Author: Andy Stern
-
FortiOS Authentication Bypass Exposes VPN and SSO Deployments
Fortinet disclosed a FortiOS flaw that could allow LDAP authentication bypass for VPN and SSO access. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/fortios-authentication-bypass-exposes-vpn-and-sso-deployments/
-
Billing Services Firm Notifying Medical Lab Patients of Hack
Ransomware Gang Everest Claims It Has Leaked All Stolen Data. A revenue cycle management software firm is notifying an undisclosed number of patients of several medical diagnostic labs that their sensitive information, including diagnoses and treatments, was stolen in a November hack. Ransomware gang Everest Group claims it has leaked all the data. First seen…
-
FortiSandbox XSS Vulnerability Allows Remote Command Execution
Fortinet disclosed an XSS flaw in FortiSandbox that could allow unauthenticated remote command execution. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/fortisandbox-xss-vulnerability-allows-remote-command-execution/
-
Google Helped Us Find Vulnerabilities In Xeon’s TDX Security Feature
Intel said Tuesday that Google’s cloud security team helped the chipmaker identify five vulnerabilities in the most advanced confidential computing feature of its Xeon CPUs. First seen on crn.com Jump to article: www.crn.com/news/security/2026/intel-google-helped-us-find-vulnerabilities-in-xeon-s-tdx-security-feature
-
Malicious 7-Zip site distributes installer laced with proxy tool
A fake 7-Zip website is distributing a trojanized installer of the popular archiving tool that turns the user’s computer into a residential proxy node. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/malicious-7-zip-site-distributes-installer-laced-with-proxy-tool/
-
Microsoft releases Windows 10 KB5075912 extended security update
Microsoft has released the Windows 10 KB5075912 extended security update to fix February 2026 Patch Tuesday vulnerabilities, including six zero-days, and continue rolling out replacements for expiring Secure Boot certificates. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-releases-windows-10-kb5075912-extended-security-update/
-
10K Claude Desktop Users Exposed by Zero-Click Vulnerability
A zero-click flaw in Anthropic’s Claude Desktop Extensions allows attackers to trigger remote code execution via Google Calendar events. The post 10K Claude Desktop Users Exposed by Zero-Click Vulnerability appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-claude-desktop-zero-click-vulnerability/
-
Microsoft February 2026 Patch Tuesday fixes 6 zero-days, 58 flaws
Today is Microsoft’s February 2026 Patch Tuesday with security updates for 58 flaws, including 6 actively exploited and three publicly disclosed zero-day vulnerabilities. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-february-2026-patch-tuesday-fixes-6-zero-days-58-flaws/
-
AI agents spill secrets just by previewing malicious links
Zero-click prompt injection can leak data when AI agents meet messaging apps, researchers warn First seen on theregister.com Jump to article: www.theregister.com/2026/02/10/ai_agents_messaging_apps_data_leak/
-
Writing Ransomware Using AI to Get Rich? Don’t Bet the Farm
Attackers that want to use artificial intelligence tools to build ransomware or help run their cyber operations risk getting much less than they bargained for, said security expert Candid Wuest, in part because they’ll still rely on known tactics that can be readily spotted and blocked. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/interviews/writing-ransomware-using-ai-to-get-rich-dont-bet-farm-i-5523
-
Windows 11 KB5077181 & KB5075941 cumulative updates released
Microsoft has released Windows 11 KB5077181 and KB5075941 cumulative updates for versions 25H2/24H2 and 23H2 to fix security vulnerabilities, bugs, and add new features. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/windows-11-kb5077181-and-kb5075941-cumulative-updates-released/
-
Windows 11 KB5077181 & KB5075941 cumulative updates released
Microsoft has released Windows 11 KB5077181 and KB5075941 cumulative updates for versions 25H2/24H2 and 23H2 to fix security vulnerabilities, bugs, and add new features. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/windows-11-kb5077181-and-kb5075941-cumulative-updates-released/
-
Windows’ original Secure Boot certificates expire in June”, here’s what you need to do
Tags: windowsPCs without the new certificates could eventually have trouble booting new OSes. First seen on arstechnica.com Jump to article: arstechnica.com/gadgets/2026/02/microsoft-sounds-the-alarm-about-secure-boot-certificates-expiring-later-this-year/
-
Warum Datensouveränität ohne Sovereign-SASE nicht funktioniert
Tags: cloud‘Wir dachten, wir hätten Souveränität. Tatsächlich hatten wir nur einen Vertrag, in dem Souveränität stand.” Diese Aussage eines europäischen Top-Managers bringt ein zentrales Problem auf den Punkt: Datensouveränität ist kein Vertragsversprechen sie ist eine Architekturfrage. Das Unternehmen hatte konsequent auf Cloud gesetzt und eine etablierte Cloud-Security-Plattform (SSE) eingeführt. Regulatorisch fühlte man sich auf der […]…
-
Messbare WordPress-Performancesteigerung TTFB, Core-Web-Vitals und wo NVMe wirklich hilft
Tags: wordpressWordPress wird nicht einfach ‘langsam”, weil ein Schalter auf ‘falsch” steht. Es sind meist viele kleine Schalter, die zusammenkommen: Datenbankzugriffe, PHP-Ausführungen, Theme-Logik, Third-Party-Skripte, Bilder oder Cache-Ebenen. Wer Performance nachhaltig verbessern will, braucht einen Messrahmen, der vor- und nachher vergleichbar machen lässt. Was Core-Web-Vitals und TTFB tatsächlich messen Core-Web-Vitals (CWV) sind auf Nutzererlebnis optimiert. Meist […]…
-
Windows 11 KB5077181 & KB5075941 cumulative updates released
Microsoft has released Windows 11 KB5077181 and KB5075941 cumulative updates for versions 25H2/24H2 and 23H2 to fix security vulnerabilities, bugs, and add new features. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/windows-11-kb5077181-and-kb5075941-cumulative-updates-released/
-
Picus Red Report 2026 Shows Attackers Favor Stealth Over Disruption
The Picus Red Report 2026 shows attackers shifting from ransomware to stealthy, long-term access techniques. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/picus-red-report-2026-shows-attackers-favor-stealth-over-disruption/
-
Ivanti EPMM exploitation widespread as governments, others targeted
Researchers warn the activity shows evidence of initial access brokers preparing for future attacks. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/ivanti-epmm-exploitation-widespread-as-governments-others-targeted/811827/
-
Microsoft rolls out new Secure Boot certificates before June expiration
Microsoft has begun rolling out updated Secure Boot certificates through monthly Windows updates to replace the original 2011 certificates that will expire in late June 2026. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-rolls-out-new-secure-boot-certificates-before-june-expiration/
-
Volvo Group North America customer data exposed in Conduent hack
Volvo Group North America disclosed that it suffered an indirect data breach stemming from the compromise of IT systems at American business services giant Conduent, of which Volvo is a customer. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/volvo-group-north-america-customer-data-exposed-in-conduent-hack/
-
Ransomware in Großunternehmen Bessere Abwehr, sinkende Kosten aber weiterhin konstanter Druck auf die IT
Ransomware ist nach wie vor eine der größten Sicherheitsherausforderungen für Unternehmen. Das zeigt der aktuelle ‘State of Ransomware in Enterprise 2025″ Report von Sophos, der erstmals gezielt die Erfahrungen großer Organisationen auswertet. Die gute Nachricht: Die Abwehr wird effektiver. Die schlechte: Die Angriffe bleiben hartnäckig und der Druck auf die IT-Teams wächst weiter. Der Report […]…
-
Sophos Studie beleuchtet Ransomware-Erfahrungen in Großunternehmen
Die Ergebnisse basieren auf einer unabhängigen Umfrage unter 3.400 IT- und Cybersicherheitsverantwortlichen in 17 Ländern. Die Studie wurde 2025 vom Forschungsinstitut Vanson Bourne im Auftrag von Sophos durchgeführt. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/sophos-studie-beleuchtet-ransomware-erfahrungen-in-grossunternehmen/a43658/
-
Krypto-Betrug auf Rekordniveau: Sicherheitsrisiken im digitalen Finanzmarkt
Cyberkriminelle agieren höchst professionell und nutzen Automatisierung sowie KI, um Angriffe effizienter und glaubwürdiger zu machen. Sie konnten im Jahr 2025 digitale Vermögenswerte im Wert von geschätzt 17 Milliarden US-Dollar erbeuten First seen on infopoint-security.de Jump to article: www.infopoint-security.de/krypto-betrug-auf-rekordniveau-sicherheitsrisiken-im-digitalen-finanzmarkt/a43653/
-
DPRK Operatives Impersonate Professionals on LinkedIn to Infiltrate Companies
The information technology (IT) workers associated with the Democratic People’s Republic of Korea (DPRK) are now applying to remote positions using real LinkedIn accounts of individuals they’re impersonating, marking a new escalation of the fraudulent scheme.”These profiles often have verified workplace emails and identity badges, which DPRK operatives hope will make their fraudulent First seen…
-
Microsoft prepares to refresh Secure Boot’s digital certificate
Some customers, including in critical infrastructure sectors, will need to manually review their devices’ readiness for the update. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/microsoft-secure-boot-certificate-update/811846/
-
Vega raises $120M Series B to rethink how enterprises detect cyber threats
Vega Security raised $120 million, bringing its valuation to $700 million, in a round led by Accel. The company aims to rethink how enterprises detect cybersecurity threats. First seen on techcrunch.com Jump to article: techcrunch.com/2026/02/10/vega-raises-120m-series-b-to-rethink-how-enterprises-detect-cyber-threats/
-
Singapore says China-backed hackers targeted its four largest phone companies
The Singaporean government said the China-backed hackers gained “limited access to critical systems” run by the country’s top four telecommunication giants, but said they did not disrupt services or steal customers’ data. First seen on techcrunch.com Jump to article: techcrunch.com/2026/02/10/singapore-china-backed-hackers-targeted-largest-phone-companies-salt-typhoon/
-
After major Poland energy grid cyberattack, CISA issues warning to U.S. audience
Tags: attack, cisa, control, cyberattack, cybersecurity, infrastructure, technology, threat, vulnerabilityThe Cybersecurity and Infrastructure Security Agency said the attack highlighted threats from vulnerable edge devices to operational technology and industrial control systems. First seen on cyberscoop.com Jump to article: cyberscoop.com/cisa-warning-russian-cyberattack-poland-power-grid/
-
Polish power grid hack offers lessons for critical infrastructure operators, CISA says
The agency listed several steps businesses could take to prevent similar cyberattacks. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cisa-critical-infrastructure-warning-poland-energy-hack/811819/
-
White House to meet with GOP lawmakers on FISA Section 702 renewal
Tags: unclassified“The president, several of his top advisers, and lawmakers will be participating in a discussion at the White House today about FISA Section 702 renewal,” a senior White House official said. First seen on therecord.media Jump to article: therecord.media/white-house-to-meet-gop-lawmakers-702-renewal-path