62Articles
8Categories
2026-02-25Date
🚨 CISA KEV 1[−]
25 Feb KEVCISA Adds Two Known Exploited Vulnerabilities to CatalogCISA has added two new vulnerabilities to its  Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation.  CVE-2022-20775  Cisco Catalyst SD-WAN Path Traversal Vulnerability CVE-2026-20127  Cisco Cat…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 20[−]
25 FebDiscord Finds Age Identification May Have Privacy ConcernsDiscord Drops Persona Age Verification, SolarWinds Serv-U Critical RCEs, Splunk Windows Priv Esc, and Smart TV Screenshot Surveillance Lawsuits In this episode of Cybersecurity Today, host Jim Love covers Discord ending its age-verification experiment with Persona after user back…CYBERSECURITYTODAY.LIBSYN.COM
25 Feb KEVCritical Cisco SD-WAN bug exploited in zero-day attacks since 2023Cisco is warning that a critical authentication bypass vulnerability in Cisco Catalyst SD-WAN, tracked as CVE-2026-20127, was actively exploited in zero-day attacks that allowed remote attackers to compromise controllers and add malicious rogue peers to targeted networks. [...]BLEEPINGCOMPUTER.COM
25 FebSolarWinds Patches 4 Critical Serv-U 15.5 Flaws Allowing Root Code ExecutionSolarWinds has released updates to address four critical security flaws in its Serv-U file transfer software that, if successfully exploited, could result in remote code execution. The vulnerabilities, all rated 9.1 on the CVSS scoring system, are listed below - CVE-2025-40538 - …THEHACKERNEWS.COM
25 Feb KEVCISA Confirms Active Exploitation of FileZen CVE-2026-25108 VulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a recently disclosed vulnerability in FileZen to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2026-25108 (CVSS v4 scor…THEHACKERNEWS.COM
25 Feb KEVCISA and Partners Release Guidance for Ongoing Global Exploitation of Cisco SD-WAN SystemsThe purpose of this Alert is to provide resources for organizations with Cisco Software-Defined Wide-Area Networking (SD-WAN) systems, including Federal Civilian Executive Branch (FCEB) agencies, to address ongoing exploitation of multiple vulnerabilities. Notably, the Cybersecur…CISA.GOV
25 Feb KEVFive Eyes issue emergency directive on exploited Cisco SD-WAN zero-dayCybersecurity agencies across the Five Eyes alliance have issued an emergency directive warning that a critical Cisco SD-WAN vulnerability is being actively exploited to gain unauthorized access to federal networks. Officials confirmed that threat actors are targeting core SD-WAN…CSOONLINE.COM
25 FebZDI-26-132: Siemens SINEC NMS Uncontrolled Search Path Element Local Privilege Escalation VulnerabilityThis vulnerability allows local attackers to escalate privileges on affected installations of Siemens SINEC NMS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS ratin…ZERODAYINITIATIVE.COM
25 FebZDI-26-131: Siemens SINEC NMS Uncontrolled Search Path Element Local Privilege Escalation VulnerabilityThis vulnerability allows local attackers to escalate privileges on affected installations of Siemens SINEC NMS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS ratin…ZERODAYINITIATIVE.COM
25 FebZDI-26-130: IceWarp collaboration Directory Traversal Information Disclosure VulnerabilityThis vulnerability allows remote attackers to disclose sensitive information on affected installations of IceWarp. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2026-2493.ZERODAYINITIATIVE.COM
25 FebZDI-26-129: Socomec DIRIS A-40 HTTP API Authentication Bypass VulnerabilityThis vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Socomec DIRIS A-40 power monitoring devices. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.3. The following CVEs are …ZERODAYINITIATIVE.COM
25 FebZDI-26-128: (Pwn2Own) Ubiquiti Networks AI Pro Uncaught Exception Denial-of-Service VulnerabilityThis vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Ubiquiti Networks AI Pro. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.5. The following CVEs are assi…ZERODAYINITIATIVE.COM
25 FebZDI-26-127: (Pwn2Own) Ubiquiti Networks AI Pro Cleartext Transmission Information Disclosure VulnerabilityThis vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Ubiquiti Networks AI Pro. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 5.3. The following CVEs are assigned: …ZERODAYINITIATIVE.COM
25 FebZDI-26-126: (Pwn2Own) Ubiquiti Networks AI Pro Discovery Protocol Missing Encryption Protocol Downgrade VulnerabilityThis vulnerability allows network-adjacent attackers to downgrade the communication protocol on affected installations of Ubiquiti Networks AI Pro. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 5.4. The following CVEs are assi…ZERODAYINITIATIVE.COM
25 FebZDI-26-125: Docker Desktop grpcfuse Kernel Module Out-Of-Bounds Read Information Disclosure VulnerabilityThis vulnerability allows local attackers to disclose sensitive information on affected installations of Docker Desktop. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CV…ZERODAYINITIATIVE.COM
25 FebZDI-26-124: claude-hovercraft executeClaudeCode Command Injection Remote Code Execution VulnerabilityThis vulnerability allows remote attackers to execute arbitrary code on affected installations of claude-hovercraft. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2025-15060.ZERODAYINITIATIVE.COM
⚠️ VULNERABILITY DISCLOSURE 16[−]
25 FebMedical device maker UFP Technologies warns of data stolen in cyberattackAmerican manufacturer of medical devices, UFP Technologies, has disclosed that a cybersecurity incident has compromised its IT systems and data. [...]BLEEPINGCOMPUTER.COM
25 FebThe OpenClaw Hype: Analysis of Chatter from Open-Source Deep and Dark WebOpenClaw has sparked heavy Telegram and dark web chatter, but Flare's data shows more research hype than mass exploitation. Flare explains how its telemetry found real supply-chain risk in the skills marketplace, yet limited signs of large-scale criminal operationalization. [...]BLEEPINGCOMPUTER.COM
25 FebGoogle Disrupts UNC2814 GRIDTIDE Campaign After 53 Breaches Across 42 CountriesGoogle on Wednesday disclosed that it worked with industry partners to disrupt the infrastructure of a suspected China-nexus cyber espionage group tracked as UNC2814 that breached at least 53 organizations across 42 countries. "This prolific, elusive actor has a long history of t…THEHACKERNEWS.COM
25 FebClaude Code Flaws Allow Remote Code Execution and API Key ExfiltrationCybersecurity researchers have disclosed multiple security vulnerabilities in Anthropic's Claude Code, an artificial intelligence (AI)-powered coding assistant, that could result in remote code execution and theft of API credentials. "The vulnerabilities exploit various configura…THEHACKERNEWS.COM
25 FebDefense Contractor Employee Jailed for Selling 8 Zero-Days to Russian BrokerA 39-year-old Australian national who was previously employed at U.S. defense contractor L3Harris has been sentenced to a little over seven years in prison for selling eight zero-day exploits to Russian exploit broker Operation Zero in exchange for millions of dollars. Peter Will…THEHACKERNEWS.COM
25 FebRoguePilot Flaw in GitHub Codespaces Enabled Copilot to Leak GITHUB_TOKENA vulnerability in GitHub Codespaces could have been exploited by bad actors to seize control of repositories by injecting malicious Copilot instructions in a GitHub issue. The artificial intelligence (AI)-driven vulnerability has been codenamed RoguePilot by Orca Security. It ha…THEHACKERNEWS.COM
25 FebUS cybersecurity agency CISA reportedly in dire shape amid Trump cuts and layoffsUnder the first year of the Trump administration, the U.S. cyber agency CISA has faced cuts, layoffs, and furloughs, as bipartisan lawmakers and cybersecurity industry sources say the agency is unprepared to handle a crisis.TECHCRUNCH.COM
25 FebInside the story of the US defense contractor who leaked hacking tools to RussiaThe former boss of a U.S. hacking tools maker was jailed for selling highly sensitive software exploits to a Russian broker. This is how we first learned of his arrest, reported the story, and some of the unanswered questions we still have.TECHCRUNCH.COM
25 FebStaying One Step Ahead: Strengthening Android’s Lead in Scam ProtectionPosted by Lyubov Farafonova, Product Manager, Phone by Google; Alberto Pastor Nieto, Sr. Product Manager Google Messages and RCS Spam and Abuse We’ve shared how Android’s proactive, multi-layered scam defenses utilize Google AI to protect users around the world from over 10 billi…SECURITY.GOOGLEBLOG.COM
25 FebMicrosoft warns of job‑themed repo lures targeting developers with multi‑stage backdoorsMicrosoft says it has uncovered a coordinated campaign targeting software developers through malicious repositories posing as legitimate Next.js projects and technical assessments. The campaign employs carefully crafted lures to blend into routine workflows, such as cloning repos…CSOONLINE.COM
25 FebBoards don’t need cyber metrics — they need risk signalsSecurity teams live in a world of numbers. Dashboards depict counts of blocked attacks, phishing clicks, vulnerabilities discovered, patches applied, alerts triaged, and incidents closed. Over the past decade, the cybersecurity industry has become adept at measuring activity with…CSOONLINE.COM
25 FebBake Security In EarlyOne of the most common breakdowns in organizations happens when security enters too late. Teams move through design and development with a clear outcome in mind. Then, near the finish line, security requirements force changes. That late intervention creates friction, delays, and …YOUTUBE.COM
25 FebVMware Aria Operations Vulnerability Could Allow Remote Code Execution - SecurityWeeksubmitted by kid to cybersecurity 4 points | 0 comments https://www.securityweek.com/vmware-aria-operations-vulnerability-could-allow-remote-code-execution/SH.ITJUST.WORKS
25 FebExposing the Undercurrent: Disrupting the GRIDTIDE Global Cyber Espionage CampaignIntroduction Last week, Google Threat Intelligence Group (GTIG), Mandiant, and partners took action to disrupt a global espionage campaign targeting telecommunications and government organizations in dozens of nations across four continents. The threat actor, UNC2814, is a suspec…CLOUD.GOOGLE.COM
25 Febmquire: Linux memory forensics without external dependenciesIf you’ve ever done Linux memory forensics, you know the frustration: without debug symbols that match the exact kernel version, you’re stuck. These symbols aren’t typically installed on production systems and must be sourced from external repositories, which quickly become outda…TRAILOFBITS.COM
25 FebRisky Business #826 -- A week of AI mishaps and skulduggeryOn this week’s show, Patrick Gray, Adam Boileau and James WIlson discuss the week’s cybersecurity news. They cover: Low skill actors compromise 600 Fortinets with AI-generated playbooks Anthropic calls out Chinese AI firms over model distillation Meta’s director of AI safety tell…RISKY.BIZ
📢 SECURITY ADVISORIES 3[−]
25 FebGoverning AI with Security FundamentalsAI is transforming technology, but its governance doesn’t need a complete overhaul. As with the early cloud migration, many feared losing control over data once it moved beyond the traditional perimeter. Yet, organizations adapted by leaning on foundational security practices. Th…YOUTUBE.COM
25 FebInfinite AI Monkeys, Ploutus, Serv-U, Fortinet, Cyberwar, COBOL, NIST, Aaran Leyland - SWN #558Infinite AI Monkeys, Ploutus, Serv-U, Fortinet, Cyberwar, COBOL, NIST, Dr. Strangelove, Aaran Leyland, and More on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-558 00:00:00 Host's Snow D…YOUTUBE.COM
🔥 INCIDENT REPORTING 5[−]
25 FebPoisoning AI Training DataAll it takes to poison AI training data is to create a website: I spent 20 minutes writing an article on my personal website titled “The best tech journalists at eating hot dogs.” Every word is a lie. I claimed (without evidence) that competitive hot-dog-eating is a p…SCHNEIER.COM
25 FebChinese cyberspies breached dozens of telecom firms, govt agenciesGoogle's Threat Intelligence Group (GTIG), Mandiant, and partners disrupted a global espionage campaign attributed to a suspected Chinese threat actor that used SaaS API calls to hide malicious traffic in attacks targeting telecom and government networks. [...]BLEEPINGCOMPUTER.COM
25 FebMarquis sues SonicWall over backup breach that led to ransomware attackMarquis Software Solutions has filed a lawsuit against SonicWall, accusing the cybersecurity company of gross negligence and misrepresentation that allegedly led to a ransomware attack disrupting operations at 74 U.S. banks. [...]BLEEPINGCOMPUTER.COM
25 FebMalicious NuGet Packages Stole ASP.NET Data; npm Package Dropped MalwareCybersecurity researchers have discovered four malicious NuGet packages that are designed to target ASP.NET web application developers to steal sensitive data. The campaign, discovered by Socket, exfiltrates ASP.NET Identity data, including user accounts, role assignments, and pe…THEHACKERNEWS.COM
25 FebCanadian Tire - 38,306,562 breached accountsIn October 2025, retailer Canadian Tire was the victim of a data breach that exposed almost 42M records. The data contained 38M unique email addresses along with names, phone numbers and physical addresses. Passwords were stored as PBKDF2 hashes and for a subset of records, dates…HAVEIBEENPWNED.COM
🕵️ THREAT INTELLIGENCE 11[−]
25 FebISC Stormcast For Wednesday, February 25th, 2026 https://isc.sans.edu/podcastdetail/9824, (Wed, Feb 25th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
25 FebGoogle Reports On Adversarial Use of AI in Late 2025Google Threat Intelligence Group recently released its latest report , “GTIG AI Threat Tracker: Distillation, Experimentation, and (Continued) Integration of AI for Adversarial Us,” on how malicious adversaries are using AI to commit cybercrimes.KNOWBE4.COM
25 FebNews alert: One Identity fills CFO-COO role to strengthen operating discipline amid expansionALISA VIEJO, Calif., Feb. 25, 2026, CyberNewswire— One Identity , a trusted leader in identity security, today announced the appointment of Michael Henricks as Chief Financial and Operating Officer. This decision reflects the continued growth of the business and a … (more…)…LASTWATCHDOG.COM
25 FebUkrainian convicted for helping fake North Korean IT workersA Ukrainian man has been sentenced to five years in prison after helping North Korean IT workers infiltrate American companies using stolen identities, reports Bleepingcomputer . The 39-year-old man from Kiev pleaded guilty in November 2025 to charges including aggravated identit…CSOONLINE.COM
25 FebThe SOC Is Now Agentic — Introducing the Next Evolution of CortexAgentic AI security is here. See how AI-powered agents, XDL 2.0 and the new Agentix platform transform the SOC at Cortex Symphony 2026. The post The SOC Is Now Agentic — Introducing the Next Evolution of Cortex appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
25 FebVariations of the ClickFix | Kaspersky official blogFinger, DNS-lookup, captcha, and other ways ClickFix techniques is being used in real world attacks.KASPERSKY.COM
25 FebSecurity as a Business Enabler by Re-envisioning Risk and Leading through Uncertainty - BSW #436Most organizations view security as a cost center, a "check-the-box" expense rather than a strategic investment. This mindset leads to chronic underfunding, reactive, panic-driven decision-making, and high staff turnover. It also hampers innovation, strategic initiatives, and cus…YOUTUBE.COM
25 FebWhat are You Working on Wednesdaysubmitted by shellsharks to cybersecurity 10 points | 1 comments Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.INFOSEC.PUB
25 FebMalicious NuGet Package Targets Stripe Developers - Infosecurity Magazinesubmitted by kid to cybersecurity 12 points | 0 comments https://www.infosecurity-magazine.com/news/malicious-nuget-package-stripe-devs/SH.ITJUST.WORKS
25 FebShinyHunters leak 12.4M CarGurus records after ransom threatsubmitted by kid to cybersecurity -1 points | 2 comments https://cybernews.com/security/shiny-hunters-car-gurus-12-4m-records-data-dump/SH.ITJUST.WORKS
25 FebPhishing campaign targets freight and logistics orgs in the US, Europesubmitted by kid to cybersecurity 7 points | 0 comments https://www.bleepingcomputer.com/news/security/phishing-campaign-targets-freight-and-logistics-orgs-in-the-us-europe/SH.ITJUST.WORKS
🌐 CYBER THREAT LANDSCAPE 1[−]
25 FebFake Next.js job interview tests backdoor developer's devicesThe Microsoft Defender team has discovered a coordinated campaign targeting software developers through malicious repositories posing as legitimate Next.js projects and technical assessment materials, including recruiting coding tests. [...]BLEEPINGCOMPUTER.COM
📡 INFOSEC NEWS 5[−]
25 FebWeekly Threat Bulletin – February 25th, 2026These are the top threats you should know about this week.F5.COM
25 FebSLH Offers $500–$1,000 Per Call to Recruit Women for IT Help Desk Vishing AttacksThe notorious cybercrime collective known as Scattered LAPSUS$ Hunters (SLH) has been observed offering financial incentives to recruit women to pull off social engineering attacks. The idea is to hire them for voice phishing campaigns targeting IT help desks, Dataminr said in a …THEHACKERNEWS.COM
25 FebTop 5 Ways Broken Triage Increases Business Risk Instead of Reducing ItTriage is supposed to make things simpler. In a lot of teams, it does the opposite. When you can’t reach a confident verdict early, alerts turn into repeat checks, back-and-forth, and “just escalate it” calls. That cost doesn’t stay inside the SOC; it shows up as missed SLAs, hig…THEHACKERNEWS.COM
25 FebManual Processes Are Putting National Security at RiskWhy automating sensitive data transfers is now a mission-critical priority More than half of national security organizations still rely on manual processes to transfer sensitive data, according to The CYBER360: Defending the Digital Battlespace report. This should alarm every def…THEHACKERNEWS.COM
25 Feb$10,000 bounty offered if you can hack Ring cameras to stop them sharing your data with AmazonAmid a privacy backlash, a US $10,000 reward has been offered for anyone who can find a way to run Ring doorbell cameras locally, cutting off the flow of video data to Amazon's servers. Read more in my article on the Hot for Security blog.BITDEFENDER.COM