Executive Summary In February 2026, over 60 leading software vendors, including Microsoft , SAP , Intel , and Adobe , issued critical security updates addressing a broad spectrum of vulnerabilities across operating systems, cloud services, and network platforms. This unprecedented, coordinated patch release cycle targets both newly discovered and actively exploited zero-day vulnerabilities, with several flaws already leveraged by advanced persistent threat (APT) groups for initial access, privilege escalation, and lateral movement within enterprise environments. The vulnerabilities span a diverse array of products, from core operating system components and cloud orchestration tools to business-critical enterprise applications and creative software suites. This advisory provides a comprehensive technical breakdown of the most significant vulnerabilities, exploitation trends, APT group activity, affected product versions, and actionable mitigation strategies. Executives and technical teams alike should prioritize rapid patch deployment and continuous monitoring to mitigate the heightened risk posed by these vulnerabilities. Technical Information The February 2026 patch cycle is notable for its breadth and severity, with over 60 vendors releasing security fixes. The most critical vulnerabilities are concentrated in products from Microsoft , SAP , Intel , and Adobe , but the update wave also includes security advisories from vendors such as Apple , Cisco , Google , VMware , Fortinet , Check Point , Linux distributions (including Red Hat , Ubuntu , SUSE , Debian ), Zoom , Mozilla , SolarWinds , and many others. Microsoft Microsoft addressed 59 vulnerabilities, including six zero-days confirmed as actively exploited in the wild. These vulnerabilities affect a wide range of components, including Windows Shell , MSHTML Framework , Microsoft Word , Desktop Window Manager , Windows Remote Access Connection Manager , and Windows Remote Desktop Services . The zero-days, such as those tracked as CVE-2026-21510 , CVE-2026-21513 , CVE-2026-21514 , CVE-2026-21519 , CVE-2026-21525 , and CVE-2026-21533 , enable attackers to bypass security features, escalate privileges, execute arbitrary code, and trigger denial-of-service conditions. The affected product versions include Windows 10 (22H2, 21H2, 1809 LTSC), Windows 11 (23H2, 22H2, 21H2), Microsoft Office (2016, 2019, 2021, Microsoft 365 Apps for Enterprise, Office for Mac), Microsoft Exchange Server (2016, 2019), Microsoft Edge (Chromium-based) , and a variety of Azure services and developer tools. SAP SAP released patches for several high-severity vulnerabilities, most notably CVE-2026-0488 (CVSS 9.9) and CVE-2026-0509 (CVSS 9.6). CVE-2026-0488 is a code injection flaw in SAP CRM and SAP S/4HANA (Scripting Editor), allowing authenticated attackers to execute arbitrary SQL and potentially compromise the entire database. CVE-2026-0509 is a missing authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform , enabling low-privileged users to perform unauthorized background Remote Function Calls (RFCs). The affected versions span a wide range of SAP modules, including S4FND , SAP_ABA , WEBCUIF , KRNL64NUC , KRNL64UC , KERNEL , SAP_BASIS , SCMAPO , SAP_APPL , S4CORE , and others. Mitigation requires kernel updates, profile parameter changes, and review of user roles and UCON settings. Intel Intel addressed multiple vulnerabilities in its Trust Domain Extensions (TDX) 1.5 module, including CVE-2025-32007 , CVE-2025-27940 , CVE-2025-30513 , CVE-2025-27572 , and CVE-2025-32467 . These flaws introduce new attack surfaces in confidential computing environments, potentially allowing privilege escalation or data leakage. The vulnerabilities affect all TDX module versions prior to 1.5.24, particularly on 4th and 5th Generation Intel Xeon Scalable processors with TDX enabled. Adobe Adobe released security updates for 44 vulnerabilities across products such as Audition , After Effects , InDesign Desktop , Substance 3D Designer , Substance 3D Stager , Bridge , Lightroom Classic , and DNG SDK . Of these, 27 are rated critical, with the potential for arbitrary code execution. The affected versions include Audition 24.2 and earlier , After Effects 24.1 and earlier , InDesign Desktop 19.1 and earlier , Substance 3D Designer 13.0.1 and earlier , Substance 3D Stager 2.1.2 and earlier , Bridge 14.0.4 and earlier , Substance 3D Modeler 1.4.1 and earlier , Lightroom Classic 13.1 and earlier , and DNG SDK 1.6 and earlier . Other Vendors A wide array of additional vendors released security updates, including ABB , AWS , AMD , AMI , Apple , ASUS , AutomationDirect , AVEVA , Broadcom (VMware) , Canon , Check Point , Cisco , Citrix , Commvault , ConnectWise , D-Link , Dassault Systèmes , Dell , Devolutions , dormakaba , Drupal , F5 , Fortinet , Foxit , FUJIFILM , Fujitsu , Gigabyte , GitLab , Google (Android, Chrome, Cloud, Pixel), Grafana , Hikvision , Hitachi Energy , HP , HPE (Arub