Daily February 2026

daily@lists.cert.at

1 participants
20 discussions

Tageszusammenfassung - 27.02.2026
by Daily end-of-shift report 27 Feb '26

27 Feb '26

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 26-02-2026 18:00 − Freitag 27-02-2026 18:00 Handler: Wolfgang Menezes Co-Handler: n/a ===================== = News = ===================== ∗∗∗ New AirSnitch attack bypasses Wi-Fi encryption in homes, offices, and enterprises ∗∗∗ --------------------------------------------- New research shows that behaviors that occur at the very lowest levels of the network stack make encryption—in any form, not just those that have been broken in the past—incapable of providing client isolation, an encryption-enabled protection promised by all router makers, that is intended to block direct communication between two or more connected clients. The isolation can effectively be nullified through AirSnitch, the name the researchers gave to a series of attacks that capitalize on the newly discovered weaknesses. --------------------------------------------- https://arstechnica.com/security/2026/02/new-airsnitch-attack-breaks-wi-fi-… ∗∗∗ Log4j am Limit: KI-Schrott lähmt Open-Source-Projekt ∗∗∗ --------------------------------------------- Über das Bug-Bounty-Programm des Projekts werden den Angaben zufolge immer mehr KI-generierte Schwachstellenmeldungen eingereicht. [..] Karwasz schlägt vor, Schwachstellenmeldungen bei Log4j in Zukunft kurzfristig Prioritäten zuzuordnen und vorerst nur noch die wichtigen Fälle zu bearbeiten. --------------------------------------------- https://www.golem.de/news/log4j-am-limit-ki-schrott-laehmt-open-source-proj… ∗∗∗ Heimliches Fahrzeug-Tracking: Spionage durch das Reifendruckkontrollsystem ∗∗∗ --------------------------------------------- Reifendruckkontrollsysteme moderner Fahrzeuge bieten Spionen weitreichende Möglichkeiten zur Überwachung - und das schon seit etlichen Jahren. [..] Angriffspunkt sind nach Angaben der Forscher Funksignale, die von den TPMS ausgestrahlt werden und eine eindeutige Kennung enthalten. [..] Um Autos anhand der TPMS-Signale zu tracken, wird nach Angaben der Forscher nur ein einfacher Funkempfänger benötigt, der zu Preisen von lediglich rund 100 US-Dollar erhältlich ist. [..] "Solche Informationen könnten Aufschluss über tägliche Routinen geben, wie beispielsweise Arbeitszeiten oder Reisegewohnheiten" , warnte das Forschungsteam. --------------------------------------------- https://www.golem.de/news/heimliches-fahrzeug-tracking-spionage-durch-das-r… ∗∗∗ Trojanized Gaming Tools Spread Java-Based RAT via Browser and Chat Platforms ∗∗∗ --------------------------------------------- Threat actors are luring unsuspecting users into running trojanized gaming utilities that are distributed via browsers and chat platforms to distribute a remote access trojan (RAT). "A malicious downloader staged a portable Java runtime and executed a malicious Java archive (JAR) file named jd-gui.jar," the Microsoft Threat Intelligence team said in a post on X. --------------------------------------------- https://thehackernews.com/2026/02/trojanized-gaming-tools-spread-java.html ∗∗∗ Fake Zoom and Google Meet scams install Teramind: A technical deep dive ∗∗∗ --------------------------------------------- In this article, we’ll provide the deeper technical analysis [..] On February 24, 2026, we published an article about how a fake Zoom meeting “update” silently installs monitoring software, documenting a campaign that used a convincing fake Zoom waiting room to push a legitimate Teramind installer abused for unauthorized surveillance onto Windows machines. [..] Despite the takedown, our continued monitoring shows the campaign is not only still active but growing: we have now identified a parallel operation impersonating Google Meet, running from a different domain and infrastructure. --------------------------------------------- https://www.malwarebytes.com/blog/threat-intel/2026/02/fake-zoom-and-google… ∗∗∗ Hook, line, and vault: A technical deep dive into the 1Phish kit ∗∗∗ --------------------------------------------- We analyze the evolution of the 1Phish phishing kit from a basic credential harvester into an MFA-aware, multi-stage phishing kit targeting 1Password users. --------------------------------------------- https://securitylabs.datadoghq.com/articles/hook-line-vault-a-deep-dive-int… ∗∗∗ Malicious Go “crypto” Module Steals Passwords and Deploys Rekoobe Backdoor ∗∗∗ --------------------------------------------- Socket’s Threat Research Team uncovered a malicious Go module, github[.]com/xinfeisoft/crypto, that imitates the legitimate golang.org/x/crypto codebase but inserts a backdoor in ssh/terminal/terminal.go. That choice was strategic: golang.org/x/crypto is one of the Go ecosystem’s foundational cryptography codebases, maintained by the Go project and widely relied on for primitives and packages such as bcrypt, argon2, chacha20, and ssh, which makes it a high-trust impersonation target in dependency graphs. --------------------------------------------- https://socket.dev/blog/malicious-go-crypto-module-steals-passwords-and-dep… ===================== = Vulnerabilities = ===================== ∗∗∗ GitLab Patch Release: 18.9.1, 18.8.5, 18.7.5 ∗∗∗ --------------------------------------------- These versions contain important bug and security fixes, and we strongly recommend that all self-managed GitLab installations be upgraded to one of these versions immediately. GitLab.com is already running the patched version. GitLab Dedicated customers do not need to take action. --------------------------------------------- https://about.gitlab.com/releases/2026/02/25/patch-release-gitlab-18-9-1-re… ∗∗∗ LWN: Security updates for Friday ∗∗∗ --------------------------------------------- https://lwn.net/Articles/1060645/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/mailman3/postorius/lists/daily.lists.cert.at/

1 0

Tageszusammenfassung - 26.02.2026
by Daily end-of-shift report 26 Feb '26

26 Feb '26

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 25-02-2026 18:00 − Donnerstag 26-02-2026 18:00 Handler: Michael Schlagenhaufer Co-Handler: Felician Fuchs ===================== = News = ===================== ∗∗∗ Fake Next.js job interview tests backdoor developers devices ∗∗∗ --------------------------------------------- The Microsoft Defender team has discovered a coordinated campaign targeting software developers through malicious repositories posing as legitimate Next.js projects and technical assessment materials, including recruiting coding tests. --------------------------------------------- https://www.bleepingcomputer.com/news/security/fake-nextjs-job-interview-te… ∗∗∗ Ransomware payment rate drops to record low as attacks surge ∗∗∗ --------------------------------------------- The number of ransomware victims paying threat actors has dropped to 28% last year, an all-time low, despite a significant increase in the number of claimed attacks. --------------------------------------------- https://www.bleepingcomputer.com/news/security/ransomware-payment-rate-drop… ∗∗∗ Datenpanne mit Openclaw: KI-Agent leakt interne Daten einer Cybersecurityfirma ∗∗∗ --------------------------------------------- Abermals ist es in Verbindung mit einem KI-Agenten zu einer Datenpanne gekommen. Der Betreiber hat offenbar zu viele Zugriffsrechte eingeräumt. --------------------------------------------- https://www.golem.de/news/datenpanne-mit-openclaw-ki-agent-leakt-interne-da… ∗∗∗ Finding Signal in the Noise: Lessons Learned Running a Honeypot with AI Assistance [Guest Diary], (Tue, Feb 24th) ∗∗∗ --------------------------------------------- Over the past several months, I have gained practical insight into the challenges of deploying and operating a honeypot, even within a relatively simple environment. This work highlighted how varying hardware, software, and network design—can significantly alter outcomes. Through this process, I observed both the value and the limitations of log collection. --------------------------------------------- https://isc.sans.edu/diary/rss/32744 ∗∗∗ Malicious StripeApi NuGet Package Mimicked Official Library and Stole API Tokens ∗∗∗ --------------------------------------------- Cybersecurity researchers have disclosed details of a new malicious package discovered on the NuGet Gallery, impersonating a library from financial services firm Stripe in an attempt to target the financial sector. The package, codenamed StripeApi.Net, attempts to masquerade as Stripe.net, a legitimate library from Stripe that has over 75 million downloads. --------------------------------------------- https://thehackernews.com/2026/02/malicious-stripeapi-nuget-package.html ∗∗∗ UAT-10027 Targets U.S. Education and Healthcare with Dohdoor Backdoor ∗∗∗ --------------------------------------------- A previously undocumented threat activity cluster has been attributed to an ongoing malicious campaign targeting education and healthcare sectors in the U.S. since at least December 2025.The campaign is being tracked by Cisco Talos under the moniker UAT-10027. The end goal of the attacks is to deliver a never-before-seen backdoor codenamed Dohdoor. --------------------------------------------- https://thehackernews.com/2026/02/uat-10027-targets-us-education-and.html ∗∗∗ APT37 Adds New Capabilities for Air-Gapped Networks ∗∗∗ --------------------------------------------- In December 2025, Zscaler ThreatLabz discovered a campaign linked to APT37 (also known as ScarCruft, Ruby Sleet, and Velvet Chollima), which is a DPRK-backed threat group. In this campaign, tracked as Ruby Jumper by ThreatLabz, APT37 uses Windows shortcut (LNK) files to initiate an attack that utilizes a set of newly discovered tools. These tools, RESTLEAF, SNAKEDROPPER, THUMBSBD, and VIRUSTASK, download a payload that delivers FOOTWINE and BLUELIGHT, which enable surveillance on a victim’s system. --------------------------------------------- https://www.zscaler.com/blogs/security-research/apt37-adds-new-capabilities… ∗∗∗ Microsoft Authenticator stellt Funktion bei erkanntem Jailbreak/Root-Zugriff ein ∗∗∗ --------------------------------------------- Microsoft kündigt an, dass die Authenticator-App Jailbreaks und Rootzugang erkennen soll. Entra-Zugänge sollen dann gelöscht werden. --------------------------------------------- https://www.heise.de/news/Microsoft-Authenticator-bekommt-Jailbreak-und-Roo… ∗∗∗ Apache ActiveMQ Exploit Leads to LockBit Ransomware ∗∗∗ --------------------------------------------- This intrusion began in mid-February 2024 after a threat actor exploited a vulnerability (CVE-2023-46604) on an exposed Apache ActiveMQ server. The threat actor was able to perform remote code execution (RCE) by using a Java Spring class and a custom Java Spring bean configuration XML file. --------------------------------------------- https://thedfirreport.com/2026/02/23/apache-activemq-exploit-leads-to-lockb… ∗∗∗ EWS-Apps und deren Nutzung vor der EWS-Abschaltung identifizieren ∗∗∗ --------------------------------------------- Microsoft ist dabei, Exchange Web Services (EWS) in den Ruhestand zu schicken. Dieser Vorgang beginnt im Oktober 2026 und endet mit einer vollständigen Abschaltung von EWS im Jahr 2027. --------------------------------------------- https://borncity.com/blog/2026/02/26/ews-apps-und-deren-nutzung-vor-der-ews… ∗∗∗ Buy A Help Desk, Bundle A Remote Access Solution? (SolarWinds Web Help Desk Pre-Auth RCE Chain(s)) ∗∗∗ --------------------------------------------- It’s been a while, but we’re back - in time for story time. Gather round, strap in, and prepare for another depressing journey of “all we wanted to do was reproduce an N-day, and here we are with 0-days”. --------------------------------------------- https://labs.watchtowr.com/buy-a-help-desk-bundle-a-remote-access-solution-… ===================== = Vulnerabilities = ===================== ∗∗∗ Kritische Sicherheitslücken in Cisco Catalyst SD-WAN - aktiv ausgenutzt - Updates verfügbar ∗∗∗ --------------------------------------------- 26. Februar 2026 Beschreibung In Cisco Catalyst SD-WAN existieren mehrere kritische Sicherheitslücken. Die schwerwiegendste Schwachstelle (CVE-2026-20127) ermöglicht es einem nicht authentifizierten Angreifer aus der Ferne, die Authentifizierung zu umgehen und administrative Berechtigungen auf einem betroffenen System zu erlangen. Weitere Schwachstellen betreffen den Cisco Catalyst SD-WAN Manager und ermöglichen unter anderem Authentication Bypass, Privilege Escalation, --------------------------------------------- https://www.cert.at/de/warnungen/2026/2/kritische-sicherheitslucken-in-cisc… ∗∗∗ Critical Juniper Networks PTX flaw allows full router takeover ∗∗∗ --------------------------------------------- A critical vulnerability in the Junos OS Evolved network operating system running on PTX Series routers from Juniper Networks could allow an unauthenticated attacker to execute code remotely with root privileges. --------------------------------------------- https://www.bleepingcomputer.com/news/security/critical-juniper-networks-pt… ∗∗∗ Automatisierungs-Tool n8n: Angreifer können Schadcode einschleusen ∗∗∗ --------------------------------------------- Im Automatisierungs-Tool n8n klaffen elf Sicherheitslücken. Davon gelten drei als kritisches Risiko. Admins sollten rasch aktualisieren. --------------------------------------------- https://www.heise.de/news/Automatisierungs-Tool-n8n-Updates-stopfen-Codesch… ∗∗∗ LWN Security updates for Thursday ∗∗∗ --------------------------------------------- https://lwn.net/Articles/1060391/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/mailman3/postorius/lists/daily.lists.cert.at/

1 0

Tageszusammenfassung - 25.02.2026
by Daily end-of-shift report 25 Feb '26

25 Feb '26

===================== = End-of-Day report = ===================== Timeframe: Dienstag 24-02-2026 18:00 − Mittwoch 25-02-2026 18:00 Handler: Felician Fuchs Co-Handler: Guenes Holler ===================== = News = ===================== ∗∗∗ 1Campaign platform helps malicious Google ads evade detection ∗∗∗ --------------------------------------------- A newly identified cybercrime service known as 1Campaign is enabling threat actors to run malicious Google Ads that remain online for extended periods while evading scrutiny from security researchers. --------------------------------------------- https://www.bleepingcomputer.com/news/security/1campaign-platform-helps-mal… ∗∗∗ Phishing campaign targets freight and logistics orgs in the US, Europe ∗∗∗ --------------------------------------------- A financially motivated threat group dubbed "Diesel Vortex" is stealing credentials from freight and logistics operators in the U.S. and Europe in phishing attacks using 52 domains. --------------------------------------------- https://www.bleepingcomputer.com/news/security/phishing-campaign-targets-fr… ∗∗∗ The OpenClaw Hype: Analysis of Chatter from Open-Source Deep and Dark Web ∗∗∗ --------------------------------------------- OpenClaw has sparked heavy Telegram and dark web chatter, but Flares data shows more research hype than mass exploitation. Flare explains how its telemetry found real supply-chain risk in the skills marketplace, yet limited signs of large-scale criminal operationalization. --------------------------------------------- https://www.bleepingcomputer.com/news/security/the-openclaw-hype-analysis-o… ∗∗∗ Marquis sues SonicWall over backup breach that led to ransomware attack ∗∗∗ --------------------------------------------- Marquis Software Solutions has filed a lawsuit against SonicWall, accusing the cybersecurity company of gross negligence and misrepresentation that allegedly led to a ransomware attack disrupting operations at 74 U.S. banks. --------------------------------------------- https://www.bleepingcomputer.com/news/security/marquis-sues-sonicwall-over-… ∗∗∗ Chinese cyberspies breached dozens of telecom firms, govt agencies ∗∗∗ --------------------------------------------- Googles Threat Intelligence Group (GTIG), Mandiant, and partners disrupted a global espionage campaign attributed to a suspected Chinese threat actor that used SaaS API calls to hide malicious traffic in attacks targeting telecom and government networks. --------------------------------------------- https://www.bleepingcomputer.com/news/security/chinese-cyberspies-breached-… ∗∗∗ UAC-0050 Targets European Financial Institution With Spoofed Domain and RMS Malware ∗∗∗ --------------------------------------------- A Russia-aligned threat actor has been observed targeting a European financial institution as part of a social engineering attack to likely facilitate intelligence gathering or financial theft, signaling a possible expansion of the threat actors targeting beyond Ukraine and into entities supporting the war-torn nation. --------------------------------------------- https://thehackernews.com/2026/02/uac-0050-targets-european-financial.html ∗∗∗ RoguePilot Flaw in GitHub Codespaces Enabled Copilot to Leak GITHUB_TOKEN ∗∗∗ --------------------------------------------- A vulnerability in GitHub Codespaces could have been exploited by bad actors to seize control of repositories by injecting malicious Copilot instructions in a GitHub issue. The artificial intelligence (AI)-driven vulnerability has been codenamed RoguePilot by Orca Security. It has since been patched by Microsoft following responsible disclosure. --------------------------------------------- https://thehackernews.com/2026/02/roguepilot-flaw-in-github-codespaces.html ∗∗∗ Malicious NuGet Packages Stole ASP.NET Data; npm Package Dropped Malware ∗∗∗ --------------------------------------------- Cybersecurity researchers have discovered four malicious NuGet packages that are designed to target ASP.NET web application developers to steal sensitive data. The campaign, discovered by Socket, exfiltrates ASP.NET Identity data, including user accounts, role assignments, and permission mappings, as well as manipulates authorization rules to create persistent backdoors in victim applications. --------------------------------------------- https://thehackernews.com/2026/02/malicious-nuget-packages-stole-aspnet.html ∗∗∗ Spyware kann Kamera- und Mikrofonanzeige beim iPhone abdrehen ∗∗∗ --------------------------------------------- Eigentlich sollte man bei jeder iOS-App sehen können, dass Kamera- oder Mikrofonaufzeichnung laufen. Predator, ein Spionageprogramm, hackt diese aber. --------------------------------------------- https://www.heise.de/news/Spyware-kann-Kamera-und-Mikrofonanzeige-beim-iPho… ∗∗∗ Best Western Hotels warnt vor Phishing-Attacken ∗∗∗ --------------------------------------------- Betrüger haben offenbar Zugang zu aktuellen Buchungsdaten von Best Western Hotels. Das Unternehmen warnt vor einer Phishingwelle. --------------------------------------------- https://www.heise.de/news/Best-Western-Hotels-warnt-vor-Phishing-Attacken-1… ∗∗∗ Der Cloudspeicher ist voll?! Was sich wirklich hinter den Warnungen verbirgt ∗∗∗ --------------------------------------------- Wenn dubiose E-Mails und hartnäckige PopUp-Fenster vor einem vollen Cloudspeicher warnen, ist allerhöchste Vorsicht angebracht. Während in manchen Fällen real existierende Softwareanbieter ein kostspieliges Abo unter die Leute bringen wollen, verstecken sich hinter anderen Varianten Kriminelle, die es auf die Kontodaten ihrer Opfer abgesehen haben. --------------------------------------------- https://www.watchlist-internet.at/news/cloudspeicher-ist-voll/ ∗∗∗ Phishing operation with links to Russia, Armenia compromised Western cargo companies, researchers find ∗∗∗ --------------------------------------------- Over a five-month period, the group, dubbed Diesel Vortex, stole more than 1,600 login credentials from accounts at logistics platforms, which allowed thieves to intercept and divert freight shipments and commit check fraud. --------------------------------------------- https://therecord.media/phishing-operation-russia-armenia-targeting-us-euro… ∗∗∗ Caught in the Hook: RCE and API Token Exfiltration Through Claude Code Project Files | CVE-2025-59536 | CVE-2026-21852 ∗∗∗ --------------------------------------------- Check Point Research has discovered critical vulnerabilities in Anthropic’s Claude Code that allow attackers to achieve remote code execution and steal API credentials through malicious project configurations. The vulnerabilities exploit various configuration mechanisms including Hooks, Model Context Protocol (MCP) servers, and environment variables -executing arbitrary shell commands and exfiltrating Anthropic API keys when users clone and open untrusted repositories. --------------------------------------------- https://research.checkpoint.com/2026/rce-and-api-token-exfiltration-through… ∗∗∗ 2026 GreyNoise State of the Edge Report: Where Attacks Concentrate and Defenses Fall Short ∗∗∗ --------------------------------------------- GreyNoise analyzed 2.97 billion malicious sessions over 162 days — and the patterns challenge assumptions about where edge defenses are strongest. From VPN targeting to infrastructure concentration to attackers rapidly rotating through fresh IPs, new research quantifies where the gaps are and what to do about it. Read the full findings. --------------------------------------------- https://www.greynoise.io/blog/2026-greynoise-state-of-the-edge-report-where… ∗∗∗ Unmasking Agent Tesla: A Deep Dive into a Multi-Stage Campaign ∗∗∗ --------------------------------------------- Agent Tesla remains one of the most persistent threats in the cyber landscape today. It allows even low-skilled threat actors to harvest sensitive data through a highly sophisticated delivery pipeline. This research blog breaks down a recent multi-stage infection chain that utilizes a blend of phishing, obfuscated and encrypted scripts, and advanced in-memory execution and evasion techniques. --------------------------------------------- https://www.fortinet.com/blog/threat-research/unmasking-agent-tesla-deep-di… ∗∗∗ CVE-2025-59201 - Network Connection Status Indicator (NCSI) EoP ∗∗∗ --------------------------------------------- It’s been a while since I last dug into a Patch Tuesday release. With an extraordinarily high number of 177 CVEs, including 6 that were either already public or exploited in the wild, the October 2025 one seemed like a good opportunity to get back at it. The one I ended up investigating in depth was CVE-2025-59201, an elevation of privilege in the “Network Connection Status Indicator”. --------------------------------------------- https://itm4n.github.io/cve-2025-59201-ncsi-eop/ ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco Catalyst SD-WAN Vulnerabilities ∗∗∗ --------------------------------------------- Multiple vulnerabilities in Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an attacker to access an affected system, elevate privileges to root, gain access to sensitive information, and overwrite arbitrary files. For more information about these vulnerabilities, see the Details section of this advisory. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at --------------------------------------------- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdviso… ∗∗∗ CISA and Partners Release Guidance for Ongoing Global Exploitation of Cisco SD-WAN Systems ∗∗∗ --------------------------------------------- The purpose of this Alert is to provide resources for organizations with Cisco Software-Defined Wide-Area Networking (SD-WAN) systems, including Federal Civilian Executive Branch (FCEB) agencies, to address ongoing exploitation of multiple vulnerabilities. Notably, the Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-20127 and CVE-2022-20775 to its Known Exploited Vulnerabilities (KEV) Catalog on Feb. 25, 2026. --------------------------------------------- https://www.cisa.gov/news-events/alerts/2026/02/25/cisa-and-partners-releas… ∗∗∗ Zyxel warns of critical RCE flaw affecting over a dozen routers ∗∗∗ --------------------------------------------- Taiwan networking provider Zyxel has released security updates to address a critical vulnerability affecting over a dozen router models that can allow unauthenticated attackers to gain remote command execution on unpatched devices. --------------------------------------------- https://www.bleepingcomputer.com/news/security/zyxel-warns-of-critical-rce-… ∗∗∗ Schadcode-Lücken in Dell Repository Manager, Wyse Management Suite geschlossen ∗∗∗ --------------------------------------------- Dells Fernwartungstools Repository Manager und Wyse Management Suite sind verwundbar. Sicherheitsupdates schließen mehrere Lücken. --------------------------------------------- https://www.heise.de/news/Schadcode-Luecken-in-Dell-Repository-Manager-Wyse… ∗∗∗ Drupal UI Icons - Critical - Cross-site Scripting - SA-CONTRIB-2026-010 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-contrib-2026-010 ∗∗∗ LWN: Security updates for Wednesday ∗∗∗ --------------------------------------------- https://lwn.net/Articles/1060185/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/mailman3/postorius/lists/daily.lists.cert.at/

1 0

Tageszusammenfassung - 24.02.2026
by Daily end-of-shift report 24 Feb '26

24 Feb '26

===================== = End-of-Day report = ===================== Timeframe: Montag 23-02-2026 18:00 − Dienstag 24-02-2026 18:00 Handler: Guenes Holler Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Disovery is not the bottleneck! ∗∗∗ --------------------------------------------- There is a seductive logic to the current surge of optimism around AI-supported vulnerability discovery - a logic that is entirely based on a fundamental misunderstanding of the situation at hand. --------------------------------------------- https://bytesandborscht.com/disovery-is-not-the-bottleneck/ ∗∗∗ Microsoft beendet Unterstützung für Windows-Versionen aus 2016 ∗∗∗ --------------------------------------------- Windows-Versionen aus 2016 erhalten in Kürze keinen Support mehr. Erweiterte Sicherheits-Updates (ESU) sind jedoch in Planung. --------------------------------------------- https://www.heise.de/news/Microsoft-beendet-Unterstuetzung-fuer-Windows-Ver… ∗∗∗ FinanzOnline-Phishing: Krypto- und Unternehmensdaten im Visier ∗∗∗ --------------------------------------------- Eine neue Variante des Phishing-Klassikers im Namen des Finanzministeriums macht die Runde. Sie zielt neben klassischen Adress- und Bankdaten auf weitere sensible Informationen ab. Kriminelle wollen alles über mögliche Krypto-Bestände ihrer Opfer erfahren und erkundigen sich zusätzlich nach etwaigen Unternehmensdetails. --------------------------------------------- https://www.watchlist-internet.at/news/finanzonline-phishing-krypto-unterne… ===================== = Vulnerabilities = ===================== ∗∗∗ 40 Sicherheitslücken in ImageMagick geschlossen ∗∗∗ --------------------------------------------- Die Bildbearbeitungssoftware ImageMagick ist an mehreren Stellen verwundbar. Sicherheitspatches stehen zur Installation bereit. --------------------------------------------- https://heise.de/-11186935 ∗∗∗ Critical SolarWinds Serv-U flaws offer root access to servers ∗∗∗ --------------------------------------------- SolarWinds has released security updates to patch four critical Serv-U remote code execution vulnerabilities that could grant attackers root access to unpatched servers. --------------------------------------------- https://www.bleepingcomputer.com/news/security/critical-solarwinds-serv-u-f… ∗∗∗ LWN Security updates for Tuesday ∗∗∗ --------------------------------------------- https://lwn.net/Articles/1060018/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/mailman3/postorius/lists/daily.lists.cert.at/

1 0

Tageszusammenfassung - 23.02.2026
by Daily end-of-shift report 23 Feb '26

23 Feb '26

===================== = End-of-Day report = ===================== Timeframe: Freitag 20-02-2026 18:00 − Montag 23-02-2026 18:00 Handler: Guenes Holler Co-Handler: Michael Schlagenhaufer ===================== = News = ===================== ∗∗∗ Incident Reporting: EU-Wide Statistics ∗∗∗ --------------------------------------------- At the last CSIRTs Network meeting we got treated to a powerpoint versions of the statistics that ENISA publishes under https://ciras.enisa.europa.eu/ The mathematician inside me was not impressed, and as I’m prone to do, I did not withhold my opinion. This blog post explains why I’m so unhappy with ENISA’s analysis. --------------------------------------------- https://www.cert.at/en/blog/2026/2/incident-reporting-eu-wide-statistics ∗∗∗ Predator spyware hooks iOS SpringBoard to hide mic, camera activity ∗∗∗ --------------------------------------------- US-sanctioned surveillance firm Intellexa developed the Predator commercial spyware and delivered it in attacks that exploited Apple and Chrome zero-day flaws and through 0-click infection mechanisms. [..] The malware does not exploit any iOS vulnerability but leverages previously obtained kernel-level access to hijack system indicators that would otherwise expose its surveillance operation. --------------------------------------------- https://www.bleepingcomputer.com/news/security/predator-spyware-hooks-ios-s… ∗∗∗ Amazon: AI-assisted hacker breached 600 Fortinet firewalls in 5 weeks ∗∗∗ --------------------------------------------- A new report by CJ Moses, CISO of Amazon Integrated Security, says that the hacking campaign occurred between January 11 and February 18, 2026, and did not rely on any exploits to breach Fortinet firewalls. Instead, the threat actor targeted exposed management interfaces and weak credentials that lacked MFA protection, then used AI to help automate access to other devices on the breached network. --------------------------------------------- https://www.bleepingcomputer.com/news/security/amazon-ai-assisted-hacker-br… ∗∗∗ CarGurus: Have I Been Pwned integriert Daten von 12,5 Millionen Kunden ∗∗∗ --------------------------------------------- Have I Been Pwned ist um 12,5 Millionen Einträge von CarGurus-Nutzern und -Nutzerinnen reicher. Die haben ShinyHunters geklaut. [..] Zudem sind Nutzerkonten-IDs enthalten, Daten aus finanziellen Vorprüfungen, Händlerkonten sowie Abo-Informationen. Hunt führt weiter aus, dass auch Namen, Telefonnummern, Anschriften und IP-Adressen sowie der Ausgang von Finanzierungsanfragen betroffen sind. --------------------------------------------- https://www.heise.de/news/CarGurus-ShinyHunters-kopieren-Datensaetze-von-12… ∗∗∗ ‘Starkiller’ Phishing Service Proxies Real Login Pages, MFA ∗∗∗ --------------------------------------------- Most phishing websites are little more than static copies of login pages for popular online destinations, and they are often quickly taken down by anti-abuse activists and security firms. But a stealthy new phishing-as-a-service offering lets customers sidestep both of these pitfalls: It uses cleverly disguised links to load the target brand’s real website, and then acts as a relay between the victim and the legitimate site — forwarding the victim’s username, password and multi-factor authentication (MFA) code to the legitimate site and returning its responses. --------------------------------------------- https://krebsonsecurity.com/2026/02/starkiller-phishing-service-proxies-rea… ∗∗∗ Hackers Hide Pulsar RAT Inside PNG Images in New NPM Supply Chain Attack ∗∗∗ --------------------------------------------- Cybersecurity researchers at Veracode reveal a typosquatting attack that disguises Pulsar RAT as images to bypass Windows security and antivirus programs. --------------------------------------------- https://hackread.com/hackers-pulsar-rat-png-images-npm-supply-chain-attack/ ∗∗∗ Roundcube Webmail: Angriffe auf Sicherheitslücken laufen ∗∗∗ --------------------------------------------- Die zweite Sicherheitslücke wurde kurz vor Weihnachten bekannt. Sie ermöglicht Cross-Site-Scripting-Angriffe. Die Schwachstelle betrifft die Verarbeitung des „Animate“-Tag in SVG-Dateien. [..] IT-Verantwortliche sollten ihre Systeme absichern, indem sie zumindest auf die fehlerkorrigierten Versionen 1.5.12 und 1.6.12 installieren. --------------------------------------------- https://heise.de/-11185535 ∗∗∗ SANDWORM_MODE: Shai-Hulud-Style npm Worm Hijacks CI Workflows and Poisons AI Toolchains ∗∗∗ --------------------------------------------- An active Shai-Hulud-like supply chain worm campaign spreads via typosquatting and AI toolchain poisoning, across at least 19 malicious npm packages and linked to two npm aliases. The sample retains Shai-Hulud hallmarks and adds GitHub API exfiltration with DNS fallback, hook-based persistence, SSH propagation fallback, MCP server injection with embedded prompt injection targeting AI coding assistants, and LLM API Key harvesting. --------------------------------------------- https://socket.dev/blog/sandworm-mode-npm-worm-ai-toolchain-poisoning ===================== = Vulnerabilities = ===================== ∗∗∗ Pi-hole: Update schließt Sicherheitslücken und liefert mehr Performance ∗∗∗ --------------------------------------------- Zum einen hätten als Admin angemeldete Angreifer eine „Stored HTML-Injection“-Schwachstelle missbrauchen können, um HTML-Code einzuschleusen, der bei der Anzeige der DNS-Eintragstabelle angezeigt wird (CVE-2026-26952, CVSS 5.4, Risiko „mittel“). Zum anderen gelingt dies auch auf der API-Einstellungswebseite (CVE-2026-26953, CVSS 5.4, Risiko „mittel“). --------------------------------------------- https://heise.de/-11185637 ∗∗∗ LWN: Security updates for Monday ∗∗∗ --------------------------------------------- https://lwn.net/Articles/1059864/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/mailman3/postorius/lists/daily.lists.cert.at/

1 0

Tageszusammenfassung - 20.02.2026
by Daily end-of-shift report 20 Feb '26

20 Feb '26

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 19-02-2026 18:00 − Freitag 20-02-2026 18:00 Handler: Guenes Holler Co-Handler: n/a ===================== = News = ===================== ∗∗∗ ClickFix Campaign Abuses Compromised Sites to Deploy MIMICRAT RAT ∗∗∗ --------------------------------------------- Cybersecurity researchers have disclosed details of a new ClickFix campaign that abuses compromised legitimate sites to deliver a previously undocumented remote access trojan (RAT) called MIMICRAT (aka AstarionRAT). --------------------------------------------- https://thehackernews.com/2026/02/clickfix-campaign-abuses-compromised.html ∗∗∗ PromptSpy läutet mit GenAI die Ära der Android-Bedrohungen ein ∗∗∗ --------------------------------------------- ESET-Forscher entdecken PromptSpy, die erste bekannte Android-Malware, die generative KI in ihrem Ausführungsablauf nutzt. --------------------------------------------- https://www.welivesecurity.com/de/eset-research/promptspy-lautet-mit-genai-… ∗∗∗ Windows-Editor: Details zur Markdown-Sicherheitslücke ∗∗∗ --------------------------------------------- Die Patchday-Updates schließen eine Lücke im Windows-Editor, die das Einschleusen von Schadcode erlaubt. Nun gibt es Details zum Leck. --------------------------------------------- https://heise.de/-11183516 ∗∗∗ Crims create fake remote management vendor that actually sells a RAT ∗∗∗ --------------------------------------------- Researchers at Proofpoint late last month uncovered what they describe as a "weird twist" on the growing trend of criminals abusing remote monitoring and management software (RMM) as their preferred attack tools. --------------------------------------------- https://go.theregister.com/feed/www.theregister.com/2026/02/19/rmm_rat_trus… ∗∗∗ VShell and SparkRAT Observed in Exploitation of BeyondTrust Critical Vulnerability (CVE-2026-1731) ∗∗∗ --------------------------------------------- On Feb. 6, 2026, BeyondTrust released a security advisory regarding CVE-2026-1731. BeyondTrust is an identity and access management platform. This specific vulnerability involves a pre-authentication remote code execution (RCE) issue within BeyondTrust remote support software. It could allow attackers to execute operating system commands in the context of the site user, which may lead to system compromise, including unauthorized access, data exfiltration and service disruption. --------------------------------------------- https://unit42.paloaltonetworks.com/beyondtrust-cve-2026-1731/ ===================== = Vulnerabilities = ===================== ∗∗∗ Atlassian-Sicherheitsupdates: Bamboo und Confluence sind verwundbar ∗∗∗ --------------------------------------------- Um zu verhindern, dass Angreifer mehrere Sicherheitslücken in Atlassian Bamboo Data Center and Server, Confluence Data Center and Server sowie Crowd Data Center und Server ausnutzen, sollten Admins die nun verfügbaren Patches umgehend installieren. --------------------------------------------- https://heise.de/-11183534 ∗∗∗ Zahlreiche Kernel-Lücken in Dell PowerProtect Data Manager geschlossen ∗∗∗ --------------------------------------------- Dells Backuplösung PowerProtect Data Manager ist unter anderem für Schadcode-Attacken anfällig. Sicherheitspatches stehen zum Download bereit. --------------------------------------------- https://heise.de/-11184164 ∗∗∗ LWN Security updates for Friday ∗∗∗ --------------------------------------------- https://lwn.net/Articles/1059638/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/mailman3/postorius/lists/daily.lists.cert.at/

1 0

Tageszusammenfassung - 19.02.2026
by Daily end-of-shift report 19 Feb '26

19 Feb '26

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 18-02-2026 18:00 − Donnerstag 19-02-2026 18:00 Handler: Guenes Holler Co-Handler: Felician Fuchs ===================== = News = ===================== ∗∗∗ Lawful access to encrypted data: General Considerations ∗∗∗ --------------------------------------------- Last week, I wrote a blog post on why the problem of lawful access to encrypted data is so tricky, this week I want to continue with a discussion on the general considerations you should keep in mind when thinking about this topic. Important note: I think LE is well aware of these considerations and agrees with most of my conclusions. --------------------------------------------- https://www.cert.at/en/blog/2026/2/lawful-access-to-encrypted-data-general-… ∗∗∗ Hackers target Microsoft Entra accounts in device code vishing attacks ∗∗∗ --------------------------------------------- Threat actors are targeting technology, manufacturing, and financial organizations in campaigns that combine device code phishing and voice phishing (vishing) to abuse the OAuth 2.0 Device Authorization flow and compromise Microsoft Entra accounts. --------------------------------------------- https://www.bleepingcomputer.com/news/security/hackers-target-microsoft-ent… ∗∗∗ How infostealers turn stolen credentials into real identities ∗∗∗ --------------------------------------------- Infostealer dumps increasingly tie stolen credentials to real identities, linking usernames, cookies, and behavior across personal and enterprise accounts. Specops explains how analyzing 90,000 dumps shows reuse fuels enterprise risk and how continuous AD scanning disrupts that cycle. --------------------------------------------- https://www.bleepingcomputer.com/news/security/how-infostealers-turn-stolen… ∗∗∗ Arkanix Stealer: a C++ & Python infostealer ∗∗∗ --------------------------------------------- Kaspersky researchers analyze a C++ and Python stealer dubbed "Arkanix Stealer", which was active for several months, targeted wide range of data, was distributed as MaaS and offered referral program to its partners. --------------------------------------------- https://securelist.com/arkanix-stealer/119006/ ∗∗∗ Frankreich: Angreifer griffen auf Daten von 1,2 Millionen Bankkonten zu ∗∗∗ --------------------------------------------- In Frankreich haben sich Angreifer Zugriff auf eine nationale Datenbank verschafft und Daten zu 1,2 Millionen Bankkonten ausgelesen. --------------------------------------------- https://www.heise.de/news/Frankreich-Angreifer-griffen-auf-Daten-von-1-2-Mi… ∗∗∗ Die Uhr tickt: Frist zur NIS2-Registrierung beim BSI läuft am 6. März 2026 ab ∗∗∗ --------------------------------------------- Der TÜV SÜD warnt, dass in zwei Wochen die Registrierungsfrist beim BSI für NIS2-pflichtige Unternehmen endet. Betroffen sind rund 29.000 deutsche Unternehmen. --------------------------------------------- https://www.heise.de/news/Die-Uhr-tickt-Frist-zur-NIS2-Registrierung-beim-B… ∗∗∗ Betrugsmasche: Falsche „Gemini“-Chatbots verkaufen falschen „Google Coin“ ∗∗∗ --------------------------------------------- Eine neue Betrugsmasche beruht auf angepassten KI-Chatbots. Diese drängen Opfer dazu, wertlose Kryptowährungen zu kaufen. --------------------------------------------- https://www.heise.de/news/Betrugsmasche-Falsche-Gemini-Chatbots-verkaufen-f… ∗∗∗ Kubernetes project issues warning on Ingress NGINX retirement ∗∗∗ --------------------------------------------- The Kubernetes project is urging organizations to migrate away from Ingress NGINX before its retirement in March 2026, with new high-severity CVEs underscoring the urgency. --------------------------------------------- https://securitylabs.datadoghq.com/articles/kubernetes-ingress-nginx-retire… ∗∗∗ Cline CLI npm Package Compromised via Suspected Cache Poisoning Attack ∗∗∗ --------------------------------------------- On February 17, 2026, an unauthorized party used a compromised npm publish token to push cline(a)2.3.0 to the npm registry. Cline is a popular AI coding agent CLI in the developer ecosystem, with around 90,000 weekly downloads from npm. The malicious version contained a modified package.json with an added postinstall script: npm install -g openclaw@latest. --------------------------------------------- https://socket.dev/blog/cline-cli-npm-package-compromised-via-suspected-cac… ===================== = Vulnerabilities = ===================== ∗∗∗ Critical infra Honeywell CCTVs vulnerable to auth bypass flaw ∗∗∗ --------------------------------------------- The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of a critical vulnerability in multiple Honeywell CCTV products that allows unauthorized access to feeds or account hijacking. --------------------------------------------- https://www.bleepingcomputer.com/news/security/critical-infra-honeywell-cct… ∗∗∗ Grandstream GXP1600 VoIP Phones Exposed to Unauthenticated Remote Code Execution ∗∗∗ --------------------------------------------- Cybersecurity researchers have disclosed a critical security flaw in the Grandstream GXP1600 series of VoIP phones that could allow an attacker to seize control of susceptible devices.The vulnerability, tracked as CVE-2026-2329, carries a CVSS score of 9.3 out of a maximum of 10.0. --------------------------------------------- https://thehackernews.com/2026/02/grandstream-gxp1600-voip-phones-exposed.h… ∗∗∗ Nvidia-KI-Tools Megatron Bridge und NeMo Framework als Einfallstor für Angreifer ∗∗∗ --------------------------------------------- Nvidias Entwickler haben unter anderem Schadcode-Schlupflöcher in Megatron Bridge und NeMo Framework geschlossen. --------------------------------------------- https://www.heise.de/news/Nvidia-KI-Tools-Megatron-Bridge-und-NeMo-Framewor… ∗∗∗ Mozilla Firefox Issues Emergency Patch for Heap Buffer Overflow in Firefox v147 ∗∗∗ --------------------------------------------- Mozilla has released an out-of-band security update to address a critical vulnerability affecting its browser. The update, issued as Firefox v147.0.4, resolves a high-impact Heap buffer overflow flaw in the libvpx video codec library. The issue is tracked under CVE-2026-2447 and was identified by security researcher jayjayjazz. --------------------------------------------- https://thecyberexpress.com/firefox-v147-cve-2026-2447/ ∗∗∗ LWN Security updates for Thursday ∗∗∗ --------------------------------------------- https://lwn.net/Articles/1059500/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/mailman3/postorius/lists/daily.lists.cert.at/

1 0

Tageszusammenfassung - 18.02.2026
by Daily end-of-shift report 18 Feb '26

18 Feb '26

===================== = End-of-Day report = ===================== Timeframe: Dienstag 17-02-2026 18:00 − Mittwoch 18-02-2026 18:00 Handler: Guenes Holler Co-Handler: Michael Schlagenhaufer ===================== = News = ===================== ∗∗∗ Data breach at fintech firm Figure affects nearly 1 million accounts ∗∗∗ --------------------------------------------- Hackers have stolen the personal and contact information of nearly 1 million accounts after breaching the systems of Figure Technology Solutions, a self-described blockchain-native financial technology company. --------------------------------------------- https://www.bleepingcomputer.com/news/security/data-breach-at-fintech-firm-… ∗∗∗ Microsoft: Anti-phishing rules mistakenly blocked emails, Teams messages ∗∗∗ --------------------------------------------- Microsoft says an Exchange Online issue that mistakenly quarantined legitimate emails last week was triggered by faulty heuristic detection rules designed to block credential phishing campaigns. --------------------------------------------- https://www.bleepingcomputer.com/news/microsoft/microsoft-anti-phishing-rul… ∗∗∗ "Keine alltägliche Dimension": AWS kann DDoS-Attacke auf die Bahn nicht abfangen ∗∗∗ --------------------------------------------- Einen Tag lang ist es Hackern gelungen, den DB Navigator und bahn.de lahmzulegen. Die geschäftskritischen Systeme liegen bei Amazon Web Services. --------------------------------------------- https://www.golem.de/news/die-groessere-kante-aws-kann-ddos-attacke-auf-die… ∗∗∗ Researchers Show Copilot and Grok Can Be Abused as Malware C2 Proxies ∗∗∗ --------------------------------------------- Cybersecurity researchers have disclosed that artificial intelligence (AI) assistants that support web browsing or URL fetching capabilities can be turned into stealthy command-and-control (C2) relays, a technique that could allow attackers to blend into legitimate enterprise communications and evade detection. --------------------------------------------- https://thehackernews.com/2026/02/researchers-show-copilot-and-grok-can.html ∗∗∗ Your AI-generated password isnt random, it just looks that way ∗∗∗ --------------------------------------------- Seemingly complex strings are actually highly predictable, crackable within hours Generative AI tools are surprisingly poor at suggesting strong passwords, experts say. --------------------------------------------- https://www.theregister.com/2026/02/18/generating_passwords_with_llms/ ∗∗∗ Red Vulns Rising: Examining Chinese National Vulnerability Databases ∗∗∗ --------------------------------------------- Learn how the Chinese vulnerability databases (CNVD and CNNVD) compare to CVE, including early disclosures, policy shifts, and data quality differences. --------------------------------------------- https://www.bitsight.com/blog/chinese-vulnerability-database-analysis-cnvd-… ===================== = Vulnerabilities = ===================== ∗∗∗ Flaws in popular VSCode extensions expose developers to attacks ∗∗∗ --------------------------------------------- Vulnerabilities with high to critical severity ratings affecting popular Visual Studio Code (VSCode) extensions collectively downloaded more than 128 million times could be exploited to steal local files and execute code remotely. --------------------------------------------- https://www.bleepingcomputer.com/news/security/flaws-in-popular-vscode-exte… ∗∗∗ Notepad++ Fixes Hijacked Update Mechanism Used to Deliver Targeted Malware ∗∗∗ --------------------------------------------- Notepad++ has released a security fix to plug gaps that were exploited by an advanced threat actor from China to hijack the software update mechanism to selectively deliver malware to targets of interest. --------------------------------------------- https://thehackernews.com/2026/02/notepad-fixes-hijacked-update-mechanism.h… ∗∗∗ Microsoft warnt vor kritischer Rechteausweitungslücke in Windows Admin Center ∗∗∗ --------------------------------------------- Im Windows Admin Center können Angreifer ihre Rechte ausweiten. Microsoft stuft das als kritisch ein und rät Admins zum Aktualisieren. --------------------------------------------- https://www.heise.de/news/Microsoft-warnt-vor-kritischer-Rechteausweitungsl… ∗∗∗ From BRICKSTORM to GRIMBOLT: UNC6201 Exploiting a Dell RecoverPoint for Virtual Machines Zero-Day ∗∗∗ --------------------------------------------- Mandiant and Google Threat Intelligence Group (GTIG) have identified the zero-day exploitation of a high-risk vulnerability in Dell RecoverPoint for Virtual Machines, tracked as CVE-2026-22769, with a CVSSv3.0 score of 10.0. --------------------------------------------- https://cloud.google.com/blog/topics/threat-intelligence/unc6201-exploiting… ∗∗∗ Multiple Security-Updates for Splunk DB Connect - February 2026 ∗∗∗ --------------------------------------------- https://advisory.splunk.com ∗∗∗ [R2] Stand-alone Security Patches Available for Tenable Security Center versions 6.5.1, 6.6.0 and 6.7.2: SC-202602.1 + SC-202602.2 ∗∗∗ --------------------------------------------- https://www.tenable.com/security/tns-2026-06 ∗∗∗ LWN Security updates for Wednesday ∗∗∗ --------------------------------------------- https://lwn.net/Articles/1059333/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/mailman3/postorius/lists/daily.lists.cert.at/

1 0

Tageszusammenfassung - 17.02.2026
by Daily end-of-shift report 17 Feb '26

17 Feb '26

===================== = End-of-Day report = ===================== Timeframe: Montag 16-02-2026 18:00 − Dienstag 17-02-2026 18:00 Handler: Michael Schlagenhaufer Co-Handler: Guenes Holler ===================== = News = ===================== ∗∗∗ Divide and conquer: how the new Keenadu backdoor exposed links between major Android botnets ∗∗∗ --------------------------------------------- Kaspersky experts have uncovered Keenadu, a sophisticated new backdoor targeting tablet firmware as well as system-level and Google Play apps. They also revealed connections between the worlds most prolific Android botnets. --------------------------------------------- https://securelist.com/keenadu-android-backdoor/118913/ ∗∗∗ IT-Sicherheitsbehörde CISA im Notbetrieb ∗∗∗ --------------------------------------------- Die zum Wochenende ausgelaufene Finanzierung des DHS betrifft auch die IT-Sicherheitsbehörde CISA. Diese befindet sich nun im Notbetrieb. --------------------------------------------- https://www.heise.de/news/IT-Sicherheitsbehoerde-CISA-im-Notbetrieb-1117913… ∗∗∗ Sicherheitsbedenken: EU-Parlament deaktiviert KI-Tools auf Diensthandys ∗∗∗ --------------------------------------------- EU-Abgeordnete und ihre Angestellte können auf dienstlichen Smartphones und Tablets keine KI-Funktionen mehr nutzen. Man wisse zu wenig zur Datensicherheit. --------------------------------------------- https://heise.de/-11179064 ∗∗∗ Passwortmanager bieten weniger Schutz als versprochen ∗∗∗ --------------------------------------------- Forschende der ETH Zürich haben bei drei populären, cloudbasierten Passwortmanagern gravierende Sicherheitslücken entdeckt. In Tests konnten sie gespeicherte Passwörter einsehen und sogar verändern. --------------------------------------------- https://ethz.ch/de/news-und-veranstaltungen/eth-news/news/2026/02/passwortm… ===================== = Vulnerabilities = ===================== ∗∗∗ Mehr als 60 Sicherheitsprobleme in KI-Assistent OpenClaw gelöst ∗∗∗ --------------------------------------------- Angreifer können im Kontext von OpenClaw unter anderem Schadcode auf Systeme schieben und ausführen. Sicherheitspatches sind verfügbar. --------------------------------------------- https://heise.de/-11179150 ∗∗∗ CleanTalk WordPress Plugin Vulnerability Puts 200,000 Sites at Risk ∗∗∗ --------------------------------------------- A WordPress plugin vulnerability has placed as many as 200,000 websites at potential risk, following the disclosure of a severe flaw in the CleanTalk Anti-Spam plugin. The issue, tracked as CVE-2026-1490, carries a CVSS severity rating of 9.8 out of 10 and could allow unauthenticated attackers to install arbitrary plugins, opening the door to remote code execution under certain conditions. --------------------------------------------- https://thecyberexpress.com/cleantalk-cve-2026-1490/ ∗∗∗ LWN Security updates for Tuesday ∗∗∗ --------------------------------------------- https://lwn.net/Articles/1059176/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/mailman3/postorius/lists/daily.lists.cert.at/

1 0

Tageszusammenfassung - 16.02.2026
by Daily end-of-shift report 16 Feb '26

16 Feb '26

===================== = End-of-Day report = ===================== Timeframe: Freitag 13-02-2026 18:00 − Montag 16-02-2026 18:00 Handler: Alexander Riepl Co-Handler: Guenes Holler ===================== = News = ===================== ∗∗∗ Pastebin comments push ClickFix JavaScript attack to hijack crypto swaps ∗∗∗ --------------------------------------------- Threat actors are abusing Pastebin comments to distribute a new ClickFix-style attack that tricks cryptocurrency users into executing malicious JavaScript in their browser, allowing attackers to hijack Bitcoin swap transactions and redirect funds to attacker-controlled wallets. --------------------------------------------- https://www.bleepingcomputer.com/news/security/pastebin-comments-push-click… ∗∗∗ Romo: DJI-Staubsaugerroboter gehackt ∗∗∗ --------------------------------------------- Eine Sicherheitslücke im DJI Romo Saugroboter erlaubte den Zugriff auf rund 7.000 Geräte weltweit - inklusive Live-Kameras und Wohnungsgrundrissen. --------------------------------------------- https://www.golem.de/news/romo-dji-staubsaugerroboter-gehackt-2602-205411.h… ∗∗∗ Gefälschte E-Mail zur Kryptomeldepflicht: Neue Betrugsmasche im Umlauf ∗∗∗ --------------------------------------------- In zahlreichen Postfächern taucht derzeit eine E-Mail auf, die angeblich vom Bundesministerium für Finanzen stammt und eine „dringende Meldepflicht“ für Kryptovermögen ankündigt. Selbst Personen ohne Kryptowährungen sollen demnach ein Formular ausfüllen. Die Nachricht wirkt seriös, ist aber eine gut gemachte Phishing-Falle. --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-e-mail-zur-kryptomeldepf… ∗∗∗ Phishing on the Edge of the Web and Mobile Using QR Codes ∗∗∗ --------------------------------------------- We discuss the extensive use of malicious QR codes using URL shorteners, in-app deep links and direct APK downloads to bypass mobile security.The post Phishing on the Edge of the Web and Mobile Using QR Codes appeared first on Unit 42. --------------------------------------------- https://unit42.paloaltonetworks.com/qr-codes-as-attack-vector/ ===================== = Vulnerabilities = ===================== ∗∗∗ Sicherheitslücke im Browser: Attacken auf Chrome-Nutzer beobachtet ∗∗∗ --------------------------------------------- Eine gefährliche Sicherheitslücke lässt Angreifer Schadcode in Chrome einschleusen. Es reicht der Besuch einer speziell gestalteten Webseite. --------------------------------------------- https://www.golem.de/news/sicherheitsluecke-im-browser-attacken-auf-chrome-… ∗∗∗ ClickFix-Attacken nutzen Schadcode in DNS-Antworten ∗∗∗ --------------------------------------------- Microsoft hat eine neue Variante der Malware-Verteilung in ClickFix-Angriffen entdeckt. Die Angreifer liefern Schadcode mittels DNS aus. --------------------------------------------- https://www.heise.de/news/ClickFix-Attacken-nutzen-Schadcode-in-DNS-Antwort… ∗∗∗ LWN Security updates for Monday ∗∗∗ --------------------------------------------- https://lwn.net/Articles/1058989/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/mailman3/postorius/lists/daily.lists.cert.at/

1 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily February 2026