🚨 CISA KEV 1[−]
12 Feb KEVCISA Adds Four Known Exploited Vulnerabilities to CatalogCISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2024-43468 Microsoft Configuration Manager SQL Injection Vulnerability CVE-2025-15556 Notepad++ Download of Code Without Integrity Check Vu…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 26[−]
12 FebCVE-2026-20841 Windows Notepad App Remote Code Execution VulnerabilityAdded an FAQ and updated the CVSS score. This is an informational change only.MSRC.MICROSOFT.COM
12 FebZDI-26-094: Schneider Electric EcoStruxure Power Build SSD File Parsing Use-After-Free Remote Code Execution VulnerabilityThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Build. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZD…ZERODAYINITIATIVE.COM
12 FebZDI-26-093: Schneider Electric EcoStruxure Power Build SSD File Parsing Use-After-Free Remote Code Execution VulnerabilityThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Build. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZD…ZERODAYINITIATIVE.COM
12 FebZDI-26-092: Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution VulnerabilityThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Build. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZD…ZERODAYINITIATIVE.COM
12 FebZDI-26-091: Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution VulnerabilityThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Build. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZD…ZERODAYINITIATIVE.COM
12 FebZDI-26-090: Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution VulnerabilityThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Build. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZD…ZERODAYINITIATIVE.COM
12 FebZDI-26-089: Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution VulnerabilityThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Build. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZD…ZERODAYINITIATIVE.COM
12 FebZDI-26-088: Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution VulnerabilityThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Build. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZD…ZERODAYINITIATIVE.COM
12 FebZDI-26-087: Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution VulnerabilityThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Build. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZD…ZERODAYINITIATIVE.COM
12 FebZDI-26-086: Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution VulnerabilityThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Build. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZD…ZERODAYINITIATIVE.COM
12 FebZDI-26-085: Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution VulnerabilityThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Build. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZD…ZERODAYINITIATIVE.COM
12 FebZDI-26-084: Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution VulnerabilityThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Build. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZD…ZERODAYINITIATIVE.COM
12 FebZDI-26-083: Microsoft Windows searchConnector-ms NTLM Response Information Disclosure VulnerabilityThis vulnerability allows remote attackers to disclose NTLM responses on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS ra…ZERODAYINITIATIVE.COM
12 FebZDI-26-082: Microsoft Exchange InterceptorSmtpAgent Reliance on Untrusted Inputs Security Feature Bypass VulnerabilityThis vulnerability allows remote attackers to bypass a security feature on affected installations of Microsoft Exchange. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 5.3. The following CVEs are assigned: CVE-2026-21527.ZERODAYINITIATIVE.COM
12 FebZDI-26-081: Microsoft Windows win32kfull Use-After-Free Local Privilege Escalation VulnerabilityThis vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS ratin…ZERODAYINITIATIVE.COM
12 FebZDI-26-080: Ivanti Endpoint Manager AuthHelper Authentication Bypass VulnerabilityThis vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Endpoint Manager. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.6. The following CVEs are assigned: CVE-2026-1603.ZERODAYINITIATIVE.COM
12 FebZDI-26-079: Ivanti Endpoint Manager ROI SQL Injection Remote Code Execution VulnerabilityThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2026-1602.ZERODAYINITIATIVE.COM
12 FebZDI-26-078: Deciso OPNsense diag_backup.php filename Command Injection Remote Code Execution VulnerabilityThis vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Deciso OPNsense. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.8. The following CVEs are assigned: CVE-2026-2035.ZERODAYINITIATIVE.COM
12 FebZDI-26-077: GFI Archiver MArc.Store Missing Authorization Authentication Bypass VulnerabilityThis vulnerability allows remote attackers to bypass authentication on affected installations of GFI Archiver. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.3. The following CVEs are assigned: CVE-2026-2039.ZERODAYINITIATIVE.COM
12 FebZDI-26-076: GFI Archiver MArc.Store Deserialization of Untrusted Data Remote Code Execution VulnerabilityThis vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The ZDI has assigned a CVSS rating of 8.8. The…ZERODAYINITIATIVE.COM
12 FebZDI-26-075: GFI Archiver MArc.Core Missing Authorization Authentication Bypass VulnerabilityThis vulnerability allows remote attackers to bypass authentication on affected installations of GFI Archiver. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.3. The following CVEs are assigned: CVE-2026-2038.ZERODAYINITIATIVE.COM
12 FebZDI-26-074: GFI Archiver MArc.Core Deserialization of Untrusted Data Remote Code Execution VulnerabilityThis vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The ZDI has assigned a CVSS rating of 8.8. The…ZERODAYINITIATIVE.COM
12 FebZDI-26-073: Nagios Host zabbixagent_configwizard_func Command Injection Remote Code Execution VulnerabilityThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2026-2041.ZERODAYINITIATIVE.COM
12 FebZDI-26-072: Nagios Host esensors_websensor_configwizard_func Command Injection Remote Code Execution VulnerabilityThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2026-2043.ZERODAYINITIATIVE.COM
12 FebZDI-26-071: Nagios Host monitoringwizard Command Injection Remote Code Execution VulnerabilityThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2026-2042.ZERODAYINITIATIVE.COM
12 FebVU#504749: PyMuPDF path traversal and arbitrary file write vulnerabilitiesOverview A path traversal vulnerability leading to arbitrary file write exist in PyMuPDF version 1.26.5, within the ‘embedded_get’ function in ‘ main .py’. This vulnerability is caused by improper handling of untrusted embedded file metadata, which is used directly as an output p…KB.CERT.ORG
⚠️ VULNERABILITY DISCLOSURE 2[−]
12 FebPolish hacker charged seven years after massive Morele.net data breachA 29-year-old Polish man has been charged in connection with a data breach that exposed the personal details of around 2.5 million customers of the popular Polish e-commerce website Morele.net. Read more in my article on the Hot for Security blog.BITDEFENDER.COM
12 Feb KEVGTIG AI Threat Tracker: Distillation, Experimentation, and (Continued) Integration of AI for Adversarial UseIntroduction In the final quarter of 2025, Google Threat Intelligence Group (GTIG) observed threat actors increasingly integrating artificial intelligence (AI) to accelerate the attack lifecycle, achieving productivity gains in reconnaissance, social engineering, and malware deve…CLOUD.GOOGLE.COM
🔥 INCIDENT REPORTING 3[−]
12 FebUrgent warnings from UK and US cyber agencies after Polish energy grid attackA coordinated cyberattack that targeted Poland's energy infrastructure in late December 2025 has prompted cybersecurity agencies to issue urgent warnings to critical national infrastructure operators on both sides of the Atlantic. Read more in my article on the Fortra blog.FORTRA.COM
12 FebNaming and shaming: How ransomware groups tighten the screws on victimsWhen corporate data is exposed on a dedicated leak site, the consequences linger long after the attack fades from the news cycleWELIVESECURITY.COM
12 FebState of Security Report | Recorded FutureDownload Recorded Future's 2026 State of Security report which provides comprehensive threat intelligence on geopolitical fragmentation, state-sponsored operations, ransomware evolution, and emerging technology risk.RECORDEDFUTURE.COM
🕵️ THREAT INTELLIGENCE 5[−]
12 FebDetecting and mitigating common agent misconfigurationsAgents are increasingly powerful. With that power comes risk: small misconfigurations, over‑broad sharing, unauthenticated access, and weak orchestration controls can create real exposure. This article consolidates the most common risks we observe and maps each to practical detec…MICROSOFT.COM
12 FebYour complete guide to Microsoft experiences at RSAC™ 2026 ConferenceMicrosoft Security returns to RSAC Conference to show how Frontier Firms—organizations that are human-led and agent-operated—can stay ahead. The post Your complete guide to Microsoft experiences at RSAC™ 2026 Conference appeared first on Microsoft Security Blog .MICROSOFT.COM
12 FebSmashing Security podcast #454: AI was not plotting humanity’s demise. Humans wereAI bots are having existential crises, inventing religions, and allegedly plotting against humanity... or so the internet would have you believe. We dig into Moltbook, the “AI-only” social network that sent Twitter into a meltdown, attracted breathless talk of the singularity, an…GRAHAMCLULEY.COM
12 FebWhen Security Becomes an AfterthoughtAs AI deployment races ahead, security scrambles to keep up. Nikesh Arora on why AI's biggest risk is treating security as an afterthought. The post When Security Becomes an Afterthought appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
12 FebFragmentation Defined 2025's Threat Landscape. Here's What It Means for 2026The global threat landscape didn't simplify in 2025 — it shattered. The 2026 State of Security report represents Insikt Group's most comprehensive threat intelligence analysis to date, drawing on proprietary intelligence, network telemetry, and deep geopolitical research to help …RECORDEDFUTURE.COM
🌐 CYBER THREAT LANDSCAPE 1[−]
12 FebI bought, I saw, I attended: a quick guide to staying scam-free at the Olympics | Kaspersky official blogKaspersky experts have uncovered fraudulent schemes targeting the Winter Olympics in Italy. Here’s how to stay protected.KASPERSKY.COM