Vendors
-
Attackers use device code vishing to take over Microsoft Entra accounts
Threat actors used device code phishing and vishing to abuse the OAuth 2.0 device flow and compromise Microsoft Entra accounts. The attacks use legitimate OAuth client IDs to obtain refresh tokens and access connected SSO applications.
-
Texas sues TP-Link over alleged deceptive labeling and security risks
Texas sued TP-Link, accusing the company of deceptive “Made in Vietnam” labeling and security failures that allowed state-backed hackers to exploit firmware flaws. The suit seeks monetary penalties and injunctions to force disclosure and change data practices.
-
Critical unauthenticated RCE in Grandstream GXP1600 VoIP phones tracked as CVE-2026-2329
Critical unauthenticated buffer overflow in Grandstream GXP1600 VoIP phones CVE-2026-2329 scores 9.3 and allows unauthenticated remote root execution. A vendor firmware update addresses the flaw.
-
DDoS attack disrupts Deutsche Bahn booking and timetable systems
A Deutsche Bahn blog post said a DDoS attack disrupted bahn.de and the DB Navigator app starting about 1545 UTC on 17 February. Services were restored with limitations by about 1300 UTC on 18 February.
-
China-linked group exploited Dell RecoverPoint zero-day
Researchers found UNC6201 exploiting a hardcoded-password zero-day in Dell RecoverPoint for VMs since mid-2024, enabling root access. A vendor advisory and patch were issued. The campaign shifted from Brickstorm to a stealthier Grimbolt backdoor.
-
Notepad++ adds double-lock update verification in 8.9.2 after supply-chain compromise
Notepad++ 8.9.2 adds a double-lock update verification that checks a signed installer and a digitally signed update XML. The change follows a six-month compromise that redirected some updates starting in June 2025.
-
Palo Alto Networks to acquire Koi in deal aimed at agentic AI security
Palo Alto Networks announced plans to buy Koi to address risks from agentic AI. Terms were not disclosed, but a report by Globes said the payment will be about 400 million dollars.
-
Law firm sues Lenovo over alleged bulk transfer of US data to China
A law firm filed a class action accusing Lenovo of exposing 100,000 or more US consumers’ data to Chinese entities via website trackers. The suit seeks class action relief, restitution, disgorgement and statutory damages.
-
SmartLoader campaign trojanized Oura MCP server to deliver StealC infostealer
A SmartLoader campaign trojanized an Oura MCP server to deliver the StealC infostealer using fake GitHub accounts. The trojanized server remains listed on the MCP registry.
-
Developer beta adds end-to-end encryption for RCS in iOS and iPadOS 26.4
The iPhone maker released an iOS and iPadOS 26.4 developer beta that adds end-to-end encryption for RCS messages in testing, limited to the company’s devices, and includes Memory Integrity Enforcement and stolen device protections.
