cybersecurity threats February 2026

Six Zero-Days and AI Coding Tools Under Attack: What Means for Your Cybersecurity Strategy

Francois

5 min read
Six Zero-Days and AI Coding Tools Under Attack: What Means for Your Cybersecurity Strategy

If you lead an IT organization or security operations center, the headlines of recent weeks should demand your attention — not tomorrow, not next quarter, but now. Microsoft's Patch Tuesday dropped six zero-day vulnerabilities already under active exploitation. At the same time, the same release revealed the first major remote code execution flaws targeting AI coding assistants like GitHub Copilot — weaponized through prompt injection. Alongside these, a zero-click vulnerability rated CVSS 10.0 was disclosed in desktop AI agent extensions, and nation-state actors continued their campaigns against telecom infrastructure. Together, these developments paint a picture of a threat landscape that is accelerating faster than most organizations can respond.

Here is what happened, why it matters, and what you should do about it.

Microsoft's February Patch Tuesday: Six Zero-Days Under Active Exploitation

Microsoft released security updates today addressing 58 vulnerabilities, including six zero-day flaws already being exploited in the wild. That volume of actively exploited vulnerabilities in a single release is extraordinary and signals a coordinated escalation by threat actors testing organizational response times.

The six zero-days span a dangerous range of attack surfaces:

  • CVE-2026-21510 — A Windows Shell bypass that lets attackers slip past SmartScreen protections with a single malicious link click. It affects every currently supported version of Windows.
  • CVE-2026-21514 — A Microsoft Word bypass that circumvents OLE mitigations in Microsoft 365 and Office, rated 7.8 on the CVSS scale.
  • CVE-2026-21513 — An MSHTML framework bypass allowing code execution through malicious HTML or LNK files.
  • CVE-2026-21519 — A privilege escalation flaw in the Desktop Window Manager, discovered internally by Microsoft researchers.
  • CVE-2026-21525 — A denial-of-service vulnerability in Windows Remote Access Connection Manager, discovered by the 0patch research team.
  • CVE-2026-21533 — A privilege escalation bug in Windows Remote Desktop Services that grants SYSTEM-level access, attributed to CrowdStrike's Advanced Research Team.

Why This Matters Beyond the Patch Cycle:

The expanding attack surface, including remote code execution flaws in AI tools, should inspire cybersecurity professionals to stay vigilant and proactively adapt their strategies, reinforcing their role in defense. What sets this month apart is not the zero-days alone — it is the addition of remote code execution vulnerabilities in GitHub Copilot and multiple IDEs, including VS Code, Visual Studio, and JetBrains products. CVE-2026-21523, CVE-2026-21516, and CVE-2026-21256 all stem from command injection flaws triggered through prompt injection — tricking the AI coding assistant into executing malicious code on a developer's machine.

As Kev Breen at Immersive Labs noted, these AI-targeted exploits represent a fundamentally new attack surface. Developer environments have traditionally been treated as trusted zones. When an AI assistant with code execution privileges can be weaponized through a crafted prompt, the implications ripple through your entire software supply chain.

What You Should Do

  1. Prioritize patching CVE-2026-21510 and CVE-2026-21533 immediately. These offer the broadest exploitation potential: one requires only a click, the other grants SYSTEM access through RDP.
  2. Audit AI coding tool configurations across your development teams. Restrict Copilot and IDE extension permissions. Apply the principle of least privilege to AI agent integrations.
  3. Brief your development leads on the prompt injection attack vector targeting Copilot. This is not theoretical — it is patched because it was exploitable.

The AI Attack Surface Expands: Copilot Exploits and Desktop Agent Vulnerabilities

Beyond the GitHub Copilot command injection flaws patched by Microsoft, a separate report from LayerX researchers disclosed a zero-click vulnerability in Claude Desktop Extensions rated CVSS 10.0 — the maximum severity score. The flaw allowed attackers to execute code on a victim's system via a malicious Google Calendar event, chaining tool permissions to full system privileges with no sandboxing.

Meanwhile, researchers documented how criminals are using AI to clone professional websites on an industrial scale, with one network growing to over 150 domains. A new commercial mobile spyware platform called ZeroDayRAT is being marketed on Telegram for full remote control of Android and iOS devices.

The Takeaway for Security Leaders

AI tools are moving from novelty to infrastructure. When your developers rely on AI coding assistants, your executives use AI scheduling agents, and your SOC deploys AI-powered triage, each integration introduces a new trust boundary that traditional security models were not designed to protect. The February 10 news makes this concrete: prompt injection is now a weaponized attack vector, and AI agents with system-level permissions are a zero-click exploitation target.

Common Mistakes to Avoid

  • Treating Patch Tuesday as routine. Six actively exploited zero-days are not routine. Delay here is measured in hours of exposure, not days.
  • Ignoring AI tool permissions. Developers often install IDE extensions and AI agents without a security review. That gap is now actively exploited.
  • Treating prompt injection as a theoretical concern. Microsoft patched Copilot RCE flaws this month because they were exploitable. Build prompt injection testing into your application security program now.
  • Granting AI agents system-level privileges without sandboxing. The CVSS 10.0 zero-click exploit in desktop AI extensions was possible because the agent had unsandboxed system access. Apply least privilege to every AI integration.
  • Siloing vulnerability management from development tooling. When your IDE is an attack vector, your patch management and developer security programs must be coordinated.

A Framework for This Week's Response

Use this prioritized action framework to triage today's developments:

  1. Immediate (24–48 hours): Deploy Microsoft's February patches with priority on the six zero-days and Copilot RCE vulnerabilities. Update GitHub Copilot and all IDE extensions across your development fleet.
  2. Short-term (1–2 weeks): Audit AI coding tool and agent permissions across your environment. Inventory every AI integration that has code execution or system access privileges. Review and restrict extension installation policies.
  3. Medium-term (30–90 days): Integrate prompt injection testing into your application security program. Establish sandboxing and least-privilege requirements for all AI agent deployments. Develop an AI tool security policy if you do not have one.
  4. Ongoing: Track AI agent security advisories as this attack surface matures. Monitor for new CVEs targeting developer tooling and AI integrations. Conduct recurring reviews of AI tool configurations against your security baseline.

Final Thought

The events of February 10, 2026, are not a collection of unrelated incidents. They are symptoms of the same underlying condition: the attack surface is expanding faster than legacy security models can contain it. When six zero-days land on the same day that AI coding assistants are revealed as an exploitable attack vector, the message is clear — the tools your teams rely on every day are now the tools adversaries are targeting.

The organizations that will weather this environment are those that treat days like today not as fire drills but as evidence that their security strategy needs to evolve.

Sources

Read more