> EssentialInfoSec

# Archive

Browse past daily curated stories

Feb 21 Feb 20 Feb 18

Wednesday, February 18, 2026

  1. 1
    1
    Schneier on Security threat-intel
    AI Found Twelve New Vulnerabilities in OpenSSL

    AI security researchers discovered 12 new zero-day vulnerabilities in OpenSSL that were unknown to maintainers at disclosure time, all found during fall/winter 2025 using an AI system. Ten vulnerabilities received CVE-2025 identifiers and two received CVE-2026 identifiers in the January 27, 2026 security release. This represents a significant breakthrough in AI-powered vulnerability discovery and demonstrates the potential for automated security research at scale.

  2. 2
    1
    The Hacker News general
    Dell RecoverPoint for VMs Zero-Day CVE-2026-22769 Exploited Since Mid-2024

    China-nexus threat group UNC6201 exploited CVE-2026-22769, a maximum severity (CVSS 10.0) zero-day in Dell RecoverPoint for VMs involving hard-coded credentials, since mid-2024. Google Mandiant and GTIG report the vulnerability went undetected for approximately 18 months before discovery. This highlights the persistence of advanced persistent threat actors and the critical risk of hard-coded credentials in enterprise backup solutions.

  3. 3
    0
    The Hacker News general
    CISA Flags Four Security Flaws Under Active Exploitation in Latest KEV Update

    CISA added four actively exploited vulnerabilities to its KEV catalog, including CVE-2026-2441 (CVSS 8.8), a use-after-free bug in Google Chrome that allows remote heap corruption exploitation. The vulnerability was discovered by security researcher Shaheen Fazim on February 11, 2026, and Google has already released patches. Organizations must prioritize patching Chrome deployments to prevent active exploitation campaigns.

  4. 4
    0
    The Hacker News general
    Notepad++ Fixes Hijacked Update Mechanism Used to Deliver Targeted Malware

    Notepad++ version 8.9.2 implements a 'double lock' design to secure its update mechanism after Chinese threat actors hijacked the software's update process to deliver targeted malware. Maintainer Don Ho describes the new system as 'robust and effectively unexploitable' with enhanced verification processes. This supply chain attack demonstrates how attackers target trusted software update channels to distribute malware selectively to high-value targets.

  5. 5
    0
    BleepingComputer general
    Microsoft says bug causes Copilot to summarize confidential emails

    Microsoft disclosed a Microsoft 365 Copilot bug active since late January that causes the AI assistant to summarize confidential emails, bypassing data loss prevention (DLP) policies organizations use to protect sensitive information. The vulnerability exposes confidential corporate communications through AI summarization features. This represents a significant privacy breach affecting enterprise customers relying on DLP controls to protect sensitive data.

  6. 6
    0
    The Hacker News general
    Keenadu Firmware Backdoor Infects Android Tablets via Signed OTA Updates

    Kaspersky discovered Keenadu, an Android firmware backdoor embedded during the build phase that affects devices from brands including Alldocube. The malware uses signed OTA updates for persistence and can harvest data while remotely controlling device behavior at the firmware level. This supply chain compromise demonstrates sophisticated pre-installation malware targeting Android tablets through compromised firmware build processes.

  7. 7
    0
    The Hacker News general
    Researchers Show Copilot and Grok Can Be Abused as Malware C2 Proxies

    Cybersecurity researchers demonstrated that Microsoft Copilot and xAI Grok can be abused as command-and-control proxies due to their web browsing and URL fetching capabilities. The technique allows attackers to blend malicious traffic into legitimate enterprise AI communications, potentially evading detection systems. This novel attack vector exploits the trusted nature of enterprise AI assistants to establish covert communication channels.

  8. 8
    0
    BleepingComputer general
    Chinese hackers exploiting Dell zero-day flaw since mid-2024

    Chinese state-backed group UNC6201 has been exploiting CVE-2026-22769, a critical Dell RecoverPoint for VMs zero-day with hard-coded credentials, since mid-2024 in attacks that remained undetected for over 18 months. The maximum severity vulnerability (CVSS 10.0) affects Dell's virtual machine recovery platform used in enterprise backup infrastructure. This demonstrates the extended dwell time advanced persistent threats can achieve when exploiting zero-day vulnerabilities in critical infrastructure.

  9. 9
    0
    Dark Reading general
    Poland Energy Survives Attack on Wind, Solar Infrastructure

    Russia-aligned groups conducted wiper attacks against Polish renewable energy infrastructure including wind farms, solar installations, a manufacturer, and a heating/power plant. The attacks targeted Poland's energy sector with destructive malware designed to damage operational technology systems. This represents escalating cyber warfare targeting critical infrastructure, particularly renewable energy systems supporting national power grids.

  10. 10
    0
    The Record threat-intel
    Polish police detain alleged cybercriminal with Phobos ransomware ties

    Polish police arrested a 47-year-old man for alleged involvement with the Phobos ransomware operation, seizing computers and mobile devices containing stolen credentials, credit card numbers, and server access data. The suspect faces up to five years in prison for producing, obtaining and sharing programs used to conduct cyberattacks. This arrest represents continued law enforcement action against ransomware affiliates and their infrastructure.