🐛 COMMON VULNERABILITIES AND EXPOSURES 35[−]
28 FebCVE-2025-40082 hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()Information published.MSRC.MICROSOFT.COM
28 FebCVE-2023-54207 HID: uclogic: Correct devm device reference for hidinput input_dev nameInformation published.MSRC.MICROSOFT.COM
28 FebCVE-2025-68340 team: Move team device type change at the end of team_port_addInformation published.MSRC.MICROSOFT.COM
28 FebCVE-2025-71147 KEYS: trusted: Fix a memory leak in tpm2_load_cmdInformation published.MSRC.MICROSOFT.COM
28 FebCVE-2025-71152 net: dsa: properly keep track of conduit referenceInformation published.MSRC.MICROSOFT.COM
28 FebCVE-2025-71154 net: usb: rtl8150: fix memory leak on usb_submit_urb() failureInformation published.MSRC.MICROSOFT.COM
28 FebCVE-2025-71160 netfilter: nf_tables: avoid chain re-validation if possibleInformation published.MSRC.MICROSOFT.COM
28 FebCVE-2025-71161 dm-verity: disable recursive forward error correctionInformation published.MSRC.MICROSOFT.COM
28 FebCVE-2025-71163 dmaengine: idxd: fix device leaks on compat bind and unbindInformation published.MSRC.MICROSOFT.COM
28 FebCVE-2026-22976 net/sched: sch_qfq: Fix NULL deref when deactivating inactive aggregate in qfq_resetInformation published.MSRC.MICROSOFT.COM
28 FebCVE-2026-22977 net: sock: fix hardened usercopy panic in sock_recv_errqueueInformation published.MSRC.MICROSOFT.COM
28 FebCVE-2026-22978 wifi: avoid kernel-infoleak from struct iw_pointInformation published.MSRC.MICROSOFT.COM
28 FebCVE-2026-22992 libceph: return the handler error from mon_handle_auth_done()Information published.MSRC.MICROSOFT.COM
28 FebCVE-2026-22996 net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink privInformation published.MSRC.MICROSOFT.COM
28 FebCVE-2026-22997 net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rtsInformation published.MSRC.MICROSOFT.COM
28 FebCVE-2026-22998 nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovecInformation published.MSRC.MICROSOFT.COM
28 FebCVE-2025-71150 ksmbd: Fix refcount leak when invalid session is found on session lookupInformation published.MSRC.MICROSOFT.COM
28 FebCVE-2025-71162 dmaengine: tegra-adma: Fix use-after-freeInformation published.MSRC.MICROSOFT.COM
28 FebCVE-2026-22979 net: fix memory leak in skb_segment_list for GRO packetsInformation published.MSRC.MICROSOFT.COM
28 FebCVE-2026-22982 net: mscc: ocelot: Fix crash when adding interface under a lagInformation published.MSRC.MICROSOFT.COM
28 FebCVE-2026-22984 libceph: prevent potential out-of-bounds reads in handle_auth_done()Information published.MSRC.MICROSOFT.COM
28 FebCVE-2026-22990 libceph: replace overzealous BUG_ON in osdmap_apply_incremental()Information published.MSRC.MICROSOFT.COM
28 FebCVE-2026-22991 libceph: make free_choose_arg_map() resilient to partial allocationInformation published.MSRC.MICROSOFT.COM
28 FebCVE-2026-22999 net/sched: sch_qfq: do not free existing class in qfq_change_class()Information published.MSRC.MICROSOFT.COM
28 FebCVE-2026-23212 bonding: annotate data-races around slave->last_rxInformation published.MSRC.MICROSOFT.COM
28 FebCVE-2026-23220 ksmbd: fix infinite loop caused by next_smb2_rcv_hdr_off reset in error pathsInformation published.MSRC.MICROSOFT.COM
28 FebCVE-2025-71232 scsi: qla2xxx: Free sp in error path to fix system crashInformation published.MSRC.MICROSOFT.COM
28 FebCVE-2026-28364 In OCaml before 4.14.3 and 5.x before 5.4.1, a buffer over-read in Marshal deserialization (runtime/intern.c) enables remote code execution through a multi-phase attack chain. The vulnerability stems from missing bounds validation in the readblock() function, which performs unbounded memcpy() operations using attacker-controlled lengths from crafted Marshal data.Information published.MSRC.MICROSOFT.COM
28 FebCVE-2026-23216 scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count()Information published.MSRC.MICROSOFT.COM
28 FebCVE-2026-23222 crypto: omap - Allocate OMAP_CRYPTO_FORCE_COPY scatterlists correctlyInformation published.MSRC.MICROSOFT.COM
28 FebCVE-2026-23228 smb: server: fix leak of active_num_conn in ksmbd_tcp_new_connection()Information published.MSRC.MICROSOFT.COM
28 FebCVE-2025-71235 scsi: qla2xxx: Delay module unload while fabric scan in progressInformation published.MSRC.MICROSOFT.COM
28 FebCVE-2025-71229 wifi: rtw88: Fix alignment fault in rtw_core_enable_beacon()Information published.MSRC.MICROSOFT.COM
28 FebCVE-2025-71237 nilfs2: Fix potential block overflow that cause system hangInformation published.MSRC.MICROSOFT.COM
⚠️ VULNERABILITY DISCLOSURE 4[−]
28 FebCybersecurity Today Weekend with Carey Frey, VP and Chief Security Officer at TELUSIdentity, AI Agents, and the Session Token Time Bomb | Carey Frey (CSO, TELUS) on Cybersecurity Today In this Cybersecurity Today weekend edition, David Shipley interviews Carey Frey, Chief Security Officer at TELUS, about the evolution of identity security and why it's a growing…CYBERSECURITYTODAY.LIBSYN.COM
28 FebHackers Exploit Windows File Explorer and WebDAV to Distribute MalwareCybersecurity researchers at Cofense Intelligence have uncovered an ongoing campaign where threat actors abuse Windows File Explorer to distribute malware. By exploiting the legacy WebDAV protocol, attackers are tricking victims into downloading Remote Access Trojans (RATs) while…GBHACKERS.COM
28 FebWho is the Kimwolf Botmaster “Dort”?In early January 2026, KrebsOnSecurity revealed how a security researcher disclosed a vulnerability that was used to assemble Kimwolf, the world's largest and most disruptive botnet. Since then, the person in control of Kimwolf -- who goes by the handle "Dort" -- has coordinated …KREBSONSECURITY.COM
28 FebClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocketOpenClaw has fixed a high-severity security issue that, if successfully exploited, could have allowed a malicious website to connect to a locally running artificial intelligence (AI) agent and take over control. "Our vulnerability lives in the core system itself – no plugins, no …THEHACKERNEWS.COM
📢 SECURITY ADVISORIES 2[−]
28 FebCompliant or Facing Federal FinesThe False Claims Act allows the U.S. government to pursue contractors that falsely certify compliance. In 2025, $6.8 billion in fines were collected across 1,297 whistleblower-driven cases. For defense contractors and others handling regulated data, frameworks like NIST 800-171 a…YOUTUBE.COM
28 FebThis month in security with Tony Anscombe – February 2026 editionIn this roundup, Tony looks at how opportunistic threat actors are taking advantage of weak authentication, unmanaged exposure, and popular AI toolsWELIVESECURITY.COM
🔥 INCIDENT REPORTING 2[−]
28 FebCanadian Tire Data Breach Impacts 38 Million AccountsNames, addresses, email addresses, phone numbers, and encrypted passwords were compromised in the attack. The post Canadian Tire Data Breach Impacts 38 Million Accounts appeared first on SecurityWeek .SECURITYWEEK.COM
28 FebQuickLens Chrome extension steals crypto, shows ClickFix attackA Chrome extension named "QuickLens - Search Screen with Google Lens" has been removed from the Chrome Web Store after it was compromised to push malware and attempt to steal crypto from thousands of users. [...]BLEEPINGCOMPUTER.COM
🕵️ THREAT INTELLIGENCE 3[−]
28 FebTrump Bans Anthropic AI in Federal Agencies Amid Growing Security ConcernsThe United States government has taken a massive step by banning federal agencies from using Anthropic, a domestic AI company known for its model, Claude. For the first time, a U.S. firm has been classified as a supply chain risk to national security, a label usually given to for…GBHACKERS.COM
28 FebFake Zoom and Google Meet Phishing Campaigns Deploy Teramind Surveillance SoftwareThreat actors are executing sophisticated phishing campaigns that impersonate Zoom and Google Meet to silently deploy Teramind onto Windows devices. While Teramind is a legitimate enterprise endpoint monitoring product, scammers are abusing its stealth features to conduct unautho…GBHACKERS.COM
28 FebMY TAKE: The Pentagon punished Anthropic for red lines it accepted from OpenAI hours laterKINGSTON, Wash. — On Friday afternoon, President Trump ordered every federal agency to stop using Anthropic’s AI technology. Defense Secretary Pete Hegseth followed by designating the company a “supply-chain risk to national security,” a label the government typically reserves fo…LASTWATCHDOG.COM
🌐 CYBER THREAT LANDSCAPE 1[−]
28 FebPentagon Designates Anthropic Supply Chain Risk Over AI Military DisputeAnthropic on Friday hit back after U.S. Secretary of Defense Pete Hegseth directed the Pentagon to designate the artificial intelligence (AI) upstart as a "supply chain risk." "This action follows months of negotiations that reached an impasse over two exceptions we requested to …THEHACKERNEWS.COM
📡 INFOSEC NEWS 3[−]
28 FebIndia disrupts access to popular developer platform Supabase with blocking orderIndia, one of Supabase’s biggest markets, is seeing patchy access after a government block order.TECHCRUNCH.COM
28 FebThousands of Public Google Cloud API Keys Exposed with Gemini Access After API EnablementNew research has found that Google Cloud API keys, typically designated as project identifiers for billing purposes, could be abused to authenticate to sensitive Gemini endpoints and access private data. The findings come from Truffle Security, which discovered nearly 3,000 Googl…THEHACKERNEWS.COM
28 Feb$4.8M in crypto stolen after Korean tax agency exposes wallet seedSouth Korea's National Tax Service accidentally exposed the mnemonic recovery phrase of a seized cryptocurrency wallet in an official press release, allowing hackers to steal 6.4 billion won ($4.8M) worth in cryptocurrency. [...]BLEEPINGCOMPUTER.COM