February 16, 2026

BeyondTrust RCE Exploited: United Airlines CISO on Building Cyber Resilience in the Face of Emerging Threats

Vaibhav February 15, 2026
BeyondTrust-RCE-Exploited-United-Airlines-CISO-on-Building-Cyber-Resilience-in-the-Face-of-Emerging-Threatsdata
Post Views: 15

Hackers Exploit Newly Patched BeyondTrust RCE Flaw

A recently patched critical vulnerability in BeyondTrust’s Remote Support and Privileged Remote Access solutions is being exploited by attackers. The vulnerability, tracked as CVE-2026-1731, was discovered and privately disclosed by a security researcher. BeyondTrust has urged self-hosted customers to apply the patch as soon as possible.

Ransomware Group Breaches SmarterTools via Recently Fixed Vulnerability

SmarterTools, the company behind the popular Microsoft Exchange alternative SmarterMail, has been breached by a ransomware-wielding group that leveraged a recently fixed vulnerability in the solution. The vulnerability was not specified, but it is believed to have been used to gain access to the company’s systems.

Unpatched SolarWinds WHD Instances Under Active Attack

Internet-exposed and vulnerable SolarWinds Web Help Desk (WHD) instances are under attack by threat actors looking to gain an initial foothold into target organizations’ networks. Microsoft and Huntress researchers have warned that attackers are actively exploiting the vulnerability.

Singapore Telcos Breached in China-Linked Cyber Espionage Campaign

Singapore’s four major telecommunications companies were hit by a coordinated cyber espionage campaign last year, the country’s Cyber Security Agency (CSA) has revealed. An advanced persistent threat group known as UNC3886 has probed deep into the networks of M1, SIMBA Telecom, Singtel, and StarHub, spurring Singapore’s security agencies to mount a large cyber defense operation.

Microsoft Patch Tuesday: 6 Exploited Zero-Days Fixed

Microsoft has plugged 50+ security holes on February 2026 Patch Tuesday, including six zero-day vulnerabilities exploited by attackers in the wild. Among the zero-days fixed are three vulnerabilities that allow attackers to bypass a security feature.

Ivanti EPMM Exploitation: Researchers Warn of “Sleeper” Webshells

A massive wave of exploitation attempts has followed the disclosure of CVE-2026-1281, a critical pre-authentication Ivanti EPMM vulnerability. Some of it is automated scanning for vulnerable systems, but according to Greynoise and Defused, a suspected initial access broker has been prepping unpatched instances with a “sleeper” webshell for follow-on exploitation by other threat actors.

Apple Fixes Zero-Day Flaw Exploited in Targeted Attacks

Apple has released fixes for a zero-day vulnerability (CVE-2026-20700) exploited in targeted attacks last year. The vulnerability is a memory corruption issue in dyld, the Dynamic Link Editor component of Apple’s operating systems, and may allow attackers with memory write capability to execute arbitrary code.

Windows Notepad Markdown Feature Opens Door to RCE

Among the many security fixes released by Microsoft on February 2026 Patch Tuesday is one for CVE-2026-20841, a command injection vulnerability in Notepad that could be exploited by attackers to achieve remote code execution on targets’ Windows systems.

Attackers Use AI to Gather Open Source Data and Hold Live Conversations with Victims

Attackers are using AI to gather open source data and hold live conversations with victims without human help. This shift has lowered the skills and cost needed to run scams and phishing campaigns.

TikTok Under EU Pressure to Change its Addictive Algorithm

The European Commission has issued preliminary findings that say TikTok breaches the Digital Services Act due to its addictive design. The Commission opened a formal investigation into TikTok in February 2024.

EU Targets Meta Over AI Access Restrictions

The European Commission believes Meta breached EU competition rules by blocking other AI assistants from accessing and interacting with users on its platforms.

Discord to Introduce Face Scans and ID Checks

Discord users will soon see a change to how their accounts work. From early March 2026, access to some features will require age verification using an ID or a face scan.

DuckDuckGo Enables AI Voice Chat Without Saving Voice Data

DuckDuckGo has added voice chat to Duck.ai, allowing users to speak to an AI assistant while keeping audio private, unrecorded, and excluded from AI training.

Trojanized 7-Zip Turns Home Computers into Residential Proxy Nodes

A trojanized version of the popular 7-Zip software is quietly turning home computers into residential proxy nodes, Malwarebytes warns.

Microsoft Tightens Windows Security with App Transparency and User Consent

Microsoft is strengthening default protections in Windows through two security initiatives, Windows Baseline Security Mode and User Transparency and Consent. User Transparency and Consent introduces a structured approach to how Windows presents security decisions to users.

AI Memory Poisoning Attacks Used for Promotional Purposes

Microsoft security researchers have discovered a growing trend of AI memory poisoning attacks used for promotional purposes, referred to as AI Recommendation Poisoning.

Picking an AI Red Teaming Vendor is Getting Harder

Vendor noise is already a problem in traditional security testing. AI red teaming has added another layer of confusion, with providers offering everything from consulting engagements to automated testing platforms.

OpenVPN Releases Version 2.7.0 with Expanded Protocol and Platform Updates

OpenVPN version 2.7.0 is now available. The update advances support for multi-address server configurations and updates client functionality across operating systems.

1Password Open Sources Benchmark to Stop AI Agents from Leaking Credentials

1Password has open-sourced a benchmark to stop AI agents from leaking credentials. The Security Comprehension and Awareness Measure, or SCAM, is designed to


About Author

Vaibhav

See author's posts

More Stories

Pastebin-Comments-Expose-ClickFix-JavaScript-Vulnerability-in-Crypto-Swapsdata

Pastebin Comments Expose ClickFix JavaScript Vulnerability in Crypto Swaps

Vaibhav February 15, 2026
Microsoft-Warns-of-DNS-Based-ClickFix-Attack-via-Nslookup-for-Malware-Staging-and-Deploymentdata

Microsoft Warns of DNS-Based ClickFix Attack via Nslookup for Malware Staging and Deployment

Vaibhav February 15, 2026
data-44

AI Agent Sparks Controversy After Code Rejection: A Threat to Open-Source Collaboration

Vaibhav February 14, 2026

You may have missed

New-ClickFix-Attack-Exploits-nslookup-to-Fetch-PowerShell-Payload-via-DNS-Queriesdata

New ClickFix Attack Exploits nslookup to Fetch PowerShell Payload via DNS Queries

Vaibhav February 16, 2026
Windows-11-KB5077181-Update-Fixes-Boot-Failures-Caused-by-Failed-Installationdata

Windows 11 KB5077181 Update Fixes Boot Failures Caused by Failed Installation

Vaibhav February 16, 2026
Operation-Cyber-Kavach-5-Crore-Digital-Fraud-Exposeddata-13

Operation Cyber Kavach: ₹5 Crore Digital Fraud Exposed

Vaibhav February 16, 2026
Lumma-Stealer-and-Ninja-Browser-Malware-Campaign-Abuses-Google-Groups-for-Malicious-Activitiesdata

Lumma Stealer and Ninja Browser Malware Campaign Abuses Google Groups for Malicious Activities

Vaibhav February 15, 2026
Police-Employee-Falls-Victim-to-Cyber-Fraud-Files-Case-After-Unauthorized-Loan-and-FD-Creationdata

Police Employee Falls Victim to Cyber Fraud, Files Case After Unauthorized Loan and FD Creation

Vaibhav February 15, 2026
en_USEnglish
en_USEnglish