February 7, 2026

Hello all,

The week started out rather ordinary with the usual level of malevolence and chaos inflicted on the world by cybercriminals, along with the usual proclamations of falling skies due to AI. And then my system got hit with a virus. Yep. Me! It started inconspicuously with processing slowing down a bit, then I noticed the processor was heating up. Then came the outright pauses and sputtering. The worst was when fluid started seeping from around the CPU. Ugh! I caught some sort of virus, but with plenty of bed rest, sleep, and warm fluids my system is slowly recovering. But the news waits for no one, so let’s get to it.

Headline NEWS:

• BeyondTrust Remote Access (formerly Bomgar) has a zero-day vulnerability that enables Remote Code Execution (RCE). What’s worse is that this RCE is pre-authentication, meaning that an unauthenticated attacker can potentially fully compromise a system, gain remote access, and pivot to other systems within the same network. Beyond Trust has patched all cloud-hosted versions, however it is critical that organizations that self-host update to patched versions immediately.
• Cisco Meeting Management vulnerability that can enable a low privilege user to elevate to root. The only thing worse would be if this was unauthenticated. I suggest you don’t wait for a threat actor to reverse engineer the defect and find an even more direct inroad. Upgrade to Cisco Meeting Management release 3.12.1 MR or later as soon as possible.
• CISA flags critical SolarWinds Remote Code Execution defect as actively exploited. That didn’t take long. Last week we alerted to the vulnerability in Web Help Desk that can allow an unauthenticated threat actor access to unpatched devices. On Tuesday CISA gave government agencies three days to update to version 2026.1 or higher. I highly suggest that even if you aren’t a government agency, you do likewise.
• County Pays $600K to Wrongfully Jailed Pen Testers. This story started all that way back in 2019, when two men working for Coalfire were contracted by the state of Iowa’s judicial department to conduct a security audit, including a physical penetration test. Unfortunately, the local Sheriff decided to get into a “mine is bigger than yours” fight with the state and arrested the two because the courthouse they were testing was a county courthouse, not state. After nearly seven years, the two prevailed in court and received a settlement of $600,000.
• Multiple TP-Link OS Command Injection Vulnerabilities Let Attackers Gain Admin Control of the Device. In a headline reminiscent of Tom’s Hardware, which usually wraps to several lines, CyberSecurtyNews.com is reporting that TP-Link’s Archer BE230 WiFi7 routers need to have patches applied to prevent potential elevation of privilege and complete device takeover, “resulting in severe compromise of configuration integrity, network security, and service availability.”

In Ransomware, Malware, and Vulnerabilities News:

• Payments platform BridgePay confirms ransomware attack behind outage. Pretty much all systems have been taken offline, either by the threat actors or by BridgePay as a protective measure. The impact on financial transactions is immense with the company connecting over 30 payment processors, 5 ACH providers and 16 gift and loyalty companies, providing turnkey payment application solutions. Merchants, government entities, point of sale vendors and more are all being forced to ask customers to pay in cash, or via paper check (you remember those right?). Hopefully, BridgePay recovers quickly.

In Other News Events of Note and Interest:

• Windows 11 ends legacy print drivers. “The next system update for Windows 11 could break your printer.” Are you paying attention now? Microsoft rolled out the deprecation of V3 and V4 printer drivers with the January optional update. What that means is that this functionality removal should arrive this coming Tuesday, wreaking havoc for older printers and causing massive support tickets for companies that handle outsourced IT work.
  Edit: I was alerted to the below article by sharp-eyed readers. It appears that printcopalypse isn’t upon us yet.
  No, Windows 11 isn’t killing millions of printers, but it’s ending new V3/V4 drivers on Windows Update

Musings

The spectacle of the Winter Olympic opening ceremony took place in Milan, Italy on Friday. It was a remarkable outpouring of color, dance, and sound. I truly enjoy watching the games, the excellence of the athletes, their dedication, and their sacrifices. With so many countries represented, some of which have hostilities between them, there are bound to be unbelievable amounts of digital attacks happening. Imagine being in charge of the cyber security for this venue! If they pull this off without any major cyber incidents, they deserve a gold medal!

Keep the shields up!

Viscount Jan Broucinek
Red Dot Security News

Headline NEWS

• BeyondTrust (formerly Bomgar) Remote Access Products 0-Day Vulnerability Allows Remote Code Execution
• Cisco Meeting Management Vulnerability Let Remote Attacker Upload Arbitrary Files
• CISA flags critical SolarWinds RCE flaw as exploited in attack
• County Pays $600K to Wrongfully Jailed Pen Testers
• Multiple TP-Link OS Command Injection Vulnerabilities Let Attackers Gain Admin Control of the Device 

Ransomware, Malware, and Vulnerabilities News

• Good News, Government News, and Interesting
• CISA quietly updated ransomware flags on 59 flaws last year
• CISA warns of five-year-old GitLab flaw exploited in attacks
• CISA Warns of VMware ESXi 0-day Vulnerability Exploited in Ransomware Attacks
• CISA warns of SmarterMail RCE flaw used in ransomware attacks
• CISA orders federal agencies to replace end-of-life edge devices
• Booz Allen Tech Contractor Took IRS Job Specifically to Leak Trump’s Tax Records
• Incognito Market founder Rui-Siang Lin sentenced to 30 years in crypto darknet drug marketplace case
• US convicts ex-Google engineer for sending AI tech data to China
• Russian Hacker Alliance Targeting Denmark in Large-Scale Cyberattack
• Nearly 180 Myanmar Workers Rescued in Raid on Cambodian Scam Center
• China executes four more Myanmar mafia members
• China’s Salt Typhoon hackers broke into Norwegian companies
• Chinese organized crime networks moved $16 billion in crypto in 2025, according to report
• Vulnerabilities and Exploits
• Notepad++ Update Servers Hijacked to Redirect Users to Malicious Servers
• Notepad++ supply chain attack: Researchers reveal details, IoCs, targets
• Germany warns of Signal account hijacking targeting senior figures
• New CentOS 9 Vulnerability Lets Attackers Escalate to Root Privileges – PoC Released
• Chrome Vulnerabilities Let Attackers Execute Arbitrary Code and Crash System
• Google Looker Bugs Allow Cross-Tenant RCE, Data Exfil
• F5 Patches Vulnerabilities in BIG-IP, NGINX, and Related Products
• Wave of Citrix NetScaler scans use thousands of residential proxies
• OpenClaw Bug Enables One-Click Remote Code Execution via Malicious Link
• Researchers Find 341 Malicious ClawHub Skills Stealing Data from OpenClaw Users
• 1-Click RCE To Steal Your Moltbot Data and Keys
• The rise of Moltbook suggests viral AI prompts may be the next big security threat
• Fake Clawdbot VS Code Extension Installs ScreenConnect RAT
• AI found 12 of 12 OpenSSL zero-days (while curl cancelled its bug bounty)
• Hackers Exploit Metro4Shell RCE Flaw in React Native CLI npm Package
• Hackers Exploiting React Server Components Vulnerability in the Wild to Deploy Malicious Payloads
• Threat actors hijack web traffic after exploiting React2Shell vulnerability
• Hackers compromise NGINX servers to redirect user traffic
• Ingress-Nginx Vulnerability Allow Attackers to Execute Arbitrary Code
• Critical Django Vulnerabilities Enables DoS and SQL Injection Attack
• Critical n8n flaws disclosed along with public exploits
• Critical n8n Flaw CVE-2026-25049 Enables System Command Execution via Malicious Workflows
• Critical Johnson Controls Products Vulnerabilities Enables Remote SQL Injection Attacks
• Hikvision Wireless Access Points Vulnerability Enables Malicious Command Execution
• New GlassWorm attack targets macOS via compromised OpenVSX extensions
• Docker Fixes Critical Ask Gordon AI Flaw Allowing Code Execution via Image Metadata
• Hackers Exploit SonicWall SSLVPN Credentials to Deploy EDR Killer and Bypass Security
• Hackers Leveraging Windows Screensaver to Deploy RMM Tools and Gain Remote Access to Systems
• Phishing, Malware, and similar
• Deepfake fraud taking place on an industrial scale, study finds
• CTM360 Research Reveals 30,000+ Fake Online Shops Impersonating Fashion Brands
• How fake party invitations are being used to install remote access tools
• Hackers Recruit Unhappy Insiders to Bypass Data Security
• APT28 Uses Microsoft Office CVE-2026-21509 in Espionage-Focused Malware Attacks
• Russia-linked attackers abuse new Microsoft Office zero-day
• New Stealthy Fileless Linux Malware ‘ShadowHS’ Emphasizes Automated Propagation
• DEAD#VAX Malware Campaign Deploys AsyncRAT via IPFS-Hosted VHD Phishing Files
• eScan Antivirus Update Servers Compromised to Deliver Multi-Stage Malware
• Threat Actors Abuse Microsoft & Google Platforms to Attack Enterprise Users
• Authentication Downgrade Attacks: Deep Dive into MFA Bypass
• Breaches, Leaks, and Ransomware
• Payments platform BridgePay confirms ransomware attack behind outage
• How to protect personal information, as data breaches hit a new high
• Senator presses AI toy company Bondu after kids’ chat data was exposed
• Researcher reveals evidence of private Instagram profiles leaking photos
• AT&T breach data resurfaces with new risks for customers
• 149 million passwords exposed in database found by Jeremiah Fowler
• Massive Chinese data breach allegedly spills 8.7 billion records
• Data breach at govtech giant Conduent balloons, affecting millions more Americans
• Energy infrastructure cyberattacks are suddenly in fashion
• Thousands more learn their health info stolen from TriZetto
• Exposed MongoDB instances still targeted in data extortion attacks
• Iron Mountain: Data breach mostly limited to marketing materials
• 8-Minute Access: AI Accelerates Breach of AWS Environment
• AI agents can’t pull off fully autonomous cyberattacks – yet
• Hackers publish personal information stolen during Harvard, UPenn data breaches
• Interlock Ransomware Actors New Tool Exploiting Gaming Anti-Cheat Driver 0-Day to Disable EDR and AV
• EDR killer tool uses signed kernel driver from forensic software
• Italian university La Sapienza goes offline after cyberattack
• Spain’s Ministry of Science shuts down systems after breach claims
• Romanian oil pipeline operator Conpet discloses cyberattack
• Flickr discloses potential data breach exposing users’ names, emails
• Everest Ransomware Claims 90GB Data Theft Involving Legacy Polycom Systems
• Big Breach or Smooth Sailing? Mexican Govt Faces Leak Allegations 

Other News Events of Note and Interest

• Cool Tool: LibreOffice’s first big update for 2026 has arrived
• Inside Nvidia’s 10-year effort to make the Shield TV the most updated Android device ever
• Azure outages ripple across multiple dependent services
• Your Amazon Echo Is Sharing Your Internet With Neighbors
• Researchers Warn: WiFi Could Become an Invisible Mass Surveillance System
• Google court filings suggest ChromeOS has an expiration date
• French headquarters of Elon Musk’s X raided by Paris cybercrime unit
• France might seek restrictions on VPN use in campaign to keep minors off social media
• Spain to Ban Under-16s on Social Media as the World Goes All in on Age Verification
• AI, LLM’s, and Skynet
• The AI That Called Its Human
• AI bot traffic closing in on human web visits, study finds
• ElevenLabs CEO: Voice is the next interface for AI
• Anthropic’s launch of AI legal tool hits shares in European data companies
• Anthropic debuts new model with hopes to corner the market beyond coding
• OpenClaw Integrates VirusTotal Scanning to Detect Malicious ClawHub Skills
• Firefox is adding a switch to turn AI features off
• Alexa Plus is now available to everyone in the US
• Google’s Gemini app has surpassed 750M monthly active users
• Google will make it easier to import conversations to Gemini
• Gemini ‘screen automation’ will place orders, book rides on Android
• Cybersecurity can be America’s secret weapon in the AI race
• AI Agent Identity Management: A New Security Control Plane for CISOs
• Agents in OneDrive Now Generally Available: Your AI Assistant Built with Your Own Content
• Microsoft’s Pivotal AI Product Is Running Into Big Problems
• Microsoft Develops Scanner to Detect Backdoors in Open-Weight Large Language Models
• Microsoft
• Microsoft confirms wider release of Windows 11’s revamped Start menu, explains why it “redesigned” the Start again
• NVIDIA blames Windows update for PC gaming issues
• Microsoft account sign-in helper
• Microsoft has a solid reason for you to install the latest Windows 11 update
• Microsoft: January update shutdown bug affects more Windows PCs
• Microsoft fixes bug causing password sign-in option to disappear
• Microsoft sends TLS 1.0 and 1.1 to the cloud retirement home
• Microsoft disables NTLM in Windows
• Microsoft does something useful, adds Sysmon to Windows
• Windows 11 ends legacy printer drivers in 2026