Trending Topics Cybersecurity – February 2026

February shows a clear area of tension: on the one hand, operational disruptions caused by comparatively “classic” forms of attack are on the rise again, while on the other hand, strategic decisions that will have an impact for years to come are coming to the fore. The DDoS attack on Deutsche Bahn clearly shows how quickly digital information and service chains in a critical infrastructure environment can be disrupted – and how important robust protection solutions and emergency and redundancy concepts remain when availability itself becomes a target.

At the same time, the threat situation in the field of cryptography is becoming fundamentally more serious. The BSI warns that quantum computers could massively weaken classic asymmetric methods by around 2030 – with immediate consequences for long-term confidential data and all organizations that currently rely on RSA and ECC-based infrastructures. Remedial action can be taken in the form of quantum-secure encryption methods, such as those used by Myra to consistently secure sensitive traffic data. This strategic necessity is also reflected in the current Gartner forecasts for 2026, which identify quantum-resistant cryptography, agentic AI, new identity management structures, and regulatory volatility as key areas of action for CISOs.

The top IT security topics in February:

Gartner names six key cybersecurity trends for 2026

Gartner identifies six key trends: agentic AI and new IAM requirements, increasing regulatory volatility, post-quantum cryptography, AI-driven SOCs, and changed security awareness through GenAI. For CISOs, this means adapting governance models, crypto strategies, and SOC architectures at an early stage to address compliance risks and new attack surfaces.

Quantum computers threaten classic asymmetric encryption

The BSI warns that advances in quantum computing could fundamentally weaken classic asymmetric cryptography by around 2030 and jeopardize confidential data in the long term. Organizations should inventory their cryptographic landscapes, plan post-quantum procedures, and build cryptographic agility to mitigate “harvest now, decrypt later” attacks.

MCSC 2026: Politics and business should work together to strengthen cybersecurity

At MCSC 2026, experts call for closer cooperation between the government and the private sector to respond to geopolitical tensions, skills shortages, and complex threat situations. Discussions focus on joint resilience strategies, coordinated minimum standards, and information exchange, especially for critical infrastructure and medium-sized suppliers.

Coalition plans stronger protection for critical infrastructure

The governing coalition is working on additional measures to protect critical infrastructure, including stricter security requirements, better reporting channels, and clear responsibilities. For operators, this is likely to mean higher compliance requirements, more audits, and the need to adapt security and resilience programs to future requirements at an early stage.

Many government requests to email providers apparently unlawful

German email providers Mailbox.org and Posteo report that a significant proportion of official requests for the disclosure of user data are not legally tenable. The providers rejected or contested such requests. The finding is relevant for compliance and data protection officers: it shows that even authorities do not always comply with legal limits when requesting data – and that providers actively monitor this.

AI chatbot misused to attack Mexican authorities

An attacker used the AI chatbot Claude to identify vulnerabilities in the networks of several Mexican government agencies, generate exploits, and automate data theft. The incident shows that generative AI is now also being used for professional attack preparation – with significant implications for threat modeling, monitoring, and AI governance in organizations.

Spain arrests suspected Anonymous Fénix hacktivists

The Spanish Guardia Civil has arrested four suspected members of the Anonymous Fénix group, who carried out DDoS attacks on ministries, political parties, and public institutions in Spain and several South American countries. By dismantling the infrastructure, including social media and Telegram channels, the authorities are sending a signal against politically motivated attacks on government online services.

Cyberattack on EU Commission via mobile device management

At the end of January, attackers compromised a central mobile device management (MDM) system of the EU Commission, presumably via a vulnerability in Ivanti software. Although mobile devices are not believed to have been directly affected, employees' personal data may have been leaked – a warning sign for the protection of MDM infrastructures in public authorities and corporations.

Deutsche Bahn: DDoS attack cripples information systems and app

A cyberattack disrupted key information and information systems at Deutsche Bahn, temporarily preventing travelers from accessing timetable data and app services. The incident highlights the vulnerability of transport IT and the importance of robust emergency and redundancy concepts to ensure operations and customer transparency even in the event of attacks.

Cybercriminals steal employee data from RTL Group's intranet

According to a darknet forum post in February 2026, cybercriminals compromised the RTL Group's intranet and extracted data from more than 27,000 employees. Subsidiaries such as Fremantle and M6 are affected. The published excerpts contain names, work email addresses, company addresses, and some private phone numbers. The media group is currently investigating the incident.

1.2 million French bank customers affected: Attackers steal data

In France, cybercriminals have stolen an official's access data to the national database for bank accounts (FICOBA). This enabled the attackers to access the bank details, identity of the account holder, address, and tax identification number of the customers. The data leak poses a significant risk of identity theft and social engineering attacks.

BSI warns of targeted phishing via Signal Messenger

The BSI and the German Federal Office for the Protection of the Constitution report a campaign in which a state-sponsored actor combines legitimate security features of Signal and similar messengers with social engineering to gain access to chats and contact lists of high-profile targets. Organizations should review their communication policies, account protection, and awareness training for messenger use.

CYROS app to support organizations with cyber intelligence

The cyberintelligence institute (CII) has launched CYROS, an app designed to help companies systematically collect, evaluate, and prioritize cyber threat information. The aim is to integrate cyber intelligence into the daily work of security teams, accelerate decision-making processes, and better orchestrate measures against relevant risks.

Sovereign cloud for classified information from BSI and Schwarz Digits

BSI and Schwarz Digits are cooperating to set up a sovereign cloud infrastructure for classified information up to the “secret” level based on the zero-trust principle and open-source solutions. This provides authorities and critical companies with a European alternative for highly sensitive workloads and reduces their dependence on non-European hyperscalers.

Myra Security has been protecting the Munich Security Conference from cyberattacks for ten years

Since 2016, Myra Security has been securing the digital infrastructure of the Munich Security Conference (MSC) against DDoS attacks, botnets, and database access—so far without a single documented successful attack. In a decade in which the damage caused by cybercrime to the German economy has increased fivefold from €55 billion to €289 billion annually, the partnership underscores the importance of European security-as-a-service providers for high-value targets.

Passwords generated with ChatGPT offer deceptive security

Tests show that passwords generated by ChatGPT often do not achieve the entropy and randomness of real password generators and sometimes follow predictable patterns. Companies should clearly instruct users to use password managers or verified random generators for accounts to make brute force and credential stuffing attacks more difficult.

Myra Security launches EU CAPTCHA as a GDPR-compliant alternative to US services

With EU CAPTCHA, Myra Security provides a CAPTCHA solution developed and operated entirely in Europe that does not require data to be passed on to third parties and is hosted on European servers. The system is trained daily with more than 100 billion CDN signals and can be implemented in less than ten minutes. Independence from US providers such as Google reCAPTCHA is a growing strategic factor, especially for KRITIS operators, e-government portals, and regulated industries.