Eurail traveler data for sale, EU Parliament blocks AI features, Washington Hotel discloses ransomware hit - Cybersecurity Headlines

Summary5 min read

Cybersecurity Headlines – February 17, 2026

Host: Sarah Lane, CISO Series
Main Theme:
Today’s episode covers breaking stories in global cybersecurity, focusing on breaches impacting travel and hospitality, compliance actions against AI in government, new ransomware and phishing trends, critical Chrome vulnerabilities, and evolving risks to consumer tools and AI agents.

Key Discussion Points & Insights

1. Eurail Traveler Data Breach and Dark Web Sale

[00:08] Incident Overview:
- Hackers accessed Eurail's customer database, leaking sensitive user data now being sold on the dark web and sample data posted publicly on Telegram.
- Exposed details: Names, passport and ID numbers, IBANs, health data, and contact details.
Company Response:
- Still assessing the breach's scope; will notify impacted individuals when confirmed.
- Urges all users to reset passwords and monitor their bank accounts.
Notable Quote:

"The company is still determining how many customers were affected and says it will notify individuals once the investigation is complete, while urging users to reset passwords and monitor bank activity." (Sarah Lane, 00:38)

2. EU Parliament Disables AI Features Over Security Fears

[00:54] Security Move:
- EU Parliament disabled built-in AI tools on work devices for lawmakers and staff after IT flagged indeterminate data sharing with cloud services by default.
- Concerns: AI features might transmit work data for tasks that don't need cloud processing.
- Official email: Core work apps (email, docs) remain unaffected.
Guidance:
- Officials cautioned against exposing work data to AI features and third-party AI apps on personal devices.
Notable Quote:

"Officials were advised to avoid exposing work information to AI tools and to be cautious with third party AI apps on personal devices." (Sarah Lane, 01:29)

3. Washington Hotel (Japan) Discloses Ransomware Attack

[01:32] Incident Outline:
- The 30-property hotel chain suffered ransomware on February 13; hackers breached servers and accessed business data.
- Customer data stored elsewhere, likely remains safe; only business systems directly affected.
- Temporarily disrupted some hotel operations, including credit card terminals.
Response & Containment:
- Immediate system disconnections plus police and expert investigation.
Notable Quote:

"Customer data is likely safe because it's stored on separate systems, though some operations, including credit card terminals, were temporarily affected." (Sarah Lane, 01:56)

4. Google Chrome Zero Day – Emergency Patch Released

[02:00] Vulnerability Details:
- First Chrome zero day exploit of 2026, involving a high-severity use-after-free flaw in CSS handling.
- Attackers could run code in Chrome's browser sandbox via malicious web content.
Mitigation:
- Security researcher Shaheen Fazeem reported the bug on February 11; patches now live for Windows, macOS, Linux.
Notable Quote:

"Google says it was already being exploited in the wild before the fix." (Sarah Lane, 02:20)

5. Starlink Terminal Restrictions Hindering Russian Forces

[03:00] Geopolitical Cyber Defense:
- Ukraine implemented a new verification system, blocking unauthorized Starlink terminals—impacting Russia’s use in drone operations.
- Result: Immediate reduction in kamikaze drone attacks and disrupted Russian coordination.
- Russian workaround attempts: Recruiting civilians to register devices; hackers tricking soldiers into revealing locations.
Notable Quote:

"Officials say the change has already reduced kamikaze drone attacks and disrupted coordination." (Sarah Lane, 03:22)

6. Operation Doppelbrand: Fortune 500 Phishing Campaign

[03:45] Threat Summary:
- Group GS7 actively impersonating Fortune 500 brands to steal credentials, targeting financial and high-value firms.
- Tactics: Over 150 spoofed domains, realistic login portals.
- Stolen data routed to Telegram bots; possible remote management tool installation for initial ransomware access.
Notable Quote:

"GS7 may sell access to ransomware groups as an initial access broker." (Sarah Lane, 04:15)

7. Password Manager Vulnerabilities Question "Zero Knowledge" Claims

[04:20] Research Findings:
- ETH Zurich & Universita della Spezera Italiana exposed multiple weaknesses in Bitwarden, LastPass, and Dashlane.
- Attacks (if servers compromised): 12 on Bitwarden, 7 on LastPass, 6 on Dashlane—some allow password disclosure or vault changes.
- Root issues: Legacy cryptography and unclear threat models.
Notable Quote:

"Researchers found multiple weaknesses...that could expose passwords if the service's servers were compromised, despite their zero knowledge claims." (Sarah Lane, 04:37)

8. Infostealer Malware Targeting OpenClaw AI Agents

[05:04] Malware Campaign:
- Hudson Rock finds infostealer (likely Vidar) exfiltrated OpenClaw config files—gateway tokens, crypto keys, core behavioral rules.
- Scale: Hundreds of thousands of OpenClaw instances at risk for remote code execution.
- Broader threat: Rise of malicious AI agent accounts and skills; anticipation of customized infostealer modules to target AI as usage expands.
Notable Quote:

"Infostealers will likely add dedicated modules to target AI agents as they become more widely used." (Sarah Lane, 05:45)

Memorable Quotes & Moments

"Being a CISO can feel like a no win situation at times. While the role is now very common in organizations, they often face an imbalance of responsibility and authority." (Sarah Lane, 06:07)

Timestamps for Key Segments

| Time | Segment | |---------|----------------------------------------------------------------------------------| | 00:07 | Episode start, headlines introduction | | 00:08 | Eurail traveler data breach | | 00:54 | EU Parliament disables AI on work devices | | 01:32 | Washington Hotel ransomware attack | | 02:00 | Google Chrome zero day patch | | 03:00 | Starlink verification blocks Russian use | | 03:45 | Operation Doppelbrand phishing campaign | | 04:20 | Password manager research exposes vulnerabilities | | 05:04 | Infostealer malware found targeting OpenClaw AI agents | | 06:07 | CISO leadership challenges & podcast episode preview |

Tone & Language

Sarah Lane’s delivery is succinct and urgent, focused on concrete facts and practical recommendations, using industry-appropriate language that’s direct but accessible. Speaker attributions and quotes reflect her professionalism and clarity.

Final Thoughts

This episode underscores the rapidly evolving scope of cybersecurity threats—from nation-state-driven attacks to technical vulnerabilities in consumer and enterprise tools. It highlights the continuous challenge for organizations and individuals: staying informed, patching rapidly, and maintaining vigilance against both technical and human-factor risks.

Loading summary

Transcript3 lines

[00:00]
A
From the CISO series. It's Cybersecurity Headlines.
[00:07]
B
These are the cybersecurity headlines for Tuesday, February 17, 2026. I'm Sarah Lane. Eurail Stolen Traveler data now up for Sale Eurail says data stolen in a recent breach is now being offered for sale on the Dark Web, with a sample also posted to Telegram. The Netherlands based rail pass operator previously confirmed attackers accessed its customer database, exposing information including names, passport and ID numbers, ibans health data and contact details. The company is still determining how many customers were affected and says it will notify individuals once the investigation is complete, while urging users to reset passwords and monitor bank activity. EU Parliament blocks AI features the European Parliament has disabled built in AI features on work tablets and phones used by lawmakers and staff after its IT department said it could not guarantee the tool's data security. An internal email said some features send data to cloud services, even for tasks that could run locally, and the extent of shared data is still being assessed. Core apps like email and documents are unaffected, but officials were advised to avoid exposing work information to AI tools and to be cautious with third party AI apps on personal devices. Japan's Washington Hotel discloses ransomware hit Washington Hotel, a 30 property business hotel chain in Japan run by Fujita Kanko, says it was hit by a ransomware attack on February 13 after hackers breached its servers. The company disconnected affected systems and is working with police and external security experts confirming that business data was accessed. It says customer data is likely safe because it's stored on separate systems, though some operations, including credit card terminals, were temporarily affected. Google patches Chrome zero day exploits surface Google issued an emergency patch for Chrome's first zero day of 2026, a high severity use after free flaw in the browser's CSS. Handling. The bug could let attackers run code inside the browser sandbox via a malicious web page, and Google says it was already being exploited in the wild before the fix. Security researcher Shaheen Fazeem reported the issue on February 11 and patched versions are now rolling out for Windows, macOS and Linux. Huge thanks to our sponsor Conveyor. Here's a fun Would you rather support more enterprise deals or answer fewer security questionnaires? Moving upmarket usually means more scrutiny and more security questions. Instead of hiring more people or slowing sales. Alteryx used Conveyor's AI to automate customer security reviews like questionnaires, SOC2 requests and all the back and forth. They supported 200% growth and over half a billion dollars in pipeline with a four person team. If you're tired of choosing between growth and sanity. Check out conveyor@conveyor.com Starlink restrictions hit Russian forces Ukraine's new national verification system for Starlink terminals is disrupting Russian forces after it confirmed Russia was using Starlink equipped drones for real time control. Only registered devices now work in Ukrainian controlled territory, and officials say the change has already reduced kamikaze drone attacks and disrupted coordination. Ukrainian authorities warn Russia is trying to recruit civilians to register terminals on its behalf, while a hacker group claims it tricked Russian soldiers into revealing locations and paying to restore blocked devices. Operation doppelbrand weaponizing Fortune 500 SoC radar researchers say a financially motivated group dubbed GS7 is running a phishing campaign called Operation Doppelbrand that impersonates Fortune 500 brands to steal credentials. The operation, active since at least late 2025, targets major financial institutions and other high value companies using more than 150 spoofed domains and highly accurate login pages. Stolen credentials and device data are sent to Telegram bots and victims may have remote management tools installed, suggesting GS7 may sell access to ransomware groups as an initial access broker. Compromised password managers? Maybe not. Researchers from ETH Zurich and Universita della Spezera Italiana found multiple weaknesses in bit Warden, LastPass and Dashlane that could expose passwords if the service's servers were compromised, despite their zero knowledge claims. Using a malicious server model, the team demonstrated 12 attacks against Bitwarden, seven against Lastpass and six against Dashlane, with some leading to password disclosure or vault changes, the researchers said. Legacy cryptography and unclear threat models contributed to the issues. Infostealer malware found stealing OpenClaw secrets Hudson Rock researchers say an infostealer, likely a Vidar variant, exfiltrated configuration files from an open claw AI agent, including gateway tokens, cryptographic keys and the agent's core behavioral rules. The data could let attackers remotely access the agent or impersonated in authenticated requests. Security Scorecard also found hundreds of thousands of exposed OpenClaw instances vulnerable to remote code execution. While other researchers uncovered malicious skills and undeletable AI agent accounts on the maltbook platform. Some are warning infostealers will likely add dedicated modules to target AI agents as they become more widely used. Being a CISO can feel like a no win situation at times. While the role is now very common in organizations, they often face an imbalance of responsibility and authority. How did the situation get so bad and what can be done to empower CISOs? That is what we're breaking down on this week's CISO series podcast. Look for the episode we gave the CISO Risk and liability and now they want authority. The the nerve. Wherever you get your podcasts. And as always, if you have some thoughts on the news from today or about our show in general, be sure to reach out to us@feedbackisoseries.com we'd love to hear from you. I am Sarah Lane, reporting for the CISO series. You stay safe, stay warm, and stay cool out there.
[07:41]
A
Cybersecurity headlines are available every weekday. Head to CISO series.com for the full stories behind the headlines. Don't.