Date: 2026-02-02 (Incident date); Reported 2026-02-03

Location: Global (Targeting Southeast Asia and Central America organizations)

Key Actors: Lotus Blossom APT (aka Lotus Panda, Billbug), suspected Chinese government-linked espionage crew

• Lotus Blossom compromised a shared hosting server used by the Notepad++ text editor.
• The threat actor selectively redirected update traffic and delivered a previously unknown backdoor named Chrysalis to high-value targets, including government, telecom, aviation, and critical infrastructure sectors.
• This incident highlights critical supply chain vulnerabilities in widely utilized software.
• Users of Notepad++ may have unknowingly downloaded a malicious update after its shared hosting servers were hijacked last year. https://www.google.com/url?q=https://www.theverge.com/tech/872462/notepad-plus-plus-server-hijacking&sa=E&source=workflows

Date: February 3, 2026 (Reported)

Location: N/A

Key Actors: National Security Agency (NSA)

• The NSA offered phased guidance for zero-trust implementation.

Date: 2026-02-02 (Reported); January 2026 (Attacks)

Location: Poland, Venezuela, United States (Telecommunications Sector)

Key Actors: Unidentified actors mirroring techniques used against Ukraine (Poland); US government/military forces (Venezuela); Ransomware actors (US Telecoms)

• A cyberattack attempt targeting the Polish electrical distribution grid was rebuffed and reported.
• The US Federal Communications Commission (FCC) issued a warning regarding a surge in ransomware attacks against small-to-medium sized telecommunications providers.

Date: Reported 2026-02-02 to 2026-02-03

Location: N/A

Key Actors: ShinyHunters, Threat actors targeting corporate inboxes

• Threat actors operating under the ShinyHunters banner are using Multi-Factor Authentication (MFA) as a pretext in ongoing social engineering attacks. https://www.google.com/url?q=https://www.helpnetsecurity.com/2026/02/02/shinyhunters-mfa-social-engineering/&sa=E&source=workflows
• A malware-free phishing campaign is targeting corporate inboxes, using fake PDF lures related to “request orders,” ultimately leading to Dropbox credential theft. https://www.google.com/url?q=https://www.darkreading.com/cloud-security/attackers-harvest-dropbox-logins-fake-pdf-lures&sa=E&source=workflows

Date: 2026-02-03 (Report Release Context)

Location: Global

Key Actors: State Actors, Geopolitical Competition, Artificial Intelligence (AI) Adoption

• Geopolitics is the primary factor influencing cyber risk mitigation strategies globally.
• 64% of organizations are actively accounting for geopolitically motivated cyberattacks.
• AI is cited as the most significant driver of change in cybersecurity for 2026, enabling more sophisticated adversarial capabilities.

Date: Reported 2026-02-03

Location: Turkey (Planned meeting location)

Key Actors: US, Iran

• A high-stakes diplomatic effort is underway to avert a regional conflagration following Washington’s threats to Tehran. https://www.google.com/url?q=https://www.globalsecurity.org/wmd/library/news/iran/2026/02/iran-260202-rferl01.htm&sa=E&source=workflows
• Senior U.S. and Iranian officials are poised to meet in Turkey this week.

Date: Reported 2026-02-03

Location: Global

Key Actors: Russia

• Russia is ready for a world with no nuclear arms control limits after the New START treaty expires later this week. https://www.google.com/url?q=https://www.reuters.com/world/china/russia-is-ready-new-world-with-no-nuclear-limits-ryabkov-says-2026-02-03/&sa=E&source=workflows

Date: Reported 2026-02-02 to 2026-02-03

Location: Mexico, Cuba

Key Actors: Mexican President Claudia Sheinbaum, US

• Mexico’s president pledged to send humanitarian aid to Cuba this week despite US efforts to cut oil access. https://www.google.com/url?q=https://www.theguardian.com/world/2026/feb/02/claudia-sheinbaum-mexico-oil-cuba-trump?utm_source%3DOSINT_Daily_Newsletter%26utm_medium%3Demail%26utm_campaign%3Dosint-intelligence-briefing-february-03-2026&sa=E&source=workflows

Date: 2026-02-02

Location: Near Minamitorishima Island, Japan

Key Actors: Japan (Prime Minister Sanae Takaichi)

• Japan successfully drilled and retrieved deep-sea sediment containing rare earth minerals, a world-first test retrieval from a depth of nearly 6,000 meters.
• This effort is part of Japan’s move to achieve resilient supply chains for critical minerals and reduce overdependence on China. https://www.google.com/url?q=https://apnews.com/article/japan-rare-earths-china-deep-sea-c97d34522e23ed418cf068f4a0217188&sa=E&source=workflows

Date: 2026-02-08 (Event); Restrictions established 2026-02-03

Location: Levi’s Stadium, Santa Clara, California, and multiple San Francisco venues

Key Actors: Federal Aviation Administration (FAA), Federal Bureau of Investigation (FBI), Department of Homeland Security (DHS)

• The FAA, in coordination with the FBI, established extensive drone restrictions, or “No Drone Zones,” for Super Bowl LX.
• FBI personnel are deploying specialized detection and mitigation capabilities.
• Unauthorized drone operators face potential fines up to $75,000, confiscation, and federal criminal charges. https://www.google.com/url?q=https://dronelife.com/2026/02/02/faa-and-fbi-establish-comprehensive-drone-restrictions-for-super-bowl-lx/&sa=E&source=workflows

Date: Last week (Reported 2026-02-02)

Location: Diori Hamani International Airport (NIM), Niger

Key Actors: Islamic State militants

• Footage shows Islamic State militants setting off explosions and moving freely among passenger planes during an attack.
• The incident has renewed international concern, prompting Washington to order non-emergency government employees and their family members to leave the country. https://www.google.com/url?q=https://www.reuters.com/world/africa/gun-wielding-is-militants-roamed-freely-airport-tarmac-during-niger-attack-2026-02-02/&sa=E&source=workflows

Date: 2026-02-03 (Stranded); January 2026 (Seizure)

Location: Rarotonga, Cook Islands (Avatiu International Secure Port)

Key Actors: MV Raider (Togo-flagged cargo ship), French Authorities, Cook Islands Officials, International Criminal Networks

• The MV Raider was seized mid-January 2026 by French authorities carrying 4.87 tonnes of cocaine destined for Australia.
• The vessel later docked in Rarotonga under a distress call for urgent engine repairs.
• Cook Islands authorities have restricted the movement of the 11-member crew (Honduran and Ecuadorian nationals) and placed the ship under 24-hour security.

Date: 2026-02-02 (Reported); January 29, 2026 (Interception)

Location: North of the Port of Penang, Malaysian Waters

Key Actors: Malaysian Maritime Enforcement Agency (MMEA), Two Unnamed Tankers, 53 crew members (Chinese, Burmese, Indian, Pakistani, Iranian nationals)

• MMEA detained two tankers anchored together for the alleged illegal transfer of crude oil, valued at approximately US$130 million.
• The seizure is part of intensified enforcement efforts by the Malaysian Government against sanctions evasion and illicit activities.

Date: 2026-02-01

Location: Eastern Pacific Ocean, 483 miles northwest of the Galapagos Islands, Ecuador

Key Actors: U.S. Coast Guard (RCC Alameda), Motor Vessel Seaways Kenosha, Fishing Vessel La Pena (Venezuelan-flagged)

• The US Coast Guard coordinated the rescue of 27 mariners whose fishing vessel, the La Pena, caught fire and sank.
• The rescue was executed by the AMVER-participating commercial motor vessel Seaways Kenosha.