Microsoft patched three critical AI vulnerabilities (CVE-2026-21516, CVE-2026-21523, CVE-2026-21256) affecting GitHub Copilot and multiple IDEs, stemming from command injection flaws triggered through prompt injection that could result in remote code execution. The February 2026 Patch Tuesday addressed six actively exploited zero-day vulnerabilities.

Source: Immersive Labs

AI coding agents are making traditional frameworks obsolete in 2026, with 57% of companies running AI agents in production by early 2026, and Gartner predicting 40% of enterprise applications will have task-specific AI agents built in by year-end.

Source: Serenities AI

Anthropic's Model Context Protocol (MCP) is becoming the standard for connecting AI agents to external tools, with OpenAI and Microsoft publicly embracing it, and 2026 likely being the year agentic workflows finally move from demos into day-to-day practice.

Source: TechCrunch

Anthropic expanded Cowork with customizable agentic plug-ins, enabling enterprises to automate specialized workflows across departments such as marketing, legal, and customer support with tailored automation without heavy technical overhead.

Source: Marketing Profs

ServiceNow patched CVE-2025-12420, a critical vulnerability (CVSS 9.3) affecting its ServiceNow AI Platform, including Now Assist AI Agents and Virtual Agent API, allowing attackers to bypass authentication and impersonate high-privilege users. Fixed versions include Now Assist AI Agents 5.1.18/5.2.19 and later.

Source: Action1

OpenAI released GPT-5.3-Codex on February 5, 2026, with significantly improved coding capabilities but unprecedented cybersecurity risks. The model is the first to hit 'high' cybersecurity risk in OpenAI's preparedness framework, prompting restricted access and enhanced safety measures.

Source: Fortune

OpenAI announced GPT-5.3-Codex-Spark on February 12, 2026, a lightweight real-time coding model powered by Cerebras' Wafer Scale Engine 3 chip. The model delivers over 1000 tokens per second and is available to ChatGPT Pro users as a research preview.

Source: TechCrunch

OpenAI retired several ChatGPT models on February 13, 2026, including GPT-5, GPT-4o, GPT-4.1, and related variants. The company cited low adoption rates as users shifted to newer GPT-5.2 models.

Source: StartupNews.fyi

GPT-5.2-Codex helped discover multiple React vulnerabilities (CVE-2025-55183, CVE-2025-55184, CVE-2025-67779) in real-world security research. The model is designed for long-running software engineering tasks and accelerating vulnerability research workflows.

Source: eSecurity Planet

Microsoft patched 54 CVEs including six actively exploited zero-day vulnerabilities and three publicly disclosed CVEs on February 11, 2026. Key zero-days include CVE-2026-21510 (Windows Shell bypass, CVSS 8.8), CVE-2026-21513 (MSHTML Framework bypass), and CVE-2026-21514 (Microsoft Word bypass).

Source: Tenable

Microsoft released patches for 58 security vulnerabilities on February 11, 2026, including six actively exploited zero-days. Critical fixes include CVE-2026-21519 (Desktop Window Manager privilege escalation) and CVE-2026-21533 (Remote Desktop Services privilege escalation to SYSTEM level).

Source: BleepingComputer

A critical vulnerability CVE-2026-25049 (CVSS 9.4) in n8n workflow automation platform was disclosed on February 9, 2026. The flaw bypasses security safeguards put in place for CVE-2025-68613 and allows attackers to execute system-level commands through malicious workflows with publicly accessible webhooks.

Source: The Hacker News

Microsoft released updates fixing over 50 security holes on February 11, 2026, including six zero-day vulnerabilities being exploited in the wild. Patches also include fixes for GitHub Copilot and multiple IDEs (VS Code, Visual Studio, JetBrains) addressing command injection flaws CVE-2026-21516, CVE-2026-21523, and CVE-2026-21256.

Source: Krebs on Security

Microsoft released 59 vulnerabilities in February 2026 including two Critical CVEs: CVE-2026-21522 (ACI Confidential Containers privilege escalation, CVSS 6.7) and CVE-2026-23655 (ACI Confidential Containers information disclosure, CVSS 6.5). Talos released new Snort rules to detect exploitation attempts.

Source: Cisco Talos Intelligence

VS Code version 1.109 was released on February 4, 2026, with security updates (1.109.1, 1.109.2, 1.109.3) addressing multiple issues. The release expands multi-agent capabilities with Claude compatibility, improved chat UX with faster streaming, and enhanced agent session management.

Source: Releasebot

Microsoft released patches for over 50 security vulnerabilities on February 2026 Patch Tuesday, including AI vulnerabilities (CVE-2026-21516, CVE-2026-21523, CVE-2026-21256) stemming from command injection flaws that can be triggered through prompt injection attacks. Six zero-day vulnerabilities were actively being exploited in the wild.

Source: Krebs on Security

Two malicious AI-branded VS Code extensions (ChatGPT - 中文版 with 1.34M installs and ChatGPT - ChatMoss with 151K installs) were discovered covertly sending developer source code and files to China-based servers. These extensions remain available on the Visual Studio Marketplace despite their malicious functionality.

Source: The Hacker News

AWS announced Claude Opus 4.6 availability in Amazon Bedrock, described as Anthropic's most intelligent model to date. The roundup also included Amazon CloudFront mutual TLS support for origins, AWS Network Firewall price reductions, and Amazon ECS adding Network Load Balancer support for Linear and Canary deployments.

Source: AWS News Blog

Amazon Bedrock enhanced support for agent workflows with server-side tools and extended prompt caching. Amazon SageMaker Unified Studio added private VPC connectivity with AWS PrivateLink. Amazon S3 added support for changing object encryption without data movement.

Source: AWS News Blog

Amazon announced it will invest $200 billion in capital expenditures throughout fiscal year 2026, with primary focus on AWS. CEO Andy Jassy stated AWS saw its fastest quarterly growth since 2022 and that customers want AWS for core and AI workloads.

Source: CIO Dive

AWS announced the general availability of the AWS European Sovereign Cloud to all customers. This addresses digital sovereignty requirements for European public sector organizations and highly regulated industries.

Source: AWS News Blog

New EC2 instances offer up to 30% faster performance for PostgreSQL databases, up to 60% faster for NGINX web applications, and up to 40% faster for AI deep learning recommendation models compared to R7i. R8i instances are SAP-certified and deliver 142,100 aSAPS.

Source: AWS

A critical security flaw in the next-mdx-remote library, tracked as CVE-2026-0969, allows attackers to execute arbitrary code on servers rendering untrusted MDX content. The vulnerability affects versions 4.3.0 through 5.0.0 and has been patched in 6.0.0, stemming from insufficient sanitization in the library's serialize and compileMDX functions.

Source: RankIteo Blog

A denial-of-service (DoS) vulnerability (CVE-2026-23864, CVSS 7.5) has been disclosed affecting React Server Components (RSCs), a feature used by Next.js and other React metaframeworks. The vulnerability is triggered by sending specially crafted HTTP requests to Server Function endpoints.

Source: Netlify

CVE-2026-23864 addresses multiple denial of service vulnerabilities in React Server Components. The vulnerabilities are triggered by sending specially crafted HTTP requests to Server Function endpoints and could lead to server crashes.

Source: Vercel

A recent JavaScript survey reveals developer dissatisfaction with popular tools, with Webpack disliked by 37% of respondents despite 86% usage. The survey suggests 2026 is the year to opt into the Vite toolchain, while TypeScript adoption continues to grow with stable Node.js versions now supporting TypeScript via type stripping.

Source: DevClass