February 2026 Browser Security: Microsoft Edge Updates & Critical 0-Day Patches

EDR, Email, and SASE Miss This Entire Class of Browser Attacks

• EDR, email security, and SASE tools fail to detect sophisticated browser-level attacks.
• Attack vectors include ClickFix social engineering, malicious extensions, Man-in-the-Browser, and HTML smuggling.
• Organizations need critical browser-level security observability to counter these emerging threats.

Source: BleepingComputer | Date: February 06, 2026

China warns of security risks linked to OpenClaw open-source AI agent

• Chinese authorities issued a warning regarding the OpenClaw open-source AI agent.
• The agent presents security vulnerabilities, creating potential for exploitation.
• The advisory highlights rising concerns over advanced AI technology security implications.

Source: Reuters | Date: February 05, 2026

Microsoft Edge Rolls Out Enhanced Autofill Capabilities for Improved User Experience

• Microsoft Edge is introducing an enhanced Autofill feature, designed to help users complete web forms more quickly and efficiently across websites.
• This update aims to improve the browser's ability to intelligently recognize and suggest personal information for form fields, reducing manual data entry.
• The feature is set to begin rolling out in Public Preview by March 2026, offering users a more seamless browsing experience.

Source: Microsoft 365 Roadmap | Date: February 11, 2026

Critical SandboxJS Vulnerability Enables Remote Host Takeover, PoC Released

• A critical vulnerability has been identified in SandboxJS, a JavaScript sandboxing library, allowing for remote host takeover due to insufficient input sanitization.
• The flaw primarily impacts environments utilizing SandboxJS in conjunction with NodeJS, potentially enabling attackers to execute arbitrary code outside the intended sandbox.
• Security researchers have released a Proof-of-Concept (PoC) exploit, underscoring the urgency for developers to review and update their SandboxJS implementations to mitigate risk.

Source: Cybersecurity News | Date: February 11, 2026

Actively Exploited MSHTML Framework 0-Day Bypasses Security

• A zero-day vulnerability within the Microsoft MSHTML framework, a component still utilized by parts of Windows and Internet Explorer, has been confirmed as actively exploited in the wild.
• This critical flaw allows attackers to bypass existing security features, potentially leading to unauthorized access or the execution of malicious code when specially crafted web content is rendered.
• Immediate application of the latest Microsoft security updates is crucial for all affected systems to protect against the risks associated with this exploited vulnerability.

Source: Cybersecurity News | Date: February 11, 2026

Microsoft February 2026 Patch Tuesday Addresses Six Actively Exploited Zero-Days

• Microsoft's February 2026 Patch Tuesday addressed a total of 59 vulnerabilities, prominently featuring fixes for six zero-day flaws that were actively exploited in the wild.
• The updates include critical patches for multiple remote code execution (RCE) and elevation of privilege (EoP) vulnerabilities impacting various Windows components and Microsoft products.
• Users are strongly advised to install these crucial security updates without delay to defend against ongoing exploitation campaigns leveraging these zero-day vulnerabilities.

Source: The Hacker News | Date: February 11, 2026

February 2026 Patch Tuesday Fixes Six Critical Exploited Zero-Days

• Microsoft's February 2026 Patch Tuesday update patched six zero-day vulnerabilities that had been actively exploited in various attack scenarios prior to their disclosure.
• These exploited flaws encompass issues related to Windows Desktop Window Manager (DWM), Microsoft Word, and multiple Windows SmartScreen bypasses, including CVE-2026-21396 and CVE-2026-21404.
• The patches are designed to mitigate threats ranging from elevation of privilege to remote code execution, highlighting the critical need for immediate deployment across all enterprise and personal environments.

Source: Help Net Security | Date: February 11, 2026

CISA Adds Six Microsoft Zero-Days to Known Exploited Vulnerabilities Catalog

• The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added six actively exploited Microsoft zero-day vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog.
• This inclusion mandates federal civilian executive branch agencies to patch these critical flaws by a specific deadline, typically within a two-week timeframe, to protect against immediate threats.
• The vulnerabilities, addressed in Microsoft's February 2026 Patch Tuesday, pose significant risks across Windows, Office, and browser-related SmartScreen components due to their active exploitation.

Source: Cybersecurity News | Date: February 11, 2026

CrowdStrike Analysis of February 2026 Patch Tuesday Highlights SmartScreen Bypasses

• CrowdStrike's comprehensive analysis of the February 2026 Patch Tuesday identified six actively exploited zero-day vulnerabilities among a total of 59 patched CVEs.
• Notable browser-adjacent fixes highlighted include CVE-2026-21396 and CVE-2026-21404, both classified as Windows Defender SmartScreen Security Feature Bypass vulnerabilities, often triggered by malicious web content.
• These critical patches are essential for mitigating risks associated with attackers bypassing security warnings and protections within web browsers and related operating system components.

Source: CrowdStrike | Date: February 11, 2026

Microsoft Patches Six Actively Exploited Flaws in Windows, Word, and Internet Explorer

• Microsoft released crucial security updates addressing six actively exploited vulnerabilities across its product suite, specifically mentioning critical flaws in Windows, Microsoft Word, and Internet Explorer.
• The patches target vulnerabilities that could lead to severe consequences such as unauthorized access, privilege escalation, or remote code execution, impacting various user environments.
• Users are urged to install these updates immediately to protect against ongoing threats, particularly concerning legacy components like Internet Explorer still present in some systems.

Source: Security.nl | Date: February 11, 2026

CISA Updates KEV Catalog with Additional Microsoft Office and Windows Exploited Flaws

• The U.S. CISA has added several Microsoft Office and Windows flaws to its Known Exploited Vulnerabilities (KEV) catalog, emphasizing their active exploitation in the wild.
• This action follows Microsoft's February Patch Tuesday, highlighting the critical nature of these vulnerabilities and the immediate need for organizations to implement mitigation strategies.
• Organizations, particularly federal agencies, are required to address these newly added KEV entries by an upcoming deadline to protect against prevalent state-sponsored and criminal threats.

Source: Security Affairs | Date: February 11, 2026

References

1. Microsoft Copilot (Microsoft 365): Reference webpages when creating a presentation with Agent Mode in PowerPoint - Microsoft 365 Roadmap
2. Critical SandboxJS Vulnerability Allows Remote Host Takeover – PoC Released - Cybersecurity News
3. MSHTML Framework 0-Day Vulnerability Let Attackers Security Feature over Network - Cybersecurity News
4. Microsoft Patches 59 Vulnerabilities Including Six Actively Exploited Zero-Days - The Hacker News
5. Microsoft Patch Tuesday: 6 exploited zero-days fixed in February 2026 - Help Net Security
6. CISA Adds Six Microsoft 0-Day Vulnerabilities to KEV Catalog Following Active Exploitation - Cybersecurity News
7. February 2026 Patch Tuesday: Six Zero-Days Among 59 CVEs Patched - CrowdStrike
8. Microsoft dicht zes aangevallen lekken in Word, Windows en Internet Explorer - Security.nl
9. U.S. CISA adds Microsoft Office and Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog - Security Affairs