs, passport/license numbers • Formerly T-Mobile Netherlands; subsidiary Ben also affected • Part of broader telecom targeting pattern (Salt Typhoon, SK Telecom, Free SAS)
Story 5 — Conduent Breach Expansion • Jan 2025 ransomware attack originally reported as 4M affected • Now: 15.4M in Texas alone, 10.5M in Oregon, plus DE, MA, NH and more • Total potentially tens of millions across the U.S. • Safeway ransomware gang claimed 8TB stolen • SSNs, medical data, health insurance information compromised
---
📋 KEY TAKEAWAYS
1. Patch like it's urgent — 6 actively exploited zero-days can't wait 2. Your package manager is an attack surface — sandbox job assessment code 3. AI is a force multiplier for attackers — bad grammar is no longer a reliable phishing indicator 4. Telecom data is a goldmine — verify everything through official channels 5. Breach disclosures can be icebergs — monitor your identity proactively
---
🔗 SOURCES
Microsoft Patch Tuesday: • BleepingComputer — https://www.bleepingcomputer.com • Krebs on Security — https://krebsonsecurity.com • SecurityWeek — https://www.securityweek.com • Malwarebytes — https://www.malwarebytes.com • Rapid7 — https://www.rapid7.com • Help Net Security — https://www.helpnetsecurity.com • TechCrunch — https://techcrunch.com
Lazarus GraphAlgo: • ReversingLabs — https://www.reversinglabs.com • The Hacker News — https://thehackernews.com • BleepingComputer — https://www.bleepingcomputer.com • SC Media — https://www.scworld.com • Security Affairs — https://securityaffairs.com
Gemini AI Weaponization: • Google GTIG Blog — https://blog.google/technology/safety-security/ • The Hacker News — https://thehackernews.com • Infosecurity Magazine — https://www.infosecurity-magazine.com • AI News — https://www.artificialintelligence-news.com
Odido Breach: • BleepingComputer — https://www.bleepingcomputer.com • The Register — https://www.theregister.com • TechCrunch — https://techcrunch.com • SecurityWeek — https://www.securityweek.com • The Record — https://therecord.media • NL Times — https://nltimes.nl
Conduent Breach: • TechCrunch — https://techcrunch.com
---
🏷️ HASHTAGS
#cybersecurity #hackingnews #zeroday #microsoft #patching #lazarusgroup #npm #supplychainattack #gemini #AI #malware #databreach #ransomware #infosec #threathunting #exploitbrokers #forgeboundresearch #northkorea #nationstate #cyberthreat #patchtuesday #developers #phishing #telecom #OSINT
---