news
Security Leftovers
-
Security Week ☛ European Commission Investigating Cyberattack
The signs of a cyberattack were identified on systems EU's main executive body uses for mobile device management.
-
Scoop News Group ☛ Fallout from latest Ivanti zero-days spreads to nearly 100 victims
Shadowserver scans have identified 86 compromised instances, and researchers warn multiple threat groups are involved.
-
LWN ☛ Security updates for Monday
Security updates have been issued by AlmaLinux (fontforge, kernel, and osbuild-composer), Debian (debian-security-support, sudo, wireshark, xrdp, and zabbix), Fedora (bind, bind-dyndb-ldap, chromium, k9s, libgit2, mingw-glib2, node-exporter, open-vm-tools, plantuml, xorgxrdp, and xrdp), Oracle (fence-agents, image-builder, kernel, libsoup3, and osbuild-composer), Red Hat (image-builder and osbuild-composer), Slackware (openssl and p11), SUSE (chromium, cockpit-354, cockpit-machines, cockpit-machines-346, cockpit-packages, cockpit-podman, cockpit-subscriptions, govulncheck-vulndb, kubernetes-old, libsnmp45-32bit, libxml2, localsearch, micropython, opencloud-server, python-django, python-djangorestframework, python-maturin, python311-Django, python311-wheel, python315, sqlite3, and xrdp), and Ubuntu (linux-fips, linux-aws-fips, linux-gcp-fips and python-pip).
-
Unicorn Media ☛ Sudo, Heartbleed, and the Lessons We Still Haven’t Learned
We fixed Heartbleed. We didn’t fix the open source funding problem that still asks the people securing our infrastructure to volunteer while we overpay commodity app builders.
-
SANS ☛ Quick Howto: Extract URLs from RTF files, (Mon, Feb 9th)
Malicious RTF (Rich Text Format) documents are back in the news with the exploitation of CVE-2026-21509 by APT28.
-
Security Week ☛ New Paper and Tool Help Security Teams Move Beyond Blind Reliance on CISA’s KEV Catalog
The KEV list is useful but largely misunderstood. KEVology explains what it is, and how best to use it.
-
Security Week ☛ SmarterTools Hit by Ransomware via Vulnerability in Its Own Product
SmarterTools says customers were impacted after hackers compromised a data center used for quality control testing.
-
Security Week ☛ Recent SolarWinds Flaws Potentially Exploited as Zero-Days
Vulnerable SolarWinds Web Help Desk instances were exploited in December 2025 for initial access.
-
Security Week ☛ Ransomware Groups May Pivot Back to Encryption as Data Theft Tactics Falter
As only data exfiltration for extortion no longer delivers ROI, ransomware gangs may increasingly encrypting data for additional leverage.