Vulnerabilities
-
Notepad++ adds double-lock update verification in 8.9.2 after supply-chain compromise
Notepad++ 8.9.2 adds a double-lock update verification that checks a signed installer and a digitally signed update XML. The change follows a six-month compromise that redirected some updates starting in June 2025.
-
Keenadu firmware backdoor found in Android tablets, 13,715 users encountered
Kaspersky’s technical analysis found Keenadu, a firmware backdoor embedded in libandroid_runtime.so on Android tablets. Telemetry shows 13,715 users encountered the malware, which can inject into every app and bypass Android sandboxing.
-
Infostealer exfiltrates OpenClaw configuration, capturing tokens and keys
Researchers found an information stealer exfiltrated OpenClaw configuration files, including gateway tokens, device keys and the agent soul file. The analysis warns this enables remote access and may prompt specialized malware modules for AI agents.
-
Study finds cloud password managers vulnerable to server-side recovery attacks
A technical analysis by ETH Zurich and Universit della Svizzera italiana found that Bitwarden, LastPass, and Dashlane are vulnerable to server-side password recovery attacks, with researchers detailing multiple attack types and vendor mitigations.
-
CISA orders federal agencies to patch BeyondTrust flaw within three days
CISA ordered federal agencies to secure BeyondTrust Remote Support instances by February 16 after CVE-2026-1731 was added to its Known Exploited Vulnerabilities catalog. The flaw allows unauthenticated remote command execution and on-premises patches must be installed manually.
-
Google patches actively exploited Chrome zero-day CVE-2026-2441
Google released Chrome updates to fix CVE-2026-2441, a high severity use after free bug in CSS that is being exploited in the wild. Users should update Chrome to the patched versions to reduce risk.
-
In-the-wild exploitation observed for critical BeyondTrust RCE CVE-2026-1731
Researchers observed overnight exploitation attempts for CVE-2026-1731 targeting BeyondTrust Remote Support and Privileged Remote Access. The flaw is rated CVSS 9.9. Patches are available for affected versions and administrators should apply updates immediately.
-
Abandoned Outlook add-in hijacked to phish about 4,000 Microsoft accounts
An abandoned Outlook add-in listed in Microsoft’s store was hijacked to host phishing pages that stole credentials from about 4,000 users, a technical analysis found. Users should remove the add-in and reset passwords.
-
Critical RCE flaw in WPvivid Backup & Migration affects more than 900,000 installs
A critical RCE vulnerability in the WPvivid Backup & Migration plugin impacts versions up to 0.9.123 and more than 900,000 installs. Upgrade to version 0.9.124 to remediate CVE-2026-1357.
-
30 fake AI Chrome extensions with 300,000 installs steal credentials and email content
Thirty malicious Chrome extensions with more than 300,000 installs posed as AI assistants to steal credentials, Gmail content, and voice transcripts according to a technical analysis by LayerX. Users should remove suspicious extensions and reset passwords if compromised.
