This Week in Cybersecurity: Chrome Exploits, Starbucks Data Breach, Fake VPN Attacks & More
Published by A Faster PC | Managed IT Services & Cybersecurity | Florida's Treasure Coast, Space Coast & South Florida
When did you last update your iPhone, your Chrome browser, your Windows PC? If you can't remember, this post is for you. This week's cybersecurity headlines were unusually serious, and several of the threats making news right now require immediate action — tonight, before you go to bed.
At A Faster PC, we track these threats so that businesses and families across Florida's Treasure Coast, Space Coast, and South Florida don't have to. Here is everything you need to know from this past week, in plain English, with a clear action list at the end.
Take Action Tonight: Two Urgent Security Updates
1. Update Google Chrome Immediately
Google has released emergency security updates to patch two high-severity Chrome vulnerabilities that are already being actively exploited in the wild. These flaws affect Chrome on Windows, Mac, and Linux. Both bugs can be exploited remotely and require only that a user visit a malicious website. Because the attack complexity is low, the vulnerabilities pose a higher real-world risk than most.
How to update Chrome: Go to the three dots in the upper right corner of Chrome → Help → About Google Chrome. It will check for updates automatically. If you see a prompt to restart, do it now.
2. Update Older iPhones and iPads
If you have an iPhone 8, iPhone X, or any older model, this is urgent. Apple has released security updates targeting a set of vulnerabilities being exploited in cyber espionage and crypto theft attacks using the Cortana exploit kit. This toolkit includes 23 individual exploits organized into five complete attack chains, targeting iPhones running iOS versions 13.0 through 17.2.1. It has been described by researchers as nation-state grade. Simply visiting a malicious website on an unpatched device could compromise it.
How to update: Go to Settings → General → Software Update and install the latest version available for your device.
FBI Seeks Victims of Steam Games Loaded With Malware
The FBI's Seattle division is seeking to identify potential victims who installed Steam games embedded with malware. Threat actors are believed to have primarily targeted users between May 2024 and January 2026.
The affected games include: Chemia, Dashverse, DashFPS, Lampy, Lunara, PirateFi, Tokenova, and BlockBlasters.
If you or someone in your household — especially a teenager — downloaded any of these titles, your computer may have been compromised. In one documented case, the malware stole a Microsoft account, blocked Microsoft support from the associated email address, and sent scam links to the victim's contacts.
In one of the most heartbreaking incidents, BlockBlasters stole $32,000 from a streamer named Rainbow POV Nix during a live fundraising stream he was running to help pay for his stage four cancer treatment.
If you think you were affected: Fill out the Seeker Victim Information form at FBI.gov or email steam_malware@fbi.gov. All victims identified will remain confidential.
Starbucks Discloses Employee Data Breach
On February 6th, 2026, Starbucks disclosed that attackers had compromised 889 Starbucks Partners Central accounts — the internal portal employees use to manage personal information, benefits, and HR data.
The exposed data includes:
- Employee names
- Social Security numbers
- Dates of birth
- Financial account numbers and routing numbers
How did it happen? Attackers created websites impersonating the legitimate Partners Central login page — a classic phishing attack. Employees entered their credentials into a fake site that looked completely real.
The lesson for business owners: Your employees are often the easiest way into your business. Training your staff to recognize fake login pages may be the single most important cybersecurity investment you make this year.
Fake VPN Software Is Targeting Business Owners
A threat actor tracked as Storm-2561 is distributing fake enterprise VPN clients impersonating well-known vendors including Avonte, Cisco, and Fortinet. The goal is to steal VPN credentials from unsuspecting business users.
The attackers use a technique called SEO poisoning — manipulating search engine results for queries like "Pulse VPN download" to redirect victims to spoofed websites that closely mimic legitimate software vendors.
Here is what makes this attack especially dangerous: immediately after a user enters their credentials into the fake sign-in page, the application displays an error message claiming the installation failed and instructs the victim to download the real VPN client from the official website. Most users assume the initial failure was a simple technical glitch, never realizing their credentials were just stolen.
The rule: Never search for VPN software on Google and download the first result. Always go directly to the vendor's official website by typing the address yourself.
Other Major Data Breaches This Week
Several other organizations disclosed significant breaches this week:
Loblaw (Canada): The parent company of President's Choice and other major retail brands disclosed a data breach and automatically logged out all account holders as a precaution.
Telus Digital (Canada): This major Canadian telecom firm confirmed a data breach after a hacker claimed to have stolen one petabyte of data from the company.
Ericsson U.S.: Ericsson's U.S. division disclosed a data breach stemming from a hack of a third-party service provider.
England Hockey: The governing body for field hockey in England is investigating a ransomware attack after the AI Lock ransomware gang listed them as a victim on its leak website.
The pattern is unmistakable. No industry, no company, and no country is immune. This week alone, the breach list includes coffee shops, retailers, telecom firms, sports organizations, and technology companies.
AI Is Now Being Used to Write Malware
A new and significant development this week: a malware strain dubbed "Sloppily" — likely created using generative AI tools — allowed a threat actor to remain undetected on a compromised server for more than a week while stealing data in an Interlock ransomware attack.
This matters because AI tools now allow even low-skilled criminals to create sophisticated attacks faster than ever before. The barrier to entry for cybercrime is dropping rapidly.
Supply Chain Attack Hits Thousands of Websites
The Flier Web SDK — used by thousands of websites — was temporarily hijacked this week with malicious code designed to steal cryptocurrency. The injected JavaScript was designed to preserve normal SDK functionality while silently replacing cryptocurrency wallet addresses with the attacker's own wallet in the background.
In plain English: if you sent cryptocurrency through any website running this compromised software during the attack window, your funds may have gone directly to criminals without any visible sign that anything was wrong.
Veeam Backup Software Has Critical Vulnerabilities — Business Owners, Act Now
Veeam Software, whose backup and replication solution is widely used by businesses to protect their data, has patched multiple critical flaws this week. These vulnerabilities could allow attackers to execute remote code on backup servers.
This is particularly dangerous because ransomware gangs specifically target backup servers — deleting backups before launching their attacks to make recovery impossible.
If your business uses Veeam, contact your IT provider today.
Microsoft Patch Tuesday: 79 Flaws Patched
This week's Microsoft Patch Tuesday addressed 79 flaws, including two publicly disclosed zero-day vulnerabilities — one in SQL Server and one in Darknet. We have published a full deep-dive on this month's patches in a separate post and video. View our full breakdown of the security vulnerabilities and updates today.
Quick Headlines
Sox Escort Disrupted: The FBI and European law enforcement agencies disrupted a major cybercrime network called Sox Escort, seizing infrastructure used by criminals to disguise their online identities. UK police sinkholed 45,000 IP addresses linked to cybercrime organizations.
Meta Anti-Scam Features: Meta rolled out new anti-scam features across WhatsApp, Facebook, and Messenger — good news for anyone who has been targeted by scam messages on these platforms.
EU Bank Refund Ruling: An EU court adviser ruled that banks in Europe may be required to immediately refund victims of phishing attacks, a decision that could have significant implications for consumers across the continent.
Your Cybersecurity Action List for This Week
1. Update Google Chrome right now. Go to Settings → About Chrome → restart if prompted.
2. Update older iPhones and iPads. Go to Settings → General → Software Update → install the latest version.
3. Apply Microsoft Windows updates. If you haven't applied this month's Patch Tuesday updates, do it today.
4. Business owners: stop your employees from Googling software. Make sure your team knows to go directly to vendor websites — never download from a search result. Also verify that your Veeam backup software is updated immediately.
5. Check the Steam malware game list. If anyone in your household played Steam games between 2024 and early 2026, verify they did not install any of the affected titles. If they did, contact the FBI's Seattle office.
6. Watch for phishing emails. Starbucks, major VPN vendors, and countless others are being impersonated right now to steal credentials. When in doubt, don't click — go directly to the official website.
Feeling Overwhelmed? You Don't Have to Handle This Alone.
Cybersecurity is moving faster than ever, and keeping up with it while running a business or just living your daily life is genuinely hard.
That is exactly why businesses and families across Florida's Treasure Coast, Space Coast, and South Florida are turning to A Faster PC.
A Faster PC is a local managed services provider (MSP) that handles cybersecurity monitoring, system updates, threat response, and much more — so you don't have to do it yourself. Whether you're a small business owner who can't afford a full-time IT department, or a home user who simply wants to know your computer is protected, we have solutions built for you.
📞 Call us: (772) 878-5978 🌐 Visit us: AFasterPC.com 📋 Schedule a free discovery call and download our free cybersecurity report.
When you have — or want to prevent — cybersecurity problems, you need A Faster PC.
Watch our YouTube Video: Update These 3 Things Tonight or Risk Getting Hacked
About A Faster PC:
A Faster PC is a leading managed services provider (MSP) serving Florida's Treasure Coast, Space Coast, and South Florida. We provide comprehensive IT support, advanced cybersecurity solutions, patch management, computer repair, and technical support for accounting offices, attorney's offices, medical offices, dental offices, professional offices, small to medium sized businesses, non-profits, churches, home office users, and individuals throughout the regions.
Every week at 10:07 AM EST, A Faster PC hosts A Faster PC Live Technical Support which is a live Radio Show that is livestreamed to YouTube and Facebook and is available as a podcast. For various ways to listen to and watch A Faster PC Live Technical support, visit https://www.afasterpc.com/live-technical-support/.
A Faster PC services the following counties and cities: St. Lucie County including: Port St. Lucie, Fort Pierce, St. Lucie West, Tradition, St. Lucie Village; Martin County including: Stuart, Jensen Beach, Jupiter Island, Ocean Breeze Park, and Sewall's Point; Indian River County: including Vero Beach, Sebastian, Fellsmere, Indian River Shores; Palm Beach County including: Jupiter, Jupiter Inlet Colony, Juno Beach, Tequesta, Palm Beach Gardens, North Palm Beach, Palm Beach Shores, Riviera Beach, West Palm Beach, Wellington, Royal Palm Beach, Greenacres, Lake Worth Beach, Lantana, Boynton Beach, Ocean Ridge, Briny Breezes, Gulf Stream, Delray Beach, Highland Beach, and Boca Raton; Broward County including: Fort Lauderdale, Hollywood, Pompano Beach, Coral Springs, Pembroke Pines, Miramar, Davie, Plantation, Sunrise, Deerfield Beach, Lauderhill, Weston, Tamarac, Coconut Creek, Margate, Lauderdale Lakes, Oakland Park, Hallandale Beach, Cooper City, Wilton Manors, Lighthouse Point, Parkland, Lauderdale-by-the-Sea, Sea Ranch Lakes, Lazy Lake, Hillsboro Beach, Southwest Ranches, North Lauderdale, Dania Beach; Miami-Dade County including: Miami, Miami Beach, Hialeah, Miami Gardens, Coral Gables, Homestead, Doral, North Miami, Aventura, Kendall, Cutler Bay, Sunny Isles Beach, Key Biscayne, Pinecrest, Surfside, Bal Harbour, North Miami Beach, Palmetto Bay, Miami Springs, Opa-locka, Miami Lakes, Florida City, South Miami, Sweetwater, West Miami, Bay Harbor Islands, Biscayne Park, El Portal, Golden Beach, Hialeah Gardens, Indian Creek, Medley, North Bay Village, and Virginia Gardens; and Okeechobee County including: Okeechobee, Taylor Creek, Cypress Quarters, Fort Drum, and Basinger.
