News
-
CRESCENTHARVEST campaign uses deceptive .LNK files to deploy RAT against Iran protest supporters
CRESCENTHARVEST used RAR archives and deceptive .LNK files to deliver a remote access trojan and data stealer to Farsi speaking supporters of Iran protests. It is not known if any infections succeeded.
-
Critical unauthenticated RCE in Grandstream GXP1600 VoIP phones tracked as CVE-2026-2329
Critical unauthenticated buffer overflow in Grandstream GXP1600 VoIP phones CVE-2026-2329 scores 9.3 and allows unauthenticated remote root execution. A vendor firmware update addresses the flaw.
-
DDoS attack disrupts Deutsche Bahn booking and timetable systems
A Deutsche Bahn blog post said a DDoS attack disrupted bahn.de and the DB Navigator app starting about 1545 UTC on 17 February. Services were restored with limitations by about 1300 UTC on 18 February.
-
Critical flaws found in four Visual Studio Code extensions
Researchers disclosed multiple high severity vulnerabilities in four popular Visual Studio Code extensions with more than 125 million installs. Several flaws remain unpatched and one extension was silently fixed by Microsoft in version 0.4.16.
-
China-linked group exploited Dell RecoverPoint zero-day
Researchers found UNC6201 exploiting a hardcoded-password zero-day in Dell RecoverPoint for VMs since mid-2024, enabling root access. A vendor advisory and patch were issued. The campaign shifted from Brickstorm to a stealthier Grimbolt backdoor.
-
Spanish court orders NordVPN and ProtonVPN to block 16 LaLiga piracy sites
A Spanish court ordered NordVPN and ProtonVPN to block 16 websites used to pirate LaLiga matches in Spain. The precautionary measures apply to a dynamic list of IP addresses and were issued inaudita parte without opportunity for appeal.
-
Notepad++ adds double-lock update verification in 8.9.2 after supply-chain compromise
Notepad++ 8.9.2 adds a double-lock update verification that checks a signed installer and a digitally signed update XML. The change follows a six-month compromise that redirected some updates starting in June 2025.
-
Keenadu firmware backdoor found in Android tablets, 13,715 users encountered
Kaspersky’s technical analysis found Keenadu, a firmware backdoor embedded in libandroid_runtime.so on Android tablets. Telemetry shows 13,715 users encountered the malware, which can inject into every app and bypass Android sandboxing.
-
Palo Alto Networks to acquire Koi in deal aimed at agentic AI security
Palo Alto Networks announced plans to buy Koi to address risks from agentic AI. Terms were not disclosed, but a report by Globes said the payment will be about 400 million dollars.
-
Law firm sues Lenovo over alleged bulk transfer of US data to China
A law firm filed a class action accusing Lenovo of exposing 100,000 or more US consumers’ data to Chinese entities via website trackers. The suit seeks class action relief, restitution, disgorgement and statutory damages.
