🐛 COMMON VULNERABILITIES AND EXPOSURES 14[−]
27 Feb KEVCisco SD-WAN Bug Actively ExploitedCisco SD-WAN Bug Actively Exploited, MCP Azure Takeover Demo, CarGurus Data Leak, and Secret Service Scam Recovery Host Jim Love covers four cybersecurity stories: CSA warns a critical Cisco Catalyst SD-WAN controller vulnerability (CVE-2026-20127) has been exploited since 2023, …CYBERSECURITYTODAY.LIBSYN.COM
27 FebJuniper Networks PTX Routers Affected by Critical VulnerabilityAn out-of-band security update for Junos OS Evolved patches the remote code execution vulnerability CVE-2026-21902. The post Juniper Networks PTX Routers Affected by Critical Vulnerability appeared first on SecurityWeek .SECURITYWEEK.COM
27 FebCVE-2026-27571 nats-server websockets are vulnerable to pre-auth memory DoSInformation published.MSRC.MICROSOFT.COM
27 FebCVE-2026-27965 Vitess users with backup storage access can gain unauthorized access to production deployment environmentsInformation published.MSRC.MICROSOFT.COM
27 FebCVE-2026-27969 Vitess users with backup storage access can write to arbitrary file paths on restoreInformation published.MSRC.MICROSOFT.COM
27 FebStored XSS Vulnerability in RustFS Console Puts S3 Admin Credentials at RiskA critical security flaw has been identified in the RustFS Console, exposing administrators to a high risk of account takeover. Tracked as CVE-2026-27822, this Stored Cross-Site Scripting (XSS) vulnerability carries a critical CVSS v3 score of 10.0 and affects versions of the Rus…GBHACKERS.COM
27 FebFreeBSD Vulnerabilities Enable Attackers to Crash Entire SystemThe FreeBSD Project has disclosed a critical security vulnerability, tracked as CVE-2025-15576, which allows attackers to escape jail environments and gain unauthorized access to the full host filesystem. This flaw impacts FreeBSD versions 14.3 and 13.5, leaving unpatched systems…GBHACKERS.COM
27 FebYour personal OpenClaw agent may also be taking orders from malicious websitesIf you thought running an AI agent locally kept it safely inside your machine’s walls, you’re in for a surprise. Researchers at Oasis Security have disclosed a flaw chain that allowed a malicious website to quietly connect to a locally running OpenClaw agent and take full control…CSOONLINE.COM
27 FebCISA warns that RESURGE malware can be dormant on Ivanti devicesThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released new details about RESURGE, a malicious implant used in zero-day attacks exploiting CVE-2025-0282 to breach Ivanti Connect Secure devices. [...]BLEEPINGCOMPUTER.COM
27 FebSecurity hole could let hackers take over Juniper Networks PTX core routersNetwork admins with Juniper PTX series routers in their environments are being warned to patch immediately, because a newly-discovered critical vulnerability could lead to an unauthenticated threat actor running code with root privileges. T he hole is “especially dangerous, becau…CSOONLINE.COM
⚠️ VULNERABILITY DISCLOSURE 18[−]
27 Feb900 Sangoma FreePBX Instances Infected With Web ShellsThe attacks exploited a post-authentication command injection vulnerability in the endpoint manager’s interface. The post 900 Sangoma FreePBX Instances Infected With Web Shells appeared first on SecurityWeek .SECURITYWEEK.COM
27 FebResearchers Unveil Aeternum C2 Infrastructure with Advanced Evasion and Persistence TacticsFor years, defenders have relied on a simple strategy to dismantle botnets find and seize their command-and-control (C2) servers. That weakness enabled global law enforcement operations to disrupt massive botnets such as Emotet, TrickBot, and QakBot. But a newly identified C2 fra…GBHACKERS.COM
27 FebCritical Trend Micro Apex One Vulnerabilities Allow Remote Malicious Code ExecutionTrend Micro has disclosed eight security vulnerabilities in its Apex One endpoint protection platform, including two critical-severity flaws that allow unauthenticated remote attackers to upload malicious code and execute commands on affected systems. The company released a Criti…GBHACKERS.COM
27 FebMalicious Go Crypto Module Steals Passwords, Deploys Rekoobe Backdoor in Developer EnvironmentsMalicious actors are abusing Go’s open-source ecosystem by deploying a backdoored crypto module that steals passwords and installs a Rekoobe Linux backdoor on developer and CI environments. The package imitates Go’s trusted cryptography library to turn ordinary password prompts i…GBHACKERS.COM
27 FebInfostealers Drive Massive Brute-Force Attacks on Corporate SSO Gateways with Stolen CredentialsThe cybersecurity community is witnessing a rise in credential‑stuffing attacks targeting corporate Single Sign‑On (SSO) systems, with recent campaigns focusing on F5 BIG‑IP devices. To understand the source of the stolen logins, Defused Cyber analyzed a dataset of 70 unique emai…GBHACKERS.COM
27 FebUS authorities punish sellers of malware and spywareThe US authorities have made it clear that they will have no truck with any individuals trying to by-pass regulations on trading cyberweapons with hostile powers. Selling sensitive cyber-exploit components to a Russian company landed Australian citizen Peter Williams with an 87-m…CSOONLINE.COM
27 FebWhy application security must start at the load balancerFor a long time, I thought of the load balancer as a performance device. Its job was to distribute traffic, improve uptime, and make applications feel fast. Security was something that happened elsewhere, on firewalls, inside WAFs or deep in the application code. That perspective…CSOONLINE.COM
27 FebHow to make LLMs a defensive advantage without creating a new attack surfaceLarge language models (LLMs) have arrived in security in three different forms at once: as productivity tools that sit beside analysts, as components embedded inside products and workflows and as targets that attackers can probe, manipulate and steal. That convergence is why the …CSOONLINE.COM
27 FebRansomware groups switch to stealthy attacks and long-term accessRansomware attackers are switching tactics in favor of more stealthy infiltration, as the threat of public exposure of sensitive corporate data is becoming the main mechanism of extortion. Picus Security’s annual red-teaming report shows attackers shifting away from loud disrupti…CSOONLINE.COM
27 FebHacker kompromittieren immer schnellerDer Einsatz von KI-Tools macht Cyberangriffe nicht nur schneller, sondern erhöht auch die Taktzahl. Color4260 / Shutterstock Crowdstrike hat die aktuelle Ausgabe seines Global Threat Report veröffentlicht – mit mehreren bemerkenswerten Erkenntnissen. So benötigte ein Angreifer im…CSOONLINE.COM
27 FebTrend Micro warns of critical Apex One code execution flawssubmitted by kid to cybersecurity 7 points | 1 comments https://www.bleepingcomputer.com/news/security/trend-micro-warns-of-critical-apex-one-rce-vulnerabilities/SH.ITJUST.WORKS
27 FebThird-Party Patching and the Business Footprint We All ShareEveryday tools like PDF readers, email clients, and archive utilities quietly define the real attack surface. Action1 explains how third-party software drift increases exploit risk and why consistent patching reduces exposure across endpoints. [...]BLEEPINGCOMPUTER.COM
27 FebMalicious Go Crypto Module Steals Passwords, Deploys Rekoobe BackdoorCybersecurity researchers have disclosed details of a malicious Go module that's designed to harvest passwords, create persistent access via SSH, and deliver a Linux backdoor named Rekoobe. The Go module, github[.]com/xinfeisoft/crypto, impersonates the legitimate "golang.org/x/c…THEHACKERNEWS.COM
27 FebCultivating a robust and efficient quantum-safe HTTPSPosted by Chrome Secure Web and Networking Team Today we're announcing a new program in Chrome to make HTTPS certificates secure against quantum computers. The Internet Engineering Task Force (IETF) recently created a working group, PKI, Logs, And Tree Signatures (“PLANTS”), aimi…SECURITY.GOOGLEBLOG.COM
27 Feb900+ Sangoma FreePBX Instances Compromised in Ongoing Web Shell AttacksThe Shadowserver Foundation has revealed that over 900 Sangoma FreePBX instances still remain infected with web shells as part of attacks that exploited a command injection vulnerability starting in December 2025. Of these, 401 instances are located in the U.S., followed by 51 in…THEHACKERNEWS.COM
27 Feb‘Silent’ Google API key change exposed Gemini AI dataGoogle Cloud API keys, normally used as simple billing identifiers for APIs such as Maps or YouTube, could be scraped from websites to give access to private Gemini AI project data, researchers from Truffle Security recently discovered. According to a Common Crawl scan of website…CSOONLINE.COM
27 FebFriday Squid Blogging: Squid Fishing in PeruPeru has increased its squid catch limit. The article says “giant squid,” but they can’t possibly mean that. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy.SCHNEIER.COM
27 FebOpen Source Risk Is ExplodingA 2026 open source security report found that vulnerabilities increased by 107% in 2024. The report attributes the surge to larger, more complex codebases and suggests AI coding assistants may be accelerating the trend. AI tools allow more people to write more code, increasing ov…YOUTUBE.COM
📢 SECURITY ADVISORIES 56[−]
27 FebWhy Tehran’s Two-Tiered Internet Is So DangerousIran is slowly emerging from the most severe communications blackout in its history and one of the longest in the world. Triggered as part of January’s government crackdown against citizen protests nationwide, the regime implemented an internet shutdown that transcends the …SCHNEIER.COM
27 FebCritical Flaws Exposed Gardyn Smart Gardens to Remote HackingCISA has released an advisory to warn about four vulnerabilities discovered by a researcher in Gardyn Home and Gardyn Studio. The post Critical Flaws Exposed Gardyn Smart Gardens to Remote Hacking appeared first on SecurityWeek .SECURITYWEEK.COM
27 FebVshell Gains Popularity Among Cybercriminals as Cobalt Strike AlternativeA Go‑based remote administration tool known as Vshell is emerging as a favored alternative to Cobalt Strike among both red teams and threat actors. Though marketed as a legitimate network administration and security testing platform, recent analyses indicate that Vshell’s powerfu…GBHACKERS.COM
27 FebOne of the ‘most influential cybersecurity’ roles will pay under $175,000A recent job ad is causing plenty of head-shaking, suggesting that some government high-ups appear to be out of touch with the current state of the cybersecurity job market. There is plenty of evidence that the world needs cybersecurity talent. According t o a recent ISC2 survey …CSOONLINE.COM
27 FebIn Other News: ATT&CK Advisory Council, Russian Cyberattacks Aid Missile Strikes, Predator Bypasses iOS IndicatorsOther noteworthy stories that might have slipped under the radar: cyber valuations surge, OpenAI disrupts malicious AI use, ShinyHunters claims Odido breach. The post In Other News: ATT&CK Advisory Council, Russian Cyberattacks Aid Missile Strikes, Predator Bypasses iOS Indi…SECURITYWEEK.COM
27 FebCISA replaces acting director after a bumbling year on the jobThe U.S. cybersecurity agency's acting director Madhu Gottumukkala will be replaced, after a year of cuts, layoffs, and staff reassignments, and allegations of security lapses and claims he struggled to lead the agency.TECHCRUNCH.COM
🔥 INCIDENT REPORTING 14[−]
27 FebCyber incident reporting guidelines: Key information sharing requirements – ITSM.00.140CYBER.GC.CA
27 FebRansomware playbook (ITSM.00.099)The information provided in this publication is intended to inform organizations and help them reduce the risks of ransomware attacks, lessen the impact of these attacks, and take preventative actions.CYBER.GC.CA
27 FebWhat to do when your organization has been compromised by a cyber attack (ITSAP.00.009)This publication provides guidance on the actions you should take in the critical moments after a compromise is detected to lessen the impact on your organization.CYBER.GC.CA
27 FebDeveloping your business continuity plan (ITSAP.10.005)In the event of a cyber incident or natural disaster, your organization will need a business continuity plan (BCP) to resume its most critical business operations quickly. Your BCP will identify the risks from various threats and the impact they would have on your organization.CYBER.GC.CA
27 Feb38 Million Allegedly Impacted by ManoMano Data BreachHackers stole personal information such as names, email addresses, phone numbers, and other information. The post 38 Million Allegedly Impacted by ManoMano Data Breach appeared first on SecurityWeek .SECURITYWEEK.COM
27 FebScarCruft Uses Zoho WorkDrive and USB Malware to Breach Air-Gapped NetworksThe North Korean threat actor known as ScarCruft has been attributed to a fresh set of tools, including a backdoor that uses Zoho WorkDrive for command-and-control (C2) communications to fetch more payloads and an implant that uses removable media to relay commands and breach air…THEHACKERNEWS.COM
27 Feb1 Million Records from Dutch Telco Odido Leaked Online in Massive Data BreachThe Dutch telecommunications company Odido suffered a massive data breach that exposed the personal information of nearly 700,000 customers. The incident, which included an extortion attempt, has raised serious concerns about customer privacy and data security in the telecom sect…GBHACKERS.COM
27 FebUFP Technologies discloses data breach after cybersecurity incident | brief | SC Mediasubmitted by kid to cybersecurity 1 points | 0 comments https://www.scmagazine.com/brief/ufp-technologies-discloses-data-breach-after-cybersecurity-incidentSH.ITJUST.WORKS
27 FebEuropean DYI chain ManoMano data breach impacts 38 million customerssubmitted by kid to cybersecurity 3 points | 0 comments https://www.bleepingcomputer.com/news/security/european-dyi-chain-manomano-data-breach-impacts-38-million-customers/SH.ITJUST.WORKS
27 FebRansomware payment rate drops to record low as attacks surgesubmitted by osanna to cybersecurity 24 points | 3 comments https://www.bleepingcomputer.com/news/security/ransomware-payment-rate-drops-to-record-low-as-attacks-surge/SH.ITJUST.WORKS
27 FebAPT37 hackers use new malware to breach air-gapped networksNorth Korean hackers are deploying newly uncovered tools to move data between internet-connected and air-gapped systems, spread via removable drives, and conduct covert surveillance. [...]BLEEPINGCOMPUTER.COM
🕵️ THREAT INTELLIGENCE 18[−]
27 FebPhishing Attacks Against People Seeking Programming JobsThis is new. North Korean hackers are posing as company recruiters, enticing job candidates to participate in coding challenges. When they run the code they are supposed to work on, it installs malware on their system. News article .SCHNEIER.COM
27 FebChilean Carding Shop Operator Extradited to USThe 24-year-old suspect has been accused of trafficking over 26,000 cards from a single brand. The post Chilean Carding Shop Operator Extradited to US appeared first on SecurityWeek .SECURITYWEEK.COM
27 FebAnthropic Refuses to Bend to Pentagon on AI Safeguards as Dispute Nears DeadlineAnthropic said it sought narrow assurances from the Pentagon that Claude won’t be used for mass surveillance of Americans or in fully autonomous weapons. The post Anthropic Refuses to Bend to Pentagon on AI Safeguards as Dispute Nears Deadline appeared first on SecurityWeek .SECURITYWEEK.COM
27 FebAeternum Botnet Loader Employs Polygon Blockchain C&C to Boost ResilienceAeternum operates on smart contracts, making its command-and-control (C&C) infrastructure difficult to disrupt. The post Aeternum Botnet Loader Employs Polygon Blockchain C&C to Boost Resilience appeared first on SecurityWeek .SECURITYWEEK.COM
27 FebTrojanized Gaming Tools Spread Java-Based RAT via Browser and Chat PlatformsThreat actors are luring unsuspecting users into running trojanized gaming utilities that are distributed via browsers and chat platforms to distribute a remote access trojan (RAT). "A malicious downloader staged a portable Java runtime and executed a malicious Java archive (JAR)…THEHACKERNEWS.COM
27 FebISC Stormcast For Friday, February 27th, 2026 https://isc.sans.edu/podcastdetail/9828, (Fri, Feb 27th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
27 FebStudy Finds 87% of Organizations Exposed to Attacks Due to Known VulnerabilitiesThe 2026 State of DevSecOps report reveals a critical tension between development velocity and security. While organizations rapidly adopt AI-assisted coding, many fail to manage dependencies properly, leaving their software supply chains highly vulnerable to threat actors. Thre…GBHACKERS.COM
27 FebDohdoor Malware Targets U.S. Schools and Healthcare with Multi-Stage AttackA new backdoor dubbed Dohdoor is actively targeting schools and health care organizations in the United States through a stealthy multi-stage attack chain. UAT-10027 focuses on education and health care entities in the U.S., sectors that handle highly sensitive personal and medic…GBHACKERS.COM
27 FebVshell: A Chinese-Language Alternative to Cobalt Strike - Censyssubmitted by kid to cybersecurity 1 points | 0 comments https://censys.com/blog/vshell/SH.ITJUST.WORKS
27 FebMalicious StripeApi NuGet Package Mimicked Official Library and Stole API Tokenssubmitted by kid to cybersecurity 4 points | 0 comments https://thehackernews.com/2026/02/malicious-stripeapi-nuget-package.htmlSH.ITJUST.WORKS
27 FebHacking group begins leaking customer data in Dutch telecom Odido hacksubmitted by kid to cybersecurity 4 points | 1 comments https://www.reuters.com/business/media-telecom/hacking-group-begins-leaking-customer-data-dutch-telecom-odido-hack-2026-02-26/SH.ITJUST.WORKS
27 FebCritical Juniper Networks PTX flaw allows full router takeoversubmitted by kid to cybersecurity 3 points | 0 comments https://www.bleepingcomputer.com/news/security/critical-juniper-networks-ptx-flaw-allows-full-router-takeover/SH.ITJUST.WORKS
27 FebGoogle API Keys Weren't Secrets. But then Gemini Changed the Rules. ◆ Truffle Security Co.submitted by bestboyfriendintheworld to cybersecurity 19 points | 0 comments https://trufflesecurity.com/blog/google-api-keys-werent-secrets-but-then-gemini-changed-the-rulesSH.ITJUST.WORKS
27 FebThe Rise of Kratos: How the New Phishing-as-a-Service Kit Industrializes CybercrimeLead Analysts: Jeewan Singh Jalal, Prabhakaran Ravichandhiran and Anand Bodke By the end of 2026, over 90% of all credential compromise attacks are estimated to be enabled by modular Phishing-as-a-Service (PhaaS) kits like the sophisticated, global threat, Kratos.KNOWBE4.COM
27 FebDon’t Let AI Make PasswordsThe discussion highlights that while AI systems are excellent at generating text and automating tasks, they are not designed to produce true randomness. An example is shared where an AI asked to generate 41,000 “random” first names heavily repeated a single name instead of distri…YOUTUBE.COM
27 FebCommon Facebook Scam MethodA friend posted this on Facebook and it came up on my feed.KNOWBE4.COM
27 FebTrump Orders All Federal Agencies to Phase Out Use of Anthropic TechnologyOpenAI and Google, along with Elon Musk’s xAI, also have contracts to supply their AI models to the military. The post Trump Orders All Federal Agencies to Phase Out Use of Anthropic Technology appeared first on SecurityWeek .SECURITYWEEK.COM
27 FebBrainstorm, SonicWall, Junos, Glienicke Brücke, Burger King, Claude, Josh Marpet - SWN #559Brainstorm, SonicWall, Junos, Glienicke Brücke, Burger King, Claude, Josh Marpet, and More on this episode of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-559YOUTUBE.COM
🌐 CYBER THREAT LANDSCAPE 4[−]
27 FebCSE calls on Canadian organizations and critical infrastructure providers to strengthen defences on fourth anniversary of Russia’s invasion of UkraineCYBER.GC.CA
27 FebFake Fedex Email Delivers Donuts!, (Fri, Feb 27th)It's Friday, let's have a look at another simple piece of malware to close a busy week! I received a Fedex notification about a delivery. Usually, such emails are simple phishing attacks that redirect you to a fake login page to collect your credentials. Here, it was…ISC.SANS.EDU
📡 INFOSEC NEWS 16[−]
27 FebCyber security considerations for drone use (ITSAP.00.143)Drones are mobile vehicle systems that can function with varying degrees of autonomy from human operators. Depending on their design and function, they may also be called remotely operated systems, remotely piloted aircraft systems, or uncrewed ground/underwater vehicles. Underst…CYBER.GC.CA
27 FebImproving cyber security resilience through emergency preparedness planning (ITSM.10.014)CYBER.GC.CA
27 FebJoint guidance on secure connectivity principles for operational technologyThis joint guidance outlines the desirable end-states that organizations should achieve when designing connectivity into OT environments. The end-states are intended as goals rather than minimum requirements.CYBER.GC.CA
27 FebUkrainian man pleads guilty to running AI-powered fake ID siteA Ukrainian man has pleaded guilty to operating OnlyFake, an AI-powered website that generated and sold more than 10,000 photos of fake identification documents to customers worldwide. [...]BLEEPINGCOMPUTER.COM
27 FebMeta Files Lawsuits Against Brazil, China, Vietnam Advertisers Over Celeb-Bait ScamsMeta on Thursday said it's taking legal action to tackle scams on its platforms by filing lawsuits against what it calls deceptive advertisers based in Brazil, China, and Vietnam. As part of the effort, the advertisers' methods of payment have been suspended, related accounts hav…THEHACKERNEWS.COM
27 FebLocal KTAE and the IDA Pro plugin | Kaspersky official blogWhy use the on-prem version of the Kaspersky Threat Attribution Engine (KTAE), and how to connect it to IDA Pro using a free plugin?KASPERSKY.COM
27 FebEuropol-led crackdown on The Com hackers leads to 30 arrestsA yearlong Europol-coordinated operation dubbed "Project Compass" has led to 30 arrests and 179 suspects being tied to "The Com," an online cybercrime collective that targets children and teenagers. [...]BLEEPINGCOMPUTER.COM
27 FebDoJ Seizes $61 Million in Tether Linked to Pig Butchering Crypto ScamsThe U.S. Department of Justice (DoJ) this week announced the seizure of $61 million worth of Tether that were allegedly associated with bogus cryptocurrency schemes known as pig butchering. The confiscated funds were traced to cryptocurrency addresses used for the laundering of c…THEHACKERNEWS.COM
27 FebMicrosoft testing Windows 11 batch file security improvementsMicrosoft is rolling out new Windows 11 Insider Preview builds that improve security and performance during batch file or CMD script execution. [...]BLEEPINGCOMPUTER.COM
27 FebMobile app permissions (still) matter more than you may thinkStart using a new app and you’ll often be asked to grant it permissions. But blindly accepting them could expose you to serious privacy and security risks.WELIVESECURITY.COM
27 FebBringing more transparency to post-quantum usage, encrypted messaging, and routing securityCloudflare Radar has added new tools for monitoring PQ adoption, KT logs for messaging, and ASPA routing records to track the Internet's migration toward more secure encryption and routing standards.CLOUDFLARE.COM