Microsoft February 2026 Patch Tuesday: 6 in‑the‑wild zero‑days, 50+ vulnerabilities, heavy on elevation‑of‑privilege and security feature bypass (SmartScreen/MoTW, Office/OLE, MSHTML).
CVE‑2026‑1731 in BeyondTrust Remote Support / Privileged Remote Access: pre‑auth RCE on a privileged access gateway, now on CISA KEV and actively exploited.
Critical vulns in WordPress plugins and SmarterMail turning “just the blog/mail server” into a realistic pivot into internal systems.
How to wire SAST/SCA/DAST/IAST around these: KEV‑driven SLAs, treating remote support / RDS / WordPress / mail as first‑class AppSec surfaces.
Audience: DevSecOps, AppSec, and platform teams who care about pipelines, SLAs, and realistic attacker paths (not just theoretical bugs).