Alert

Team Cymru’s threat intelligence researchers found an open-source AI tool, CyberStrikeAI, being used to target Fortinet FortiGate devices extensively. According to GitHub, “CyberStrikeAI is an AI-native security testing platform built in Go. It integrates 100+ security tools, an intelligent orchestration engine, role-based testing with predefined security roles, a skills system …

A fake Zoom update scam infected 1,437 Windows users globally in 12 days. Attackers used a fraudulent version of Teramind, a genuine employee monitoring tool, to spy on victims. Microsoft Defender for Endpoint detected the campaign on February 11, 2026. Teramind issued an official statement confirming no ties to the …

Trend Micro fixed two serious vulnerabilities in Apex One that let attackers execute remote code on affected Windows systems. Apex One is an endpoint security platform that identifies and addresses security threats like malware, spyware, and vulnerabilities. The first critical Apex One security flaw patched this week (CVE-2025-71210) is due to …

Cisco has issued urgent updates to fix a critical zero-day (CVE-2026-20127) vulnerability in its Catalyst SD-WAN products. A sophisticated threat actor named UAT-8616 is exploiting this flaw to gain deep access to enterprise networks. An unauthenticated remote attacker can exploit this weakness by sending specific requests to a vulnerable system. …

Broadcom published security advisory VMSA-2026-0001 on February 24, 2026, revealing three vulnerabilities in VMware Aria Operations that may enable attackers to run unauthorized commands remotely. VMware Aria Operations, VMware Cloud Foundation, VMware Telco Cloud Platform, and VMware Telco Cloud Infrastructure have flaws, but patches are now available for all affected …

New vulnerabilities in SolarWinds Serv-U pose serious risks by allowing attackers to gain full control of the system. SolarWinds has revealed four critical Remote Code Execution (RCE) flaws, each with a CVSS score of 9.1. The vulnerabilities in Serv-U 15.5.4 include Broken Access Control, Type Confusion, and Insecure Direct Object …

OWASP has released the Smart Contract Top 10: 2026, a guide to help Web3 developers, security auditors, and protocol owners identify critical vulnerabilities in smart contracts. This edition, part of the OWASP Smart Contract Security initiative, uses security incidents and survey data from 2025 to identify the most impactful risks …

Microsoft has admitted that a coding bug accidentally allowed Copilot Chat to access and summarize confidential emails. Microsoft said that a bug in Microsoft 365 Copilot allowed the AI assistant to access private emails, raising serious privacy issues for companies using the service. Bleeping Computer reports, the flaw bypasses data loss …

A 19 February 2026 FBI FLASH (FLASH-20260219-001) alerts banks and ATM operators about an increase in “jackpotting,” where criminals use malware to steal cash from machines without actual transactions, becoming a widespread issue in the U.S. The alert focuses on Ploutus, an ATM-targeting malware family that abuses eXtensions for Financial …

CISA has ordered government agencies to fix a serious Dell flaw within three days, which has been actively exploited since mid-2024. Mandiant and the Google Threat Intelligence Group report that a vulnerability (CVE-2026-22769) involving hardcoded credentials in Dell’s RecoverPoint is being exploited by a suspected Chinese hacking group named UNC6201. …