CybersecurityEnterprise NetworkingGovernment
Create an account or login for free to unlock our expert analysis and key takeaways for this development.
By continuing, you agree to receive marketing communications and our weekly newsletter. You can opt-out at any time.
Microsoft released fixes for CVE-2026-21509 after detecting active exploitation that undermines Office protections; mitigations and patches cover major supported Office builds and CISA has flagged the flaw for immediate remediation. The vulnerability appears to be leveraged in focused operations requiring user interaction and complex exploit chains, elevating the priority for high-value targets to deploy updates quickly.
A critical unauthenticated remote-code execution bug (CVE-2026-1731) in BeyondTrust Remote Support and Privileged Remote Access was probed and targeted within 24 hours of a public proof-of-concept, exposing thousands of internet-facing instances. Organizations should treat exposed BeyondTrust deployments as emergency patching and containment priorities, applying access restrictions, WAF/ACL rules, and focused threat-hunting while verifying remediation.
A fast-exploited Fortinet flaw and an agentic-AI vulnerability in ServiceNow forced urgent remediation, while telecoms, a university, and a logistics provider faced data and security crises that drew enforcement and public scrutiny. National agencies issued OT and zero-trust guidance and investors poured $136M into defense-focused software, highlighting shifting incentives toward resilience and regulatory accountability.
A critical unauthenticated remote code execution bug in SolarWinds Web Help Desk (WHD) rooted in AjaxProxy deserialization is being exploited in the wild and was added to CISA’s Known Exploited Vulnerabilities list, triggering compressed federal remediation deadlines. The listing arrived alongside other high-priority KEV additions this patch cycle, reinforcing that administrative consoles and legacy proxy components are high-risk and require immediate patching and network controls.
A China-linked espionage cluster abused a hardcoded-credential flaw in Dell RecoverPoint for Virtual Machines to escalate privileges, move laterally, and deploy bespoke malware; Dell released patch 6.0.3.1 HF1 and vendors published IoCs and behavioral indicators. The incident underscores a broader trend of rapid weaponization of management and recovery tooling, forcing organisations to pair urgent patching with compensating network controls and extended telemetry into virtualization stacks.
Researchers from ETH Zurich and USI Lugano demonstrate that a fully compromised password-manager server can be manipulated to exfiltrate or alter user vaults when recovery, sharing, or legacy-support features are enabled. The paper details 25 practical exploits against Bitwarden, LastPass, and Dashlane that include public‑key substitution, padding‑oracle decryption, and iteration‑count downgrades.
CISA added five actively exploited vulnerabilities to its Known Exploited Vulnerabilities list, including two Linux issues and a Microsoft Office zero-day; agencies must remediate by Feb. 16, 2026 for the Office bug while operators should urgently inventory exposed Telnet services and apply available fixes or mitigations. Rapid in-the-wild activity—dozens of probes against a high-severity GNU Inetutils telnet authentication bypass—heightens the urgency for immediate patching, network controls, and telemetry-based detection.
CISA has issued a binding directive requiring federal civilian agencies to identify, upgrade and remove internet-exposed edge devices that no longer receive vendor security updates, citing active exploitation by advanced threat actors. Agencies have staged deadlines — three months to inventory, 12 months to start removals and 18 months to finish decommissioning — with continuous monitoring required thereafter.