Hello all,
Just like with a successful cyber-attack, the recovery time for my physical illness has been slow going. At first there seemed to be hope that there would be immediate recovery, but unfortunately the threat actor virus has been causing periodic disruption to my system with general slowdowns, loss of energy, and the need to frequently reboot. If only it was as simple as some cyber recoveries, where you simply wipe and reload from a known good backup. Thankfully, I’m significantly improved, and as usual there’s lots of cyber happenings to report on, so onward.
Headline NEWS:
- Amazon Ring broadcast a heartfelt commercial during the Super Bowl about using Ring cameras as a massive, interconnected surveillance network to help locate missing pets. It only took a beat for critics to question, “If this can track my pet, can it track me? And who has access?” Mere days after rolling this feature out, Amazon backpedaled and canceled a partnership with Flock, which is used primarily by law enforcement agencies for tracking car license plates.
- Apple fixed a zero-day vulnerability that was used in “extremely sophisticated” attacks targeting specific individuals. All Apple users are urged to upgrade their devices to the latest patch releases to fix this arbitrary code execution defect.
- Fortinet patched multiple items this week. FortiOS, FortiOS SSLVPN, FortiSandbox, FortiAuthenticator, and FortiClientEMS all had updates released for them. The FortiClientEMS defect is particularly troubling in that it doesn’t require authentication to achieve arbitrary code execution. All of these are important to address ASAP since threat actors are actively attacking firewalls in vast droves of automated campaigns.
- Microsoft Patch Tuesday plugged 6 zero-day vulnerabilities and 58 flaws. Naturally, the zero-days warrant special notice since they are known to already be under active exploitation. It is difficult to choose which is most severe among the lot, if I had to offer one, I’d say it is the Windows Shell Security Feature Bypass Vulnerability which allows a threat actor to bypass “Mark of the Web” and trick victims into executing malicious downloaded content. As with most Redmond patches lately, your mileage may vary and the cure could be worse than the disease is the patches prove as buggy as some recent ones have been. So be sure you vet on test systems before rolling out to your whole enterprise.
In Ransomware, Malware, and Vulnerabilities News:
- Malicious 7-Zip site distributes installer laced with proxy tool. Some enterprising dirtbag registered 7-zip.com, not the official site, and duplicated the official site’s look and feel. The principal difference is that this site serves up a trojanized version of 7-zip that in addition to installing the decompression/compression software, it loads up a nifty residential proxy to enable the threat actor to use the infected machine’s network to serve as a way for bad guys to anonymously attack others using your device and network.
In Other News Events of Note and Interest:
- Windows 11 26H1 is coming – not for you. In an interesting change in how they are numbering things, Microsoft recently announced that Windows 26H1 is coming soon to brand new ARM PCs, not to regular Windows x86 based systems. For those systems, the most recent version of Windows remains 25H2. Windows 26H1 will not be available for sale apart from a new ARM based PC.
Musings
It used to be fun to shop on the internet. Sadly, the proliferation of evil, and the simplicity with which horrible people can spin up look-alike websites that proffer incredible deals, is now rampant. Even if you shop only at reputable sites such as the big vendors, even they accept third-party sellers that often attempt to take advantage of unsuspecting victims. Yep, it isn’t fun anymore. I guess there’s one silver lining in this. If you’re a brick-and-mortar merchant, you may see a resurgence of business due to this rise of evil online scammerce.
Keep the shields up!
Viscount Jan Broucinek
Red Dot Security News
Headline NEWS
- Amazon no longer working with controversial police tech company after backlash over Ring doorbell Super Bowl ad
- Apple fixes zero-day flaw used in ‘extremely sophisticated’ attacks
- Critical FortiClientEMS Vulnerability Let Attackers Execute Malicious Code Remotely
- Fortinet Patches Critical SQLi Flaw Enabling Unauthenticated Code Execution
- Fortinet Patches High-Severity Vulnerabilities
- Microsoft February 2026 Patch Tuesday fixes 6 zero-days, 58 flaws
Ransomware, Malware, and Vulnerabilities News
- Good News, Government News, and Interesting
- CISA Warns of Notepad++ Code Execution Vulnerability Exploited in Attacks
- CISA flags critical Microsoft SCCM flaw as exploited in attacks
- Men charged in FanDuel scheme fueled by thousands of stolen identities
- UK, US cybercrime cooperation ‘continues’ after Chen Zhi extradition to China
- DPRK Operatives Impersonate Professionals on LinkedIn to Infiltrate Companies
- Vulnerabilities and Exploits
- Apple Fixes Exploited Zero-Day Affecting iOS, macOS, and Apple Devices
- Chrome Security Update – Patch for Vulnerabilities that Enables Code Execution Attacks
- Researchers Observe In-the-Wild Exploitation of BeyondTrust CVSS 9.9 Vulnerability
- Critical BeyondTrust RCE flaw now exploited in attacks, patch now
- Microsoft Store Outlook add-in hijacked to steal 4,000 Microsoft accounts
- Ghost tapping scam targets tap-to-pay credit card users
- Hackers breach SmarterTools network using flaw in its own software
- 83% of Ivanti EPMM Exploits Linked to Single IP on Bulletproof Hosting Infrastructure
- SolarWinds Web Help Desk Exploited for RCE in Multi-Stage Attacks on Exposed Servers
- Hackers exploit SolarWinds WHD flaws to deploy DFIR tool in attacks
- Fallout from latest Ivanti zero-days spreads to nearly 100 victims
- Claude Desktop Extensions 0-Click RCE Vulnerability Exposes 10,000+ Users to Remote Attacks
- Malicious 7-Zip site distributes installer laced with proxy tool
- ZeroDayRAT malware grants full access to Android, iOS devices
- Windows Remote Desktop Services 0-Day Vulnerability Exploited in the Wild to Escalate Privileges
- Windows Shell Security Feature 0-Day Vulnerability Let Attackers Bypass Authentication
- Windows Notepad Vulnerability Allows Attackers to Execute Code Remotely
- Windows Error Reporting Service Vulnerability Let Attackers Elevate Privileges
- Axios Vulnerability Let Attackers Triggers DoS Condition and Crash Node.js Servers
- Claude Desktop Extensions Zero-Click RCE Flaw Exposes Over 10,000 Users to Silent Attacks
- Google: China’s APT31 used Gemini to plan US cyberattacks
- Google Warns of Hackers Leveraging Gemini AI Model for All Stages of Cyberattacks
- Palo Alto Networks Firewall Vulnerability Allows an Attacker to Force Firewalls into a Reboot Loop
- Phishing, Malware, and similar
- Password guessing without AI: How attackers build targeted wordlists
- LummaStealer infections surge after CastleLoader malware campaigns
- Once-hobbled Lumma Stealer is back with lures that are hard to resist
- ‘Digital squatting’ hits new levels as hackers target brand domains
- Over 1,800 Windows Servers Compromised by BADIIS Malware in Large-Scale SEO Poisoning Campaign
- ‘Simple but dangerous’ – Top VPNs targeted by typosquatting as 14% of fake domains found to be malicious
- SSHStalker Botnet Uses IRC C2 to Control Linux Systems via Legacy Kernel Exploits
- Microsoft warns infostealer malware is ‘rapidly expanding beyond traditional Windows-focused campaigns’ and targeting Mac devices
- AMOS infostealer targets macOS through a popular AI app
- When MFA Wasn’t Enough: A Real AiTM Incident Review
- Breaches, Leaks, and Ransomware
- The Ransomware Franchise Wars: How Falling Payments Are Spawning a New Generation of Cybercrime Cartels
- Hacker reveals 6.8 billion emails online and warns victims “your data is public”
- Nearly 17,000 Volvo staff dinged in supplier breach
- ApolloMD Data Breach Impacts 626,000 Individuals
- Conduent data breach affects 25M Americans in cybersecurity incident
- Threat Actor Claims Leak of Cybercrime-Focused AI Platform WormGPT Database
- Flickr emails users about data breach, pins it on 3rd party
- Romania’s oil pipeline operator confirms cyberattack as hackers claim data theft
- Reynolds Ransomware Embeds BYOVD Driver to Disable EDR Security Tools
- Crazy ransomware gang abuses employee monitoring tool in attacks
- Fancy Bear Hackers Exploiting Microsoft Zero-Day Vulnerability to Deploy Backdoors and Email Stealers
- Hackers Deliver Global Group Ransomware Offline via Phishing Emails
- Dutch phone giant Odido says millions of customers affected by data breach
Other News Events of Note and Interest
- Tech group sues to block Utah’s law requiring age verification to download apps
- Discord will require a face scan or ID for full access next month
- Intel’s new Wi-Fi driver for Windows 10 and 11 brings new network features
- Discord will soon require face scans or ID for all users, or restrict access
- Russia orders block on WhatsApp in messaging app crackdown
- US Reportedly Shelves Plan a Ban TP-Link Routers for Now
- Chrome on Windows will let users launch the browser in the foreground at startup
- AI, LLM’s, and Skynet
- You might start seeing ChatGPT ads today
- Apple keeps hitting bumps with its overhauled Siri
- Cyber Pulse: An AI Security Report
- Thoughts on Claude’s Constitution
- Perplexity Comet: A Reversing Story
- An AI Agent Published a Hit Piece on Me
- GPT-5.3-Codex is now generally available for GitHub Copilot
- Anthropic’s Philosopher Amanda Askell Is Teaching Claude AI to Have Morals
- Microsoft AI chief confirms plan to ditch OpenAI
- Microsoft introduces new security tool for IT admins managing AI infrastructure
- Microsoft
- What to know about Windows 11, version 26H1
- “Windows 11 26H1” is a special version of Windows exclusively for new Arm PCs
- Microsoft Publisher: You won’t be able to access Publisher or open files (.pub) in October 2026
- Microsoft’s Windows 95 CD contained a lot of “fun” stuff, here’s how
- Microsoft fixes bug that blocked Google Chrome from launching
- Older Windows 11 PCs need a Secure Boot fix ASAP
- Microsoft rolls out new Secure Boot certificates before June expiration
- Windows Admin Center Architectural Changes
- Microsoft announces new mobile-style Windows security controls
- Microsoft: Exchange Online flags legitimate emails as phishing
- Microsoft confirms Windows 11 no longer triggers unexpected wake-ups or battery drain due to Modern Standby
- Windows 11 update KB5077181 is causing critical boot loops for some users
- Windows 11 KB5077181 & KB5075941 cumulative updates released
- Microsoft releases Windows 10 KB5075912 extended security update
- I tested Windows 11’s secret “Store CLI” that lets you manage Microsoft Store apps via Terminal
- Microsoft: New Windows LNK spoofing issues aren’t vulnerabilities