Threat intel

• Active exploitation of Cisco Catalyst SD-WAN by UAT-8616 Cisco Talos is tracking the active exploitation ofCVE-2026-20127, a vulnerability in Cisco Catalyst SD-WAN Controller, fo

• Developer creates app to detect nearby smart glasses An independent developer, moved after reading about the abuse ofsmart glassesto film people without their consent, decided to

• Exposing the Undercurrent: Disrupting the GRIDTIDE Global Cyber Espionage Campaign Google Threat Intelligence Group Mandiant Google Threat Intelligence Visibility and context on

• By Aviv Donenfeld and Oded Vanunu Check Point Research has discovered critical vulnerabilities in Anthropic’s Claude Code that allow attackers to achieve remote code execution an

• mquire: Linux memory forensics without external dependencies If you’ve ever done Linux memory forensics, you know the frustration: without debug symbols that match the exact kern

• Advisory Details claude-hovercraft executeClaudeCode Command Injection Remote Code Execution Vulnerability ZDI-26-124ZDI-CAN-27785 This vulnerability allows remote attackers to e

• Advisory Details (Pwn2Own) Ubiquiti Networks AI Pro Cleartext Transmission Information Disclosure Vulnerability ZDI-26-127ZDI-CAN-28474 This vulnerability allows network-adjacent

• Advisory Details (Pwn2Own) Ubiquiti Networks AI Pro Uncaught Exception Denial-of-Service Vulnerability ZDI-26-128ZDI-CAN-28824 This vulnerability allows network-adjacent attacker

• CVE ID | CVE-2026-2491 | CVSS SCORE | 6 • 3, AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L | AFFECTED VENDORS | Socomec | AFFECTED PRODUCTS | DIRIS A-40 | VULNERABILITY DETAILS | This vuln

• Advisory Details IceWarp collaboration Directory Traversal Information Disclosure Vulnerability ZDI-26-130ZDI-CAN-25440 This vulnerability allows remote attackers to disclose sen

• Advisory Details Siemens SINEC NMS Uncontrolled Search Path Element Local Privilege Escalation Vulnerability ZDI-26-132ZDI-CAN-28108 This vulnerability allows local attackers to

• Reddit, porn sites fined by UK regulators over children’s safety and privacy The UK’s online safety and privacy regulators are targeting companies that violate new age verificati

• Roblox gives predators ‘powerful tools’ to target children, says LA County Los Angeles County has sued online gaming company Roblox, adding to a series of suits that accuse the v

• Fake Zoom meeting ‘update’ silently installs rogue version of monitoring tool abused by cybercriminals to spy on victims UPDATE (February 25, 2026): Teramind has stated that it i

• Fake Zoom meeting ‘update’ silently installs surveillance software A fake Zoom meeting website is silently pushing surveillance software onto Windows machines. • Visitors land on

• Refund scam impersonates Avast to harvest credit card details A fraudulent website dressed in Avast’s brand is tricking French-speaking users into handing over their full credit

• OpenClaw: What is it and can you use it safely? • An AI tool with a funny name has caused quite a commotion as of late-including some allegations ofmachine consciousness-so here

• Check Point Research (CPR) continuously tracks threats, following the clues that lead to major players and incidents in the threat landscape. • Whether it’s high-end financially-

• Password managers keep your passwords safe, unless… I’m a big advocate of password managers. • Granted, there are better alternatives for passwords likepasskeys, but if a provi

• A convincing lookalike of the popular Huorong Security antivirus has been used to deliver ValleyRAT, a sophisticated Remote Access Trojan (RAT) built on the Winos4.0 framework, t

• A week in security (February 16 - February 22) Last week on Malwarebytes Labs: Age verification vendor Persona left frontend exposed, researchers say Facebook ads spread fake Win

• Advisory Details Docker Desktop MCP Server Cleartext Storage of Sensitive Information Vulnerability ZDI-26-123ZDI-CAN-27562 This vulnerability allows local attackers to disclose

• What can’t you say on TikTok? • This week on the Lock and Code podcast… A funny thing happened on TikTok last month, and it has brought allegations of censorship, manipulation,

• Actively Exploited Zero-Day Vulnerability in Windows Remote Desktop CVE-2026-21533 is an Important elevation of privilege vulnerability affecting Windows Remote Desktop Services

• FeaturedIntroducing ‘AI Unlocked: Decoding Prompt Injection,’ a New Interactive ChallengeFeb 18, 2026Exposing Insider Threats through Data Protection, Identity, and HR ContextFeb

• Using threat modeling and prompt injection to audit Comet Before launching their Comet browser, Perplexity hired us to test the security of their AI-powered browsing features. •

• Discord partners with Persona for age verification, requiring facial scans before full platform access. • Researchers uncovered a publicly exposed Persona frontend on a US govern

• Age verification vendor Persona left frontend exposed, researchers say Researchers investigating Discord’s age-verification checkssay they discoveredan exposed frontend belonging

• Facebook ads spread fake Windows 11 downloads that steal passwords and crypto wallets Attackers are running paid Facebook ads that look like official Microsoft promotions, then d

• CVE-2026-20841: Arbitrary Code Execution in the Windows Notepad In this excerpt of a TrendAI Research Services vulnerability report, Nikolai Skliarenko and Yazhi Wang of the Tren

• Using AI to defeat AI Welcome to this week’s edition of the Threat Source newsletter. • Generative AI and agentic AI are here to stay. • Although I believe that the advantages th

• AI-generated passwords are a security risk Using Artificial Intelligence (AI) to generate your passwords is a bad idea. • It’s likely to give that password to a criminal who can

• Intimate products maker Tenga spilled customer data Tenga confirmed reports published by several outlets that the company notified customers of a data breach. • The Japanese manu

• Intimate products producer Tenga spilled customer data Tenga confirmed reports published by several outlets that the company notified customers of a data breach. • The Japanese m

• Meta patents AI that could keep you posting from beyond the grave Tech bros have beenwanting to become immortalfor years. • Until they get there, their fallback might be continui

• Advisory Details Bosch Rexroth IndraWorks Print Settings File Parsing Deserialization Of Untrusted Data Remote Code Execution Vulnerability ZDI-26-110ZDI-CAN-28112 This vulnerabi

• Advisory Details MLflow Use of Default Password Authentication Bypass Vulnerability ZDI-26-111ZDI-CAN-28256 This vulnerability allows remote attackers to bypass authentication on

• Advisory Details Dassault Systèmes eDrawings Viewer EPRT File Parsing Uninitialized Variable Remote Code Execution Vulnerability ZDI-26-112ZDI-CAN-28315 This vulnerability allows

• Advisory Details Dassault Systèmes eDrawings Viewer EPRT File Parsing Memory Corruption Remote Code Execution Vulnerability ZDI-26-113ZDI-CAN-28378 This vulnerability allows remo

• Advisory Details Fortinet FortiClient VPN FCConfig Utility Link Following Local Privilege Escalation Vulnerability ZDI-26-115ZDI-CAN-25710 This vulnerability allows local attacke

• TensorFlow HDF5 library flaw lets local attackers load plugins from unsecured paths. • Exploit requires low‑privilege code execution before escalating to higher privileges. • Vul

• Advisory Details RustDesk Client for Windows Transfer File Link Following Information Disclosure Vulnerability ZDI-26-117ZDI-CAN-27909 This vulnerability allows local attackers t

• Advisory Details GIMP PGM File Parsing Uninitialized Memory Remote Code Execution Vulnerability ZDI-26-118ZDI-CAN-28158 This vulnerability allows remote attackers to execute arbi

• Remote attackers can execute arbitrary code via GIMP ICNS file parsing. • Exploit requires user interaction: opening malicious file or visiting malicious page. • Vulnerability du

• Advisory Details GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-26-121ZDI-CAN-28591 This vulnerability allows remote attackers to execute arbit

• Advisory Details PDF-XChange Editor TrackerUpdate Uncontrolled Search Path Element Local Privilege Escalation Vulnerability ZDI-26-122ZDI-CAN-27788 This vulnerability allows loca

• Betterment data breach might be worse than we thought Betterment LLC is an investment advisor registered with US Securities and Exchange Commission (SEC). • The companydiscloseda

• Job scam uses fake Google Forms site to harvest Google logins As part of our investigation into a job-themed phishing campaign, we came across several suspicious URLs that all lo

• Carelessness versus craftsmanship in cryptography Two popular AES libraries, aes-js and pyaes, ‘helpfully’ provide a default IV in their AES-CTR API, leading to a large number of

• - A Cisco Talos researcher worked around the limitations of hardware-level Code Read-out Protection (RDP) on the Socomec DIRIS M-70 gateway by pivoting from physical debugging to

• Scammers use fake ‘Gemini’ AI chatbot to sell fake ‘Google Coin’ Scammers have found a new use for AI: creating custom chatbots posing as real AI assistants to pressure victims i

• Advisory Details Autodesk AutoCAD CATPART File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-26-106ZDI-CAN-28417 This vulnerability allows remote attackers

• Remote code execution via out-of-bounds write in AutoCAD MODEL file parsing. • Requires user to open malicious file or visit malicious page. • Exploit writes past allocated buffe

• Chrome ‘preloading’ could be leaking your data and causing problems in Browser Guard This article explains why Chrome’s ‘preloading’ feature can cause scary-looking blocks in Mal

• AI is rapidly becoming embedded in day-to-day enterprise workflows, inside browsers, collaboration suites, and developer tooling. • As a result, AI service domains increasingly b

• Scam Guard for desktop: A second set of eyes for suspicious moments Scams aren’t so obvious anymore. • They’re well-written, have working grammar, and can lead victims to very co

• Update Chrome now: Zero-day bug allows code execution via malicious webpages Google hasissueda patch for a high‑severity Chrome zero‑day, tracked asCVE‑2026‑2441, a memory bug in

• Hobby coder accidentally creates vacuum robot army Sammy Azdoufal wanted to steer his robot vacuum with a PS5 controller. • Like any good maker, he thought it would be fun to dri

• FILTER BY YEAR 2026 2025 2024 2023 2022 2021 2020 2019 2018 2017 2016 16th February - Threat Intelligence Report For the latest discoveries in cyber research for the week of 16th

• ClickFix uses fake CAPTCHAs and bogus updates to trick users into executing malicious commands. • Traditional mshta and PowerShell vectors are blocked, so attackers shifted to ns