MATLOCK.CA
62Articles
8Categories
2026-02-25Date
🚨
CISA Adds Two Known Exploited Vulnerabilities to CatalogCISA has added two new vulnerabilities to its  Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation.  CVE-2022-20775  Cisco Catalyst SD-WAN Path Traversal Vulnerability CVE-2026-20127  Cisco Cat…
KEVCISA.GOV — Wed, 25 Feb 26 1
πŸ›
Discord Finds Age Identification May Have Privacy Concerns
CYBERSECURITYTODAY.LIBSYN.COM — 25 Feb 2026
πŸ›
Critical Cisco SD-WAN bug exploited in zero-day attacks since 2023
KEVBLEEPINGCOMPUTER.COM — 25 Feb 2026
πŸ›
SolarWinds Patches 4 Critical Serv-U 15.5 Flaws Allowing Root Code Execution
THEHACKERNEWS.COM — 25 Feb 2026
πŸ›
CISA Confirms Active Exploitation of FileZen CVE-2026-25108 Vulnerability
KEVTHEHACKERNEWS.COM — 25 Feb 2026
πŸ›
CISA and Partners Release Guidance for Ongoing Global Exploitation of Cisco SD-WAN Systems
KEVCISA.GOV — Wed, 25 Feb 26 1
πŸ›
CVE-2026-27199 Werkzeug safe_join() allows Windows special device names
MSRC.MICROSOFT.COM — 25 Feb 2026
πŸ›
CVE-2026-2739 This affects versions of the package bn.js before 5.2.3. Calling maskn(0) on any BN instance corrupts the internal state, causing toString(), divmod(), and other methods to enter an infinite loop, hanging the process indefinitely.
MSRC.MICROSOFT.COM — 25 Feb 2026
πŸ›
CVE-2026-26960 node-tar has Arbitrary File Read/Write via Hardlink Target Escape Through Symlink Chain in Extraction
MSRC.MICROSOFT.COM — 25 Feb 2026
πŸ›
CVE-2026-27211 Cloud Hypervisor: Host File Exfiltration via QCOW Backing File Abuse
MSRC.MICROSOFT.COM — 25 Feb 2026
πŸ›
CVE-2023-53543 vdpa: Add max vqp attr to vdpa_nl_policy for nlattr length check
MSRC.MICROSOFT.COM — 25 Feb 2026
πŸ›
Five Eyes issue emergency directive on exploited Cisco SD-WAN zero-day
KEVCSOONLINE.COM — 25 Feb 2026
πŸ›
ZDI-26-132: Siemens SINEC NMS Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
ZERODAYINITIATIVE.COM — 25 Feb 2026
πŸ›
ZDI-26-131: Siemens SINEC NMS Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
ZERODAYINITIATIVE.COM — 25 Feb 2026
πŸ›
ZDI-26-130: IceWarp collaboration Directory Traversal Information Disclosure Vulnerability
ZERODAYINITIATIVE.COM — 25 Feb 2026
πŸ›
ZDI-26-129: Socomec DIRIS A-40 HTTP API Authentication Bypass Vulnerability
ZERODAYINITIATIVE.COM — 25 Feb 2026
πŸ›
ZDI-26-128: (Pwn2Own) Ubiquiti Networks AI Pro Uncaught Exception Denial-of-Service Vulnerability
ZERODAYINITIATIVE.COM — 25 Feb 2026
πŸ›
ZDI-26-127: (Pwn2Own) Ubiquiti Networks AI Pro Cleartext Transmission Information Disclosure Vulnerability
ZERODAYINITIATIVE.COM — 25 Feb 2026
πŸ›
ZDI-26-126: (Pwn2Own) Ubiquiti Networks AI Pro Discovery Protocol Missing Encryption Protocol Downgrade Vulnerability
ZERODAYINITIATIVE.COM — 25 Feb 2026
πŸ›
ZDI-26-125: Docker Desktop grpcfuse Kernel Module Out-Of-Bounds Read Information Disclosure Vulnerability
ZERODAYINITIATIVE.COM — 25 Feb 2026
πŸ›
ZDI-26-124: claude-hovercraft executeClaudeCode Command Injection Remote Code Execution Vulnerability
ZERODAYINITIATIVE.COM — 25 Feb 2026
⚠️
Medical device maker UFP Technologies warns of data stolen in cyberattack
BLEEPINGCOMPUTER.COM — 25 Feb 2026
⚠️
The OpenClaw Hype: Analysis of Chatter from Open-Source Deep and Dark Web
BLEEPINGCOMPUTER.COM — 25 Feb 2026
⚠️
Google Disrupts UNC2814 GRIDTIDE Campaign After 53 Breaches Across 42 Countries
THEHACKERNEWS.COM — 25 Feb 2026
⚠️
Claude Code Flaws Allow Remote Code Execution and API Key Exfiltration
THEHACKERNEWS.COM — 25 Feb 2026
⚠️
Defense Contractor Employee Jailed for Selling 8 Zero-Days to Russian Broker
THEHACKERNEWS.COM — 25 Feb 2026
⚠️
RoguePilot Flaw in GitHub Codespaces Enabled Copilot to Leak GITHUB_TOKEN
THEHACKERNEWS.COM — 25 Feb 2026
⚠️
US cybersecurity agency CISA reportedly in dire shape amid Trump cuts and layoffs
TECHCRUNCH.COM — 25 Feb 2026
⚠️
Inside the story of the US defense contractor who leaked hacking tools to Russia
TECHCRUNCH.COM — 25 Feb 2026
⚠️
Staying One Step Ahead: Strengthening Android’s Lead in Scam Protection
SECURITY.GOOGLEBLOG.COM — 2026-02-25
⚠️
Microsoft warns of job‑themed repo lures targeting developers with multi‑stage backdoors
CSOONLINE.COM — 25 Feb 2026
⚠️
Boards don’t need cyber metrics β€” they need risk signals
CSOONLINE.COM — 25 Feb 2026
⚠️
Bake Security In Early
YOUTUBE.COM — 2026-02-25
⚠️
VMware Aria Operations Vulnerability Could Allow Remote Code Execution - SecurityWeek
SH.ITJUST.WORKS — 25 Feb 2026
⚠️
Exposing the Undercurrent: Disrupting the GRIDTIDE Global Cyber Espionage Campaign
CLOUD.GOOGLE.COM — 25 Feb 2026
⚠️
mquire: Linux memory forensics without external dependencies
TRAILOFBITS.COM — 25 Feb 2026
⚠️
Risky Business #826 -- A week of AI mishaps and skulduggery
RISKY.BIZ — 25 Feb 2026
πŸ“’
Immediate Action Required: CISA Issues Emergency Directive to Secure Cisco SD-WAN Systems
CISA.GOV — Wed, 25 Feb 26 1
πŸ“’
Governing AI with Security Fundamentals
YOUTUBE.COM — 2026-02-25
πŸ“’
Infinite AI Monkeys, Ploutus, Serv-U, Fortinet, Cyberwar, COBOL, NIST, Aaran Leyland - SWN #558
YOUTUBE.COM — 2026-02-25
πŸ”₯
Poisoning AI Training Data
SCHNEIER.COM — 2026-02-25
πŸ”₯
Chinese cyberspies breached dozens of telecom firms, govt agencies
BLEEPINGCOMPUTER.COM — 25 Feb 2026
πŸ”₯
Marquis sues SonicWall over backup breach that led to ransomware attack
BLEEPINGCOMPUTER.COM — 25 Feb 2026
πŸ”₯
Malicious NuGet Packages Stole ASP.NET Data; npm Package Dropped Malware
THEHACKERNEWS.COM — 25 Feb 2026
πŸ”₯
Canadian Tire - 38,306,562 breached accounts
HAVEIBEENPWNED.COM — 25 Feb 2026
πŸ•΅οΈ
ISC Stormcast For Wednesday, February 25th, 2026 https://isc.sans.edu/podcastdetail/9824, (Wed, Feb 25th)
ISC.SANS.EDU — 25 Feb 2026
πŸ•΅οΈ
Google Reports On Adversarial Use of AI in Late 2025
KNOWBE4.COM — 25 Feb 2026
πŸ•΅οΈ
News alert: One Identity fills CFO-COO role to strengthen operating discipline amid expansion
LASTWATCHDOG.COM — 25 Feb 2026
πŸ•΅οΈ
Ukrainian convicted for helping fake North Korean IT workers
CSOONLINE.COM — 25 Feb 2026
πŸ•΅οΈ
The SOC Is Now Agentic β€” Introducing the Next Evolution of Cortex
PALOALTONETWORKS.COM — 25 Feb 2026
πŸ•΅οΈ
Variations of the ClickFix | Kaspersky official blog
KASPERSKY.COM — 25 Feb 2026
πŸ•΅οΈ
Security as a Business Enabler by Re-envisioning Risk and Leading through Uncertainty - BSW #436
YOUTUBE.COM — 2026-02-25
πŸ•΅οΈ
What are You Working on Wednesday
INFOSEC.PUB — 25 Feb 2026
πŸ•΅οΈ
Malicious NuGet Package Targets Stripe Developers - Infosecurity Magazine
SH.ITJUST.WORKS — 25 Feb 2026
πŸ•΅οΈ
ShinyHunters leak 12.4M CarGurus records after ransom threat
SH.ITJUST.WORKS — 25 Feb 2026
πŸ•΅οΈ
Phishing campaign targets freight and logistics orgs in the US, Europe
SH.ITJUST.WORKS — 25 Feb 2026
🌐
Fake Next.js job interview tests backdoor developer's devices
BLEEPINGCOMPUTER.COM — 25 Feb 2026
πŸ“‘
Weekly Threat Bulletin – February 25th, 2026
F5.COM — 25 Feb 2026
πŸ“‘
SLH Offers $500–$1,000 Per Call to Recruit Women for IT Help Desk Vishing Attacks
THEHACKERNEWS.COM — 25 Feb 2026
πŸ“‘
Top 5 Ways Broken Triage Increases Business Risk Instead of Reducing It
THEHACKERNEWS.COM — 25 Feb 2026
πŸ“‘
Manual Processes Are Putting National Security at Risk
THEHACKERNEWS.COM — 25 Feb 2026
πŸ“‘
$10,000 bounty offered if you can hack Ring cameras to stop them sharing your data with Amazon
BITDEFENDER.COM — 25 Feb 2026