Four Seconds to Botnet - Analyzing a Self-Propagating SSH Worm with Cryptographically Signed C2 [Guest Diary]
https://isc.sans.edu/diary/Four%20Seconds%20to%20Botnet%20-%20Analyzing%20a%20Self%20Propagating%20SSH%20Worm%20with%20Cryptographically%20Signed%20C2%20%5BGuest%20Diary%5D/32708
OpenSSH Update on MacOS
https://www.openssh.org/releasenotes.html
Employee Monitoring and SimpleHelp Software Abused in Ransomware Operations
https://www.huntress.com/blog/employee-monitoring-simplehelp-abused-in-ransomware-operations

WSL in the Malware Ecosystem https://isc.sans.edu/diary/32704
Apple Patches Everything: February 2026
https://isc.sans.edu/diary/Apple%20Patches%20Everything%3A%20February%202026/32706
Adobe Updates
https://helpx.adobe.com/security/security-bulletin.html

Microsoft Patch Tuesday - February 2026
https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20-%20February%202026/32700
Refreshing the root of trust
https://blogs.windows.com/windowsexperience/2026/02/10/refreshing-the-root-of-trust-industry-collaboration-on-secure-boot-certificate-updates/
Fake 7-Zip downloads are turning home PCs into proxy nodes
https://www.malwarebytes.com/blog/threat-intel/2026/02/fake-7-zip-downloads-are-turning-home-pcs-into-proxy-nodes
FortiNet Vulnerabilities
https://fortiguard.fortinet.com/psirt/FG-IR-25-093 https://fortiguard.fortinet.com/psirt/FG-IR-25-1052

Quick Howto: Extract URLs from RTF files
https://isc.sans.edu/diary/Quick%20Howto%3A%20Extract%20URLs%20from%20RTF%20files/32692
German Agencies Warn of Signal Phishing Targeting Politicians, Military, Journalists
German: https://thehackernews.com/2026/02/german-agencies-warn-of-signal-phishing.html English: https://www.verfassungsschutz.de/SharedDocs/publikationen/DE/praevention_wirtschafts-und_wissenschaftsschutz/2026-02-06-gemeinsame-warnmitteilung-phishing.pdf?__blob=publicationFile&v=3
Someone Knows Bash Far Too Well, And We Love It - Pre-Auth RCEs
https://labs.watchtowr.com/someone-knows-bash-far-too-well-and-we-love-it-ivanti-epmm-pre-auth-rces-cve-2026-1281-cve-2026-1340/
Pre-Auth RCE in BeyondTrust Remote Support & PRA CVE-2026-1731
https://www.hacktron.ai/blog/cve-2026-1731-beyondtrust-remote-support-rce
https://www.beyondtrust.com/trust-center/security-advisories/bt26-02
Fortinet FortiClientEMS SQLi in the administrative interface
https://fortiguard.fortinet.com/psirt/FG-IR-25-1142

Microsoft Patches Four Azure Vulnerabilities (three critical)
https://msrc.microsoft.com/update-guide/vulnerability
Evaluating and mitigating the growing risk of LLM-discovered 0-days
https://red.anthropic.com/2026/zero-days/
Gitlab AI Gateway Vulnerability CVE-2026-1868
https://about.gitlab.com/releases/2026/02/06/patch-release-gitlab-ai-gateway-18-8-1-released/

Broken Phishing URLs
https://isc.sans.edu/diary/Broken+Phishing+URLs/32686/
n8n command injection vulnerability
https://github.com/n8n-io/n8n/security/advisories/GHSA-6cqr-8cfr-67f8
Android February Update
https://source.android.com/docs/security/bulletin/pixel/2026/2026-02-01?hl=en
Watchguard Firebox LDAP Injection
https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00001

Malicious Script Delivering More Maliciousness
https://isc.sans.edu/diary/Malicious+Script+Delivering+More+Maliciousness/32682
Synectix LAN 232 TRIO Unauthenticated Web Admin CVE-2026-1633
https://www.cisa.gov/news-events/ics-advisories/icsa-26-034-04
Google Chrome Patches
https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop.html
LookOut: Discovering RCE and Internal Access on Looker (Google Cloud & On-Prem)
https://www.tenable.com/blog/google-looker-vulnerabilities-rce-internal-access-lookout

Detecting and Monitoring OpenClaw (clawdbot, moltbot)
https://isc.sans.edu/diary.html/Detecting+and+Monitoring+OpenClaw+%28clawdbot%2C+moltbot%29/32678/#comment
Synology telnetd Patch
https://www.synology.com/en-us/releaseNote/DSM
GlassWorm Loader Hits Open VSX via Developer Account Compromise
https://socket.dev/blog/glassworm-loader-hits-open-vsx-via-suspected-developer-account-compromise

Scanning for exposed Anthropic Models https://isc.sans.edu/diary/Scanning%20for%20exposed%20Anthropic%20Models/32674
Notepad++ Hijacked by State-Sponsored Hackers https://www.rapid7.com/blog/post/tr-chrysalis-backdoor-dive-into-lotus-blossoms-toolkit/
https://notepad-plus-plus.org/news/hijacked-incident-info-update/
Insecure Websockets in OpenClaw
https://zeropath.com/blog/openclaw-clawdbot-credential-theft-vulnerability
Malicious OpenClaw Skills
https://www.koi.ai/blog/clawhavoc-341-malicious-clawedbot-skills-found-by-the-bot-they-were-targeting
Exposed OpenClaw Instances
https://censys.com/blog/openclaw-in-the-wild-mapping-the-public-exposure-of-a-viral-ai-assistant

Google Presentation Abuse
https://isc.sans.edu/diary/Google+Presentations+Abused+for+Phishing/32668/
Security Advisory Ivanti Endpoint Manager Mobile (EPMM) (CVE-2026-1281 & CVE-2026-1340)
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-CVE-2026-1281-CVE-2026-1340?language=en_US
Microsoft NTLM Strategy
https://techcommunity.microsoft.com/blog/windows-itpro-blog/advancing-windows-security-disabling-ntlm-by-default/4489526

No Place Like Home Network: Disrupting the World's Largest Residential Proxy Network
Google dismantled the IPIDEA network that used residential proxies to route malicious traffic.
https://cloud.google.com/blog/topics/threat-intelligence/disrupting-largest-residential-proxy-network
Fake Clawdbot VS Code Extension Installs ScreenConnect RAT
The news about Clawdbot (now Moltbot) is used to distribute malware, in particular malicious VS Code extensions.
https://www.aikido.dev/blog/fake-clawdbot-vscode-extension-malware
Threat Bulletin: Critical eScan Supply Chain Compromise
Anti-virus vendor eScan was compromised, and its update servers were used to install malware on some customer systems.
https://www.morphisec.com/blog/critical-escan-threat-bulletin/