Firmware Backdoors: The Hidden Threat to Your Online Security

Post Views: 1

Firmware Backdoors: A Growing Concern in Android Tablets

A recent discovery has shed light on a sophisticated firmware backdoor, known as Keenadu, which has been found in several Android tablet brands and variants. This multi-stage backdoor is embedded into the Android firmware and has strong links to other major Android botnets. Keenadu gains near-total control over every app and its data, hijacking libandroid_runtime.so and injecting into Zygote. The attackers added a malicious static library (libVndxUtils.a) into the firmware build, which was linked into libandroid_runtime.so, allowing Keenadu code to run inside virtually every app process via Zygote injection.

BeyondTrust RCE: Scanners Circling

A new remote code execution (RCE) vulnerability, CVE-2026-1731, has been discovered in BeyondTrust’s software. Attackers are actively scanning for this vulnerability, with a significant spike in probes observed on February 11. The bug is a variant of an earlier BeyondTrust WebSocket RCE (CVE-2024-12356) that was used in the 2024 U.S. Treasury breach. BeyondTrust has auto-patched cloud deployments, but self-hosted customers must manually upgrade to remediate.

Lenovo Vantage: A Reminder of Preinstalled Risks

Lenovo Vantage, a preinstalled software on Lenovo devices, has been found to contain a vulnerability (CVE-2025-13154) that can be exploited to gain admin privileges. This serves as a reminder of the risks associated with preinstalled software and the importance of removing unnecessary components to reduce the attack surface.

Texas Sues TP-Link Over Security Concerns

The state of Texas has sued TP-Link, alleging deceptive marketing and security vulnerabilities in their routers and smart home gear. The suit claims that TP-Link falsely marketed their products as “Made in Vietnam” despite most manufacturing and development being done in China. The company is also accused of knowing about and failing to address numerous firmware vulnerabilities that have been publicly reported for years.

20-Year-Old Munge Vulnerability Still Active

A 20-year-old heap buffer overflow vulnerability (CVE-2026-25506) has been discovered in Munge’s authentication daemon, allowing local attackers to leak the cluster-wide Munge secret and forge tokens for any user across the cluster. This vulnerability affects modern high-performance computing (HPC) systems, which rely on Munge for authentication.

AI Coding Tools: A New Security Risk

AI coding tools, such as those integrating Claude and similar models, have been found to silently accumulate sensitive data, including API keys, tokens, and passwords. This data can be exposed through backups, desktop search, log collectors, and accidental commits to GitHub or cloud storage.

UNC6201 Exploits Dell RecoverPoint Zero-Day

UNC6201, a suspected PRC-nexus cluster, has been exploiting a zero-day vulnerability (CVE-2026-22769) in Dell RecoverPoint for Virtual Machines to gain root access on appliances and pivot into VMware environments. The actor uses custom malware and stealthy network techniques to maintain persistence.

FBI Launches Operation Winter SHIELD

The FBI has launched Operation Winter SHIELD, a nationwide initiative to boost cyber resilience by encouraging public and private sector stakeholders to adopt proactive cybersecurity measures. The operation provides a set of 10 high-impact actions to reduce an organization’s exposure to cyber threats.

Discord Implements Mandatory Age Verification

Discord has voluntarily implemented mandatory age verification, despite a recent data breach. This move aims to protect minors and prevent censorship.

Asia Struggles with Telnet Traffic

Asia has been found to account for about half of all internet addresses that expose Telnet, according to data from the Shadowserver Foundation. This highlights the need for better security practices in the region.

Microsoft Introduces Mobile-Style Windows Security Controls

Microsoft has announced plans to introduce smartphone-style app permission prompts in Windows 11, requesting user consent before apps can access sensitive resources such as files, cameras, and microphones.

Chrome Extensions Found Spying on Users

An automated scanning pipeline has discovered 287 Chrome extensions that exfiltrate browsing history, affecting approximately 37 million users.

AMOS Infostealer Targets macOS

The AMOS infostealer has been found to target macOS users through OpenClaw add-ons, stealing credentials, crypto wallet data, and other sensitive information.

These are just a few of the many cybersecurity threats and vulnerabilities that have been discovered in recent weeks. It is essential for individuals and organizations to stay informed and take proactive measures to protect themselves from these threats.