From Feb 18–25, 2026, fintech signals stayed mixed but actionable: incumbents kept investing in core modernization, stablecoins continued edging into regulated experimentation, and infrastructure players used earnings to validate steady enterprise demand. At the same time, the week reinforced that PII-heavy breaches and remote-support exploitationremain high-probability threats for any fintech running fast growth on complex vendor stacks.
Bonus at the end: WHAT REGULATORS SEE WHEN THEY AUDIT YOUR FINTECH — The Examination Perspective (a practical lens on how supervisors evaluate governance, controls, and evidence).
Macro & Micro Trends in Fintech
- UK stablecoins move from theory to sandbox pilots (Revolut selected).
The FCA’s sandbox momentum signals the UK is getting serious about stablecoin use-cases in payments/settlement—while “licence limbo” still shapes what’s possible near-term. (Financial Times)
Source: Financial Times — Revolut wins FCA backing for stablecoin testing despite licence limbo - Circle’s profit surge underscores stablecoin demand as a payments rail.
USDC circulation growth and revenue expansion reinforce the “stablecoins as infrastructure” trend—along with the need to diversify away from rate-driven interest income. (The Wall Street Journal)
Source: The Wall Street Journal — Circle Internet’s quarterly profit surges on stablecoin demand - Digital euro economics: ECB estimates €4–6B cost burden for EU banks (4 years).
The numbers are a reminder that CBDCs aren’t just policy—they’re a multi-year IT build that will compete with banks’ core modernization budgets. (Reuters)
Source: Reuters — Digital euro to cost EU banks €4–6B over 4 years, ECB estimates - Payments processors show steady enterprise demand (Global Payments results + outlook).
Healthy profit and forecast commentary suggests merchant/payments modernization remains durable even as rates and consumer spend fluctuate. (Reuters)
Source: Reuters — Global Payments’ shares surge on quarterly profit rise, strong annual forecast - Banking tech spend stays “healthy” as FIS posts higher profit (Banking Solutions lift).
The print matters for fintech because it reflects ongoing core-tech investment cycles (and bank M&A) that can accelerate platform consolidation. (Reuters)
Source: Reuters — Payments processor FIS posts higher profit on boost from banking solutions unit
Security & Cyber Trends
- Figure breach impacts ~1M customers (names, DOBs, contact + address data).
Large-scale PII exposure drives second-order risk: targeted phishing, account takeover attempts, and helpdesk/social-engineering escalation. (TechCrunch)
Source: TechCrunch — Data breach at fintech giant Figure affects close to a million customers - PayPal confirms breach and fraud tied to exposed data (password resets).
The recurring theme: credential reuse + identity data exposure → fast monetization through fraudulent transactions. (Forbes)
Source: Forbes — PayPal data breach confirmed—money was stolen, passwords reset - BeyondTrust Remote Support/PRA flaw exploited in ransomware attacks.
Remote-support tooling is a privilege jackpot: compromise can cascade into broad access across endpoints, servers, and admin workflows. (SecurityWeek)
Source: SecurityWeek — BeyondTrust vulnerability exploited in ransomware attacks - New Android trojan “Massiv” targets mobile banking via device-takeover tactics.
DTO-style fraud continues to scale: malware + social engineering can bypass “strong auth” by controlling the device itself. (The Hacker News)
Source: The Hacker News — Fake IPTV apps spread Massiv Android malware targeting mobile banking users - Google disrupts China-linked “Gallium” campaign that hit 53 orgs across 42 countries.
Even when fintech isn’t the direct target, global espionage activity increases downstream risk via telecoms, government systems, and shared vendors. (Reuters)
Source: Reuters — Google disrupts Chinese-linked hackers that attacked 53 groups globally
Startups, Funding & Product Innovations
- Xflow raises $16.6M Series A to expand B2B cross-border payments.
Notable because it blends payments infrastructure + distribution support from major fintech incumbents/investors. (PayPal Newsroom)
Source: PayPal Newsroom — Xflow raises $16.6M Series A - Rowspace launches with a $50M round led by Sequoia (AI platform for financial data “alpha”).
A signal that “AI for finance workflows” is pulling in top-tier capital—especially where proprietary data can become a moat. (Fortune)
Source: Fortune — Rowspace raises $50M led by Sequoia - RegTech Copla raises €6M Series A for European compliance navigation.
Compliance automation remains investable—especially as EU rule complexity keeps rising across payments, crypto, and bank/fintech obligations. (Financial IT)
Source: Financial IT — RegTech Copla raises €6M Series A - Neobank Rizon raises $2M pre-seed to scale “global USD accounts” demand.
Another datapoint that multi-currency, cross-border “dollar account” utility remains sticky for earners, freelancers, and global SMB flows. (Financial IT)
Source: Financial IT — Neobank Rizon raises $2M pre-seed - Forbes Fintech 50 (2026): investor appetite returns (+35% VC growth in 2025 cited).
The list frames where capital is concentrating—B2B banking stacks, risk, fraud, infrastructure, and “boring but essential” fintech rails. (Forbes)
Source: Forbes — The 50 Hottest Fintech Startups in 2026
Final Words
The common thread this week: trust is the product—and it’s defended with measurable controls, not narratives. As stablecoin rails mature, compliance costs rise, and threat actors keep targeting the easiest administrative footholds, the winners in 2026 will be the teams who can ship quickly while staying audit-ready and incident-resilient. If you want a practical assessment of where attackers can pivot—APIs, auth, partner integrations, back-office tooling, and third-party exposure—ONSEC can help with fintech-focused penetration testing and a prioritized remediation plan your engineering team can execute fast.
BOOK A CALL WITH ONSEC
Fintech Cyber Weekly 
Leave a comment