Security Patches, Breaches, and Windows TCO

posted by Roy Schestowitz on Feb 11, 2026

• Security Week ☛ New ‘SSHStalker’ GNU/Linux Botnet Uses Old Techniques

  Estimated to have infected 7,000 systems, the botnet uses a mass-compromise pipeline, deploying various scanners and malware.

• SSHStalker botnet hijacks 7,000 Linux systems using IRC and SSH

  A previously undocumented Linux botnet operation called SSHStalker was discovered targeting nearly 7,000 systems in attacks that blend 2009-era Internet Relay Chat (IRC) with modern mass-compromise automation.

  In a Feb. 9 blog post, Flare’s research team said the targets were geographically dispersed across the United States, Europe, and Asia-Pacific, adding that their scan results were heavily dominated by leading cloud providers, including Oracle Cloud infrastructure.

• Announcing Istio 1.27.6

  This release contains bug fixes to improve robustness. This release note describes what’s different between Istio 1.27.5 and 1.27.6.

• Federal News Network ☛ Wyden pledges to keep hold on nominee to lead CISA

  Wyden said he will continue to object to Sean Plankey’s nomination until CISA releases a 2022 report on security flaws in the U.S. telecommunications system.

• Security Week ☛ Patch Tuesday: Adobe Fixes 44 Vulnerabilities in Creative Apps

  The company has fixed several critical vulnerabilities that can be exploited for arbitrary code execution.

• Security Week ☛ RATs in the Machine: Inside a Pakistan-Linked Three-Pronged Cyber Assault on India

  Transparent Tribe (APT36) is targeting Indian defense and government sectors with GETA, ARES, and Desk RATs in a new wave of economic cyber espionage.

• OpenSSF (Linux Foundation) ☛ Have a Security Lesson Worth Sharing? Submit a Talk at OpenSSF Community Day North America

  OpenSSF Community Day North America is happening this year in Minneapolis, and the Call for Proposals (CFP) is open through February 15.

• Security Week ☛ New ‘ZeroDayRAT’ Spyware Kit Enables Total Compromise of iOS, Android Devices

  Available via Telegram, researchers warn ZeroDayRAT is a ‘complete mobile compromise toolkit’ comparable to kits normally requiring nation-state resources to develop.

• Security Week ☛ SAP Patches Critical CRM, S/4HANA, NetWeaver Vulnerabilities

  SAP has released 26 new and one updated security notes on February 2026 security patch day.

• LWN ☛ Security updates for Tuesday

  Security updates have been issued by AlmaLinux (fence-agents, firefox, fontforge, freerdp, kernel-rt, keylime, libsoup, libsoup3, nodejs22, nodejs24, opentelemetry-collector, osbuild-composer, python3.12-wheel, qemu-kvm, resource-agents, thunderbird, and util-linux), Debian (kernel, rlottie, shaarli, and usbmuxd), Fedora (asciinema, atuin, bustle, cef, envision, glycin, greetd, helix, java-21-openjdk, java-25-openjdk, java-latest-openjdk, keylime-agent-rust, maturin, mirrorlist-server, ntpd-rs, python3.6, rust-add-determinism, rust-afterburn, rust-ambient-id, rust-app-store-connect, rust-bat, rust-below, rust-btrd, rust-busd, rust-bytes, rust-cargo-c, rust-cargo-deny, rust-coreos-installer, rust-crypto-auditing-agent, rust-crypto-auditing-client, rust-crypto-auditing-event-broker, rust-crypto-auditing-log-parser, rust-dua-cli, rust-eif_build, rust-git-delta, rust-git-interactive-rebase-tool, rust-git2, rust-gst-plugin-dav1d, rust-gst-plugin-reqwest, rust-heatseeker, rust-ingredients, rust-jsonwebtoken, rust-lsd, rust-monitord, rust-monitord-exporter, rust-muvm, rust-nu, rust-num-conv, rust-onefetch, rust-oo7-cli, rust-pleaser, rust-pore, rust-pretty-git-prompt, rust-procs, rust-rbspy, rust-rbw, rust-rd-agent, rust-rd-hashd, rust-redlib, rust-resctl-bench, rust-resctl-demo, rust-routinator, rust-sccache, rust-scx_layered, rust-scx_rustland, rust-scx_rusty, rust-sequoia-chameleon-gnupg, rust-sequoia-keystore-server, rust-sequoia-octopus-librnp, rust-sequoia-sq, rust-sevctl, rust-shadow-rs, rust-sigul-pesign-bridge, rust-snpguest, rust-speakersafetyd, rust-tealdeer, rust-time, rust-time-core, rust-time-macros, rust-tokei, rust-weezl, rust-wiremix, rust-ybaas, rustup, sad, tbtools, tuigreet, and uv), Mageia (fontforge and nginx), Oracle (firefox, fontforge, freerdp, kernel, keylime, libsoup, python, thunderbird, and uek-kernel), SUSE (abseil-cpp and kernel), and Ubuntu (freerdp2 and libsoup3).

• LinuxInsider ☛ How to Secure Cloud Storage on Linux With VeraCrypt

  For most Internet users, gone are the days when you backed up files to an external drive or home server. Instead, most of us rely on cloud storage to secure sensitive files, like banking information, password databases, and family photos.

  While major services like Dropbox and Google Drive claim to encrypt your data on the server side, these companies hold the encryption keys. They can’t guarantee that your files will remain secure in the event of a platform breach.

  This risk is not merely theoretical. For instance, in April 2024, the Dropbox Sign service was breached, exposing customers’ private information. In this case, the contents of client files seemingly weren’t exposed.

• Windows TCO / Windows Bot Nets

  • Krebs On Security ☛ Patch Tuesday, February 2026 Edition

    Microsoft today released updates to fix more than 50 security holes in its backdoored Windows operating systems and other software, including patches for a whopping six "zero-day" vulnerabilities that attackers are already exploiting in the wild.

  • Scoop News Group ☛ Microsoft Patch Tuesday matches last year’s zero-day high with six actively exploited vulnerabilities

    Microsoft said three of the exploited vulnerabilities were publicly known, suggesting attackers already had details about the defects prior to Tuesday’s release.

  • Security Week ☛ 6 Actively Exploited Zero-Days Patched by Abusive Monopolist Microsoft With February 2026 Updates

    Microsoft’s Patch Tuesday updates fix roughly 60 vulnerabilities found in the company’s products.

  • SANS ☛ Microsoft Patch Tuesday - February 2026, (Tue, Feb 10th)

    Today's patch Tuesday addresses 59 different vulnerabilities (plus two Chromium vulnerabilities affecting Abusive Monopolist Microsoft Edge). While this is a lower-than-normal number, this includes six vulnerabilities that are already exploited. Three vulnerabilities have already been exploited and made public.

  • Tom's Hardware ☛ Microsoft is refreshing Secure Boot certificates to plug security holes before they happen — if you bought a PC last year, you should be set [Ed: Because this thing is more like a back door than real security]

    Microsoft is refreshing Secure Boot certificates for backdoored Windows PCs. If you bought one in the past year, you should be set, but others should be sure to keep up with backdoored Windows 11 updates.