So you’ve got a groundbreaking product that has outstanding market fit. Your prospects love it and are raring to buy. Amazing. But before they can hit approve on the order, they need to make sure you’re SOC 2 or ISO 27001 compliant because their compliance officer won’t let them work with any vendor that hasn’t passed their audit. This is the joy of selling to regulated customers — which today, let’s be honest, is almost everyone.

Last month, Microsoft quietly confirmed something that should keep every CISO up at night. As first reported by BleepingComputer and later detailed by TechCrunch, a bug in Microsoft Office allowed Copilot, the AI assistant embedded in millions of enterprise environments, to summarize confidential emails and hand them to users who had no business seeing them. Sensitivity labels? Ignored. Data loss prevention (DLP) policies? Bypassed entirely. This wasn't the work of a hacker or malware.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! The comments are particularly interesting too!

On February 9, 2026, security researcher Adnan Khan publicly disclosed a vulnerability chain (dubbed "Clinejection") in the Cline repository that turned the popular AI coding tool's own issue triage bot into a supply chain attack vector. Eight days later, an unknown actor exploited the same flaw to publish an unauthorized version of the Cline CLI to npm, installing the OpenClaw AI agent on every developer machine that updated during an eight-hour window.

With an ever-increasing demand for additional security from today’s technology platforms, Microsoft is implementing several new measures to build a more robust ecosystem by default.

Digital sovereignty is not a talking point anymore. It is a real technical requirement. Governments, telcos, and regulated enterprises are building sovereign clouds on OpenStack to keep data under their jurisdiction. But what about the backups? If your sovereign cloud data protection solution uses a proprietary format, you have traded one lock-in for another.

Social engineering remained the top initial access vector for cyberattacks in 2025, with increasing assistance from AI tools, according to a report from ThreatDown. The researchers warn that AI will likely become a core component of social engineering attacks throughout 2026. “Deepfake voice, image, and video impersonation now requires minimal expertise and only a handful of reference images or seconds of audio,” the researchers write.